Analysis Overview
SHA256
90ac6a6e4da3155113ed27847589d9122341c80b73d1c62f008f91cff43cdf5a
Threat Level: No (potentially) malicious behavior was detected
The file 7e48a4bebc0c04c52e3423871ab67edc_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies Internet Explorer settings
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-28 20:24
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-28 20:24
Reported
2024-05-28 20:27
Platform
win7-20240508-en
Max time kernel
119s
Max time network
131s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e9361000000000200000000001066000000010000200000001ad739dedd37a596917991d6a27fcf1e379d9ba44b6ab5864f1a9364cf81c39c000000000e8000000002000020000000a02dca5965e032dd983e325948082b118c60d5eca9c9e0d8ce19da4e08b8f05820000000046e226c6f75a0fa54306b26aca925fde0519c2707d449ad0fe7bfa78988550940000000dec66b6c743e57ced452bba9ee035ceb181afff1270e2d3b62dc669ce427727217c6a277d9acdb1768348ecb1cf0fb6f1cd0280c81c3b452eb0a4d5c660ad7ae | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423089753" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{529DE551-1D30-11EF-A538-5630532AF2EE} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 20b488283db1da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e9361000000000200000000001066000000010000200000004ffcd65497692620034c6e5213a9589a1239ad44f91d1cba0f767b4575c90d4b000000000e80000000020000200000008ce73e6293c5808f8bf94f1eead3cd6aa5ce04bab4c02ad63dd105271865487790000000d20d1ba588d60071846980d72bd6197db48e59e8d2411a8ef9bf62ecbe368756e79f8575ae889a7471b832e48b71b9d084b96a5788e7a5b30eadd1803beb7822d74c0800f54f698374d1f011ea5d0553bf2f25e5dd2687ca2cf823e1c0600ddc9868dd9b1fb7197f36837d99bb51e7fb66e5e6c0d98c1b4e56c62ffb2fe2d7a0f3a7ed3f10fcd2ca8a529c99b9ec012a40000000b44786e28bb2e0f35bfb0ef967df45b1f26d1cee73eaa84dd202023ceba92119414c9179565db915b1f294765df05d99fa4d44c0f2c937da10296aceae5ece51 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2152 wrote to memory of 2712 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2152 wrote to memory of 2712 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2152 wrote to memory of 2712 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2152 wrote to memory of 2712 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7e48a4bebc0c04c52e3423871ab67edc_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2152 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | bloggerstyles.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| FR | 142.250.178.142:443 | apis.google.com | tcp |
| FR | 172.217.20.193:80 | 2.bp.blogspot.com | tcp |
| FR | 172.217.20.193:80 | 2.bp.blogspot.com | tcp |
| FR | 172.217.20.193:80 | 2.bp.blogspot.com | tcp |
| FR | 142.250.179.73:80 | resources.blogblog.com | tcp |
| FR | 172.217.20.193:80 | 2.bp.blogspot.com | tcp |
| FR | 142.250.179.73:443 | resources.blogblog.com | tcp |
| FR | 172.217.20.193:80 | 2.bp.blogspot.com | tcp |
| FR | 172.217.20.193:80 | 2.bp.blogspot.com | tcp |
| FR | 172.217.20.193:80 | 2.bp.blogspot.com | tcp |
| FR | 172.217.20.193:80 | 2.bp.blogspot.com | tcp |
| FR | 142.250.179.73:443 | resources.blogblog.com | tcp |
| FR | 172.217.20.193:80 | 2.bp.blogspot.com | tcp |
| FR | 142.250.179.73:443 | resources.blogblog.com | tcp |
| FR | 142.250.178.142:443 | apis.google.com | tcp |
| FR | 172.217.20.193:80 | 2.bp.blogspot.com | tcp |
