Analysis Overview
SHA256
9940a141454c31ec5515ae24ea24b9bf9fbb63b56098e4002ccf0f7c6cedcf46
Threat Level: No (potentially) malicious behavior was detected
The file 7a18df5aef160c71704b69051e66aad2_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-27 18:31
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-27 18:31
Reported
2024-05-27 18:33
Platform
win7-20240220-en
Max time kernel
144s
Max time network
147s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{50B08971-1C57-11EF-8F92-565622222C98} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 906cde3864b0da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e3fd71f5bad490439e1f70ee18eb992900000000020000000000106600000001000020000000f7d727f7a4dfc1fdb0e7f464edb45e8ee39013adf1fd367bec69db4e79f3ed5e000000000e80000000020000200000008ccb6244e6527e9b51663c42f3fa6f00d840498d638b25105f027f1db6bb515720000000d78dbaba6d594dee4142c16a1d5e2e1787da9970b2cddb3db0721a8af3fdd7ec400000004759fa391cc0d30c246f50c4cc2aed056b278bc3359f21e5aaec428cb0ddbed91e907779e1e863e306928c04de7d33178b0a167242c1da19c18aecff49b7cf77 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e3fd71f5bad490439e1f70ee18eb9929000000000200000000001066000000010000200000002c14f2919c873271ebc13e5e3f0d854a15a218190c914cfe1cd50c5880b95fbc000000000e8000000002000020000000d2870daa2fadf71b43211707b75832f789f4e7adfb247ee188b9be4f7ee2e46d9000000002f619a8e720f79b82d40305e84830d71299cc7f1d2628e5eaf3b62c3487f763d89ed4ef03b1090af612bafa01c319218aadaf71eeb354e817d2666db1d4397a3958a170aea1594909dc039d446449e792729707e410b73a1cc5b9221faa8ae565b566a4f98fcda00e441dfbfdd1e383eee6c2ecc2480346e91ca7f07a5b20452341215545fee1a0f14fe591a6ac8d8d40000000226cd4fd7bde5ec30a0e5c0f40684504b09ee4aa16a4405274ff9809803693b0f5dbbb07288f673a7d51e6a45a220b1df2d946032dc8f7709d172c735da94944 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422996549" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2872 wrote to memory of 2956 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2872 wrote to memory of 2956 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2872 wrote to memory of 2956 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2872 wrote to memory of 2956 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7a18df5aef160c71704b69051e66aad2_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2872 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| FR | 142.250.179.73:443 | www.blogger.com | tcp |
| FR | 142.250.179.73:443 | www.blogger.com | tcp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | weddingringcentre.net | udp |
| US | 8.8.8.8:53 | kevinkok.com | udp |
| US | 8.8.8.8:53 | wedding-splendor.com | udp |
| US | 8.8.8.8:53 | www.mazaldiamond.com | udp |
| US | 8.8.8.8:53 | weddingringspix.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | weddingsetsrings.files.wordpress.com | udp |
| FR | 142.250.178.142:443 | apis.google.com | tcp |
| FR | 142.250.178.142:443 | apis.google.com | tcp |
| FR | 142.250.179.73:443 | resources.blogblog.com | tcp |
| US | 192.0.72.30:80 | weddingsetsrings.files.wordpress.com | tcp |
| FR | 142.250.179.73:443 | resources.blogblog.com | tcp |
| US | 192.0.72.30:80 | weddingsetsrings.files.wordpress.com | tcp |
| US | 172.67.182.57:80 | wedding-splendor.com | tcp |
| US | 172.67.182.57:80 | wedding-splendor.com | tcp |
| US | 13.248.169.48:80 | kevinkok.com | tcp |
| US | 13.248.169.48:80 | kevinkok.com | tcp |
| FR | 172.217.20.193:80 | 4.bp.blogspot.com | tcp |
| FR | 172.217.20.193:80 | 4.bp.blogspot.com | tcp |
| US | 172.67.133.132:80 | www.mazaldiamond.com | tcp |
| US | 172.67.133.132:80 | www.mazaldiamond.com | tcp |
