Analysis Overview
SHA256
f6e9c910a9aa0ea51e029388c339c59f776cade731243ac33e3b1d484c7190bf
Threat Level: No (potentially) malicious behavior was detected
The file 8b5b093388773fc3c5f125a7536992fc_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Enumerates system info in registry
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-01 18:25
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-01 18:25
Reported
2024-06-01 18:28
Platform
win7-20240508-en
Max time kernel
137s
Max time network
122s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423428211" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{5BE41551-2044-11EF-8D12-66A5A0AB388F} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50d6d26f51b4da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b00000000020000000000106600000001000020000000d95017419fb644806d275c6131c8235d92c256294960bf3fbb9aab295c7908d1000000000e8000000002000020000000d10cfb32851d40a9216182f7ba5903c0b499da635f82817ab388e373a308d7949000000065be35f4a95da705fd77bbd1a29fb132f77f2af43d5277d191f87b822c71d255cc41f137b910fd3d6e7137f498adc57e4cdca8374567dca9c9027cb0bb52697b6fbde9c5f6cd3080c23c196e4310f426ad58d3607f6f17af4e9900bfdfcb0a4eee8dc69866c02f93fd3a9096a70fb83647c60c0580d1bb6670cafdce0bd6821c3d99d3dd2e0f0c4b0618e9bda8b93e2940000000346d20225f0f3addd7f28f5cc691fb08e073e57cee9416bb7702ef66f5a732b318a8387c247d18801359261521b6b40f63506636137077bb036e0718a2b74ef9 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b000000000200000000001066000000010000200000006b39ded46c79b6142ed909358bf9b7cc1f764ff80f2eff5ddef48e38ea6dc600000000000e8000000002000020000000e8fefacb2dd5b808a8210ebdfbf1c975c962a54945f11da1c5c9767f270ab2482000000038f2eb68113cd87c07046e2ab9eaff64121ca25659cbe6f33dbab8748f62f51940000000736438ea7cdbafcf6884af724121241deb1c68eadba864a6c70e8d12931150efdbf70d4b03f0e0ee6d9ccc0224e12cd275aca992a3d5dfb2e52f8339cd96a2fb | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2896 wrote to memory of 2360 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2896 wrote to memory of 2360 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2896 wrote to memory of 2360 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2896 wrote to memory of 2360 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8b5b093388773fc3c5f125a7536992fc_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2896 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | designspaceblog.com | udp |
| US | 8.8.8.8:53 | app.tabpress.com | udp |
| US | 8.8.8.8:53 | 1.gravatar.com | udp |
| US | 8.8.8.8:53 | 0.gravatar.com | udp |
| US | 198.12.235.190:80 | designspaceblog.com | tcp |
| US | 198.12.235.190:80 | designspaceblog.com | tcp |
| US | 192.0.73.2:80 | 0.gravatar.com | tcp |
| US | 198.12.235.190:80 | designspaceblog.com | tcp |
| US | 192.0.73.2:80 | 0.gravatar.com | tcp |
| US | 198.12.235.190:80 | designspaceblog.com | tcp |
| US | 192.0.73.2:80 | 0.gravatar.com | tcp |
| US | 198.12.235.190:80 | designspaceblog.com | tcp |
| US | 192.0.73.2:80 | 0.gravatar.com | tcp |
| US | 198.12.235.190:80 | designspaceblog.com | tcp |
| US | 8.8.8.8:53 | app.tabpress.com | udp |
| US | 192.0.73.2:443 | 0.gravatar.com | tcp |
| US | 192.0.73.2:443 | 0.gravatar.com | tcp |
| US | 192.0.73.2:443 | 0.gravatar.com | tcp |
| US | 192.0.73.2:443 | 0.gravatar.com | tcp |
| US | 198.12.235.190:80 | designspaceblog.com | tcp |
