Analysis Overview
SHA256
26bb072bcbf4ffdb1687d06270cc834cd8cfd2c57cf3f852d4681c3a7bccc6fb
Threat Level: No (potentially) malicious behavior was detected
The file a50d8c4ac9ab38076197a756f89fca0c_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 10:20
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 10:20
Reported
2024-06-13 10:22
Platform
win7-20240611-en
Max time kernel
141s
Max time network
144s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424435887" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{899CAAB1-296E-11EF-AAA1-627D7EE66EFE} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0ce65617bbdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb8100000000020000000000106600000001000020000000b224e02b9b48d2c8053a4c99c0b3c7303b077c43f1a4749be1cc5914be54a4c6000000000e80000000020000200000002e8ec13ade4bedbc662ebb292632dc26dc49e6e00f658434a1c8df89c1628be790000000b055e6de9959e258e53e3ec7f96676cbd01ec7041c4c201ed762507bdc92d5a754cdd6890843d4cb4c58612b51380ebfd598385c224341449b8bbb842e76ae1e2a73c544764ba88e3dc35c6fece7b4ebc77c1b3e9488ad8779cf6233987852798e29cd866fbbdc38cd603ba1e52763560f760a634cc367dae0d3bfa4191594b5b20cd6db48231cebdc3f3bff2e96872c40000000080cd9ac5bca6f509ae0450bfcb5937f647acc3dd9113387d296967ac340602d68fe8861db24a5889b18e05850904deb5e19003272f1e817f2a752410ebacc3b | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb8100000000020000000000106600000001000020000000b994d01b410ae0513d7be5c2a39dfbebcf7ff09bc4c762d913ce990607deddd2000000000e8000000002000020000000b8a10bdbd8df667639e5249a6c376ceb33457dbf2d60dd3b81892de7b825e398200000006bf205fb4852b8c62ef1142651dcbaaa1af985acb4a7a494b13f5346c81a58cd40000000e7bdf031d52c29ea35acb7ae6b25e11bf97d8c9a41d6e090d3296b9e3530b9230059bc94799336730d8192294a5f9d6957452d4616fe0ba020d1a06c92192862 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2288 wrote to memory of 2908 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2288 wrote to memory of 2908 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2288 wrote to memory of 2908 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2288 wrote to memory of 2908 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a50d8c4ac9ab38076197a756f89fca0c_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2288 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | sanalyum.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | xslt.alexa.com | udp |
| US | 8.8.8.8:53 | www.statcounter.com | udp |
| GB | 142.250.187.234:80 | ajax.googleapis.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.187.234:80 | ajax.googleapis.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 172.217.16.238:443 | apis.google.com | tcp |
| GB | 172.217.16.238:443 | apis.google.com | tcp |
| GB | 142.250.180.1:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.180.1:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| US | 104.20.95.138:80 | www.statcounter.com | tcp |
| US | 104.20.95.138:80 | www.statcounter.com | tcp |
| US | 3.94.41.167:80 | sanalyum.com | tcp |
| US | 3.94.41.167:80 | sanalyum.com | tcp |
| US | 8.8.8.8:53 | www.hugedomains.com | udp |
| US | 104.26.6.37:443 | www.hugedomains.com | tcp |
| US | 104.26.6.37:443 | www.hugedomains.com | tcp |
| US | 8.8.8.8:53 | c.statcounter.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 104.20.94.138:443 | c.statcounter.com | tcp |
| US | 104.20.94.138:443 | c.statcounter.com | tcp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| US | 104.20.94.138:443 | c.statcounter.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | cb85f3fcf86ef0de7ef258539cae87de |
