Analysis Overview
SHA256
3375769a9bcf444ff676d3c9bf0c1f989751509cc1c7368c99a4671c3fe1510d
Threat Level: No (potentially) malicious behavior was detected
The file 846e9a32339a934684570ff2cb7f58d6_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of FindShellTrayWindow
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-30 14:14
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-30 14:14
Reported
2024-05-30 14:17
Platform
win7-20240221-en
Max time kernel
118s
Max time network
134s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000030ed59e589795488b89aad3d9f0f09100000000020000000000106600000001000020000000f1871054a69de7342a6d0aa1812f887f0c1639f0106b47c1273956d837823b07000000000e8000000002000020000000b8ddc6512718b16c54bc5608a2c299769f9a7aa9ce40afa5205089829a26b4a5900000005af377fd9991d0a77e8676ab42448f3fba0a7ee31ff39ebfffb2d371b5c17296fc6131e712498c855c040661e6a748e3fc2330ec9635c23ccefe7b6d9d52b2e925f38acdf57cc6238fccd777b501a7ce47aae0df5cac749bbf5fc9b3d69a1b60ee8cd7ee5cb7e59550843a712620447fa935436cd9f340534e86e3af40cb0f2a75aae82c8241cc6fec6ed1ef5986cd45400000007182b13d1daddab0eee8800a972b2eb82175b0aa29c59435c8bc387f1587b127e0907ae56be1ba9e2ba1c9b9af41fb24b85141f772d3938a5c7bc5d7e855e46e | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423240351" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F4EBBCB1-1E8E-11EF-9511-66DD11CD6629} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000030ed59e589795488b89aad3d9f0f0910000000002000000000010660000000100002000000065f006f1355a25f1d71bab7177fe05f22a72edc03549f62dc663d72bb179e74b000000000e800000000200002000000010fa60c59fdab03c050f741913c4c72a8251a1cab9664b8a7e3d420ebdc888cd200000006284a5dcf7fbaa54165dfca88db9e456969fb615b2774c08f4660e05572bad6f40000000b3fee51fcddc462d9b381071c1dad19a4a4ab0d45c06101959cbf7e82f0782dfc0690a1fa8055edc273fdbc889a3321752391cc2c3c9e861a8a61471543dcb09 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 804438ce9bb2da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2008 wrote to memory of 2252 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2008 wrote to memory of 2252 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2008 wrote to memory of 2252 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2008 wrote to memory of 2252 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\846e9a32339a934684570ff2cb7f58d6_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2008 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | purchasearearugsonline.appspot.com | udp |
| GB | 142.250.187.212:443 | purchasearearugsonline.appspot.com | tcp |
| GB | 142.250.187.212:443 | purchasearearugsonline.appspot.com | tcp |
| GB | 142.250.187.212:443 | purchasearearugsonline.appspot.com | tcp |
| GB | 142.250.187.212:443 | purchasearearugsonline.appspot.com | tcp |
| GB | 142.250.187.212:443 | purchasearearugsonline.appspot.com | tcp |
| GB | 142.250.187.212:443 | purchasearearugsonline.appspot.com | tcp |
| GB | 142.250.187.212:443 | purchasearearugsonline.appspot.com | tcp |
| GB | 142.250.187.212:443 | purchasearearugsonline.appspot.com | tcp |
| US | 8.8.8.8:53 | tt9.azurewebsites.net | udp |
| US | 8.8.8.8:53 | gravatar.com | udp |
| US | 192.0.80.239:443 | gravatar.com | tcp |
| US | 192.0.80.239:443 | gravatar.com | tcp |