| US | 192.0.72.30:443 | weddingsetsrings.files.wordpress.com | tcp |
| US | 8.8.8.8:53 | www.mike-kestemont.org | udp |
| US | 216.37.42.186:80 | weddingringspix.com | tcp |
| US | 216.37.42.186:80 | weddingringspix.com | tcp |
| US | 172.67.136.86:443 | www.mike-kestemont.org | tcp |
| US | 172.67.136.86:443 | www.mike-kestemont.org | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| BE | 23.14.90.73:80 | apps.identrust.com | tcp |
| NL | 23.63.101.153:80 | apps.identrust.com | tcp |
| FR | 142.250.179.73:443 | resources.blogblog.com | tcp |
| US | 8.8.8.8:53 | mizonpost.co.cc | udp |
| US | 8.8.8.8:53 | resources.infolinks.com | udp |
| US | 172.66.42.247:80 | resources.infolinks.com | tcp |
| US | 172.66.42.247:80 | resources.infolinks.com | tcp |
| KR | 175.126.123.219:80 | mizonpost.co.cc | tcp |
| KR | 175.126.123.219:80 | mizonpost.co.cc | tcp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| US | 8.8.8.8:53 | weddingsetsrings.wordpress.com | udp |
| US | 192.0.78.12:443 | weddingsetsrings.wordpress.com | tcp |
| US | 192.0.78.12:443 | weddingsetsrings.wordpress.com | tcp |
| KR | 175.126.123.219:80 | mizonpost.co.cc | tcp |
| KR | 175.126.123.219:443 | mizonpost.co.cc | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab170B.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a178069e9a0be6d31f116ab6f5142535 |
| SHA1 | ac631c40a5d44ef02eededd9e4c7e5481af6940c |
| SHA256 | 0c0ab0ea294ccca626f8f3859523376f2b8227f21c9d01714d2065fb1048d4cc |
| SHA512 | 16a61776f0199789b6ef0b7316967fe1f02ccfc316a4061c9236942d815bf95162379d5ee8502656f8325cec605f5ce03c87e4187d641829fd12a6d61d33a0ad |
C:\Users\Admin\AppData\Local\Temp\Tar1895.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\Local\Temp\Cab1982.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\Tar1994.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9c4b2da1e0610e4033dbcfcf7582873b |
| SHA1 | c085d0853fe2ad8454dfc4f00fbda04b53487c9c |
| SHA256 | 081478f0df270715c8301f7f525c6bb6d1da3d3b1f5a8917b280d5a319489b8e |
| SHA512 | 4a60c8840670afa04a33b400598012dc81a6fa178100b7aea60c87e35a57140aebd57d986f9cf310db6f9e3b039603dd5768578e9d92a6cba64d329a9adada74 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 814b63363d369241fd688ff4d39f8a7d |
| SHA1 | 13686246c7e4b56ead04aff421c6e217fb159968 |
| SHA256 | 7af862ee6b176b2a8e1173b13aed864c4d7f7727c547ab48281399b61ce1a93d |
| SHA512 | 5df1f1285ef2242ba0ef45b183699dbfefcc768ee7c317ad92d5e83fa8e00967a8109be685888ed22b7ee8725a6c5983c131d7bf681c90246457020b94e3edb6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ee6e0266563f1b90d3be3856b82a1da0 |
| SHA1 | fd626b0a450d7cdb7f63e6a41e27a4670758d314 |
| SHA256 | e9bcddd2fe7744a68251d6aa13ec423d1ee9da9c48f6fbc184716d5a4999dcf3 |
| SHA512 | c4031beea4147e27c370779787bc522d11be0f52011caf163d413019fe0a43d521bf47ae19e4d5f88173e250c18854015ea2df9c6e07c5661fd3223f7acbf370 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3e0eebf000e00c6ee211cd2993f2bae0 |
| SHA1 | b8b17d51b311b4d2a385d6c4bdcc69459f90c9e2 |
| SHA256 | 95f9cb7de235da0f2189281ea2fb996f854d4487bf5736eb5ec18c842fba81b7 |
| SHA512 | 00067cd8cad8e8b1c4fdd2cf8ddb692da81863620cbaedb2c4516da118327987686427bb3561cac2d5f10ff0ff01866f8a7c9dafb02b07fc5ad96939299bdc71 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f7c30892fe2aeaba898d7b1835b1568f |
| SHA1 | 8da47b875a12d5178be0b73dfa5e21ed1bc4663c |
| SHA256 | 73b986066c0c764dee869b35c703b3c7cff191e16fd9e1300adb578030ef623b |
| SHA512 | e22a30928008ebf9c7b8611f7b44d4eafe48a0aa974bccca94f200dc942f2101cf9f4acc5cdaac66d1d64c9928cf299c2643da926340bdd3b5fb99750a0a1154 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3a6be21c74432e2d35905a0631ce47b0 |
