Analysis Overview
SHA256
dd417e984e45e8e1748cf92f1a1a6c344136fd295b2f9b0542a55c280fa34a1f
Threat Level: No (potentially) malicious behavior was detected
The file a4dd159ac0309758a27128d46a93eec3_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Modifies Internet Explorer Phishing Filter
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 09:32
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 09:32
Reported
2024-06-13 09:35
Platform
win7-20240221-en
Max time kernel
143s
Max time network
143s
Command Line
Signatures
Modifies Internet Explorer Phishing Filter
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PhishingFilter | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PhishingFilter\ClientSupported_MigrationTime = c08a05a674bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003c99c465a2a74e4a93294e135620db41000000000200000000001066000000010000200000003befea2b9c1b99f842c6389cb3dbeb4607b67373f5f0e129f8381237936fd3e4000000000e8000000002000020000000acbbb01f0459753d551e420f98c805c4abd1f72cf7e570ac5988d1974e6706f690000000931ebaec4788ad310ff51adc5a5f4d234a126b4627ba6077f4535f2f2cce1c1d8ccb5e2c2d4c5e754851763d39bfa5a965c20f781aa0b5dd16b3c09633fc26f10eb6658066449d97d138c523893f97cf8a7b66ae1feb4caf34d7c36706d1f532ca364a0f9cd864f3ae05383a6cba86c93bfe16fe9932d441c1390ff3ef865b239797dd571217971893b385150fe3e46040000000b02d39865d560ad2606b0a6181ae86ec92dd3c1e05f1a8a908c58b48857694cef65a4991033aca228e2bce96b83685006e58f8122ab47b0a9188459b0709fb3c | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E17C9801-2967-11EF-A965-CAFA5A0A62FD} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30b5feb774bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424433030" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003c99c465a2a74e4a93294e135620db410000000002000000000010660000000100002000000083a0bdea74637228611a3c60914367444bb49e123ab4e6573c6130beca250403000000000e80000000020000200000009c9c3521c89ec0512f25e19779daff3a581c6302f5fe95723e072b48007a1dfe20000000cf0baf74cd9e7d04ae697533f6a3d502c06e93fa2ee507414a67765dfb766d724000000021af771dedd0a00123980167b5342b42c5df364787b23ef9962c4383364b374513b3c31458a7e7284c622f5ed07cf25df055d0fdf5b84a1c45640f739979c86a | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2868 wrote to memory of 2096 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2868 wrote to memory of 2096 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2868 wrote to memory of 2096 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2868 wrote to memory of 2096 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4dd159ac0309758a27128d46a93eec3_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2868 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | static.mackeeper.com | udp |
| US | 8.8.8.8:53 | loadus.exelator.com | udp |
| FR | 18.164.52.22:80 | static.mackeeper.com | tcp |
| FR | 18.164.52.22:80 | static.mackeeper.com | tcp |
| FR | 18.164.52.22:80 | static.mackeeper.com | tcp |
| FR | 18.164.52.22:80 | static.mackeeper.com | tcp |
