Analysis Overview
SHA256
9fa80347b6f86f58dfadb059c4491e19e1e6341b6d54fc0b078bc490ede4981e
Threat Level: Shows suspicious behavior
The file 755fd56f085d4b3116c201aa85dc505d_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Legitimate hosting services abused for malware hosting/C2
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies Internet Explorer settings
Suspicious use of WriteProcessMemory
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-26 11:45
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-26 11:45
Reported
2024-05-27 12:14
Platform
win7-20240220-en
Max time kernel
124s
Max time network
124s
Command Line
Signatures
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | sites.google.com | N/A | N/A |
| N/A | sites.google.com | N/A | N/A |
| N/A | sites.google.com | N/A | N/A |
| N/A | sites.google.com | N/A | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a104c7856135b141b43d64f8f9ca95e600000000020000000000106600000001000020000000df9b3d0f548821c1c24ac4e0d5e986040559e6de27982158006622e89e49c061000000000e8000000002000020000000a8fafe857fa34607458dfb0a62f2f573485c3d1ed89fe2ad6620430788ab84792000000063b042329f917d5305549697990804b6a237709f05e6021397559d5622e8064040000000e5108868eba895dfe68d473424ceeadeb0c51b28b7193d790bc6f201d042600f5c7a965eab69f2193dea0de6b038371af13d015a6b3d4770cab8a21a30e73939 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a104c7856135b141b43d64f8f9ca95e600000000020000000000106600000001000020000000bd8f68cb6635ccc2434cada4215eb4c8398b93209ca46b1f518c100a88a01229000000000e8000000002000020000000edcf91ac1a4aecbf3d6e05b77f81b2fea6d7f5aa1beae6a634d83185969a2b169000000049e203e9d3dc57ddc5892bab84b379c266ea6ccdcffa10f00fc2026acf52a59daeb1f7cd5900626197af4bf276b643a63d259c3136ebe945a18beac68c3afac37d938f0729f31e4d117e2807f5f9a44d8e0482d31de100f8c31886485c376fddf3f3d4aa5c0ed84ce6fa181929991de2f6e238b795e7d02876db8bae40eb692b28549beb41f5df9580ac9623e92cbf7140000000bbdd0af64c2c7c4b9b7d477149332ec79d26eb29f33862270954c38c50eaf57721f617b37291e9fa2b54538e905fb71abe4db01a858b867f24d14b8b167c5cb0 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a041747562afda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{87045181-1B55-11EF-9A72-56DE4A60B18F} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\cbox.ws | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\cbox.ws\NumberOfSubdomains = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422885830" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 840 wrote to memory of 2176 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 840 wrote to memory of 2176 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 840 wrote to memory of 2176 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 840 wrote to memory of 2176 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\755fd56f085d4b3116c201aa85dc505d_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:840 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | klimg.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | cur.cursors-4u.net | udp |
| US | 8.8.8.8:53 | 24work.ucoz.com | udp |
| US | 8.8.8.8:53 | safir85.ucoz.com | udp |
| US | 8.8.8.8:53 | calvinalx.googlepages.com | udp |