| US | 198.12.235.190:80 | designspaceblog.com | tcp |
| US | 198.12.235.190:80 | designspaceblog.com | tcp |
| US | 198.12.235.190:80 | designspaceblog.com | tcp |
| US | 198.12.235.190:80 | designspaceblog.com | tcp |
| US | 198.12.235.190:80 | designspaceblog.com | tcp |
| US | 198.12.235.190:80 | designspaceblog.com | tcp |
| US | 198.12.235.190:80 | designspaceblog.com | tcp |
| US | 198.12.235.190:80 | designspaceblog.com | tcp |
| US | 198.12.235.190:80 | designspaceblog.com | tcp |
| US | 198.12.235.190:80 | designspaceblog.com | tcp |
| US | 198.12.235.190:80 | designspaceblog.com | tcp |
| US | 198.12.235.190:80 | designspaceblog.com | tcp |
| US | 198.12.235.190:80 | designspaceblog.com | tcp |
| US | 198.12.235.190:80 | designspaceblog.com | tcp |
| US | 198.12.235.190:80 | designspaceblog.com | tcp |
| US | 198.12.235.190:80 | designspaceblog.com | tcp |
| US | 198.12.235.190:80 | designspaceblog.com | tcp |
| US | 198.12.235.190:80 | designspaceblog.com | tcp |
| US | 198.12.235.190:80 | designspaceblog.com | tcp |
| US | 198.12.235.190:80 | designspaceblog.com | tcp |
| US | 198.12.235.190:80 | designspaceblog.com | tcp |
| US | 198.12.235.190:80 | designspaceblog.com | tcp |
| US | 198.12.235.190:80 | designspaceblog.com | tcp |
| US | 198.12.235.190:80 | designspaceblog.com | tcp |
| US | 198.12.235.190:80 | designspaceblog.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 198.12.235.190:80 | designspaceblog.com | tcp |
| US | 198.12.235.190:80 | designspaceblog.com | tcp |
| US | 198.12.235.190:80 | designspaceblog.com | tcp |
| US | 198.12.235.190:80 | designspaceblog.com | tcp |
| US | 198.12.235.190:80 | designspaceblog.com | tcp |
| US | 198.12.235.190:80 | designspaceblog.com | tcp |
| US | 198.12.235.190:80 | designspaceblog.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Tar22A3.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\Local\Temp\Cab229E.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\Cab2361.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar2375.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a4e02e2936d219e2b96ca4b2307f9ad3 |
| SHA1 | a75bdea553fe76b75baf49acbf4d0435e788f567 |
| SHA256 | ac553190d7bde9aaac322e2db32bea1bd5eaf9c30dfbf3e4ddb655dc958b1e74 |
| SHA512 | 490b2d897d9e5fc7186f50b92bdbbaf4b87f68c48c5147dc5bd1a21c56e553a64538704c769d58b2bb8364bafe446b7ea602e7e395460b18a8fbb2b927151292 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 629dcfd66f9f75850035a8389906edf7 |
| SHA1 | 401eabe7174bff73281627fb5f3355361d011375 |
| SHA256 | acb9e71bfc2d293b29a270a1b784231ae963f1646678b9db4716381ae3abc809 |
| SHA512 | f53b7c656f60fccaf185afb6bdbc8f0d1a1fea4417124c0dd3c37776b864c0c9c4afb3b4a382e0e66f77a5d884734dc50f5a05e92c316c52b8fbd7bfa767333f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90
| MD5 | 94937be40f13def5e6a97053964d8756 |
| SHA1 | 4cae6ee8f63b2d6d7d2304a98564960c226c1086 |
| SHA256 | 3f3eedfb10ffde1202dbdf8eaac7029a533d121f0c4d53968c0f6bda19f94713 |
| SHA512 | 915b674e7c9f79f83c0ed03dae549da47daa40da94f6d114f622ac752e8e14b88a3c9456d4e32a524ec011a10213d46c6af69906505eb75ea6084605ec01f923 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bce4a3c250c88117fba50875e5d97c1f |
| SHA1 | 477777bce956520895d5c3b16f5dd920b7194072 |
| SHA256 | 82fb0ca0f68505a4325d73eca777626f2c2e861a6d8404f71a0092549b58bf5c |