| FR | 18.164.52.22:80 | static.mackeeper.com | tcp |
| FR | 18.164.52.22:80 | static.mackeeper.com | tcp |
| IE | 34.254.143.3:80 | loadus.exelator.com | tcp |
| IE | 34.254.143.3:80 | loadus.exelator.com | tcp |
| IE | 34.254.143.3:443 | loadus.exelator.com | tcp |
| US | 8.8.8.8:53 | mackeeperapp.mackeeper.com | udp |
| US | 54.174.11.255:443 | mackeeperapp.mackeeper.com | tcp |
| US | 54.174.11.255:443 | mackeeperapp.mackeeper.com | tcp |
| US | 54.174.11.255:443 | mackeeperapp.mackeeper.com | tcp |
| US | 54.174.11.255:443 | mackeeperapp.mackeeper.com | tcp |
| US | 54.174.11.255:443 | mackeeperapp.mackeeper.com | tcp |
| US | 54.174.11.255:443 | mackeeperapp.mackeeper.com | tcp |
| US | 54.174.11.255:443 | mackeeperapp.mackeeper.com | tcp |
| US | 54.174.11.255:443 | mackeeperapp.mackeeper.com | tcp |
| US | 54.174.11.255:443 | mackeeperapp.mackeeper.com | tcp |
| US | 54.174.11.255:443 | mackeeperapp.mackeeper.com | tcp |
| US | 8.8.8.8:53 | ocsp.r2m03.amazontrust.com | udp |
| US | 8.8.8.8:53 | ocsp.r2m03.amazontrust.com | udp |
| US | 8.8.8.8:53 | ocsp.r2m03.amazontrust.com | udp |
| US | 8.8.8.8:53 | ocsp.r2m03.amazontrust.com | udp |
| US | 8.8.8.8:53 | ocsp.r2m03.amazontrust.com | udp |
| US | 8.8.8.8:53 | ocsp.r2m03.amazontrust.com | udp |
| US | 8.8.8.8:53 | ocsp.r2m03.amazontrust.com | udp |
| US | 8.8.8.8:53 | ocsp.r2m03.amazontrust.com | udp |
| US | 8.8.8.8:53 | ocsp.r2m03.amazontrust.com | udp |
| US | 8.8.8.8:53 | ocsp.r2m03.amazontrust.com | udp |
| FR | 13.249.8.192:80 | ocsp.r2m03.amazontrust.com | tcp |
| FR | 13.249.8.192:80 | ocsp.r2m03.amazontrust.com | tcp |
| FR | 13.249.8.192:80 | ocsp.r2m03.amazontrust.com | tcp |
| IE | 34.254.143.3:443 | loadus.exelator.com | tcp |
| US | 54.174.11.255:443 | mackeeperapp.mackeeper.com | tcp |
| US | 54.174.11.255:443 | mackeeperapp.mackeeper.com | tcp |
| FR | 13.249.8.192:80 | ocsp.r2m03.amazontrust.com | tcp |
| FR | 13.249.8.192:80 | ocsp.r2m03.amazontrust.com | tcp |
| FR | 13.249.8.192:80 | ocsp.r2m03.amazontrust.com | tcp |
| FR | 13.249.8.192:80 | ocsp.r2m03.amazontrust.com | tcp |
| FR | 13.249.8.192:80 | ocsp.r2m03.amazontrust.com | tcp |
| FR | 13.249.8.192:80 | ocsp.r2m03.amazontrust.com | tcp |
| FR | 13.249.8.192:80 | ocsp.r2m03.amazontrust.com | tcp |
| US | 8.8.8.8:53 | assets.kromtech.net | udp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| US | 8.8.8.8:53 | event.mackeeper.com | udp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| US | 3.165.113.3:443 | event.mackeeper.com | tcp |
| US | 3.165.113.3:443 | event.mackeeper.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5OCCPTL4\loclist[1].htm
| MD5 | 4aa7a432bb447f094408f1bd6229c605 |
| SHA1 | 1965c4952cc8c082a6307ed67061a57aab6632fa |
| SHA256 | 34ccdc351dc93dbf30a8630521968421091e3ed19c31a16e32c2eabb55c6a73a |
| SHA512 | 497ba6d8ec6bf2267fe6133a432f0e9ab12b982c06bb23e3de6e5a94d036509d2556ba822e3989d8cd7e240d9bae8096fc5be8a948e3e29fe29cab1fea1fe31c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar1B83.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4068067898b73a5a7f35903baaf86f25 |
