Analysis Overview
SHA256
988dc9dc3fe925e6c1e423622a6822a3c77c0a173ab89ad513e035f983590a18
Threat Level: No (potentially) malicious behavior was detected
The file 8d32f933ecb721b5ecbca67a83185cd0_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Modifies Internet Explorer settings
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-02 06:44
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-02 06:44
Reported
2024-06-02 06:47
Platform
win7-20240215-en
Max time kernel
144s
Max time network
145s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423472558" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 700e897cb8b4da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006197fbdf1a2689468efd8c36e6ad51b500000000020000000000106600000001000020000000134435010f4966081c78030390486ed6f8668c4026bcbc957e868a2b372f0f0b000000000e800000000200002000000063e00d498efec7175b1ba20d199d22308d97e09fbf9b03e24548ad09f6e7e090200000008073e6177256502dcd3d59a1c45d7797ec528dcd6d442ac94148db7cefdc39e14000000063553112833897a74a2d71e1da634f48b175a0d847b91f4d18596546b478ef6eb724732d1b29d97f3610f70f7033f680f356361f95cb4df2c63c19de23fb14ea | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006197fbdf1a2689468efd8c36e6ad51b50000000002000000000010660000000100002000000055b6b0598790016830fafd0430d56d52ef588503f2db1368b3122fd43e18d570000000000e800000000200002000000035469d9571743a5061aff11028c1bc8ecdc918a7acab225ed0afe938d8a286e2900000007eff3a38fb7ee185e0e8cee7c5489f903a29837d230d5c8c86506c72ae29767c9f09d13cf4fd3ad2b62f08f011d0acb19c114a37677c78bab27569855e8b845205be9adee0a93008d3da42d91cab812e9d24f3ab98d86382c909d472fe7d66120c8a6a0ab67832278629f70a19f255a45ec014552f80a5339ed45e9af0abb378829b87a4dd92038a47d77f194b92543f400000006b6cfd91033fe2838f325971a49fa1281c25c1ae44f9b15df1f02ad3d85d675fc66266919f564913b0da896287c3df0b9bc4f4be0aa580148c81d32452a871ea | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9C28D991-20AB-11EF-9AB8-560090747152} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2824 wrote to memory of 1504 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2824 wrote to memory of 1504 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2824 wrote to memory of 1504 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2824 wrote to memory of 1504 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8d32f933ecb721b5ecbca67a83185cd0_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2824 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| GB | 142.250.178.9:443 | www.blogger.com | tcp |
| GB | 142.250.178.9:443 | www.blogger.com | tcp |
| US | 8.8.8.8:53 | generalkeywords.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | www.aplusfreeware.com | udp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| US | 104.21.69.14:80 | www.aplusfreeware.com | tcp |
| US | 104.21.69.14:80 | www.aplusfreeware.com | tcp |
| US | 172.67.164.56:80 | generalkeywords.com | tcp |
| US | 172.67.164.56:80 | generalkeywords.com | tcp |
| US | 104.21.69.14:443 | www.aplusfreeware.com | tcp |
| US | 8.8.8.8:53 | www.dvdvideosoft.com | udp |
| US | 8.8.8.8:53 | www.qweas.com | udp |
| US | 8.8.8.8:53 | maxcdn.top40-charts.com | udp |
| US | 8.8.8.8:53 | static.tezeal.netdna-cdn.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | youtubetomp3-pro-free.com | udp |
| US | 8.8.8.8:53 | www.softportal.com | udp |
| US | 8.8.8.8:53 | www.easy-video-converter.com | udp |
| DE | 95.179.240.76:80 | www.dvdvideosoft.com | tcp |
| DE | 95.179.240.76:80 | www.dvdvideosoft.com | tcp |
| US | 172.67.200.113:80 | www.softportal.com | tcp |
| US | 172.67.200.113:80 | www.softportal.com | tcp |
| US | 169.60.148.123:80 | www.qweas.com | tcp |
| US | 169.60.148.123:80 | www.qweas.com | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | mizonpost.co.cc | udp |
| US | 8.8.8.8:53 | resources.infolinks.com | udp |