| SHA512 | 1dc6c2101b4c4e16ae1badf4e4a9dc46bfa33f20f0fe8a4b5619604e354b506544dd423b4cdaf0b02b795583570dbc246cacf0e574453464fa870062c6799f68 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 83638e1571c18d931b923d4c3be75ec2 |
| SHA1 | 0958225a97543f72047e3448789b97b7cec73070 |
| SHA256 | ead53c5dd8fe341e620d5b9b234493cd551d7440503756acacb632fed6f10566 |
| SHA512 | 1f8a860ad90771677d3e179578b8d54b5bd4697c5b58131c2c5e36b76e99c2ae9399088207b0de2b936460cd1623ff9cef399e917574ff8bd104102b5ab48625 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 07e8b0af7cf9ff3c1607255172ef73b4 |
| SHA1 | 253d82302684d8ebf391cd66d0e6726f637178c5 |
| SHA256 | 78e57307a00a00c1d0618703b605bfc55482ce6094a63e7f9da8f997924f6129 |
| SHA512 | 7d13faef2f58552e7e245e9888ec51b9b511b68491cc23c1011c2d866299af2ee0ab625464e83c4488731422bbd6c3399faad2974eb22e7b552234ba7a0b734a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c1171f620402f9be85a87bd71b4c4843 |
| SHA1 | 27b36c6b73707b52e8f14a58a8bb415bafe4f382 |
| SHA256 | 6c11f9389e15f860d8f7806bca1014912ad20c10d382345c0ee684c2d4f835cb |
| SHA512 | ff0e7cc2ac7f511a04c7a37d953a9d29c6a36d136b6c52fba178c4c3b3ade08b52fb378d122cde942bf4862ce557da694cc2f7c00f16094ac77ecd0966d63b63 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 68f0ca608f5f8789de0301c55102380f |
| SHA1 | 343be18fd264df383b9f9776c05eaabef0e8eecd |
| SHA256 | f9e708dc3431ea3b19537fae79cd7321ec1a7ab12fe19b172316f7e86b5afb23 |
| SHA512 | a654b953bf32cc46e0c272eedf74ad5c7cb5f6d1ee0772417460ea800fc5c0251b7893ca0a4a5ee6c980d568f944879bbcba4fede159adc054e1ba3190d48b8b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6601ca86a5233645eea099613d1345a0 |
| SHA1 | 36e48810b9777312487917c84eca28e7bdcfd7c4 |
| SHA256 | f8601b13d70a5d37591225764c40067724c7f04c6a23beb90ed41553d564768a |
| SHA512 | 78733708a4a2bad12f54c069454ec4a397b5f632334e11ded6f0ed12ba05ad7d655a6c21bae17b732b51c8dcdc963eabef268388200413458d76164480e37640 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d4bcacb5b2b0ba19eac00d7c4121ca1e |
| SHA1 | 683eef4191ad51b3181c7628bfa1c3e9063496a9 |
| SHA256 | 112f9398fc6bf50aad93236570baad0ffd93f8f8b539b34c382cc5ced4e6c01a |
| SHA512 | 6d13b0c827c079d3bc9e11ca8123bff4e8e7c94b95ca8ef76ac4156646e4c3ce258f021d4bc99b6a62297adb162834d7f073e7881e33c8a7c46e657d70abecce |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c7e4af0ba051fdad4895fdb51e115f0f |
| SHA1 | e7abb692e0d82b04e1710e538f7e8c68fed0ba82 |
| SHA256 | 631c061dd1f09b0ba440f140f9ca5532d664ff33269103edbed876f0a267a897 |
| SHA512 | 26a30256bcf90c43f31deeae6ac9557d6824b9d153e0c9b674746876f371c24c9f0e41e8796b4e6bc57839ded4118a6be38b3bc7d8b1699f77722142478e0b55 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a47ba0e4355d598519ecd70e83506c2c |
| SHA1 | be99700dc361773906dd913c70a1135e6e8f5a8f |
| SHA256 | 04800a3fbf8dad607fe1c4a5cd8afd1bcb5a57d527f3f56621b9b0c684b081c3 |
| SHA512 | db7d2371edcc8bec37e4c4349212c97d863aeb1b939fd1fa73c86126e1b9056f9fdd5d18916de5f07dc3ca752c5b401dab8b183e3f3fd73caa2ff2e7f73d554a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 53b8b5db9ba0873fccda50482f5034f7 |
| SHA1 | 00740b1ce0253c8f63e20605d5f6d0198cfa1d19 |
| SHA256 | a0e1f50f53cf7b359ec43305e8c409f25bf6e08905e26c72b197d2496b9a622c |
| SHA512 | 20eba8463f885dcd7d72b59d912357e7fef815710422ea6aa5e2b1dcd10bb026078a2d93ddfaac710ffb49b59dbd05c1adaf483bddccd292db29e255aef7d803 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 22e7448effe8443a0ae1dfeb10aa05a6 |