| SHA1 | 5e09ab6b21ed2defc268a78716dcce1115f044af |
| SHA256 | e31698f4f9a127abd1a546c7bbefafa1cc577ef5aa9e5181f210452990f9c8b9 |
| SHA512 | ee02dc70cd7f916387e44ea08806d402b9803b2fcef0e974fa9a23e94d537a5ac7eaf4961ffb31012b1562d0d34a684f5f31034f0cfdfa3f5f5f50e4d48bd313 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
| MD5 | 55540a230bdab55187a841cfe1aa1545 |
| SHA1 | 363e4734f757bdeb89868efe94907774a327695e |
| SHA256 | d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb |
| SHA512 | c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8e307544219066dd63bb9f5c2765d573 |
| SHA1 | c336421582bbef8808b8a7aea74ef3faa831eac5 |
| SHA256 | af436d1025966f6789439b47b05b0ba9e9bf65045b7b8bf25868c4a068afa31f |
| SHA512 | 6fa40bf618d9ef9773ec1eb7a9035a1b52b912c51f5a008f99629540a3c18d59673188e2e06057c6ed35e0203ac597312c6c3f57b52eb8f41fe2d158f761a44b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6db03cf90bcc42bed5bd32192d158f9c |
| SHA1 | e00f9d1218490f452b200a8d81a4a5cb2e8ff6c1 |
| SHA256 | b6e55abc6c64bb02348f316f0feb71e3b8d6c91dbc89e69c2aeffa3321b9fe13 |
| SHA512 | 99f94a5f1865a53e29e36797efff15f538b026d9e4bd6106d92978d4c4205337df203afca293c34ee7592424bd91a9c33268f93fe21f6cb22ab35abdf7ba20d5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
| MD5 | e7474eb7f4648106ab9f21fe1ef8f1a8 |
| SHA1 | b1c1ccff21b81ae7035f231c37a9e5744ee179bc |
| SHA256 | 97a4efb32daa32d0f90b9ed69185bbf51c8fbcd707c54e70a1586b1bec50c7c6 |
| SHA512 | f75af56f2fd344966fc443dbf93289b38e4693e12ebd7c9b33d580cd84753e7741def70eb3518b7a9dc776fbed50fac810f5215a1d0ff0b47de9cbb8dc5bdc6e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cef52806048dd85769cf6a9a377cda02 |
| SHA1 | c3a71d85aa86afb6adfa52765da4db62ec7fa6d7 |
| SHA256 | 982ed4c57390bf7f70f46c0ad03695be51868aa8bc74f75307ea912704122201 |
| SHA512 | f158657d47df490665e35aee7206b693655a32067fcb7d4e7f775b99b59350a39c3274e1d87e9aee8c317c606ed36eed9249eb2d4bdf676ef429bae9ac5be45f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2b74e4618ab62725c0dd06f103df6ad6 |
| SHA1 | 25ef8cea707bb40391be59a5d986ab6952c3a69d |
| SHA256 | be4c0acc55357039021b027ffc05d72b571a15f37a7ffe911b7a16e70b907ea9 |
| SHA512 | 2ec48d4cedfeec938b3da3a9c58a28656c5bfe4eaee8619b9892b839e94a0f52491dc314fc0a940bc709587e0838c0407d741fa7d639fbb0ec6c0e2a280f7eb4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b231e6ffc6bdf2110bc6fb12ba951f6b |
| SHA1 | 4022686545eca2a544056a38031189bf36437a29 |
| SHA256 | 99877da106f130ef29cf4e3d6db7be8a966bfd184ea0fe403af3290d079ec3a9 |
| SHA512 | 1e113ca0d304004f2aa8ffdb4ef15cea58fffc18f17d73f588fa1806e7fbccf91fcd51efdd42455d950fd7e4699fb3841ef1f7715e40cdaeb21b89d22ed07e6c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8fb9cd671fbb63acf43467f4437dda11 |
| SHA1 | bd5f3952ec620705912c16dc8896578533af755b |
| SHA256 | 8eef027df47e875ee86fc5376b5e84d7110a05e42179d85a70f313b68a5967af |
| SHA512 | e845822ecb4963d4fe66371e3dc6c0200d94b09aaaeb7b68d9535e5987e418fce8a79227b8b29a93351deafc6937a954a28996371340fcc4ccbd6fbbaaad88dc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62