| SHA1 | 9b9b845a5f363be87cc4c5344ceba16df693e751 |
| SHA256 | a35f9d5a0f3682bb2c68c98cec77f0b6a5a3ce2a00a7f3cd317145f850ad5422 |
| SHA512 | 82d84d272225c94fb582307222aac060997ea333e5072a430f039db289a80857d528214ec8b8f346691940ad9a48d715f177beead347ee2fa03393f054f3a6e0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 57b506951d21c7b6223ededb9ddd92c5 |
| SHA1 | 3d50aad2b6d0a7c456885d86e336601566d6dd86 |
| SHA256 | 89e935123b4353db472405b1208595eea776af3d034c007167851ad956ff8b6f |
| SHA512 | 285c9f60641fa410ed2fb633113c662602b3701289d550c7cd447758d5572db80aab7710feacffcecbc6bdcfe59d71fff21a32157fc351b1cd05fe8d46e6b13e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7c8042108c00ad450a027d28856f62f6 |
| SHA1 | c7e9c7438ee64b8c8f85b4aa2d67cb373e82095e |
| SHA256 | 7b0caa92809f4a5dec9bc093e5130ef24fbf77c69d6b3340a6fb61ecd4c3c917 |
| SHA512 | 5c25c05c759bc7424a39b51318a38c67b1382cadc0fd7f1807b7aef4209310a92fbc686c3b900fc8629d105b987b3bc8c59aaac12bdbc7a6aa7aa63ac3228a41 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0a512eae5ff3523ce4b98d7b6dfdb08c |
| SHA1 | 93587c6cfb0d41e1aa30d6f044e78887ca3ab237 |
| SHA256 | 93052b9e8788af030071b082879d97d8075f9ae8877bceddbff3cc1d4a0c1a07 |
| SHA512 | e37fc9337891b0c0d9fea46777f5e57d864d90345ad158fee831af93d776365ec056018419006d1527f57539c5f34edada562aad3a761a33b04260f6463a7818 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7ae21f84acb637fcd813ac50a36fe9e3 |
| SHA1 | 2b6b6d6101e5aa83357ef8bcf59e7216e9a2e326 |
| SHA256 | b53a6503932156a0bfb25b992384bcaf675f09bbdeeee7fa3f313674bb6ce04b |
| SHA512 | f4a6e4c63f49626d848528a72846015fac218b3d69e75d21e8f39dbc898954b122285bd0dcca3066bd9e4602357583a31fc1d38ee89a472e10641216433f46aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fb4bcbc0670bbac20ed49237281cd43f |
| SHA1 | 50abab0de516fb441f42a6e1b3b5d030e678061d |
| SHA256 | 51dc59479e97d660ef783d30dbe451d880df550937a66e9e4f745586e87083bb |
| SHA512 | ac13092ffd1cff7f060503b1758446b3d0f7d70f6634a00e2adf452b3ad7f130afff92c7bec444b8979527fd66e979f6efb079da55d4d57306d008417c20b97b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1305093e3dc527689424ba808098db5b |
| SHA1 | 04d306e3b4d5c0cc42e23d37a9395217742ee4f4 |
| SHA256 | d9e353e3b54d288fede03378c938055cc6c65113a7b6e6de5873141294c35571 |
| SHA512 | ea1655be532636c89a25796770f7737834c64dfb36843c25577a9ef2c6544d2b08d3728749eed3fad14349bbdf267846e987d905ab33a377eba2bac353330313 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 0cadc51891f801670b65f2a6466e5a49 |
| SHA1 | a5d7f864c8405bb7ba051a28cb48c4dc8dad143f |
| SHA256 | c00fc0da95e12a9a3abef191b25172f077b151cfa0afef1a85f734a9fdbb1bbb |
| SHA512 | ca8205a15ce7034e7cf04d3915e649008bc5df5e9bbde535d7f3d831a7e461cde0b82659752fb0c5b4f53c0790b3b39e36cbdde7f0bc29bd599aecee33010b71 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 837d87de71b3175f0ac594d541bbcb83 |
| SHA1 | 1fb42a8d71d0f7e11ab5b0604a19ce8248434072 |
| SHA256 | 545e42d44c10add1fd98a63d73e772266836adaeb6014d01201f017f822d8f57 |
| SHA512 | 2f8f145a93e103de3f69f025b73a6e48cd3c6f336fe0ae48faa8a90e14a1b8a51bf633e434f9e2664bc7433b47c14e2506ef5f79be9332ab6973dd4c746896e0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6db4bbc2d5276571f16b39796a34dc0d |
| SHA1 | 6071c341de87bac3a7a526aabe5927dff21532d8 |
| SHA256 | f9032f2a44e2e0a3102e7abe5190a3e12b410a482a43bdab5a79eb981e31da9a |
| SHA512 | b732ae575c6f257d6a630d27f63bc25f36b8c3a5839d62b5f4714585ea6d11b3e3d3238a27db939774c01088cbcbc0e4f2c0477fae76195b3bf7dda5266358bf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 806adbe1502a8e1fe3cdcef374197568 |
| SHA1 | c1feeddf30d9e8b7938b2e9700933d020d009a0d |