| SHA1 | c73288fff07885a62f8c7033b348863ed3b8cad1 |
| SHA256 | 7430a96d94b1faa5363b7656b323ffa416fd262e0405e498bb143dc93443963f |
| SHA512 | dc152f2e8c8f7e316e84f7a1f3996e02c08d582d6d0e40b8bf7171e359ea952a80b7452e56690b30fe98b4655d4744e8529a930449ef1cd853e377f86294b2d2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | ac89a852c2aaa3d389b2d2dd312ad367 |
| SHA1 | 8f421dd6493c61dbda6b839e2debb7b50a20c930 |
| SHA256 | 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45 |
| SHA512 | c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DACC52A1882A05AED14688828CFAE295
| MD5 | a4b24870589ad80be1d68d11899c6a97 |
| SHA1 | b451346d7647dabd4949e9b85ecebbca39a74fe9 |
| SHA256 | f4e2728cbcd43d20ab9b5a1a9fbcfa38f3ba4f98933bc4bf959eb880ed7adfff |
| SHA512 | da5965739f1f01e161c8f3b99437bcbe4b3b7b39c352799cef79e548407b92d9492782ae16b2571e14f07fe1c558bc20291ede7a2b6392cfd90ed4e8a62ed025 |
C:\Users\Admin\AppData\Local\Temp\Cab11AD.tmp
| MD5 | 2d3dcf90f6c99f47e7593ea250c9e749 |
| SHA1 | 51be82be4a272669983313565b4940d4b1385237 |
| SHA256 | 8714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4 |
| SHA512 | 9c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 14c9cbdf2107536035d5074d74d9b421 |
| SHA1 | 0fc21d8741eace039d4de44321eb246b65fdd15e |
| SHA256 | 7eee5965344593704b1416196f201131ec87ac4f9006a7c9d1ecbda48d4509aa |
| SHA512 | e313a9148ac4f18cc21e3ce51eac4b4068fd27ac1c3cd2785e0078a383fb6fc662a714a1b457910454d2ee56b77a888cf0ed0b32a88b8ec00a8ab26cee1d2b82 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R54TGSS0\platform_gapi.iframes.style.common[1].js
| MD5 | 682c26af19b240f98d2cb951721fa54d |
| SHA1 | 18e58b652c7f82a55ab4b1910693686049e25d62 |
| SHA256 | 96428f0f585a874c185d560538ad83ebfad0365d760fcf9fcefe80add9e3c980 |
| SHA512 | 078aeef086271b7f9cf0f6e3a1e7908d7e38465a1a7a4de6f2a785147e9130551a2995e80600824da9341d58e5425d4505518e90eea9ffe1c64f4f41825a9660 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1M46YZP1\cb=gapi[1].js
| MD5 | f9255a0dec7524a9a3e867a9f878a68b |
| SHA1 | 813943e6af4a8592f48aeb0d2ab88ead8d3b8c8b |
| SHA256 | d9acfd91940f52506ac7caeffea927d5d1ce0b483471fa771a3d4d78d59fda0d |
| SHA512 | d013be6bfc6bcf6da8e08ed6ff4963f6c60389baa3a33d15db97d081d3239635f48111db65e580937eb1ea9dc3b7fc6b4aecb012daeee3bf99cfebf84748177e |
C:\Users\Admin\AppData\Local\Temp\Tar22F5.tmp
| MD5 | 7186ad693b8ad9444401bd9bcd2217c2 |
| SHA1 | 5c28ca10a650f6026b0df4737078fa4197f3bac1 |
| SHA256 | 9a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed |
| SHA512 | 135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6e44bac525fb8a8cf1d346d3f2b59e67 |
| SHA1 | 817f4bed51761ea67dd54d9f6136888ac53af555 |
| SHA256 | e5a26db4cc1ccab38bce26a9288978a2937190f53098afc6c4d4a7c69937d2ff |
| SHA512 | 7b9da21a17bc93e7e24212580c431d349201bae6bee841a8683e8c277ef8bc666eb3d68588649322d9fbc2bf0843c60ca4eae0a78c59b0185b004cc417c3a6e0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 239f901c2875be1ccdfc651e85034103 |
| SHA1 | df489b467fa7ce553ce8bea3816167f9c13dafeb |
| SHA256 | 4e8b086bf3dcbe3303c94687c22f2a2a81e08836549e311382a8ec8924f10ebd |
| SHA512 | 4eafa53917987f8239d7c8327064353ffa1290f38e452739dc7022cbc1ef1a4fe98e79680aede255de661eb89f2ae3d3b7439d2974f9c27253982f16b3a1e4df |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9bb204cfc5c75abfd45f8cc1f17cf1d4 |
| SHA1 | ab5c960e4ffa104513b85cc63e0002c7e802b678 |
