Analysis Overview
SHA256
9699ee8c8d450b4933b4eff3e7c3f5f4a172dfa488af0f59e917712c33a9a7d5
Threat Level: No (potentially) malicious behavior was detected
The file a5eca0d84778ab30624850e739112426_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 14:03
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 14:03
Reported
2024-06-13 14:05
Platform
win7-20240611-en
Max time kernel
136s
Max time network
133s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 706153889abdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000000ca9a942d74e68abdc59eecdbe14c723ad76b61f0611197f5d433f9952ed047b000000000e8000000002000020000000e2b2fb33b8d539281aacb74d88293bf6685e138d82bdc1298e26e9b98444bd45900000003138b384912914cc0708bf13822648712debb6f3e9d78b13cfb6d79a3b966f902750acac93d8486013cc13349543bda8e3150eabfc63d57088bc73780c7c70268e9fd0081edfa629f1345be173542ef05c8ba8edc57dd346e9f7b3f50e6e3d3e790bf297c0a14c67064b2947acea2bdcc3c24b5ef4b35f1db12fb08bdac6e32beeac79522453c7f310372226887ae5d5400000002ee556f5b61d9877da403793808408885f6b0108d0b01fa6db0bbaf8d255f1bd9f1bc3a60f6287c47fde6b14a3456cc6454c38fb0966f1ef3ba59c328c817255 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000006785c8b2a25a86a30b5771daf25ae07915b070b98746682ea7c207b2d54e6cb4000000000e8000000002000020000000627a67f617b59bc5c4116e75cc3d4e28df3d2ae83042ab7efe97d3f9ce1cc1f3200000001e9a5511adf2586d6cc53ed422a5e3897215e2e8da96b41d18cf9517388937474000000030f95b1a594d58725337032609fea02b3131f51e4c55c5e10f7537f98528b23ed917cc9d7def91c85db0b6594059ac2049feb62d80dbe96f23a4982727fe288c | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{AFE75E31-298D-11EF-8F1B-D62A3499FE36} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424449269" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2960 wrote to memory of 2036 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2960 wrote to memory of 2036 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2960 wrote to memory of 2036 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2960 wrote to memory of 2036 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a5eca0d84778ab30624850e739112426_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2960 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | huaijiuyouxi.com | udp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_D14B79B440CDC26D7D21C81855E2C04D
| MD5 | 7e47e83645336b031638bfa8840e9e14 |
| SHA1 | 20c0f404cbc490424ce260cb8698b3c0c1a76d25 |
| SHA256 | 63dfd3dfd40b77802819817a4084bbc2b7e8771a39ef9c595bfa6c0f585e5256 |
| SHA512 | ee6eb1f03ce6fafa4459a3b9474e3d17bffcad08ba8781de52174d03d49d7091fe4548d7ab31b4eb419fb887a5ab2f7c1d523086b282555d24171cb9147e3d4d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_D14B79B440CDC26D7D21C81855E2C04D
| MD5 | 7c3ed19515da4e0f2563217a5f4a3d82 |
| SHA1 | 063335e90a309fc1d8dc7c49c07e76b18694fccc |
| SHA256 | a8265f09e8569a9749749b99c50489ad45ee59ec404f7aa39df94fd59e7ff717 |
| SHA512 | 3eea864b1ac7ad685f4ccd9740112446bb36d5e095a1234f23810a4affcf285405388bc2646e8558453a6b0270853e0e05016b3d55a1ddf2941d1e902e4fe813 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3217AAECE20956500C22BDB70A7D005F
