Analysis Overview
SHA256
22dde695137f2ff28cfb200bbebb8baa61f74a31c706b0cfa052d956896d9560
Threat Level: Likely benign
The file c0737d4e2f8e417d869c82aa08a91ca3_JaffaCakes118 was found to be: Likely benign.
Malicious Activity Summary
System Location Discovery: System Language Discovery
Browser Information Discovery
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Modifies Internet Explorer settings
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-25 09:34
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-25 09:34
Reported
2024-08-25 09:37
Platform
win7-20240729-en
Max time kernel
67s
Max time network
129s
Command Line
Signatures
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4AACE961-62C5-11EF-BC3E-6A951C293183} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b01ebb20d2f6da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004ecca440099c424d92937bb9b1db2c920000000002000000000010660000000100002000000060b377e8251451372b8e606ac0b8afef9789db50c1774cc98e1bd7e125afaf2d000000000e80000000020000200000007a1f416d2052214eeecb2af8a31ff6d155e829b07bff6dc9f601ef00c00d448e90000000a59301a0fa5b6d6af734859699bafba2f31fd7d60b4fa17b6f52bfcab71ba898d446bb97029f40f666a07445d8bac43441bb14906b54547872f502f8884036316fb448fe2b90be84d266a473a0eb2e74b89695b8f93e5e53efe0d008a9e2328e45800a94acb0ef0340737677721440aeb91bead9cc1309700980fcd1f55d269aac4d227c215120b59109d5c0204ec299400000007915f258b4db4ecfc50c30e2bb52bb856faf5aa0d69cbaa5ddfb97a27655209e37712bbbb9a83090d67976f8150d78ac4cf6eb2d3605e586a6ded1f1c13ba0fe | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004ecca440099c424d92937bb9b1db2c92000000000200000000001066000000010000200000009fed68ed7741cfefb093c02842d58df55770c58b90f4dc4b59b5f58536b04a1f000000000e8000000002000020000000fbdca216986cb9b1145cc684f372cb43f4c44e99fad61823bec4cdb56c90c7992000000071717d4b1f3ae3c1c650152debdc2eab32c0a4c0a8aa393f880881bca924110140000000bd712deb91f75572b713b2d5827ebe6c095a698a3ff0c67d2ef0ee0a8cc0e1a607f05a94b982c1759323d3ccdde45a2717814e080cee89d02fe9e7fc1e8a7b76 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430740365" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2416 wrote to memory of 2476 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2416 wrote to memory of 2476 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2416 wrote to memory of 2476 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2416 wrote to memory of 2476 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c0737d4e2f8e417d869c82aa08a91ca3_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2416 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.earlybirdsclub.com | udp |
| US | 8.8.8.8:53 | maps.googleapis.com | udp |
| FR | 142.250.75.234:80 | fonts.googleapis.com | tcp |
| FR | 142.250.75.234:80 | fonts.googleapis.com | tcp |
| FR | 216.58.214.170:80 | maps.googleapis.com | tcp |
| FR | 216.58.214.170:80 | maps.googleapis.com | tcp |
| CA | 23.227.38.32:80 | www.earlybirdsclub.com | tcp |
| CA | 23.227.38.32:80 | www.earlybirdsclub.com | tcp |
| CA | 23.227.38.32:80 | www.earlybirdsclub.com | tcp |
| CA | 23.227.38.32:80 | www.earlybirdsclub.com | tcp |
