Analysis Overview
SHA256
596d776abb2c73c3fc62bc0ad4d7587dc17b38359e99f1e31e7ad7497cae6b1b
Threat Level: No (potentially) malicious behavior was detected
The file 802b9f4abddaf74c22691055c8a9360d_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-29 08:53
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-29 08:53
Reported
2024-05-29 08:56
Platform
win7-20240221-en
Max time kernel
136s
Max time network
136s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d00fc5d6a5b1da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007359744130cc814596556943c608ea190000000002000000000010660000000100002000000055419719b67810e184e112482d695bd52d9f76c6bb9c7b33425d8d646344ab61000000000e8000000002000020000000be2ff7545247e044ce4f44b264ce947fbc60c06d87cf95277c65de6b60dc3bf220000000c1748a9363bd1d512c15261ca3378e90b367b27abca5b8fa12944ec09bdf8f29400000006c909eafdfe0358fa62ea5cec0cba1ca5247f614a430ab64c35f047006e6a5f483a7769244e0858f1c0f1908809c2080bb9e6e06a90efb827de6ca71e5a2a258 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{FEC76E61-1D98-11EF-9F3E-D2EFD46A7D0E} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423134711" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007359744130cc814596556943c608ea19000000000200000000001066000000010000200000006d58c8119b4af1ea329f655c45c7f60508700fd576bd6c06df428f7e50eb76a9000000000e8000000002000020000000f7012e1a2d68fa7c6fe71ad700ed8fa14046f5be59da8437a43d068a46197ef090000000c277ba1de5ef738063f1ef0e774a82af03ccbad9998b15eec2eda2c8b3b5b1a557f34d722c962de227e11bef80f7b1b2657b3006c160f6b2ace1a18d10c069b8d87c3d5eb91905998461ea7baf17ce0e4e30b4f96170566f3804848932d65437f55642561fcdd2911e24f7eff26fffd8cdda5fc99c7b41423abb97d1142c8d270f5116dca09c17a5a865d482db27e5ad4000000027c720b5a1297c6565b3df424a4da816e8f6c30faaff850818092a736f6b59866d99774daf5fcd7345c8ebe4bf4bc3a3912372d93fee73f739bbac95b6d650f5 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2200 wrote to memory of 2440 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2200 wrote to memory of 2440 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2200 wrote to memory of 2440 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2200 wrote to memory of 2440 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\802b9f4abddaf74c22691055c8a9360d_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2200 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| US | 8.8.8.8:53 | lh4.googleusercontent.com | udp |
| US | 8.8.8.8:53 | lh5.googleusercontent.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | cdn.adf.ly | udp |
| FR | 142.250.178.129:443 | lh5.googleusercontent.com | tcp |
| FR | 142.250.178.129:443 | lh5.googleusercontent.com | tcp |
| FR | 142.250.178.129:443 | lh5.googleusercontent.com | tcp |
| FR | 142.250.179.73:443 | resources.blogblog.com | tcp |
| FR | 142.250.179.73:443 | resources.blogblog.com | tcp |
| FR | 142.250.178.129:443 | lh5.googleusercontent.com | tcp |
| FR | 142.250.179.73:443 | resources.blogblog.com | tcp |
| FR | 142.250.178.142:443 | apis.google.com | tcp |
| FR | 142.250.178.129:443 | lh5.googleusercontent.com | tcp |
| US | 172.66.43.117:443 | cdn.adf.ly | tcp |
| FR | 142.250.178.129:443 | lh5.googleusercontent.com | tcp |