| US | 192.0.80.239:443 | gravatar.com | tcp |
| US | 192.0.80.239:443 | gravatar.com | tcp |
| US | 192.0.80.239:443 | gravatar.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | ac89a852c2aaa3d389b2d2dd312ad367 |
| SHA1 | 8f421dd6493c61dbda6b839e2debb7b50a20c930 |
| SHA256 | 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45 |
| SHA512 | c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 66d1f71702c1ef556dedf6366558c482 |
| SHA1 | 1351a8d97e101fd17381d7d0dc232af4b08b86c0 |
| SHA256 | f001a03aa71c553fe7bb4e9fe8e42d495ae726c657d8542ff8f1a6041c1be8f4 |
| SHA512 | ba6909f4997d6ad9211a5d660c2c4ef2a0cf5560f49f0b21c353ee4e400ec06f625640a46ac1300944d53dd2c025f9c10467013a15857d9f7946c5206b7cc672 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_E837EE9836AA5AE0B3C2CF03FAF67F15
| MD5 | 98679fb5a17d6015af1ea05ec0be1033 |
| SHA1 | 52714ef5588732e1f09499b6da6e2e727433f3cf |
| SHA256 | ceb8efd2a77edd7a8bbca9c256237574cb170ef21c59e5f6b5edbfbe89539306 |
| SHA512 | 53d18bc764caf6846bcc51f0899820a38240f97cf050d299943d54edef3f138db36460bc6d33c99b4e93b07674d1ea256007aa7eb7875972a0f88b5a5bb2c1a1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a7ba87938cfaaf85397910f6d45f17e3 |
| SHA1 | 545d1a7d2217d786bfde0ffc2f504012bf71bfc2 |
| SHA256 | cf2b2713c4af9a6c0abfe97acfbd018e72a2f34bb14eb746bf6b9c526f1fed15 |
| SHA512 | 4f0da2796faeba1a95fcfd6b2112911dc6a58d6ef8d27776c452a1adec61517e867315540cf7143032fc80ae3f0825613183a3a08c83389575c5e25d82325fd2 |
C:\Users\Admin\AppData\Local\Temp\TarBDB9.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\Local\Temp\CabBD97.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarBF1C.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ddbb057eb291211d8c58d5f8b6c0cef1 |
| SHA1 | ea652f713afccfdb9265ac5f74032c6a0eb8d174 |
| SHA256 | ef7e999131517daade61334e29f2046fab5d11a8a88e1d8b1f99081d8762821e |
| SHA512 | becc68a086ae184580c8d4b1fca18d745698c8fb2b655a44d8b3fd04eb3e2a6db748a3146aaa380763383b9dd6b017e76af7ee3bc5e615127aeb47c40b482c71 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 52d25840e68b750a76163d100547a089 |
| SHA1 | f89d99317134588398185f71f176157b572716de |
| SHA256 | c4b952d983feee8444d811fdda78f62974dd5cd2692b8841f7938705deb22b54 |
| SHA512 | 0d08bc7dd833050ed08518f1e188e88d97dfdf83d0e91eb96ebb7f8d2a2c7a305643992b686b0002b62fb44aade1918ad3550509a47801a21a0a4bad69d0117c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5080e352c2207008071e341664c18fca |
| SHA1 | 5dc30c844885559cecf83272aeb4e8710f37cef1 |
| SHA256 | c553239d8465298227ced9de482d75093d194a1efe08f090a1011c69d13de0e3 |
| SHA512 | 97a0a774b7a46e86a571a6deea677ef79640b104f7918b77ee72f8a8eec5ab00ba14939ddb13f9133547a83e1d07dffce4b4bfb6138611f98a5fbd030853f5f4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3d3bf0138f4dea83ee428cd736331b6e |
| SHA1 | df0eac77d52c6231932b3920c913e0703a146f67 |
| SHA256 | e785499f1846e81d21982d52c37ff02d57d9bef65e14264f01d325f21fbab2d9 |
| SHA512 | 59bcde3d5e7771e8b69de0620db90bb0c458595fbc2d1b7978522fba987030422b4bf9a2d8357791f956b4d33455cbc4248c0a12a4b9ca34fe264fe754f7e0b6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bf690e7efdb42393f583fc46be3d9527 |
| SHA1 | 9e0845e436134f4435c6fe0c281f990c8f2fb6c5 |