| SHA256 | 557dc6c44b6e3cfc42bae1a6bd2a425ebec071caa9b0f297345438536ea627cd |
| SHA512 | 65e50f578b3035a5a061c8ce95c14ef5c60a39cb142427ada09f3fa005a1e273a052431b35d9659b2dae1ffd232ce98b6f3b593644e96d0f1a6a1f51bc780945 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 51985ae7bbbbd941aac116858f39a304 |
| SHA1 | 99069b7480fec3f1ef385508997cd74732133016 |
| SHA256 | 3257a27aad61ec7586864f053b577055efde647532beb44b4901f86cb43e67b7 |
| SHA512 | 22d74efeb831fc63fddb81fe4deb115da4b9fb2c7f26fd4c1db032ba90f46965bcb2b33d28507d6f84d100331ceb94a7deef0162b0557bdd132473c44edcb1e3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 131102b605b3f0f5e964404d2a000714 |
| SHA1 | aee06c66f6b7400825ac9113cc414e97c97c7e81 |
| SHA256 | 97a104bf567472d1de78e04a04d90ae0872a9ff3adc46d69ad8d4d78d9b4b7a4 |
| SHA512 | a6c9b2c41f7efcc79df600a80f6b97701fc0447a632885d3dac8b80aaf9c5d6cd041fa31fd8e9ecda8ad74fdfebe2b65b29a639fa6bf988c8582f0ccc184e0d3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bcf88df2be621d8149272ca6cb1bb1bd |
| SHA1 | dbaf3d80161bf190305fd678682e25cd9de38222 |
| SHA256 | 3f01569917cf8ecf9f56a0a76b6ebd535384cfff9c189b6eda58daede0acbca6 |
| SHA512 | af7fb8934ade66551e28b51f047c48c841ef4736a799076fe8cbd42ee447355127567b97c467829894c34b53eea60a16fd60a60db21e1a6f91039fbd14e6d567 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a322d77291a2e35877945dbf039e2c95 |
| SHA1 | b430702e825e64520d19ff1e782b4f1a020bc9e5 |
| SHA256 | 6370f9878d9cbb73b9f2903125d4a267e7d25a0e9e0e112d97b5e6e399bee3d9 |
| SHA512 | 7ce08989627da73c8a48ed66eebd4421b7585c5b8e14aabd8b569988fcde9200ef4f3f340d4937d5de61d5c86ffb5f16bdc2218987833a3353f8b6bc47682a2f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6a68d3aec945152c555ea6840b470a9f |
| SHA1 | 5b04da36a2d417da46b6d7fd33868744d340a176 |
| SHA256 | 59b4a292f5b2b061ac47ace164540c74b1866d0ab78d63a6650771b9f86a6c86 |
| SHA512 | ac0650b665d2ab28744af9066f9c77f1180cb12916dd11f7f5a3d14f85f3801868feb938c0879dd23923aa3af8bf1f1d0aef63444fef7e7deef666dc06b377d1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0b459348590a91e5a7e0e10b3716e0c8 |
| SHA1 | 6d575c0e26b667d736d4395116e340ead503b1ee |
| SHA256 | 57c86337f2a519f70869f141642cd4aabfdb308ffb9b991d9d6cd982cc1e60cc |
| SHA512 | 34175044fac6974fbafb6c8371141c9aca461bab8e2e3df2e066edc26819d7835234883a176165450c022e5647dc1cd8fa5789a32ca2826f3ed0a2ed88e41a77 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4ab953f395a33488c39682d0f9dc284b |
| SHA1 | cf7c6c4ad391105579e6f99be8e941a0d08fddcd |
| SHA256 | 3a365b826ff26c30fb14c4aed776a5a09e435447aeb04d97b3913bdde60828eb |
| SHA512 | 775640a9f32592b06263bdd09233bf688b1ac535554cce3dbf369e9f2b868ba345115b49a87f49a99f0c52afbe74f1d3371fa8e64c7e873eb48f0eededf3ee69 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7dc959be449b1a9dbd276704cb8c0088 |
| SHA1 | 6bbd681db4f902b3569310343a8f5b4e4ab36c15 |
| SHA256 | 16f6f2e4ba5be5b9151e2beae8fb18fd019ba2913b5a1245934c468366c38623 |
| SHA512 | dec1bdabb4491893deb0cb48dcac612bdc60843e3a7d3caf32561297943c72ea9de07bf7daa8c8b10029a6e86a14579ee49f4344e8be24b75c06ca96067d9cda |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f7b8c7766ebb0596fba602f5891ad185 |
| SHA1 | e021d9d16dace13370feb93ac5caa9dfe7df15f5 |
| SHA256 | a0c61b97644c89e6582253db071c8af91b98a6895ea3fc29577dc5b257d15ed3 |
| SHA512 | 8c06810c8fa03898408092222164b7f12f13f9f285a39517f5cb88bf316b60e27124c2e322acc75db9dfc1caa2c3eb19eef30c523bc24d2a9678a52569c2661f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 44b32f03b7b40f17afd0c016301746b8 |
| SHA1 | 525f3ad93652c4573c31d3d9a3af788b26f77027 |
