Analysis Overview
SHA256
933b1445beb1025aabe839e89f746d9e066db4b68264d92c7b1468935b5fc711
Threat Level: Likely benign
The file b1e966ed92f9a7e1f556c37a7a21a9d8_JaffaCakes118 was found to be: Likely benign.
Malicious Activity Summary
Detected potential entity reuse from brand microsoft.
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of SendNotifyMessage
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-16 05:25
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-16 05:25
Reported
2024-06-16 05:27
Platform
win7-20240611-en
Max time kernel
121s
Max time network
128s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a03905000000000200000000001066000000010000200000008d225345d55a85f7766a809dd560235bd0bbdbabb511ed191ab938ea0b8bbb53000000000e8000000002000020000000ca58f0756acbf47825cdc3feebd37ad1a0e46bb4d1a142dca0bcf4a6a129bf9620000000efdb18dcbcfecde2232b8faae254fbdbe8e8bc6c24cbae4415a5d88c2a889ff24000000060cf21b380ace591c071aeaf3beb40b0dd7114527acda37a69427aa7ead7a55ae09da5c41d88d17157e7a3c671819a3a9352b1e6e2922ccd01ec6bb0a2a645b4 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 40b9d6a9adbfda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D3F78331-2BA0-11EF-A05A-CE80800B5EC6} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424677390" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a03905000000000200000000001066000000010000200000009c40bec093844037f7aa91415f41b556a45e78cc879a099777667ff8ec0b6ac5000000000e8000000002000020000000058841bf723b8bf1dd11782a6edb1bbde55f475761e0ef971ae14aed044aaca890000000f67e72f3d67a44676ae4301574eff3adc8c31e95779a3b4c719f473c12163a3479692fd662e71ff69766c72abb79834610ad59c71aa4ecd3aae08d53cdfaecad6850b18625b614acbe328b39e4cb32737899eb67dc097d59fdfc490eac0f4a4e19eaf5cbb7959b3d37f029f5bbe47a6d9ae66ba9c19ce3403649e9656dad3c20b235570546b132e5dafd376faeb3adea40000000b694ebc65bdc127b4f3449f2fa8fbc832084ae237613a3f1dd729b0f1491cdea84fbb02621f5dca37559d0f1aa353617d3f7bc408d2ccf3cb8d84f006720c118 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2196 wrote to memory of 2308 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2196 wrote to memory of 2308 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2196 wrote to memory of 2308 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2196 wrote to memory of 2308 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\b1e966ed92f9a7e1f556c37a7a21a9d8_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2196 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | aadcdn.msauth.net | udp |
| US | 8.8.8.8:53 | secure.aadcdn.microsoftonline-p.com | udp |
| US | 13.107.246.64:443 | secure.aadcdn.microsoftonline-p.com | tcp |
| US | 13.107.246.64:443 | secure.aadcdn.microsoftonline-p.com | tcp |