| FR | 142.250.179.73:443 | resources.blogblog.com | tcp |
| FR | 142.250.179.73:443 | resources.blogblog.com | tcp |
| US | 172.66.43.117:443 | cdn.adf.ly | tcp |
| FR | 142.250.178.142:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| NL | 23.63.101.170:80 | apps.identrust.com | tcp |
| NL | 23.63.101.153:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| BE | 2.21.17.29:80 | x2.c.lencr.org | tcp |
| BE | 2.21.17.29:80 | x2.c.lencr.org | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| FR | 142.250.75.238:80 | www.google-analytics.com | tcp |
| FR | 142.250.75.238:80 | www.google-analytics.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | cse.google.com | udp |
| FR | 172.217.20.174:443 | cse.google.com | tcp |
| FR | 172.217.20.174:443 | cse.google.com | tcp |
| FR | 172.217.20.196:443 | www.google.com | tcp |
| FR | 172.217.20.196:443 | www.google.com | tcp |
| FR | 172.217.20.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| FR | 216.58.214.170:80 | ajax.googleapis.com | tcp |
| FR | 216.58.214.170:80 | ajax.googleapis.com | tcp |
| US | 172.66.43.117:80 | cdn.adf.ly | tcp |
| US | 8.8.8.8:53 | clients1.google.com | udp |
| FR | 216.58.213.78:80 | clients1.google.com | tcp |
| FR | 216.58.213.78:80 | clients1.google.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab981D.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 004280d72d99344563b17ba2f5de67e0 |
| SHA1 | b05fb0ec97211841f871ebd7034e3d831471fb04 |
| SHA256 | e50494964fdb5e3fbb1e66bfbb57b8a7c9529316a1802e618e4bd259e231a155 |
| SHA512 | 38a09aa982ab6c80f6c2364a8927567a263ae2b3552d07f7edc0412fde91583b736d9c742e47af8e1fa1f5f1f2f0d82b704de42bc47d9b478008cb1cf35e0d8c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | b9a6ce2d8d958f97f33e4c90383555b0 |
| SHA1 | 1dfc439a009c45eb482547d65aeee88675679279 |
| SHA256 | 35c92a56b5f0f8520f27ee9b8d093c80deeb4f7599dbedfa8619559986db3c03 |
| SHA512 | 0395ce6722e8663e946c8ab45bf6b28dde3d77c42ce893dd5d9174bb1c2c287b5ec4cb165ab2c606c13b39a72af14ea2d1b63bd3f21b766f8969b6d18db920f3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | ac89a852c2aaa3d389b2d2dd312ad367 |
| SHA1 | 8f421dd6493c61dbda6b839e2debb7b50a20c930 |
| SHA256 | 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45 |
| SHA512 | c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | 5f3a82c5a70d1c1caa7ca70afecaab56 |
| SHA1 | 7b0047886a994aa1e11b72875b185a5090e05401 |
| SHA256 | bd548ecd4f69284ee36472fd779175ba2918f45aec690bf2b84ef9662ad6c947 |
| SHA512 | 26ba999ff62887c30fc3b3f6336a61702026bd6f8227104102ed79aff6788d90ade75991d12206d0962ddeba6f6d784703f13231e37afe62f68756a7a9ec45a9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | 6f2548c9bc5821becb6c5603798932cd |
| SHA1 | ede26390ea3538aa15a036a1ad45dd3e57034788 |
| SHA256 | 557df91552847cfdb2499e1597bd32c8119b3b082e1cd444a8df814468f46549 |
| SHA512 | 2cc71a83eedea501f4ae89f359d3691b37037a3fe4507ed3d7e553a7ed6064864f976ccab0033839929ef8ab5b40cae92c44bbc6a86005a3710728f049fcaa28 |
C:\Users\Admin\AppData\Local\Temp\Cab9978.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a1719be078b3e038a0c7759a9b77fd65 |
| SHA1 | b0385c01c495aff63d6df0fedbdeaa316ea53363 |
