Analysis Overview
SHA256
427f8d05cdad1c9f7bbb03929ce64d1a701f424ef9432e53b4c1f2db239feed5
Threat Level: No (potentially) malicious behavior was detected
The file 802bc8e4eba52713fb5906c2d90fc024_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-29 08:54
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-29 08:54
Reported
2024-05-29 08:56
Platform
win7-20240215-en
Max time kernel
143s
Max time network
152s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000aeb9cdce8edf1344a3b7376b5caab2f900000000020000000000106600000001000020000000f29217f0492ed8cdb025be40a397b35bdd135d998a952ffd91ffb92db4fc1681000000000e80000000020000200000003478c11b7fcc630536bde6b69233caf02f9e68020628cef45cffbd4e6a1b739290000000bc1fc1c5b6e430a4aaae05ecf58c0bed2de52a53bfd7dd769321de613ea8eaaee7d519a3b2446f10b7a7e930e689750047893415f0f8a25a98bebf2ae45d6b03a129bf7bafb4a14eb98d6c6d3d7a94251d8cbae68c62581915cb4de09fa093b6c781135b29623df598e3bdac4e82353c680edfdf2930fb6ebc5ea6a6a32e094d2459618257eea23dbddbcd2e4d14f3cd40000000d43505cf4b8e6ca04b92ebb89696b00e68724f1e8401e2a51b14eedec7197354f0a8fe5843c5381e4fee43ff5592d98c5ba925ed82816d125c69e991821bdd68 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{02AF85D1-1D99-11EF-8FD2-F6A6C85E5F4F} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423134716" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000aeb9cdce8edf1344a3b7376b5caab2f900000000020000000000106600000001000020000000d2d2de085bc8d16b1492525fb11eae8b1d34597317052016c43f50c119c0d76c000000000e80000000020000200000002e5729d4106d94af6188cba80e4a08b171c6456a6b6d9fbc683e6c91665966c920000000252d14445d129211ff1185fce01fb2e82c32a0dbbe186c6b3dd4b39a90d71b9e400000002766af268719436e34deb4120448c3ac1e68cc92b5d22d54bc43463f209377ce48b8d4f1f4bb4849d65de867815373f1b092301152dc2239cff1fff5f36e71ec | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90b4c2d8a5b1da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3016 wrote to memory of 3060 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3016 wrote to memory of 3060 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3016 wrote to memory of 3060 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3016 wrote to memory of 3060 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\802bc8e4eba52713fb5906c2d90fc024_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3016 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.furniturebank.org | udp |
| US | 8.8.8.8:53 | www.midwestrock.org | udp |
| US | 8.8.8.8:53 | hotnewsjamaica.com | udp |
| US | 8.8.8.8:53 | 1.gravatar.com | udp |
| US | 8.8.8.8:53 | www.furniturebankcoh.org | udp |
| US | 8.8.8.8:53 | www.biglots.com | udp |
| US | 8.8.8.8:53 | www.biggreenhead.com | udp |
| US | 8.8.8.8:53 | www.crisisassistance.org | udp |
| US | 8.8.8.8:53 | www.archiparts.com | udp |
| US | 8.8.8.8:53 | agcustommade.com | udp |
| US | 8.8.8.8:53 | www.ambiencedore.com | udp |
| US | 8.8.8.8:53 | s0.wp.com | udp |
| US | 104.21.96.57:80 | www.furniturebank.org | tcp |
| US | 104.21.16.154:80 | www.crisisassistance.org | tcp |
| BE | 104.68.66.71:80 | www.biglots.com | tcp |
| BE | 104.68.66.71:80 | www.biglots.com | tcp |
| US | 192.0.73.2:80 | 1.gravatar.com | tcp |
| US | 104.21.96.57:80 | www.furniturebank.org | tcp |
| US | 192.0.73.2:80 | 1.gravatar.com | tcp |
| US | 104.21.16.154:80 | www.crisisassistance.org | tcp |