| MD5 | 5bfa51f3a417b98e7443eca90fc94703 |
| SHA1 | 8c015d80b8a23f780bdd215dc842b0f5551f63bd |
| SHA256 | bebe2853a3485d1c2e5c5be4249183e0ddaff9f87de71652371700a89d937128 |
| SHA512 | 4cd03686254bb28754cbaa635ae1264723e2be80ce1dd0f78d1ab7aee72232f5b285f79e488e9c5c49ff343015bd07bb8433d6cee08ae3cea8c317303e3ac399 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3217AAECE20956500C22BDB70A7D005F
| MD5 | 9ff7e995ae338a237bddd051088ed573 |
| SHA1 | 8879c8b9a861d52a06634672b0293d72f0429c19 |
| SHA256 | 49d2dd290e2ce219995588d319a5930f1e42593b6dbf8ae41621948a1ca163c0 |
| SHA512 | feb535e2c379457d5c5335b41d55563364cd73bbcd7855fff8595561d6ebd49140bde0acb02804f7e45ab86e997b63cb600ee7cb8c7f56fe0e1e532ad0126653 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3217AAECE20956500C22BDB70A7D005F
| MD5 | 5a2ec0a24be3ff5dc52de525ddd663fb |
| SHA1 | 041f753abe55b8992cca9d92cfd6f4a18b55d358 |
| SHA256 | a3abc5bbd2483b09e78b0658ebb73e7abd8f331a7129576a8076edb3f1875313 |
| SHA512 | d258b1598917ee76b5b92188a0969236d1ed24b71af1a8d3d860b538d9ceefeaa138bc6a7b20520b0d28aa8dcea15cbc109e481484f4e5864e4a8c859c9af3ee |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3217AAECE20956500C22BDB70A7D005F
| MD5 | 1e32af37d20847432bb78c82e3b4bf7a |
| SHA1 | 865fb3d1ea2c08cae0ed70ee6a71519ba4f42f28 |
| SHA256 | 76c138ee59fc69fb7bb0bbc46cd69974e84cf11da8b64ce7e9bd24d6c7b02683 |
| SHA512 | fdd4139abd81dbc860daa60c3000d73d9259fc0d5bba099784717a9c998cc84c2ff9839432c932cfbc93e5fd0c7f3b3f6e0b788264641106d7ec724445830750 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3217AAECE20956500C22BDB70A7D005F
| MD5 | 73b5f52e24481ee9eeef06bf954ae442 |
| SHA1 | 83f57f5e3578db8f3ba475b75aadd95adbd8fe13 |
| SHA256 | 4c26709b636c8e09dc7c65dd39360f6c49b4f6db09bfb368f4877faf05fb53a3 |
| SHA512 | 419a57a7d8662246a84e060693320b21918c295aa3c731e801ffbe4734d7afebab8951d630bfdea9ef26510c9a72c45f301ac820433a744051486cfd329d3631 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3217AAECE20956500C22BDB70A7D005F
| MD5 | ea7ece76206de12bf9fc7a5469fe5acf |
| SHA1 | af10e9e77c33507972e95075322b0d8bde13b0f0 |
| SHA256 | a16640d9acf7a31b9af6cefb0e6603019151f5fe43129dbe39fbed3d70fd2bae |
| SHA512 | 49d0efe02be874085cfb4675087bd61b71c79cc7b3911cbc77b186a2d2ca4db6b36ff5513de36c765a67c9d95d1a2667d5dea8317c89389eae0befc714336a2c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3217AAECE20956500C22BDB70A7D005F
| MD5 | 931f605face617eb825d9753a14841de |
| SHA1 | 7f37c50617fd914bec0905547f8f6d24721ee5c3 |
| SHA256 | 319480bec70da64725792d11801b0dcaad1550d2aaa8a52e676505fede348be8 |
| SHA512 | e7b9103b9ed3e377aba3cd145c13cdda51d9cfd8346dca03480d2097866063bd9e76b3d26e5fd2b0c9a0ffb0032a67a1175bd1dd402b384144ca3c2d118e4c80 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3217AAECE20956500C22BDB70A7D005F
| MD5 | 722aef846dcc10dc80d6a105f69cfd4e |
| SHA1 | d092eb6f9b77b40edfdfb4f878167e750d10682e |
