Analysis Overview
SHA256
f6d4c8ddefced5c5b71acf41ca34aa9ef57234d5d9c261a6c5e2f8b4af71d60b
Threat Level: No (potentially) malicious behavior was detected
The file 91e16dcd6553144d91e5fceced880e8c_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 13:02
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 13:02
Reported
2024-06-03 13:04
Platform
win7-20240419-en
Max time kernel
134s
Max time network
127s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{856B6BB1-21A9-11EF-B781-461900256DFE} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423581612" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d100000000020000000000106600000001000020000000e524f3b38367146d8d0994721c57cd1013eb2ab7e7c488cca90a9f25a0db5f86000000000e80000000020000200000005733b5c9fb3e2ffe1fbea95ad484bfd3b424fa407784c464009617ca71fa954a20000000f3d524313b7bb5fab676294424459018f5ad00a393316770356c2362b9b7ead24000000063cfebf325245c66411b44a8c22bf6c27615eeb451b15e05e5c8faeeadf488664d243bf6f0f9b7569bf2a13b31b4aabaf074916fd7e9a807ce3c1d1f4cc5d23f | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 40958f5cb6b5da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d100000000020000000000106600000001000020000000378852278f337d0f126512a9c5103e7e76f1b005eece55f8ebe4999980cda6c3000000000e80000000020000200000002923d7b5617fa594ac3f9d05a0e382b13db399f61bb8c2e7ae31355ea87e552990000000fd68fd56f674690159de9adaa93f94fe600e2cb42b7efb5f4a1a716ebf953290c431c41b9928b750a171bc28c92dfcd14c38169cb165e46ff5c8180d18cf85c9353c8dee242688fd7926b1cfa0ea6cbab2eead9fe1931c814d8a6cf9911b6d68d77f5983b42d1f62ab70486ee1e528f97ff05bab0be01f1d4b8d9d4f4c7b710458c711d05080fc6c86362654dfeb704440000000285247fb9c78f6675f2a185da0585d2eef3f92c481609cb6a9dc7850f1b9353c36b1690df3d506d15804aa067e86ba940e4112d16f3edbbbf9b4c6e8bfd92565 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3028 wrote to memory of 2244 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3028 wrote to memory of 2244 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3028 wrote to memory of 2244 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3028 wrote to memory of 2244 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91e16dcd6553144d91e5fceced880e8c_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3028 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | oceanofgames.com | udp |
| US | 172.67.213.70:80 | oceanofgames.com | tcp |
| US | 172.67.213.70:80 | oceanofgames.com | tcp |
| US | 172.67.213.70:80 | oceanofgames.com | tcp |
| US | 172.67.213.70:443 | oceanofgames.com | tcp |
| US | 172.67.213.70:443 | oceanofgames.com | tcp |
| US | 172.67.213.70:443 | oceanofgames.com | tcp |
| US | 172.67.213.70:443 | oceanofgames.com | tcp |
| US | 172.67.213.70:443 | oceanofgames.com | tcp |
| US | 172.67.213.70:443 | oceanofgames.com | tcp |
| US | 8.8.8.8:53 | media.oceanofgames.com | udp |
| US | 104.21.93.174:443 | media.oceanofgames.com | tcp |
| US | 104.21.93.174:443 | media.oceanofgames.com | tcp |
| US | 172.67.213.70:80 | media.oceanofgames.com | tcp |
| US | 172.67.213.70:80 | media.oceanofgames.com | tcp |
| US | 172.67.213.70:80 | media.oceanofgames.com | tcp |
| US | 172.67.213.70:443 | media.oceanofgames.com | tcp |
| US | 172.67.213.70:443 | media.oceanofgames.com | tcp |
| US | 104.21.93.174:443 | media.oceanofgames.com | tcp |
| US | 8.8.8.8:53 | oceanofgames.disqus.com | udp |
| US | 199.232.192.134:443 | oceanofgames.disqus.com | tcp |
| US | 199.232.192.134:443 | oceanofgames.disqus.com | tcp |
| US | 172.67.213.70:80 | media.oceanofgames.com | tcp |