| US | 8.8.8.8:53 | www.quotesdaddy.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| SG | 35.247.151.7:80 | klimg.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| RU | 193.109.247.16:80 | safir85.ucoz.com | tcp |
| RU | 193.109.247.16:80 | safir85.ucoz.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| US | 107.180.44.134:80 | www.quotesdaddy.com | tcp |
| US | 107.180.44.134:80 | www.quotesdaddy.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| SG | 35.247.151.7:80 | klimg.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.187.202:80 | ajax.googleapis.com | tcp |
| GB | 142.250.187.202:80 | ajax.googleapis.com | tcp |
| GB | 142.250.178.19:80 | calvinalx.googlepages.com | tcp |
| GB | 142.250.178.19:80 | calvinalx.googlepages.com | tcp |
| RU | 193.109.247.16:80 | safir85.ucoz.com | tcp |
| RU | 193.109.247.16:80 | safir85.ucoz.com | tcp |
| US | 96.43.128.66:80 | cur.cursors-4u.net | tcp |
| US | 96.43.128.66:80 | cur.cursors-4u.net | tcp |
| US | 8.8.8.8:53 | sites.google.com | udp |
| GB | 142.250.179.238:80 | sites.google.com | tcp |
| GB | 142.250.179.238:80 | sites.google.com | tcp |
| GB | 142.250.179.238:443 | sites.google.com | tcp |
| US | 96.43.128.66:443 | cur.cursors-4u.net | tcp |
| US | 8.8.8.8:53 | cdns.klimg.com | udp |
| US | 2.17.251.48:443 | cdns.klimg.com | tcp |
| US | 2.17.251.48:443 | cdns.klimg.com | tcp |
| US | 96.43.128.66:443 | cur.cursors-4u.net | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 96.43.128.66:443 | cur.cursors-4u.net | tcp |
| BE | 74.125.206.84:443 | accounts.google.com | tcp |
| BE | 74.125.206.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 96.43.128.66:443 | cur.cursors-4u.net | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | api.htmlobfuscator.com | udp |
| US | 8.8.8.8:53 | widgets.amung.us | udp |
| US | 8.8.8.8:53 | www7.cbox.ws | udp |
| US | 8.8.8.8:53 | dl.otakugen.com | udp |
| US | 108.181.41.161:80 | www7.cbox.ws | tcp |
| US | 108.181.41.161:80 | www7.cbox.ws | tcp |
| US | 52.86.6.113:80 | dl.otakugen.com | tcp |
| US | 52.86.6.113:80 | dl.otakugen.com | tcp |
| US | 8.8.8.8:53 | static.cbox.ws | udp |
| US | 104.21.85.24:80 | static.cbox.ws | tcp |
| US | 104.21.85.24:80 | static.cbox.ws | tcp |
| US | 104.21.85.24:80 | static.cbox.ws | tcp |
| US | 104.21.85.24:80 | static.cbox.ws | tcp |
| US | 96.43.128.66:443 | cur.cursors-4u.net | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 172.67.8.141:80 | widgets.amung.us | tcp |
| US | 172.67.8.141:80 | widgets.amung.us | tcp |
| US | 96.43.128.66:443 | cur.cursors-4u.net | tcp |
| US | 96.43.128.66:443 | cur.cursors-4u.net | tcp |
| US | 96.43.128.66:443 | cur.cursors-4u.net | tcp |
| US | 107.180.44.134:80 | www.quotesdaddy.com | tcp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.179.238:443 | sites.google.com | tcp |
| GB | 142.250.179.238:443 | sites.google.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | be3f0a04d543b64dfc8f405ea4a5505b |
| SHA1 | 897b54fc3338a7d42f3bf579095f061da3eccb56 |
| SHA256 | 90bd14730c49d9de6f5d78f7d2f744b0645a1f018e44877b83c6bab81d4531a4 |
| SHA512 | a0d8c9a7e0914cbebc67773a7acee36090c9fb0cfcadfea8c1cb606ae060d227d5cecea379b483fe8de91f3a2e6c5cdf4141f5be6979444e974ff1e3a24682b7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | ac89a852c2aaa3d389b2d2dd312ad367 |
