Analysis Overview
SHA256
c78bfcd5ccf5d1197c19774e10c6d041c4aa8f9be088e3cac84a776bfd091dc5
Threat Level: No (potentially) malicious behavior was detected
The file a4eac3793f9fd4a5ffc913ade1a72e4d_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 09:46
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 09:46
Reported
2024-06-13 09:49
Platform
win7-20240611-en
Max time kernel
120s
Max time network
134s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000006b8fe0c8bfb4197f54b8a253fec82b76e4aae94c46c65b945eb7366991afaa58000000000e80000000020000200000002a275c6ba8ebb9574ad859f1641a03310c52d14646723f112604c8fea7a0ad202000000010da5b825e1a7318fed11934b7e9e91b9aa1423fa991c3e38a06932dc104c61840000000f10074496a70f5c0b105e7ebfad7c4d151feec7d08a68d0079cc2c002b40d8174768734254c5d563e555ea14a889115174acd6ca55cc81cf32d4ab5ab3bc3295 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 10a5e2a776bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000be52737b15d512aa0922d77b4294dae28a121d7d062f811a1947444c9952e41f000000000e8000000002000020000000f10fbf19c3b01edd1b88fe6b4535ff7a7ee031fa74b86207685147f589c4024e90000000cd48b8ae3387b44b9e8935e75c98b0a10a33b4f585f6938215ab74db9ce8b50f0e2c28f8a2bf12f825b37324ae52ffab6d116415d19d1986596e3efe150efd9cfbeaaac36da9b913f6a4cde6845d53d385cfcaa756b31561575e298f2585c4561402f9be102d01bab7f5ffc71f6ab65fca25d8b8b032e019e429f6a2c8eaf418caa044476ca0f3fe79392ff49503a07640000000e72f2ff924c2c140e3ea3b580f3b8a9fa01f179d9f54793badce9ce6eb52abc24a8e2c33ec36c2cb117e2a3775cad8d4fc14290e5d62dd24453f0f28ce179017 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424433863" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D155F0F1-2969-11EF-8144-CE80800B5EC6} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1056 wrote to memory of 2612 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1056 wrote to memory of 2612 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1056 wrote to memory of 2612 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1056 wrote to memory of 2612 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4eac3793f9fd4a5ffc913ade1a72e4d_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1056 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | buro075.nl | udp |
| NL | 84.244.165.144:80 | buro075.nl | tcp |
| NL | 84.244.165.144:80 | buro075.nl | tcp |
| NL | 84.244.165.144:80 | buro075.nl | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| NL | 84.244.165.144:80 | buro075.nl | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| NL | 84.244.165.144:80 | buro075.nl | tcp |
| NL | 84.244.165.144:80 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:80 | buro075.nl | tcp |
| NL | 84.244.165.144:80 | buro075.nl | tcp |
| NL | 84.244.165.144:80 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:80 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:80 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:80 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:80 | buro075.nl | tcp |
| NL | 84.244.165.144:80 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:80 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| NL | 84.244.165.144:443 | buro075.nl | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A8DU897P\fonts[1].htm
| MD5 | 4f8e702cc244ec5d4de32740c0ecbd97 |
| SHA1 | 3adb1f02d5b6054de0046e367c1d687b6cdf7aff |
| SHA256 | 9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a |
