Analysis Overview
SHA256
bbebcbf76e9ecacf9e1d8c3481e3f6e1aabf326e72251f2df9ef9cfab8311873
Threat Level: No (potentially) malicious behavior was detected
The file 910b655932a772345443974bc8f30f2c_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 08:03
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 08:03
Reported
2024-06-03 08:05
Platform
win7-20240220-en
Max time kernel
134s
Max time network
129s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000030cf21f66d8cd546ad1344324cd670ff000000000200000000001066000000010000200000008e211da09675951f1193e4f4a724017b7760e7c3ccee8c1faae383cb5125cebd000000000e80000000020000200000002d04d16c4c5ead3a686e4504937a670c2ff7878d8ea6c7d1ddc6db264a420d4b200000000fec69260997153646716d54ed6a860703373a47264d9228b683424d67b1f561400000005444423aaa944e6d35d91eb3ba044f5974cb6e149994a3191ec01a9b3622e92ae7e79840af58274ff93d10318b29bacbd48caa89a54c99150d78ea084829831a | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B59AA1E1-217F-11EF-9680-DA96D1126947} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000030cf21f66d8cd546ad1344324cd670ff000000000200000000001066000000010000200000008191641d12bdbb74e6b8fa0d19544c057e21432558f86b8da6841e6a003ebe71000000000e8000000002000020000000441de7c68d6415cbccb8d8215bd314cd1ec2f311fb6d40881325c0508383da1f900000007b2028d358e8a709592fc44211d7ab0545d8d090238e30f825ecf598a4ebb5ec1cc47a1fefdf2827798e6d0991a2c4ab053a4d1b0f4296c2f3f1f21a76febc61f3ef95e5b6ffedd739ea6eabe35bf4f7ec11c18433d80faa834096e979e5e96828d498260322ecf5ae09baf8b610271ca4031715f621f8d5fbe4660a0decbb28aecb00dfeb425e840e46e3077a8ba2c8400000007c41c555aeec3de9cc6c10db143905964b8d9482f9287ec313b4def0f9b3ef59cfb75a70f1ec86de07d61955dbacc02261f8aeb65d0cf03a408c25608a141718 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423563654" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 907aa08b8cb5da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2872 wrote to memory of 2540 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2872 wrote to memory of 2540 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2872 wrote to memory of 2540 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2872 wrote to memory of 2540 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\910b655932a772345443974bc8f30f2c_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2872 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.oni.vn | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| GB | 142.250.178.10:80 | ajax.googleapis.com | tcp |
| GB | 142.250.178.10:80 | ajax.googleapis.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| SG | 45.77.240.181:80 | www.oni.vn | tcp |
| SG | 45.77.240.181:80 | www.oni.vn | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | templates.cms-guide.com | udp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| US | 159.89.231.32:80 | templates.cms-guide.com | tcp |
| US | 159.89.231.32:80 | templates.cms-guide.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | e43857ea3f4a19e0fd096575335de554 |
| SHA1 | 85c63f213859f0e864c4f589057ae4cb37b8a870 |
| SHA256 | 5c216647f21ac66f4dd254b76530568a4c8e351dd547c92e200f616761bfe809 |
| SHA512 | 28a73cad1e4553abfaa30b578d6d9610700d4096e3ba577e95303c0930d9c828d295ad2ad6b90eacfa9608d04bfdf985d50a6eb84916ac4460971ea73a493009 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 2a267c8371f84045236028d9d98b0988 |
