Analysis Overview
SHA256
13eba081e5d69a6d9e908d39104e2a400e2ba11290a17490dc46fb2539921265
Threat Level: No (potentially) malicious behavior was detected
The file a50a24ea5d5aed8cef0fac5df1744ed5_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 10:16
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 10:16
Reported
2024-06-13 10:19
Platform
win7-20240221-en
Max time kernel
122s
Max time network
128s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{130A05A1-296E-11EF-B85E-52C7B7C5B073} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0de43e97abdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424435689" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000fe7465d174f5fa48a980a4333143e4ef00000000020000000000106600000001000020000000eb56354859958bfad296eefa45ae1cab8070c37d3c52f279597aeb1eea2ef384000000000e8000000002000020000000e21521fcd60222ea071367f1c3ba3c5c7d8c58c19cd34a4a67677cedbffb7da72000000062ecb116f77d756b3eab1aa6e632d83c673e79f44d937a030859053b9fccf34740000000e8d393da46f9ed2c3627c6b0d7584b01303bd1efc6cfbc020453d9fd89f70b0ef1e2765ceaab4d429104c866c8a7a63a3ac6bf238eb0fdd5b51daeceb7ed4d7f | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000fe7465d174f5fa48a980a4333143e4ef00000000020000000000106600000001000020000000be91555a5fbbbfa89744df706c1bb53ff4e3d2523bd4e42d2d73fd61fecb6279000000000e80000000020000200000004784ea12ddb987585e3d78a8eb15a0fa78c5e92b74e4c92452f0eaa43bcd2ea990000000032e1de55d364eac143a35231180f4ab7d83cbf4a690f51d8f7c6fdca35b5c51ee75c293606efcac0b6258146ad11eecdf4d69676b87a70d11ebb1463c6f382942b44235e4ef187d35561e075c931335495740cab1a6a0a821d8164e2b7d4c7aedaeb0fa1ea447574f71d3148e9fb94054b3ca6c0211baf52a1e1c351cdbafecc86d864faea1c247bd060b404dc354d840000000ad575cfa4f5272946276b9bb0fc497d4fbbf1dfdbba4dab2515916b85cf5ba113fe5acf474c88ce6f4df56a02453487c36d71874d6080226c1fc58f27ef1d481 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2012 wrote to memory of 3008 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2012 wrote to memory of 3008 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2012 wrote to memory of 3008 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2012 wrote to memory of 3008 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a50a24ea5d5aed8cef0fac5df1744ed5_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2012 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | zajacpoziomka.pl | udp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| PL | 93.179.252.36:80 | zajacpoziomka.pl | tcp |
| PL | 93.179.252.36:80 | zajacpoziomka.pl | tcp |
| PL | 93.179.252.36:80 | zajacpoziomka.pl | tcp |
| PL | 93.179.252.36:80 | zajacpoziomka.pl | tcp |
| PL | 93.179.252.36:80 | zajacpoziomka.pl | tcp |
| PL | 93.179.252.36:80 | zajacpoziomka.pl | tcp |
| US | 8.8.8.8:53 | www.zajacpoziomka.pl | udp |
| PL | 93.179.252.36:443 | www.zajacpoziomka.pl | tcp |
| PL | 93.179.252.36:443 | www.zajacpoziomka.pl | tcp |
| PL | 93.179.252.36:443 | www.zajacpoziomka.pl | tcp |
| PL | 93.179.252.36:443 | www.zajacpoziomka.pl | tcp |
| PL | 93.179.252.36:443 | www.zajacpoziomka.pl | tcp |
| PL | 93.179.252.36:443 | www.zajacpoziomka.pl | tcp |
| US | 151.101.130.137:80 | code.jquery.com | tcp |
| US | 151.101.130.137:80 | code.jquery.com | tcp |
| PL | 93.179.252.36:443 | www.zajacpoziomka.pl | tcp |
| PL | 93.179.252.36:443 | www.zajacpoziomka.pl | tcp |
| PL | 93.179.252.36:443 | www.zajacpoziomka.pl | tcp |
| PL | 93.179.252.36:443 | www.zajacpoziomka.pl | tcp |