| CA | 23.227.38.32:80 | www.earlybirdsclub.com | tcp |
| CA | 23.227.38.32:80 | www.earlybirdsclub.com | tcp |
| CA | 23.227.38.32:443 | www.earlybirdsclub.com | tcp |
| CA | 23.227.38.32:443 | www.earlybirdsclub.com | tcp |
| CA | 23.227.38.32:443 | www.earlybirdsclub.com | tcp |
| CA | 23.227.38.32:443 | www.earlybirdsclub.com | tcp |
| CA | 23.227.38.32:443 | www.earlybirdsclub.com | tcp |
| CA | 23.227.38.32:443 | www.earlybirdsclub.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| GB | 92.123.143.169:80 | apps.identrust.com | tcp |
| GB | 92.123.143.169:80 | apps.identrust.com | tcp |
| GB | 92.123.143.201:80 | apps.identrust.com | tcp |
| GB | 92.123.143.201:80 | apps.identrust.com | tcp |
| GB | 92.123.143.201:80 | apps.identrust.com | tcp |
| GB | 92.123.143.201:80 | apps.identrust.com | tcp |
| CA | 23.227.38.32:443 | www.earlybirdsclub.com | tcp |
| CA | 23.227.38.32:443 | www.earlybirdsclub.com | tcp |
| CA | 23.227.38.32:80 | www.earlybirdsclub.com | tcp |
| CA | 23.227.38.32:80 | www.earlybirdsclub.com | tcp |
| CA | 23.227.38.32:80 | www.earlybirdsclub.com | tcp |
| CA | 23.227.38.32:80 | www.earlybirdsclub.com | tcp |
| CA | 23.227.38.32:80 | www.earlybirdsclub.com | tcp |
| CA | 23.227.38.32:80 | www.earlybirdsclub.com | tcp |
| CA | 23.227.38.32:443 | www.earlybirdsclub.com | tcp |
| CA | 23.227.38.32:443 | www.earlybirdsclub.com | tcp |
| CA | 23.227.38.32:443 | www.earlybirdsclub.com | tcp |
| CA | 23.227.38.32:443 | www.earlybirdsclub.com | tcp |
| CA | 23.227.38.32:443 | www.earlybirdsclub.com | tcp |
| CA | 23.227.38.32:443 | www.earlybirdsclub.com | tcp |
| CA | 23.227.38.32:80 | www.earlybirdsclub.com | tcp |
| CA | 23.227.38.32:443 | www.earlybirdsclub.com | tcp |
| CA | 23.227.38.32:443 | www.earlybirdsclub.com | tcp |
| CA | 23.227.38.32:443 | www.earlybirdsclub.com | tcp |
| CA | 23.227.38.32:443 | www.earlybirdsclub.com | tcp |
| CA | 23.227.38.32:443 | www.earlybirdsclub.com | tcp |
| CA | 23.227.38.32:443 | www.earlybirdsclub.com | tcp |
| CA | 23.227.38.32:80 | www.earlybirdsclub.com | tcp |
| CA | 23.227.38.32:80 | www.earlybirdsclub.com | tcp |
| CA | 23.227.38.32:80 | www.earlybirdsclub.com | tcp |
| CA | 23.227.38.32:80 | www.earlybirdsclub.com | tcp |
| CA | 23.227.38.32:443 | www.earlybirdsclub.com | tcp |
| FR | 172.217.20.174:80 | www.google-analytics.com | tcp |
| FR | 172.217.20.174:80 | www.google-analytics.com | tcp |
| CA | 23.227.38.32:443 | www.earlybirdsclub.com | tcp |
| CA | 23.227.38.32:443 | www.earlybirdsclub.com | tcp |
| CA | 23.227.38.32:443 | www.earlybirdsclub.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A
| MD5 | 23680fd5381e982e6f1426deb816e6b0 |
| SHA1 | 17827961ec06605979df7ead5c3b31c73f1ccba5 |
| SHA256 | 1aa7a0f3a3d159a64f74848f7f06026fb34f5eccc07b8cd3e35f809e50b179b2 |
| SHA512 | 9c6c78eb272a458cfe5dfbaecac220a355255d62092be7431619a2a1e8fa18a9be7452897b2d90f78b917b8574f0a7ba5c86c421b2985262694992708b447aac |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A
| MD5 | d4ae187b4574036c2d76b6df8a8c1a30 |
| SHA1 | b06f409fa14bab33cbaf4a37811b8740b624d9e5 |
| SHA256 | a2ce3a0fa7d2a833d1801e01ec48e35b70d84f3467cc9f8fab370386e13879c7 |