| SHA256 | a0e5daddbf2bd44c2864184cc207e74556a36148e8d42c46b0199a57b10dccc4 |
| SHA512 | 15777765d52030b0397dc787351ff68139ae6892f8963609eedd5bceb719d8be7b50bea59801f601cbf6e208db0d476cfee08da90ffb18c8bf3200cbd96e12b8 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-27 18:31
Reported
2024-05-27 18:33
Platform
win10v2004-20240508-en
Max time kernel
149s
Max time network
151s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\7a18df5aef160c71704b69051e66aad2_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa5bce46f8,0x7ffa5bce4708,0x7ffa5bce4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,7085685601641719592,16403380852987669380,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,7085685601641719592,16403380852987669380,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2600 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,7085685601641719592,16403380852987669380,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,7085685601641719592,16403380852987669380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,7085685601641719592,16403380852987669380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,7085685601641719592,16403380852987669380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,7085685601641719592,16403380852987669380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,7085685601641719592,16403380852987669380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4836 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,7085685601641719592,16403380852987669380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6628 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,7085685601641719592,16403380852987669380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,7085685601641719592,16403380852987669380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2096 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,7085685601641719592,16403380852987669380,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1320 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,7085685601641719592,16403380852987669380,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6724 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,7085685601641719592,16403380852987669380,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6724 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,7085685601641719592,16403380852987669380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6692 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,7085685601641719592,16403380852987669380,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6952 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,7085685601641719592,16403380852987669380,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6476 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | weddingringspix.com | udp |
| US | 8.8.8.8:53 | weddingringcentre.net | udp |
| US | 8.8.8.8:53 | wedding-splendor.com | udp |
| US | 8.8.8.8:53 | www.mazaldiamond.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | resources.infolinks.com | udp |
| US | 8.8.8.8:53 | kevinkok.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 104.21.13.243:80 | www.mazaldiamond.com | tcp |
| US | 104.21.75.212:80 | wedding-splendor.com | tcp |
| US | 172.66.42.247:80 | resources.infolinks.com | tcp |
| US | 13.248.169.48:80 | kevinkok.com | tcp |
| FR | 142.250.178.142:443 | apis.google.com | tcp |
| FR | 142.250.179.73:443 | resources.blogblog.com | tcp |
| US | 8.8.8.8:53 | weddingsetsrings.files.wordpress.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| FR | 142.250.179.73:443 | resources.blogblog.com | tcp |
| FR | 142.250.179.73:443 | resources.blogblog.com | tcp |