| SHA256 | f9de14d5d9c202439a83e848cb60180dc2bcb3b8e61f3edb795b4508a105e2d8 |
| SHA512 | bcc64099f99d05691f425c29d76cad97660f50f095ef73ca407afd96bd157c261630e09301616546430658b2fc8c3141834d2e35522a344e9c9b0cf0699eb617 |
C:\Users\Admin\AppData\Local\Temp\Tar99BB.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_02C4C6ED250727F9B08935C0A9565568
| MD5 | 9bc48b2e064cf00550fe3b40e471497b |
| SHA1 | 0f0d6268141e4ab284b480040c67a8d9b71e1e8c |
| SHA256 | baaf963fc142f1d5355d0ecf63c8d0fdfc4e97c9e9fdd9c9c917f184f5b8028d |
| SHA512 | a5e45e49056cdc609dbe0aaf1be84a76e6db5e46b3167a5a20dafe155b04fb6db3477b4406f58de9b82739aaabdd0e14e2a96540808c195e602dc50a525ac6a8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9baa77b123d9459c908e445acc7e9ec2 |
| SHA1 | 8efaa0bcfeda5c0455cccd43ce5404b6aaba99c7 |
| SHA256 | 22e05704ec9c783c18e4c7e047a36bc0314f6117be6617bf57bd3d7d9cbcf08d |
| SHA512 | a308d923682a9e334f636887b8f1c70ada26ac39f8a17278e8816cc1b96766ea7a4bb424778c3386e50d5498a19cd68ae15c9fb1cc1481a248347b274c834e46 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_02C4C6ED250727F9B08935C0A9565568
| MD5 | ab717c7b6b80f3c0b144b959aae3d0e4 |
| SHA1 | 578fb3f595898df0d21f22704fed7e75fa780c65 |
| SHA256 | c935ad854ace02c1c74ec48648a46b5b40d8d5877bf44ab8909356e2bfe965af |
| SHA512 | 60e579023b4b77f4a652a53e96c1a30968d3a54ed5e92316d18c90603ee7a469a9da544dc55c6d6198c9065ee6b89242e47ee1ad1d9b5785677fd9e2be4c7ff9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_02C4C6ED250727F9B08935C0A9565568
| MD5 | 7225fcd5efed56c2a2c5470f13b70c64 |
| SHA1 | e9c2ffd3d9b59cb3e8b099d4a7901a0ffe0a9785 |
| SHA256 | 61dc7dab6feeb8772b4664d60a4935d9ab8bf569d31538b54a6d4a50a7b12208 |
| SHA512 | a1d574f15e9c9e0b6ad2349126065b3d60ff862f9e0eab8f4fcfba0c0faa804213dc5b16052784aa1da2dfc67881f224e3173c48f4d14d3b361138c1040c0ec0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_91E41FAE8B0B67645773C1C9A8DB10E4
| MD5 | 01d34b4f3acb8ba55afa29098fd8bf58 |
| SHA1 | 061ba35376c3f396ffddfa9ddb46a204321db72a |
| SHA256 | bb9784259188015c97b9626b80c1645a7041d916e2ae22407823f05e4a018601 |
| SHA512 | 37e1b0e60e8b92681b8a238299733957b7b1a01159d2940efe5bc3c4721129c11d11e292680d6229a5fec834ba3d4c08028c29a5a39c94a54e71a5de66083e20 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5ead7c8dcd3e7c63d22621ae32bbd196 |
| SHA1 | d4f4f24980999d1d84ec4363272e20bd81e4b7c9 |
| SHA256 | 532dee03a647c318180abc501c4e4bbb15fb6219276778e438ddf2022e769783 |
| SHA512 | 8e4a54859ae4d2662eaf57a1e9eacd92bf42458887afa932c5d6dd5a4daf405f9e329bfb4550de3a0cddad2ae3f6642cc0ae6a32b9f0ef4c19e0a0955215bd0e |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L9PN2QMY\entry_scriptV1.2[1].htm
| MD5 | bcd560eba80b849c980a5123047bc8f8 |
| SHA1 | cfc17fc5f3743042a8e00ea8d8b2a1e17a739f89 |
| SHA256 | 5bd1cb20b56bb3ea06d9c3f0abe9223a38e93f3d833df496524dcdebfeb3b4ca |
| SHA512 | 1fcc48ff7443592fd8bc612d9625171563bc1c6a31d825fbf1fa888e4102b1ff0616a425f5d59bb7784a671d86bbf0cb637a98be95de8c94a98dfa9a13349a2b |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U8A9A2DI\cb=gapi[1].js
| MD5 | 4d1bd282f5a3799d4e2880cf69af9269 |
| SHA1 | 2ede61be138a7beaa7d6214aa278479dce258adb |
| SHA256 | 5e075152b65966c0c6fcd3ee7d9f62550981a7bb4ed47611f4286c16e0d79693 |