| SHA512 | 1f44a360e8bb8ada22bc5bfe001f1babb4e72005a46bc2a94c33c4bd149ff256cce6f35d65ca4f7fc2a5b9e15494155449830d2809c8cf218d0b9196ec646b0c |
C:\Users\Admin\AppData\Local\Temp\Tar2090.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\Local\Temp\Cab207F.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 33048654fb17413348bb25f608cfb35a |
| SHA1 | 6cc849ee9f4535e8f092b954f748b0ef7a2f1190 |
| SHA256 | 8d99374152584ffb92ebd14667ca10721d1c1af6a0d978ba608243cfbb7615a6 |
| SHA512 | 13f13e77eba69fbac43f4fb8294793ee4e0715cec76b894aaafd4ef73fa0fced137435c83b5bd25c732b7a77c7947de7c9edf8c4151ca69fc9d1afb30bb6936a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7fb0ec1509ee916f58e55277e85bab23 |
| SHA1 | 9f73c4700c78eb15a40c80ff28c35c86566d9b9c |
| SHA256 | 909bf2b92147d0ff4e4d259601247442e0c629eddfad695c0e06ccef89b9623c |
| SHA512 | 321b2858abcc921ca761b7837b993b78124725e0a1469f2265216ccb22ef09cbeef8e2b9052ddeabe6577b81fadc78a65ba949f6a8996cc9a7631d4e88db6c65 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7ac64892d2a78b7cdd2e9d4524cd9258 |
| SHA1 | fbdbe42c9fd30ced44e1e0ac93e8679d5cbed427 |
| SHA256 | 892a42103b04542dded0c2f580ca9cf7af10e064c9b9673b8a4f721b88624f5d |
| SHA512 | 02e06deb9aa411a3004039cd8dbcfa173de38b5b228a2d6a3296229fd0c56f935da339c0a3ef3ccd0dbb0767d9ce1081f188d337eb7b6c051b163b752ef41299 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751
| MD5 | 822467b728b7a66b081c91795373789a |
| SHA1 | d8f2f02e1eef62485a9feffd59ce837511749865 |
| SHA256 | af2343382b88335eea72251ad84949e244ff54b6995063e24459a7216e9576b9 |
| SHA512 | bacea07d92c32078ca6a0161549b4e18edab745dd44947e5f181d28cc24468e07769d6835816cdfb944fd3d0099bde5e21b48f4966824c5c16c1801712303eb6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7358a4ffd47b2b6d83ee024e7429152c |
| SHA1 | b9a337af5f608ebaa728ef182fd15ea0139855dc |
| SHA256 | f7971cf352f2a900114ab8b5804b83b69541d9a51489fb3eb0abb706851cfa01 |
| SHA512 | 4fb17fb4b67ad0f1e5dddb578f80a592c16fba1c677dd56630ea887b9e6c3c5e2aafcda93b60cb2eeb59be2f7f051344c58e9f45872376477c32608e51083b7f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751
| MD5 | c9f646a95ac1457cf961bfca219cac0f |
| SHA1 | 7cbb47217ad50cf853e2a8e0c7d15e11e04ff909 |
| SHA256 | 4a6da0e3e2c9290e1e3d237105a2bd363f340d1e6732ad4a9592513246f05a04 |
| SHA512 | 8d3344553dc420256f3600988e584f51c3a412b2bcf4da49ac1c58feae1afa2759d09d3468cc9cf8cd830eece81caeda8d95ead5eea5756a048855ea4c16b41f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4ab5d22e9eda7963967490c8fea5a01a |
| SHA1 | ce3ea3b7dbbc32f91c53efdaedb7754ce727d23f |
| SHA256 | 65c3407b3ec38456733243fca7a5365c34f744c117c310eb96e965b61b8fdfdb |
| SHA512 | c37c7e7bc99234ad156a089530b6f8bbe53b5884935fea95366ac804b86e5bcc9a7937fdf6e4e009ea81a278fe52c3e3b6208c5a29a6febb93f7f3c9591faf56 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dbb257cdc2aec7d538d35990889c95b3 |
| SHA1 | db2d1cf08556a05e9c3f274aeea6f28a52ed051d |
| SHA256 | f2a522a118d9a43b6d53b4b06dd369faefc4b0b1c4d7854caa80f008b0af61d9 |
| SHA512 | f26b9cd24b7f84bd77ff0e1370d093b1e1ae6f2c2d6537bd4a1511b7b9ed16dee56ee43d07dfa72a207bb148e6009501f4982a34b85966d20f0f30ae417c18f6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 37e8391cc61cf0e8c348221378ee45a1 |
