Analysis Overview
SHA256
8d8190a1ee48a438245598225ef7c53c961b0436f47c151a7a2580098f08d288
Threat Level: No (potentially) malicious behavior was detected
The file a771f48f14529ec681d15c58ad797002_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-14 01:02
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-14 01:02
Reported
2024-06-14 01:05
Platform
win7-20231129-en
Max time kernel
130s
Max time network
145s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D40B2651-29E9-11EF-A140-5ABF6C2465D5} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424488845" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1632 wrote to memory of 2852 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1632 wrote to memory of 2852 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1632 wrote to memory of 2852 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1632 wrote to memory of 2852 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a771f48f14529ec681d15c58ad797002_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1632 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | platform.linkedin.com | udp |
| US | 8.8.8.8:53 | www.elucere.ro | udp |
| US | 8.8.8.8:53 | 1.gravatar.com | udp |
| US | 8.8.8.8:53 | assets.pinterest.com | udp |
| GB | 216.58.204.74:80 | fonts.googleapis.com | tcp |
| GB | 216.58.204.74:80 | fonts.googleapis.com | tcp |
| US | 151.101.188.84:80 | assets.pinterest.com | tcp |
| US | 192.0.73.2:80 | 1.gravatar.com | tcp |
| US | 151.101.188.84:80 | assets.pinterest.com | tcp |
| US | 192.0.73.2:80 | 1.gravatar.com | tcp |
| US | 192.0.73.2:443 | 1.gravatar.com | tcp |
| US | 152.199.22.144:80 | platform.linkedin.com | tcp |
| US | 152.199.22.144:80 | platform.linkedin.com | tcp |
| US | 8.8.8.8:53 | crl.comodoca.com | udp |
| US | 172.64.149.23:80 | crl.comodoca.com | tcp |
| US | 8.8.8.8:53 | crl.usertrust.com | udp |
| US | 172.64.149.23:80 | crl.usertrust.com | tcp |
| US | 172.64.149.23:80 | crl.usertrust.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | platform.stumbleupon.com | udp |
| US | 151.101.188.84:443 | assets.pinterest.com | tcp |
| US | 151.101.188.84:443 | assets.pinterest.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 151.101.188.84:443 | assets.pinterest.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| GB | 216.58.201.110:80 | developers.google.com | tcp |
| GB | 216.58.201.110:80 | developers.google.com | tcp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 216.58.213.3:443 | ssl.gstatic.com | tcp |
| GB | 216.58.213.3:443 | ssl.gstatic.com | tcp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| NL | 23.62.61.97:80 | www.bing.com | tcp |
| NL | 23.62.61.97:80 | www.bing.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 535d597a42f150015a14b84063d8a097 |
| SHA1 | cb2089256ef18bca20b5e92d4674a8af4fbca255 |
| SHA256 | c253c2a034606e7d6dc268ded872e5b32fd9bf2b28d493704c9bfc0557055086 |
| SHA512 | bef57a9c8e953bc8078c688073175cf1355169c002c604a4e21857123567ca38aa3835053a2840fe33ce3c62ceb3314a3d14ac0bea00a752932efe8c7a9a0ed2 |
C:\Users\Admin\AppData\Local\Temp\Cab23D6.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar24A5.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7b07230a87be95bd8cd4b8a496713880 |
| SHA1 | 833a5b0357814fca478926568653186566efcda7 |
| SHA256 | bfca157608c2b63bacb6a67b4b310b39b2f04b41c20f5c0ed815b0c9082cf7fb |
| SHA512 | 7c42d48e02fa1ef67008c7d18d8798bebd662b304ec7ef68effbdcbcbf7712f738dc2b7306a107b675dba31196212f1192600b8a31a94be6bea12248d11f1b61 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | fe626db989f158b0698d26dcb611d163 |