| SHA1 | 3d89f3a5f0bae1354567cc126944a2bf89b3f564 |
| SHA256 | 589a87f78e11d2c010b9a973691cf5fa66bb6eb04edb67979710419006a3185b |
| SHA512 | bf528412fee888bf4577341c4b01b23020a164eb1f37fb92622be7705f61eb50a9e7e08e6ef0f21f0b215d380a14d1f0b7bfe06ee5fca4814df9b2cf3e6ed0f5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c48d7dcc148298535a9b6d6dfe33dc4a |
| SHA1 | 561a224236f362a80b5e9302ca51aeee73f871c6 |
| SHA256 | 846260b927dc25ebcdcd85a4858f6c910fb648d1786de5e8c558448703d33bfd |
| SHA512 | 6f53dc799ef6784c5b182c851dd670c108e288fc13ec2f9618e79ecc49bd58a2e3e984ebe1e3903d81db545a3686c97a9a7c948d2d523d6b698a8de5cb47bbae |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4b5f35cc20a8b2f7ed1057c01ad990f8 |
| SHA1 | 2d63c64a1b2d63aaa8c06af625c9cc0c62ea577f |
| SHA256 | 3ce4b74fbe1485b76f6f2b9c3b523221d688cb70e8efef5741d2616fd0940ca4 |
| SHA512 | 22ef2e5b030170440bfa84c1246f56a893085321a4a9cbc8c54b0305f0045e73bf2e6fe4d4b3b9bd0b92e72a28cbbfc1ade255acbc88c11dbbd1d0ebd9a087a7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d08a0f7999d51d84695ba08781742de5 |
| SHA1 | 4c0d30a6aed430b5a64264eec8463068d04284dc |
| SHA256 | 1a158c3eca2d7ed4e453bc2daaa78f63d8fb456fa77d740ae4dd698c18313a49 |
| SHA512 | d892cd9d55524d5d77cc1b1728012963cfb83ccdc198f90591caba41c9fe977a8c10580bf34d62d930f743dcd40015a9fae72d7f17096f112d29d13c6fce4528 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 42921a6755064a49912b0d93c1c11efc |
| SHA1 | d3b401d64b7d125ee61ecf26f59c2dcf58506927 |
| SHA256 | df49198dd00121187de1a137016938fe23bcd02f10adc09676fbde74a18ad996 |
| SHA512 | 430ec82e8f5515fdd1afef0a6167c607a7f83ee1b28563d01b9d1f7401a5645207831400b1e6a0aec7b32d73b38dc631057aca54ee2067939a2b461eb911bca9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9f75c2ca87381b4c113af9da3dbab9c2 |
| SHA1 | e47be38acd807283758b494908c6c664321cc8db |
| SHA256 | 605d6af56f5d5f8d8df78231a5cdae9f10abffbb85dc39b25b2f1a901006985b |
| SHA512 | 436becad96f577b879688284535bef24b22ad908abc49c03e056c989182a1a857337e8d3d0bc1ec552fbfc68bd6be1e500ad52847c737f7bcbc7d102de91078a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 87b441aee7698107952ff1f41e38623d |
| SHA1 | 7297b82f5496a9a57e7cd61adf92b2b7ebdf1fec |
| SHA256 | 675022dd8f14001c5c71c4a0fd4823ff391f4cdad4ba2389096f173fe8984f9c |
| SHA512 | 31f4f8619227b5c575ff83d98bf81384abffa3a8d5b26c11c7a04bb697db4363bda7b2796d730a694eb4835adee012a61676e5b5a90998b04fb3bce7ff081509 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 55b97a79f562dad11af6d8d49b36ed29 |
| SHA1 | 34eb9f084c97df8624b51a98ec7a25d6cbf3ff7f |
| SHA256 | 823cfd234a4c67c79879d82e841ded21371d41ae72b256ba02bf42f7683dab7d |
| SHA512 | ab877ebf9a77ab06cce0b6f2a7df9d2e205c37672d9cb570d65efda4113e08e29557221473387e1f271eb4cf3fff496f175c16af3329537159287b63caee6a3e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 63d4e14d30fcc888488e7551225a33a4 |
| SHA1 | b25e2a917a652d998f1743325bb34bd042a422a6 |
| SHA256 | d1befbb500298ab2b0916dd962a11d12998ef1c09cc048fae2dd04611584f75d |
| SHA512 | e785b67152deff323107dd0129ae0f9848df09589c9d480d58dd387d630518082eb5fda83a53e05a3bdd283a96362f4b82ef4099bba1fdce4d864249acef0584 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2486c02041f361e417cac70288f56aba |
| SHA1 | 04c01dfcb577d6b740682ebf7396e33711829a01 |