| US | 199.34.228.77:80 | www.biggreenhead.com | tcp |
| US | 199.34.228.77:80 | www.biggreenhead.com | tcp |
| US | 104.21.86.178:80 | www.ambiencedore.com | tcp |
| US | 104.21.86.178:80 | www.ambiencedore.com | tcp |
| US | 199.250.218.31:80 | www.furniturebankcoh.org | tcp |
| US | 199.250.218.31:80 | www.furniturebankcoh.org | tcp |
| US | 192.0.77.32:80 | s0.wp.com | tcp |
| US | 192.0.77.32:80 | s0.wp.com | tcp |
| US | 54.157.24.8:80 | www.archiparts.com | tcp |
| US | 54.157.24.8:80 | www.archiparts.com | tcp |
| US | 13.248.169.48:80 | agcustommade.com | tcp |
| US | 13.248.169.48:80 | agcustommade.com | tcp |
| US | 192.0.73.2:443 | 1.gravatar.com | tcp |
| US | 104.21.16.154:443 | www.crisisassistance.org | tcp |
| BE | 104.68.66.71:443 | www.biglots.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 54.157.24.8:80 | www.archiparts.com | tcp |
| US | 54.157.24.8:80 | www.archiparts.com | tcp |
| US | 199.34.228.77:443 | www.biggreenhead.com | tcp |
| NL | 23.63.101.170:80 | apps.identrust.com | tcp |
| US | 54.157.24.8:80 | www.archiparts.com | tcp |
| US | 54.157.24.8:80 | www.archiparts.com | tcp |
| US | 54.157.24.8:80 | www.archiparts.com | tcp |
| US | 54.157.24.8:80 | www.archiparts.com | tcp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| BE | 2.21.17.29:80 | x2.c.lencr.org | tcp |
| US | 8.8.8.8:53 | crisisassistance.org | udp |
| US | 172.67.213.170:443 | crisisassistance.org | tcp |
| US | 172.67.213.170:443 | crisisassistance.org | tcp |
| BE | 104.68.66.71:443 | www.biglots.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab1AF2.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Tar1B72.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar1BA7.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e88080abacf88539760e71de3f428068 |
| SHA1 | d36b4384d2fa4599fc0b15bbbe3892c585971c18 |
| SHA256 | d17d8f9b1f8c9d7c8db7cb1cce94d2f8fcf081966811d7d0b91d4b6a61fadba0 |
| SHA512 | 4d92494d9dc0bed8abfbf700fb500400b54cba8028c68aad53dda17214e825b264b5ececcda813012da2c77e635f3f67dd101fab89a6e2b45d78b9dd15234bad |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e73178604628c46b63068f3a7f3f6ef3 |
| SHA1 | 05303564310ba1e17fa045ba8761e76cb03c66be |
| SHA256 | 3105db7534598cc063dc6fccd3c21a1f47a1e5fa3768cdbee47c02669da46c8d |
| SHA512 | 4cf1a956fb826e0fc0e3cef220ec0e6b251be0c5858f8384f1a7a47ee1ca58bb64a49de906783f7da0bfacd537897c19a0bce9f1449c0532c6c9ab690566327d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 88d55f8fa9d077d219d07616758ec4f3 |
| SHA1 | 9abe254df3c144932fad85690dec7f5b482fcccf |
| SHA256 | add074ac5c8eddeff3a78a330a7f4ec081484365c76791f45e3958d306ebb5d9 |
| SHA512 | 8a777054345e80ffb27e371d8c5b30a110511b7d423369fa4434c275fb5f4e00370567c4d3439494dfc8548a7faec636ef62796ce5f8217aa1b6810c67e582ea |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c08d69434ed605b6a24ddeaa3d3f9120 |
| SHA1 | c5f9efc79dcdb025c12ff040666777618fa5ae59 |
| SHA256 | 09324d18114d98c2ee0c97dae1a45442bbf16d9503705b02e73796aa2d4eb420 |
| SHA512 | f02093fb5c2171c1ca7955fe2835dee4ea2aff84bc4219bb133bb500d879c5554cf9f23844e450c0d18d48ee9bd67346a2024e6f13f868ed77fa5c125edbebf3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 776e47337a3941d01e9b76ebf11ac44f |
| SHA1 | 4c5ad64fa8a42974ada77359dcd5bef7039851ad |
| SHA256 | 527116e4ba385bb9b97524be96bc9e240d83471a1be190761301c7fb2a22731f |