| SHA1 | eca7ecd062bd0d6241f536ad299e888db7e49443 |
| SHA256 | ac033a2648430db027fde15a6a1a71fa7cf350965a7394f71307610710cf9864 |
| SHA512 | 7b9eecf58db73e43abf64b44a60443693d5a36a32cf0652a58d4ca6d736f425f4adf7df975dd452b1d46a3bf1fe994496f9d3b0fdabf06774914f0a1ca5a6681 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9a0d7b364967bf9f5b77b7a915c38cb6 |
| SHA1 | 4ecd25dac47dc55b9c814062f5f7d52f0f9730c9 |
| SHA256 | eb6ae2ffb0549a54c82bd41e408ce0fc5d203506d60b650a5c04b2935056f599 |
| SHA512 | 9ec6a7b105427e78171cc0830879251c9120c9cf66322bd75e51ce112330910c707c1c2469aed9296c52bcfceed8f47e172ab24000528c54e0e4f8b15c4b4402 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1e64c930f307500edcd196c7964e302b |
| SHA1 | 67b4e8420bb6c842af75552a4da571382f630218 |
| SHA256 | f52592065128d4d17d5c88c0dca00c197ffbaa46f54a0fea4f74cdd6028c1e18 |
| SHA512 | cf3e5fb71504b0e6da316014751fb05e4d3d4ff0d6916869fa2eba5d135268f51d4758cd50edab2c48a25e561eb833e50d49732c6763b5ed0202f6e6cd4b9355 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ac355f5a0dc683d569ca8eee7dbdc0f9 |
| SHA1 | 090c7ec3f354eb4b5a7223a5788ca44464489e87 |
| SHA256 | aa272bfe772d8ccfb1e5eaaaa4827b6d00b86f92d0d0b805fa882ab3f5889190 |
| SHA512 | a778e0c1381ac8d1822d74ebadba1de0261f8d95ae5948c3177bb7150c1f5b9abf2395cc30dd5e70faa95e8f00e32d458fba66ddbd3cba298578a11b43471890 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2186d1dde52890f6010f21642e576d9b |
| SHA1 | c985838187faaffd502c997e98b4bbb6ab1ac8af |
| SHA256 | 5912915aa69e4d20522039b4652770edaf20deaad28811c3c7b720d3767e9df3 |
| SHA512 | 1172ffb460b42ae22cc80e079d34914f1ca2b22a7a319bc8d00eeeaeb7a4313bcdf91dd2a6a6f7562d95ab94c3aeb5e4afe96eff97e3113001accd47b7fd0d9c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cd957f021709fa7e4a31eeae5203cc83 |
| SHA1 | 6abf4ac764e3277873de57c904e12c1c239e6602 |
| SHA256 | 34185c1a3fc9fb438439f2c9d1c92c19ea1baaadead45f5c3e47e93b78112d7e |
| SHA512 | ada693df36a2a2b304591b314aa6726ea1586e4b4bcedada323b76dc72e7d04a5137284ac7690bf684f17ebe3477845ebdaeff88ea93dc6a0d0dc2dc6811176c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1da3d590157f3b31a8f86c89514f54fb |
| SHA1 | 4513304b8a609283fa88a864b3817774dc83b06f |
| SHA256 | 7e574d99df143280844a01e503342a96ac84b986af8856f03c1322dcc3fcbf65 |
| SHA512 | 6fb03363117494d3875b02f246dbd5d52dd65dd31b750830d9bb203204666f57589dbb892b81db418867d1ee2e2b4e593bef53d4ee387562f9e234b6aca606a4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 32ba211755721f36dc509bc0683406dd |
| SHA1 | 38fb3203020b32b244b69d152bfd7e4224dd4090 |
| SHA256 | b60ccab34d76a5be47b915bc958500c364f8135dcf6d24d44b76905cdd0e1e50 |
| SHA512 | 9a55531759a837a1c3574ffa1d01c5ce0844d689fdfde79b1c90632714f9b15e4361de0cf15665779916bdbec900d93b25b3c7469fb3ca299e73833ebed74937 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 75db2bb8655576c6680e2589ed05c9ed |
| SHA1 | b91ea3751c3c49090ec571deca32992a344598d3 |
| SHA256 | 49a0004cd1891e788933135a86e0921d83a19d2a08aeec71da1305a80f6598d9 |
| SHA512 | ed7dcee9ee6edbf46158a03c7132ec4f67f2e2187c18d1b62b6b24b7ad1742c56f3f8ee65894fb518222476cf85d45f4798439e2b048e3b31a70e25cb3b6a944 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 32e24a1895ab48e0f4f6f2f4fa02d23a |
| SHA1 | 8593d16b6620f0e73f2a2f7fa9ef23148025dbc1 |
| SHA256 | 12ca60d1f006288c4046674c531f90ee47ade38752498214ea09842f82b04ce3 |