| US | 13.107.246.64:443 | secure.aadcdn.microsoftonline-p.com | tcp |
| US | 13.107.246.64:443 | secure.aadcdn.microsoftonline-p.com | tcp |
| US | 13.107.246.64:443 | secure.aadcdn.microsoftonline-p.com | tcp |
| US | 13.107.246.64:443 | secure.aadcdn.microsoftonline-p.com | tcp |
| US | 8.8.8.8:53 | portal.microsoftonline.com | udp |
| US | 8.8.8.8:53 | ajax.aspnetcdn.com | udp |
| US | 13.107.6.156:443 | portal.microsoftonline.com | tcp |
| US | 13.107.6.156:443 | portal.microsoftonline.com | tcp |
| US | 152.199.19.160:443 | ajax.aspnetcdn.com | tcp |
| US | 152.199.19.160:443 | ajax.aspnetcdn.com | tcp |
| US | 8.8.8.8:53 | aadcdn.msftauth.net | udp |
| US | 152.199.21.175:443 | aadcdn.msftauth.net | tcp |
| US | 152.199.21.175:443 | aadcdn.msftauth.net | tcp |
| US | 13.107.6.156:443 | portal.microsoftonline.com | tcp |
| US | 13.107.246.64:443 | secure.aadcdn.microsoftonline-p.com | tcp |
| US | 13.107.246.64:443 | secure.aadcdn.microsoftonline-p.com | tcp |
| US | 13.107.246.64:443 | secure.aadcdn.microsoftonline-p.com | tcp |
| US | 13.107.246.64:443 | secure.aadcdn.microsoftonline-p.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Tar1CC7.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\Local\Temp\Cab1CC5.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0b1531152ca73e2381efa04c3f9aea21 |
| SHA1 | 71ce39f40cad0767e37c320e776d9f10551a0e0a |
| SHA256 | 8a8eec80fef3e7482086dbe90a3ad0a4b063fea7c7491c313f1a3ca705b68fd8 |
| SHA512 | e5f8011bf278248f5df543b904f00c42642eae7e040ed7faa849c8a97a5fca6ae7695b1780fc7be24b49f2f20d6fea4ecc6574c79cfd6d7dfab918e222fa7607 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
| MD5 | 0e8e678e3628d9f98b0ba67ecf437d1c |
| SHA1 | f156e2088c4f0f3282a08d98f3a40bfa22b58600 |
| SHA256 | cfe0893d961d9292ae90c984a3a980699eb9a3dc07ac43a45040153f5f415461 |
| SHA512 | 19dfa52864393f4cd8eb688a6896458b0f695285fb2203dc41201b0f2fe8feb84965cc97f8b8f8100bc5c7a65a5f00f1894884ea2f7e38b5460c938805b0dd55 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
| MD5 | 353d80880163e69df5b6056bd95c4c32 |
| SHA1 | 78d105b9d4a87648135886f68ee548b8c3773e7f |
| SHA256 | ebf1cf4b34ac839f419ca2cd197cac7935facf09ce3fb9b2ea56473adfa2e1d1 |
| SHA512 | 6854a476e104ce370e7f1fc41ac5cc8415373fd46d1aa170104c303780903e1e24d5352ee91b0a551366bb33304bedcb60ad0e0168cfbc2e8ede5ab4a5915b0d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 96ac46def515721b7d64a940a81d9fa0 |
| SHA1 | 99daee65284dd57de8b71da388f531b0e00b7367 |
| SHA256 | 8d842248c422187e3c449351b2c8503c4b5619449e972b97e33b948015fb255f |
| SHA512 | 71364013b9ce84928560600870c3a92fcc86ebcc42ac9963a5f7baeafe439bf4b168558fbf05ddbe68bad2b50d95c5652fdc3da2f8bc9c2d405be63bc9a1509b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | baede9083b87bf0a172beb7ba8b72ae8 |