| SHA256 | 6fb2865f80ef96243539375342a119a5be09d1530dadd670a16912f257e7a720 |
| SHA512 | dbc24306d2c2c777ccc45f4b321c819695ab819fd194e5396f18e50fe27e4b8489fe713d12660043d6e59875a3ce5c2ed9736059b16fc65ecff8fd0448a2110e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 00c19b7cc62ba2f26a9ded7e05f8f999 |
| SHA1 | 91e6c91141468e9ec11ed40e2616183db02c2dcd |
| SHA256 | 436fdf2ac9631a9df9307e8a8e89c9ae65fc2296ab26859b58d38b02d7c0a25f |
| SHA512 | 6fa5731ead480bd9de7dd82623550a08f1871cebc679538f2bd4e12ddc7ba0a240283e5388433f40b13c6c1a0f1ebc10a1e4760b8ffd8803b712c835a21d2adc |
C:\Users\Admin\AppData\Local\Temp\Cab9E43.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar9E65.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b8e5a9863b5c0166687b6d924bf52b8c |
| SHA1 | 8250c5f5fbe57cf2e976c25ba4a751edf3b762e1 |
| SHA256 | 3f3db4392cf041f976df37ede447e30ea28948e1a5870138d5448e528a59e3c4 |
| SHA512 | dbff1da114344a71a6db78d4d364e228f883efe6a24027b10f4556dcd733a68cf46085d0ce154f10c233b6f3abd2f488d824cfacf34dc686d04e697e4b965748 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 608a9f62e21d5c86c57e346485d8a93d |
| SHA1 | dc2f4dc9352ac935375c68ddf2a0eab6e480f4c6 |
| SHA256 | a8c50e185c7541785075dff39388ac5c418cc07a5968ac8379981858ea611ec1 |
| SHA512 | 7f969a2947420f95b3a8363f91f60b1cf7f6cd18392ad6450f514343ee09d8b183b82502329fbc6e8013f95e6e3b82790e5dfd213948f7fb9c471193dba26685 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | edbf2e32c9192d3a95e71ef644461c09 |
| SHA1 | da3128e5ac9b05d590880c267f4a17096e9cd053 |
| SHA256 | e895d27f0eba8aa96ffcfeb3f8039ee710464750089bc737ad95f1cd9afde416 |
| SHA512 | fa7519a08cc547afb132db15e5f788f0aac6326575cbd27d8c5b56be77c2525d8b96c7107975a21fd6595a67ea396324b9cea1c134667f0980797ae7e1575603 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6bd45826500ccac348f57538a6590f38 |
| SHA1 | b040c4f9bbd8aff9f3493370875d930a9f1cb6eb |
| SHA256 | 453fcdab89e1ad03b1f197b6ac6d6113d3e20556963db3a9f48a1a710725b708 |
| SHA512 | dd5930d5dd86f5242d4cc8dbd263d85af4d8458cca7bf9b335395dd22b3546cab857c64dc5bf8048b3d8e90dd9fd66cc77279987667e5a15bf41214523cbb4b1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3176080ca5ebbcab0b89316d676c79d9 |
| SHA1 | ad3821356f3c3dfdb91982c6881fa03f638e4be6 |
| SHA256 | 51431cc56e91d92697d33a4291ff92c3798ee2c2c28e75a1ac385c5c64eebf46 |
| SHA512 | 83a6c325c1943ddf7c2dd5fbddf17e11c2c799325b68aabddfb8cd4f9fb7f6c4411251f5c16ed34e6841d208903f130dd439c5cd53d935591c95290ca19442fa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2cc205d0d8b097df5b7d2be853665cf3 |
| SHA1 | 20dbc0e7afd3752dcb14a8b6eba7d026770909bf |
| SHA256 | bd7ad3caa82f39148cc5636f8bd621bfc5e30873ed6d7362e379525b22737791 |
| SHA512 | 7d611c370cf235517fbbf50cb7ea284bbbf8c7271de868c1a7bb7f20291b1be65e7a75f20a64370382a977d597db0e75897ed8abcd6c79ebba88ff49b4c02501 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d4d631b8f1e685d6d41f357d2647cce1 |
| SHA1 | 1f05f0169958686c5f8e310a76cb65b44fcf29d0 |
| SHA256 | 99e93a6e4fd0e2a7dc96e872e684ecaa81a4230a79a40b7e6d617340b0b85e6c |