| FR | 142.250.179.73:443 | resources.blogblog.com | tcp |
| US | 192.0.72.31:80 | weddingsetsrings.files.wordpress.com | tcp |
| FR | 172.217.20.193:80 | 4.bp.blogspot.com | tcp |
| US | 192.0.72.31:443 | weddingsetsrings.files.wordpress.com | tcp |
| US | 8.8.8.8:53 | www.mike-kestemont.org | udp |
| US | 104.21.80.250:443 | www.mike-kestemont.org | tcp |
| US | 216.37.42.186:80 | weddingringspix.com | tcp |
| US | 216.37.42.186:80 | weddingringspix.com | tcp |
| FR | 142.250.179.73:443 | resources.blogblog.com | udp |
| US | 216.37.42.186:80 | weddingringspix.com | tcp |
| FR | 142.250.178.142:443 | apis.google.com | udp |
| FR | 142.250.179.73:443 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | 73.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 243.13.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | themes.googleusercontent.com | udp |
| US | 8.8.8.8:53 | 212.75.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 247.42.66.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.72.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 250.80.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.169.248.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | mizonpost.co.cc | udp |
| KR | 175.126.123.219:80 | mizonpost.co.cc | tcp |
| FR | 142.250.178.129:445 | themes.googleusercontent.com | tcp |
| NL | 23.63.101.153:80 | apps.identrust.com | tcp |
| KR | 175.126.123.219:80 | mizonpost.co.cc | tcp |
| US | 8.8.8.8:53 | router.infolinks.com | udp |
| US | 8.8.8.8:53 | weddingsetsrings.wordpress.com | udp |
| US | 192.0.78.13:443 | weddingsetsrings.wordpress.com | tcp |
| US | 172.66.41.9:443 | router.infolinks.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| BE | 74.125.206.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | 186.42.37.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.101.63.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.78.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.41.66.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 219.123.126.175.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.206.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 216.58.215.36:443 | www.google.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | themes.googleusercontent.com | udp |
| FR | 142.250.178.129:139 | themes.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.215.58.216.in-addr.arpa | udp |
| NL | 23.62.61.155:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.61.62.23.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| KR | 175.126.123.219:443 | mizonpost.co.cc | tcp |
| KR | 175.126.123.219:443 | mizonpost.co.cc | tcp |
| US | 8.8.8.8:53 | cc.cc | udp |
| US | 34.222.63.225:443 | cc.cc | tcp |
| US | 8.8.8.8:53 | 225.63.222.34.in-addr.arpa | udp |
| US | 34.222.63.225:443 | cc.cc | tcp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | use.fontawesome.com | udp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| FR | 142.250.179.74:443 | ajax.googleapis.com | tcp |
| US | 104.21.27.152:443 | use.fontawesome.com | tcp |
| US | 8.8.8.8:53 | pcp-img3.cc.cc | udp |
| US | 3.162.140.105:443 | pcp-img3.cc.cc | tcp |
| US | 8.8.8.8:53 | 229.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.27.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.215.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.20.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.140.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.140.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pcp-img1.cc.cc | udp |
| US | 8.8.8.8:53 | pcp-img2.cc.cc | udp |
| US | 3.162.140.53:443 | pcp-img1.cc.cc | tcp |