| SHA1 | b0781bce7dc03eb9a643a87ad8cbc093cccda7f2 |
| SHA256 | b2eec5bb7fe2e87e7f38ec2050c0382abfb4a366499e025f7a4161d99c38e1d9 |
| SHA512 | b488fd566ef758f9be1d2931c5da9bbb0e89ef34d07d9428355ca2c0d52149231809ae1e5490fbe5f57aa2f085577fabbf383fe0bd01c848fc7f80791a03fdad |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5e17a4fb1b7d8a5aa51fa3e42306ce26 |
| SHA1 | 26800229606ce819a24a8335b5ca7e1c54ec6884 |
| SHA256 | 357dcafcfcde96517dc7cbcc0677da6950f5f5dd8d4fb00ec3307612860941d7 |
| SHA512 | 4c617f3657a2970de43f2ae7ca8509ccc6e9131f7db60159c687fe0e20369f129318f23429eec726d89b064a1ce2313e3d73dba7ac034a32867790f5f1d85cf6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 46595a0bb38125c976bbcec8835e5b03 |
| SHA1 | af3c3509e24ae0e522419d15950be328885c4b1c |
| SHA256 | ccc11ddcaf6e85da86a632f55e462eb11553e1b835a59af7a0ea8d539035c015 |
| SHA512 | 411046fcf8881f17b0ec058c790609b5459a6a2c0b83b112a3f30f70f6318849898f52fb44d6fd390542267225d196087da7fd3f3daeb0d0fadb3e87377a5baf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 68ceae867f3acf7bcb8f24f67f683bdd |
| SHA1 | f54ab205253d453bab27a053b20fe3c497a4e2ac |
| SHA256 | 2884f546b68ca4f403c6ab3e7b4e3685fac8348ccff91679ddf4a0c66ec2c85b |
| SHA512 | ef8082891c0583ba35acb9b33a97a1df42623aabb7352c3ca3455cdb217d64419d25d23d9f99bcc6f8f114aeee84d8865374d39853219812f1d8e2544970c4c2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 459314f345c14d17f0f303be071697fc |
| SHA1 | f53fe8724a89414fc78f9ce01ca95f00c4dcc8a7 |
| SHA256 | 4e4613be25e69a2fd4953b1692a1ae5f4411428ede9a78bc520c54708b09eeb0 |
| SHA512 | c1faf618b6d5882014f96429774df2e14c87f96cb17f2184648b3e50c83d73eac7424b4540806a59eb395f3e45584cb44a2a21051d7d977ab588026aa4b0d7de |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 705b1601f954206d63b7f905db49abdb |
| SHA1 | 9125bad8a99bbed3b1f7904abcc6959d7afe7599 |
| SHA256 | 0f45660b3b90c4229fa530ede45b30fee51b86f0189b34b0c816e4eb9377603c |
| SHA512 | 97ab4cfff514e586180d8e878f96e5d72aba707322edd4c8aba71cdbb79be3573b33e181589df79eae1898e060371a6b86d4806ac31d9e2f148f185a2987efdc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 909209bb046de15c7a2fac3399899c43 |
| SHA1 | 774998f35e93f3e6448995dde08e1eab014d0c18 |
| SHA256 | 8c9c5a0a774cf80e0a61c956a5f7263b2fb79534fe9b5a3b6af986b5c733b014 |
| SHA512 | 675e54ac0c30bf7b4ffd759c71f6f0df7005bf7d7887102e43b5bef2b57edfdadb472081ba750a8c2de6f12f1e867b46c54d244700c37fc535da6eafd5d50ee4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4bb7231c79becf0d01f1e12f916da473 |
| SHA1 | f1ae864d25193d9540b05f4cc92a58a804e44fb3 |
| SHA256 | 9f81caa552fd24eee2ef74d6fd721ad209b1d72def2f5331170d49620c7fec7e |
