Analysis Overview
SHA256
723581f9d33d2570caed7e85e2d4444bc04ea37318469b890344c3f755296dc8
Threat Level: No (potentially) malicious behavior was detected
The file 9108abea70eace44b5d31a8d001df03a_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of WriteProcessMemory
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 07:59
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 07:59
Reported
2024-06-03 08:02
Platform
win7-20240220-en
Max time kernel
145s
Max time network
145s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ff6da37f1aa1874fa1cb395d3e0f1a7a000000000200000000001066000000010000200000000aee0260dffa622aaa48c5dc9a75df507624c4cef53e1b1977ab3adb2d65e12a000000000e800000000200002000000085abe15708ff030ca00428bd6164378c5f566c7f8887da324812dfbc398bb3bf20000000a5296954da277075e0a16cd22904e8dd6f6033805de2b3759a443d0881486f194000000064181b69abf96327967142421a37578adef41fb3d78ee654ed04dbf0805595fef1b0bc3bcef9679ea7ff9c7f26323c97cee9c0a5c01641159af3f58d1fd21cad | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423563452" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3D3148D1-217F-11EF-82B1-CE167E742B8D} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30c6fb128cb5da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ff6da37f1aa1874fa1cb395d3e0f1a7a000000000200000000001066000000010000200000000bdd7981a5e389740b6227c500fffa4a38d9532403358b4544e83d00a37225e8000000000e80000000020000200000001cd16f254e8504814a4e4c265d9a1ef687aaa141cd4f04b207b0e0399f41d01e900000007aa111cd8d1a9cd325698b2158b11b477500e1a43f2a9a91522c8cc4509ef14dd2a7acc5281f67bb48a6c149c90de050fe808c83d70e99067abaf0f4b54c54c90d57d2a09735c422c077daa496008d0d9b49e0a49d5fcc2c8e81fd88fce737acccddb330b9478d9b8536f59aacfc69463b02c61ca81936da331edf119843a2c164dd74544b323db0e511d4119ab09c8c400000008746447fc84109e8469fbefb39bf210f226371f41cb0023cd3a222adcf80fbbefe4614fa34bc7cac759aa4b93aaeaa1789d906ad41e0d4aa025dd657608a42b0 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2728 wrote to memory of 2544 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2728 wrote to memory of 2544 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2728 wrote to memory of 2544 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2728 wrote to memory of 2544 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\9108abea70eace44b5d31a8d001df03a_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2728 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | lh4.googleusercontent.com | udp |
| US | 8.8.8.8:53 | lh6.googleusercontent.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| GB | 172.217.16.225:443 | lh6.googleusercontent.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| GB | 172.217.16.225:443 | lh6.googleusercontent.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.180.10:443 | ajax.googleapis.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 172.217.16.225:443 | lh6.googleusercontent.com | tcp |
| GB | 142.250.180.10:443 | ajax.googleapis.com | tcp |