| SHA512 | aed9444f8dea3949ead70fd1f80d250fe594e7a175529529e2a513e24e2dea9bdd780ed2ecee24402f55b2de8b29c554b913af0928ab20c9be0c8eec44875993 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 801a7829b0d0ef43d6a5a96fd3ba2e2a |
| SHA1 | a638fec5532998509c26bf72b9d29d626b7bfecd |
| SHA256 | b123fcac9abdadcfe4c9f67e74c92d3215b390cd35a9a3f83052c2c8ae5f1a23 |
| SHA512 | e5181d32020afb59f14ee1eb38f154aefb83e352f338d73d0196bdced2be83fac57e933ab9f8272adafad8c704a37fcaaec84178f1381b90defadca023df9ea4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 36f155e09877d7b5e665245cafbbbc25 |
| SHA1 | 0c816c90e3f934496402f9bbf0977bf6a5960a5b |
| SHA256 | 24642d2c13835f306baa82975adb638a6e78a7e992da77842e375708cd68f095 |
| SHA512 | 9333dc1a7dd2ad7cc4b1cbfd550a5572b6e274dbe3ed6d77e90d2d66143e78ab9d2156863226ad2779d396915da3b52f472e37a7791852dda8f5baeb0a4fe789 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a9318ea87325b2c1209a39316a3a10a5 |
| SHA1 | 39aaad8f33eb419b5acd10ebde451f333edf3c1d |
| SHA256 | 8b0234777deda00140976d9fc7f88bf7f11118fb4d5ab341dff22f7a1f9eb285 |
| SHA512 | 72032bfdab31bf70259d71a3dcee031368cb889e9bc13b6d83cfcdc0de98b2787d88ecb68d064bd86184091c4366d7cd4b061b563bef77254b9a0125b8083265 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 78d01d87dfd7f2db17f2c68ae0b0dfc0 |
| SHA1 | 68a1325326cf8b9c0cd4a9ec5a4cf2d0acfcc7d5 |
| SHA256 | fd5b57a3c7e213294f6db0f24affa869d93abdd372d3f2cbb24767411f94bf28 |
| SHA512 | af3c0e8026f87ed7749432409e16ea1e2906b000ce4513b09b16ae527ae5772a446325abc32b8a5785812601260436c5ba44a62a6678f0c485df7c7745461a71 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 48963b780db103a639cc6a5f124daff0 |
| SHA1 | 446a0e333632df647b29539e38ae688b7d833ec7 |
| SHA256 | 756105059ce18af20b654011e3cfbbd8f39f707954c35d6e255ea7d85421793d |
| SHA512 | 64c31c39cfe190f18228b3e6939eb5f063728eb818fb16f9eca2060aa9e3987fc43380cc3314e8030af2837d1230c9705ea5bcf746db4d37871e601b65aa9c6c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 10900a08559eb58437d744f6790fb46f |
| SHA1 | 89dce5a98259fe339108580e882444c8655b5cc4 |
| SHA256 | d32d6440479e2b18c88cb336ac0eaea8c44d05db7b217f996d73fc1282cfdf13 |
| SHA512 | c55b565c8969619b7f919159b54f36a6843d3fb78813d0178152f71a973ce7fb6bad67fabd83fc7133cee407d4731cbff91d39a73698ebb43183735c044a643b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6ad9224eaa374b368d12f88436b35ad6 |
| SHA1 | 31c7ddf6aed692eb4e5667e078b70190fdaaf3a0 |
| SHA256 | 1b2f316515e7db991e62e5beb7f569981554e9dca6137ccda6a170927bbcef86 |
| SHA512 | 697151ab6add73a9c3c84b2f6a3bc5a26d3b5df8f9456c235ca852c475e74b7c76919e3b60370e4cb33eacc960d591a497e04cdde5cbd10ccebc94420a94cbc2 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MKQL7A4Z\cb=gapi[1].js
| MD5 | 0fe383a7ddb9bbaefc3105b3297f5583 |
| SHA1 | f80c9d789f251909c7560bd91a9e1b9a10c26362 |
| SHA256 | d7ad4aad4e48174c30ef21fc32c9380659d2c99a5c39680e10ed9752139d8683 |
| SHA512 | 31de1f59377bc76e5d602d02273867ce750bbbccb7edc8f2803c0188002ecae6752ac3ec31c2108e64b0d871b01e6a8a06711969dc68bd9823303def0e7c1ee4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f9d780cc57dbb94e5d93e947b992c7cd |
| SHA1 | 58897043c32721ea55fb0b270237721149211027 |
| SHA256 | 2f61e90faa4f9ee14974937fc79eb758ca23ea7eb13ebfe7c11443105e3512f8 |
| SHA512 | d44a8fb6a13406bd720942ee77584a3d3b20c6dedea92ba78175a3800e375247a7e7a08f6225a729596e171c317ec9ec3b36a30cc1b6b91f65f3d17063a21bc9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9b1a225cbbec7a7fd2f88298a268c337 |
| SHA1 | 3637760266e4eb69c7d340232f50363e52d54374 |