| SHA1 | 689e34bfc1f5b0d068c4ee62baca3e32f2a8e2f8 |
| SHA256 | 3e6148f5d2f700962e4ca856d369cf61329d27095aab4081997a69c337194f4a |
| SHA512 | 7da74e5c2144e31887d70c62f623a0271b33153f0be825828f006ecec9fcb7d1f006249171b2b6746953cec27ce3ef159f980919e2b7ac996ae64d2519938e5c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | ac89a852c2aaa3d389b2d2dd312ad367 |
| SHA1 | 8f421dd6493c61dbda6b839e2debb7b50a20c930 |
| SHA256 | 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45 |
| SHA512 | c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | f1341b7c0f78df21d7e9dae9e6fa75f3 |
| SHA1 | cae0177621a36c6ae60767574562d266212e97ca |
| SHA256 | 6b9527a508db8f28cf0d956c7bc3a3609b2a3ccdb7f282ea5962325a2ec063da |
| SHA512 | 35db82aeac3cf1f51d0f428500183eaf24cda4e4728503e442cbdd627ed4bf9c44cf4169472f8aa01d01c022adab7112ec88b1d3ff2eabcc7462eae25f777f54 |
C:\Users\Admin\AppData\Local\Temp\Cab2EC0.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Tar2EF2.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6c3ff636d655ee9bbcecbbeb1090938b |
| SHA1 | 433d11d13dc40f39593b1c17a35f63d0bab57e0b |
| SHA256 | c2bc63a7abfd44bbd143e030572ea198825af7df692c7f30e0f91b2285f6416e |
| SHA512 | db5423db5fe3fd4c127b5b3014b5bd76d01335cde460c1e7a1815b3d12c90902e1473655943bb1c1a6f07677f3c7700bbddf3b34e97ef6daab448fea8fa15796 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar2FE2.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3e478a15d3edf41105253b22f1318ad7 |
| SHA1 | dbbcb1904c26c4fb3f6dca03cc8e95e3ce4f9b6c |
| SHA256 | c7afa1609b9908005b00d34b202b7005a81135569725176420d50d04352b4e26 |
| SHA512 | 7f18f8730166638d5364a2a4965f90a456066e0a3f8fc8c3626e77d7b100077083881692fdbee9f1d889eefc01f2555221cba83b2bcc54bcc1ae439ca41cca0b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a6ce8785d04c941fd14b66727c208415 |
| SHA1 | e707e1dced37e0a1ae6926cf3297e5e3702575b4 |
| SHA256 | 6847fcfc6f715b6a66630d1ba42f2fb6de87162d3f4ef3e6b6ba3343122e7ed8 |
| SHA512 | 6b27b7d12359c39a58ced1f5acc7e9fe7c3c7a0ebc38d687eca99e0b591ec6652b63a19966ff1bce0fe1ae3b77d936ee7d3a04e366f10fca3afac5a56a06435c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 635500505956d2a92e42171585844cc4 |
| SHA1 | ecedc1dd6d428aad80e592af987911cb13d869cd |
| SHA256 | b466f1bd8385515479592812968339d88d0f9ba566bd4849aa5823b1ed3df2a0 |
| SHA512 | 023b1cc836c6fdbb200c96f59b957cce8f531d566b90dddbebd755fa8f0b5ed386ca5a8ab4f1592a92d7735a87173c3cd18754e5f6e5c232d0b4d57f317e127a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 72abbd5884e1aab932415929835c9009 |
| SHA1 | da9a77ee23596907d199c41ca8a15192ebdd9e52 |
| SHA256 | 0bd8d81a8ae216022a093a822392bf4a575b523d6a24915627efb7d3c86bdf5e |
| SHA512 | 425940a406fbc1375c7c091c150fc63e924fec96469e1c8741220e48026e3dacda859b770ffae15c711f65464205bd589181a3a18f026d6bb21ee556870a4aca |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c5ef3076c5ba1ceb834ce14c8e816a4a |
| SHA1 | 4db5db6c80a4c2f2d2d30744820d655c9d84e90e |
| SHA256 | 668442f59565b43d73bf8bb5dbf50e47780190e11f8f379f085f296eac8f661e |
| SHA512 | 202552dcfe89bdd6ed80f0b062ce00f811339e56ac7de72c58e7dbeb0e31ca885bff5bf5f4bbfb69a6c4f0b17cf2263c541669b1e62ef1a258df7302df4ae897 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cb9520d90af274b80f6403849d26709c |
| SHA1 | a2900c568b13008ceb97498e7ed0bb6d81d82a36 |