| GB | 172.217.16.225:443 | lh6.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh6.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh6.googleusercontent.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 172.217.16.225:443 | lh6.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh6.googleusercontent.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 172.217.16.225:443 | lh6.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh6.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh6.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh6.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | lh5.googleusercontent.com | udp |
| GB | 172.217.16.225:443 | lh5.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh5.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh5.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 52673ef3209e2b81aff54bb17197c2ca |
| SHA1 | 5ed7a2e772f06acdd7a1a067a62bd46e4296b4e9 |
| SHA256 | 73faea821cac9b50912acdc81f35f216be77e1f01cbef3f9596085e48bd87c42 |
| SHA512 | d68840601d6b7b9aa7ead59b789f719d22d406783b44f940717e53a37bcd56639a00beab75cee66a431942390af2e3a9eaeab3de24782070b60b786547ec77c6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 2a267c8371f84045236028d9d98b0988 |
| SHA1 | 689e34bfc1f5b0d068c4ee62baca3e32f2a8e2f8 |
| SHA256 | 3e6148f5d2f700962e4ca856d369cf61329d27095aab4081997a69c337194f4a |
| SHA512 | 7da74e5c2144e31887d70c62f623a0271b33153f0be825828f006ecec9fcb7d1f006249171b2b6746953cec27ce3ef159f980919e2b7ac996ae64d2519938e5c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | c1f9ca4c0ba977f7c4f803a8ef675dfb |
| SHA1 | e66013db80ab187899b6ea66ade11480645d5f54 |
| SHA256 | 1abf448fbd66279bfa1c1b7922d410542c410d823ff358ac915bb81c90626238 |
| SHA512 | 20891b0d3a15ed7cfa8e0696683c974642e8673b20877fb38b20495eb8057dbc38384cb28c4b38281612baa60032ecfeb66ea518a0663d532861cd638e25b109 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 44fb209edc09729b059110518f157174 |
| SHA1 | 207e951ab8bb89cee8b7461c16bf4c6e641e843a |
| SHA256 | ab6c8cb9640266dc6e1ac0fc4fa04753b10871467fba1263480e827feadc82c8 |
| SHA512 | 0970c46d1d9834495ca19369f350a00542b849c83c82802aae4c0cd03b688639dccccda32ce80717ad25f4f94ecb3a86ec9796797a86c6ac3df5f6679aa44eb0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 4148d2a7d5b99a26ad3d34a4a1a08e89 |
| SHA1 | 1d4b5150fe8376b78a418324affefe991666ff1e |
| SHA256 | 7b4c8623e603ca22ef5e1f395876ab77ac0b2bf49a984f05130d00aa7e7dbef2 |
| SHA512 | b4ba613283115c6b4feb4e54c4955687eedc616ec8e49d8f451e6dec06f1322648015e668bd6566ce197bce62b611d2ea4a9d2dac5f892bca7965f04bdc34214 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | ac89a852c2aaa3d389b2d2dd312ad367 |
| SHA1 | 8f421dd6493c61dbda6b839e2debb7b50a20c930 |
| SHA256 | 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45 |
| SHA512 | c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | 8282c52e0517266d73f0d8dd6b2c8106 |
| SHA1 | 6ef72810e769ed36c562767fd2023db06e944e5e |
| SHA256 | 69bf5ccc24f5ea589df3fa0f406b07b8c00211079f2f178a2557b806cc453502 |
| SHA512 | 9c8e8e7cb77f29259260d9cdb2585892fd0e9edc7a50169e8f98e18e7fbc5334a141bc4685a9bfbaa9c5194d2a7900bffc2733c90efcb6c6e85f2a6329c50e4e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | 5ee8040598eb4c1c10598c0b78f49b66 |
| SHA1 | d546017f8847e486d1ae609d505cbcefb53a6a8b |
| SHA256 | b219b42fa10b10df45401c933160d4bed54fc3e581c9bd111092658c58319a4b |