| SHA256 | 89536e0efd39e326aa43cc2a35011dc32d476e011a2386ccd15fea3160069787 |
| SHA512 | 75aa482a6f44b740b5f7834c76bd3cf3d16ad7aaa746d01b538ee146456ba068d1d68cf8c6c552f1c619fba445bc3564ed5a0672d43acf2db6877713ca28add2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7075473f78ce7bdd3c7fdd0dd60c603d |
| SHA1 | 346a4e651a00c9cfa8390f20e258f7692f66d801 |
| SHA256 | 09f836a47745de40115937afa6c020a00c3697e5dc1560c0d9e3daf821e3c2b3 |
| SHA512 | 26c3aa3ac87a0097dfa7737328f13a2ea23e230bd6ffe1b3066d5e404fdba9222dea07ced793beba56d62fd03987210f12a743977cc31727eb40138bbfac6aba |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a342f902d9f0151be289bfc0eee0b83c |
| SHA1 | ebf62cd5cbc4aa0ec1120f396f1931ceed080b2a |
| SHA256 | 55b411a489dedb1ddbbe1ac73eb7055c2286207bc5ab480d94183325dcced339 |
| SHA512 | 6b52335c08c9d8955729726216612cb8a2fbea0f2c9b5975b65dd2767e9b8aa9afabf62f06a9499878aafe479a50df7f06789f692b8f0abd72eed23c90c1eee5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 843f549f23abf967f60b47f1e41e8e25 |
| SHA1 | f04e27d30216ce1d9061e11d808feaf3f107bc4c |
| SHA256 | 8b73b486c9e2c0ca23b62c77fe95d02923b434699be8d8fccd5f26813d06dea8 |
| SHA512 | 65fd1f26143545d90be1380e88b8f336f96fbf8be88cef2e7a0ddce01155423ba4519d6bba41fc725030bd4b9d1c351c38a4482dd153ff7da73824b32cc758d2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7f9a26aecd578643611a05cad059e92f |
| SHA1 | 7d689626bbc339ac3e30a84bf0dfcb501d195c34 |
| SHA256 | 319a09c28f457919f34939246c75400b97fd4699241b86342c3f5ef261e06469 |
| SHA512 | 500196d5e3067ec4a6f0246036090401dc3755954dc97f7eb73d62f1dce00c6143a7b6b2b4b638e23d08ced00ea97ec27fd9ff6f21b40b2791abf7d4b3327bf4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d419d3c11d689e8afa1ca18c58fa57c8 |
| SHA1 | e5f8c949071ff69d9f71c2042bc0b39c0fcd84fd |
| SHA256 | 83cd60434996a4b694407ce603d17fd6ff1086580f9ad775183419d5b0e7b74c |
| SHA512 | cdb576f2507fa492c2063b820aea3888b559356dd74afcf935ecf7c25f506cd73898183be49f1354f2784b8fc53e77720e0bd72c5a9c51288528899acba2e289 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9593bf963fd600a319a04378839ee28f |
| SHA1 | 8a97cee5499fbf99de6731de979b14177d1c5a47 |
| SHA256 | 63640545a6b3bd2df32cf4e06e3ba513911b9ba0107ca419a202677929b0c5db |
| SHA512 | ad140947b14bb8844e2f5fd6520d74b17a6230635d8ed4b4f7ff71bec451d874a764dba1966f3506d3ea64e5cf534fdf2ffc705f2fb81ebff02df51cd0657aff |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 30a4fb91c5741ec8b60881ed27420b37 |
| SHA1 | 268a1eddde56fd00163020743dc475b1b4f70d78 |
| SHA256 | e02623b01c2af14aa1a470c9ad956243c1993350f7272586ab15fc50abebcc4e |
| SHA512 | c67ea32be8d9caf977857a3c10c796bfaf3a47e6c2772125bb6d4b0d6f6b2ccaacaecf97f7404d0cfa71b78c622d950359291d3d407eec4a624e3d0b067673df |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4f1d3e5ab130ee32b622989962e7cae7 |
| SHA1 | 98ecc3412376db42d22a2b658a80b8b579a1f26c |
| SHA256 | d3b1fd5fc9bcb867cc60dad4242caec9d357c5d51ab0c23ac0351a1bc5973081 |
| SHA512 | ff742b0c9667bb792a615cdc7a13447c67d38cc77f453e85b4f58b8b322530a7333ddf80ed05571b145ca6f71efa6f77b9e40aadbff7a082c4dff22a24164f94 |
C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
| MD5 | da597791be3b6e732f0bc8b20e38ee62 |
| SHA1 | 1125c45d285c360542027d7554a5c442288974de |
| SHA256 | 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07 |
| SHA512 | d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-14 01:02
Reported
2024-06-14 01:05
Platform
win10v2004-20240508-en
Max time kernel
147s
Max time network
