Analysis Overview
SHA256
5997bd3fe751b9db7a418f9750f8255f5386bb7120341289d03e0d268e42cb0d
Threat Level: No (potentially) malicious behavior was detected
The file a4e818d797e45e94759c0b838b16f80c_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 09:43
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 09:43
Reported
2024-06-13 09:46
Platform
win7-20240221-en
Max time kernel
146s
Max time network
147s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002428d316a3765844939f4666ad6fb76100000000020000000000106600000001000020000000670dc11818436570b6ac3a95f396a1e37c8af89b7305897a7d60a059fb3b4d76000000000e80000000020000200000004fe24745fd00b3933b4999e5ad4fe56f4f0b658843410a24a26d21ba488a2ff62000000080968b63eff877f4e97ae68ed22b34785797f579f38a149a4ef1c2b83171962b4000000080b2077700da2488c20d9d83c85135bfc5104b3104633b33416320bdc526d719721f2bdbe9d9c99bf78de8e113451964722274ef5ef5472b756a32d8a1034c73 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{69B6B831-2969-11EF-8356-E61A8C993A67} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0807b3f76bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002428d316a3765844939f4666ad6fb76100000000020000000000106600000001000020000000ea9d1b0535fbdcbbcb8421a85ab08114dd6b7d1933bb80a03390508493a1c772000000000e8000000002000020000000217fe1126e34308b0a62b5d3e8f4e2f5c3b81a0ba38fa002a1c7488cc0af4d379000000004b4eec2ae4d039868f2c22707d9e2689b680c971baeab2f00509539e3100e557f28eae6f93708b22de14fe287a19b015c5ccf0a36e8872e346f07441de65a4b3165c2d459dc80c2f81683e284e79b03724a336aa49dabf35cacac73fca19323d4d5f4c707e8f6f453ed1fa9c8d99e2af60a3ea23ea5168beb03d5bffbde635dbf56e7c46454ae137ed866b07083867840000000544dd4d9da083e499ff3a065f092cf5786645b655dcac94a67aa1244614cf29c8e9bca09f7140fe936d905243e74c0a1e5a52b1fc608a691ed96d034a4752163 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424433687" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2156 wrote to memory of 2556 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2156 wrote to memory of 2556 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2156 wrote to memory of 2556 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2156 wrote to memory of 2556 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4e818d797e45e94759c0b838b16f80c_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2156 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | static.pornochicastv.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | js.juicyads.com | udp |
| US | 8.8.8.8:53 | adspaces.ero-advertising.com | udp |
| US | 8.8.8.8:53 | coinhive.com | udp |
| GB | 142.250.178.10:80 | ajax.googleapis.com | tcp |
| FR | 13.249.9.75:80 | js.juicyads.com | tcp |
| FR | 13.249.9.75:80 | js.juicyads.com | tcp |
| US | 172.67.165.117:443 | coinhive.com | tcp |
| GB | 142.250.178.10:80 | ajax.googleapis.com | tcp |
| US | 172.67.165.117:443 | coinhive.com | tcp |
| NL | 217.22.19.194:80 | adspaces.ero-advertising.com | tcp |
| NL | 217.22.19.194:80 | adspaces.ero-advertising.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | adserver.juicyads.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| NL | 185.94.237.64:80 | adserver.juicyads.com | tcp |