| SHA256 | 855398e54d915130994f428e768af54e87024b2e0725ac5410f3d7c9c0bfe725 |
| SHA512 | 44d404a12e7f0e13824cefa16b125cac9d77432f65a4e48d82a05cd4bc47f3f21c616c8cb70c1bd906fe4e26f85a168223d3d95e818efd44ebd8882f1cebf534 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a548ab9bcfedcb9e373127c401011767 |
| SHA1 | c41f5c8c762f217d46257497d9588fd6a6f6e49e |
| SHA256 | 6e9b879e7939b22484e1bb51ccbe5fcb20a864afe65dde5a358a6e95cb5c5dc4 |
| SHA512 | 988e29de5f4fd222537e7f4a9befd497be18622a71627335b0ca69fd3328d11274612db80927ba521bc7cf4ff9e2b1c051d5cf71f1dd03c705ddf72875ce3a30 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7a92f0e39ef3c7310f70db139fa73656 |
| SHA1 | f20d715d71c477cb636fea11016673031e4e5517 |
| SHA256 | 3e32c843482eed435aed5d2505fff7c4f73c3f61f9859272b92dde744738b85e |
| SHA512 | 21cc5f61fc3232708a74e1b60a78f06e0c05a18ad9a3129cf08b1ea8cf8bcfe475aee4aa470cc2f7073042525fae91314dc26eb4cc0ab0778bc0a6cbec4604e3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f585490c60e7743a026edbc623cc433b |
| SHA1 | 6398aa8ef21a8ee7793084dcdd52662a6c093e35 |
| SHA256 | 6b0e40baef2c35ff0148eafae26ef0b7e150eb9afe6e4629e16d08b105e87070 |
| SHA512 | 6325f250921976775a492ae504bc206be1ed765f15991801db4410f93bbb530f61a869f260873b44fb45f55cba941567ec978c09e8ecff3a5cfbd58edfd48047 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2f00c565818c9a7b6c0bce0888d3f0c0 |
| SHA1 | 6f291591230f44fbf471fd4b8b8ce75f2209d3d1 |
| SHA256 | 230f33472e1a603ade6b44b6fab21295deed8831589f134571ff37527dc7a940 |
| SHA512 | a67f743bab4cecf5e00c06e725ef09be24ef3315a30c449758f69020cec67a562abd597648fb9f1b45ef73ff54e048ab16fd5999d7fc543339e4f744de45dc74 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4d3ac0c4d80f52b1fd747c4ebb8dbd07 |
| SHA1 | 5a56a1ec9ea04d03f4ce940a5c1c393e2c9bd707 |
| SHA256 | 73ca6e3a4405565a8dfbcb8a99ccd9421feab0ace99fc5e6eb118479ffdbefd9 |
| SHA512 | 3385649336d08dba7480e146ee1485d67f01529f58d72ab0e69db574fe263031482fa3cccc471fd290e170c96268f14b1da9ec2e24d89baa11481c40afcc6332 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b2520105f079c856689de0eb1fd68e57 |
| SHA1 | ce9ed885c5d32a303faeb5d3b0d8ed62270911b2 |
| SHA256 | b41e321fe1acf13d842baea853e71e5431a4934aa8d33295c98eeb5a41dbfef7 |
| SHA512 | 304593ae80f00f6f683a054841de9785746cf489dac22363e8dc43a8c349902f353813f4e239103d49105e66dc451062665c37011a40e68a2b76fe0b07f9e2a7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b17f1a04cfdb84be0bf610bfa24fdffb |
| SHA1 | 2e62e7af6129b59723f68264add2683829648eec |
| SHA256 | 3bb939d5222e4675aced10aae6eeab4e1a211c5df943137e039f6f4631b57a31 |
| SHA512 | d2965cc6ef8624954b17dba219dba3caed1551b32d97476fd4a76794aaaa1a9465d159fd6ac346c2f59b37ce70b0195ad87a16da0eedfcd61e8486dcb22ced0c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 979ac232409116ce27e426d6b72d8bd2 |
| SHA1 | c4902d8c4a1007a1b4c32a475f893daca3b2da45 |
| SHA256 | 1ca1a65744ee06fdc88d70f04e13a06b65b4644ed9b3ea3db98e3b1fd23ca243 |
| SHA512 | 797dc43b97205f0fa338ea55b2ace365331dca616a3ea84ff7ae5aaf6f2393e437ca923013883a9a57b8e7bad1e0432082831186fc1faaa369fc94d183e66867 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5995887154f220e1e35d7e678ba42815 |
| SHA1 | e9e71f67460e8f42d78f315878cffe6afb76e1dc |
| SHA256 | a4328f99085be7a1a0c12a291aa9edb4b29032665ce605a05b52a858282fa12f |