| SHA512 | bdd605270c0dd7da081885622b44637711adeabe55ce286cd753590b2e52df5f09e3c4d4650e3678de6792b64be4b2131d1dd7e1378d0651eb8f2588a95e3f31 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dfc610f3bf28034fb14fa2d49a9f00cd |
| SHA1 | 1e0874eeb80857efc42039bc0bd2402606c53310 |
| SHA256 | 665ee4b4dad64afcebe74d62ffe089a9cc4adbab502d423edc73642212786cc5 |
| SHA512 | 97048ab7cb3cc7ce7297da081893339ccef4a4efef29f570f95e8699834e25c899a244c48ccab89de36cb94ee34a6c737b4138daff64cc2dc13560b5c33dd63c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 370b4d104aaec9ebccad4229990ace1c |
| SHA1 | a017c907ccca6775d8b1d71fa38d41d1077ec91b |
| SHA256 | 3c5eb8f7440bd6773eed75fa2cd1264300cc44c1466f978ed87289b8a41b9617 |
| SHA512 | ec088ced83a4fa2a0b1a0165ad16a124b2dad63a35b7a3be5431239bb41b57beb46125bf8084e493de93d24f6f4298fbcb1c1d9706f81bea75b43060da930863 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8609180f388f97b53bee517a7e237300 |
| SHA1 | c8ca62bd578378849074550d42a2e5b1f8bf2be1 |
| SHA256 | d78f9db4cda98860429364e2db127ab95066b39aa4561251ae71a683552feaad |
| SHA512 | e090508fb52934d826890822226119b870df828c2928381ae1eaf30192b3952f86d0e340670b2bbc8119db3d83fc231259ccf1e7c7ab3d60b0d4029cb05d9560 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a3d7ef660175330f60184be7beac7c22 |
| SHA1 | a37333eed7231c87ae6eacb3c5d9a89f2de9b2a3 |
| SHA256 | 7923eadc448c39b8927499e3390f4c5a4845f9570b4068ed9b7d4fa03d037798 |
| SHA512 | 0cb03b983d8714ff0250504de966ee4189ecef4d1a551a74b357c0ca4116b0cc1cb8664279f22cb6ab6672e482d246fe75d5c1cf435d4667888ecb39d661991a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d3fc21d8347724ebe9ca4b62aa124705 |
| SHA1 | cec8884cee93769060c3fa09dfc7a6ccf8c57faa |
| SHA256 | b6ea8baee133f002238fe7515c385b7424fbc2d29e4d9b4f4e6bb124bd6f5cb4 |
| SHA512 | c4687582fe886d86b249182c8bffa3e981cba3460490291c03e348f52ddeabae6df895d6cc013e32cc3b67d29a96822edeec4bc38cddd34bb49e6a057a309589 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0a54bbaa75e6cf876817b65bbe6abbaa |
| SHA1 | 25f59143a90ea47463d3d100057bc8d43ae50e6b |
| SHA256 | 2f7efefb0f331e3eb47dd29856d6d5f954592ff4fa129a468a3530969e4e00e6 |
| SHA512 | 2ed4744403079c27d443aa47a6989dfce3ca44fe389af9bad138536c5e9bc04645396f840de162b62e6c8b04e68aed7521042dc030e7b7426b24ff31c509ade2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f563054ba8850bb3ecdf28e40cadadce |
| SHA1 | b63f703be66b0f338e5b4dcc99831a1a70ba8c9e |
| SHA256 | 9bcfcde34563c7ca5dac8078636a23ea079308c85d96fa10bb28d7f17ac8c47b |
| SHA512 | f7a57075a6ca97315a45b5b0dcde38b6fa97a9cd7bad04edd96351b50781122bc361da6fc37d0b0157bf0af647826719b9d0bf9160eaa253ada0c4ceaba5186b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 370d36fe9344f9a6e04f17bdc3033210 |
| SHA1 | 70fd318928cabdabd4bcebce53b63b6cdc79e54b |
| SHA256 | d80d01608f5b2e573550c5442b129c55aa9c16a2886ed9c11c33532bd1285583 |
| SHA512 | 15820c04fa846038336eaf5199f823c7af7df72c9381cc551aa26f8e8c8d714ce8cd98a50c3b8640286cba26df55d9c62af1e21c6d38445ad06e82662192b12e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a2b09b470a9cad523b9c51a91d35b6ed |
| SHA1 | 8f1e0a825bbac4907048851cbe77a5d2194a7b52 |
| SHA256 | 09b8ae9bc7beafbe4d75bac11063fc7672c62492836eb555511309e3bccd4a96 |