| SHA512 | 615556b06959aae4229b228cd023f15526256311b5e06dc3c1b122dcbe1ff2f01863e09f5b86f600bcee885f180b5148e7813fde76d877b3e4a114a73169c349 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f9fd97dff12e8c918006307cdf76bf8e |
| SHA1 | ddb233e30b85f8b9b82a6a8aa0d16983d5e49696 |
| SHA256 | e72e2ea990acdbf4de78f69e25f8f70aae19456edb9d3efb4f07bb5b8e1abbb2 |
| SHA512 | 78ebb949772e5c40d1ba8375424770932528992ccf3e913ac013cdc932d444cb83b8d8b35d0c283bfd33e013f3a4a6174c193f53afda9208c250acdac1c3735b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cc7099bc3e5a4edb20c08ea3b19285e0 |
| SHA1 | 8d5154f47e83f0d36f4bd912bc50bc5e58d3b8c9 |
| SHA256 | c3d0d8a70ec4e54dde7e4e8e60c501da1ac09409f98f1b6b9d9cc8aef0196e69 |
| SHA512 | 1c2b2568f9fa1cd0002055e194d9b29362505d420cd7958202090cc49db44640d9881a1c6a08bce6c0c39bdb68f0528a96eb591eaf6e0b701bf8526dbd791e3c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bf53c3326bb66ed59b5bb56100bc4f91 |
| SHA1 | 828a0db6e3fccbd06048b245c773647f503056df |
| SHA256 | e708716a2c8eea511fe9776ed05887134776af431326958f27d1e8b70954d37e |
| SHA512 | 4cb615807ff4001a0a86f949a1cbb5d3841e2d6ff112fe0a2c801cfee188c616a59e659e295ae59db281669a789ea2b16c0c3b49930f8ec6f716cb7c2bf39559 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e0c0ee86aa332a52fdcd6b0d37200873 |
| SHA1 | 6f213a1a8683683099d47b5f26199673a43ce948 |
| SHA256 | 895ba7b969b844e0ffc57bef17722e73ef4afe82c59f974b499e3b65426a643e |
| SHA512 | 6762431466994812b3a3d6ee59d7fe3425de53a1803d1ef0a8a4045a6030e80f1e2a097afea56f2151226f331d1692f0c5c0ce07b126b2bc5e979fec8aa04a5a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3a08f9cedb7f29307fc8b294475f6ae3 |
| SHA1 | f5b1eb6d361f990b2a8661ac8d7c8064f84a40ae |
| SHA256 | c2038b4aebf6a60e739230366fae06f0e9f9bf0b33e3bdd7c73176f85fe3b2bc |
| SHA512 | 1a270f44107af1fe352d3411493c36fa75784bef68185ddbd51224cf23a8455e5038d7198c53d17ba6fdfc2dbf0a4b8503e35c250367cb5206f441e789874b69 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 98431c2d06b47d33baeee197652ba1e8 |
| SHA1 | f7ba14575744b365ed5391d3f1820484bddb6cd9 |
| SHA256 | c8d1602ab83ec475b04c999bdb0b8faa32ab57f429182bcacf33fd6d9084615f |
| SHA512 | a08b9515ba39ad5f4e6aa685b0cc916fa0d7aa3a2165157e88887e8d87993f08f17b717567bcde7ed34599d615c78be92f0df674eeb37a2c56448ea08465b611 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 32235de37c793e2353163f9f1792ed61 |
| SHA1 | 74f9c0c48551a15665c0774e7c09144308581d12 |
| SHA256 | fe612060fe2a022d0712de27a68ae53c5fd7f508b50825683d361369f769e831 |
| SHA512 | 1890c1eeec8bcd6c9ab827b8bd5c5b52f7846aed33ec728658b1889330700394842f8e33d8af23590c1bceda87a0b93d996f99dd4dcf9d2505caac527ce5f84b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bcc7b552a9fefff2c74a5668ec3d32aa |
| SHA1 | f87ff50627fc66afee800a33d37eeb9b3be36ee0 |
| SHA256 | fc001f03c759dbf54a95663dc585382555b19f5fbd41b5b7ac3387329a4117cd |
| SHA512 | 26e6cd11233458f4f4a8abae4bb73ca0acae52c765d6ab24a707da83c8547bcd985f1aacacf558b9226e5cf42bbec46af88a9774fc7392e360ec5e13ea1931c0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2592938e25dd81ca5da93f1f98e0869e |
| SHA1 | c915d397eb4c045f79ac3cae703249730936da22 |
| SHA256 | d539338decd85cfa9dc160078dfc83197af84baa984f68235ef795d008e0b072 |