| SHA1 | f3c90b91f2c7b1f6c6943ae23ac42abb02526ddd |
| SHA256 | 6e7eef79565bd7b98f982dd73c03aede81d6e0f1c78a6da7553163959c260852 |
| SHA512 | e5c1cb60a2ec97a865bf15eb9229bddc83d93de70511528b2f3fff4093d39c4c9cc76f3e49e6a0b8313a13d8b0a59f9129c7eb8fac0f502da3bdbc55484c763e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 020426ab80d25fcf9d69fbbac8684c56 |
| SHA1 | 09f25013074f1fe6cee3f08f52f6282378c91e6a |
| SHA256 | 9ddf4c2fbaed2b3eccaf959d2711f86af41e8af274cd210ef2634bf6dbe69523 |
| SHA512 | d8d291fbd285ea024ad19eb055a45fecf87c342b37648bb7b9c2b1e58786ffac328b48b70b98b2b38f91910f02e8071f1ae3ce7db25620357c788fbed0c9d14e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3bc6a0a72724a21283fa84e508cecb92 |
| SHA1 | 6bd22425680b8a88950a0625607f5bae9267c121 |
| SHA256 | 9f4493a247ef397a96d0cf52b1e0a71ef457d97c0c06aad3fbc9398bce84cf3b |
| SHA512 | 3db115ba5f550bbfc757a342d38c7fc7f37b1ae786c4f315f27ebce2726dcdeb6966f3766d352eafb71d1f276b383e13c93990b790a579fba83388ec071ee7ee |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b9d6d08c1a6b63bc0461f623aa0e1bc4 |
| SHA1 | e187ddfe8404d2e4af9504d5d2f63066c8976374 |
| SHA256 | 710be48d41b8dc7904cc4de37bb81c5c3e10c7fbc8badca239bde8615a86d78e |
| SHA512 | 8e8bf5071b801544ce9f8361c9a1b0c1a7c0cf2ba415faec26483309f172a826106f71bb8b8eef195c9679587a6bb5ea644d291a22eaae7ea5ec65af191d7191 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 99de90331977d8fd8c229e44db21a9bb |
| SHA1 | 96a9de43bdcdcb11f482aa909e6ac3ba20dffefe |
| SHA256 | 396857f442d66c8f7eef88d8bbbb4f4ae68627c61b110a0d74a55a03875205c5 |
| SHA512 | ecb96f0a3f8425c3d9936aef31ecbda01d4e795ea5e06110364f7e313aac69beb9048455b037d481c3cd749734f807d0de856f969f9e6583ccbe078b62f0cba9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5a7d88a02c02725ba0d0586ff54b45e7 |
| SHA1 | 493a5befd1709711c446dd8c406cc7738fb0cbd2 |
| SHA256 | dbea31df47f5c19be9575a1998e6b2511e387cf1627f2af7647cbca88880c9e4 |
| SHA512 | e1de675f79fa2a111573a02cec6d5deb83a14f8a2e48740d837533356b8a5320333fec146a8a3d58cd7dd48810e035245483fa8e59b412028033efcfea15b4cf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4ccf1437126415cca1630e519c176e27 |
| SHA1 | 4923ba53d1c27a48aab7fdb4971cbb9b83560902 |
| SHA256 | 5995ebac233a3f8eee7a1b0cae5cfed065e9a0ac9bf6cbc93d8cb64acbece66b |
| SHA512 | c706d595c7d9eec12005acdbd2c2d5b8e81de1fae36b28beaf970f3cba21c910a1213a875a2803dc15c329b46c1762a142398f3ed9245206acfc5d0eb5e1520e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2f28b567e0726a5997b69b960ec7faaf |
| SHA1 | 1dbaa457390f835d7267f6f27f883f31136a1113 |
| SHA256 | 24c13edce1cc5f97f982fad46ab76db8ef18bd95e63aa76fd3402d10ccc78de1 |
| SHA512 | ac363fc11ea4b21e6a49793702e5c07b6cf9372207bf0e26b7d070f4167be20bc1120c22f2106156fd3854f9257200263242d78dd0ba783bd96901813c29b01c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6a64db9d8bd7e59f2bbd59d1c4c34299 |
| SHA1 | 64f0fbc3724068159cea5f8b13801035aa95d21b |
| SHA256 | dd1e98facd8c8e14fb376f8004a042e511ecc53915b973977b898b7cb7f56181 |