| SHA256 | 97ef1a5584c7b30a8297072f24d5a9a77a87f8b477ed9f29e773c70e5a25c8c7 |
| SHA512 | 6cee303dff5f0e16a1f83cbe53bfbed148a0a5c5eb685d7ca8119e32f27857bc6c4ea732c3e93c5d1711c2a25c801d1e386eb5e3870c857207e2bf71a94dd4a6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 721077a89c4edc8c8a4ee3c8cb4f5f35 |
| SHA1 | 02a6303126d8629945ee7979131d4a240aa924e9 |
| SHA256 | 41b0e3acc1226cfe0d546407f921ad601ba339b287fa1bc54f52cd366dea98b9 |
| SHA512 | 4cb28d975c3aac5b14729ef454f76c28a4652854b995c67535dd55d2f43740d904f63346b91e38829b1393fb33f6e67b565c93bd789bd42dd34428459a10723b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 77c93482e700d90cc5b32b0dbe091df2 |
| SHA1 | e3489ff31a10efe265871d32183f07f42e01f2df |
| SHA256 | affc19c05c11d4cfaa493b65260e6416958c566fcccec831afcb9fa18e9aa189 |
| SHA512 | f25f360fc05ba1df90122b8c41a1420ed55e956837c2f8e05c47b048fcb33848e7a23d903a4a8fb613b5794dbfac4dc43e6f14de3a3e2833158351364bba4c1f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0a80f768d53b75679781fff158dc3223 |
| SHA1 | 5aaa8a585777f1879497cad23bd31ad104f20e7c |
| SHA256 | 6ea458912a12e95e6e4472a5ff5c4ad310b866d56879c4e4c08f111bf17b22b6 |
| SHA512 | 71f3b30881953297633e6e8d86ee99dc185ee11861398cbd73c55beb38ae4084eaf075ad9f67905af836cddf3b564b7f9f54a10d8dc7183fd134ebe892c6b7d6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | eb46659af950b73e634eda787a7db2ac |
| SHA1 | 5d8beabb4d5adfcc3a9ad64b8539ae2c917dc499 |
| SHA256 | 9559096ed2e24b310b66b27beedeb432c559b1d21cc41cfa96f05c3061869caa |
| SHA512 | 7b6b3b92c44b655f428fd81b8666b8d7fd56c121d362b23bb2fba715b6b1d5f7ede6f9f0da7082ec15a130b7ad82f362f7d8bbbfdbfa6a63cd3e77f0a3f1e36c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 208493360de2cb6d4b4b767698cf07b0 |
| SHA1 | 563e0c15e1fda20b9d0c6b18ce92cbe9d898ce14 |
| SHA256 | ca6cd12daf05d87b0cc00c3a0a28ccb9cc4f7fc00c0dad378f1743c941789034 |
| SHA512 | 42f051c3636da16c6e16d8d6e19b5d54539572ad4508efb96609b5180adda32d0a5e602863ca8d62378cb8511c582a281b772bae1621ca277e45774e2e5f1ab3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b1ae2d3ae4a8b454f785e41fe07469b8 |
| SHA1 | d7d6f02f422066405264e0a461f5e6f41d498933 |
| SHA256 | 07a464b8cb3b8641e064d2ab2b8aedff2e6c847d36d8671aafda79f849d76815 |
| SHA512 | 6fe27738babe8935e934d237b3841644e1b9db0dd62c2904d95406bea629a2ee2b478896a0fd13104f0da388ca7de222e262bd25efac3a363b7ca826c25c52b4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 61a3b7b7b445767d88db5efd5be0086a |
| SHA1 | 2e574047c59d11776c6187c91da2f2ff97a15d46 |
| SHA256 | 4ec0d09908d2cf026d7d7b82a61acb0de7dc38ecb735281476ce4013e52a1cef |
| SHA512 | b842e8303a1df4e0eaadf99fa4f69736992613c09eacc10c981fab48969b41ab0432549d2c7062a115751af2043cc9d66ea9469d85fb4aca0c213fe379860e8f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2ed41bd806f25e387083688136e733b6 |
| SHA1 | 5ae98fb4b4f7a60ab4ea698c4f6f8006c9417c35 |
| SHA256 | 89712aa2626ee0c0fc9c5d989eb2246140d8c1c62266dd9c26a5ff7eb3111ad0 |
| SHA512 | aa02a09191a6d953226dd4d20cd7bf3f9f78f4d5551758f1556086b2f5c22b977a1401426fc84d2a68f98c0d20e16a9d50948fc6d9fe8d8088a780ff8fb66b23 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 911d3c474c4ee6b2c65640aca55d7fb4 |
| SHA1 | 3ac723a1739da9f38c030ea3f7f2d5263c56ae42 |
| SHA256 | 287111b3a500c87223cc9a2e2829ac51ad7678641460d0e21293ef0ac6172367 |
| SHA512 | 26970254da739a9e2af50997dd1f8ad2b38b1574178e320819d5cd4ec37c3147e37ade3870ab55e4bc95830ceef9c4164261b00318e5446e67ef0007db24071c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 67b976a8ab87ee763482ef788c152339 |