| SHA512 | 6be8ef097630789b29c5560157b602240b4a4c7ab78bc49c61d235daf2d4e0a868bb3abb1afb8c2fa5ddff5dac6a2dbf1a905d6eb2772dc86e04daad4843ecdb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 18d38f21eff3a31dfa84a3d3522fccef |
| SHA1 | 5e1dfaa11ba25f74312eca2b968d7902f5573d6d |
| SHA256 | 387295e39fa346d9185986853175f49c2c7566ab5d7277f05645066d0c47b1bb |
| SHA512 | d116b3c122213daf1dacb2c6e3cd8933794541c6945be0b39a348cbe8bc065b16dd38b0ed87c26a14e88abd31eeb9d73eeabf250a169f053e061eb0120d91c88 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f0be2b8f59861299a9dcac2136dd20b8 |
| SHA1 | eed64bb43275ad12877e6bf64dc6c6c266f0c2c1 |
| SHA256 | 9990a28fdf227a03af7147fc2696b6cc756293d155deafdf67172fade68b411a |
| SHA512 | 12804875af798cc9840f8210674a87d4a42d5b1abc3f440214859cd27948d6e4365e8bcd0519f9a89263afb0c06beb922de30e091ebbb378dbe37656077a94f3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 30d2499a45e70f942632d12e70e790d4 |
| SHA1 | af1dd034db82b3640e98b5330a6efbf674517ef2 |
| SHA256 | 93e202e8fd07852c8a8db645a838fbfa7acfcee39eb79403a1f8f6a44fa4ded7 |
| SHA512 | dc9bd885578d8ecf0b1366f338b6350179e319be6216d0c69864be81b282df35bc6ae9e51301164fd3e7ee87f133276fb2888fb0535e393a996c43eba67902cd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 465c45f1ff4ee2b5086cbcb9506d122f |
| SHA1 | 3afde36e7080807fabc4a7d7072fc0dbb996591d |
| SHA256 | 50f9b3df336f764a6b2857d238de57725beab29996c522f92556f0367787f329 |
| SHA512 | 13f6e6c858717fafb397913faa4d0afcd42973abcf2ff99c14f4618311d72e1f624da1fbe7ae62057a3882e9a397ba0442bc88e9d446556d20444c0b6b96cc36 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a4c14b36395e1197768a272ded264203 |
| SHA1 | 7b40110b80c0b6aca0abf86c8c87f2ff015ecc19 |
| SHA256 | 7fd1c7d397e552bf1255c80cecbbd04ffcaf4e31374a9e766d2b2c380da0493b |
| SHA512 | cbc256284dffa1202b7729050f238f6add8b3d380b034956adcaf7d0ce1e6e94b5c9b664a0ed7726ab50f2b634849b7482e776dee728211dfe399078f482a2f2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 37a9c9d737eb22bab877a219de8fc57e |
| SHA1 | 5e1ec50a907159a8f5ee046db393ff9194d487ce |
| SHA256 | fbb2e440752186753803502cc6c8244299bd226ce1d021ad4855e6c01c3435af |
| SHA512 | 6018ce93b06726b477ad4165a6216b672ba6590c8825c07837cfe966c5c4c52eaa7d65a2a2d0d8c17432c94876c571725a6b37fccb66ba1a07b45d9a3a800418 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 068250e31a6008ed65d09fe704f9e70c |
| SHA1 | a2d311f7066a16ecbbfbba7a2944d04c1d0d0297 |
| SHA256 | 0a2716247b7346064b959c6b14f0703f6eb17055d21540fda1dec9842686231f |
| SHA512 | 64597552b87a78d46702c2f465d510e6c16f0c7b878bdaed238aafe637b7a65968838f62cecc45e102a12c057eeac59f6f3a98f8f24ffc3383fae5bf80b52f28 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 7f36e402ede08214812034affb8c0ae4 |
| SHA1 | 17d90861d09ef64f86850336dbf428e46c1ebccc |
| SHA256 | ccdac16075a67487cbc1101e075f1967bda2adf03bbf06069c7049979a0d6e34 |
| SHA512 | 2cd978a4c7078eecb6913a06d4422057df10695b1012e51d720839742bc71bb8b7693cf77aba2164f396a01f5b6c23e01ee036cecb46d773c1e53838667d1f25 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9324410009921b191c026e3504f1edec |
| SHA1 | 3cc766c3cce9b71739d75c63fafd99dec8b87929 |
| SHA256 | 514a8f3a6e370ca254077a8ea1345eb79a46b99d6123fc74682f24e0ceb5db23 |