| US | 3.162.140.53:443 | pcp-img1.cc.cc | tcp |
| US | 3.162.140.53:443 | pcp-img1.cc.cc | tcp |
| US | 3.162.140.53:443 | pcp-img1.cc.cc | tcp |
| US | 3.162.140.53:443 | pcp-img1.cc.cc | tcp |
| IE | 18.66.171.48:443 | pcp-img2.cc.cc | tcp |
| IE | 18.66.171.48:443 | pcp-img2.cc.cc | tcp |
| IE | 18.66.171.48:443 | pcp-img2.cc.cc | tcp |
| IE | 18.66.171.48:443 | pcp-img2.cc.cc | tcp |
| IE | 18.66.171.48:443 | pcp-img2.cc.cc | tcp |
| US | 104.21.27.152:443 | use.fontawesome.com | tcp |
| US | 8.8.8.8:53 | 53.140.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.171.66.18.in-addr.arpa | udp |
| FR | 216.58.214.162:445 | pagead2.googlesyndication.com | tcp |
| FR | 216.58.213.66:139 | pagead2.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.blogblog.com | udp |
| FR | 142.250.179.73:445 | www.blogblog.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| FR | 142.250.179.73:445 | www.blogger.com | tcp |
| US | 8.8.8.8:53 | diamondsheartnecklaces.blogspot.com | udp |
| FR | 142.250.178.129:80 | diamondsheartnecklaces.blogspot.com | tcp |
| US | 8.8.8.8:53 | 129.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 17.173.189.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4158365912175436289496136e7912c2 |
| SHA1 | 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59 |
| SHA256 | 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1 |
| SHA512 | 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b |
\??\pipe\LOCAL\crashpad_1976_APDDFPMYNICBAONM
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f26203309b55e31fb154503d19ff4d3f |
| SHA1 | a460d727c16b073f7c4fa3e38346f518faa4cc07 |
| SHA256 | ef5f56fa9d195620c04660babdacc8ca1f38321926ff051369034911cfe381df |
| SHA512 | 91671bcd3920b52510e6fd36737c11c86e7dc90c396caa99db3357d7e2487f349f4d1b217742d3f97002686c6c57214081e9685184e2e3a66180649ffa0b0551 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 466dc4a83aff73300093e3ad4273c0b5 |
| SHA1 | dba08050075eec029da611aaf3db46d425109080 |
| SHA256 | f12d41420d77a028be653ba764f2acfa5f554adbe74425bd7997159c4d0f8461 |
| SHA512 | e1ffe1f8a2d4b7836259d9beed4a07e2c5cddf1a1facf80795712a99fa78d7adab173d24c9bc67f2e94489491f21628d5432fe443ec0f920d42e26e1aabddbcb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 27140c7267124ffee9cd20f7206073af |
| SHA1 | afe4f532a111f93c1f16a3f0b68877ec042ad345 |
| SHA256 | b84402d6a51f2a367d0b7d4d4c4bbb47de04f37da4103703035d1d12b48bdb89 |
| SHA512 | 1083b62b1e6a6e2c0a6e12a2808e4b211781002524bbc03c546701a6007d48cd4967d78c184db5b6c2b0a1e6f3f32b55933ef4f2e3d28ef75bdbfbb900f7b165 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | f45152797fb50d45b7bca4a44881b559 |
| SHA1 | c140f44c4bf35b94e3e9263bac4ed0a5e9699375 |
| SHA256 | 5e2567c1a974ead8a416a5d588d779776cb500d8f06d51725b8138c400c6361b |
| SHA512 | 2150d8e1e74a8503e6db1ab1b28cd68d55536658061a9ba6e3f2536001d9ed07e5973060851053c1dbf9d16b28e55474e01fab499b1493a63c859b17c4aa467e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 87fb80e2a24d26f7b419bb7e50c7eed2 |
| SHA1 | 40f1b423aeb69993f2308634a7e8c5ea46e898ac |
| SHA256 | 81a7b6cce777146fc12210a114ef003e3d58c29f7765ef5f00e4e5d19e045849 |
| SHA512 | 7a446f8c6a66ccc10858e70007c36d596e059b6e9d506e46a9a0cc58af68e898bf1b9465b42df90948d2ec6c68152169770d57cf9a6cd2812af44fad63cdadb4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a4c9aaabd571f57cb3f3c8f6b23b4db0 |
| SHA1 | 9606bcded65474cdaf2ee64f51b86078e6674451 |
| SHA256 | fd825471eb41123b5d03dd7862b6bd2e1f143a7b5d668702c781f56bc0b40300 |
| SHA512 | cfc4a58fd1d69d568045927d2cf467b18dcdea343b05374b2b6cea778574a592924fbcfb06d7155323aaac41e787c790369437bf6d9dc46d8d8971f6f8e5f66d |