| SHA512 | 358186d76cf3dd087a25634a5a18e91a20213b860e888df1ba487192dbe599cff5a5dd24f5e178e53bc45455a2bc13de859be278391abdd11fd47c2dbd6cabdc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3148d074ca3d5a68d8a8638c2d190048 |
| SHA1 | 5d34a688991b7a520e6da9ffb3992fa4e6bbe115 |
| SHA256 | 1121a3cd851573177977cfa1159386b1b7053333c94aa6917c5d54ec8826b724 |
| SHA512 | 1fc53cdd89fb5a26a5698c82b69c69c0fa341f21cecadd2944cd0a667c2a8ff4d3ad6044e7ac793e62f86327a279f2dff893300d61b67630764122ca2e373ee3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bd85656d17a92c639bc059d7acc82ef5 |
| SHA1 | eee45c841c13a858250455cd48efd9b60b763e50 |
| SHA256 | 3975cb5b249d9f240a6bb44e6849d57224a66a881f6a17b112c954f2eeb37dd9 |
| SHA512 | d5aee3f531ef80fbc0d1b0b1d19035ad1d1f27a7c2b3cd59042539773570dd14369f661b238efd6a90b15e1aadb7d0ff34f20632ba66b70f5369bc1b1047ff10 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2cea0e082b623752428d0cb0ef4abaff |
| SHA1 | 86b3e959735d62e92923be4901b9c5b15bce989b |
| SHA256 | 2e31de29822ffa8f19702a03b4d6ef00757f45d0cf0b7bad5365718eaec4d074 |
| SHA512 | 4353edc8252a12c3447682a93aabfeb34f572c3402e821de21fd5b33d4acc8067a7bc4423dfa8eee85489489ab4a95f01a92ead668655d96dc16a694aecc55ab |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b401cb88ae0e2a152753276d9654454e |
| SHA1 | 8f85883a2954e88c0995d69505513ce280a0d678 |
| SHA256 | fdf6a7eee4d24b16ccc4334e0a3df5f2876a4f8d576f17cbb6bf9bf77b0aee0c |
| SHA512 | 40f389f94dc050ae601f0cb2077124298e901105cf502b6de6cc9119b57b9748a89d1e652c9290e78f4633439ef7a19bc36fb364932eef54c1d05ca8d527df39 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9e4e906c3d61c48118d0da6040db6add |
| SHA1 | 76fe8b52d17fc1941e8306b4de56d02a1517f678 |
| SHA256 | bed81ba0ce9df29b7afdd8ad6ff1bef58e47f53fda1580a20f172f3d03c0ee63 |
| SHA512 | f6e561c18f7ea2145fdd9d057d76cd8f4086e2d911171593f3082a249c0db16e2a30f1cb7f21f772bfe2eb5bc4b744fb7a8c8a65fd22e7a76a0ff598e5d05c50 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4338eb0fd5207ac935ff9b8f8875fe78 |
| SHA1 | 9607340fabf5bbb77cc0ca637941160c7eac647a |
| SHA256 | 36adc2a80f0611d7669cb0bc736939117d76d1a56171d8e65dbf1dc36e709977 |
| SHA512 | efd0ddc887bc6bc00991ea07a3b09bc7c972aeccb9e6fd38b2bf9032b1cd98f7e766fd8b8f9b6d0f3c9a4333111f7aa96d023a5cc115cf47af6961929d3907a9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a64c8b77202862180f23c92a01f65490 |
| SHA1 | d6a6f748987c422127b2beeb8e5f99b4ea169927 |
| SHA256 | 90eea452a84eefcbc87525174205442822f11239c4d7ad251d72fc959d89ff40 |
| SHA512 | bc41ba587e30dda990656f0e66edc59cba24862961a9eac1f965c2ff0414be2dd727dcacb36aa728ac09080353ae3714bbd4b213d12d9ee0292c5d8a07e26199 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8ece8ffcc9e6e177da621fd355d1cb1c |
| SHA1 | 533d6e2c502b5a251be3b921a6982524798f474f |
| SHA256 | 9102dfeac35d2123ca3230c3330d47f2cbcd0a641365e874ccfe5d0978b72432 |