| MD5 | d83d6487dcad0b0879703505cc5b57f1 |
| SHA1 | 6fb675be1ea7a9300d6c5f02b0153aa50448c310 |
| SHA256 | ab88dbd445477b770e6f12485bdfd1afea682157a83ae7b8204d9dbb6f571dfd |
| SHA512 | f61e57927f5024efb5d529f8fe8897596f408e3bb65e70222acee717b7bbaca7e8367e5842407f8b158bd7dff8483e66da5b76b5a47690307edc6bb91abaf52b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894
| MD5 | 4bf453df99f059665f29553d763ac8fc |
| SHA1 | 989a3e73db392459d18659f9e299e14cede92b98 |
| SHA256 | a37b270deaeed090c1f15c343d1c97b1eb22d4dca935d5036771cd922f3813f7 |
| SHA512 | ed4dc981b33d56bb8e325cc284551dd6bd3be0de2e49b1e4ee86b3c4b1a9ec6f8e1b6d8cdde7dbe2a18730bf87c4580b20b6341ac5d3411fb71dbbe7135a3a10 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_645BC4A49DCDC40FE5917FA45C6D4517
| MD5 | 96756214c3748431b85a73d5945f12a4 |
| SHA1 | 74ee6bb5a6b3b06c87d21b9970cba395fb736aea |
| SHA256 | 392f101193bd33ba49c4b2a885144afa55981d2dd953b09d4692cc2982c23e57 |
| SHA512 | 262bc584dc80ba82dcc4480ebe7a6273f6b5a0d966cd1f5de72c74df769db1c188f61ca06604fb019e0a4ffb37af9e9e1a8c5a1fa269b31bb8ab71a559364900 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\83D863F495E7D991917B3ABB3E1EB382_4D506EBD8371D43E19D08592A41A426D
| MD5 | 5fc2cb94a96cd0dfcb5e4d0e4cfdfabd |
| SHA1 | d8b0e6d15349c743320a717548de8b947bd6c504 |
| SHA256 | e3a7b0a871338263878cfde538c2259bbeba54dda73fd19e8eaf4786357d43f2 |
| SHA512 | c00e07d87ac0930a49a402a271d58d3ff90acbfd619caeaff401b4bee4a0f5f3c898528b48e7837d02a629ed6b6166ce6b168f7964c2e79844a3ec4b25559d87 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\83D863F495E7D991917B3ABB3E1EB382_4D506EBD8371D43E19D08592A41A426D
| MD5 | 93e76c529bd4950ec9e6d91b7509e8f7 |
| SHA1 | 402047f76f6e710f813b51fef6419da941060320 |
| SHA256 | 2bd7aa50af6f1252ce1546b0464ddcbdab2b502f017508e7a59b1d0117b9b6b2 |
| SHA512 | e05a341e00497ef98c29f544a0e35d12005ca51bdd2933799f3518b609de1e318c6cb8ce4cbec6de625a26e79a04ce3f0848a02e5c22edb7ad4e48d672b5760d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d48a8e13b933c1eb091f1ca2fdc2c4d1 |
| SHA1 | 20ad397ce36d79ffe66abf8d2c672f33249317d6 |
| SHA256 | bb596e2027db1f2a04107b47e532b01876bf241ff45c444bcdd264d35bf4fc81 |
| SHA512 | 8389156131840636e32899815691771a6dca5b95063decd29fa087fb53ddcff69de27358e651fd7435cc43f4101f5106e4ebf9b4b0a099eb8d1a33c71d824bda |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9697f744212debb12bb8843eb4468a2d |
| SHA1 | 5f2b19c6bd4fa1bf4865166ae31f92b14277bd6e |
| SHA256 | 8cda055f2c6a9512106a5f47ac39f444a38cf3f77019f40f39e5200a7c3fc254 |
| SHA512 | 5b0b98026f144e89a617831c19f7ded2c2218f0c88d20a9f09b318c1ab69651931cb0fe0762887fd4ebb5c8d9e2aafceaad6fc70099265e23326e6bc6a0524d5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 07c61b29471b30839a07146f4d7a5afa |
| SHA1 | 851785730e549bdfeba947740d9bf006647b2cdf |
| SHA256 | 643fe49f55cbe85244c93e671c81e1ca401bdc0e0c44afbda542fad70691a42a |