| SHA256 | c8c14d10c57f90fefc041f017848762a88595072ff77b17b2401aa02128a3002 |
| SHA512 | 04f298b7e678bbda424ec7f494fb331bb0d2244895a5a418a4792a5423444df495d638f322a63b184f3207b06593e7cd528e58699090f61407b3a031b510a2bc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 441c3d8b95ff8cc159d6363f2f0a167b |
| SHA1 | f049665e09e7e4700efea06052c55883256c015c |
| SHA256 | 538635a788e1d2e3e3a0a5699a908afa43e6fe13f3e47be060916414172b16e7 |
| SHA512 | 4296d77629f838ab3fe70bdb01760bf8e702ca71d7149afc9caa6ae53694c0f46fc44dcec16be4b106e5868388987a8c52fe905c34bcbc5340c13f557b3e79ee |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ebc2cf48f5e13f568bbad5686804ce85 |
| SHA1 | 10484a3740e150779452fb778ac6910af3830200 |
| SHA256 | a8d55c4625688e77020e51f3b26e36b734684ee3a520cfcc5068028cd85984c3 |
| SHA512 | bb29cc5faca4e2ade8c9b5a7bdb7dfc9445595fc31d710a94588f0f1341fd1f27d83ea21b642f6eecd28e0c7361cc13d27390068442eb441020326a00abd9bdd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 697f86fe52ccd0a0063c7b917c055370 |
| SHA1 | e2100aac57a9fbd6bb5fb5ad870eb08de995674f |
| SHA256 | 089b222bdee5509bf9796af3d76d38209882531631ce33ce61a83fcfec6a7cd9 |
| SHA512 | a08b1e69b1f2172e1af30915425f41e541c010a5db386222d6772ad8cef66f3ee22f46a49f7257fe019f52480a2309c7801d3e486b8f5116915f16a707369c7e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 49a01f75f671bdb402c7a4170aea63a6 |
| SHA1 | 920bcec3598553a97c0752476349770665c58dd1 |
| SHA256 | cb624ed6d4b3df8cda0fcf04905d30eee5ccae7c423b0cc317ad4301720f9afc |
| SHA512 | 92bbd1f3cd7e57d5ab72e0c228be589a025fc3e9e515b4e8d79bf1d90516a28918b04084dce14b9cfcacd32a82f5193c4e2729e77e78bff7871374ec15af043a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9517912f32f621da62870872c85e0fdd |
| SHA1 | 17e78faaa4168ac351298af6f2f8bd10e2a9f81f |
| SHA256 | abb25e67394ed530b169c049ce6cbfbc08ee65bf51f2815cf2c827eaf2483fb7 |
| SHA512 | 83a84da77d82dc63db0ba8a1f9b0e7125fdcc5344995b51dc08b4d61843e6c831bf3d149cd3c6626772b1cb6f12daeec8c7d7ca68fe5387e5d2f9a303c1fe832 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | db2bc51882cf1612e68cd42becde1c0b |
| SHA1 | 53a74179f352246a7d26d10d0d243bdce8cf70e2 |
| SHA256 | 0f4137263d8e570d206181618ad1b540651f19e419e969de42d7a6548596ac88 |
| SHA512 | 3d26845f03cc455a2e7ab20e86d5406134ebc5c7cf3e50859301c4862bbc3eef72bee98ae203929836e84ff42c9e347ee053408e792db001222b86dd03d7030c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a80c9f7138559cd2806c455fcced8152 |
| SHA1 | 03e65cc0abed82d7e9e2bda6a1ced6ecdcef0591 |
| SHA256 | dd08cb8df10ae5a636a8af319bf9736874b6eb5f6efade6f9cb92ac82ce731fc |
| SHA512 | 3a282a5fecfc349124e0189cb6c9d39c013555b0e852df1098519ef9a9e9436fc28a5e4c5789ba72cbdc9bf7e6ce74241d626435a091ecb5f644b43edfad99ef |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6ff537e671f20ea460b4d0da8b0eba8d |
| SHA1 | 651cb7a21b4c80edd6f296fb11b0f34b3f00558b |
| SHA256 | e23994ea9cfaf2d304b57bda9f0d3458a002bceaf62bb906082f84b765740600 |
| SHA512 | 374d5f217e97ad8c0c360c7766da77b4b531a08c4d88e41898bf61b71e372e8c34f8bb54aa591a957678bee4106871267ae13b96f65cc5339d4d438a2ddbf64f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 82556ef53f78d5c6b1057a642b7f07d4 |
| SHA1 | 8277d81c2c3b34baf1c5e5cfe9f7bc62893f1cfa |
| SHA256 | e946942066d608adaf6e92fc8650239efa847765c5974e6f0a4ab09e2cb44dc8 |