| SHA512 | 1e7cec308a02af607dc8ec7cbbc56be8c3f10e2eb826cc6f1f751f348f35d8c5f09dd51102eb1ad60900b3eea72ed46c9b4a66aaa7591a3301f35c0d606d648a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b0f05bfe41661516e64cb8afdcdd1114 |
| SHA1 | edceef3726fcfbb32f63444f390b7fa74f59b7fa |
| SHA256 | 60df9d4171b24955b44cbeea5b8080d05c1bdf4e05263bf3705a8e0803f194fa |
| SHA512 | 12ea524a3aa0cadca705c0fb43da782a563aff7ab3c845f3f807f62fd5f956d0d0614c7c68e7b43474bf1dd5ede957492c4fcc22da1ea0e5e1e3222e522b298b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dee1433b5ed13e871a56f24286b7e58a |
| SHA1 | ece915d55aaf8161aa523ce5dfb1e280f8b4c1e0 |
| SHA256 | e0ba69a42019d9e51a07c3a6b0e28bd93bbb0f978cf83b8b3692155662d36679 |
| SHA512 | acfd16c4a584dc5a1c02b99ab6efb6a78e3b47a9ff8668da1e039991068b0d15f43c9ba4293417ea9cf8bacc288b8e8e664f66de1ead6142dfc2be3a18f15e41 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 116419d551889bedcc60110dbc4cbc04 |
| SHA1 | d3be697401526ffae8429d7f0f5f6c5c98dc9948 |
| SHA256 | 8328bebe3edcb25f852c03554c29a2bda425cdb7002839bb4f936737e400a0b5 |
| SHA512 | c7e8055df0ef9fa10c399b2388a2d1e150a879e8322639eeb76a9817040d3cbb89b5d6503071c3b6bcdcd0ccdb49490c3e338e40db4b23a43dca2da45ca397ce |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e330c5484d55bb2f83da6af779ee10e9 |
| SHA1 | c2c056dc8945e643928ae325712f415ef5bb57cd |
| SHA256 | bf71605b210a619c458c8474620b207d624aeeb9409680ac400bd203db8e1373 |
| SHA512 | dd749ad9be55df992bd63b5261c3ff0b273a0081b1e1b1c59e806a1164702a13fccf93021c47d4a4ac8fd3506e26ec7d453f56a5ee2993e1a1167585f38b4191 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 09bba73f0073eccb40f60cb83289c6e4 |
| SHA1 | 3890444d6c665a30c50db820ad15b46b764787d3 |
| SHA256 | dad4cb46806d11fe87a7c6a8fa33c190f738b0fe3f6f3123ee7b7b9c4293847d |
| SHA512 | a33aa49e9f77013d4a5a81052f8c927bf2e33ac6618dee95ccacb41744af06c98f9b14f41da5f1fc4fb7fedd18026824b55bf7a201a667e4d5e1772c37ad63c4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dc25b03d90235b7cd88b559708a9a671 |
| SHA1 | 6f522dd2d14852f9443411ca223f6e097cdc80f9 |
| SHA256 | 1073613758f56b63798053437cb1fdfa72e9461600d51e3e09c38916e6677864 |
| SHA512 | 4b533da0acd4945b469c79285831182f74e2c91cb2e33df8165741ffe94f5d0889c080eb5007d366e04bcdf4f179fc433a5c7c4c01d7f5a16bda398557350c2c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dfc1883127f24ca83bade9563c2f66ad |
| SHA1 | a8e2cae41fbbf8ebe45d928b1240d705c2d6ae8b |
| SHA256 | d196de1dc43588cae440c336f4485156e63f40532fcb09cbc65857a7da65085a |
| SHA512 | baec353e68e0f5c08f0449825e5fd2f9ab4de5b1299d2e3fa6aec9133a2db82b4e1617ee9e1ef96c70ec44cd80239a68a974a8154706905c5d1864e3c7be7fb7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 44731cd90b09a88bab2b32360dbc6d96 |