| SHA512 | ffc6120b52e354734c4a6b78bd8b96bc8c0f4959f573a77eebd4a139f52bd39a8bd49e3f991e073d82e977afc2e4c22ac6032e1cb421c597ec3c736c5fb2432e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | af4102ec0dc380dc33aadd33fd0ca931 |
| SHA1 | 116dfc15be8548e9f79fe57dea024e885295ba02 |
| SHA256 | 8ab91901c53c479fd5658b0639ce37cc9250d6a2ec354cafd51621649ec708b0 |
| SHA512 | 85f237e75ce999f62f816aa6f1bab7de56e3f8539271ad2f4c96116bb81e74e4c1e64bd97f423196f35a2ae9f7d133eefb4fa4a1f3f7694aac160477965d2aaf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1399e8d7b35bf34c4e6c1edc41fddd45 |
| SHA1 | 30410820d5f47c797e79cb1215b8e22fefc81fe4 |
| SHA256 | 5867886cec43741e3d3520f2afbaf2a55209dd0a9e4e51567c3a1478ca078f84 |
| SHA512 | ee611a3069e2824dc10cb97904f80a7fe22f5d74c1786069bb9de253f76ef60df93baeebc605ce81a788a95a5f435cac15ab42745dac20472e714fa9537c4d08 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 31766956bf6d01196bac1c4ba52d8e63 |
| SHA1 | ad071f0ff5a928daff411117896a434c0392ebd0 |
| SHA256 | 490fc6eb35ea325c948f3bccd1af4b8fc9b4842631ebe86a013f840b627b8947 |
| SHA512 | 1a4921e8ec0a2f2946869b818bca9e87beebedaa068da04509903f3a2ddb3e72e950b98a9762de0ceead688a140601654253a3a352c21f47359cd4ff9b80c143 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 735c274b00f6926f95bee2244df677f2 |
| SHA1 | 8c94954f26f89375b617e4c30dbc06f71e6ef61a |
| SHA256 | 83a2b483e0eca5a34cead505ca93ee1a1ae11efcef3dea71ffd0ec1a0aa5f3cd |
| SHA512 | 6417849f58b7d83c7c7272cb792fe9fba2838d2fd7ae81fe514f4b21f666d0cdf1826b77cd0c5a7501c342f18a44ed264b12f0dad73a56a64108df22d3fc0eec |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e404689806201c8e98cee44e1a7092b7 |
| SHA1 | 8a2a7ac86421aff753614ff66b72af420cc8def3 |
| SHA256 | e6a96316783c6ddb2c02356cb63975cd19b4a9bc7a5bc4aaca8357ca07dd22e2 |
| SHA512 | f630c2a35a95ae298c2e358839f7badafc960ee27b708a2c4eba9c188a32a598825d9d50a11a1479856d05e6276fe9ce283d549893bd12ec8470fa2da0284a75 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-29 08:53
Reported
2024-05-29 08:56
Platform
win10v2004-20240426-en
Max time kernel
148s
Max time network
152s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\802b9f4abddaf74c22691055c8a9360d_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc8b8946f8,0x7ffc8b894708,0x7ffc8b894718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,7776431266599769476,8230474271840536483,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,7776431266599769476,8230474271840536483,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,7776431266599769476,8230474271840536483,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7776431266599769476,8230474271840536483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7776431266599769476,8230474271840536483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7776431266599769476,8230474271840536483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7776431266599769476,8230474271840536483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3636 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7776431266599769476,8230474271840536483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1992 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,7776431266599769476,8230474271840536483,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5772 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| US | 8.8.8.8:53 | lh4.googleusercontent.com | udp |