| SHA512 | 23d4a87fc9bc642e2b80d51eb9174eabd00ab02f9551abaf037dba42821c6a023691d0c9bde8bd2c7e045f950552fa0974aae0cf7e9c81e4b293ef21aa971ea2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 89806e39b15184b2bee1afee88d68402 |
| SHA1 | 68a4e6b611af197f799458891daf6b9e47abb0b9 |
| SHA256 | 56e44cf23e73c6ddcd51f33b437d9b31dc2db5ae93fc239c40a07f2bc2db0c8b |
| SHA512 | 61f0ff81d019bcdb7debc2cb19ee49fa3b5bbb8342fb1b4093b25dfa84f2a6391805a639ff33c916c603b40429b438302d7b7021d4864c2c642373b07d727c49 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | da02f13b5b74a652e43156d35cebeb45 |
| SHA1 | de7dc4e1c5fb7ad0c99e8fd8ce171e6a5f90050e |
| SHA256 | 92c82b33d53e7fffdfe8d0e24feae44f9731dc47b81fe0f0a95080eb7c116593 |
| SHA512 | d0bf0fa6e66484c4c9fb33c5308be64d99bc288cfd07a042c3843a10b670eb5414fb204197cfaa3be8fcec7a76e67d382e1b0d5db39c6bf8ba68d51d772ef31f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 927a8c4241c0decca62fec16234d3ed9 |
| SHA1 | 4e03cbf93b63da253c8f80f8e4a6dd8976b1716a |
| SHA256 | 5bd0aa5352caab5530b6b975d8125bffefea18131091478e8c14303e3479e3ac |
| SHA512 | 615de172a85fdbe936770766799f4de444202009c8350c818ce5c77304bb086feea8675298db08f8c13595b369bf613452776cd23d6c3733ab80cf3c870014ef |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 54c0eb43017c0c02f8d828b7314344ef |
| SHA1 | 77472dccfdae4fb4bbe29af1b9091a0abed7aadc |
| SHA256 | df2407c6052bb9ab8f62c40c507730d79068eabdf57794a82336457a66bf7f2b |
| SHA512 | cd17253e44024d1fdd69d78e22553913b96fbe69f951b8a1d8dfd1faf54acab48c2782d6950e4180d078f52121bf2304520bddd64c94a3a4344a50f1ea1a6642 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e473e175f02ca0c0ee9f268a82fd026c |
| SHA1 | cf21a5fa760c9f67a318f097cdadcbce41b1b863 |
| SHA256 | 8f5846d1c8b063795ec89ddd2cea5ae166f87beeacae6c48633d367ddb896a56 |
| SHA512 | 697637b72b62eb61ea62b989e7c6e74ce4dde973866972848cc12292d32fffa88ec77940fd7359398fa8e59b6eded8739e3e388a8b1c1462a26fa8dad460e12c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 72f53c7bcf0cfe7a203ba1c5d6957901 |
| SHA1 | 9785588d3ff6fb1f041c9708cef9e97e7564342e |
| SHA256 | 8161889b1d4b36427595dbaa96a1e0bd35584834709a37f4d265cdd740d6ac9d |
| SHA512 | e0be1fe6341874a8a8213f31d09b7d694b1d2b40777740f2bc38d2e8ed6bce1450649496b2de6e683b7875b16fc46e1821d5bf802b67dd4c0b2a0a35d37a4e0a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f2f8e86552aeaf9f86bec39f50ff64bc |
| SHA1 | 9c41a1e2dd6a75f0e91904c4a8664a3bac7528a1 |
| SHA256 | bc037a0862f27f88ceac9a0e69a7da9ed63b2499c89a602f77f1ffae06be8ef0 |
| SHA512 | 6fdb3c585bf96c7ef67f226ae8eae6d5814f159c5d6055d0ca5761bb40a60ed38e5584df7e68ce2a025adde51b9609c969b155c9eff85e6b733158bad1df0db4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | eb205dcc755af42011fcaa5d14842fde |
| SHA1 | 921c66b64e247d8a678a6ec9efa5a4d135c7d958 |
| SHA256 | fed213259cb0cc548d8a9dcbcd7358e33f4ce730e73e8bd4e43f6215da16af3e |
| SHA512 | 3af1f306804e3eadd5152dc3afe8bf8c3dd17b84ec5f4212870f1d34f447a749d6934c990c33ffd39ffa682636103a513393638f9073908716609c1a75a153b0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ec06e82d980fbfc5276604aabe201eb8 |