| SHA512 | 7f531a4c2f7e5c756d0460e15547911e21847a76468818c744576c4cb84eea79169c3ede91b1c856d94d7158678300dbada7eba2c7bd03220d30f333a514c465 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 32e416f7c69f0ad869de3409cd8bf6c2 |
| SHA1 | ccf0c2c05b91ac0e1d95b8fda7f928ea561ef0d6 |
| SHA256 | 0916da42a341255cdb4be890c2a6fb1f4a4505aecba918bbf8cac800f143c64a |
| SHA512 | 6381f8aa3b398ba6e2c441576565b32511d3498aa4431c4a11e29f8bc7548a345eb9691291ced7436e6f5731809381eaaf3e0158264c7d9ded62f2f4a22b05de |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7307a3898f054fbb2fb27606651a95c5 |
| SHA1 | a56f62594f79d52b3b9e9ed36d06cd84200a7f97 |
| SHA256 | ef93754595e000becc4f6140b69fffae53d7bd28c88c4dcb033038137dfdbc62 |
| SHA512 | 006e82592d003137613ac58f9ea4d732607e408d3b9226b21d0cdd15637e9dbd71a5a775970fc9a4490c48e1ceaba5471448955ddc9f9c6a6a6f002565520658 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7d9ba45db6ebbfbfacf998a5f7ba8454 |
| SHA1 | d239dbf3e5160019b1554c887127871919f23d3a |
| SHA256 | dd6dad238a905c9ca971333fa24b619626be0458fb75258adee33743e4289914 |
| SHA512 | 791420e26f4bd15234a86bae23e700fe569ade30146236d8962db2bff8b0f7c25b4d6628bbaa6e3572320e34c29f68d2e2f14914d5cd95ef7e16c1c08beb6672 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a0047654a2711e59b30578e621afe955 |
| SHA1 | 43cb3605d1b7062ae075c06e6dc8bc247bfa1f69 |
| SHA256 | eda3e7b5429055fcee0d89a69165fa13847890cff7ad92d649ef43282addeacc |
| SHA512 | c1cc942a295fdd019382603edcf504c4efde5078491f9c8444d48dfc758352741d68e2e3d4c460d9db011039453d186c680ebbc56e557ad0019e9b9d6bc67d7f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 27b5a3bd92fe5a7718e46ea0f85d7b62 |
| SHA1 | 67ba0cfbf85fb68f49f1cf13d1b11cdbf0e3121d |
| SHA256 | 49dcbee018e0a2df22b87597e529f9882cc37ac6e03c13a24723f20f5acc1d15 |
| SHA512 | 384c2fddefaade463e6730b14c4d1952518aaf88a0221e297c9b1ef9403f70684de213e5366fc1336d765a0f4a04d7786478e61043165c6b0a743c17ca80c5cb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2ecf20cec5059fc2f0ed7ad4f01b7ce7 |
| SHA1 | ddf2e909312a423251110c19cff9615687eaf0c1 |
| SHA256 | 71fd998162d24fbe8c2038879e87558002d773952bfce59132a6544af6251568 |
| SHA512 | 6b99dc13fdcd7c4a75f9d9592ac4ce3c023ee101d4c8deed214114c04e173f1079def27711b1e6c8eaffc56b5453c99de4d9fcc7323e2ce775ac10fa54406af5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | c5e3f5b6575ad07579ad13f8a5afa3ec |
| SHA1 | 2b5017b658bc92d3d2e6a245c85ead9b9ad334d2 |
| SHA256 | cdeb3127f7b1366884e3fbab1778187b77195b5e8dc22aedeeb75ad0e761b7ea |
| SHA512 | d31600452079492862bdc3b8729c8e04202f2b6cc5818b699179d32b2fc43b12ff71b4745c9005269f6056c4979256d62639c0a6b0734a0c1a27e360967b2e08 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fca0000e5545f2acaffac011394cb4ed |
| SHA1 | 5ed0c3044e77654217ecb01197b043a29d781038 |
| SHA256 | 30f968a96db192874f372a846ebafee267329f6347c7d489e347d6a7d63687b2 |
| SHA512 | bb99b8a8fc3d3e92e175913374d43b388a2d26915e663cfeba042eb6ef480ad5fa86a1df7036f4c014a51e2db4259b86b4bc2fafb7add151cd2585ccd307fc7d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e1d9f7f26c326d4983bb06b9d66dff31 |
| SHA1 | 1688bebaa14fd07384411db099f3dc7b153fd1fd |
| SHA256 | a8b89b25cc14138ed97a8583feaf0f4c81317c1db4b91b083a3c56a7f9f85bea |