| SHA512 | 21047fea5269fee75a2a187aa09316519e35068cb2f2f76cfaf371e5224445e9d5c98497bd76fb9608d2b73e9dac1a3f5bfadfdc4623c479d53ecf93d81d3c9f |
C:\Users\Admin\AppData\Local\Temp\Cab7A12.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar7AE1.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dd63c8ccbc8f9fb7feb43459a8e62573 |
| SHA1 | 2241b7d14c35a52aa1f5c2c611a367800b7ff159 |
| SHA256 | e9aee008f63b971b6a50fd131e0b6e9d0139cf46f3af3a71825a1ae348c01645 |
| SHA512 | dc8ce801fa8c1e79b7dd6e478b120cfba612d105ff4b733859979b30bc419bbcfc585e3101986172302e7e4dd5db6085a2c38e4a8c03764179a7cd8ed15f47e6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a33ba62c8f8680388ffb717a0ec3ceac |
| SHA1 | 40eb72c2e7c0f8188bf60d4213000a680f4a47a5 |
| SHA256 | 30577bc7d3fc4540e0a6f66308b803af3896ea9cde8eb494fd9e7904c46483d6 |
| SHA512 | f57235359bbb250aa598747c6d0d912e4cc18af6306cfd0f02f62331be15395330ba6f17fc5f8bc803baea69ce2c60ef6f01196d138e2d4a9513ac5b920f4115 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 683b5bcde2abddb3f01d073617369ad2 |
| SHA1 | ca872c3a92e24b4ce039687235f28a5231b48aa2 |
| SHA256 | 9a5862ce9b68358753e3f0a7d1b7eb9a4c779319790a23b005412d93ca73d18b |
| SHA512 | bcc0566973863b137cdd4924a26cf6f5a3878f2e77c2618f989507540ec90e5b3160fe038fb7e1abdcab831d0049272bfcb110428f4ebfc1d1bf961059bde323 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 13c5c168e97df376b2026d7cb0dc2404 |
| SHA1 | 996998bf9d66d23ee5acdb3dbd97761491329d46 |
| SHA256 | 42e38e895b2dc4ea3d296bec16ca4ff375d8b137393f85878e9d3b356c0500d2 |
| SHA512 | 807681d39ae5dfdd8832d14f591328969a59cf377be582d452bbcc257d7628395188e62b435e4e4d4680e5b1ba7222e8ccfe0c842a5fb65cfe881220c7b48b0f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 58edc8f6ccb49705ffb35e25d1e10231 |
| SHA1 | 23f424f1e3f2a2f1caaa7eadcd90721deb70c4ca |
| SHA256 | ef7b63d49e14a47b7bab3e6f8f1ae981a9e5aef0f5d44a08e73ad63a466f9000 |
| SHA512 | ea0641c168ff2684ffac47c767efd6862ee84eac190fc45ac853bd1a3b1e053f570e2a2adbc9977a17305474ba0ecf75285d921d7ca1471c218f0bb0b531684e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ea59e9d6cea334ee78cf859cf220a607 |
| SHA1 | 225858fef1fb44230681ee7d50ccf0ee9eb84877 |
| SHA256 | 417324a13b024126c0720b0b7ae547fa65045db9e7aca0965df85e1831d33505 |
| SHA512 | ca57d3b989336d93d0f1fef2a3e9375003475fa4904c10e6bc9a55cb8a51c1a20b70b0f9d2005bdc5521c4da3af56b92a2171c27d586ad2074666bcfab882a9d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 26f14659a1ca71cacb501aa79b4c438d |
| SHA1 | 8201f2590304d1dfb8f5bd59245e73b2bf3385a9 |
| SHA256 | 24a80aebc7efa7384958212fb07a65d54d1efa0eb71686ed4608aee2df257ef8 |
| SHA512 | 1a30b318591d2483c44d1bd0d8beb3797f70001d6a99618b1e6e8487b09b4b2d7bd1c5dd9501cf3c70d9bc2a8f8cfb3bc70be25cb1a342ff2156e173f9a3eac6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 36905ab5208fa5a1cb4b0f799daa04a0 |
| SHA1 | 816e75d068805f09c2a14dd5cfbb78a81123e4a6 |
| SHA256 | 2e87371fcd942f791693bcf21a64a4372bca7bc4bc4ccb94fb8ffe70959e86cc |
| SHA512 | 92911fc0c62726e83ff8f6486245f3627875af76874cb2c084a744980a12d0c4b4b72496f6ed8736f1d58845e726cb768b2b586d966de82616eb2495ced647cc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 62dfd47003647f7fb79d81deb9c12a24 |
| SHA1 | 53b4348b7e5cf2b7c46f2d3c561c81161ebe8b42 |
| SHA256 | 8e44192a6c522dea7392597852800459c6af894042f81a82720dab1f3210ac00 |