| SHA512 | 09f10d3a96a28a6d06d33f9a3b9313f7b223acffb2892c8d6ecb1770e20b072becc96a14b4fd004e497be867446f8006654bab7325747e154c87e2dff31942a0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5d392fb7e1960df514327d4bb6b2d5f4 |
| SHA1 | 81f7777b246f80a9fe82ccd67f2f5757ac4e8119 |
| SHA256 | 7da022f36abbcf9121735ba1997ccc0048453c199fd396d64eaf2450f965de76 |
| SHA512 | 8136800fa8d21b8c4cb11449a8deac437629f05cfd95ce1e1a6e2eeae1993319ce6ad3977c0cfbd854e2ef2a11dc3de19f65fa651e837126bfceea21f1f6e0ef |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f4b4d65267b11e70adfeaa96ad469478 |
| SHA1 | 6129f107534e829e9193a7e23e12269e00f1e140 |
| SHA256 | 39d30f455021f17726c9654ecd2c6213f253cbe7b316544891c3cbbcd9bacc5c |
| SHA512 | e64485d9087289893d1b7154c614e22353e413c7c082ebe19c44225e175943fe68244bf812d42cb351561f3e4a3198eb4e2f729e692bf8ac32c65df9ef7e4876 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d085c588c9d96aebf918385f7db075dd |
| SHA1 | c08a093989a511e9edd2e5147caf6d21c4d4587c |
| SHA256 | 07ac86e35a8c88d82fe4ba7e1fbd0c202ae76791bcfa0a447cf7e3ad1a3b57ac |
| SHA512 | d23985e211aac7d0df17de57e41b7bdb6a89f7629d069cbb2eeb8ee5828b380869d224ea21d636def1138c369951d19bbfc2f52a69d1add77cf2c50bc72ab834 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d4615079b575ee6e383cb002cb1a3e86 |
| SHA1 | 4cfef3a03c7b99785a3b881402c07c85b7847219 |
| SHA256 | 4ec36873e6db822554ef71ba95405b2ed532f68c120aaf37a29a28cf302bdbdf |
| SHA512 | a09c9bdbc41a49b02d8644f89bec401f259a82392467ad66eea0a814552b02cb8947daeecb304813127870ccb8dc5bfa31bb74aa3027ae4d982995f14f7eecdf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | d893ed38cb7a787dcbc41f00a533d7e5 |
| SHA1 | 387248a7afea61799f58a7a232d768a03df224b7 |
| SHA256 | 166ade399d0debaef0f63c880351c478aec81c9cea5cae05d7e1ce373be40ff2 |
| SHA512 | ed6775497c9247cba39b3f270f08b990442ec0561864b6742a21d40d45b187e9666144b5da6c1e9d7b04f31105cebb305942818599814389807cac82bd996ce4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d51a8b8c03e34afffd5f751c1a1e6993 |
| SHA1 | 3e7f39491bdea8913b8d537deec9b919fa108da6 |
| SHA256 | e45b3f95501e04729b400f1c0484c2825f38bc0524d46ef6a2202f0243ca770e |
| SHA512 | ec7bb9d0b2315fe3a6c79d335cf04eda4438c7af1da629953d5772ba85ce45fefaecb7c690223840a28627c9bc5bed6d7754ea2161683f9f8adcfa2c475496a0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c6ff42a6be231e09f672c641a24f2a9f |
| SHA1 | cedb0c1bc9a824d72f0e9734e37a6b248f5afbb6 |
| SHA256 | 5d2b9816e95a2487d00f889d86ebeceb505bda9994eba9c49312a7a7e056766c |
| SHA512 | 4de6d9287701244c456fb5a4471e714d40fcc21a788a26b758df8f919c7039e0f64f5d244c13b5696c4758373a165e17f8793d1f1919aaebe7389f227e660010 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0449dabbeb5158f089986f691d611ac1 |
| SHA1 | d298d131d668a4bde9a5a5b08f64cc5dac2aeb4a |
| SHA256 | 837c7c24af9d48f116644a477853f1ee80cb6883e436e2a4f81203bba11d1d8d |
| SHA512 | 6f5d840f3d48f7d3837b33f1da7c256f4bc23669b6c50cb56e41a2d2820c4a1d5da23bae4ac5e277a0fcece509d4c118717568906a34e19a6e3c83eaea11561f |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 08:03
Reported
2024-06-03 08:05
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