| SHA512 | 0945d2aca57b347e1247bf43d35cf23884e04913d061b2b39bf800589c76ea4877d71b6f9e1765f09e6d439c1d615103b9febc20b4274b43db7f64fd5f90014d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 462915964490f7fa608df782be5c59ab |
| SHA1 | 49b29fc04cf0bf0f2350963029c49e85a9a44887 |
| SHA256 | 6df6f2ab1902fbc3d545cbeeb57b428f1d2f557a36c90ddd18067a5666b626e3 |
| SHA512 | 352042236f19afe552b2b7dbfd16be55eade9117ab405a887803544bb84b87ceed4439350e2f63fd4a63b4690256b0a69a19c74a3909a5f157dea4b67ddd7341 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 73ab8e50ba26f2f8cc5c527a1e46d097 |
| SHA1 | fa9f14cfde006fd058266dff344514b4a06f7034 |
| SHA256 | 33f485a86dcab51bd8ca0ca04d0f408f393d36c3b15999089584d1d987e15432 |
| SHA512 | 55a95aa7020cfa1ee50edcce26acdac7a7f29fa334b77347b9ed58604258214f4000c9adfabe14cebcdaaf17861422d68a07f36faf151f84e09074e0de087512 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b1bcb185f25c89e20979e3c6cdf2dc16 |
| SHA1 | a1082b2ca6b4ee458eeeff37f18391f9c1bf888b |
| SHA256 | 9e25b42392c6906338a43d66bcc8f15822e91fc6c518d8a802c6e9aac2297122 |
| SHA512 | ae74a847514027504b864771023a7a87effcfcac4d7bed5bc38dabcad80892e4c9b5194c504a8fd405e7b83d0f8aec879961d789f77cfdb03e2cf150956ce521 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 473adcd8e84e33967a7bf10831bbcc8e |
| SHA1 | 934772cebdfec4d41e9c92b66498e69d9541edaa |
| SHA256 | c086f26315ebcffae11d9149f4dfc8ac23e6815f1d82bb42d754a1ae476d94ef |
| SHA512 | a7ef0d2a5ef80c6fc3b1bd79661e72e8cedad1bb285c4da6749984ca8d13abd925a5c7522ad575562de89bb2940a837a7d971cabbe0a7b06c17bfa554b388c10 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ce2a6ec08abc23ff0ed065cfb2ff26c9 |
| SHA1 | 2e190801a9472165a5e833287784cc4be3d99c87 |
| SHA256 | 587671dda490b09e3fcb8c9d71798244a1f9e5c457e7089956ec66fa7ebdbcbf |
| SHA512 | 7a78dfce64deac610c529f7679cb1f77b800aeb9fe7e41639ae75d453ea48cd7d63b79440483c53e763a9955e09e74daf482590f45a8af7b2bf9bc809b582434 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5288026d3e1a571db4fd2ab0b24bfd1b |
| SHA1 | 489fb25d85fb1e249a337fd5188489e29b7e9e47 |
| SHA256 | 6ceca439b40158299bee3afe76d060079214a9cec38597b30dc222b725fd81e0 |
| SHA512 | 44e6558bee62a1d409077e89e2ba41382c9a8ce893728d3a985ab5cba2b6dfe73617704fb707f25aa06389b14a632badc60825d0f6098cbef14ddcf91ffbcb48 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8d51dbd999665ceaf14470b3265a24b4 |
| SHA1 | 980d36c46d4e68aa1507a96fae449416d07b2924 |
| SHA256 | d1dc9ab001d66e7e4a2aca7967b66ea5b4b1a5b888aefc8678b11ff3ad50b450 |
| SHA512 | a64c8e998c9451f17e88dc65423c63ce011aae2672e9fe485ecf922eacb6b36e5db3bd6abd2f55c3c89b1aa35ebd4b7e7acadeadd44cd789e397aac5b257cc95 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 813e4bf73f124d763cb8fe135dc513ec |
| SHA1 | f7d71f1ad703612fdf526d0ef6b9997c58af375f |
| SHA256 | 938fddfb53073185fae8793ff6e1a5567c3ea2e0bda145701dbd1516a02e1d44 |
| SHA512 | 0de4d50e3e83033dd0adf643ec96041cc848b19299426f27d7bca04b5e851fad47d0d62e3b0330f071e4415b736457d90f90ea7ee3daa76db28106b617c7464e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fb2df90d1c595ee8dd46f59f018339cc |
| SHA1 | d89008a1b93ac3ce009437a482191ae7f62ed315 |
| SHA256 | c342aef7bbd29e321a7c504257c1b316b7739f576ed1818c0996ca3aef7171cf |