| SHA1 | 8f421dd6493c61dbda6b839e2debb7b50a20c930 |
| SHA256 | 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45 |
| SHA512 | c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | a0d836b36527e7d376b42e65a604fbf9 |
| SHA1 | 54308f8fb8a3c715ec6581b22649b2d9215852cc |
| SHA256 | 96db29cc0f34a4cfb377880ec54a14b1d5891618887045a60729cfc50b2c50db |
| SHA512 | 3948bfce62c0efd5cda8b57dcaa61a04c70cc594e758e422d77ebe3fa68c34b88c08b8a627c05ef770802baf1bd6927b2f25ee328d5060ffc915db59066c3b31 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | a97d00ad36681065a2a6e94d465e1f02 |
| SHA1 | c0e37fc6929b738a362d9a0342436843aee84667 |
| SHA256 | 08f2c611874d7252afc900d6a1557f429d8035c6e6a6ffccb9f5c5c9bc8455a8 |
| SHA512 | f3c7b6a37985f0176ab2efa9304bccc5ad45ada57650fe40dc5ce0c807cd78824282eb3e561319a5d52941d9e5894815d9836254b28c8027da8f7441bce82be2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_02C4C6ED250727F9B08935C0A9565568
| MD5 | bbd8a22bce8e235ff71c32a1c69268bb |
| SHA1 | bf9d0b7346510ab10023a7432e1462dd8a314668 |
| SHA256 | 1cb9f8b414abb33992f9db36b33cc6de31155449b134b719c1ebd38a90f3aee3 |
| SHA512 | 31fd88f0a24bdc81ba3cd2a4a1ca61064bce259009f1ca10261adfb8ffa6ecb2c9776a136caff03670a4f8a3a6d87cb91e4f2409ca57be1a8deef80855f0e688 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RSAB58HZ\platform_gapi.iframes.style.common[1].js
| MD5 | 7ef4bc18139bcdbdd14c5b58b0955a67 |
| SHA1 | afe44fd9a877f81a3c36f571c0fc934324c6cbd7 |
| SHA256 | 192bc707852c5986f930528442d88a79e5bcf4513aacc2b722a3c5e964501838 |
| SHA512 | 6c2920e80e4d5059588a32f75bc2b5dcc19f8d68224c0935d74f9fbf49476ca5b1ce43c279768f3d36871dfcec39f36db3fcad559c2f93cc540154cdbb04dec2 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CY2G78MW\cb=gapi[1].js
| MD5 | 4d1bd282f5a3799d4e2880cf69af9269 |
| SHA1 | 2ede61be138a7beaa7d6214aa278479dce258adb |
| SHA256 | 5e075152b65966c0c6fcd3ee7d9f62550981a7bb4ed47611f4286c16e0d79693 |
| SHA512 | 615556b06959aae4229b228cd023f15526256311b5e06dc3c1b122dcbe1ff2f01863e09f5b86f600bcee885f180b5148e7813fde76d877b3e4a114a73169c349 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a84e74a0bb931050444630d47a4ece6f |
| SHA1 | b70952e61318eadd23d2d9123ef8afbd6d80f9bb |
| SHA256 | ebca730f5a9c433ca85244090a5173078aa3017c468d0946f49d004914b6411e |
| SHA512 | 755881fe12444946073153280228d7409968e958295ad04390951228d5254ec944b78a4eade4692956e0dbd9e7ec38e0132a14e3da86ff93ebb530bffb607e60 |
C:\Users\Admin\AppData\Local\Temp\CabD318.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\TarD31B.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ffecc15ec3bc6a4dbdd2d8e255656640 |
| SHA1 | 3321783dddafaf844f21a0007fb366f4fe1d5ff8 |
| SHA256 | f3114069cad0dce6d4564c861f6e370ad04401b752bea6df1dc15088dcc790e2 |
| SHA512 | 4539d1f47c88ec7146facb27b7edcae3bc353560f1021a3f59d509e13f6aefa52f1c70aa3c722e79017875aee277d92e6cd4fb2b2f788050b72f00f1a26e0ea9 |
C:\Users\Admin\AppData\Local\Temp\TarD4B7.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | bf17c7c38373ae5e345f2864a105677c |
| SHA1 | 3f37d16ba2bdf5d5983af91a9c3bd0f45acd23f3 |
| SHA256 | ce54387da0a7c008e7eb4e4163bf3db425f89ca9ee631dc01c669847e7936ba1 |