| KR | 175.126.123.219:80 | mizonpost.co.cc | tcp |
| KR | 175.126.123.219:80 | mizonpost.co.cc | tcp |
| US | 216.92.120.46:80 | www.easy-video-converter.com | tcp |
| US | 216.92.120.46:80 | www.easy-video-converter.com | tcp |
| DE | 95.179.240.76:443 | www.dvdvideosoft.com | tcp |
| US | 172.67.200.113:443 | www.softportal.com | tcp |
| US | 172.66.42.247:80 | resources.infolinks.com | tcp |
| US | 172.66.42.247:80 | resources.infolinks.com | tcp |
| US | 169.60.148.123:443 | www.qweas.com | tcp |
| US | 169.60.148.123:443 | www.qweas.com | tcp |
| US | 169.60.148.123:443 | www.qweas.com | tcp |
| DE | 95.179.240.76:443 | www.dvdvideosoft.com | tcp |
| US | 169.60.148.123:443 | www.qweas.com | tcp |
| KR | 175.126.123.219:443 | mizonpost.co.cc | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab1872.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar19D1.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2080f758ddbd85a201c20482496c0af3 |
| SHA1 | 3f081f5f79aab9e9cee4fbd6d5911c6e946a1c2a |
| SHA256 | ee7448564469e9123b34ca7e9dcbba15a443d3e543e2aca88e5950aab2c4da0b |
| SHA512 | 139419894946e0ecbeaeab3ad7ec6bedc8d7d12ea06975be86802da416e49bfe5d71ca89e991c04c84d033559ba2a93d30878a23ae6464a7c8c38349f92363fd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 92609bf739af01305cfe2857578d5b0e |
| SHA1 | 446f6accb65765399a9e5480b60427c6fc87dec3 |
| SHA256 | cde9ee83999888db9da8c038ea110c8163001e3faa0d925cbf298153762a0732 |
| SHA512 | 291d8970199f8bb6dee5a488f4cf494389c6b859de70697c49e7c8cd1b5375eedf0bddc7a7db779579c27115d637d67aa1513662240bb01db9aa3b045966fca9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 364a7ae22058f4cffb4e342518cc504c |
| SHA1 | 3f211e8df11250261f2d8e21348a88ef03ec1656 |
| SHA256 | f6a55517853654458f3e461ff11b3997de366268a3b0f4474d36595c443d18aa |
| SHA512 | 5fdc51db7114d56f772899a8ad995efb8e4a542eabc961ab084b207bb382df0afa397da0a3aee34f9e100fb310d67c0dd133660ef7b26a608061b7313d9b52c1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | da5ac3c1155303c70500cd2782d00551 |
| SHA1 | 15b4a010b7e784393f131e5f34c8cfecd5b2dfed |
| SHA256 | 01185dd5261b53c3e1187964b14f48e1bff15b126a0777966bc79f4d9bcbea60 |
| SHA512 | 4f773aaddfd09f8a8c18ca5dd86c3d19bb6709311fc81d809e104d09bc8957cb4301c332ddda9465e42d18eec4efa6907bd2d84fe5b5c6ffb6abea8ce47ab25f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1fb647b35056a70025b26278929b4441 |
| SHA1 | fd3f52497eb60b751efff8f0e08b4d3fdf47120e |
| SHA256 | e9ec563cabda4fd166ac79aaebb6f51988de9597465041dd630570b52218c573 |
| SHA512 | 1c507d1dd3b9cfaf79417621229b249afdd2e4f189d42bd1e2e4fd1fc4c793e0133fd24ab99e1adc3f66ea3130eb6f81a9b47f42b1cab421b6b90e108d90c276 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 044fe67a353911faffeda469c863ccd0 |
| SHA1 | 0bdae877468d215193b4bc0694985a995ed5a695 |
| SHA256 | a910d55d0b44a763dc5499c72751a1b2f2186e7c22b357ca1602ff0ed9ca5b0d |
| SHA512 | dcbde82aca4e0960b9cf6d467f6a42ddffe995fccc054c5b77b0e8303d593b2bdbb6e4d0481d49b4069d01fa2dc67b9f996afa4902db10918145e56632a002f0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d1fa184a25845b2a87bb35bce44e73b3 |
| SHA1 | fb0f0ed7751e87baeac3a90d1d533f218f3b9719 |
| SHA256 | 9471422328d6dfed6a08583c07b9444e78d89b31d6561c3a1d27ee3e5b23e28f |
| SHA512 | 82f6d1732f4274ddbe9f91e31bd264a2ec71e8bd2148a81f76e84c1adb0e0a5898edb1408065681da26808de63c2b4abc08a125843fcac348206068b6dfa89b8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 42e54beed1e78b183b79c2122610fd3e |
| SHA1 | 94bc10365768524bbfeaff50fa72fd7fd9b01686 |
| SHA256 | da57c58c3c428779fb63c6a98dbc75e4b5e3c4813804f57cbad0308bdb3044a7 |
| SHA512 | 85350838df4c055a7fde9a2de0214ac6c67bef923801af4e82c1e57b018ff7416c0ea943719acc3adbd06a9b56ba92f32521c02a685cb544aaab636cbe0e9c81 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b851fcb4e34261a2a8c66d60859c6c8c |