| NL | 185.94.237.64:80 | adserver.juicyads.com | tcp |
| GB | 172.217.16.238:443 | apis.google.com | tcp |
| GB | 172.217.16.238:443 | apis.google.com | tcp |
| GB | 163.70.151.21:80 | connect.facebook.net | tcp |
| GB | 163.70.151.21:80 | connect.facebook.net | tcp |
| NL | 192.229.233.25:80 | platform.twitter.com | tcp |
| NL | 192.229.233.25:80 | platform.twitter.com | tcp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| GB | 172.217.16.238:443 | apis.google.com | tcp |
| GB | 172.217.16.238:443 | apis.google.com | tcp |
| GB | 172.217.16.238:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| GB | 216.58.201.110:80 | developers.google.com | tcp |
| GB | 216.58.201.110:80 | developers.google.com | tcp |
| GB | 216.58.201.110:80 | developers.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | ads.juicyads.me | udp |
| GB | 89.187.167.6:80 | ads.juicyads.me | tcp |
| GB | 89.187.167.6:80 | ads.juicyads.me | tcp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| US | 8.8.8.8:53 | xapi.juicyads.com | udp |
| FR | 52.222.169.25:80 | xapi.juicyads.com | tcp |
| FR | 52.222.169.25:80 | xapi.juicyads.com | tcp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | tcp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | tcp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| FR | 185.60.219.35:443 | www.facebook.com | tcp |
| FR | 185.60.219.35:443 | www.facebook.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab1306.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar1445.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3NPBB818\cb=gapi[1].js
| MD5 | 0fe383a7ddb9bbaefc3105b3297f5583 |
| SHA1 | f80c9d789f251909c7560bd91a9e1b9a10c26362 |
| SHA256 | d7ad4aad4e48174c30ef21fc32c9380659d2c99a5c39680e10ed9752139d8683 |
| SHA512 | 31de1f59377bc76e5d602d02273867ce750bbbccb7edc8f2803c0188002ecae6752ac3ec31c2108e64b0d871b01e6a8a06711969dc68bd9823303def0e7c1ee4 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B1014REI\W8046KUM.htm
| MD5 | 0afbfb64e30f4dd31e2a2a37fb04c748 |
| SHA1 | 776374cfe8fe381db8b978261ae6883dc38ba31f |
| SHA256 | 59dc8cca7cf55610260272eef62826887b869753422c08abccae4572abec1a58 |
| SHA512 | 951c04afd9e88facc99c4db2d3fdbda9347d08e9df4ea2eaa1e68ac59e0f861a285c5bf7f402605067180dc0e49a7e5adf7055c67e7ab3a06d46cf4da211b7d2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c056d9c4118ec11c2ea4c2b23980f379 |
| SHA1 | 22c1f99d43ef91f341b640a0330d8b26d7f646ed |
| SHA256 | a8786997854efcb05f0cd33cd1594b3495c0aa6028866ad51bcd2ad1aa9628dc |
| SHA512 | 30687f8c4041a145ba29ef76449946bd09486aefae54c6076440c5fd60492eb9717b7ffd02adbf10ff5aca40fe74a9771139c8d162f4c04aefb53521e075445f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2834fe51d3cd363a1f79f51b72ec6c64 |
| SHA1 | 8ed9df1b5c1e88d30e1879c896ffd46f4b9dcdca |
| SHA256 | e2a999fc3557f09ecd68078ab7cb005a2ecb7bcc90238f3f08fea4006359044f |
| SHA512 | 38cbd73bddfdec7ef47da5c905b5fd2754e1f8e5aaf5e1883b6866dff8ec7313b6f8be94856585c11821e5810fbc182b21ff4cc716064f716df22b1986ff6f3d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e8ff89a280512846a1b56073f40e4197 |
| SHA1 | 2709d43eb56e1dc0bc4f18632a058a3e310298f4 |