| SHA512 | e96d2ecd628311597b3e2e08b38ecf6b5a54a9962ae5a0222b3e0e00c0bdabae80ebc38a5e2d34a89e5f10c9e60f50f6901857031a970cff1ae0abbfb3ec9cdd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3309138f66451139a69a646e82d9d1f0 |
| SHA1 | 37422b4b909afa079f033755920eb16441acb850 |
| SHA256 | 5609a8cbd3e239ff28ab2c27dfe44acb184c66a769e465d924f843052eb2e311 |
| SHA512 | ff4d8847c5087d424888f02986e642d31392a6148500d189b72199e67b507efde757d9b36c0403a7252b8f5ef1a34dfb01a0055e59ac1eb60d889d6fc6da0989 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d915847422c7136a01dbaf147421476c |
| SHA1 | 82377e0cf9f17501a4af272fc15ef58d6484e7bc |
| SHA256 | abbebc0aea0f149494ba26a95bc2cd8204c4287f104c8ca0fe33d2b0916c7800 |
| SHA512 | 02a3c817987a1c9e872077b75e87304a2442fee4be9910c095c035615da8665854cfedb62f591a562a8f5688c302f950d013653ce5696a2b74c4cbdfe344a069 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6c988c25f12656bce73c5bf6d22d4390 |
| SHA1 | 9907bc32df0bb2f01b40689c806fdb658f7f2e5f |
| SHA256 | 898acce0650b408c11ccd727fcb07d958189d88894096cfe1750e64f3f45e22a |
| SHA512 | e2c1e6d30611c72350900f376377f6110e2fa0744a85744784fb0f1106323221d76cd764f680e285e0ec174fed8f29b89dcfd345fb612519b3b86d9f4c4d498b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 47f3fa5640edbbf9aa4218a8a0a09f88 |
| SHA1 | a646c20c25feeadbd12c68b3df4bb71d77a76e89 |
| SHA256 | 9a94604a566d59c279d0338e03e758072efb1d60c03202b6b2a73c3f3fee7626 |
| SHA512 | 446b55cf121e270166efc1ec7508b3176e6f2f9c36651cf60a9781a4dc5ae260010a5782dedea355bf4a4442646aa6db3fc153e2ae6cecab8183e0dc38dc18a7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b9ee75695f0dcc51ee7383b39a8dd7cd |
| SHA1 | 968570e5567cb03b36fd1b3882eb01ca8b92de8c |
| SHA256 | 7f86a9b62efce7d4b3a47ee2977d24e2de972631173a3ff5cd36c9e150fa77a6 |
| SHA512 | fa254ebaff729b15d37672eebf264ad1c2fb8e1460bd6dd7b630cd1e78e8a660512e74a91bce0ac2d6aafa2020449788d5f720aad69e2efe3ce0cc8fda5cb854 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 0a9bea27f5165893047ccabca388435e |
| SHA1 | 64b959d5e85328fa98d4a18fe76697d526b936d6 |
| SHA256 | 5f800bb62cb84dc6b6f8c78cacf005fdf5700d6e5430569b7a8447ff07baf483 |
| SHA512 | 9e3ee265e6612ac9a667e78fdaeaf8b3364bbd298bce815db127c002e3d2c90f4324b6b12d4a5cc76f3a8ec08270502771b92de7c86c7ecff09091fed94cab39 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 794dd064a9fcef3d2985efa9cbf90dd4 |
| SHA1 | 6c31d43c6dd9ce77eadca4e64cef179c44b8e901 |
| SHA256 | 67cb6fe8ace6bf57b397fb2e2a004c3a558316bbd67f31c1b5ef41464817ac6e |
| SHA512 | 91295a275a41bc98af7dd49501d67adf93a08fe1ef90560a9aeeafca3cd8c1d5c38549d8c95df2aa866b8130e10e50ec0e3fc8ff25bb644e4a91f9e7b96cc9ba |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3958058ae1138f30c3b2d6a92653a927 |
| SHA1 | c4706091d68e7bec3addee1d55150eb39e621340 |
| SHA256 | 0e15cd2a9460fa38ea8ab1eb84c1c6eada7230a94147c0336e0582b92e9d2b4d |
| SHA512 | 3726f6396d785885e84ced7e2b4a7dfaeda8083719e80b31e557826bfb8079d98868c3879426d709c57d3d730fc83eb6caac5a70f5a73da441f19c71cdafcba8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3496b7388819f7629f7e4a8418478edf |
| SHA1 | 10d84312af591f3b53358d6feed50e2be3020101 |
| SHA256 | fff8cff22cc9837b65404933889a78bb48e05af48be9f1a03cac707d3e07a84b |