| FR | 172.217.20.193:80 | 2.bp.blogspot.com | tcp |
| FR | 172.217.20.193:80 | 2.bp.blogspot.com | tcp |
| FR | 172.217.20.193:80 | 2.bp.blogspot.com | tcp |
| FR | 142.250.179.73:443 | resources.blogblog.com | tcp |
| FR | 172.217.20.193:80 | 2.bp.blogspot.com | tcp |
| FR | 172.217.20.193:80 | 2.bp.blogspot.com | tcp |
| FR | 172.217.20.193:80 | 2.bp.blogspot.com | tcp |
| FR | 172.217.20.193:80 | 2.bp.blogspot.com | tcp |
| FR | 142.250.179.73:443 | resources.blogblog.com | tcp |
| FR | 172.217.20.193:80 | 2.bp.blogspot.com | tcp |
| FR | 172.217.20.193:80 | 2.bp.blogspot.com | tcp |
| FR | 172.217.20.193:80 | 2.bp.blogspot.com | tcp |
| FR | 172.217.20.193:80 | 2.bp.blogspot.com | tcp |
| FR | 172.217.20.193:80 | 2.bp.blogspot.com | tcp |
| FR | 172.217.20.193:80 | 2.bp.blogspot.com | tcp |
| US | 3.33.130.190:80 | bloggerstyles.com | tcp |
| US | 3.33.130.190:80 | bloggerstyles.com | tcp |
| US | 3.33.130.190:80 | bloggerstyles.com | tcp |
| US | 3.33.130.190:80 | bloggerstyles.com | tcp |
| US | 3.33.130.190:80 | bloggerstyles.com | tcp |
| US | 3.33.130.190:80 | bloggerstyles.com | tcp |
| US | 3.33.130.190:80 | bloggerstyles.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 5b17d5ab5560184463cb9b8b8e334e56 |
| SHA1 | 29d6c4803221125d24778788c5c8d3a713340abb |
| SHA256 | 558b29dfab794d977b1583069c8ffbf0749a774d59386577658d62afe41ea58d |
| SHA512 | bde9130a14d13ba19f3735c6d6062c53e4d11265d387e6b186bc05fcb92ccede56711d061415331d9235bc182f069aa15ae4428dd2b810af7ac19c504ee7c935 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 01a4c74c4c03d855f9f8d49e5da5e081 |
| SHA1 | 4f0b97998d4e8229aabe42f1d080fcc74f2d1d01 |
| SHA256 | 910210ed3ef9c026834df6bff106be0b761cc390c65cac2bd4138fe8fa2b081a |
| SHA512 | e8a53346f11f89642faa33f8776c72a5e0582c8b36a99def112ce00a4e2df94fc02e5a9f2abea41914ef0984df8d677b20a64eac7ead0e73d0d0226c9267448a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 91d1a9d489736610d91ba0c783745e5d |
| SHA1 | d7effa412880636c17e6e5f86f1978835980694f |
| SHA256 | 51fdce859b53035fa4c5b5c1e0a2b76ad9090d23da467387f3c1fc5b9c10e897 |
| SHA512 | 3bbca7affbc3e2e33db7e9d7ac3675006a9f2e34de258ed493f0d12d42bd3d0916cb47296da9e7efe3f8848253495b093f790c0c2ca72cf7f3a59daf1cf1ffdf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | ac89a852c2aaa3d389b2d2dd312ad367 |
| SHA1 | 8f421dd6493c61dbda6b839e2debb7b50a20c930 |
| SHA256 | 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45 |
| SHA512 | c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | d1fe41c2ffcf09f179a67d080391b039 |
| SHA1 | da484aa6729490510bfe98df9f88fff73ebe9c30 |
| SHA256 | 51a769d61fcf05600048e2f60c178adbb57dc0581362fa9f41e62ec788e0bdde |
| SHA512 | 77157fc907401cb4cf89ea99e4d23a626eedfb40e84a5f63afe4c2e97f94b0502a968d4dcc45dc6b792361c7fb3f93179db1c194fe03b6eb7a6f5e7082e0bd1b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_02C4C6ED250727F9B08935C0A9565568
| MD5 | 35d4177787b05c412c2bf77cd5b7837a |
| SHA1 | fbd658dff11171fb18b3761554ce1bcab136d263 |
| SHA256 | 28c838a440a325da201e3a5f0c89510a5f4e2e176e04a8569a5f9f65c0dc1e3c |
| SHA512 | b6eb06e7f9e8c68ef93a3a18de81e0a05a716d7c3ec66f94cdec5f0d42c15822a87a46a942d6f8457c5da95d9fa38b4a1cbe8d1e43b84381f0522e28c97a09ca |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G17BROQF\jquery-1.2.6.min[1].htm
| MD5 | e89f75f918dbdcee28604d4e09dd71d7 |
| SHA1 | f9d9055e9878723a12063b47d4a1a5f58c3eb1e9 |