| SHA256 | 7d843c375e2e71a67bf540371217a77bcf0d5ff35aaa9af6717e8ede28fde270 |
| SHA512 | cd4be8477c843463a6d04b32406e6e050b34d2e62e9977c80f6c3206ef28f1d842267014abb09e3f91ad3113ceb5e9fd60d36d19ed0db865b149e2a9716fd56f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a07c7f7694b173ae3622068966525ed8 |
| SHA1 | 16f3f0d3d5dab12c3b3f3c5e631cd4aae31d3e72 |
| SHA256 | 010dd6b0399045e7c918f5b6ed7215b251a178bef4e0d29a3f7f952c5e5ae6fa |
| SHA512 | 69ab29cce7d7e0663a28b1e7bac272529451bdd763c21513bc9629a56565cc8e53114eb870420f78509c704611b5ffb8b9d1a8c85bab1a42c040eff1a4172bd1 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-01 18:25
Reported
2024-06-01 18:28
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
157s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8b5b093388773fc3c5f125a7536992fc_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc763c46f8,0x7ffc763c4708,0x7ffc763c4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,4954006658313812960,12829690644773474316,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,4954006658313812960,12829690644773474316,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,4954006658313812960,12829690644773474316,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2636 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4954006658313812960,12829690644773474316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4954006658313812960,12829690644773474316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4954006658313812960,12829690644773474316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4188 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4954006658313812960,12829690644773474316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3748 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,4954006658313812960,12829690644773474316,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5748 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,4954006658313812960,12829690644773474316,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5748 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4954006658313812960,12829690644773474316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4954006658313812960,12829690644773474316,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4954006658313812960,12829690644773474316,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4954006658313812960,12829690644773474316,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,4954006658313812960,12829690644773474316,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4760 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | app.tabpress.com | udp |
| US | 8.8.8.8:53 | designspaceblog.com | udp |
| US | 198.12.235.190:80 | designspaceblog.com | tcp |
| US | 198.12.235.190:80 | designspaceblog.com | tcp |
| US | 198.12.235.190:80 | designspaceblog.com | tcp |
| US | 198.12.235.190:80 | designspaceblog.com | tcp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.83.221.88.in-addr.arpa | udp |
| US | 198.12.235.190:80 | designspaceblog.com | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.113:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 198.12.235.190:80 | designspaceblog.com | tcp |
| US | 198.12.235.190:80 | designspaceblog.com | tcp |
| US | 198.12.235.190:80 | designspaceblog.com | tcp |
| US | 198.12.235.190:80 | designspaceblog.com | tcp |
