Analysis Overview
SHA256
d09684a0deacc900da5d6e80791581038deaed2f4a4eb91f14afedeeb85110ae
Threat Level: No (potentially) malicious behavior was detected
The file 7063b3d337b6792e4e70cc2c3d4bf1ab_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Modifies Internet Explorer settings
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-25 01:09
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-25 01:09
Reported
2024-05-25 01:12
Platform
win7-20240508-en
Max time kernel
141s
Max time network
141s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b000000000200000000001066000000010000200000009cb4054516cfe220c60221f8771e0c50369fceb4b5c714c944c976dd1b700b8d000000000e800000000200002000000047cbe9fedba7a3148aa06b6225c725a454ed84f321facc3d324f5607de08fcf220000000591de8e196b3b64d4684f655d12b85d2f8e29816b145fbc7fd186fa8c9e76a9740000000268fe24ad8481ea9e23b898b8ba7814fe017c91a120ba558322cd3110ad2bfd6c9342ada88f6a7fb2e2d335664794b456b2c14130697e84c3d9e42af34933f2d | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{812226C1-1A33-11EF-AB01-4E87F544447C} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c0eef75640aeda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b00000000020000000000106600000001000020000000e2e12d8647849b4bf1f980be8e263b4e71a2267cd2080ef8a9a6bbf3df2ac483000000000e800000000200002000000074f0f1f39e178df1e94391c8c44ced6de1180322db89fe3e650c1122d03b9e86900000009db2186230083903692826a1e2a256093b87c3cdd26eacd7a5db67c23c8abb149326a1af1106c3adf96aa40bf35c9152da790cbc6e27600668abaa6941c2ed11cc088ce08814d0ea4e38f2482d497cc03cb2d411d954b927e24c9503771ce7ba60ea47a8623431f68814cf67dc01fc5800af3428c4b929cf18dd252cb276126177ca0057683ba1e86304236f8b3e594f4000000077dd284e3a1928e0fca0d42c41fd9fbf418a17f5823230e8b83e70d00a4b751938c67d7562d825854005deab12c4258ae76f836cd8e50c3440afa70537cf5d49 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422761266" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2056 wrote to memory of 2648 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2056 wrote to memory of 2648 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2056 wrote to memory of 2648 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2056 wrote to memory of 2648 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7063b3d337b6792e4e70cc2c3d4bf1ab_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2056 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | lh6.googleusercontent.com | udp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 216.58.204.74:80 | fonts.googleapis.com | tcp |
| GB | 216.58.204.74:80 | fonts.googleapis.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 172.217.169.10:80 | ajax.googleapis.com | tcp |
| GB | 172.217.169.10:80 | ajax.googleapis.com | tcp |
| GB | 172.217.16.225:443 | lh6.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh6.googleusercontent.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| US | 8.8.8.8:53 | s10.histats.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 104.20.18.71:80 | s10.histats.com | tcp |
| US | 104.20.18.71:80 | s10.histats.com | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | s4.histats.com | udp |
| CA | 142.4.219.198:443 | s4.histats.com | tcp |
| CA | 142.4.219.198:443 | s4.histats.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| BE | 74.125.206.84:443 | accounts.google.com | tcp |
| BE | 74.125.206.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| CA | 142.4.219.198:443 | s4.histats.com | tcp |
| CA | 142.4.219.198:443 | s4.histats.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 3771ec5380e18890025dbe7ce7dee9a1 |
| SHA1 | c8c538870968cd39a116d0ee6193b6ce3f017b2f |
| SHA256 | f617e6724954d1d1fc311b5a3f23f4145ff6c88e9530473aeb8f9f0b69402831 |
| SHA512 | f5e966883dba87c64739f02f9409e6b699679a915464dc421ba6c3afa63d7815c317d4b5413291e269e3b39e90e2593de1e5ee08b1175f84c749d1503af41db7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | ada33e1d630f4a09f5431641b98cda4f |