| SHA256 | 6dc9c7fc93bb488bb0520a6c780a8d3c0fb5486a4711aca49b4c53fac7393023 |
| SHA512 | 8df0ab2e3679b64a6174deff4259ae5680f88e3ae307e0ea2dfff88ec4ba14f3477c9fe3a5aa5da3a8e857601170a5108ed75f6d6975958ac7a314e4a336aed0 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J8SD872Q\cb=gapi[1].js
| MD5 | 4d1bd282f5a3799d4e2880cf69af9269 |
| SHA1 | 2ede61be138a7beaa7d6214aa278479dce258adb |
| SHA256 | 5e075152b65966c0c6fcd3ee7d9f62550981a7bb4ed47611f4286c16e0d79693 |
| SHA512 | 615556b06959aae4229b228cd023f15526256311b5e06dc3c1b122dcbe1ff2f01863e09f5b86f600bcee885f180b5148e7813fde76d877b3e4a114a73169c349 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f7371463aef0180ef662bd7184669122 |
| SHA1 | 460651918590008e48cb5fb8b48e834bd32b88ef |
| SHA256 | f5ce313908c82a93901a01c1d2b8c875346599de391e46085967c979095f8130 |
| SHA512 | d0df06e96c7b6b2ad6e9e962f5e7718bb9f4c0267a42f72f2884a027a23fbcb8920b93cd515b139d80096bc42d8b6178ae926db59c66eba769211ce7ede8c778 |
C:\Users\Admin\AppData\Local\Temp\Cab2DA6.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\Tar2DA9.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aeb3734bfc9180edcb5d863f4d181056 |
| SHA1 | 7813489a1c115b921fabefebd8eb70f980aa1d73 |
| SHA256 | f4b5db479f77048002010a7dd3ed098a69387307d86a7d870253edd0677a32f0 |
| SHA512 | c78c3e5574dbf21f351452990c3edc9666b78dc17d1e41fc2ad2d97c3dacfa2585abcde272d5aa97aaca6c94e42ecf87f4a531b44c5e99f8a2cf54d2c1e73cbc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0c3b6b29b0c93a11783e69285c1c6689 |
| SHA1 | 062aa315b936742d03ef8f513356832c7b1ce14d |
| SHA256 | 22058b2b92df51abce534734e3a174988fef7f4e6667103198b148fdbee5a866 |
| SHA512 | ee10437a0a86ca636d0c80d2cbc7c44860b1d5c051548f19a5c01af3068dc92f001cedc255b6f47ff61c1ad073fb6a0b978ef3a2a5939ef4e358f06f1edfb754 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 14390c73f20747b1953a826d232a8e41 |
| SHA1 | c17b395302cbf6e61a3508832f0f44618c22d8ec |
| SHA256 | 1eb9da69f657eb8b02748c601a6214fbaa0ddc395e23978b6e078929a4e9df4a |
| SHA512 | 66c48ce1f4f7ef84588bd9480ce8fa411ac8899a28ceba3ce40701142d17f5a46fc54f806656960d4d5705c375c5d858f0ff3408f11e4bad300723b6ec4c8be9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 322e2912ff5a675730f5b3d8c09387c2 |
| SHA1 | 0472120760e703ffda8df3b6c365a2eb8a527ed2 |
| SHA256 | 64eb4b9a116f1b3190b96cb1f907acf6ce0587a62bdb4f8ade739d2f4c2f1f47 |
| SHA512 | f223c29be2dc8ee62b6350680e3041fab28460831d5b077e47d6869cb31fd9411ecf9e2e224ecb2d8f8e47a4ae3094f964e7f0431c158860831000ceececf0cd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9eba7d7eb932ab932491b2305bd4ac59 |
| SHA1 | 4e4ee8f249bc8e4dc1c8a986e55b660217b6f813 |
| SHA256 | 16c19e49746b4b3b8300001ca3c682714fb79c41620e556424c53ca8e2cbf898 |
| SHA512 | da9c794d9fb8e0ad68775cdf34e1a2dcbf33854f727371c740ffb343ae4c6a1f072e85a0e5384bb225cccd064394a096b9635cb3d2c43642b67a6d77d65a531a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7f4a146681e7a4ccd0586ae263f9a467 |
| SHA1 | 96b5d6cd9460fd063cf18986cf946de794552c65 |
| SHA256 | f7b3876b2f8fa7f27b969d71e552ddf21637d1d5eb024fa6aac4ad94df29aa95 |
| SHA512 | 700a4b61c63fd25dee3845dd6f7e411a8a04d8d35b81477ce66eac6d334bb83e7b519048d0b9dadd3040a08f4653161383892211dcd650ee81857f53eae1f5dd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | edb16752e311058b0cbb653a212ddd53 |
| SHA1 | 83b50c21b7e5b2ebebb0032848bf096a5649e5fd |