| SHA512 | dc97d9a3c2ef4a19bb6e842d1b59238d5b2704fd48e7e768b637cd733b3d1c938f4a00fd44704a1fa1d844b130a82dd9d86ee39b1d9eb1dfc247cf0ef8380a7f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0f33e80b0d487b8d604faff1b7db1478 |
| SHA1 | 3e7336b1178fca337051d57f32fac7123a0cb218 |
| SHA256 | e044de497c794742ce8c5c3c5ec50df2810bedb63aff20bc6064e1c2ea1a6fbf |
| SHA512 | e09d37ea4b0426de63d241a360842881bb3f2ba759ce5bbd1d5ed207afe5a22b30c719cd377dfe1ca590d918aad479b29ae0e087436024e77b398aa07c76d5c1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6d4e9a10ce8f9dcacca25fd423603805 |
| SHA1 | 0555f2d24a8a6754feb6f29f8f356f5039d763f6 |
| SHA256 | 11c84a90b65266e362dc45dbce76483e8a0014cac4035719046696f1f1bcb95e |
| SHA512 | f204dafe838e99a3682ebbee8bf9a18bdc3592424e6df8a7ea6535f5e7084168063c9cdfc0f8931f930c7d723246ca7f13fde001f073f900522e3710cce6e94b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 85dada45807c27c71d72bddcb1dd20ec |
| SHA1 | 4713993af556bb20035fc2a9ca9381bc8bedfe8d |
| SHA256 | cbb52a0721273d39bf844c27228784e72bd3c0f33238b5a7b9c4f6865a2b2fbd |
| SHA512 | deb0a592a3ef26f5ae18ee3765c97cf5884648c0ec69c91036bbe60e38e00ebd1ae65912c23cce92ad38179a684724cfc7316a9d70ba8cf2b1dead7430b7726a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 709191c0065a74e202f1e81c5a4401b8 |
| SHA1 | 311ade16c7a6ff29a650919343301114ee527ef0 |
| SHA256 | 87788b8c436cfea0052b32acc9c6c0a64daa9f0b017006fb4e4a3ba80ca09382 |
| SHA512 | a4de2c3f696bc59a3fb21ce3c4a869fe639493fa9409885ab8fed1402b2ab016de23053368758ad661faec0f53f3902b4142c4feb792237c30f282b574edcb83 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a4fb18303b375c2cc378dd8266cc04f2 |
| SHA1 | b7e31f97db41b9ab246aeef3585fd7f7abcf5024 |
| SHA256 | 441cfc8c4f6d46ee34b4b328ec3236e999c8692fae5f44cfd67bd6e50a9d0265 |
| SHA512 | 1958bc6404e66a3fee15e0e40da1ba64d6d244d3c65f4543c5510fe3273470e993a2e95269b7100ee8aa8634cc64045b827da5d0307368fb4208a3e433579fbc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 50989dba0744cf49ed366926858d72b4 |
| SHA1 | 8bddca268f0908ce306f4a51c45de65e537a106d |
| SHA256 | dad443cb5bd8fee046f90fa04e4ae4d3918c76e5905df81d1c23526badce95d8 |
| SHA512 | 90c95ed51e5f3ecfe8c20eb0a2db5dcca0504dd68a4f594b59751232dd4652deb999ab551338f4d7e14464c26d8202cc37aa52f52e0ac33e669b943b7042c154 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ae55227b511dc849b7ec98ce6736450b |
| SHA1 | baf8eae5414f841f18d0529a3ea82a791774cfb3 |
| SHA256 | bdb69f19f6f10f3e17d16ab2763f4f51adaf66207c8db4662c774e0c81b4e0a3 |
| SHA512 | c7ce987fee2de39b8ae56a9ebfc09d93f88a722d5a3bcd6f989d4238b7c3bbb92f65afa9822b2cf8f7f7a38123a21a630b225b43da7b55a359f9a71b3e392ccc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c3c15cd23064b748ea9f2d631f339223 |
| SHA1 | c7cb6bf37db95c9475fd70f947a716b2c4b48123 |
| SHA256 | 3ba8b62419a1a6c857db4914d95853d66ff0a3f3cd73d8faa769e4269b7c1038 |
| SHA512 | 36706657069ea6152bfcc84a17b7424e2b42983df56a9333d2a36348ea28a34a31299a8ee97d1367434b79da29e8d922bcadb0b54e31f666dde72fefc7ff7f28 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 86ae1877bf33b19cbe4a4c98396ca753 |
| SHA1 | 2dadba58c9906398a8b198f2d6fd37042ea4a0fd |
| SHA256 | 9c2a9e40223a34ff04874057d859c8e3adac8de5521b37638d9675a0cb32b7c8 |