| PL | 93.179.252.36:443 | www.zajacpoziomka.pl | tcp |
| PL | 93.179.252.36:443 | www.zajacpoziomka.pl | tcp |
| PL | 93.179.252.36:443 | www.zajacpoziomka.pl | tcp |
| PL | 93.179.252.36:443 | www.zajacpoziomka.pl | tcp |
| PL | 93.179.252.36:443 | www.zajacpoziomka.pl | tcp |
| PL | 93.179.252.36:443 | www.zajacpoziomka.pl | tcp |
| PL | 93.179.252.36:443 | www.zajacpoziomka.pl | tcp |
| PL | 93.179.252.36:443 | www.zajacpoziomka.pl | tcp |
| PL | 93.179.252.36:443 | www.zajacpoziomka.pl | tcp |
| PL | 93.179.252.36:443 | www.zajacpoziomka.pl | tcp |
| PL | 93.179.252.36:443 | www.zajacpoziomka.pl | tcp |
| PL | 93.179.252.36:443 | www.zajacpoziomka.pl | tcp |
| PL | 93.179.252.36:443 | www.zajacpoziomka.pl | tcp |
| PL | 93.179.252.36:443 | www.zajacpoziomka.pl | tcp |
| PL | 93.179.252.36:443 | www.zajacpoziomka.pl | tcp |
| PL | 93.179.252.36:443 | www.zajacpoziomka.pl | tcp |
| PL | 93.179.252.36:443 | www.zajacpoziomka.pl | tcp |
| PL | 93.179.252.36:443 | www.zajacpoziomka.pl | tcp |
| PL | 93.179.252.36:443 | www.zajacpoziomka.pl | tcp |
| PL | 93.179.252.36:443 | www.zajacpoziomka.pl | tcp |
| PL | 93.179.252.36:443 | www.zajacpoziomka.pl | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751
| MD5 | 730049d23e92114702c1211884f5a48b |
| SHA1 | 5e37e284b5526ee738edd3b42f1febe692655a89 |
| SHA256 | 7d03faaa00be61603122bce7a1af89f0372eeb6e149b7249f0d39ef4481b1266 |
| SHA512 | 392904e1a4f76362b75850b9d589832e44b7b41781e0ade1395b8c8efe118c0ea83ce88f9d1cd095ad0ba6dbed91c727e1c907cba7ea9fe5106e9f16d7dca3a8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751
| MD5 | 822467b728b7a66b081c91795373789a |
| SHA1 | d8f2f02e1eef62485a9feffd59ce837511749865 |
| SHA256 | af2343382b88335eea72251ad84949e244ff54b6995063e24459a7216e9576b9 |
| SHA512 | bacea07d92c32078ca6a0161549b4e18edab745dd44947e5f181d28cc24468e07769d6835816cdfb944fd3d0099bde5e21b48f4966824c5c16c1801712303eb6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\70DD8E94B2A1B7FC7AE90935DF7639F5
| MD5 | 5b06dddf4f2a83dd3a2aa15d0c46d822 |
| SHA1 | b2bce4c8bb9cc331183f167ccc0ea55f54be92b2 |
| SHA256 | faff39491e4ec9a528c26118b607ecda2a5754c9e88949812f669e013d88dd57 |
| SHA512 | bd4c79a465a7328273fb6ef5c0a2bb30d79b0320911e57eb057bf985710b678442bc9c01d16a9d5a5a31956aafa3ad7d3678c7df0cf57ae3633a42f59dedfc4b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4948dd1867d45d5739d5e89a41ca785d |
| SHA1 | 0a5562548ca536803dfe97d5fb07ba3e9b62a9f8 |
| SHA256 | d810ddc04af54bac983bd690d8a6e6e07e2a18c57579eba7febf618f58d1f4d2 |
| SHA512 | 9597e27c61d6f1bc8d504708c7671560d60ec9c570f41496fb23ada493480fb8f9d6840c19fbef28158d6934c92ea70ef34fd4f37e9a946f9cb443b9fbe79bba |
C:\Users\Admin\AppData\Local\Temp\Cab44B1.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Tar44B2.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar45C1.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4a123fcf898f19cbba9a13a30b028888 |
| SHA1 | 1e88c5ac365f0cc310bb0dffda0db8ddbe580449 |
| SHA256 | 8d119a46fdedfae6bc414fb2c5799728e812b0e944df64e5b60ca5ace4901c9e |
| SHA512 | 5481c49a0eb5faef6adc57d08ba1328afb6e26a45d928b27583cec7d70c1c239183961b44efbcd5fe19dc294826263a86fd5ed94fc4952e8294d3323f63c977c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 21c14b67cfa50dac8c5a8f48a4bea394 |
| SHA1 | 808c33e9750fda93855c2e7f9782eca16abcd41e |
| SHA256 | 2485ea793a40b1e86fbeafc6862ed9cde433240641298579b673f0fe80a198c5 |