| SHA512 | 8e4c35b912768402788c20b297669ede912d2842baa9e8e80e72ab81c73ed5f8bc34a10f9b560911e3fae54243fcd77c68d1caff7342ee3907d23826c6a039b3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 28a649a007b2e0d79029f1e0a44024e6 |
| SHA1 | 0a274cbe20d0eb52ea3d8581e008447784da0f32 |
| SHA256 | 9fe7de84a55f72e9970dd2bd7e1b3c9de7720aa631698543a7def2f0d10c1738 |
| SHA512 | 669839342571828bb1ffb9369bea20dd6b89fc16ee8d9e4022a769e6455014f2d4764c8cb1ff7a5b5717d8b1682ce94da0bf6c032872c808fee76c7f5c90d285 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-30 14:14
Reported
2024-05-30 14:17
Platform
win10v2004-20240426-en
Max time kernel
150s
Max time network
151s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\846e9a32339a934684570ff2cb7f58d6_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb9d6946f8,0x7ffb9d694708,0x7ffb9d694718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,6297625852936785790,8834479737213147414,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2036,6297625852936785790,8834479737213147414,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2436 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2036,6297625852936785790,8834479737213147414,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,6297625852936785790,8834479737213147414,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,6297625852936785790,8834479737213147414,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,6297625852936785790,8834479737213147414,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6016 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,6297625852936785790,8834479737213147414,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,6297625852936785790,8834479737213147414,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5628 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,6297625852936785790,8834479737213147414,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5628 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,6297625852936785790,8834479737213147414,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4120 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,6297625852936785790,8834479737213147414,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,6297625852936785790,8834479737213147414,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4804 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | purchasearearugsonline.appspot.com | udp |
| GB | 142.250.187.212:443 | purchasearearugsonline.appspot.com | tcp |
| GB | 142.250.187.212:443 | purchasearearugsonline.appspot.com | tcp |
| GB | 142.250.187.212:443 | purchasearearugsonline.appspot.com | tcp |
| GB | 142.250.187.212:443 | purchasearearugsonline.appspot.com | tcp |
| GB | 216.58.204.74:445 | fonts.googleapis.com | tcp |
| GB | 142.250.187.212:443 | purchasearearugsonline.appspot.com | udp |
| US | 8.8.8.8:53 | gravatar.com | udp |
| US | 192.0.80.239:443 | gravatar.com | tcp |
| US | 192.0.80.239:443 | gravatar.com | tcp |
| US | 192.0.80.239:443 | gravatar.com | tcp |
| US | 192.0.80.239:443 | gravatar.com | tcp |
| US | 192.0.80.239:443 | gravatar.com | tcp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.181.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.204.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tt9.azurewebsites.net | udp |