| SHA512 | 44dd155c73469aae11ad0006a95ecbb87c7c32c1f08e38d745dddbdcf3021a2c5c89c7ccb2cee2604622c7393855b5717b6482dbe1617bf0fe7140c8c70b98fb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ac0118a7dbbc7c4a9055bd57b7566e57 |
| SHA1 | abbbf388529c4ca1676d95999f5178fc0e716e0a |
| SHA256 | e8faa963149c81b647fb7190ccf7a0257f829803e1a866f2786cfd9b35813e30 |
| SHA512 | 640e7d04733c2c1f6e25f8ecfbe70a4825ababca68ea47632160797e72b70f6629c4fd8e239dcb09d72182d45291143c52caab9086ec75bef8468a5485a3bbdf |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-26 11:45
Reported
2024-05-26 11:48
Platform
win10v2004-20240426-en
Max time kernel
145s
Max time network
149s
Command Line
Signatures
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | sites.google.com | N/A | N/A |
| N/A | sites.google.com | N/A | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\755fd56f085d4b3116c201aa85dc505d_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa7c1346f8,0x7ffa7c134708,0x7ffa7c134718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2212,13285806318967040259,14691749903302007047,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2228 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2212,13285806318967040259,14691749903302007047,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2212,13285806318967040259,14691749903302007047,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,13285806318967040259,14691749903302007047,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,13285806318967040259,14691749903302007047,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,13285806318967040259,14691749903302007047,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,13285806318967040259,14691749903302007047,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2212,13285806318967040259,14691749903302007047,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5024 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| GB | 142.250.180.1:445 | 3.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | safir85.ucoz.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | klimg.com | udp |
| RU | 193.109.247.16:80 | safir85.ucoz.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.180.1:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| SG | 35.247.151.7:80 | klimg.com | tcp |
| US | 8.8.8.8:53 | calvinalx.googlepages.com | udp |
| US | 8.8.8.8:53 | www.quotesdaddy.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| FR | 216.58.214.74:80 | ajax.googleapis.com | tcp |
| GB | 142.250.178.19:80 | calvinalx.googlepages.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | udp |
| SG | 35.247.151.7:80 | klimg.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | udp |
| US | 107.180.44.134:80 | www.quotesdaddy.com | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| US | 107.180.44.134:80 | www.quotesdaddy.com | tcp |
| US | 8.8.8.8:53 | api.htmlobfuscator.com | udp |
| US | 8.8.8.8:53 | sites.google.com | udp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| RU | 193.109.247.16:80 | safir85.ucoz.com | tcp |
| US | 8.8.8.8:53 | 24work.ucoz.com | udp |
| US | 8.8.8.8:53 | cur.cursors-4u.net | udp |
| GB | 142.250.179.238:80 | sites.google.com | tcp |
| US | 96.43.128.66:80 | cur.cursors-4u.net | tcp |
| US | 96.43.128.66:80 | cur.cursors-4u.net | tcp |