| SHA512 | 862ca4fb0d563f9405152f9bc4cfeddaa358bea1823471b7b95685ce0d0c0aaa5640f2fe00b28efbfe02612f17c88882d046f28c89d3334c1237a8bb7a565424 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a5d86663d0a01098ffc4bc07d42865df |
| SHA1 | d0ecb0b009342f59755e5d09a0e0d1e727772f2e |
| SHA256 | 51718ddebb49aa0c439ff952232f2f2c3acb74e1099497a8cdf1d6f5eaf7a7eb |
| SHA512 | 0fd7e9162bc116df20d63bdfeb4e704c1216c1a897185f5af5255e0dc47d173357702bef9efbe61ff52e53ec1f001e5bb0022dc88ff65117920b5c9c26874f1b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3756f429c51a668573f6219b7a94a3e1 |
| SHA1 | 36fb9909ff469f500b2ff8629c830456f943c8ca |
| SHA256 | 833f941d38f89244d121a5b8dca2068944c335a5a37e9d8aefe80822250f1ec0 |
| SHA512 | f44cad21c5ab76431fee988eb0047533c26f9c3e54a342f83a70564827b59232bb7e2d9d8c8350bd907af0377fe25ab6b9cadf6352c03fbf337bf5865eba3ea1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 700ac41eb65e681b88bc6f300b5ce4ef |
| SHA1 | 1de27a7aef1bebcb6211108920bc5babf88e6309 |
| SHA256 | 8ef7d34b9858b8b01de758014573fd41b0e076cd3082760fe75d4f895ab3e947 |
| SHA512 | 33b55edad98c883d24150e77085b70c5b74d154afabb5235b2279023d99ca07dd759afefd7f5ddd6c1298de18e4950ef3a3b1ebde074827a6781f2999522c5dd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c53164b7629fe5a73a788e08197f9392 |
| SHA1 | 9b91598373968dea5106cca3110293976edd3a90 |
| SHA256 | 68156282eba1356734f681eebdc7592c1b8cc17c25b462a35c4036a55d80d914 |
| SHA512 | 45df7b104362f97499da8434c561c8138a2e6e111c757d7b7694ecba0a077ff0b036f15db2dc7417061b5e8c55b5b097a8be0b49941a56cacd66958c8dec3674 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 643afc48f6581be9446b4e7f049aa9af |
| SHA1 | 6f714c4a7adb8df76ec372d5b377bdba887c4cb5 |
| SHA256 | f3175bc6627960872b3a72552ba29ee889fa1c21d3444d5a2e84781f4c5c3aca |
| SHA512 | 4677b9fe484629c0bee62f02519136f8ae04656d80b30572489b88562f671a0f58057dce7753220c5c8400f80e784b013567ec571c559a3aec6784a608c5f3cc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6cabdc05c2b5bf112cb4e771ca132fb7 |
| SHA1 | 4acbd6a9f1a32305480147be93af397c8cca4bba |
| SHA256 | 7ff83dcb50c332c5f4224f6c34a0521134c1be2d849dea9521b083f84c8d23a0 |
| SHA512 | dba47e5fb62b4114950d7546a89cf91d6e5796f59d0514f5aab495ca01c926f28f31fca84da85d5486a2e5d041fcbd5f41fa1f85c814baad63c410842e4a83ab |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6e1a588640f45726418622854cdf3ffe |
| SHA1 | a6f1c5c7b66ab7ad0324f4df0eab58b0cadc292b |
| SHA256 | 9be8f1cb8f2f2701913f0a2fd63d5e2b495f00b7bdc4c68321663d8fc25e5a67 |
| SHA512 | 6a6ca4382ceb6a00b4d62c1d78ca8a249fcbc021bd8c27ee0d2f3dba961f4b79c63911245eb543e02728825a6d6483cb0c4c3dc1f18820fb864f28a23d5b1daa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c1c710acbf2ff664c0e5c4b59b016bfd |
| SHA1 | b11c91dac5845e41b408ca0693cbc8211b485822 |
| SHA256 | d547676486ea0e20868af624671acedbcda3929c870b71d4892ac662dee5addc |
| SHA512 | c7ad6b5c20d734e1de3b7ece78c5751ba246dfd830a56397cbaabbb88314051c804210198705b0ee2d39680fcdaa3178d0cc93e7affb89bd1fa7d9597265eaf6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 561615565a0a4d13baa5322a0dde110a |
| SHA1 | f6baf84076c4c2e0cf9cba15416e6ff65a165592 |
| SHA256 | 2d5e9fc45ae21c7d38c4d2f52780b543ffc93aa778e71da4a6234ffd9b978474 |
| SHA512 | 7f63c163fcce8f734c432d0ee83ee0992daa98f2172cd969da743c0380404ef1c2844aa633733552d9d7e610d6027abedb62f8c374f9246519ffe2c1627ee20e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5b8c1b7b85ecc653fd5fb0c6ec47cba6 |