| SHA512 | 129947ee2a9ba11c516e0a766b81b5605aaeb056230a9b429ae4bd5b1296a998bdfca1856886d83118b522cacc4e3e990fa3fd09ffc2a51613a7b024cd119b8f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a4be1d1864070a5d04b5b7fb7d2819f7 |
| SHA1 | 27fe3a04e5049cbe92c7bdb0a85681dc7e7d3c0b |
| SHA256 | 56f42ef8a815879ea525a33f222f3420fbcc4db2cb85888c6c4a5fc7ebb5817f |
| SHA512 | 8fc2188bb872c3fbda1737d027e902e91b305014c879839027389def27e68ebce769ae75d61f9ce6738c344e5bd2d1a84ba86187690a34ea78687f161d9a3f15 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6b6c2ef579b09920421742e5dbf9155b |
| SHA1 | c791e54f378435db494fa2586ad90ad3c9235321 |
| SHA256 | 3b691836dbe40ef7d45694d47af1588a0d7c688e7ba0227116ea540fc37d2191 |
| SHA512 | 559858566f0c6ccede59adc3c2dfbf638c657d51070d40abf42f3ab2bc3e1ed8b1aa2c44e90329782a48e32bd4fcc652e51901e3a2dc1b61b25b9c349dbf8062 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 08697dd0f5616ebdcb624bd681feacca |
| SHA1 | e436854118b23760f1725fa7b9c4c7cd38dcc5e5 |
| SHA256 | 7f4bf2416a79bcdf830a9b397f77cad1a9f5f91efe09a6e6d7a5e3d3ab52fce5 |
| SHA512 | 11ab01921c07fbeb042582242ca4b3b5c6fb1501f3b7fdd10e835e1769de892da20026445db23307bbf743b4efca1a1a5dcb04231138605c8ef8afbd0ec8dddd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a14578d48cf13c75520afe817eca4cbd |
| SHA1 | ef19c3de7009c5591408f5cfe599ad10294b6ae9 |
| SHA256 | a446108b66cfb676b4733b7dc91faec35cb710b694805d543c96e78c3a4e0568 |
| SHA512 | 55af58d91da3a5b0a12bb1d2534007f0d2c34685688f914050a47d63877ec4db08eab45ff0f0d6094815e34ffc801282aeeef5d36b1b482253809420ebf557d9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a86b2d64602a058e66365398821c5529 |
| SHA1 | b0aa565b23dbec5d28487f887dd1d4bb6c932369 |
| SHA256 | 648b9520250212fa63201e1f759c0f004af6a99eac1586f61f81757f3d508022 |
| SHA512 | 8a24628f5b815c5a90350ea4b44d561f0a1673fe17d7780ab08249bc005b2cf4883a9337785fb4ea4d1b969d59e5f3ae73fce6b5b6b405bdf4aa3999e9e95a13 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 209ba3939ba1e11bcf578cd4cf1ca178 |
| SHA1 | 25bd5f3bfe1954ffe03426f1edbe29bee85448bd |
| SHA256 | d5d956ffd4f593a237bc2cd96896f139f2442a3e2f15ff645118c05b4ab8b888 |
| SHA512 | fa1d3a1820d3240fc4ffd445c15a0b1349d085b747aad839859ac33b2e7a61c28ce44f1cc4deed18c36d8b51cdab2d9bdfbabf863d2eb808e7bc7f0bd307b315 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e51563ae072598add9005a03b9da834d |
| SHA1 | 9e630bf4f23339d5474ce44e69d7dd18eb718e8e |
| SHA256 | e9f0f274732cc2e8cc6b75bb8d6bef930adea0b68ea2cc1253501bc785c9ab1d |
| SHA512 | 8f4e03588fb29d03b3026dd053cc5137015f60f40db906563562d09e092f86fd9bc81ebb887a1417b405f0830f5e82a3c0ee7722aad85e2606cb83488e596e16 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 769dee689e883faae854843e3252b6c8 |
| SHA1 | fc473167bbd3e76dae3ddb45a496869dcdf085d3 |
| SHA256 | c18db385fbd2b852419bc468d1036262db4fd3f35b46470a9e030b11547e57a6 |
| SHA512 | 1cc8d35d4d37b5b107886784c2b64240bc2ed4401b1482aa3ff4c97342b37c93fd921633b6bb18a4c78e39cec971c67461d37a6dd28ddc61b525b812b5bf123e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6f829a43c586c6e9a03a5a5de029218d |