| US | 8.8.8.8:53 | 0.gravatar.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 192.0.73.2:80 | 0.gravatar.com | tcp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | 1.gravatar.com | udp |
| US | 192.0.73.2:443 | 1.gravatar.com | tcp |
| US | 192.0.73.2:80 | 1.gravatar.com | tcp |
| US | 192.0.73.2:80 | 1.gravatar.com | tcp |
| US | 192.0.73.2:443 | 1.gravatar.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 192.0.73.2:443 | 1.gravatar.com | tcp |
| US | 192.0.73.2:443 | 1.gravatar.com | tcp |
| US | 8.8.8.8:53 | 35.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.73.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 198.12.235.190:80 | designspaceblog.com | tcp |
| US | 198.12.235.190:80 | designspaceblog.com | tcp |
| US | 8.8.8.8:53 | 138.201.86.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | eaa3db555ab5bc0cb364826204aad3f0 |
| SHA1 | a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca |
| SHA256 | ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b |
| SHA512 | e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4 |
\??\pipe\LOCAL\crashpad_8_WUHDYAMNLSRRNHRT
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4b4f91fa1b362ba5341ecb2836438dea |
| SHA1 | 9561f5aabed742404d455da735259a2c6781fa07 |
| SHA256 | d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c |
| SHA512 | fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 79c90780d7812584cef15f082a409a31 |
| SHA1 | d422d4909c334acc727db2317e92ba6705413ec3 |
| SHA256 | fe892c00142ad49243d733b8bc66d22712a5758a9ccdd07bfe19e81a571385cf |
| SHA512 | b4ec8de686f135155fd500bd0c3faac6d6d6bdb65e5f14b26aa252606dca9458808ebd5c942c4367328fa8a750fd384da48f45835e6e443305eb534b1c7b8496 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 995df28999f805541b12775503860eb1 |
| SHA1 | ce10d7c1daa0232d6a6b281b14834de6e0e07390 |
| SHA256 | 0b4b87ad56e6dc319d28f5b70fd5cfd98cc607066675bea418f7c83189779dfb |
| SHA512 | 7bc8d19286c240d8898f8335ab8b52a736ae1e2e5f23c4a75c8b0a151732f2574840230e5e1e5e45005decf22e9ecd6a6b9c801a049b08f0ddcbbe0b6ac18fef |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 340e681f93d2beea15d6bb7444fcc298 |
| SHA1 | 2b6df2538e2fbadfc95eac32d40548a46f120e00 |
| SHA256 | 96d47bd5bd1c7f623992370b50f6a51062fecf72b71367cfd258c2c867f96459 |
| SHA512 | 4e91fe96e86dc7dff677daf687370ff9a2c8db1df4780ed59e698000b35ebd46389a684eb83515e419e723d9aa892cf8782a1369e3414ed97c8cb4135c925b2c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 807419ca9a4734feaf8d8563a003b048 |
| SHA1 | a723c7d60a65886ffa068711f1e900ccc85922a6 |
| SHA256 | aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631 |
| SHA512 | f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4452e8764053a240c8fd948e283ebcae |
| SHA1 | 8ecbda0722c473b011aa7bf684803473a17e0ab5 |
| SHA256 | 29407be07ac91468f84f777e44b1ece87b4d361eaf2ce7a634707d3d3de76d35 |
| SHA512 | e2680f39df281d56ce94a6673b93a9eba585c270e04259902b116dec22bb1c1477c45c0bc89430c11577dde0c23297551012968496cf202583f2fe9774d368d6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 4d893c5c096e7f23142e19c2453964da |
| SHA1 | e0a3bc70fcf7a42fb7c202a00c1f34a3e3cf209e |
| SHA256 | 448b0a6f62e864fb628785b2aa2106ced5f5463f8aa3b12c8b8fd5fa6c7bfa05 |
| SHA512 | a9d2da4f97eb0a0f49a7b9c18c2ecd2197401c2ead1b7be17a7eda3b3d7f838774b888a48c292928431fec43e070526910fb0fcb40bc984276d536ddfb3296af |