| US | 8.8.8.8:53 | cdn.adf.ly | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | lh5.googleusercontent.com | udp |
| FR | 216.58.215.42:445 | fonts.googleapis.com | tcp |
| FR | 142.250.179.73:443 | resources.blogblog.com | tcp |
| FR | 142.250.179.73:443 | resources.blogblog.com | tcp |
| FR | 142.250.178.129:443 | lh5.googleusercontent.com | tcp |
| FR | 142.250.178.129:443 | lh5.googleusercontent.com | tcp |
| FR | 142.250.178.142:443 | apis.google.com | tcp |
| US | 172.66.40.139:443 | cdn.adf.ly | tcp |
| FR | 142.250.178.129:443 | lh5.googleusercontent.com | tcp |
| FR | 142.250.178.129:443 | lh5.googleusercontent.com | tcp |
| FR | 142.250.179.73:443 | resources.blogblog.com | tcp |
| FR | 142.250.178.129:443 | lh5.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| NL | 23.63.101.153:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | 62.242.123.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.40.66.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.101.63.23.in-addr.arpa | udp |
| FR | 216.58.215.42:139 | fonts.googleapis.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| FR | 142.250.179.73:443 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| FR | 142.250.178.142:443 | apis.google.com | udp |
| FR | 172.217.20.193:445 | 2.bp.blogspot.com | tcp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| FR | 142.250.75.238:80 | www.google-analytics.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | cse.google.com | udp |
| FR | 172.217.20.174:443 | cse.google.com | tcp |
| FR | 172.217.20.196:443 | www.google.com | tcp |
| FR | 172.217.20.196:443 | www.google.com | tcp |
| FR | 172.217.20.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 238.75.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.adsensecustomsearchads.com | udp |
| FR | 142.250.179.78:443 | www.adsensecustomsearchads.com | tcp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| FR | 172.217.20.193:139 | 2.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | 78.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | groupbaoloc.blogspot.com | udp |
| FR | 142.250.178.129:445 | groupbaoloc.blogspot.com | tcp |
| US | 8.8.8.8:53 | groupbaoloc.blogspot.com | udp |
| FR | 142.250.178.129:139 | groupbaoloc.blogspot.com | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | b-templates4u-com.googlecode.com | udp |
| FR | 142.250.178.142:443 | apis.google.com | udp |
| US | 172.66.40.139:80 | cdn.adf.ly | tcp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| NL | 142.250.102.82:445 | b-templates4u-com.googlecode.com | tcp |
| FR | 142.250.179.74:80 | ajax.googleapis.com | tcp |
| FR | 142.250.179.73:443 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | 74.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | b-templates4u-com.googlecode.com | udp |
| NL | 142.250.102.82:139 | b-templates4u-com.googlecode.com | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| FR | 172.217.20.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 163.70.151.21:445 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| GB | 163.70.151.21:139 | connect.facebook.net | tcp |