| SHA256 | 07604f8dbf1f11621ef2640a5c89ee5eec08af1af1e594d29154126e6579b112 |
| SHA512 | 6c45fd61734d0052bcce37e6d2be3a945d072ee51140bb57be2b2b01d40573c104abaf8b5573cbf5b834b21cbb1e7bff496e8ba533973abb412e18028e03b612 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1c376f98ae5f8b376be97b896c4ab516 |
| SHA1 | 2b04dee083ec2d4de5c90e1ef75b412e9ffdb83f |
| SHA256 | 6a20495dbc59a0867748c36031f45ad3c83f7d5881724b0e37885aa46781231d |
| SHA512 | 6dfdff388ae962e71306bff40faff1aef9f4c4f9ce57107f6369b550aa77db8fc351fa2efeb00f8710c6b3861118979e43b6443fac2dbd19c2de4c6b8861b1d2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f840982bfd2f693e7423f733d54b541d |
| SHA1 | 57276d36e187d704351fde7cfbea7add07b8c4d8 |
| SHA256 | a17fdf0d21e4d9b2280fac96b4fda4d51525d8a8d7aee57f3f52cf318365803c |
| SHA512 | 5de291a7aaa5b31c222d59c8f485fc2cc4f7f76390b1cb169c706b76edbe4ae449d33c3312d863305ec709ae947accc8e85092570579fc5a02fde1a1c223e08d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | db876136b1f2c5fa8326e6252e53950b |
| SHA1 | 1d3c98b92206cb82c39b74972fd6214b0a6987a8 |
| SHA256 | 96fc64e32ee1f07070200dc83fef5376250ef1f8de067ec3f6bd0e0b387098d3 |
| SHA512 | cd8324487441c6c9932765b828d6bee87780291d298164bbd18ed5cb8d0875f531867fcf931b9e643e17dc5256de076f452a154ac71806825d6a0a9676688b15 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2e1ccd2e077d5121f76fd07fc4d35b30 |
| SHA1 | 17dc6e97e8e8ee5326b4e948a45da667203dc29d |
| SHA256 | 004cffbecb71793c2042a936d94b7d9eb982805c7e6166efe112a3499fb9c42a |
| SHA512 | 1df18d06bf4f926edbb168ce1d316374bc56b9d88c800da17e1f182c2c847efc5356b4291ab76d7298fd5f718b3c7304929669e10c9ac471159a2ef0834d0ebb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ec0ac4fc9984e22ec742c3a8aa562970 |
| SHA1 | 78fc8ce85ddd1cc3ee64480f3ba297c133b6d3c4 |
| SHA256 | 108e30b525033297b6f6239a6e0da74e1ce90cbe9f36dd14fb0f610ee8f52334 |
| SHA512 | 28d0ddb261df49513d4cb30a988dc6452a3cd0f5d1d28f005a9582ea43a715888cad8fdea7bf12e3669c3c6eb9587baa02d3bdbcb9e496a7808615bee0ee80dc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e4490e2910e724a6b62399fa37d5e09a |
| SHA1 | df73a25356f0bd1105820e201f1c58fe9b0919ac |
| SHA256 | 1b9f3ea033f1d4445e2dcea8b50fd12482c91ed8d8a59ba48c1f40c57c61e6b3 |
| SHA512 | bd478780507f4f42a649a845fe96f8d5138956a9abdcde960b057e064a2829449381afc95a944d39653497f60a2e455c38b0009c800f751833a99ee7ba433b45 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8a13251388e20ab5f30184c9b28a776b |
| SHA1 | 447f5e99d8a2bacc9d09be6cc54fa51e0072f543 |
| SHA256 | 412cfcec68dac58f85767ddb91f11eab5a61e5c4c0bc7899a51c8540d7df7abb |
| SHA512 | 34af0d73c0a6717c45c8a204fb8d38272e92927e79fee400c1a32eaceb8b2df4e3f68996beb23e4bcd3eceb57b2352818becabdf9f671c5ead7e9eaf14cab853 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 08edc282e41fc9df606d081f10a19eb6 |
| SHA1 | f08365b2167c839c661cad2bdfc33829e9d2ef77 |
| SHA256 | 8b03ffcfce701d6c1f58cc9ce205f0a4d8c6bd97706f1481765afee092a01587 |
| SHA512 | 703f834a05b7270c8ab9182158ae16b03b1b08bac9f29791c5596205722ce4be10b9b26ba126c13ea77378a406d9853c1d07240f315597199efcdfa808d7a25a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b11f184d649f7c68c2b00ae9bc3c90ac |
| SHA1 | 285d4093a4dc075dbebbad4d834caeddbae7a871 |
| SHA256 | 6ffaa102d6e5e1b94845c0c2ad45d5ac172cc7dddcf63cf4b1f15f3a9dd51fba |