| SHA512 | b3af86796d6b80dde873ce8e95798e3accfde93387be5a9ac76d79fe0730444a12b0a6a6fe3f1aa6ce9ea43540867db3d60a4347eb5505c701513cc8a53a10e3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | 21cc2b37bda2b80e779ec62213f3cc3e |
| SHA1 | a9ab7786da6be4e6e8721ecef4a3f0c942f867c3 |
| SHA256 | 97072bbbd6a43fae9dc0a63a1c0d244d5c18cce523acf4a1640b11b7335c3ad8 |
| SHA512 | 3bb133511f47da4d6da3f90271b49e913b51d9f08e38458db0c35a45e5394866ed0fc839ce0841c29919a6355660c1274778be4eb2b45ab4a058161f5a57baba |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_827A2BD464611B5891D523F77B43FEB1
| MD5 | 3cbd995f8bc61a3669d6dccec2391d8a |
| SHA1 | 39e5903bb99f1d045f6b0c2429b43ea8e2d551da |
| SHA256 | d302d7266945490d5d06e91e1c2557830688004c572f39343357dfd57ada50e5 |
| SHA512 | 6335e0e9db04d46564a47818a02c3ed714ee705dbc70ecadf252f2813ef62ed14bf739ea545d69e3214d21600a2d9257013545ab3bd7eeba17fe1fb07b2a22ba |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_6B69C29B30EAF4FCF9E240B3D6A77FC9
| MD5 | d15af181df28a93d3dd0ec8748e1fd4a |
| SHA1 | a3f4ca80c6c94c21fba95801b8171186374fe808 |
| SHA256 | 897c589d175c21601455adee18069f1ff0b0701b57d11a3f3fc1b13c2f9bea6a |
| SHA512 | 5dd966491348ba2d0095e208233340e0638421f0314363534e8e97dc1688dfef943c6185b47e52133d83ef7f23a4a624c0cffb89d6ecee6d57fcd4400e708bb0 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYNL6UIN\platform_gapi.iframes.style.common[1].js
| MD5 | 682c26af19b240f98d2cb951721fa54d |
| SHA1 | 18e58b652c7f82a55ab4b1910693686049e25d62 |
| SHA256 | 96428f0f585a874c185d560538ad83ebfad0365d760fcf9fcefe80add9e3c980 |
| SHA512 | 078aeef086271b7f9cf0f6e3a1e7908d7e38465a1a7a4de6f2a785147e9130551a2995e80600824da9341d58e5425d4505518e90eea9ffe1c64f4f41825a9660 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYNL6UIN\cb=gapi[3].js
| MD5 | f9255a0dec7524a9a3e867a9f878a68b |
| SHA1 | 813943e6af4a8592f48aeb0d2ab88ead8d3b8c8b |
| SHA256 | d9acfd91940f52506ac7caeffea927d5d1ce0b483471fa771a3d4d78d59fda0d |
| SHA512 | d013be6bfc6bcf6da8e08ed6ff4963f6c60389baa3a33d15db97d081d3239635f48111db65e580937eb1ea9dc3b7fc6b4aecb012daeee3bf99cfebf84748177e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 236c6b8ef3bf5a17e5d8e75b9d49ddf2 |
| SHA1 | c14ea7269ac8c1aec2813d4e4b4bd96e7252ee4e |
| SHA256 | 6ba78c73d47a34b28169f35ea77c10cfcf9b107dd01c2163a540e2b7fc724f71 |
| SHA512 | bf327377bc7be2466c0a822b001fa41d1720dc252b852bd0c11d7f88a56c93f05968d30ff847aaa9a349d9deff00dcf6d99a3d98c39dd840a2bdc14133e0c2de |
C:\Users\Admin\AppData\Local\Temp\Cab2FF9.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Tar2FFA.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar30DA.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fcc975ce74ff91c4698b895cdbcba715 |
| SHA1 | b1829ba09c83eb72a269f8c07a9468ce6037adf2 |
| SHA256 | e10a80d47d69e895b1619cd90a8f92181488c12c80aa484282e593aabb927409 |
| SHA512 | 29059233285018faae3371ed083d93d81f23ca5e2d2e7cb4379fa06422ab60ea58fdac8a861ccfc33d5f1aedc1163643301c4c4612767f61b8a30d125377d63c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b36766dc2a078ee3e60d6bfd1c46a518 |
| SHA1 | ea6a59cb90bf027c73bb037801bacbc1effa5e43 |
| SHA256 | 6b72dcf6b9999c9deac73aa53f7d1e4751faf451817e0da6e739888b18c5a831 |
| SHA512 | 5ee56a70bf097ccff35956341d8c290eb41de92b65b9dae650e089ff19193cb29e61b35c1d75f8bb5a0d6ed97616db39dc6f759c49c9acbf785784a802f7c34b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 474465ab0a60a0ddeea0237513231616 |