| SHA1 | 9e5b2282469601870dd2f00e334c7dc2ad7eda55 |
| SHA256 | 397718952a4de148da1866f4a8f17b46d77e134bfcf91c0b615e6bbee91be25b |
| SHA512 | 1dd9d75479e4c39a76a33fe5d7babb313cd2545135949761eead7cec391fb250c540311f7da96507cdc01a12c8737f967ac8eb31996f75847214ce95cad894a8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1ffcc48e053b9b4176a69ff30e32346b |
| SHA1 | b2204b0683b5e05eceb702b4c2b1aac1a5e21e6b |
| SHA256 | 61ead8b3c20d4962c40136ac53fff1790f0641b1a3113e3cdfc64f434100b73e |
| SHA512 | da3d810d9600c60618ca8a6b8fbc6eb5e255ee5d120fcd37085547a02580958b33c98410a39d8134dfba008411b336757bce34d9ad01e198797c2974050981e4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 850029085684d623cea333d463d5d279 |
| SHA1 | e3bfc134f9ecdc96a1dce8f176df9cafdee3c5ca |
| SHA256 | 8f6a1b01b6cd79dc8d119ccd70d8aa7ebba0aac02a886b99629f990784621241 |
| SHA512 | 282b1a9728aceab815e932fe89e2bca93cc3b1d3a3d24785661e7c73aa1bf2f21eefef9c402928576f1eaf77364ec578c4bf9f8be8f1058e510bf2065f4e5e67 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9d86e3c68ca5dfeba5f5fe79a33b94cb |
| SHA1 | fe7d19b4a75308cb2e6d55e805d34ee34feaa8d3 |
| SHA256 | 84e70acffe9210ebcd76bd22764350109f79bbfedf2f8a35f116cf0d2ae77b5d |
| SHA512 | 60ceef76d04bd295099b7c967ed5476fef6d953c1a8d69af69836c0eb78dbbd5dce4c27d33cbdf8e4ff063339ca09d3aa46c1b6a219e455448e78af18b651350 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d33fba67649424037f2a25f3bee05c80 |
| SHA1 | 75a224c7725c5d192f5421edbe53d904a6619aad |
| SHA256 | 2c7dbc2bbac16b7fcbb4e9d589f6273593cf1af2f8fea59d289980c29afc780e |
| SHA512 | 32536f0f90e2a32bd705bfa68cd20891de0fac5b6117edb6df685faa8cacc5ee5824d298306185e419ed823e7a9f34d37fd7c49475dbdd11adb63e7dce897b02 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d490a60872f63571f7ab72b31aa335f6 |
| SHA1 | 9570f6e119b24a72c13d264f1fa898ea04aedb13 |
| SHA256 | fa7ac81e605ff189ae09a74f745ce1061bade7c7cedf91ae33fb425e1829ee3e |
| SHA512 | 546cb52e6ae673f315a0dc70bbbdb3c51be7515c9a0e470c1580c4ff25a595f8846b1f09da79de02daa7b163ed4e4ca1e59eaec3763e379af75044180948c38d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5e22bfb2df9095468bfe79abad59f00a |
| SHA1 | c9b534b7b56b0b91cea6ca0b0897c0e41a8579e6 |
| SHA256 | 3aa9fd07c53e78d201b9409655a04a148b9783767cb13e2cc93545fc032475ac |
| SHA512 | 293782ae5ed4c175fcdb5fd38b363b003275e014d7e5d87678f291f0b6f907c2a9980aa2fe852de580d6bb0eb9cec3215d9d6700c0c7b32a50897a1403905109 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 16e33342dbe27e13e349e3221a45ce57 |
| SHA1 | b45095eaf93aade92aed25e08720fbc63a3b09e3 |
| SHA256 | 8296199e390986147624189af9688d0afff915116b83af00d15f819de096534a |
| SHA512 | 44f4d0851df2763db44a88092036d755f3e6083baa075ff51f69ee38830ec45a9e5b44b0e38659670664385b7fb69b47735749285e93a4da209854a197e297f7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 75df9be62a65ddbe99e753d3c37194f2 |