| SHA512 | 09d67b81825659ff3d975f2709daa3a304feab82041dee5c0c1c35ea43b1328c4d44393ee674a4b7516b5d42e06888c93533d392c8d6d7afcc8b0bc94fc36323 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8fab07a156cf3735e3f6bfd3a259cee3 |
| SHA1 | ced92db7234297474d5b3df8ce08279665e1706b |
| SHA256 | 386f1350013347cce39e60f8efa5d6dceb844a62271a9c937076dc485f7c3f2f |
| SHA512 | 017d78989f9b8cf6d1b98e67322318e9763c144464fc9c0b8ea4e7f3d27ab20b05746d1330babd0a415e609448096e270f25d0e5782c8d0a3e30ed7981e38417 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 16b500de78d509c836ce95bdf23a8274 |
| SHA1 | 26f77fcd33b916e9537645c9d18e65855cb97179 |
| SHA256 | 1bfaefcec371271e0cc9ec01bf22bf3db7318432787050e6cd412f8bf6bfc4b3 |
| SHA512 | 4844ea342dfe6c1611e349b18a1253df34e173a54cacad822e9c3f79afa7475fc018056dcae81ab49a8c9ade4f6285c8aa5159b8b21d29c0037fbffefd6d1b9b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 72b934d38fc28d82cb790f72db16005a |
| SHA1 | 2c8ab0db862587cb762338e0711052eefff8df64 |
| SHA256 | 8eff975e800bc0e6aa41e5bb14e583c85f43c1a99a666554a5a82ca4cfdb2069 |
| SHA512 | 3e64a23d6625393af029cf4728cdc09b0ae8cd5ec56c556db320761df8d2bede21362e5bd7d927c067311c71926dd67aaf257b0622263bb6536327916e312493 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3ef372ef7e9ccde0e068f2004e5bdf54 |
| SHA1 | 6044d4a9b0499e8b8e9fdb0998f8451448c496f1 |
| SHA256 | 4cda47fd6b5d1466f79ee2dad6f5e4d459148c0f48603b1e3cdaa40f491bb62e |
| SHA512 | 0b4f8f3f5896483788992b61690384fe005159f399f7d52dd3e0d7ed757d0981e9157216f4b19292ec488d58879a1ce63489274f8af679fcf42f39358cc54232 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9f354b1bdbce42aa457eba5f6c18ab9b |
| SHA1 | f8827ea567e0f92ce0b0986c786860de97aa27cd |
| SHA256 | ca6353565b5d11d4b1a5d0c5115df180eddd4192c9fe8e1c6bcdb38c036e6226 |
| SHA512 | 5e48f1f09b0176eb7046885664ee5277e439999103be47f1ce73d2aa7102445ed9d671f38195c7fb7d358d9e1f6975c4f06a1a1ff220324f0744d8a812a9c61c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9c6f926197435587e1ea129952650ea2 |
| SHA1 | c4c9718f3281d409b255f9c4a13e3f229b895c52 |
| SHA256 | d60622d5749b45bebec42f144ca51fb84ad22e9210e784ebf513dcef478f242c |
| SHA512 | a658e19d75f8fd77a0ad73837f7cc42dd1dcd3282c49b65f425b0275d770ac4b4abca681e62d1ea1169f9fea45bdabc273c486a3387b97792050bac5c7637a2f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 013ae1a628dac43cd66c7ad0e46fa1e4 |
| SHA1 | 976863e7fec4035d07f9ee98927482cf52665241 |
| SHA256 | 6c9654f14ca4689fcbe844e2c726b2c0fbe92add77f8068fa6aacd7ef1a4db06 |
| SHA512 | 7ff5f0fd446fa7bf4164d1492ec7cc6bf61ab67486a654d06e9d5f4ff3346fb87003f422b208c34954ca46159927830060605f0924f5e57eec5bef1001c89ce4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 54dff7b388f3a15bdd6925b7abfb0bb4 |
| SHA1 | 728035d26272f0350286df345b53580ea37888e8 |
| SHA256 | a4999a1c45580e779f96e925128c0d419e57ce32e0d58f62d9c69efe826cf26f |
| SHA512 | d7ee4ec97532e5bf146d33a406691aad544b3b8ac13b747a5faa0f3182bbf8752eaab2aa86c232c03163bfd68943c2efbd030cf167eb4fd73ef120c1eecb4ea2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8ca6babc971ab327ae38b61f93a56682 |
| SHA1 | 9d73b08548f6254b7310242d97fde80353944549 |
| SHA256 | 6d3daad261229b17f838ab08d55f29e71b3123c559d1953e79110ebc06b9c752 |