| SHA512 | 5e9d5f9aee445afe1e42aa2a35ddbbd331e43a3f3d2d021fda3bd3f754c26be400f30cb9422179ca8bc61acbdb18bb6a9e093c9bcf6645be884258418794c80c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d0dcb4a6293c18bd112fc76d0a0668bc |
| SHA1 | f1d349fb84efb854b04e5897e0db5f9e12701ef9 |
| SHA256 | c87dbfc3ccb6833daa0de1f66811d62643b671ada17f817fadec197f07400e3b |
| SHA512 | 7d821e0f6fa51b5ed712986defd947bc428aba1ab25f8b7fe8b25f88c135a69901c91b555b82646b51f9442235dfb034bb2575b5360196661997f95639bb1b94 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8261640a3424c9f1fc134f073bab3e10 |
| SHA1 | c0026b19acef93d68876d9a57de6f5d6a60a6431 |
| SHA256 | 323c00817d2d6f4b0bdb51110ac3a6721a58b1ccefbd7b081b147fca29b4c1ae |
| SHA512 | 14ec5ece249bbdd3f03c3eb6d9de7c13a262192abf86c64ca5a4a5af9e59e2d9d9abec01616582311c30c0caaf2a95d58e8dd5f7cc73e05437fc0d15a40627bd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1172c6efcf132c17b10e150e96316345 |
| SHA1 | 6b29690eb112672c6e33a3376db07597b9fb5a92 |
| SHA256 | 04ae0e037d3c92f91a464c6d95727caa50abcf6f3b5da6e81767a2df842490bb |
| SHA512 | c6b6c847d0c840a205bdb210e63508b7eae41c4064ddc74e4b19b895ab993eb047727a5070cb3b378dce691d296c3b32c85eff899d897bf124606c567cfd9624 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a01fe2b05a913b53005bd9c1721fdc0e |
| SHA1 | 11f3ed77db1766152d3a4f6c60f02e5d4f34e858 |
| SHA256 | 1d06984ade4bf0c4308781ccaff92179ad85979b4995ff2c56598f376bd57fba |
| SHA512 | 76fbf6931af9dace9cd1e5d2407f3a8124ace02b550a36ab1a2d8e1cd593ce616865f41fb2bd0a52a641b96c45611a23a46950693381a6d03c83f6cb7a6d9d8a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | be5f1024b3411a7603795a805d38ed94 |
| SHA1 | a60d057a188d6bc042b4c7e4f4440acddc912c52 |
| SHA256 | 079cbe451332b703ad8a61f570d233875f874a2ab389782446879504db8d93bd |
| SHA512 | 57dfb1c11516ed2df64db8a81aff93ed3b9eb26d0e3fc5d53c48ab786a410746532a1c399e9f156b953541b99743e2b1e831416c39a5345a09c6345f8613da81 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fee902f4fd99f95abf72e832e05f51c3 |
| SHA1 | a504746537fb7944ce9575731def7d1fa501ed34 |
| SHA256 | 4124c177b06343d7bbaff0dc223d61157f9fdb4806481b6f20beee9913e9402c |
| SHA512 | ce32a4ae09a298f73b7cb35f8a754a93b3044a90f4fa62aabc774c67d568ef207dbf9fc24ea378d356c57e86f6d435471dcc84af1ec36eaf27ebb0acd547d09f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 962b701cb075803f39b5cf109e11518a |
| SHA1 | 92c52a4208d4e683f2a9fab022f1b5551bcf90bc |
| SHA256 | e3117c7add8d8a3500a6a1439dc8a18e4c2b94d7e72035911dcc55fe26db7c2d |
| SHA512 | 6e03aa1ac62a2349224811b07fdd56347579904d08feb8ca72eb3eb05f5f69feb06ba58798fc228c54653777c0fc02479f7afd0943b00e8ac8217efb2607e899 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 31cc93603dc4175cad382d52961d614a |
| SHA1 | 1b66f44b43fbb84361e932b7c7673f73b9f8c1ac |
| SHA256 | 1238c19857622cf1ca6b37b44a62c10f3b711012fafd47462e60f7fec6743988 |
| SHA512 | ab39c5bbe5369e445587921e67ec790c906de6b5e93ef7018641172de42ba919524e539362b45d58f1fcdc7f1603cc308a1828b672066a6aabb4a717cf145295 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d9afb93e005873be48484ab7d7a9bbe4 |
| SHA1 | e8d70c4d44f7b400c027aaa45cd5d436e0629143 |
| SHA256 | aad7be3696e7b941402c12bb61276ec25a53b670a5d4ef6fc21ee5c8573dbeb7 |
| SHA512 | fa43caeb684eb36e4264c6aea3f5c5c9dff9957db9f157276bccf692eef3dfc9fc59f959ad6a1c4283c86973fc89cd47e95d9d11001eabe17b356bb7856f62df |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 09:46
Reported
2024-06-13 09:49
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