| SHA1 | 831ac387a36f64ee676083b08b0f6de69f20ffaa |
| SHA256 | 108a651b65b3526e72f56079f095d14059f003042191fe30aeea8710aaa0fa35 |
| SHA512 | 1349de719baf9380509014b43a16bedab0e4db9c0f8d1583d0e362f1a7f898fde0b07678c1351a1bc109379c1d4be0b0df0b0999734c66342400035cf7f65a6c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 674eea23317dbe46466410a69968553a |
| SHA1 | c0ce24a330de3259422311bbd95781f09493c35c |
| SHA256 | 8bf4be0a2387addca8a3a2f9ff1753e2be67ce61c2128fcddc55793e14ba209d |
| SHA512 | 28769a44c6ffe441cad1cebb6ea6c3e7dd31d59a27687760a9dc2c29f246d9be66c8eee0f72e439880e7ed950e458da3c14d56036acfb9086272b60c94a11a5a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | a217901c8cfe18c91819961c276f223b |
| SHA1 | 3e52c532a9883fef7ca0c051549b50a2f56b77e5 |
| SHA256 | 505a4b0b96ae5d51b0ffdb926313fc41b097af92885b3745f3b0bb47932b43ea |
| SHA512 | fa2cc4851ca8ce8425adced50bb5eb4e1efd41e4183004a29afb232507b3b8911e2a81954a903006c088f1ccd23131b649afb809226792553601e6b62217e7ca |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | ac89a852c2aaa3d389b2d2dd312ad367 |
| SHA1 | 8f421dd6493c61dbda6b839e2debb7b50a20c930 |
| SHA256 | 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45 |
| SHA512 | c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | 8815ced38134ba130e284ea6edd3b49f |
| SHA1 | f563e064ce0ad2912ad74b367a835a584c130197 |
| SHA256 | 3b330c7c9e29fc2781ad90a939060b1f722231c8e46a707b360a4d13a38123dd |
| SHA512 | f73a61a9c11f3dff86fdb79a2ed969e4587259313aaa82cb7c08b4a883cd208636e8e1d8fda05e6cea9952d2a851ed468cde0af60d57143f3648b59d0ed0fbb4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_02C4C6ED250727F9B08935C0A9565568
| MD5 | 470283d75f4fc520994959763f1c0a23 |
| SHA1 | e94f9f88be4de9abf65cf1c8b7a5baa51d865486 |
| SHA256 | baed104facc0f8395eee1ce131e116d68e6818ebafea655e3f109e8a7975dece |
| SHA512 | 2dc408fc00d7665fb754994493c374db800bbc85fd5c580cd55a7482f92cc3cbb7be013852f4b029c69e7631f7d1e83536b1434a8c306523bf6ac62307273b6a |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\52G8PVLC\2621646369-cmtfp[1].css
| MD5 | 9f212334462c2e699353dc8988690a19 |
| SHA1 | 2e25d1abe33ec5ebf10e0a6b055e38c9671802a2 |
| SHA256 | 2529a8451bea93302e41dc0fad03f7550094f4ef5ec4f3800f28c2639d5e2789 |
| SHA512 | 58e906a50f8b654e79b242f1323dcb08773937f723d01caca4f675ce2091eb20caf2fce23a7a15443fa4a6643716662304d83b95ac7b7b64d588168b47ce9407 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\52G8PVLC\322573858-cmt[1].js
| MD5 | 167d9aa881dd5ba4ee338e71edb8ef09 |
| SHA1 | 724925dfb33aea75abc65e6a8e0d578b2d240fb2 |
| SHA256 | 5d00549b7f377c70eb184edecacc98280166d1eec3b40f87278b5a4fb3d8df21 |
| SHA512 | bef39ebc3de124b1314a91a539676bce58e673b48439d98c783182043355ad6d46e22cf89e25007ce91c3aaab9fc517ec133dc711d9e0baee3b6f1eb80397800 |
C:\Users\Admin\AppData\Local\Temp\Cab40C9.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f772523e21fa63d52d8d46f9fff25a76 |
| SHA1 | 1edbaf43248c3ec90e21a9419790290efef636c1 |
| SHA256 | 114601a003d3b8a96c3a2482f31b9f0f616533426f1c1a6daa0c2ca9e9836243 |
| SHA512 | 794c3aadabcc1b0eccc94912ec9e58c84b5d8b02da79f79823a61fb8ef91a49513287d9b7e41de6e10894823c4f43a7887d09be669898db96804b97ba9eab1bb |
C:\Users\Admin\AppData\Local\Temp\Tar40DB.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 292d622348a512358f03824895d3742d |
| SHA1 | 45cffc05a9c6846b981ad7aeb09b6d573caca3dc |
| SHA256 | 26a1a614bc1bbeee680855531ee3748d504f64d419fe37bb670a1a1fcc191b75 |
| SHA512 | 79f80b4d8975d2f87d5095a6ad4f8bb2109e507f3bb466e7ba9d9768cdeedc9b84a757f4698d8e4d98edf63849e22d90688d3a03184c55162279a98b50de032f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 278f3f86fc75a98697c52ece0a1e774e |
| SHA1 | b048fbb2f23ce4e5c8ea5eac4024b7eb691b7508 |
| SHA256 | 8bb5bccd010649d6418e055b7b2402816ef288883aaa868d639c835c8309e7cc |