| FR | 172.217.20.174:443 | play.google.com | udp |
| FR | 172.217.20.193:445 | 2.bp.blogspot.com | tcp |
| FR | 172.217.20.193:139 | 2.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| FR | 172.217.20.193:445 | 1.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| FR | 172.217.20.193:139 | 1.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | 40.173.79.40.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b2a1398f937474c51a48b347387ee36a |
| SHA1 | 922a8567f09e68a04233e84e5919043034635949 |
| SHA256 | 2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6 |
| SHA512 | 4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c |
\??\pipe\LOCAL\crashpad_3700_WNVPVQVEJGDOGDOZ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 1ac52e2503cc26baee4322f02f5b8d9c |
| SHA1 | 38e0cee911f5f2a24888a64780ffdf6fa72207c8 |
| SHA256 | f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4 |
| SHA512 | 7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 67b6740e76f1d709cffab868b8e9b245 |
| SHA1 | 57cb2b0c1642a61f339affcff1d75bd5f0f9dc35 |
| SHA256 | 1cd6b7b61721cae347ecc81de0f8fb8739e7c6e906a1c734a1045f07fdd8a173 |
| SHA512 | 5b4dee0623782e510e3c5ce5fc14784624cdb0f3943e14fe149e960529fe053e29f1d96d798481e3a895826f6da1e44e41af775e95fd4037e6de9c64013ad417 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | face591d6b6fe63f34e02520877a9fa8 |
| SHA1 | f4b1b477a5761b92e3b4e3163bb8c2d6f86d8574 |
| SHA256 | 42812f32edad742986c40b43b3006836b40cef14166fcf74cc48b6ac26c00ebb |
| SHA512 | 8b3e9eb0cd68a2fdec749d251eb6071108efe917184e7ccb081cc4c7ebde68310d8c8fd60cf40f0ebc62614e60d18fa78f539ca437edd9efba3c156da843e16d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | fe0cb549707ea4d4e968a839e6571b26 |
| SHA1 | cf0b1045d14cb4f07b5665b0d385598903dc358d |
| SHA256 | 5812a593571b095e62330fe962dde4cb374e07e6528e6cc7745ff649362bbc9d |
| SHA512 | eedbd859eb0349d8f60ef3010088377847ed95f991ec04a047cd0783685605cfa2df0005f17254dfc1faa9c82117b0736c068a921ccd490424f75f5802b7745c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 52f7c49e25777dea89931052301445f2 |
| SHA1 | 3e92d383863b4809772ea3c0c1f6bf8da6aeb0e6 |
| SHA256 | 556876cb7c4a137f0acdf85ffb739f9ba90278a45881651c870f20ea63ff81e9 |
| SHA512 | 5c4a688e33855d6fb9a157f8af1a4b731c3dac98dda5da0447380f8258824d8c630696e9410b6463fc2b620368c183bd3889e317fe2f83d1017b03dac89ce750 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 826c32468a8b5fae06fa967df5e0aaf3 |
| SHA1 | f14a88e236b44db7ea498aa585282b43f1ebd1e4 |
| SHA256 | 2581b4b57b6d6bba3a0fa126fad03dc621f44ae8c811c7c9cb4514f79bd7631a |
| SHA512 | 8b96d8dc3bee2e00427aaa434ff485fd84d4ad4915ebd641f87bb4f7ede2f317755d712662827a81d24cf933f6e8cd44f64bcec9620f22141c740279e4666d36 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1e3987448ad52170e28c24e44c7b26db |
| SHA1 | fe488abab3a6a7e5ddd0ad936f1ff40779653ec2 |
| SHA256 | 12f735486b95f9865e0c15f6aab7217914c4aae6586b5a4cde14071bc16ead42 |
| SHA512 | 49abe635f688d89859eaa49fa6406b56e7f89771b6f029cfcca302b313ca47127738ebc5481c840b8a90bfbcc98b1b088c624515801872b6b155e69984b0e95f |