| GB | 142.250.187.212:443 | purchasearearugsonline.appspot.com | udp |
| GB | 216.58.204.74:139 | fonts.googleapis.com | tcp |
| US | 8.8.8.8:53 | 239.80.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | s10.histats.com | udp |
| US | 104.20.19.71:445 | s10.histats.com | tcp |
| US | 104.20.18.71:445 | s10.histats.com | tcp |
| US | 8.8.8.8:53 | s10.histats.com | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| GB | 142.250.187.212:443 | purchasearearugsonline.appspot.com | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f53207a5ca2ef5c7e976cbb3cb26d870 |
| SHA1 | 49a8cc44f53da77bb3dfb36fc7676ed54675db43 |
| SHA256 | 19ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23 |
| SHA512 | be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ae54e9db2e89f2c54da8cc0bfcbd26bd |
| SHA1 | a88af6c673609ecbc51a1a60dfbc8577830d2b5d |
| SHA256 | 5009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af |
| SHA512 | e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998 |
\??\pipe\LOCAL\crashpad_5012_WCASQUDRLMOMMDCW
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\b44810d6-3229-461c-858a-de882fee330b.tmp
| MD5 | 779e8c5f61d2ceca5490478bcca7b5df |
| SHA1 | 64e39073c89f432e4979ae7c2bde94344838ec79 |
| SHA256 | 30fcc803da8d490e377de2caa74025c04ebd35800452d6e8d8abed1694bcb7b0 |
| SHA512 | 2a9a5034c711dfb0f604bbd2983ab7eff64359694c9b8d1b85e282861ba7662c6d69110b3a97901c9cb6e990377a0d7359408617c3b6afa0053c36f949314f0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 3ddeca611b888d56d6ec7763c91a1003 |
| SHA1 | 22430293f15b69658a5b2289e4ba10784c77da78 |
| SHA256 | 676b25c819cb957ffed186a91734af75486b4cd4034211a9967eb300c8c5ad87 |
| SHA512 | d6c4a21658809338fb3370c79b1c8a197042ef1aa247e13cd581608892c87b18e996fe231796efb34b58ee5c34b218fe6f1c3c078cbe220263318389496839e4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e756dfd60d34fb47a0581e5873eb8aa8 |
| SHA1 | 28c0306049d7a0eb35df879cd1e79c7fe63a24f1 |
| SHA256 | 2d3eb4007d3795c2be52041bba91ba40105266e19f9f40514060d60de84974cc |
| SHA512 | 7a38fd4b84b336f6cff750c763e51402e00b0860a3b7d7a6d080ed2f848a3b66593485406cef4cfc5f32224e35f4e9b53d1b2d864fdd9dd379d3b8e2bbe551c8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ae832d7512174e235e37910f363252fc |
| SHA1 | 09e3b263639f587ec538d02c86308a0e65197762 |
| SHA256 | 35c47e70992eb24d3065b149447b1210521d9ced255726c2067de1e7b95adbc1 |
| SHA512 | ddb4944413b0d002f8ce8f665c57d7d38e73e8302969748e74932315a9e7c0245b625235d09e3c42018ea183c2db592ac5945867bb9380fd0bc1714d47fb308b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | a13aba8a361d8576d62bce2dd0ff9b69 |
| SHA1 | 1ff599039a4c6bb5a30f5aa25ada1dd36949d775 |
| SHA256 | 18b32c15fc9c5eac1f5537e62926a8b60965b064399391606c3600bad8ed2993 |
| SHA512 | 1114512fe96f0c672c8c406a1c28198eb22f3888ec78d56d4e10707732a301a728e0ffef3c736e6c2dbafeaf24ecb66ed95c29408af3010ad8699085af5b244e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 46a4892ec2495434ef7785d6dcdb37b3 |
| SHA1 | c08b87c0d5bb0472488db62e597cf6ed9b3000a3 |
| SHA256 | 36680c904f4b286311cabb41e7a09467b51cf4f19a214c212c7b230eca13cac1 |
| SHA512 | f9147c742878f830b89ffc997cc8c5f6b7a0ae3bf328848e5a28abbd14541ac0ec5226180433491c1b1dbd427bf703e65f5633b488396b0389e0ecf500a07174 |