| SHA1 | a22c2a940950cb04988e1c90135675624d55ba34 |
| SHA256 | 2163d3d57974550a50541d5020a74302bde3349bdaf66d404048e14b4cdd236e |
| SHA512 | d76795f8eda8dd59306e96a36481efda2ab0493144c674fcc87363f804eaba25a6741250864a646cbea3d81be8d784e392017a4e10cdc77f6057ab31626954b9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 85f1397745a9146c425323eee103e366 |
| SHA1 | a13c597858d8f7d71a1574098e40694b4cca656a |
| SHA256 | bd14618f42930b0f04ec7ad4fba22e4520ea4846ae024b406dc3905988dd35cd |
| SHA512 | e3c0702f1a15aea959133030e640f1316dba189012d104560d65c67b0059185a4745ae8ba673040db26049e8985dc8b11efaaf53a8978e7fea2c83484b2803b7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d98e5b860419256bd2ee9accdb028403 |
| SHA1 | c0db6d2070732d8aa415c906a0b2be41337796a8 |
| SHA256 | 9c3e045f1a32a127963320e247eae6500f661cbe9461b47f7c5cfe7c6646096f |
| SHA512 | bbe901b97eb79ce8501618f28fe2abd91d2500b5cd0c33441f05ff7e59ec501ed95f98b392e699a0f9551fe0c5293521056548c7526ef5f0f2c8dfef04d16f98 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 793dbc22967350b110be4d9da12a6e0f |
| SHA1 | 2de7927128249532551956f6d38a01d4849d71c0 |
| SHA256 | b3d5e9d62a46771f53904f62b4169b9d1d23e66f9cafa05ea0ca6a251fc4165f |
| SHA512 | 180df1ba526f6b2a45a6bc1720a5fffb0f070c6cf9a30b1b69266bbfea863b1730a28d68779f760a37d778ab8048244ec3220a05be7f09e1be418a3aee2f4df2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d9567e8f204a3d4b24537ccefcc4687f |
| SHA1 | 2f74a74410b3b469e2cd858fe8fd57ea26c3e9e9 |
| SHA256 | fac61415de4f5cf41fb85ecd2b73890bb48b6d7ebf208be1b33123d92b6faa8e |
| SHA512 | ea3daf17a4e6b43e7ae1599a65bc5cbccbefa0d987b63da5e17ab85fee6462ca4fa49859d6147a87a9d873abe5cdb91e569a06340155222cc88c8ab06a54962c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c91115496f85745a60cb9dbd76480974 |
| SHA1 | 814bfdab6b5157dc050ca3f3a0f1d56313fbc6f4 |
| SHA256 | 8c26b321e1a6ddcfd0b8208a48c5e7f7d0e5cf530d1e22d90050690ec51992f5 |
| SHA512 | 88e810be28851bb4defa742a7bb3a550d84116670ed8c2ff805e5aa13c89a8234f3bb38c520c30a3e8e3a462af02831d6950f49b8651fcbd4f9b1cb6ae04bc39 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ec9bcf7e5c9922f5fe61942041602869 |
| SHA1 | 95b3d020ae72923d5d60bb1bca8202d746d8c100 |
| SHA256 | 30b34ec4dbc1d593904febc264865f2e085b5671c6b9d44438386b36ea694923 |
| SHA512 | 87eb3f022edddc88dad07a1b955e2d93907d5e6c9fc2eae09b431744a1ae5d99df818a92fd1b228e2cd00a3fd97cfa50a1ddaa331036bd02aeeb117a77458d50 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-16 05:25
Reported
2024-06-16 05:27
Platform
win10v2004-20240611-en
Max time kernel
150s
Max time network
151s
Command Line
Signatures
Detected potential entity reuse from brand microsoft.