| SHA256 | 1ac50db9c8ee8af7f9ce2c3bb9f3832b94732c9d94e53e8eb435002b6e53183b |
| SHA512 | fe4c259ff227f4a25dbf6febbb2cf4e638a8c5fb7c04f81b703f91945a7d945272bc39f2a3fb0490c2393e4fe2f544171fa777d75978deb18da5817445380b1e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6a1f159f59b61b2166d6d0531482948e |
| SHA1 | b1f6e751f0612be0aac50e86ef8dad13be27de2b |
| SHA256 | 553384e93cabd13d80d886ffed8e43b568c0faaad229adee6d33b9a57e3121b9 |
| SHA512 | d0595c8aa4ca118a36fbaf9f8f562d7f5ef18c894d8f5064dd7d7045526c2f38da4d0c75a121d630d41acf813874c6c67cd4c06dd11e4609b90d821bd9ced50d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8cd35ffe42a5e383ee50e6026ae58fe6 |
| SHA1 | bad5f876e8796a2ac033d3ade3546c2af5c602e1 |
| SHA256 | 7acff5caa508cb6b1f9b0835f9ad6c87824a221c73486ca46a5952b7e6dc9552 |
| SHA512 | 88f2f91974592afcf5c398d16e65e39e0a49a70f8979b186ca8043e9ca77ac38cf54a0d71a82e5014e1473562d204275a8219785b77f4835bf52eaa7fa6118ca |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ab9e07857905d941473c3e745244d902 |
| SHA1 | 22064ff7e86ecf1019bd5b2672f200e07b68c8e4 |
| SHA256 | 4d2d1adaf282d8e4272aac38d6c704386cc4271aa4328e56b2eb681c3a288dcc |
| SHA512 | 3633cbea0702669bec8e216138be7b29a92caedf778275457e541b48516d3fd79d192697260aca6ce1cba04b833dc60b2f0ce9ad9ac935b250aad5e2ef0bf7f8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d395cf7c7fda7fbe8cbb337cf3544b2d |
| SHA1 | 59611a64c9039a12d98755e31e535991ee225ae2 |
| SHA256 | 5d0e837c944c318d7df603758eb397f30aae40f84ff855c25eb5a973366c5743 |
| SHA512 | 2120867bbb6b07a851d1c88c0863889d5b952c672afd476b0bfce8485dfc70da49aba2e32d3ebdac5ab333ac899f7de8a29008a225da6811ca2c8c869e5de13c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 83b536acfcadf52bdc2ddd151b23a43c |
| SHA1 | 3da963bbbe4e6d197e921f565aa47994e708478b |
| SHA256 | 994b1277f10f811d812a85ac5fc3721d3225be0a6b79703998c5ce72abbfde7c |
| SHA512 | 70f23a03b730e35a0c7f2699ad0b718d1f618dd11e011c5a46ef32c06cb6ef17fe7cfba7524c6f80dce8bbb33b4d8217be39b3513f166c5fd4bfebb67447f6e9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4e30e895b947c0c7800c0a0ab42cefa6 |
| SHA1 | 56a99a33fe23d8d913501abe0097cac170867143 |
| SHA256 | eae3d15696976ea57530a9cdec5d60caa81918d98056599e304ff2cf35be9412 |
| SHA512 | dce78de4041e7bf04c9d8fafc6ba3aa7fb4e6a5e039b8d60113ff19c8fb4a3a2aa1a060233f76c6d92f2526592687d337df68d7e8fd7691a6e3053da1e8104a5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0f359e0dfc698e09982a06347529aa41 |
| SHA1 | 5831d54ed860b3d92c3dba4b5b7915cc49f8ab6c |
| SHA256 | 3d55d36d3243379613a607fb6d28084c79a347f6449048ded2363db0474c30a0 |
| SHA512 | 3c3786e9f8fb7fe9694fc8f486aa98896b33681dc15a493bc351804da4d66832c44b13237d9d2218de50585ab8c07b281ecb1e3f07b273759c8c51d373dedc7c |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5OCCPTL4\3604799710-postmessagerelay[1].js
| MD5 | 40aaadf2a7451d276b940cddefb2d0ed |
| SHA1 | b2fc8129a4f5e5a0c8cb631218f40a4230444d9e |
| SHA256 | 4b515a19e688085b55f51f1eda7bc3e51404e8f59b64652e094994baf7be28f2 |
| SHA512 | 6f66544481257ff36cda85da81960a848ebcf86c2eb7bbe685c9b6a0e91bca9fc9879c4844315c90afd9158f1d54398f0f1d650d50204e77692e48b39a038d50 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EDQW9R5V\rpc_shindig_random[1].js