| SHA512 | 6141bafc8435458331a8d668e561d2f74ad4388018fe1ebddef91849eaa14ea878bd63a66c1c9f1bd7e30c310b9466e1a629db5d97263eb1ad85613dd551625d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 60c8a141b2a11ecafcd7b6d1db07c629 |
| SHA1 | beb04b86391ab9dbc264558268c0d2b8bcd8cf72 |
| SHA256 | 3a3fe32b055f814015b99006724c3e0523d2005f43972d85945762af933d07b3 |
| SHA512 | f4a61a12248b824e5de1b7c2eb6bc5df6e23c94f555b76c2c62c950bb6c554d29b8d1243c579785993976396062cb7da284d23fc062e0a84235b327e659561b3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 70aaef81cb65d1b7906af0dffdef487d |
| SHA1 | 0ce1bcc8f7b3f1ba6336155eb25f14c56612c775 |
| SHA256 | 254646d784b61d4a930f93203063fbd427a9e6e06211b99fbf7fd36cdd991a51 |
| SHA512 | 2e83d9fcf1fa02569c45c10b94b01a13a600547d081db9b2851f0042ab4060cd5de2928a30b9376d0ed4109a12b86992d3656e6424548c8a969ad3cc269f8500 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a6162525c4fab37fbfa74b04c2d2016f |
| SHA1 | 5ad3e1a9bb4134eb9b2a722d40a2b228dce96df7 |
| SHA256 | 7061d55e4f01df1c5132646661149fd2bce037c4341cc7ad2cdb51acafdcc5d3 |
| SHA512 | 4ba70e2be333f15ef27c6a92cd706a39b19d3aec20be73afca7329d714738f141c9e96385f005fc5d6640bf89daad1b307d4125926b97925ba9027146b1516b2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cec644a062fe54d9e279982bb0f26027 |
| SHA1 | b2d10746c2bf99ba85653952a69f4dcbc74be041 |
| SHA256 | ec9074c96f072131f272f2d1fac9799274ec5cdfcd791c00df32e209c5e9208e |
| SHA512 | 37d46e4d50c9f9f0c3584ea98be4b9f2c06609089b200e3505ff9e880af534ed019381fca4409d2ff867d0951a90366558efb191bfa3f4176bef877fdeec117f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | af626d1b6877675c0262337039758356 |
| SHA1 | 817d3db9501731dca033a267b7904016460233c5 |
| SHA256 | 476af4f844d96e173b791ae7ba07b44dcd8953b5a033fb2fb03a2423c2069f0c |
| SHA512 | a19ab9da3b4ad6901e39908349270540dbeb655df454e62074da8369e87ffaab80ea35f8c3fa259c35d533ac05d86190ecd808773700b308660eb79ae5cb1b4b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 34e1039210a7675d7f640530121d9ece |
| SHA1 | d0a85b7258c6d4de35f2f97a2498b286f9296d72 |
| SHA256 | 016b40aec711c54170c6e46ac9179e27108d1fbcc9ec5a87a8415ddb9ce74d16 |
| SHA512 | 8de40e5e1bd35780210c4448c94a25e4b22a99028ff709329c179b8acd11e1cc6468e80e12eb67718c5b387817b5796bfcb52d74d507b0bfbd5f1b617d83e16f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 58a642b9b227bca8e976e9ef12adfae4 |
| SHA1 | 7397a55d186454aee7e5cd2c9f1509dc3410b415 |
| SHA256 | abe71473467157c5c6febdb7541d9d4fe45eb76e39d721cfeec46de4e3ad4eaf |
| SHA512 | 67970dd1cead318ef4b79df5bab4fad06687367483c0a2a6460524f0b761f9fec2d0abfde56045ab86b4e824d63d4f773ac86ddde2ab4bec918d94afd6174d3f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e89b1ddc9b3b08e742136e2faf212d6e |
| SHA1 | 4bdde7bc2bda42ac6ffcce3a257f96e69af58a08 |
| SHA256 | bf3867083ff517e3bccdee0ae7457a4305482e19e217948c14f5fe5cf6d7453e |
| SHA512 | dd63d7a2bc963f9671de2eb0f8865a54c28da1fba4e0d6abba90c922604e120027e387e37cfe3eef61dd56747d0e51efd3b8fa67549feb0e5cd9692547e2ad98 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 83c1a761442abcdededf09f8b4cdbdcd |
| SHA1 | ee664aa9d93faaa9168d7a2758119d3178a7904c |
| SHA256 | cefcdb0013c73bc8d1a0e294a9637e14d049ca50ca9c4648ae8b21efb0d16ee1 |
| SHA512 | 8dd4515d11435bf7f4b2ba2bb8bcba4a42909a94b27fafa8c550bc8dbdfde22d3b6590186c4dbbf04c9427c6a431102814f816a5c23fd2555282dae29e39bf03 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e755912f31908c9f1b3b35075679cb37 |