| SHA1 | 598e5047efeb31077987cfe7aece16c8e1be4d7b |
| SHA256 | 77897bfba2459dfd21947d86d66accf310be0f0378db92bb4dd3b732ca81d928 |
| SHA512 | 1bab482c84cfb6dfb04cfe71fd2d254e38cc096e37d824f8eaeac1c1024c3d1c6046a69e55c1b3b2e0aa8ff169968b5ea5f446e53af66de01dad29aafc6534ae |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 63fd3d6aa394dfc73ee952ceb6b7e59b |
| SHA1 | fa44c760b7e5dcdf4786b9c86c83afb69589a667 |
| SHA256 | 0dd222f88337109b873ae1c5775d21c8d4ce31b55d68c0598d49523a37e928b6 |
| SHA512 | 802b94157be12e110600947eecacc4436fdcc07fe14c1e65298ddb86824849c4ddcae97e195686a3154a8ecb82c8ee3cfa19c81ceca145876ca42a5071141548 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 14d7028b471a1af98b983f889ae77c8d |
| SHA1 | b3f375d9d4d6c108b386ebb4254240b34b1ef068 |
| SHA256 | 5f58a319fc5115dbc2e15d4fa8a3defb2b85339762893b15c3851ad853cea1fd |
| SHA512 | 75e93a704ed3c8d8535ced84d2e167083c66014c1589e966174936313ba94021d7a710aa505a01b55d239dc8ef2f2fab1d8195d27fa10d22183f410985b80d6e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bf73d7214923041e97abdda528ad63b6 |
| SHA1 | 72b7210a1152d0ca9d4f002af5c27287b8c3f101 |
| SHA256 | b734c1f43937810cc2d84f3a2d66420fc9711c7bc66145350bde3d1c12117a82 |
| SHA512 | 7b63725f9a46fd411e2beececf2b43d6af1b12f26409a53bd40db952c4749bc721f26f7a52c2328ec4248a1ba35f9515787adda5870a6c2886302cda90b41f25 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4ea361de4eaf5169751e6bbd92ebf5f6 |
| SHA1 | a1203cdacc5ddca8d50c3237fb22e442c3e7dd59 |
| SHA256 | 347755ac299a84de9d656083f13f08f808c95869422b5da8ce241ada8b7dcab1 |
| SHA512 | 6bfb776aba46c56becbb51e901a93bced836d922af77dbba136b16c55d420c18b5f41151078d7d1dd21a55ba0d819c52e49deefd7be999af1a16130bb1dc2072 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 09d916e8e6e410050311c321997d3c54 |
| SHA1 | f6ae6c0cde2ceda4c4c5a2aeb82ac998c48ccd86 |
| SHA256 | 1db7206f80db9704847ef74ed8de937000bb99cea97a8994b46ff0c2b73b91c8 |
| SHA512 | 24544c96bd03148fe38c5d3364bb2247211478f6540171b6bae63e6d4ec34b45b320ec9d5cba9dd3b9b1a5c364599a7a15777b0ad144f43d6c1e4f0148f464f9 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 14:03
Reported
2024-06-13 14:05
Platform
win10v2004-20240611-en
Max time kernel
145s
Max time network
131s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a5eca0d84778ab30624850e739112426_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc0d7546f8,0x7ffc0d754708,0x7ffc0d754718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,14680884315372090938,9253691016289231511,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2024 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2008,14680884315372090938,9253691016289231511,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2008,14680884315372090938,9253691016289231511,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2920 