| SHA1 | 75626c79b4cf14eaf0edee3efe1372884ad9cab6 |
| SHA256 | b9fc9868f27132f31bcc88e69373e57a1ad4a0355674c574a13c96352e748836 |
| SHA512 | 64b798a64ca4c3458c1849c304267fddd2536003401cf1a386d8f106f6c5b9891746e95a15df609b384e67206c342a50844958943ca5daf881e0f8dfebcd370e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9015c6c9145f209fe96559e3be816b6f |
| SHA1 | bbfc897103fa6555a9988faaf632be0b8ba71908 |
| SHA256 | baf300ec6175899ee744325d062ddc0230395b367373030dfdfbdae119b68218 |
| SHA512 | 52a66b076dc5e578f31f4d456bc2bfdeea7c580880eec6302d6c65a0cb07140cb21438b00c913b06c2796ec8e256b70af8e10bd0cd1f8f10cf813f12fbb39b37 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5801d80f7e060e351a7e299b7d93c8f9 |
| SHA1 | 1c9f0a52a4afa58857eab5261603d387b0ac106f |
| SHA256 | e1115f7619f6ee161cf2d20132aabd3b283ad3cf56e3e236ea9cf47e0127c017 |
| SHA512 | b9a1246e6cf199dce8eb91bffb671b432ba6ed28a41817e6b9675cccb019572b7105354ee60f5e0f7378ed6b3edb6b93d585a21ba23c721ef35edcb036951b33 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 50a668713c2d80ea30cf59042ed816fa |
| SHA1 | 32be746c5e3bf96236619e06191e6a677eecf8db |
| SHA256 | a02ec1f361a5488a9e426a439b008fb84a05a29d159ba4bfb348194685bd4e24 |
| SHA512 | 25056d9e7e7383ed489ccaa13683520fe9813876bf6e3e2bfbb5cece163fd636e7d9c88a8a8c1ace9683781554cae65ae952f5145ccf3b11311278a5aea22e20 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | be44fb79fe02e02d2d3920cd9d341efb |
| SHA1 | d0185721f088027d4c65c1afc1801498cf13d051 |
| SHA256 | 0bf8d5eeda3969ce142173c133ce025e8b3193a62af26e232bdb1c78acdcbcd7 |
| SHA512 | bd41bdc34a62879855eed1129474bd7d0c31e26ae73752fc8f7930b7b4836c8e78a0c1d1db47915ef5f68a3251a80b5f26dc784ea943bf607219b6fdc5cf4c2e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d50273b42952451e22be1e98b3a1f469 |
| SHA1 | bd4365fd2d30eadc850ccb7e7a8a77ae6ccd203a |
| SHA256 | 3784008e8e46d4b7f79168a957aa28baa30748207d2477e77fee5f5ceedc9c94 |
| SHA512 | a03d902b48c1acb90a5a8c68b6e4c442cf4a8b8c3e8a2a3a081c28857da52d0cf9d81a35780c4f0db5f729af0bf17691edbdf9c08ed3ef1401f9bf8057c30f36 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | eeac88f4adb4e8b4c55231f0b431c066 |
| SHA1 | eaec29b7ba1847192db68dc5d148f4ee6cf6be5d |
| SHA256 | 85293cb6a85016dedfa7ad6261d346a59ce506814dcd26d3cac24609c9cf490b |
| SHA512 | 179f778a5e15e4bf94d1d0a9d824f7dac6f9b028f884b6b7f87e610fddd707deed9c36dea7236bcacf0e770bf46dd958e0038275e48894068260f9aba0116455 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 09:32
Reported
2024-06-13 09:35
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
124s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4dd159ac0309758a27128d46a93eec3_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe40aa46f8,0x7ffe40aa4708,0x7ffe40aa4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,9684674391407922095,12425316287830918157,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,9684674391407922095,12425316287830918157,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,9684674391407922095,12425316287830918157,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9684674391407922095,12425316287830918157,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9684674391407922095,12425316287830918157,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9684674391407922095,12425316287830918157,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4764 