| MD5 | 6a90a8e611705b6e5953757cc549ce8c |
| SHA1 | 3e7416db7afe4cfdf3980daba308df560b4bede6 |
| SHA256 | 51fdd911dc05b1208911b0123aed6b542e9d9f04c94d7504c63d89ca259ef679 |
| SHA512 | 583636571c015af525cddd5b8dc2ac9964aba5a7a9b0acd3908e4aeb4c2ee74cdfaabe49b0aa13d7b142748542426864e91e88e90d7f73bc647f0bfecb0ff7bd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 81f411ce250362f0d4caf01707046922 |
| SHA1 | 7a692fbb25713a6ef00aeb1eb4a2b3e0f378f53f |
| SHA256 | 95a44dccc5ac94d657089199fa0716ed55ffdd1fbd8ba24c72a224b6ef99d7bd |
| SHA512 | 07047a188f1980b7f7d05f0a3add897161964fbc2d35b7cb88618b16acd627824dbbe367d431f37ed56f2241ce7f3afdd47af1d40604e84cbbce0c60957fb38d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7c1d0d560098ed79cf16e1355a6a42e2 |
| SHA1 | 1c94ccc7ac2530901e8b926a2116f7e8f490aea8 |
| SHA256 | 3ff7523a1e0055d96cf98fe18b1b1bbb2862dc7bce4b458b2a94de508212414a |
| SHA512 | 34427834cf0269412a9771be0d41fb0560098d4e9913484623e10dd45d8f0d19f8eb48f89c03479851a51752e148806dab4e000dbab6f5d2debc1043401ef978 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 47606925896540b1152391e2c198859c |
| SHA1 | cdf63503fbd963b32d0fd972f1aa647132424746 |
| SHA256 | efc9c1f9e925508d9bdd374e1c2d1577cd33a090e58c6dae2076915de6471fb9 |
| SHA512 | c5df514e54f22b17b1d723d720d2ed1b44072912fe42f4f3ab6d07ddf8e272301fc96609dc38ec200924bffa2550ed4e07a050c02f040822a23df558fd2587f2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f40dee9865108469a0a483f8d10d2f83 |
| SHA1 | 3b9d592c2bc6f43b18e81f46b397d7e464fae868 |
| SHA256 | ff7fa64e95075d6424762476413b354d441f657441347bea4d418259f55884d3 |
| SHA512 | 5901a1161b3bce3837f8134de0395f629983718766db57e0ffe49fb8816ae6456bf75622d4cb8f264af0ca482b92714047cb06dcd487c2d2567492a9605852b1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bf228f5b3f47707a930178d59407d5b8 |
| SHA1 | 997de23126d529f6084b4331aba2513681c2a2bf |
| SHA256 | a390e4d84361258781711ae4a8ccd3f043e74110597ea3df08c03960e29c9d30 |
| SHA512 | 3d97dae12f62c9c312d6fd444273ef61ebc11495100dfdf2faa90d0ab53ad90053befbdd1846c83848f1b0b59725f23e402bf44eac3fefe065bd04b5b983e4fc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e29b098f2bd6946389df973503fe3a09 |
| SHA1 | ba867bfc584323d1ab3fe44b1c4d693b5efacabb |
| SHA256 | c2d6cce3c850583464bbee08d255105c86ab9109981464ba08138e0ea3d558aa |
| SHA512 | cfea98b2f7bd95e66176bfc3faa0c248248341316ad18780d68d6d75c4400b292ecd9a52c0a1eeba0cdb972f9e6f7624913701de6790e96f2ba712338f802a2c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ab4cc3977ce3d62f938a2a10117a10ee |
| SHA1 | 98ed39ee0d55dcfa5e62e88752156771d6970c4e |
| SHA256 | c4d596bb27bddd4bc157aa3bdeca67135c4a4723753f7dcb10b2c3a89168429f |
| SHA512 | 3dfc2e00ffcacfc501edb4ccbe50bf872fb56373f60f791a7215bfd720b2a8ebf837a0100fc7bd8e3726b70eb5813d87551940776656548eb73016f66936b508 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 66729240a187bfa311d594697a94dda5 |
| SHA1 | 0cc066ce4d0d1a69238f65007bcc6e6e2d6454ed |
| SHA256 | 21369cad04cd9c614dc8166ee46556a4874cda433baafaecbae97efc0ce5aab3 |