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\b1e966ed92f9a7e1f556c37a7a21a9d8_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa5cae46f8,0x7ffa5cae4708,0x7ffa5cae4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,14506632507058669753,5090412780547440673,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,14506632507058669753,5090412780547440673,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,14506632507058669753,5090412780547440673,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,14506632507058669753,5090412780547440673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,14506632507058669753,5090412780547440673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,14506632507058669753,5090412780547440673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3964 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,14506632507058669753,5090412780547440673,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5424 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,14506632507058669753,5090412780547440673,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5424 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,14506632507058669753,5090412780547440673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,14506632507058669753,5090412780547440673,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,14506632507058669753,5090412780547440673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,14506632507058669753,5090412780547440673,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,14506632507058669753,5090412780547440673,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3100 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | portal.microsoftonline.com | udp |
| US | 13.107.6.156:443 | portal.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | ajax.aspnetcdn.com | udp |
| US | 8.8.8.8:53 | secure.aadcdn.microsoftonline-p.com | udp |
| US | 8.8.8.8:53 | aadcdn.msauth.net | udp |
| US | 152.199.19.160:443 | ajax.aspnetcdn.com | tcp |
| US | 13.107.246.64:443 | aadcdn.msauth.net | tcp |
| US | 13.107.246.64:443 | aadcdn.msauth.net | tcp |
| US | 13.107.246.64:443 | aadcdn.msauth.net | tcp |
| US | 13.107.246.64:443 | aadcdn.msauth.net | tcp |
| US | 13.107.246.64:443 | aadcdn.msauth.net | tcp |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.6.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 160.19.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aadcdn.msftauth.net | udp |
| US | 152.199.21.175:443 | aadcdn.msftauth.net | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 13.107.21.237:443 | g.bing.com | tcp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 175.21.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.21.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c39b3aa574c0c938c80eb263bb450311 |
| SHA1 | f4d11275b63f4f906be7a55ec6ca050c62c18c88 |
| SHA256 | 66f8d413a30451055d4b6fa40e007197a4bb93a66a28ca4112967ec417ffab6c |
| SHA512 | eeca2e21cd4d66835beb9812e26344c8695584253af397b06f378536ca797c3906a670ed239631729c96ebb93acfb16327cf58d517e83fb8923881c5fdb6d232 |
\??\pipe\LOCAL\crashpad_4460_CJLQNKQTSLTEHYMB
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | dabfafd78687947a9de64dd5b776d25f |
| SHA1 | 16084c74980dbad713f9d332091985808b436dea |
| SHA256 | c7658f407cbe799282ef202e78319e489ed4e48e23f6d056b505bc0d73e34201 |
| SHA512 | dae1de5245cd9b72117c430250aa2029eb8df1b85dc414ac50152d8eba4d100bcf0320ac18446f865dc96949f8b06a5b9e7a0c84f9c1b0eada318e80f99f9d2b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 159b85e65df2838339c0c9ce30365f61 |
| SHA1 | fc14fddabc5736ee53519b833faed82649038b2b |
| SHA256 | b7a86e82da33a040dd3b1bc6b168e6583521007b211af575162a5036db103e0d |
| SHA512 | 787127b79fe8827c51a62e8a1357803fb8693af8e10ce3aa60402a1692fc33d26d4025009b24440fa6ae1a0ada36364c03c95dc57b9f5a1c5e0b82f2ac0b2c9c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | b51b981d6a3f74ef2d53b1307ab3e63f |
| SHA1 | 1810aac22c6548fe7450d5170bcc23a6e21a6671 |
| SHA256 | 6490961c489e8e51a2d482b2b90cb6899ed125508b2a45165a3f512cea90bd4d |
| SHA512 | 4c68ac39694294b9c92736c0c168eaabfc36342ec582eb640cfb436b7ab799f521a47b8892158e433eef35dd5b03a505462e26775bf7e2b3ba3a98f3b843842e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b012ff32aeb5ecac76419cbd442f3a31 |
| SHA1 | e8d2df77cccabecd72358871d6be087d50614627 |
| SHA256 | 2059c3b498ee70ffda483fcf8b2282e90087fd15cd9edbd4b637a04a04abfed6 |
| SHA512 | a9782340d00c2ee3e650775aaf68f7b40a60f432d50b3a36f0876cde6d43268925f8ad00ac0991c66c73d45b3bff771d609a48f79e596630f698330aafe009a3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 4664c21086f63fc4a7a2d7cdfe3af7a3 |
| SHA1 | 8c74b72b9e0e190ee659cbef8f60734ac9c89d4b |
| SHA256 | 15d2029a1db3d04b1e7e4ea6b000859566e49a366a3ada15df9b48559ef60dc1 |
| SHA512 | aa4a8de79a1570f56a7b2a2aef39bbd4121fa8fbabbd8848059fe80fcd45554322ae51afce010152bd8cf8ffb4dc802082f45ce24a6852d105a57212317cffee |