| SHA1 | 44a8425b4f3cd3b45835cdff835afe2656dc1001 |
| SHA256 | c880cce7e912ac6b3aa6707f4df4fa0997c52598e7c8d2988f34ed9c57d2bf25 |
| SHA512 | 425e8273220cf3641f0fdd6f15f1cf8068186dcf52995bb008ce6c21dce78a53249748c5bcc1edaeffe92398dd024801889616c6c0f203fd3ded9f2f50987fd4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a13c919c4c99e1dc296ca639a771d5aa |
| SHA1 | 8caac8815dbda6ef33567b1fe1d0e8949c965cfa |
| SHA256 | 1f9143b2dbda82a8cb2563a34bbebd786c58d296439633a7654926d112962a92 |
| SHA512 | 1759f6161b388312f546b1a49673a016bb480b2c19f2d2ae87b6a66a96ca07a99f76f9bc6c1c3e738daf49b197559f3a1c8952c25431e503fe82507c2496d93f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2be3bd08b1a68684a615d1f3a24f7840 |
| SHA1 | e9c775fdec0e1bec2548c330d0eb1bea21e30e30 |
| SHA256 | 54d5665d838ae05d2722afca65834de70554d5a2c8a7697f4d3fe4977e226c23 |
| SHA512 | f27c1380889eadcd0cffcd7582059b620a9673f7ef94b0d608929c79a8ffcd2e43d0e409f8b4e83312ed62a7a9dc01d74624f9410b9bde47e63a6d9c29e8b255 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 870cd77feb4fd7b77a1bc5bed92b3787 |
| SHA1 | 65a658cf1100f4b7b7a68d2f45a1b4f5a1f7249d |
| SHA256 | 00ca2463c42c6ebd129ad531a3e4fd5fcabfd31ec869bb545be2ac94c1407a15 |
| SHA512 | 46a371762f8c6a565be2a42c49d55570cd5b39967e66371866d0d31e91d4998c87426348ac7fbbc1f0e39ecd3e8264f97ce3a343644a5b5a7a67f961886a5d9e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 97b71c821dcf3c8c746aeabd60cb08e7 |
| SHA1 | 7ed54b968a0fdcd9c1049fac143c8d5e3dbdea3a |
| SHA256 | 618525998c8dc51ef5752da829b3221ada4636d6686c905f5c95c9b85442a15c |
| SHA512 | ceb1ae7b062b398d05b112d2839de0eca33c8fb1bab979abf7380e46151b98e8f819870fb8e3c1c0477d82bedce192220167d90c95b8ce66c55ddeeb4d018e0c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 6e9534571c53db76eaa19cff9d574079 |
| SHA1 | 2a251fe7634d27b23cc86f8ead1c764c6c1f2135 |
| SHA256 | 971a9976bcf639dae867f92b82a54d3a98e30f2cddda50138527527df8a713cf |
| SHA512 | 5b5d7cbdbf33395f358949ba4b998fcac3cb1fb235304d50d8b8aa17840af42118a44683d018d716f8cff69f5269a00aa06a0e634ae5d885a03b9baaa0001d44 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 610cb742d88768bcad00d4261de59500 |
| SHA1 | 9b98317bf66b3640777b832a23a6b4c30345a672 |
| SHA256 | f81bee65372f843685906216ee097b85829cdaea0e6c804a16b779f8e05ca2ff |
| SHA512 | d5885923da938e195c355dd2265f01085aa131afe6e190bf8862f853244665738502b0dfe558ba74b28881005d65ffd6f8486a2e00127841ac0fa22a4bf717b7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9a780e868bc77981a4927173b94126f6 |
| SHA1 | 24e8d8a2013a45393d6196552f2f3ab57527e069 |
| SHA256 | 6f751d6ca40f9d91617cc6486d801ab39d4949746a18682164c73f5d4477661f |
| SHA512 | 063e29d19a61866fa7ab2516409ad90618a6ee2058d4448b25cf7648028989d8ad7e357af59e4eb99dc8dcdd5d75e0ea96637867da3990841c7e107bb3644164 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c8305bd93f8c5c22f936b35cdd8078e5 |
| SHA1 | e675f4f2a6033fe5514828e3baca48255e7e1c63 |
| SHA256 | bd33e13cd72914bfc2fd4077b38fe58b511f2266c80ce5967c8d094b1d80db99 |
| SHA512 | e8af8e7854c7eda4ae726f77532d3196f2b14883071fa3fe41c8283fb03d98e9eb11c2c3ae94a792c6fb2e62eb1f2bfeb9d77675a6c732f3ff5283ce6127a7ca |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e187ff331190023aa10190f4bd69e82d |
| SHA1 | 416d15257c63f22736fe38654b05b4033d464892 |
| SHA256 | 3e5b8eabc37660c48138928778127e909f851ec9e57c40a95a07ad6a3c49cb9f |
| SHA512 | 3efd7835de61ab247cafdea2b6653270d42eb7e49c2beb2e80a0186ab05384f8589f03800cacd900e3fdb10a20befc35b8c2b1d2dcd9f25f7320d2ec208b1574 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 214b05cd1296f8df14473e8fa18448ec |
| SHA1 | ca80e2fb40424292f9ff6f9a3a579c17ed252df8 |
| SHA256 | 2e887f44b291cb97e5c6afb697707ac5a55c2758277ec96ce151cb2720465dd8 |