| SHA1 | 0fc8686cba141468d9befa412edda3ee051ce7d2 |
| SHA256 | 231a9d74841fb4185060ba5b7092fffa65ddf82b4d96f6a6032b6bf9d72a725b |
| SHA512 | 9bd0b57b2ff3608685ff32c24f749b6389fd99b06ab161d9277ab770f3995ab642f394f45a83faf9d95dcb97c37a8ebe63501ae1c6eb071f3a65d4b81eb95d55 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 5b696f5c41c59af8094483e7ed754603 |
| SHA1 | 0aa0ed6f3220999d2be4667e6ad9399dca88a3a2 |
| SHA256 | 1f52edb937d6586e5b6a468d9171d8a1752ba49d8667f86c52aec45c4a0f383c |
| SHA512 | 3f446d05b663994ae8f529db35b7c9a149a3e691e36be729b963d6a06e1e0c7c41f7afac8a6dc38fffda71512a7a661548040b6ac1735a685472194dc07c38f1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 16280440f996584e448b1cb931512730 |
| SHA1 | 173bcedfac4ea5d1a30fc3fba98281f6f6a62ea5 |
| SHA256 | f61276a188f96a16eee8cb955e63c240bf3258798ec7476e4afb8a0e54d95b6f |
| SHA512 | bf49eeac723cdd77ed0c1b548aa155b9cce743765532e90fa7c7c9e2fb0a54211b2c2e7dce579e438115c470b0116718af4ea1f31e5e3835797e5d1947433c6c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 587cbb80a02fe2665e1122b5cd5f77dd |
| SHA1 | 4c5c455973c371a1a3c7a1935088bb98af19c405 |
| SHA256 | 892b9f691388fa0f2b716b33c5d18156813f861068ad048043c51ec47578c75a |
| SHA512 | ed37c16cebc9554de78e3933ad2207a7267bcc0606c6be0480d7b40064bb61850a0ad59fc6f548defed9b630b2267f2fb181a37fb343561c4498b63b1a3741e4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f039372ca47ff0eeb35c4f81e30b815b |
| SHA1 | fc73ea35a7983179a2f15dd640df0c15f86faee9 |
| SHA256 | 730cff2e8cbc5399c9557bc3cdae4e6e9c67d1de8cbeb0abd077fdd0a9974b09 |
| SHA512 | b200e80f6aa160817cee064ceb05cb1b7e88889f6066f916fd322a0d5802528e1c3eb70a2cbc66d73ef040043a9bc6786b72c39d8f57b3f5d0eeee20d5267599 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c8e6529e92a8c0758b68a19dd9e28c6b |
| SHA1 | 63ae4961aa2be795153dcd239292bc5656b65c19 |
| SHA256 | 918ba5cbb7ba2a82749751a3d1e4dcbedac980948d7cc2e54c10ece139d4ac97 |
| SHA512 | 667560b0f74aec3bb8f3dce511b6af6fcd3cec3dbef0f4a725d5718226f5f1ee5c34eebec203e64fcbfdebb6897b35906ab525540597983e0f70c2c37c86edf3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f2c79d24313f34277d9a2d7d34de3757 |
| SHA1 | 59878832cdfb32a108665a438e0214e5dd1b9758 |
| SHA256 | e334aa0983cecf7274f91f0986ea4d0cb4d3ec01923ba056d66685099f7ce8db |
| SHA512 | 8db2d37a62df9b2806042cf66a38a1b3fc5c713bb0e56aa8f6312028c8dd75737e6ce5db9a52341abd77845e30f05e44f9e062cba3129995408bfffda152ca15 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 3eaedf7f7b2f8ea9fa4c09c9cbf25f3f |
| SHA1 | 71aac15676220a79d0a5a2a994a2f97543b83be5 |
| SHA256 | 18ee1bf80c996181c4c9896808722fe1f34c7dfebc0e297cc6c51849e56e8f3f |
| SHA512 | 6abf515ed018f050a407f6d20a75e1d8ffd576c35290bd9327aa1bf5d766a98c5d61c150d1f44bfe2b092d7f5f6622bf709b6e1a5a21382b0ba66e1862ed36df |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d789114f9111a7333eb234ed8107d0bd |
| SHA1 | 71330cde21c792c6022ff93b00ee24e233e34bc1 |
| SHA256 | 9ade7605205065463ee87f7c8008cf8f01aceb739ddb3fd24dbbdd513e070706 |
| SHA512 | b25e3b3b1535bb049143f7e7567078f1412c4a53862c947fd2b68541f520061a684b87170509ed17a8635f95c529284ac1d9702f5ebe891ff2b594858da2aa28 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dd4d103ba57dd0c44eccd00083a23950 |
| SHA1 | 5c29dc9b240943ad8d0d12ca55655f4743dbedb0 |
| SHA256 | 7cec5d2c7df769124f902f93aa3e50dce1a619a278073cef20b794d8f508bc7b |
| SHA512 | c10614086f5e53cc87e0d7f608c470ac57c730cb68063fbf9cc803e86e88c01a0be6e0a295c06143c0d6a68b0b3b3fd5658847fc9ab4a46f38e44da0b93823dc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ef25352279f9591ad066879bc74b7b34 |