| SHA512 | c52222d68ef6b9a02299f9e8052c1ec9cbea2352dc378c41f5e74eafe36d018672dc804c0237b4c499714941d91ca4cebbe1ca04184da025334ec180d217bcf8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a68ee67af315cbf82b87416cf6d73fd3 |
| SHA1 | c5e494d462f9975d96b4dd89304db8e983b11471 |
| SHA256 | a5839a506de4a09503b92c59b2eb20189fc41b1e718a5eeb5437353437d1b18b |
| SHA512 | dd97f32208c08e93fd26a9c29b6bfd879763a0ca2a72f471bf43d2321a6d22fce42e8df1cde523c7bdf56996cfaaf2bf5e489b401bd8b9fd3d1c6d59243550fc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 798330fa4b397959c214b62cf3b2b73b |
| SHA1 | 6106da07fec54666e95f8f14b628224d2c75c290 |
| SHA256 | b714bef7e19adf6670c5b82b8cb145ba63c7962aaff2308b138efd593e423880 |
| SHA512 | 0b3017bb13f1be00565c2664f242e664a4059d6afe1113d91dc1e61adf116d611bcda8b0abe71ec10978414cb0dacb5ff8b9e1a7f27e7e7d389ab9460225e2b5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dd2d5ffd9a5dbe754a0452ca668ad07a |
| SHA1 | 651c3709a8c13685abf8ab4e399525d219dbe353 |
| SHA256 | d0e70b306aa3d4eb932c82cb274beebb0686f8826158eeb001203b3f7d7ea169 |
| SHA512 | b8120c3b011d79fa168c0ba0833ae1bcc99c2b2882c1326d71f61e3e70c78bdd0f0513ed4288cf6d9059e8aa05829a8fdea30c6db159e30b6bf47abc890b016f |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-28 20:24
Reported
2024-05-28 20:27
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
139s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\7e48a4bebc0c04c52e3423871ab67edc_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe40aa46f8,0x7ffe40aa4708,0x7ffe40aa4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2252,10337154648759084514,14397378484723817374,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2276 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2252,10337154648759084514,14397378484723817374,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2252,10337154648759084514,14397378484723817374,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,10337154648759084514,14397378484723817374,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,10337154648759084514,14397378484723817374,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,10337154648759084514,14397378484723817374,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,10337154648759084514,14397378484723817374,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,10337154648759084514,14397378484723817374,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2252,10337154648759084514,14397378484723817374,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6072 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2252,10337154648759084514,14397378484723817374,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6072 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,10337154648759084514,14397378484723817374,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,10337154648759084514,14397378484723817374,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,10337154648759084514,14397378484723817374,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4088 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,10337154648759084514,14397378484723817374,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2252,10337154648759084514,14397378484723817374,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3124 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | bloggerstyles.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| FR | 142.250.178.142:443 | apis.google.com | tcp |