| SHA512 | 6faf77d2f26dd53c3a4f8f323cd5675b389eaf2496cc5119f17bf42a920152b1460db061a3aec669db2a8d312b4f0a352f225fc4e94cc74b3d9d28b37c2a2883 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 710ea24fcab779e0acbc96dea63fb885 |
| SHA1 | a6ee451103e8132beb21ad4c78b411e50ab7ae61 |
| SHA256 | 67ce264ec3480cbca59c8ed30720cb1a49bf905a3f3e09f57aecb560298e7031 |
| SHA512 | 9c7a83bc8c45618189afba76660f6805c5d9236711f0cfe2a4c2c804c187b55db9064f2e64bfe7a52fee8fbe3cd4ff4a9aebc002582d3812a52fccc5a813cb85 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-08-25 09:34
Reported
2024-08-25 09:37
Platform
win10v2004-20240802-en
Max time kernel
145s
Max time network
146s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c0737d4e2f8e417d869c82aa08a91ca3_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa0a7546f8,0x7ffa0a754708,0x7ffa0a754718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,9374702786877043316,15152678625886618982,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,9374702786877043316,15152678625886618982,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,9374702786877043316,15152678625886618982,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,9374702786877043316,15152678625886618982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,9374702786877043316,15152678625886618982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,9374702786877043316,15152678625886618982,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5436 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,9374702786877043316,15152678625886618982,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5436 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,9374702786877043316,15152678625886618982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,9374702786877043316,15152678625886618982,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2664 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,9374702786877043316,15152678625886618982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,9374702786877043316,15152678625886618982,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3768 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,9374702786877043316,15152678625886618982,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2892 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | maps.googleapis.com | udp |
| US | 8.8.8.8:53 | s.w.org | udp |
| US | 8.8.8.8:53 | www.earlybirdsclub.com | udp |
| FR | 142.250.201.170:80 | maps.googleapis.com | tcp |
| FR | 142.250.75.234:80 | fonts.googleapis.com | tcp |
| CA | 23.227.38.32:80 | www.earlybirdsclub.com | tcp |
| CA | 23.227.38.32:80 | www.earlybirdsclub.com | tcp |
| CA | 23.227.38.32:80 | www.earlybirdsclub.com | tcp |
| CA | 23.227.38.32:80 | www.earlybirdsclub.com | tcp |
| CA | 23.227.38.32:80 | www.earlybirdsclub.com | tcp |
| CA | 23.227.38.32:80 | www.earlybirdsclub.com | tcp |
| CA | 23.227.38.32:443 | www.earlybirdsclub.com | tcp |
| CA | 23.227.38.32:443 | www.earlybirdsclub.com | tcp |
| CA | 23.227.38.32:443 | www.earlybirdsclub.com | tcp |
| CA | 23.227.38.32:443 | www.earlybirdsclub.com | tcp |
| FR | 142.250.178.131:80 | fonts.gstatic.com | tcp |