150s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a771f48f14529ec681d15c58ad797002_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd4dd946f8,0x7ffd4dd94708,0x7ffd4dd94718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,9965367527261316815,18155162534831602925,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,9965367527261316815,18155162534831602925,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2176,9965367527261316815,18155162534831602925,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9965367527261316815,18155162534831602925,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9965367527261316815,18155162534831602925,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,9965367527261316815,18155162534831602925,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4984 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,9965367527261316815,18155162534831602925,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4984 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9965367527261316815,18155162534831602925,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9965367527261316815,18155162534831602925,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4644 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9965367527261316815,18155162534831602925,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4576 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9965367527261316815,18155162534831602925,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4256 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,9965367527261316815,18155162534831602925,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2952 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | s.w.org | udp |
| US | 8.8.8.8:53 | www.elucere.ro | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | www.elucere.ro | udp |
| US | 8.8.8.8:53 | platform.linkedin.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | eaa3db555ab5bc0cb364826204aad3f0 |
| SHA1 | a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca |
| SHA256 | ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b |
| SHA512 | e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4 |
\??\pipe\LOCAL\crashpad_3692_LVGBCNXZLBZIRKVL
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4b4f91fa1b362ba5341ecb2836438dea |
| SHA1 | 9561f5aabed742404d455da735259a2c6781fa07 |
| SHA256 | d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c |
| SHA512 | fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | df42e14c151b82dec3cd49cc5b4fbc5b |
| SHA1 | 0dc2bf3041fdc79f58d95a292196f2f325311309 |
| SHA256 | 49bdba0aa92f76883f85960a10208fb21c7b4c184ebb7ea692ec01505dc578fa |
| SHA512 | b1e0f39fe2a2c05f7e66edde436e493bc0f943520d8df9f92c95d366063e2f430a71f2548dd4e869b9d743eb4f7a3a61433dc89902dd2e422f1db83c7c2671ab |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | a67655f7e4da03e97e743fbb4a6a0695 |
| SHA1 | e941c1a34de76b1c8a139cbc2421508bb3517739 |
| SHA256 | b4407f7d6a387fccb38ac243216c9eedf8de5d9ddc38bfae5060c368bad02afa |
| SHA512 | 47479565b6f9a676e609ac610c9cfb408d3f623b23c1653a51ddd453e15f404cae0243c36ca9c57926d0bfb807703b702f55645f37047ad7d959974945babdaa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a515d6a819fa02a86c09880b7e221277 |
| SHA1 | 06b24794af19339265bac5a970ebd632b2b4ba44 |
| SHA256 | dc2f9598a30c5ebe2d94a6feb461c1aa669044a57b9cee5bb152556420fd0cbd |
| SHA512 | 2df4e8a003d65ca6fdc1c4a1400ef2efae8705edfb8ed4b7504f09c2aac1a93d1861af319138fb425d084417cbfe0bd38027fcf78d40aef5f60e467dde2df1b5 |