| SHA1 | b1bcbb1852c0c942fdb493b01c888ece42ef4bb7 |
| SHA256 | c270df65f1ff8179a8362976f90496dbaedeb905ac4a400d8a9ac90ae5ca1b32 |
| SHA512 | ab56fafb84360ad99f6e2a92b08afee6f46258d3b71ced401797f6777859517be082f6bdd0422623e1fceec0bc075792d62f2e465d3a41c53552f3e69443451a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | abb864509d37edfdd2fe0a4807570e50 |
| SHA1 | c57148105d6e79691e62f50ab75fae8605839da6 |
| SHA256 | 537df355df805a6bb8f4e199cd3341cc76d7a8b3a5c789b2dd5e5b481c098140 |
| SHA512 | d891b7f6e12e1965f543b6595ffd58adda9e655b60b85f01ba7e13ebf799a885bf6f26670a965853934378e7d74b25e7293b97e96c055e80bd8a2e01a9b8f5be |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cab1a0ef9d0fe797f90a3e008ef0ab79 |
| SHA1 | c7a7763ccf91e09671a494c93e0ef7606354e3e5 |
| SHA256 | 75ef68ce33cb327b28e2798b8385b4f518229453068a0df881220dc70012fee3 |
| SHA512 | 2a038f420f55e59d26194bdf98ea5c97df23b31add6a1f2166bfe028791074099078af7e4e51a2874be4c06d4b4b7083fecc248ad0e0f0756b48e75d8e35beab |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7382529b8c9f6bd3e218894fbbe3dabd |
| SHA1 | 5b53ac98d57adfed6bf471a68c2e779c984e6eda |
| SHA256 | 86661340d893993ec503beb53343444baac70157ed7c799d7af3205571355cf8 |
| SHA512 | 1f453cab55ead5034e95b093c7fa316289154b9fd8bd4fe1358e146d75adf78f58c6e18ede75659611a36a9bb4b503d5bb571e391d80e6cd63a7eac8af9a1be8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 102ec5ec6de50fb9d1732d6f092e37da |
| SHA1 | 66006de0bdfb79228e8a73eccd32632db2ebb7a2 |
| SHA256 | 3af0545d2c7296818921461cf2c5dab64e053f25f60b9cdb9a0dfab794913bff |
| SHA512 | e6281793856c2444e82f6c63c4fe7cfe8ab9629dd12641d13cca321cededd47f61050db62f2236ef3489de6af6aa1c5aa46a09b5ce38fbeda8cfc5e162144837 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1746919a3e7831f553feb8ca1fb941c6 |
| SHA1 | ce22c2d9b0225b3faeaeaeed1ffa36c078703062 |
| SHA256 | 8c61533f0327d8538bb1e002107370496333c8d2bdfa4e76acfe76119c101453 |
| SHA512 | 966e8339a2834c722eb22a25eeff91c1b7ee34198776cf1405779895e0a966f98d9df299e86766a678e16d42aa33c3f9cbffd32d174710a38b788a939f5374de |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4a178c32be10f86b54a26d5bcf509eea |
| SHA1 | 16709d30e007b7aa01ff37c0b21c376140cfdcd8 |
| SHA256 | 3aed6d263b512ba2105bba1d7cfcb7737297e97797ee01c5b57c6c848940d5d7 |
| SHA512 | 23ac03076eb0be3ddf57214e50c77514ca69974e5a384644f6dc87b414c6eb56fe876a47b6c969703ea660478aecb974e91446bf40d7c650d6213450b2d8acdc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 667d49ff305ea6b1f82827ab3387da01 |
| SHA1 | 5e254d5fe39d4273aaa9a0a8dc03ebba54b1b25f |
| SHA256 | 101e5217a16b5dc49b1168f82f26722e3a10be47d9483ac4efec41e8cde4f4d4 |
| SHA512 | 385bbb7ebb90daa2c7773b0ae2c1a40ae37a0f30b985f74c26795bcb7ca22093afb541e004ee19f0210d9ebc2eec851e7bc6bbbf6383675402632a872490cde1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8fa32435bbde06eb93410966afa69a7c |
| SHA1 | 0ecc9a50ce40b0a2cdec0d060cd6aef23556fd87 |
| SHA256 | 53ef9ad9d01aeb26e72d59e9271695a13cbbb692ea6daf63a94d6e63a6d8ae61 |
| SHA512 | 4e408c59b2cd43dfee75387b17687bc8c323e914886c4e5a03361b811d11e0471960956aeac15999ebd3cdd57d6e245e15e4d4b0290d748a7f4fdb95239e298d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8d18ba3e01f8a6680b732591a771c11c |
| SHA1 | 5bae39fe6d110e56f0e10f752f49cbc648ec75e5 |
| SHA256 | 8e81d77141b00d4581f16e22143021482bc17c36a19581525f5f63c863d9dd65 |