| RU | 193.109.247.16:80 | 24work.ucoz.com | tcp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | widgets.amung.us | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 104.22.74.171:80 | widgets.amung.us | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| BE | 74.125.206.84:443 | accounts.google.com | tcp |
| BE | 74.125.206.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | cdns.klimg.com | udp |
| US | 8.8.8.8:53 | 68.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.247.109.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.151.247.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www7.cbox.ws | udp |
| US | 2.17.251.48:443 | cdns.klimg.com | tcp |
| GB | 142.250.179.238:443 | sites.google.com | tcp |
| US | 108.181.41.161:80 | www7.cbox.ws | tcp |
| US | 108.181.41.161:80 | www7.cbox.ws | tcp |
| US | 96.43.128.66:443 | cur.cursors-4u.net | tcp |
| US | 96.43.128.66:443 | cur.cursors-4u.net | tcp |
| US | 8.8.8.8:53 | t.dtscout.com | udp |
| DE | 141.101.120.11:443 | t.dtscout.com | tcp |
| GB | 142.250.179.238:443 | sites.google.com | udp |
| GB | 142.250.178.9:443 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | static.cbox.ws | udp |
| US | 8.8.8.8:53 | www.cbox.ws | udp |
| US | 172.67.201.54:80 | static.cbox.ws | tcp |
| US | 172.67.201.54:80 | static.cbox.ws | tcp |
| US | 172.67.201.54:80 | static.cbox.ws | tcp |
| US | 172.67.201.54:80 | static.cbox.ws | tcp |
| GB | 142.250.180.1:139 | 3.bp.blogspot.com | tcp |
| BE | 74.125.206.84:443 | accounts.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 171.74.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.128.43.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.206.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.41.181.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.120.101.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.201.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 107.180.44.134:80 | www.quotesdaddy.com | tcp |
| US | 107.180.44.134:80 | www.quotesdaddy.com | tcp |
| GB | 172.217.169.66:445 | pagead2.googlesyndication.com | tcp |
| GB | 216.58.201.98:139 | pagead2.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 107.180.44.134:80 | www.quotesdaddy.com | tcp |
| US | 107.180.44.134:80 | www.quotesdaddy.com | tcp |
| US | 8.8.8.8:53 | www.blogblog.com | udp |
| GB | 142.250.178.9:445 | www.blogblog.com | tcp |
| US | 8.8.8.8:53 | www.blogblog.com | udp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 216.58.201.99:445 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:139 | fonts.gstatic.com | tcp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| GB | 142.250.178.9:445 | www.blogger.com | tcp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| GB | 142.250.178.9:445 | www.blogger.com | tcp |
| US | 8.8.8.8:53 | whos.amung.us | udp |
| US | 172.67.8.141:445 | whos.amung.us | tcp |
| US | 104.22.75.171:445 | whos.amung.us | tcp |
| US | 104.22.74.171:445 | whos.amung.us | tcp |
| US | 8.8.8.8:53 | whos.amung.us | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8b167567021ccb1a9fdf073fa9112ef0 |
| SHA1 | 3baf293fbfaa7c1e7cdacb5f2975737f4ef69898 |
| SHA256 | 26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513 |