| SHA512 | 7e21e77d9794fa87651fdf155a41fdbf571d6c72b67998931fe9c912d123c6bf9a3e48cce4d98f035506430596f6e6f48c98fb01319a4ac0c1d7386281b6942d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 835d5a2c7930a575ff29c33e1f3a9052 |
| SHA1 | 03d92b6ea0f908955dca41ab95300499cf693aea |
| SHA256 | 1c8236b75109ce451c749753e0debe3d34cebf3a094bd432dd0d5aae31fd114f |
| SHA512 | 8d823775345a8e98877a94efa347066e942a86ed60dbd70afd245975d24b5641787c4f7c3e801256ac0d9cf08a74a9f6637bfc49720bff3c6569ebe9f59caa62 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 35ac5d3785f1149aa42ae558d4e6073b |
| SHA1 | fc8a19b4531cbc3b54d4146634704923d0e3c81d |
| SHA256 | 6ea307c5f8ce87340934bfc38d3008887f72bfd5eb44135f1cfcfb227f7dbdba |
| SHA512 | 4afcb648de82b208f7795a64c54bb7f7f908d544f319df9b99470d59fb8cb9d45d86a099ca6e87207e2abf3f84c43139c994c340fae165fd44666ef3b9956f29 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b10afa8ee98ad703eddfeea20474d5a0 |
| SHA1 | ea1321d379f2aef57dd9230b6e1fa6fd9a9bb1db |
| SHA256 | 24c67861a1030c2eafc0896ac9db144d626f766498e06cbf19cab7ef64a6fe8e |
| SHA512 | 0d7656aacd43780f020b5232fb6a463976461b55fad3aee30ec6e908010941b5d3693f6c07c9cee4138d9515b85adca4b1df1db35c5629ebd54bef1a37bd11a2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 55056fb91c40cb17be210f6e31808dff |
| SHA1 | 4e6476e7c697a202babbd33ca63033d1ed0219d2 |
| SHA256 | b435eb262aeeedace3ad00ce049f446d5e33e3a850e7b270a442123c5579705f |
| SHA512 | 23ba13b5a0480aebe081bf844ef22b186ce38f3eace4f407f404658f39ead356990ed9e7cd9c29a3473bb6b6f3300aa1f1b59461d252dee6a2971a1756ce8660 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-02 06:44
Reported
2024-06-02 06:47
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
142s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8d32f933ecb721b5ecbca67a83185cd0_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe902246f8,0x7ffe90224708,0x7ffe90224718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,14813071989551306554,6382509251932901061,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,14813071989551306554,6382509251932901061,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2176,14813071989551306554,6382509251932901061,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14813071989551306554,6382509251932901061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14813071989551306554,6382509251932901061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14813071989551306554,6382509251932901061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14813071989551306554,6382509251932901061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14813071989551306554,6382509251932901061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14813071989551306554,6382509251932901061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14813071989551306554,6382509251932901061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,14813071989551306554,6382509251932901061,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6220 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,14813071989551306554,6382509251932901061,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6220 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14813071989551306554,6382509251932901061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6236 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14813071989551306554,6382509251932901061,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4764 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14813071989551306554,6382509251932901061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3844 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14813071989551306554,6382509251932901061,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,14813071989551306554,6382509251932901061,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5684 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | maxcdn.top40-charts.com | udp |