| SHA512 | 8fa31cd6a03bb05711eecc7a3abc192c8b15dfb929e6dba3cd87d6648b8d18d12f2cc1bc89ff4c822ec870a6701b53fb86d0071dbda09a4ea6ca0c6dbd4f67fb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d97651ccafd6780d388b305b54b885db |
| SHA1 | 09d22cce719ea8c4ef5ecd985757bdf276522683 |
| SHA256 | 4d29bd2ff5d5e36a70768a6d339c2609f4ea3a3862cf0f9a6adea60dd908404b |
| SHA512 | 7e5e53de761374a80f1605736c4720ae3e121d01914a383a367040ee0ccf9492dfa1c2591c47d1f84c73fc57623c19688cdecc6ce52ef3e9a13361bba420cd41 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 96a50d8f10629472d857bb7fdec04fb4 |
| SHA1 | 98bb1b9be8abdeb55960a911404d3a80ec61b6f3 |
| SHA256 | 692a69277c4b0365d39af70294cf1e7135fd55c837f3ca3f838086b5b69a5b95 |
| SHA512 | 634694e2014b8050561e881511a9e02e5f35f808a0010054d66f3a40e1eee98cb91615df6f2781deffff875329a5f08c6738533820b247d0f10da37f758d28bd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 070eacf7f3e5258b4c9b67ccce2a5991 |
| SHA1 | 7343fe0a95b34bcdcc16f22ab44f598fa992cac9 |
| SHA256 | 5ef106dacc058ae40379a60c2491777b852d44b4bdfff8dd32655e981ee02a7f |
| SHA512 | 20921ac6c0b90b334dc19bcfc1e42ae081b7be212daa3975e5f0f7ca8afd6a473c5cbad441932918482f2e2b91e5bc50fcc8018161dd9b32cfa21e90b20a15bf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 41c1a829a8d4554f303d242bc2a2271a |
| SHA1 | dbc711dc16ef1f1b80d3861641452c517f473908 |
| SHA256 | c1dad44924fac210291a04473e86d8b2bc08780457ef5964657e3d24b7c61c98 |
| SHA512 | 52192f60e1a36caf431c64f958a2236b9a46032bc47d9dcce13c08350c32bb7408c46cde513ce9e4f07375f46a273ae495b25a116da717cbe8e794ed8b87511b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 35e6db92302c80da465d0fea18d866ee |
| SHA1 | 5bccf4934bd9a446d2682922640ecdd1b0be7cb3 |
| SHA256 | 24d4676f0a3efb2e7f966ea523db0df580b3bb0da2b1db39dffbb61e09c73f0e |
| SHA512 | ce0c7a34bdb1965277922e2dfd93446a510fda622a467f11d1d178af47f9a511309e0acb5ea37f503c54b73dc1a85fb7a15fae8dc665df25bcb28d32d8032ae4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cefc04e702be1648de64fcd180e1fe24 |
| SHA1 | 2326a0b1d475f68f3d14d20cd8f3a79520283522 |
| SHA256 | 506a20965f73633e0258dda56722ead5f5a938d01065984ccdbf645bc0e24901 |
| SHA512 | 0e35bd814782fd0b16183d274fad69722a5209a2ec0ab7a474d0bb067058c674480c3b7cf55bf8170742ed1982503b98975d91ba7cc1e8c0472a9dbbfe950007 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3da274e32fb7111c83762cfad371d6a7 |
| SHA1 | e37d005fd79498d9172a3e356d708b80ac9a09e8 |
| SHA256 | 96c0759c5b247887c40e3ede2714af69f158fdf3e1b130a50db4be6080cc66de |
| SHA512 | 738653d20bf2e7405491e3fc70d786654507fa0fb29cc9a7b255787779b845aa4bab7b4a96489ef876df848c4bfa31c107d3f1aecca0ad355944f513e5c334f3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9356732e968ee0206569e09c4e0cb2a7 |
| SHA1 | 84abfdac16d3efea5f902db85d664686a1b3ac19 |
| SHA256 | 174d42c159cc1a7bfe17d5385d19a7799cebab054112ff863f403e5e63dbaa2b |
| SHA512 | 1bb165c22f57cefe483d1f9f0d436ba0e788326bfc9d8a17e4d5851e45ec7f348fa4e5400ec90bc17bdc3b5ccebb55250c3ef606744c7e2376e86ae6437b2d8c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 19544799ee9b72f102bc918f663a7093 |
| SHA1 | 95a1efec8b977611db654917d0b9cc17773e93d0 |
| SHA256 | a4489c2c7c1ec6b7affc7e350bbdd5e170d6e3c756bc4b7061e5898776f5e5f0 |
| SHA512 | 1aa2d7429fb27596bf8803d138854430f139ec544262764c7cba1bef2914a9c8f361f1317e187619e0fe5a900ed7d8a9291830ef6f78e59920d9bc0ef8161dcd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 853829e9f8be4684e6d0684dc31d98c6 |
| SHA1 | 2903c57d58d015ec65681a3a18b6a753f72017e9 |
| SHA256 | 5fa163a79ac9708411556e7dbe8750253fc519e375838dbcf7ee88c141f4fc02 |
| SHA512 | 9e52b574cd9f295d47c51c90edba2c38075e5d00847b79f768aabd01409501219db6e2aa1bde0a2f3f343f1cc11e925ccd6f875731a388187b6b489a14c4648e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5dc79fe47221face52e1c390c60ca229 |
| SHA1 | a310a93f54eeefe6cb2a2076ee9f503ac34a613b |
| SHA256 | 43cd0c487103c712c3f00b9f3fe4d5d4269d621175453d15c6edd91f897adaff |