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,14680884315372090938,9253691016289231511,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,14680884315372090938,9253691016289231511,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,14680884315372090938,9253691016289231511,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,14680884315372090938,9253691016289231511,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2008,14680884315372090938,9253691016289231511,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5588 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2008,14680884315372090938,9253691016289231511,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5588 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,14680884315372090938,9253691016289231511,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,14680884315372090938,9253691016289231511,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,14680884315372090938,9253691016289231511,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | huaijiuyouxi.com | udp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| NL | 23.62.61.88:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 231.170.75.47.in-addr.arpa | udp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| US | 8.8.8.8:53 | 88.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| HK | 47.75.170.231:443 | huaijiuyouxi.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b704c9ca0493bd4548ac9c69dc4a4f27 |
| SHA1 | a3e5e54e630dabe55ca18a798d9f5681e0620ba7 |
| SHA256 | 2ebd5229b9dc642afba36a27c7ac12d90196b1c50985c37e94f4c17474e15411 |
| SHA512 | 69c8116fb542b344a8c55e2658078bd3e0d3564b1e4c889b072dbc99d2b070dacbc4394dedbc22a4968a8cf9448e71f69ec71ded018c1bacc0e195b3b3072d32 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 477462b6ad8eaaf8d38f5e3a4daf17b0 |
| SHA1 | 86174e670c44767c08a39cc2a53c09c318326201 |
| SHA256 | e6bbd4933b9baa1df4bb633319174de07db176ec215e71c8568d27c5c577184d |
| SHA512 | a0acc2ef7fd0fcf413572eeb94d1e38aa6a682195cc03d6eaaaa0bc9e5f4b2c0033da0b835f4617aebc52069d0a10b52fc31ed53c2fe7943a480b55b7481dd4e |
\??\pipe\LOCAL\crashpad_1180_NZVRXGTKJSZEYDUD
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ef2a95c0599777aef4533aa333ffe043 |
| SHA1 | 575eb550adf0151813ebdff81b423a89adaf0952 |
| SHA256 | 671d52a698efcfeb81aadad0f64aeb6df39e4134c3c3461fd0cf07ebcc2ef727 |
| SHA512 | b235912c81966ecdc5435c1aeea298b29194885c8691faad64e521b9d36e49fd67c7fcd5fd356111ddcd117fd4a726b9adc155f0c0eae3bf24ed10868f3187d3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | d1b36d9e36d18a567acf894e8d5fcba1 |
| SHA1 | 05b12db03426d6af28e47f2e60f5db8357a489f3 |
| SHA256 | 06cd636fdb7cbeb27322b6d24d2a509c9e87ceb7f69d30e464f67f17e8827f4d |
| SHA512 | d841b1a906f982da74af896c1ef6890bcd66bdb8bc1fb626969dc7b4def7788588d658d23fe06c746f833e3d75dff0ac4ddedb3bf2431925f735bb79ce336367 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 52bf41f26c911ad4feebd97a2728eaa4 |
| SHA1 | 1fa7957a23780da35ea9b3aee056c6a82b418537 |
| SHA256 | c828fd9c0610cfa38af34ace6172190420e767fcb7a9206c4fc4b2a009b752aa |
| SHA512 | 7e46e53df7ac64d66cd7c4697182f756cdf3c1ac71f280df318eb705f777f7aee218e60a47c0c3f2f5f12692451bc502a4a3ecad1793f8b8d58e3a332eb52350 |