| SHA1 | 849313ea67e98e593ff0710ce0630fcae3dcd5da |
| SHA256 | 24c59b52e22851f5d66e7af098aa9a2bf09f62b9e38906ed7c63c86f64d30889 |
| SHA512 | f44922a0d7c4606fa814d0cc7625c2eaef218010d74e78110fa5d8d90bb72c2308a881ac7c84fd6e6c600e28c95cf0ec276dc873d2eaed7e029820ae199d109b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 288db9d72a535645a69da728db7c4346 |
| SHA1 | b36f4dc0167356bc4f2ac2c6fbff2e1af9957c14 |
| SHA256 | bf909178902bafb0e723c3913eff51b0e26620cac9b1cb3a21b2905b192bff5e |
| SHA512 | b64b952844427adbd839bf7cfb17011bd1aa6cb32ff22a4ad6e5d161d7b30898a89453265221fe536662b324076176ab343886749dbe299f7247a34edbcfced5 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-29 08:54
Reported
2024-05-29 08:56
Platform
win10v2004-20240426-en
Max time kernel
149s
Max time network
152s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\802bc8e4eba52713fb5906c2d90fc024_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb236b46f8,0x7ffb236b4708,0x7ffb236b4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,14323494674504781436,7250852113513355059,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2324 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2208,14323494674504781436,7250852113513355059,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2208,14323494674504781436,7250852113513355059,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2396 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,14323494674504781436,7250852113513355059,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,14323494674504781436,7250852113513355059,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2208,14323494674504781436,7250852113513355059,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5184 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2208,14323494674504781436,7250852113513355059,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5184 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,14323494674504781436,7250852113513355059,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,14323494674504781436,7250852113513355059,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,14323494674504781436,7250852113513355059,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,14323494674504781436,7250852113513355059,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,14323494674504781436,7250852113513355059,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4864 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.58.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | hotnewsjamaica.com | udp |
| US | 8.8.8.8:53 | s0.wp.com | udp |
| US | 8.8.8.8:53 | 1.gravatar.com | udp |
| US | 8.8.8.8:53 | www.furniturebank.org | udp |
| US | 8.8.8.8:53 | www.midwestrock.org | udp |
| US | 8.8.8.8:53 | www.biglots.com | udp |
| US | 8.8.8.8:53 | www.furniturebankcoh.org | udp |
| US | 8.8.8.8:53 | www.archiparts.com | udp |
| US | 8.8.8.8:53 | www.crisisassistance.org | udp |
| US | 8.8.8.8:53 | www.ambiencedore.com | udp |
| US | 8.8.8.8:53 | www.biggreenhead.com | udp |
| US | 192.0.77.32:80 | s0.wp.com | tcp |
| US | 192.0.73.2:80 | 1.gravatar.com | tcp |
| US | 172.67.173.151:80 | www.furniturebank.org | tcp |
| US | 8.8.8.8:53 | agcustommade.com | udp |
| US | 199.250.218.31:80 | www.furniturebankcoh.org | tcp |
| BE | 104.68.66.71:80 | www.biglots.com | tcp |