125s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4eac3793f9fd4a5ffc913ade1a72e4d_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd6b7d46f8,0x7ffd6b7d4708,0x7ffd6b7d4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,10984392362382997212,808131130929267599,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,10984392362382997212,808131130929267599,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,10984392362382997212,808131130929267599,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,10984392362382997212,808131130929267599,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,10984392362382997212,808131130929267599,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,10984392362382997212,808131130929267599,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4988 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,10984392362382997212,808131130929267599,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4988 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,10984392362382997212,808131130929267599,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,10984392362382997212,808131130929267599,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4636 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,10984392362382997212,808131130929267599,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,10984392362382997212,808131130929267599,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3708 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,10984392362382997212,808131130929267599,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1996 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | buro075.nl | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | buro075.nl | udp |
| US | 8.8.8.8:53 | buro075.nl | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 612a6c4247ef652299b376221c984213 |
| SHA1 | d306f3b16bde39708aa862aee372345feb559750 |
| SHA256 | 9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a |
| SHA512 | 34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973 |
\??\pipe\LOCAL\crashpad_1344_LAIYCGFWKYFJCGOW
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 56641592f6e69f5f5fb06f2319384490 |
| SHA1 | 6a86be42e2c6d26b7830ad9f4e2627995fd91069 |
| SHA256 | 02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455 |
| SHA512 | c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 39be439b57366a0c990774f95e566d2b |
| SHA1 | 47e0f0b59502cfa3ecade70f09b817472fef84d0 |
| SHA256 | aab36fc4116f0e54b9949c86d7689451e24d3b753d9988e53448554ed9bb1516 |
| SHA512 | 114c52069f8f6a8979f82c2b0fcaf4b18eb902e7cb520ff02257fa31b4430e689ca9ce4703233a24f9ff96b6931dcac12ea8a14823c5f228c5001bb21b80535e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | a27a9c4f0ff6608de8e6a66a3b9f72a3 |
| SHA1 | 6d7542940ddd320163aa69f617afa03bc6aabc84 |
| SHA256 | 325db651fa9fdee65508c077edc70e0aa1852c8f8658159e216c08a8c58d1028 |
| SHA512 | d6458b90f0b404ebee7081e0b637ec95445000df443c98adcde4ad1f1f22fd69e6507f688069603e6da6d465fdda8fab7aa07f435421ce00d07bb53351ddb26a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 906cb1a5eee8e5735ba70529b4a77239 |
| SHA1 | bd9b1db7e38e4d145d69d6f02a6455718e3e22ea |
| SHA256 | 1a7150dbc7977864e672f45a55d734c9073adb2880fc01d177516fce4018a8b6 |
| SHA512 | 473458fd01ce7a3abee926a3f60926dad09462ebaed8c64b3bc6c4e002b3bae7cf51a15c120e7b20a53c42300e1f19c7c2911615f98f08f6b566f25e828a2ceb |