| SHA512 | 726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54 |
\??\pipe\LOCAL\crashpad_848_ACLCYBCYNNDUPWZY
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 537815e7cc5c694912ac0308147852e4 |
| SHA1 | 2ccdd9d9dc637db5462fe8119c0df261146c363c |
| SHA256 | b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f |
| SHA512 | 63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 648eda216ffd375f3214d2210a622d5e |
| SHA1 | 9191c83b32a09f2c63b16ba94c41fd61e6d72b76 |
| SHA256 | 9e7a1f491295409088f1e6987457d15083bcd93292a456d3e4d5b88d3d1f93ff |
| SHA512 | f5b7f953408700f427c866a0f7c9e09c063d178638923e467514e1aaeaeae429c85cba074bd3ac8f45c80d2d6ccb3fe5a1ad7b60c89a3263bfbcf7bfe695e46c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a
| MD5 | b6c8122025aff891940d1d5e1ab95fce |
| SHA1 | a0c7ca41d0922d085c358f5dde81ae3e85a8c9c4 |
| SHA256 | 9954c64c68000f615e5066bc255eced1195d1f8b7dbc715f9062ddf9f147e87e |
| SHA512 | e62a37b55b6b8d95c24fb624105ff6ff72f118e31760d0da1e8df8e8acf627ec6327c26dfa26df8535585877604c7948d2f621ccabc39beec49787e22c302c10 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e
| MD5 | 88477d32f888c2b8a3f3d98deb460b3d |
| SHA1 | 1fae9ac6c1082fc0426aebe4e683eea9b4ba898c |
| SHA256 | 1b1f0b5ef5f21d5742d84f331def7116323365c3dd4aec096a55763e310879d8 |
| SHA512 | e0c0588ff27a989cac47797e5a8044983d0b3c75c44416c5f977e0e93e9d3a9321b9283ea077e6dcad0619ac960ee45fe8570f1d5cc7d5d4117fee4f2f0c96b3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 67fd71526a8a5609495eff327c5d048d |
| SHA1 | 863bcc66e76b395429378be2fb2fe1c53db22d94 |
| SHA256 | 50841c02991e4285ac6c72667545efc3ce6b378a69f9fa58ebcf9daac7a9abc5 |
| SHA512 | 582e762c2e3d9713ef141db337a32116a8b4fe933cba59e2481a30b2f1205bac869515fbd73868b7e818f096619eba1bd552e92d826706e1cc72176f1c1b8acc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 90c22c0afa9e5fbb3ca80d46a8e9735a |
| SHA1 | 0cd14e0780dfe9f2536d4e153d945a9d48cfe139 |
| SHA256 | bc95c755049607115d35c133683eac6a04d119696c350714dffb2257a76cab46 |
| SHA512 | d91d7f0244990920f1e832908b29feec3b935ba54cdf288c5f31573baf1c7b26685773e3aeb317e422ac66b2a84c8b656bc6ba1988fe6bee85fe8c03e6403f9c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | e66341a7cd9debc864e9880ef58b6102 |
| SHA1 | 7c40552f47f4d74c6870aaf46865966e15d5e21d |
| SHA256 | c4a9ae779e99ffb47c42337493cd321bcbafec23a9399e76314290bd64d95098 |
| SHA512 | 7282f1560465f4971eb21abed752e31703208add593033df8c3fd336fe3a71d6360156700d573c8a41a3f0c9eead97df756f7afb9d3a9908cdb62456754c4834 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 221c2ded38ed1d96f57cf87ed32764ee |
| SHA1 | b756a44a5282b86b1ece671acc02d4316450c8e5 |
| SHA256 | 4ef0d4da2c0035198a334daf96b41cdb8a605217d181f684ab8d2ea2f6a46d46 |
| SHA512 | 9aa808e5612c9e40463613bca29fa1afab96f105774c9d978caa320b1d40de790796e4143c4030f3ff957100bc74a00e8bafb309e1627c7c17ba707571e800de |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | b82a4c76561a0fc01f19e4a632119c9c |
| SHA1 | b7fee3f6c233acc7bbc173b571dc7b08acadedb9 |
| SHA256 | 02b2af8d60701335abc4bf6752eeb631b50a01174736ac1bcde57e0f9199bd4b |
| SHA512 | 18029833240de897bbd15a2481cf4038dc384db5893e1a8e0928230df31066bb28c9b32e6bdc2710da5074dfed6089e6682e36e3b984fff242239ce9834bbf49 |