| FR | 142.250.179.73:443 | www.blogger.com | tcp |
| US | 3.33.130.190:80 | bloggerstyles.com | tcp |
| US | 3.33.130.190:80 | bloggerstyles.com | tcp |
| US | 3.33.130.190:80 | bloggerstyles.com | tcp |
| US | 3.33.130.190:80 | bloggerstyles.com | tcp |
| US | 3.33.130.190:80 | bloggerstyles.com | tcp |
| US | 3.33.130.190:80 | bloggerstyles.com | tcp |
| US | 3.33.130.190:80 | bloggerstyles.com | tcp |
| FR | 142.250.179.73:443 | www.blogger.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| FR | 172.217.20.193:80 | 3.bp.blogspot.com | tcp |
| FR | 172.217.20.193:80 | 3.bp.blogspot.com | tcp |
| FR | 172.217.20.193:80 | 3.bp.blogspot.com | tcp |
| FR | 142.250.179.73:80 | www.blogger.com | tcp |
| FR | 172.217.20.193:80 | 3.bp.blogspot.com | tcp |
| FR | 172.217.20.193:80 | 3.bp.blogspot.com | tcp |
| FR | 172.217.20.193:80 | 3.bp.blogspot.com | tcp |
| FR | 142.250.178.142:443 | apis.google.com | udp |
| FR | 172.217.20.194:445 | pagead2.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 134.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.178.250.142.in-addr.arpa | udp |
| FR | 142.250.179.73:443 | resources.blogblog.com | tcp |
| US | 8.8.8.8:53 | 73.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 190.130.33.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.20.217.172.in-addr.arpa | udp |
| FR | 142.250.74.238:80 | www.youtube.com | tcp |
| FR | 172.217.20.193:80 | 1.bp.blogspot.com | tcp |
| FR | 172.217.20.193:80 | 1.bp.blogspot.com | tcp |
| FR | 172.217.20.193:80 | 1.bp.blogspot.com | tcp |
| FR | 172.217.20.193:80 | 1.bp.blogspot.com | tcp |
| FR | 142.250.74.238:443 | www.youtube.com | tcp |
| FR | 172.217.20.193:80 | 1.bp.blogspot.com | tcp |
| FR | 172.217.20.193:80 | 1.bp.blogspot.com | tcp |
| FR | 172.217.20.193:80 | 1.bp.blogspot.com | tcp |
| FR | 172.217.20.193:80 | 1.bp.blogspot.com | tcp |
| FR | 172.217.20.193:80 | 1.bp.blogspot.com | tcp |
| FR | 172.217.20.193:80 | 1.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| FR | 172.217.20.193:80 | 1.bp.blogspot.com | tcp |
| FR | 172.217.20.193:80 | 1.bp.blogspot.com | tcp |
| FR | 172.217.20.193:80 | 1.bp.blogspot.com | tcp |
| FR | 216.58.214.182:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| FR | 142.250.178.130:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| FR | 142.250.178.130:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| FR | 142.250.75.230:443 | static.doubleclick.net | tcp |
| FR | 172.217.20.196:443 | www.google.com | tcp |
| FR | 216.58.214.170:443 | jnn-pa.googleapis.com | tcp |
| FR | 172.217.20.193:443 | yt3.ggpht.com | tcp |
| US | 8.8.8.8:53 | 82.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.74.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 182.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.75.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.214.58.216.in-addr.arpa | udp |
| FR | 216.58.214.170:443 | jnn-pa.googleapis.com | udp |
| FR | 172.217.20.162:139 | pagead2.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| FR | 172.217.20.174:443 | play.google.com | tcp |
| FR | 172.217.20.174:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 174.20.217.172.in-addr.arpa | udp |
| NL | 23.62.61.161:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 161.61.62.23.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | amazinggolflies.blogspot.com | udp |