| CA | 23.227.38.32:443 | www.earlybirdsclub.com | tcp |
| CA | 23.227.38.32:443 | www.earlybirdsclub.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| GB | 92.123.143.201:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 8.8.8.8:53 | 71.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.201.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.38.227.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.75.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.143.123.92.in-addr.arpa | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| FR | 142.250.201.170:80 | maps.googleapis.com | tcp |
| US | 216.239.34.178:80 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | 178.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.shopify.com | udp |
| CA | 23.227.60.200:443 | cdn.shopify.com | tcp |
| CA | 23.227.60.200:443 | cdn.shopify.com | tcp |
| US | 8.8.8.8:53 | 200.60.227.23.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| FR | 142.250.201.170:80 | maps.googleapis.com | tcp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.142.123.92.in-addr.arpa | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 73.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 847d47008dbea51cb1732d54861ba9c9 |
| SHA1 | f2099242027dccb88d6f05760b57f7c89d926c0d |
| SHA256 | 10292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1 |
| SHA512 | bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f |
\??\pipe\LOCAL\crashpad_1560_UADFAMQXHDMOHQKL
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f9664c896e19205022c094d725f820b6 |
| SHA1 | f8f1baf648df755ba64b412d512446baf88c0184 |
| SHA256 | 7121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e |
| SHA512 | 3fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5ff8ca1f4080622831f2a0bf210f27ad |
| SHA1 | 37e2a203f4310bb61917cc63c807c6a38f0660e0 |
| SHA256 | 7bd9bda4958f1a9cac1045c2da5a5fc86c5611aa026ec3b0b309d4de30cd6a57 |
| SHA512 | 7c3fc18b472f0da58562693f51fe53077cdb9512828d57c1104a54af5d7d2ad040d23ebe56c95aa41264167f251936ca6f028da2f5996555d61ce5fab74f416d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 905154672e78090b6b38c73bba70645f |
| SHA1 | d075ad04538673eb566caf0e9acc92a86afc287d |
| SHA256 | d01e0f1fce2ca6c4b611d708501198dafe508490226d4dcea6976350befb352d |
| SHA512 | 0cdb6517c2cb95ec42f18a5ceb0a5308917dfbb8a44afcc7c5d5587dd455220eb71530d880cd142240c2229ceae899dd9b8db1114f444accbae8a3e485dee5a3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a7063b2aea0fbceb5173e3e00b834698 |
| SHA1 | f8ba3f255069018253fb1ccd50f8a4084ebf4b7a |
| SHA256 | e46493005f0bbbc5bba35497e537035b88bc99dda24795f5395832a89b8dfa9a |
| SHA512 | ca4a1e6dcf35090db11a622027bd79483380353c186d2ff955d3f4919e71dd574b0abce7dcd5b39a0374fc8bd3dd24784bcb680c8dbf84b4186f52f67ac7fc9e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | d72231a083ae32988a2bc4618411a69b |
| SHA1 | 1751adc35d6e29cd8dd288d24cdc2cddcf08033f |
| SHA256 | 87bb38ca86ce7fec0a01c14d55441efb65f01cb241ef4a7dc46136ea1defda09 |
| SHA512 | a35d8c44d075cb35f116986071e89c7c04c8efe29fa492d32f166f02246aa0824f917ae78440a7a5e61f5857eb3f679f1adff41dba34e92551ab12b5e716a1f2 |