138s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\910b655932a772345443974bc8f30f2c_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xe0,0x108,0x7ffa05d646f8,0x7ffa05d64708,0x7ffa05d64718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2224,4518517453977675639,693095578673809602,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2228 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2224,4518517453977675639,693095578673809602,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2224,4518517453977675639,693095578673809602,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,4518517453977675639,693095578673809602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,4518517453977675639,693095578673809602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,4518517453977675639,693095578673809602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1972 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,4518517453977675639,693095578673809602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3772 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,4518517453977675639,693095578673809602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2224,4518517453977675639,693095578673809602,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5412 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2224,4518517453977675639,693095578673809602,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5412 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,4518517453977675639,693095578673809602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3608 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,4518517453977675639,693095578673809602,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,4518517453977675639,693095578673809602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2192 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,4518517453977675639,693095578673809602,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2224,4518517453977675639,693095578673809602,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5084 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.oni.vn | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| GB | 142.250.178.9:443 | www.blogger.com | tcp |
| GB | 142.250.187.202:445 | fonts.googleapis.com | tcp |
| GB | 142.250.179.234:80 | ajax.googleapis.com | tcp |
| GB | 142.250.179.234:80 | ajax.googleapis.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 142.250.178.9:443 | www.blogger.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| SG | 45.77.240.181:80 | www.oni.vn | tcp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| GB | 142.250.180.1:80 | 1.bp.blogspot.com | tcp |
| SG | 45.77.240.181:80 | www.oni.vn | tcp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.204.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.187.202:139 | fonts.googleapis.com | tcp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.240.77.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | netdna.bootstrapcdn.com | udp |
| US | 104.18.10.207:445 | netdna.bootstrapcdn.com | tcp |
| US | 104.18.11.207:445 | netdna.bootstrapcdn.com | tcp |
| US | 8.8.8.8:53 | netdna.bootstrapcdn.com | udp |
| US | 104.18.11.207:139 | netdna.bootstrapcdn.com | tcp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| GB | 142.250.187.238:445 | translate.google.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | templates.cms-guide.com | udp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| US | 159.89.231.32:80 | templates.cms-guide.com | tcp |