| SHA1 | 790eb6212ffecab88a2e3bc54bee6b24d0cb05d8 |
| SHA256 | 7d7e5ad018d7306404b4ece4a7412ec9db5b4ad10caa7e5a673179521c46a919 |
| SHA512 | 03e1cd063e8e71127bfff0cc8063e3f33395d8d79c0f57874d88fc5ea738e87f77638ba45166495ae5ed24f4240e9f8bc86b39afdc047087f6e805edd21aa8a0 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 10:16
Reported
2024-06-13 10:19
Platform
win10v2004-20240611-en
Max time kernel
145s
Max time network
140s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a50a24ea5d5aed8cef0fac5df1744ed5_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe706746f8,0x7ffe70674708,0x7ffe70674718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,8689393261622119547,11422038695610986103,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,8689393261622119547,11422038695610986103,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,8689393261622119547,11422038695610986103,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2460 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8689393261622119547,11422038695610986103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8689393261622119547,11422038695610986103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8689393261622119547,11422038695610986103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8689393261622119547,11422038695610986103,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,8689393261622119547,11422038695610986103,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5832 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,8689393261622119547,11422038695610986103,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5832 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8689393261622119547,11422038695610986103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8689393261622119547,11422038695610986103,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,8689393261622119547,11422038695610986103,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4800 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | zajacpoziomka.pl | udp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| US | 151.101.66.137:80 | code.jquery.com | tcp |
| PL | 93.179.252.36:80 | zajacpoziomka.pl | tcp |
| PL | 93.179.252.36:80 | zajacpoziomka.pl | tcp |
| PL | 93.179.252.36:80 | zajacpoziomka.pl | tcp |
| PL | 93.179.252.36:80 | zajacpoziomka.pl | tcp |
| PL | 93.179.252.36:80 | zajacpoziomka.pl | tcp |
| PL | 93.179.252.36:80 | zajacpoziomka.pl | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| US | 8.8.8.8:53 | www.zajacpoziomka.pl | udp |
| PL | 93.179.252.36:443 | www.zajacpoziomka.pl | tcp |
| PL | 93.179.252.36:443 | www.zajacpoziomka.pl | tcp |
| PL | 93.179.252.36:443 | www.zajacpoziomka.pl | tcp |
| PL | 93.179.252.36:443 | www.zajacpoziomka.pl | tcp |
| PL | 93.179.252.36:443 | www.zajacpoziomka.pl | tcp |
| PL | 93.179.252.36:443 | www.zajacpoziomka.pl | tcp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.66.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.252.179.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | s.w.org | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | kntsv.nl | udp |
| US | 8.8.8.8:53 | grimhoj.dmcu.dk | udp |
| US | 8.8.8.8:53 | langedijke.nl | udp |
| US | 8.8.8.8:53 | www.pflege-tut-gut.de | udp |
| US | 8.8.8.8:53 | megateuf.edelo.net | udp |