| SHA1 | 2e7e9680b4ed5f7b6186aab5aa5a76d54198f7cf |
| SHA256 | c28525cd56644b731308b8fece1bf23791602e32eccada8604bd07d51288cbe3 |
| SHA512 | 3b4422355160a83bc05b901ccd018d4e5df5102e11160257ee81423e4292c678c9a625263d5c11379b91e27331167c32078b3d3028f732736580f995e9d43441 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d3c6c3ff07e2b73eb790b462aefbb9f6 |
| SHA1 | a8c482fa66205f702a49f0880cca3a3e87254c65 |
| SHA256 | 98712f61a2fa187493e7be8b8f2eac43299752a94448ced7fb0003fb4eb74bce |
| SHA512 | 410dc579a4a682783d528279336d1c41da3ecaa4b047e47df486ef2c225931e357453d565af0ff4bdd28422b96b2da92691606d7216a1c73f27d8b68f0966839 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 11ea2e088be1cf5b998c33669ee8eec5 |
| SHA1 | bec417b43bcfc1c4701901352c06d3756af46aa0 |
| SHA256 | f467e28fe4cda1b4e21db29ec55a2957cb9f6876c0e453ebe144e473d096d5d1 |
| SHA512 | a71f2ebf0478c8eb9718f008c8cd34f0549819e42d95705eed405f973299066c01cdf197cce75ada694093a7b17689b8a5a3b47ce839344d46337f74fab47edb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2debe57991e1eaf7ff541e15b9539cf6 |
| SHA1 | 9b9f4cb0c65c549a903dce3d3ff3f5af518c8b29 |
| SHA256 | 809953e248ca1c8a5ce05d5be4b162ac849783796403a45cd649062da9067eeb |
| SHA512 | ee529c6a9419a3524a3ba66c5b9db3a7c4a22f42225a566d92beda8741bc6c243e5104943599f7242d2eee22a9e49352cb67665e9896d88003d728674fda632a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 642fbf9143d9ca687bbbeb1c0b0a179d |
| SHA1 | c3d5c64cb13a4430ddb592b5d7cb4a7ab291d878 |
| SHA256 | 2ccee576e789b057e1abd64003d01f36d29c1387c41e3b93f2d8d9a292a1f484 |
| SHA512 | ee7ffa46f72267fd1a5b240182fcbfaeb0a40e5d8788ea1bd60e4778ff4a57b68afc73eb9940652c902d34ac7cfccc0e157e33a8766ac5248fad2afdc55d55e4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 413ba7127510a36183933af66b718e4e |
| SHA1 | 70f72175a0afb06b874e7827965a1de398498894 |
| SHA256 | 3b2a5bae70c28aeb10068b8b0f610d32657c974152620936f8f6a6e09ea5a1e3 |
| SHA512 | 18776bfdd93c5c0f03ed6d95e596f8acf8ba11c9c02ae85bcada47abb0ad70565c9d97851b751d7d009710e97f0546836a08c877c635f395329b586180f73353 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 913046f48c56f039ed9488df9366b11a |
| SHA1 | 34068227b6f3633962889948b0908bd3e4b7bc46 |
| SHA256 | b3ac8936888e573cb510c7885c9a21e3da43f6d817394394ac04514a01f97996 |
| SHA512 | c2e9605cbc172ff4961eee5cb620b040e4f2b2eb2e37bfc2243103d44f58dd467cb0ad20fafb6aa829b9f61f3bbfd253ff8551a5f13067b39a26f8d6057e6834 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cf271f34df01847e8a143acd2525b655 |
| SHA1 | 4a9fa2d010f5d2cfd69ae269572ce768ff36f56b |
| SHA256 | bcbea389378c4f5b8e738a5b5f46b7aa8bcde958c07034b8cc2c5bee7c6fc4ec |
| SHA512 | b84adb2b4d8cb63d0c743ba6d3c4dfb9c165e5e4df09693397319199883661b60b00264ee4c6d28132916d389db9f2cc21ac43249d09d319860c53906ef5fb57 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 1affd03638f450d8944830b9ea117df4 |
| SHA1 | 099197bc7ade6b0980f53e46a99d1529a2e88a58 |
| SHA256 | 33a882c1d43d3c3f562b8dc1c5eebb6e2cb80384a93218ae629ce73681b080a5 |
| SHA512 | 00649ccadc332c9a17c576145eca35d63f39f25ca476bbf75ca02d5cba016688a4e9e5b7501fc213da869325f7ced75ba092397978e326f46099d1dec587d849 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1c87d3b513b88b7454c04c5d48bf0fde |