| SHA512 | 551b7c5e9969f1b6d7fd9239dc6d314655287e381f4a7b689bb97355fe3d883d64f28f5cff7812e44ea06d0b407ebb28de8a5f79be9cbb72da6093fed71561f9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 93db689949c7509b50ab981a501209b6 |
| SHA1 | 51d8e0e94913a314d02e3b5ab3eba785a7299002 |
| SHA256 | bf9c758270196acfc68da4b6592d0466b9bcdcb527cb5da92db7b3e527b28fb6 |
| SHA512 | e5794e8a2869d4c7c812bc550ca439f6ee86de632d030267ec760a221561173d37e5b51769fb2f3000f2eaf792718acb5de340cd52ae6069f593b45c2e586796 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b077d005eefd2edbaa04c92fb5c49e93 |
| SHA1 | 348e5eb0d3cb50ba53e594fdf2937634406fa5cd |
| SHA256 | 06925043edcce3a786b27349aa172be4e06d1b3983d85af7185766978e00b880 |
| SHA512 | 12eba72bd0fad26bd7c966f8ba89fdbaf02d49e4343dcd809a52837065a9ae8f06cfd69965610c5b2f183c90013ef42efe373b79fc4f5d073a15e347ab2369a4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4a7065015c1ff79cfeb054ada2701494 |
| SHA1 | 399ff9619db28b630185f2743115e952b0ec017b |
| SHA256 | 93627f08d5ef9834ce64c19f9fe29b0cfb31d403dba8dcf067738b1ca01e76f2 |
| SHA512 | 20a66ec67330fc24b6655d919f4870517c9cc18069e84f16392f132e31c1c687e442c2af28320b46622f592d46d1dc8ce43c32b6ed0b13807587bbbc1c9a48c3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | eb61f787e08c70b4bf0edc4213907798 |
| SHA1 | 92bb75a0072acbf6a341e0aa735552ab3eb2d778 |
| SHA256 | c5031e8bd999b2fc601efdd9de13cae33fb9a9bb1f1c2af32b6a0223f14b41f0 |
| SHA512 | 67093abde844d6267c28ca28985423330a9567e9789770e7144a869baf19d08bb5b809961b9f0d9d5f07b918c11052a73326d569d33898be554c31ac285ed999 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-25 01:09
Reported
2024-05-25 01:12
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
138s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\7063b3d337b6792e4e70cc2c3d4bf1ab_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0x10c,0x110,0xd8,0x114,0x7ff8517946f8,0x7ff851794708,0x7ff851794718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,4359173512892279696,15885924689844754223,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,4359173512892279696,15885924689844754223,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,4359173512892279696,15885924689844754223,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2712 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4359173512892279696,15885924689844754223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4359173512892279696,15885924689844754223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4359173512892279696,15885924689844754223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4359173512892279696,15885924689844754223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,4359173512892279696,15885924689844754223,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5784 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,4359173512892279696,15885924689844754223,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5784 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4359173512892279696,15885924689844754223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4359173512892279696,15885924689844754223,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4359173512892279696,15885924689844754223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4080 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4359173512892279696,15885924689844754223,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,4359173512892279696,15885924689844754223,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2484 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| GB | 216.58.204.74:80 | fonts.googleapis.com | tcp |
| GB | 216.58.204.74:80 | fonts.googleapis.com | tcp |
| GB | 142.250.179.234:80 | ajax.googleapis.com | tcp |