| SHA512 | fbe19e5bb23aaedd6960fce66356ba2ee4c5c674742240aaa8dd6d836b77b9d7d9ff93a5369249e8a8c3570c6f9e9a3a6b01fc144713e9cc63a30862cd80d812 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 569fe6a647bb5d8a93eec7b1f494e6d3 |
| SHA1 | 8743ae64c8161a71e67c7d4242131672047b8a54 |
| SHA256 | 895fae77ac5c56873376c6f109b4d494655781afac89dc1aa646b5347b6b15f6 |
| SHA512 | fde5d825a7aad1cfb41cbfbd473cfb8b46422b4d136dd944db9299079c8243d11479f10b3b1f47423fa16a54d115821a7a28176ab3d5d062b637675b4656ad64 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5b7856c09b7ddbfa949950cf43f08aeb |
| SHA1 | 3d84b0770fa38f0ad72a311b981f7c4956399b2f |
| SHA256 | f064da9af6371f60ec1f86411741dc4e5813c6e11f97257532a2fdf0b95fd532 |
| SHA512 | 640bbe173e7a8e7485fa49426452f94c2d41bf4aa2a1740b30df7c5e5fbf1292743eade93197d70463d4c05c93b1c89e18d18277f40b0e097ed774e060c7346d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b2f58cac93df102d8d3c3bde5b3532b2 |
| SHA1 | b50899bb5c7964f3a164866bc25133bd7a6f5d18 |
| SHA256 | 3f5cd0c32ba279ed8df19e3259e7631cb3f0b1cd0992586c175c2ff54d40dcd9 |
| SHA512 | d19e19c35b3df4e92e0f149abba78bce1f5fbdc981ad8a66894e577bedbf7b644dea7ad3773f31b48776550ab49abfeed93b757dd4d89ecbe79c4d3a6ef3dc63 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1fef4d141121f5d84d636d14d3376f6f |
| SHA1 | f669d018f21e162b88eb267ee17fcc59a6f17990 |
| SHA256 | 9b2899c23fb12a1448bc8c962e80e99e18389fa8e9a6b03f2caaa4093bf7fd47 |
| SHA512 | 71a4d5dc51036393cae334d836fac8f97aab803c25e1a32d63a28549b4b2d4f3ee534c25999caab10e367819e50a5cc5e715046a319063d431c77b9ec8d54cd2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b11609fb3dac0b9109a1040aa89b0d90 |
| SHA1 | ba3f53b8218f5be5a201d0fb54ec42872b21d18a |
| SHA256 | 242aaa408c8c4f1f897f1ccfa4ef291d13d073afa764d245281da37ea022ade8 |
| SHA512 | 9d4df6697fecba7cab36ea02e0a8edbbf51c90e20fdaf16eb27144079dc1f01e5f0dce5e9fd5ea8a8ba3d90e2daec57c2c8a4e9f6a7dff69ba7d887deb0b0b9e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ec6d89e1c176346b2b83df52d6b143ac |
| SHA1 | d3ce26ce4fe1e9ed34e70facbfed8fd7fab77696 |
| SHA256 | 490064d6e882ce8caa1b45673d4bbbe913849c9ecc1a96bd6b085d29498171f2 |
| SHA512 | 0dbc5ffd463c85c57fd223de84dfa587074cc917f125ed93dfe258110bdade9daf7beaef5b140627659449d6a826017db6cbd9ea9b49d8fb66ff532df4110c39 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 635e4386d7c67a46e308a036e4d47705 |
| SHA1 | bc0e2aac797c991c1fd20d40bff13e9ecba2c599 |
| SHA256 | f7a476d1d948c38311bce001027ef4e248d602f23755c9633e19302ccd2b8e72 |
| SHA512 | 0a29cfd983e279462ece1348b1eedd34e1bfa10a20abafec6b1f3d8c7cad0b2c1474b78a92a1fdcf0199bde60f795849113164cb502ee4bc2654d433dd76525b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3a240ee4d3e592066a1b4d935564a4ec |
| SHA1 | c29efac4bd2d3430fd8d0e1a74342b19cf3496a2 |
| SHA256 | 935f7303c5bdcfbbe39fdc806940ee044bbdf2671d5545959d1bd0972fe705e8 |
| SHA512 | 3a06970b280c6898bfa955c52d34627c4bd42380da0ca8623e2483c4244ceab91bbba0c600b14722520be18d7c6962a2e50b235a4bd2588b061e37c79d6d0612 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | daca4a6f33770539af9efd41cfa91018 |
| SHA1 | c53d84c5de3c2b82402550817a37acbb621e713e |
| SHA256 | c2d1e11df9fea0305a1531e2f9984c0083c39a4a8aaa70b2b38b33accdf5990c |
| SHA512 | 90c4f742ca778aa1631c8d410b995f60bc06c65ae00fa1e1647dc14549fb1c5832824f3a00db5914b57d8ab131152db9a2871b1d5830a182a1388fb89022c7d2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9eda82c0f4154d8803451cfab488e0af |
| SHA1 | b4263b141bfcf66c3c37a8132fad113938a23824 |
| SHA256 | faf62c67a17ea4c297d2357b85319a46a0cc1d0e14d2d786fd8cc0b43fab46bc |