| SHA1 | 54a33cae9efa5c75cbd774075d812bae7647b48e |
| SHA256 | 631dd2af5e8916fd3138c5c21e7b5debd34ea611ac5b9877454f1104f89351cd |
| SHA512 | 4b6afcd194828b631b45ce03e8474e2a21615c131d6c43a1f6d2515153f261c0f7c1f6af14f4882a8f3e9090013b63b37fc5283018b73cf783761ddb5ff07782 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5b7d11c53868398075c30358f9db186f |
| SHA1 | 50de35d38cc494ab4081ae5edff31b06d69d99b7 |
| SHA256 | 566a8c2f3079c3eb375500bd325180012e2b6bf4cd68d956cf4f2a7c1a061533 |
| SHA512 | e3ac3c1cc1ac4920edc1ed56993361d77b3da48728218846e9543e02c35058ca92864dcee38bd22ab9027040bfbf858639af9c64fe55ba633a34700c73f24534 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 397f5b5e7f3969a3f3ae1dceccdbc612 |
| SHA1 | ee1545ad7c1882ff325cce596d6c0e01889ff50a |
| SHA256 | 77ea9df290327973978129a7d8b588c707c952408a02e522dafe9ebc23ed9f28 |
| SHA512 | 6109261b9c02a3775eba2cadebd2f91b11db83ea2ad88526f4fc4f5595447359837c763dbf49d9f5b4440bb27517d818e3ec4d9a29f796b1dd9c5401d02809ec |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f93b25121dbc782106de9f7dd5d02d16 |
| SHA1 | 12ca7f30987ce6a927557a7850df6c85c8a9ddcf |
| SHA256 | bc93a64895bb9b693609e65f14ab5ed8f4c1e1f1e009f8e1e5c281157f4c079e |
| SHA512 | 53330cc1c7faa45f97dbb13e131426ea1a048b76714ea57c59d567b5c637a81ced2c562333541cfca8d22b0e8e63c3c2f787453fe01ac351ffb54da1ed18a19b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7c01b9787f03658dcd28d6c3aca57b06 |
| SHA1 | 0bdf7da8ee4ef4c6bff2ec9fb4e7aba8f9f9ec8e |
| SHA256 | d231d665270831cd3668d2e1146051c4705e42292e098b9f964b9baa6f98e84e |
| SHA512 | a6fcbc2ee2a6f95789bac0d1fc921c57fcc838e11c2d4a675623168fd0439527e0a503d7dc7abaa26af70a3021dfc60e5be942ffe7b3c2c27d3ee88b51d360ac |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e6ddd95792e8dbf2ddb260f1a5da1667 |
| SHA1 | 7712ad3d09f6c1f177f40f488ffab20b46de963c |
| SHA256 | cdd0022296608a10fd91e37f1d2dd1a587291a2125f43af6a129dfc335de1f5b |
| SHA512 | 144f0ac56ae8dc34ce70d6dfd20d67a8f1ed86b9ffdbd7042a209d97e6dc5d4aac59f2f970a725da52ceffacb45a4172d4260b283f558fa8bd03912af9a37d8a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d72705153417bb7b43b50a35d07befa6 |
| SHA1 | 559a8b7a798125b6faf084e014acaf4129fad415 |
| SHA256 | 2fa6658a7e943efcebf4c1c3642126710fbf6b65ad7194074b48c57a96cca9b1 |
| SHA512 | f38a80b5fe0a22fea9052a5caac4ac54601e7da45fec133adf5025c707323e38eb38a3bd0bd10493f8dd3a8e11325ad67ad9b2219936bb71d2ace51d156dd6ad |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d9df5ec2ce65f63af372f2f42612023f |
| SHA1 | c546a0d005cca84a1456b7d1e80bd35a35cb2dcf |
| SHA256 | f3ca10d8f4abeab07394d3ee4c6b31db473c5f2f74e4005e1dc908fdcb16c9cc |
| SHA512 | a9c1296057b804db10be0ec80b685d35694f0c73f5d0a1c998c266badb4451e7eb68b3910d043e48a428cdbec6a070f7de936fa44fa565f6551255f597d87a2e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6f80c276c78d8785dfb770353a804c23 |
| SHA1 | 2bb2e358eda97f813f27d8398dd6a69128cb3d89 |
| SHA256 | 0e9ff0a28ab92259cd63ce60b982d83250d57e5c1460321512c7f4f4f9f69c30 |
| SHA512 | 5f640946ccc9d054e07662212441a0f440d27b5f90e1b44093d19aa7bed17b3c79507954cae81229036cdcddd3665ccac22ab67d89bd532dda0b3f7e186c7a39 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 07:59