| US | 8.8.8.8:53 | 35.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.231.89.159.in-addr.arpa | udp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| GB | 142.250.187.238:139 | translate.google.com | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| GB | 142.250.200.14:443 | apis.google.com | udp |
| GB | 163.70.151.21:445 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| GB | 163.70.151.21:139 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | playgameviet.blogspot.com.es | udp |
| GB | 142.250.200.1:80 | playgameviet.blogspot.com.es | tcp |
| US | 8.8.8.8:53 | playgameviet.blogspot.com | udp |
| GB | 142.250.200.1:80 | playgameviet.blogspot.com | tcp |
| US | 8.8.8.8:53 | 1.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4158365912175436289496136e7912c2 |
| SHA1 | 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59 |
| SHA256 | 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1 |
| SHA512 | 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b |
\??\pipe\LOCAL\crashpad_1200_IRZHFEAOTIYFHWRQ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ce4c898f8fc7601e2fbc252fdadb5115 |
| SHA1 | 01bf06badc5da353e539c7c07527d30dccc55a91 |
| SHA256 | bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa |
| SHA512 | 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ba28e787389502504fe55e90353a380e |
| SHA1 | 31d7b19c1be9b17d183a7c239d8091cd5d74936e |
| SHA256 | a184f8398b4b3659471670928b6d92dccf23b0b252c3ded0f6b5fb605dc6babc |
| SHA512 | 3e43d18a1e965d37764d174775666a6fb7fb49524b753eb7356f485ef731addb9cd84dbb788e180a6b86c78edff4c1a907f571f9dc55f28a8ba39af8ce7f63c0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 24c426656fbbf32901a66f991ba9a8f1 |
| SHA1 | a4cc09b7ad855c0f3c5ac32848ba5ed17bc5a355 |
| SHA256 | b287926d3ef615ef0bd938f0e210612f829e6c701b0feaa94b1776557c7d5d38 |
| SHA512 | 008e7211380bf23d042270b647bb5b4638bff6c2b815efaa273971bbc4f304fec2b183a7ca24fd43d560e4a9dbbc8feb2fdc5c05411a0cbd8e42f50b3106faa8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a107883e2f253326caac03a2617307f0 |
| SHA1 | 4162d25087f09e35f71459c9ce5a86c3c68686f1 |
| SHA256 | 3c1024732b43107b6d1ff4e69d1525523bf40664dc50529cd4819a0e49aa9ce2 |
| SHA512 | 6cc9e269ff2e52260d2a2b2b1a95ac8d5e5c5b03adf3e4981740dfeb2f04bcb1839266d42089423c28a6580ae43c788b3bc6cb7d6b3c87bef306f057e4b3180e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6cc46454d882058c3fc1d64a11d93f19 |
| SHA1 | e151599ad57588b759413713ff1b8f7e3395b10b |
| SHA256 | d28e0957113afb848bb349d907bb4920d9e11647f2051d8ae4e2dba6bda3981e |
| SHA512 | 13fdf239fa1a5d1a78da93a3f240ec84b3a6bed9e26a534854d02621775d9f7183ef52210a228d30d6298341c9a4f8c4f4c586a40f923b781691708810788c31 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 454bc3fc37e43ee496b08002a1287d21 |
| SHA1 | 570b74df889e803dc650ded60fbf18dd223bf0cd |
| SHA256 | 467bb8bf227bb011437e88b2acf2ddc70b3699998a624b3503716b4fbe1ca85f |
| SHA512 | dd47ed1b494f568637767c752ebe67322b83cedeef623d97db3f4ae26b120a02619ae533b83b0a57edbaedf6e0f4977e947376646943a0c3308fdb349e4f3bc9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b13302826ed8b024966c2f34b88a586c |
| SHA1 | 9de4b2dd0fcd0685cef4d3a2cd23dfef7d7f81ae |
| SHA256 | 65f273221a46c9c504b0354264236c76e714ed244eaaa9e7061360489328d92a |
| SHA512 | acdd8c61deb89cfc0b98271975f3d8b55a42304dd4c943b19fbb49e22794dcc07e34d1e5aac40c2c2bc7558427efe1738fa6c331556870f070fb1c4e4e876545 |