| FR | 142.250.178.129:80 | amazinggolflies.blogspot.com | tcp |
| US | 8.8.8.8:53 | 129.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| FR | 172.217.20.174:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| FR | 172.217.20.162:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 162.20.217.172.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 439b5e04ca18c7fb02cf406e6eb24167 |
| SHA1 | e0c5bb6216903934726e3570b7d63295b9d28987 |
| SHA256 | 247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654 |
| SHA512 | d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2 |
\??\pipe\LOCAL\crashpad_4760_GJTEJJOMERRXQAJU
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a8e767fd33edd97d306efb6905f93252 |
| SHA1 | a6f80ace2b57599f64b0ae3c7381f34e9456f9d3 |
| SHA256 | c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb |
| SHA512 | 07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f9d4a2066ad634dd90e93d1ed2444fef |
| SHA1 | d9b771c0ae96a3ef271dfba29493da2d3eac6ef3 |
| SHA256 | 076ed0bccf8d48724a4f6735ff519078c4c760648a1d2296947c5764925c325c |
| SHA512 | a4e9be29ef568041f6379a19ef0353d91f348e754f6c45d0f00f12d0d400c704c52f3f2c9f3fd331733fa4f7d91ab3782b7b1ca1f6322f5202ce5952205af1f6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 8d84fe162d546c454fa1906385c93482 |
| SHA1 | e2110962089f72ebc62e99449ae4d45d2c9391d0 |
| SHA256 | 297eaf79254e3d2586bcbc77cdb5dc2d78b7b40fe1ecea96dc7e7d538b055f9f |
| SHA512 | 83161f3e219ee749f422da7e415bd09165ab0474691beac3642b44cf25d82dac05e0887f0f3563597029d536a262b976afd546bf428b6f9085c252715cad1412 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a0ec4abb0b889a9ffef885e3d7d852d3 |
| SHA1 | 401c7bca310444b7dfc19a6209b8bf10a449f06b |
| SHA256 | af99ff3fca035c6bbb312bb2f9f68673bc1acd915b8253cfb0f19bd8cc17ffd5 |
| SHA512 | 65fe3161b236551f7c6e3d781cd30727ca8d6959919da3688735f712af1a77c4691813ea239430e1254bd5088d71cf9aad51c2b7a482ab2780a99a1041ce6645 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 5d8c5ab93fcd3fc32ed2ef21d7e8c87a |
| SHA1 | 081d1d1f5375a116a1fa7cb1bb78a197f132f314 |
| SHA256 | fefb6d90b7b4b25c3ede07ed3be7e6787273ef2a10ab3997dddc8478a8160622 |
| SHA512 | 930ce4dea0881ff17487c84eb30f28830ffeb4c288020f82c8649c0c2534d6842332ad9cccd0e29d3f059fe8ab228d55b775205004309e5214c72025bd47ec57 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | cf5e24374083b3d00e6432083df92ce7 |
| SHA1 | 339c29ea3695aa016648e6980c4d94714b017336 |
| SHA256 | 5daac53fac495f86c57b088cefa5825424fbf30e67f0e3b34f26ab43e21046a1 |
| SHA512 | 6c926d17d5b7c95b2d53396dce1be8e4831c4bd8e0edf5282aab378a0c087ded791652ad6e78f6053faef16404c1b801e1985061fa9d1bf96eef7c129695931e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 6b934a61505f17c9197f1621c60e8cca |
| SHA1 | 39a76ace6b71451eefcac21356e6f20a9daed8d8 |
| SHA256 | bc57b060d2e3a2eb39d740489e5c25e5af127877998679eabda2b3c0e6d17afb |
| SHA512 | 5300ba3e42221013f54a53935f1aa5121830a755564cd34e970bca663e94d40098e1ab4542ef7eb4bf566e7c3157fef6f2ad182f724fde99e2f30f44ce5c4fd1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | cbbd9af816ad4a03b6ca36fe6e9a8013 |
| SHA1 | 1b5bb723664462863daa13425e3c53bdf8c6380e |
| SHA256 | 10b5b8997bd54ab78ffb571b95d6cf8c1ec70d3d0454e5503771c194afce3b1d |
| SHA512 | 3f5727edad1a89430ef6539cb446941f6e16dbbfd6cbdb12c056401680beb67d2eb7060eb887c54fca8cd8092f92c024f9e84322179cbe79e327b5e314ef2e2c |