Reported
2024-06-03 08:02
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
149s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\9108abea70eace44b5d31a8d001df03a_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffed44d46f8,0x7ffed44d4708,0x7ffed44d4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,17543722417425799195,9487794704781144968,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,17543722417425799195,9487794704781144968,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,17543722417425799195,9487794704781144968,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17543722417425799195,9487794704781144968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17543722417425799195,9487794704781144968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17543722417425799195,9487794704781144968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,17543722417425799195,9487794704781144968,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3060 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | 24work.ucoz.com | udp |
| GB | 142.250.178.10:443 | ajax.googleapis.com | tcp |
| GB | 142.250.178.9:443 | www.blogger.com | tcp |
| RU | 193.109.247.16:445 | 24work.ucoz.com | tcp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.178.9:443 | www.blogger.com | udp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| US | 8.8.8.8:53 | lh4.googleusercontent.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | lh6.googleusercontent.com | udp |
| GB | 172.217.16.225:443 | lh6.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh6.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh6.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh6.googleusercontent.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 172.217.16.225:443 | lh6.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh6.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh6.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24work.ucoz.com | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| GB | 172.217.16.225:443 | lh6.googleusercontent.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| GB | 142.250.180.10:445 | ajax.googleapis.com | tcp |
| GB | 142.250.178.10:139 | ajax.googleapis.com | tcp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| GB | 142.250.178.9:443 | resources.blogblog.com | udp |
| GB | 142.250.200.14:443 | apis.google.com | udp |
| GB | 172.217.16.225:443 | lh6.googleusercontent.com | udp |
| GB | 142.250.180.1:445 | 1.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | lh5.googleusercontent.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.151.35:445 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | csi.gstatic.com | udp |
| MX | 192.178.52.131:80 | csi.gstatic.com | tcp |
| MX | 192.178.52.131:80 | csi.gstatic.com | tcp |
| MX | 192.178.52.131:80 | csi.gstatic.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.178.9:443 | resources.blogblog.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 131.52.178.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.27.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| GB | 142.250.180.1:139 | 1.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | lh4.ggpht.com | udp |