| US | 8.8.8.8:53 | www.qweas.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | resources.infolinks.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | www.dvdvideosoft.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | generalkeywords.com | udp |
| US | 8.8.8.8:53 | www.aplusfreeware.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| US | 172.66.42.247:80 | resources.infolinks.com | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| DE | 95.179.240.76:80 | www.dvdvideosoft.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| US | 169.60.148.123:80 | www.qweas.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| US | 104.21.15.205:80 | generalkeywords.com | tcp |
| US | 172.67.202.148:80 | www.aplusfreeware.com | tcp |
| US | 8.8.8.8:53 | static.tezeal.netdna-cdn.com | udp |
| US | 8.8.8.8:53 | youtubetomp3-pro-free.com | udp |
| US | 8.8.8.8:53 | www.softportal.com | udp |
| DE | 95.179.240.76:443 | www.dvdvideosoft.com | tcp |
| US | 8.8.8.8:53 | www.easy-video-converter.com | udp |
| US | 172.67.200.113:80 | www.softportal.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | udp |
| GB | 142.250.178.9:443 | resources.blogblog.com | udp |
| US | 216.92.120.46:80 | www.easy-video-converter.com | tcp |
| GB | 172.217.16.226:445 | pagead2.googlesyndication.com | tcp |
| US | 172.67.202.148:443 | www.aplusfreeware.com | tcp |
| US | 172.67.200.113:443 | www.softportal.com | tcp |
| US | 8.8.8.8:53 | mizonpost.co.cc | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.242.123.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 247.42.66.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.240.179.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.15.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.202.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.200.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.148.60.169.in-addr.arpa | udp |
| KR | 175.126.123.219:80 | mizonpost.co.cc | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 169.60.148.123:443 | www.qweas.com | tcp |
| KR | 175.126.123.219:80 | mizonpost.co.cc | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | router.infolinks.com | udp |
| US | 172.66.42.247:443 | router.infolinks.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | udp |
| KR | 175.126.123.219:443 | mizonpost.co.cc | tcp |
| GB | 142.250.180.2:139 | pagead2.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| KR | 175.126.123.219:443 | mizonpost.co.cc | tcp |
| US | 8.8.8.8:53 | 46.120.92.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.27.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 219.123.126.175.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cc.cc | udp |
| US | 34.222.63.225:443 | cc.cc | tcp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | use.fontawesome.com | udp |
| US | 34.222.63.225:443 | cc.cc | tcp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 172.67.142.245:443 | use.fontawesome.com | tcp |
| GB | 216.58.212.202:443 | ajax.googleapis.com | tcp |
| US | 8.8.8.8:53 | 225.63.222.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pcp-img3.cc.cc | udp |
| US | 13.224.189.56:443 | pcp-img3.cc.cc | tcp |
| US | 8.8.8.8:53 | pcp-img1.cc.cc | udp |
| DE | 108.138.7.84:443 | pcp-img1.cc.cc | tcp |
| DE | 108.138.7.84:443 | pcp-img1.cc.cc | tcp |
| DE | 108.138.7.84:443 | pcp-img1.cc.cc | tcp |
| DE | 108.138.7.84:443 | pcp-img1.cc.cc | tcp |
| DE | 108.138.7.84:443 | pcp-img1.cc.cc | tcp |
| DE | 108.138.7.84:443 | pcp-img1.cc.cc | tcp |
| US | 8.8.8.8:53 | pcp-img2.cc.cc | udp |
| US | 8.8.8.8:53 | 229.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 245.142.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.20.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.189.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.82.161.3.in-addr.arpa | udp |