| SHA512 | 54c3999c8559bf08ab56d6b930ed80369c81b0ab02e9da924a10b40f9e36b59a99a37727649de64d06d5ac41171a7b9027b0669f99a191c5258aeb86a10e27f0 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 10:20
Reported
2024-06-13 10:22
Platform
win10v2004-20240611-en
Max time kernel
145s
Max time network
143s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a50d8c4ac9ab38076197a756f89fca0c_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8ec6f46f8,0x7ff8ec6f4708,0x7ff8ec6f4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,4040626505547257834,11133297229489346959,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,4040626505547257834,11133297229489346959,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2564 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,4040626505547257834,11133297229489346959,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2668 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4040626505547257834,11133297229489346959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4040626505547257834,11133297229489346959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4040626505547257834,11133297229489346959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4040626505547257834,11133297229489346959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4216 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4040626505547257834,11133297229489346959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,4040626505547257834,11133297229489346959,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3328 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,4040626505547257834,11133297229489346959,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3328 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4040626505547257834,11133297229489346959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4288 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4040626505547257834,11133297229489346959,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4040626505547257834,11133297229489346959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4040626505547257834,11133297229489346959,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,4040626505547257834,11133297229489346959,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2452 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | sanalyum.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| GB | 172.217.16.238:443 | apis.google.com | tcp |
| GB | 142.250.187.234:80 | ajax.googleapis.com | tcp |
| GB | 142.250.178.9:443 | www.blogger.com | tcp |
| GB | 142.250.178.9:443 | www.blogger.com | tcp |
| US | 3.19.116.195:80 | sanalyum.com | tcp |
| US | 3.19.116.195:80 | sanalyum.com | tcp |
| US | 8.8.8.8:53 | xslt.alexa.com | udp |
| US | 8.8.8.8:53 | www.statcounter.com | udp |
| US | 8.8.8.8:53 | www.hugedomains.com | udp |
| US | 104.20.94.138:80 | www.statcounter.com | tcp |
| US | 104.26.6.37:443 | www.hugedomains.com | tcp |
| GB | 142.250.178.9:443 | www.blogger.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| GB | 142.250.180.1:80 | 1.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | 0.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.116.19.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.94.20.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.6.26.104.in-addr.arpa | udp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 172.217.16.238:443 | apis.google.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 142.250.187.194:445 | pagead2.googlesyndication.com | tcp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | c.statcounter.com | udp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 104.20.95.138:443 | c.statcounter.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.95.20.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| GB | 142.250.180.2:139 | pagead2.googlesyndication.com | tcp |