| SHA512 | 8df5c53c93104da473edf5f7416960d5c433a6c451e3ac89a1ce22afe6992f6b398756f25b8c389fdfb67e0713cbcac06af10b761ece86083c069d88d7780c9d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5f396b529c3c6b2cc9961b019b4b6865 |
| SHA1 | 5816a29c0e84714c5c8fb886b69922f8871fed33 |
| SHA256 | daa3db76278d2d9aab9a92e8e4878a57baf41e5fcfb2234c32b7f5eba48b86e1 |
| SHA512 | fbb5e6c276e1b87c49fe6813ef42a49aaec8a1917cfdbbf122b90c2e77dc2224770a12dcce78bc786ce62cf071b613835a7571579b98512de3d98de7dc156743 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 89a19535979ca2e15bb3a22ba621ff68 |
| SHA1 | dabee4da133f25b6c6e24db92176033480bcdbee |
| SHA256 | 2a726523db07681007988c6d7782044674ed7d3ddef8213b6c967ffac200dab1 |
| SHA512 | 59028bf6fea736e2f4c2bee6ed9d9e67550f8272892cfa4bd65aadacbb15ecf8bdfc3e03a02ddcd6fbe113312eed816aeda1cb9181a89bf14e3254a5f0a004f4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | aac6fb8d83a04a1f9ca0b21a0d0e8f73 |
| SHA1 | 1b9b6184909bdfeed3b80a07cf2c05e99a1424a1 |
| SHA256 | 4918ea5b4d2fc72338d9e0d35d7e3746a4384bad0bf8867886eeb57986700cf0 |
| SHA512 | 18ddfbd8242a15de5e1cf54a1172df714f3c0bbfa39c9f0847facc6648ea21a2b356cc0b7d9fe6aaca63f8c302eb7e757a479798eed9203939d7465f85f7ea82 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4f8cab0c863c75e73df530abf4e26259 |
| SHA1 | abcc9618baf5adcb1e5c0a1e64a1495ddd8cfc8e |
| SHA256 | 5dc8be208babcbb483ad7c946c0b3f0cd3353f965d192e8caef38885c6b86ccb |
| SHA512 | 06bda19cba486573e9e5f4dc477f2c3173c0fa5fb0cd1eaf324525d52db4ae304a4f40acab8d93cb3c60ba0b7afef2cbf325a2bafc93da1e64742fcfa33e55a0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e09b916fcd4940c1d2d653ac6d5b8d3a |
| SHA1 | 3bceea26400172ced30d1f9740aec29a84a96051 |
| SHA256 | c19c73312807de2353be91313dfbaa9e047bac5dd03934a8ab32207cddcf667f |
| SHA512 | 0d242600ac639576be991e395f56ed892a6be561c0bc36deddf600c2847110865e0620ff36241e794115ee4b7cee9dc1a7cecf9ae45cb024642ad1e001435af3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 60d37211bf9ad59a8e4ff39bd4dbd25c |
| SHA1 | 1fce2996c4a2aa004c9b01b79837ad7aeaa9d5eb |
| SHA256 | f08a4815594cda55db80216c124f415de9cde72701c46b50bfb5285105a7b44c |
| SHA512 | 308de794f7a7239250370cf8fb88dd59290046f2d7895a98412b9cfc4048f5bc91d4d9ee8f5aa6b002c006ac0e3e97d5b63daebc6cd0f560e5acdee888d376ab |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c1cac177e32d62fc4acc2b2cc00d1b79 |
| SHA1 | f8a6604f5302108eee5d438f4472556b25460d06 |
| SHA256 | 96f73cff1976ea7bfef3e6865a6d53760a70064daaa8176bb9d8e6ce4d048054 |
| SHA512 | 166d8457d2d947dee0634a96700c247f74e089c3ff379764cf7ca8c68374eb4f81a2afc6431a141101f7eb9e17b3f773d405e39889830ff2f2eb3e31c1a572a6 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 09:43
Reported
2024-06-13 09:46
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