| DE | 18.66.147.27:443 | pcp-img2.cc.cc | tcp |
| DE | 18.66.147.27:443 | pcp-img2.cc.cc | tcp |
| DE | 18.66.147.27:443 | pcp-img2.cc.cc | tcp |
| DE | 18.66.147.27:443 | pcp-img2.cc.cc | tcp |
| US | 172.67.142.245:443 | use.fontawesome.com | tcp |
| NL | 23.62.61.171:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 84.7.138.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.147.66.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.61.62.23.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | themes.googleusercontent.com | udp |
| GB | 172.217.16.225:445 | themes.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | themes.googleusercontent.com | udp |
| GB | 172.217.16.225:139 | themes.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.blogblog.com | udp |
| GB | 142.250.178.9:445 | www.blogblog.com | tcp |
| US | 8.8.8.8:53 | www.blogblog.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| GB | 142.250.178.9:445 | www.blogger.com | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | allmp3playersdesign.blogspot.com | udp |
| GB | 142.250.200.1:80 | allmp3playersdesign.blogspot.com | tcp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4158365912175436289496136e7912c2 |
| SHA1 | 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59 |
| SHA256 | 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1 |
| SHA512 | 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b |
\??\pipe\LOCAL\crashpad_4800_KDBOJAYITNAWPJVP
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ce4c898f8fc7601e2fbc252fdadb5115 |
| SHA1 | 01bf06badc5da353e539c7c07527d30dccc55a91 |
| SHA256 | bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa |
| SHA512 | 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 13113c470c803a5bb5d4397dcfd00e3e |
| SHA1 | 94c4c70ccaa6906e081bd3b996d32bdacda6a664 |
| SHA256 | 4bfc128ab0c7e67594192c3135ef59258e3df27b4ac8b9577f84076d24685f87 |
| SHA512 | 695ca5e93ee97efad8d7d7c0c645544ca9b2e4071384f20b7f040fbc7fc4697a88b9343baff45cd0475a21550c76caf8ed57544c385a36d6dc69fcdd9d328eaa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 3d95859b785462dd8e025773c8216dcb |
| SHA1 | ebae30917c6ffa14b3c26cdc40b24b1e7819bc49 |
| SHA256 | 52c025f4684ab2833c1eae9bcdf8961d048a9329ced01015ebb73a761fe6b873 |
| SHA512 | 6eabb7b537ec7784cae5f3c1f0373ce8e036f48e21fa06875c1a19996a2f8d504bd78c2b9e5ebbdd5d3dac43f30d76b2b537257d119066af5e872659b365d3bb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c07b7c08b3040a5e1d6feae5c48ad2ba |
| SHA1 | f4d1df4cd15bdd53fc886b2dbb44c29757019872 |
| SHA256 | fcbb10bc961b936a9d786e0d547cd1c5098674e943c5920b3a7b9cf193f2e504 |
| SHA512 | a8f0a45e859a1a4ebb56a570f228a6ee6b0f413449e8b59676763ce45628e259fa52f39ef8d9eb468ef6c8759ffa2bc37519d3c52e4cf419892fa0b001ea2d80 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 6725e9da1df50f5edff16448e5b908de |
| SHA1 | 1b1062765c4861ae2a5bbd39adde16d83d6583b8 |
| SHA256 | 3791caeeb7253f10f8baa2f24192d1e0b61eff2ab2d1778b2d2600f8e79ff881 |
| SHA512 | a56892dccc0486d90ee7975faef6784e50a7d299387fe42a3a4981eb2dee12c83060dd1ab3a4de6d4f0ef862ad8417ee8936180f6c505ba95d31c83498a5e870 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 3ceb5f515c3848da183731661e3ee708 |
| SHA1 | 12fda3ab5f7bc70e4bf637c35e812ffe757b54f4 |
| SHA256 | bd4d6ff8fa00a94c448f306661380b6ebc053072ba64a6820eb71a201c63220e |
| SHA512 | 2da944b3d9ccb0dcdf29542f022bb2fd5c7cc362b5585709d408bba59817b3819efe01a8ff29bb2cd8ec227a3e677f5762b471eb354e0899d46d711b211ed15f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6d97f17083e2cefb385333ba2bd5dba1 |
| SHA1 | 14ba926c4d3bce85957c1aa0d7893d0839c4d313 |
| SHA256 | fd4d4da75ab2ad90673579171c4b562c4a252e28de1210e348b53ace50abaa6b |
| SHA512 | 09324859542bfb1dfb7956e09e85eaab5b816c81aedb65679164d4a584006b6f5b047af9e4ca544c94f3e469a3cede73cd0c427b28f57d3695e15248c6d50de5 |