| NL | 23.62.61.99:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 99.61.62.23.in-addr.arpa | udp |
| NL | 23.62.61.99:443 | www.bing.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 1lira.blogspot.de | udp |
| GB | 142.250.200.1:80 | 1lira.blogspot.de | tcp |
| US | 8.8.8.8:53 | 1lira.blogspot.com | udp |
| GB | 142.250.200.1:80 | 1lira.blogspot.com | tcp |
| US | 8.8.8.8:53 | 1.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 52.111.227.11:443 | tcp | |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c39b3aa574c0c938c80eb263bb450311 |
| SHA1 | f4d11275b63f4f906be7a55ec6ca050c62c18c88 |
| SHA256 | 66f8d413a30451055d4b6fa40e007197a4bb93a66a28ca4112967ec417ffab6c |
| SHA512 | eeca2e21cd4d66835beb9812e26344c8695584253af397b06f378536ca797c3906a670ed239631729c96ebb93acfb16327cf58d517e83fb8923881c5fdb6d232 |
\??\pipe\LOCAL\crashpad_4400_GJHLQIHDJBRKDAAX
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | dabfafd78687947a9de64dd5b776d25f |
| SHA1 | 16084c74980dbad713f9d332091985808b436dea |
| SHA256 | c7658f407cbe799282ef202e78319e489ed4e48e23f6d056b505bc0d73e34201 |
| SHA512 | dae1de5245cd9b72117c430250aa2029eb8df1b85dc414ac50152d8eba4d100bcf0320ac18446f865dc96949f8b06a5b9e7a0c84f9c1b0eada318e80f99f9d2b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 59c6e643157ffeeca468979a3020125b |
| SHA1 | 391b15fe39e6608567325780e3dc2813e76364cd |
| SHA256 | cb99a6477c72126de33fb38718973f6dd5a35612bc5e86f11951d91b70185c0d |
| SHA512 | 72d6ef3837861e01860b0f7e95f5e8d590d3f56d7bc4c9d96bc767fc9ca304efa722a4103187bbdf72a85d0a2b5e63028e5a4b07b4d2eb9b0f81fd88eff1c3d5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 72ee05d56e9a4501247df9b69f285fcc |
| SHA1 | d831b42de536636adf512d954381d42099d7a249 |
| SHA256 | 478cc0ed2954b92d1a312373df835e58c548eea8e89baa004448fffe84155cd4 |
| SHA512 | 55030d1cbd0d33fac011135b07e0ddc9492561f55ef179c3adf04d305cbb68d3b88d6b69574d5e2c8c5824cc115e92843aa2d413ba8e42009c6d73d07f3cef63 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 153638487f015922f96c84d8d4fe151f |
| SHA1 | 7d03de77573f6cd10e108a0de6845cd1b784d95d |
| SHA256 | 8a102b222a7d29f048bf891b69504fb3ce1815d2c6de8cc9f53f38632651aaa8 |
| SHA512 | b65e9f6bfa96c3cb2766c069ae52915894dc2886c2876ebbe082c0491b449f8e156ea10574d868490bb13a8fbf1fa277f0f78ae8b6ad84df8c948d9dd5d95cde |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | d590a169d878c4b54280bf025fc45fdc |
| SHA1 | 78a754af0808f9f3afd4d25454f142125b799604 |
| SHA256 | 23adb1a5d76f9d6164c45fcbd459d9477dfaf4fe504a39ed1eb91e6cb5c80d94 |
| SHA512 | 9a9873e95c09319d197e9d8f12edf479e5eef6d9c4b8288332e63f078a57fb020cc37654d009fe875833208907fb264f32d61a25e24b0d2042c2664aeff2aaa8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | b4b0b0081538dce867d40c25b0d2e022 |
| SHA1 | 185ea1ed752cd4d2d417da3971a277738b5df29c |
| SHA256 | 3061b1d558a52a369267c24c74338a84b38a59fad360b56de1a14eeb01fb4785 |
| SHA512 | e702a5b053c353a68dc4a00cc2ec16672d1e79f8ab2514304d7bf4162328962ec2d8836c15210762bab7c126250039db8c2df29500733b5432f4763c3ffaca4f |