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,9684674391407922095,12425316287830918157,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5052 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,9684674391407922095,12425316287830918157,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5052 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9684674391407922095,12425316287830918157,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9684674391407922095,12425316287830918157,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9684674391407922095,12425316287830918157,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4532 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9684674391407922095,12425316287830918157,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4060 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,9684674391407922095,12425316287830918157,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.mackeeper.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | static.mackeeper.com | udp |
| US | 8.8.8.8:53 | static.mackeeper.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 439b5e04ca18c7fb02cf406e6eb24167 |
| SHA1 | e0c5bb6216903934726e3570b7d63295b9d28987 |
| SHA256 | 247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654 |
| SHA512 | d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2 |
\??\pipe\LOCAL\crashpad_3144_UYHGDCDCIPTNLJAR
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a8e767fd33edd97d306efb6905f93252 |
| SHA1 | a6f80ace2b57599f64b0ae3c7381f34e9456f9d3 |
| SHA256 | c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb |
| SHA512 | 07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2756b7048b5a77b08a2d9fa2b9959b60 |
| SHA1 | 5429214bbb126d841de0fc2f1d96298d0be00a72 |
| SHA256 | de3634b46f4a08f70951af133a8cf9a51a3582c34632c74ce4725462678f8f00 |
| SHA512 | 11a1d54de46b69e3f65d37b3a52fa40c96426ba60c0c7cefdc9c71dda493a76f017c2b88f350cd2df4dd2352750cc79c512a8bda1fbdee0d9b8ca6f75b3b161b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 2c0294c4a5731a47ab54afa378f86c01 |
| SHA1 | 5b3f9662e602cf3c558b3e85d2270bf623809243 |
| SHA256 | 7c6120fe6ee423444c2a581fc1564f7ecadf49a295bbfedf7c8b5a69b5d2887c |
| SHA512 | f7a39132b76278b4c57ac95995ecd91abe9d686aa9304a6ebeec8bf353695d391b08950b0fb732e57223748f7e6b6b1b0ce595706a637c7a3d23f20faa26e56c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | eb4327c7f57173200b4a0c357d1682ff |
| SHA1 | 48049e78079d6f9637c8ee1ebbe8e6454909b881 |
| SHA256 | 836f71489897f883f81a51fbe9b2f226886dd1851bd48c6b280ffb053f8c908a |
| SHA512 | 841aa33a862f5d5331497a5022bcf3b94a241b57d0692fbb13c7e51ddb524c6f1ee96dcb2723fdf332f0aabb045e5245b60ba30b2c0ca63cf3c33b9845670023 |