| US | 104.21.16.154:80 | www.crisisassistance.org | tcp |
| US | 199.34.228.77:80 | www.biggreenhead.com | tcp |
| US | 104.21.86.178:80 | www.ambiencedore.com | tcp |
| US | 54.157.24.8:80 | www.archiparts.com | tcp |
| US | 13.248.169.48:80 | agcustommade.com | tcp |
| US | 192.0.73.2:443 | 1.gravatar.com | tcp |
| US | 104.21.16.154:443 | www.crisisassistance.org | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 13.248.169.48:80 | agcustommade.com | tcp |
| NL | 23.63.101.153:80 | apps.identrust.com | tcp |
| BE | 104.68.66.71:443 | www.biglots.com | tcp |
| US | 8.8.8.8:53 | 32.77.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.73.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.16.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.86.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.66.68.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.218.250.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.24.157.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.228.34.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.173.67.172.in-addr.arpa | udp |
| US | 199.34.228.77:443 | www.biggreenhead.com | tcp |
| US | 8.8.8.8:53 | crisisassistance.org | udp |
| US | 8.8.8.8:53 | 153.101.63.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.169.248.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.116.69.13.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4dc6fc5e708279a3310fe55d9c44743d |
| SHA1 | a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2 |
| SHA256 | a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8 |
| SHA512 | 5874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13 |
\??\pipe\LOCAL\crashpad_3500_MLCYDCCQVPOOTXJQ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c9c4c494f8fba32d95ba2125f00586a3 |
| SHA1 | 8a600205528aef7953144f1cf6f7a5115e3611de |
| SHA256 | a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b |
| SHA512 | 9d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e98627e498cc05fab1d9dc093d8ef9b9 |
| SHA1 | 7106e3ef2bf8212540c17fff109c414e7d296126 |
| SHA256 | 9dcd01f7d23a9b935facc68921900979e024ea7af2d5c214c7f58283d35ff780 |
| SHA512 | 73841332d2ee1c8d86bb985fbd0d75a35ac7437ef3655c997fb636b9dc29dfb767141ee08ca321e81262b464a73c816aecbb67a1a9f3585993811a98259534aa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 95fa9e3fa1ff1521b1a5c83015c84618 |
| SHA1 | 303eedc522aba1636055cf5f63df82e48c3e77e0 |
| SHA256 | e7b12070ac201bec65fd4575e0a0c528094c02c909443ce9d59c6c8e22083599 |
| SHA512 | d9ddbdd83df6588f59af1500728e511a57c08400829367cfd315c7318e36857c96afe8db38d4bfbd3315767df0d517a5c56c4115774b4d935aae5fa93a5c893d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | fb13a0e395546a11aa081f114e1de22a |
| SHA1 | cc1fe95190c18f7156e6c5047f1b615a414b1dde |
| SHA256 | 9316b9be840a5a3fcbd4519473cbd24f1b906bd5e2c62616f4f74d1019056b41 |
| SHA512 | 8ba9495f300363c49353225fe0db9306c46879e8c626802030414af496d64499471c7b77079e5f948a4478634ac59b79587bc605cd1795bdbec97f5e80bb4966 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | da719dfbd9d27b338f004c008d05dcee |
| SHA1 | 284e6a610305a14552bb1ed46543bcf543ff1fc0 |
| SHA256 | d2a891b08b4dabb057ca243881fec7c4b48da957002c92ff1404bf5521226a3c |
| SHA512 | 8c5db70bac8b011e370b2ccf957006c11b279f442f620a53f5681f5119dcd4ba8046fcb79ada9251ef76423ed70107e86f6f39b784c65d4cc0a32d7225a3755b |