| GB | 142.250.180.1:445 | lh4.ggpht.com | tcp |
| US | 8.8.8.8:53 | lh4.ggpht.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| GB | 142.250.180.1:445 | 3.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| GB | 142.250.180.1:139 | 3.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| GB | 142.250.180.1:445 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:139 | 3.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| GB | 142.250.180.1:445 | 4.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| GB | 142.250.180.1:139 | 4.bp.blogspot.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 439b5e04ca18c7fb02cf406e6eb24167 |
| SHA1 | e0c5bb6216903934726e3570b7d63295b9d28987 |
| SHA256 | 247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654 |
| SHA512 | d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2 |
\??\pipe\LOCAL\crashpad_3364_SFCZRODQEKBJKQFT
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a8e767fd33edd97d306efb6905f93252 |
| SHA1 | a6f80ace2b57599f64b0ae3c7381f34e9456f9d3 |
| SHA256 | c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb |
| SHA512 | 07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ef4726c191995fab90090f6c20b411cf |
| SHA1 | e9d8c570abbd5a7c58c9947cd1dc13443802db80 |
| SHA256 | 44696c52aa3adac0fa94be958ff99b3bf478945a4d09cb58cdf9b9f2c5b33436 |
| SHA512 | 2e4eadc97308ecfdfd483e9fd1e730eef01faffce889d2c22157da035ec16670cc69a9576a5149671183274066d9eb7517c38dce5550bebef9e67ac10dca36e8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 83d057893d78b7cad0fb1793c60af985 |
| SHA1 | 8fb11985571ece60b2db707e4215ef079719e6ce |
| SHA256 | ee2661b1e886699534bf5f278ed7fe46d93d8b9e5af494123c18dc6e68aa2bca |
| SHA512 | 05330f603a5ffca6ac1a439a48687678e20257ba5282c9296d0fb095ced2fd2fa8c091256dc70cac7cee8c159b363ac2396d1bba78d8f9fe964968a5491723a5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5c8c5722bec68aa2c051ecb2688b77ac |
| SHA1 | abd2380bc8121dbf533ac99b5fb4401fb3b03bce |
| SHA256 | 1431a1fd020e6ae9430ebb046acf8ba1cb7caeefec08cd5ac0836278cf642d06 |
| SHA512 | 4abc5427037dea25ca757dfe92fdbcde94d071f9dcdc8d6a558b5860666110c231f4d87ef826f1c3b210fd8f309acdb5a54c7a15c30501f0ac696209da828c7b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 1987296cff19370145c2a159d482d82c |
| SHA1 | 67304ca63b2a456aa7fdf657e16b2979db82fab5 |
| SHA256 | bbc59d746f619d4a79fd8b2616f7805a23212dff962841205325cfd9b14fa59a |
| SHA512 | d598b4fbf1b85e542da94ddf3d6921754f839d32534f8d307d04e6c8adabdd9e3bf260758527becb60f5a1ab79edd085ddc3ab9d9ef86cc3b8b8f49f833f5c52 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 0fdf3f735c1a2897003cba32e6ff1ef4 |
| SHA1 | cafe659c843a752ec5536185397dbfd9f215a415 |
| SHA256 | 10ac938ecd2585d52ddc5704eff521e18b08c8fc8152a2c9badf936ae71ebc25 |
| SHA512 | 8d6d79f81a94066c962ba7364399dc92dd9cd8e8d703025e57e2d90067e879731fa91d244da64a51fc9a30bdcf3c6d3417b5c0f698bba6fdd89eb44a070df38b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 2da02d6b38d7eb362807ec688d15bf27 |
| SHA1 | 5c5a2c14b437bd8d660a54f6f595642c826cc79a |
| SHA256 | dffd0d063d0792cbe0c9a17f31b050d66f51ad80e197e10fdaf51e28cc88a60a |
| SHA512 | ac613839cb115a5e328ae472d5c8e42a4ac2853536a3c5344f3e1e029eed26eea7267f9b473903e8971920fbb876d6af018d8bdf1abb2833c85d397e250305ef |