| US | 8.8.8.8:53 | squash-moyennedurance.fr | udp |
| US | 8.8.8.8:53 | yofeet.com | udp |
| US | 8.8.8.8:53 | www.icanguri.com | udp |
| US | 8.8.8.8:53 | www.devonportmotors.co.nz | udp |
| RU | 193.3.19.163:80 | kntsv.nl | tcp |
| DE | 195.110.43.159:80 | www.pflege-tut-gut.de | tcp |
| NL | 35.214.178.4:80 | langedijke.nl | tcp |
| US | 13.248.169.48:80 | yofeet.com | tcp |
| FR | 109.234.166.54:80 | squash-moyennedurance.fr | tcp |
| FR | 46.182.4.115:80 | megateuf.edelo.net | tcp |
| US | 104.155.138.21:80 | www.icanguri.com | tcp |
| PL | 93.179.252.36:443 | www.zajacpoziomka.pl | tcp |
| US | 104.155.138.21:80 | www.icanguri.com | tcp |
| US | 8.8.8.8:53 | www.jsdelivr.com | udp |
| US | 104.21.23.24:443 | www.jsdelivr.com | tcp |
| US | 198.185.159.144:80 | www.devonportmotors.co.nz | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| IE | 2.18.24.9:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 4.178.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.166.234.109.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.4.182.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.19.3.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.43.110.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.169.248.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.138.155.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.23.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.159.185.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.24.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 56067634f68231081c4bd5bdbfcc202f |
| SHA1 | 5582776da6ffc75bb0973840fc3d15598bc09eb1 |
| SHA256 | 8c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4 |
| SHA512 | c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784 |
\??\pipe\LOCAL\crashpad_2388_TWBGPRXKWCENHJUS
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 81e892ca5c5683efdf9135fe0f2adb15 |
| SHA1 | 39159b30226d98a465ece1da28dc87088b20ecad |
| SHA256 | 830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17 |
| SHA512 | c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 24a543c6cd8558d99f6ffee7943fb076 |
| SHA1 | 20653e1e79681c2c514d8fdd1bc72e0da6062dba |
| SHA256 | 749bd67edaeac7c58dea134ebcace7e30edcca688fb3c5aa5f52d64a4a954ab4 |
| SHA512 | 3b11c21735d6c385dee7347501b7243b172e291835352b9ca76e966c72a570cb452b2092bc659952ce078f6d740843fb4ba73f9cd40941b97cb421eb87e3a3ae |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 6d965809d5f45fccef977f3c4cbcd8b9 |
| SHA1 | b152b2eebbd8dfc4668eb0384acad9b760c048ed |
| SHA256 | 9160e3088412c3a9ac572ea0b6078a6bc56febcf6717e4709eb162878b7c61b1 |
| SHA512 | b510aa52e894575535e53adfb6be1a8b3f0d6aa7b2e1a7f0c133f9306eb18969da08b796d6cf6d5081c7ccfb1700f39a41148e915a604379dc302e81a81bfaa4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e1e8074d32ac2fab2877ec7e87256703 |
| SHA1 | 354e4cb2ba1cf8830414e95d42bd784e3c082147 |
| SHA256 | 509465bdce7e0911f9547befeffddfae5a5ce13cfc1858f092a32eef05b7d19b |
| SHA512 | b73ac3016e5bbef3980bbadc7fe04de41588370a04a3b6f18fe8abb24ae931ed5cc0a9ab5d6e9f8bc59776c8799c0fe6599d2ca3412164a18d82fe48c3537538 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 4c34fea0653f6ca1115662d88925095c |
| SHA1 | 30e0b23467221f7b7a9f63c07bb95a701b06bc20 |
| SHA256 | 5a0c0f06a4920031a07fb0fe416014fc2e8da71c94f3e5eaf502322c6bbc5c8a |
| SHA512 | fd3f9fc63986a09a66fdf45fb1054794fa8698ad36c3667c21d7dd50145c3e9f3be17b34fc4f99d263d8a1bd674f7077b1650fbc71a413ff08566ec23bbdb3e3 |