124s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4e818d797e45e94759c0b838b16f80c_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xe0,0x108,0x7fff8c3c46f8,0x7fff8c3c4708,0x7fff8c3c4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,17398105228101423802,13114085290714208503,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,17398105228101423802,13114085290714208503,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1860 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,17398105228101423802,13114085290714208503,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2740 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17398105228101423802,13114085290714208503,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17398105228101423802,13114085290714208503,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17398105228101423802,13114085290714208503,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,17398105228101423802,13114085290714208503,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,17398105228101423802,13114085290714208503,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17398105228101423802,13114085290714208503,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17398105228101423802,13114085290714208503,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17398105228101423802,13114085290714208503,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2180 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17398105228101423802,13114085290714208503,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,17398105228101423802,13114085290714208503,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5236 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | static.pornochicastv.com | udp |
| US | 8.8.8.8:53 | js.juicyads.com | udp |
| US | 8.8.8.8:53 | adspaces.ero-advertising.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | static.pornochicastv.com | udp |
| US | 8.8.8.8:53 | static.pornochicastv.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 439b5e04ca18c7fb02cf406e6eb24167 |
| SHA1 | e0c5bb6216903934726e3570b7d63295b9d28987 |
| SHA256 | 247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654 |
| SHA512 | d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2 |
\??\pipe\LOCAL\crashpad_3404_FYLAMRSSKABSDJIA
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a8e767fd33edd97d306efb6905f93252 |
| SHA1 | a6f80ace2b57599f64b0ae3c7381f34e9456f9d3 |
| SHA256 | c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb |
| SHA512 | 07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3978be582c5191febb7e0807c9917c61 |
| SHA1 | a1c6bd1b1749e47ac24ca930c2c1d30c820ef6b0 |
| SHA256 | c523f99ebd9415c2ce748019035015f2badc03b7389dce2684c04634f2957324 |
| SHA512 | 219de45463a6f9111d5836d5a2abc2abfb0dcf147df0360776dd5c15a3f1f6b4684e7d39c1831c2a351231d1dc719bd118397683c21dff8cfe21c3648cf4e14c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | fb186aaf554a13ef827bba34c9ef8dc2 |
| SHA1 | 9df2de11dee5703f57c238de12b7b5cf915553f5 |
| SHA256 | d1fbe691ca7ac20d13524610796b1c627a794141844036325ea1fcaac915f882 |
| SHA512 | 4060dff2b969eb5c44149d151d581d5ed20fa840017faaecd1f8920af39f2105fef5baeabecb8961b0a176b3538f71a282ee4cd6f4811f90fd359969e03761b1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4f870d52d0cc9ab59eab953f97e21866 |
| SHA1 | c6339ac97434ab637bab6847325f1c561a35de3a |
| SHA256 | 54181e13f4e9b60ab824e9047ab657a66bd6cffe781e105ee76587c2f93ac178 |
| SHA512 | 7b2944442f0cbfc8a8f34dc586b73e4d5555a61deb8a5fd9b581ed191730e0b1a4dd49656d7e6775a2f6a72d66d96ca8b2eedc3f806a4095e352baabd7900dea |