| GB | 142.250.178.9:443 | www.blogger.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 142.250.178.9:443 | www.blogger.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | lh6.googleusercontent.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | s10.histats.com | udp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| US | 104.20.18.71:80 | s10.histats.com | tcp |
| GB | 172.217.16.225:443 | lh6.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | s4.histats.com | udp |
| CA | 149.56.240.132:443 | s4.histats.com | tcp |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.18.20.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.240.56.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | e.dtscout.com | udp |
| DE | 141.101.120.11:445 | e.dtscout.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| BE | 74.125.206.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.178.9:443 | resources.blogblog.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 84.206.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| DE | 141.101.120.10:445 | e.dtscout.com | tcp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | e.dtscout.com | udp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ilunchboxes.blogspot.com | udp |
| GB | 142.250.200.1:80 | ilunchboxes.blogspot.com | tcp |
| US | 8.8.8.8:53 | 1.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4158365912175436289496136e7912c2 |
| SHA1 | 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59 |
| SHA256 | 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1 |
| SHA512 | 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b |
\??\pipe\LOCAL\crashpad_2160_UOOLMSPVNJDDFHWL
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ce4c898f8fc7601e2fbc252fdadb5115 |
| SHA1 | 01bf06badc5da353e539c7c07527d30dccc55a91 |
| SHA256 | bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa |
| SHA512 | 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | eaf94c2f2e197a7b43de0c86013265ee |
| SHA1 | 65c243a7d846cd7002baba1c32699be2c3d9c5ad |
| SHA256 | 4dc9aa943c600079460bf482dd1042c74f5936a82d96da910162b336da8f686c |
| SHA512 | 1d9674d143923f58d9b6610a0b2f73a725fe3420f161f9a48e568facbf8cf7bf2899064616a79f4fcb22e103fb8f1347891d443a334dd33d6b13958db0f48ce6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | e9d9a7b48a7f441b53a483ec67c49eef |
| SHA1 | f05224065a3ecdd98b7a308d623fba64764ee20d |
| SHA256 | 5dab65d6b9d1130a61d4e6f0b4713135064436867f5335b4a1287fc165404824 |
| SHA512 | 0591b30a35cac5dc78628f50504870cfeed1afa1bf642c3cf7241abf3d79f16105422111c04f8d1507f4332fabe3394a111b5b0976fab4fba1814cfef4489400 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7d6d18f4d55a1011aa568da4b698e6ef |
| SHA1 | d2b5354e40892b5d3bace03265187d49fe5c54ab |
| SHA256 | 2e921501c375811d77cd78622e474012a1530ecd1f16c55a1bafa49e71c3aad3 |
| SHA512 | d10cf11bd50fd7be01dcbc3154e2037cf75718f96489f1a505b3876499f660047d85d51c590887881f02b2207fb04e6dc917d98540aaff7f1c639e0b49e1a02a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | b572a476645b089737ace2b3663879f3 |
| SHA1 | 3e7ac6a91091cf9a293496c6a1a1bdb9ba1da0b3 |
| SHA256 | a293bad5a9ebb5c30ec1b3adb51576e8f22abdf00acf7316902bbcc10a50e97d |
| SHA512 | e09af0b9deabb9b06d54266a343b4ac47203c27e85160766383b74d01eee40736980892d263530f65b8285d219a78223d21e7c55207c995b6762c6983f5c4d56 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\ddcce669-1c6f-4856-9b7a-826ec516fe18.tmp
| MD5 | 1c049a352c1a54b1965eeac7e9e44a42 |
| SHA1 | c0e74d8d248fbd3269e838f22ef7f14eedc27fec |
| SHA256 | d8d43a6f64039bd17624b31c72c26c54890b09e5843d12f8ed14e819c72cf115 |
| SHA512 | d023161d6e424322295716add9cb6d6373368c942c8ada90cc9fa6d227ba72a75b2b1b24a071e50356e42d94a10252abf52df311255accca3b33d1d4e9a40ea1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | feee04f6aabdaaabd713e5c9e320910e |
| SHA1 | ee40074794e3487c7baf333788be06095df63b04 |
| SHA256 | 01424745fa4ce7595b83bbaa2df6a549e5158e920fdde2fafb8ee8dd2a440bb8 |
| SHA512 | aa67cf35e065ecd4a5570798efe90ac414a1fcb49adaab11142cb054452ed89f52f5d0b23b3dd02e4b9e233ace2b160ced733573c74bfd30f4971d5c380c3304 |