| US | 172.67.213.70:80 | media.oceanofgames.com | tcp |
| US | 172.67.213.70:80 | media.oceanofgames.com | tcp |
| US | 172.67.213.70:80 | media.oceanofgames.com | tcp |
| US | 172.67.213.70:80 | media.oceanofgames.com | tcp |
| US | 172.67.213.70:443 | media.oceanofgames.com | tcp |
| US | 172.67.213.70:443 | media.oceanofgames.com | tcp |
| US | 172.67.213.70:443 | media.oceanofgames.com | tcp |
| US | 172.67.213.70:443 | media.oceanofgames.com | tcp |
| US | 172.67.213.70:443 | media.oceanofgames.com | tcp |
| US | 172.67.213.70:443 | media.oceanofgames.com | tcp |
| US | 172.67.213.70:80 | media.oceanofgames.com | tcp |
| US | 172.67.213.70:80 | media.oceanofgames.com | tcp |
| US | 172.67.213.70:80 | media.oceanofgames.com | tcp |
| US | 172.67.213.70:80 | media.oceanofgames.com | tcp |
| US | 172.67.213.70:80 | media.oceanofgames.com | tcp |
| US | 172.67.213.70:443 | media.oceanofgames.com | tcp |
| US | 172.67.213.70:443 | media.oceanofgames.com | tcp |
| US | 172.67.213.70:443 | media.oceanofgames.com | tcp |
| US | 172.67.213.70:443 | media.oceanofgames.com | tcp |
| US | 172.67.213.70:443 | media.oceanofgames.com | tcp |
| US | 104.21.93.174:443 | media.oceanofgames.com | tcp |
| US | 104.21.93.174:443 | media.oceanofgames.com | tcp |
| US | 104.21.93.174:443 | media.oceanofgames.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464
| MD5 | b712ab335c43665e99f17ac1cad83d54 |
| SHA1 | 425f45571010b7b76716a762d91ce6929a9a82c8 |
| SHA256 | c7d57cd4f0b92a7b9c084e295f3c43b74604b7612fa0a27343616199c591d86c |
| SHA512 | 01a5ff236d33811be448ee77924e5f8c74a02dd5de0b5fbb4fb9a445fd35bc930f3924f99e468e7a82a297338c39479f4b618f15c025346e6b45b5c72159e170 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OV51DDG5\picturefill.min[1].htm
| MD5 | 0104c301c5e02bd6148b8703d19b3a73 |
| SHA1 | 7436e0b4b1f8c222c38069890b75fa2baf9ca620 |
| SHA256 | 446a6087825fa73eadb045e5a2e9e2adf7df241b571228187728191d961dda1f |
| SHA512 | 84427b656a6234a651a6d8285c103645b861a18a6c5af4abb5cb4f3beb5a4f0df4a74603a0896c7608790fbb886dc40508e92d5709f44dca05dd46c8316d15bf |
C:\Users\Admin\AppData\Local\Temp\Cab1660.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\528EVS6A\coollogo_com-236847847[1].htm
| MD5 | ce1a246981cd1f6be84e53fb3b6cdcea |
| SHA1 | 1015019d9970df1a146cb182bb6c4153754550f7 |
| SHA256 | 092d5e8fbc98868f8eaad1a535fd4f1481ec50b5d8c315a77d59cea9eb8df6c3 |
| SHA512 | 8a97558ea903b142ea09d7a2e0f17480cbb215d9144907cbb1d7802940a275ef992678547b75dea1d9b6d08b0a3488e90c70453938eab39400144a2791852bc0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1f141110cfabc422ece632a0b2e8cf44 |
| SHA1 | 64879e79a0b5fbba7d850c41b398a6c44ce49d6a |
| SHA256 | 74cf9cbc4afdae42177bf149598229638f09605f8a18ebe812a42b4619ac9b09 |
| SHA512 | cb5c9b67da2e1cfb61969575d6c777ec2d43ac26f4134cc05f57c0a88145a26f38e73edc8af8765b8287bc29c5848b7a6b9b410335d271dc5c533389bd77394e |
C:\Users\Admin\AppData\Local\Temp\Tar195F.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar1A51.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\528EVS6A\autoptimize_fallback[1].css
| MD5 | 960021cac60c2b41f67d07df87e60732 |
| SHA1 | 341b027ee26bdbce721233421992012beab416c5 |
| SHA256 | b795ab45e2b898b7d7cd120437b336e3e7742bf378199ffad186188938b89ac3 |
| SHA512 | 3f7f0e95b997a5ede84300a787fd96a1c7501df2efbbd648572b44946daa9d0755f07dc1239aedf9a9f7c8b2954394bce7bcd777b0b1ed649f0fc19e9b2c461b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b827af30316c08b52bf7a4542f8dc40e |
| SHA1 | a6cd294b16c528732de598e91b6669060224e9a7 |
| SHA256 | 39177cb3acf543a775033a22cb95b7d6f8be86d80677765763ce0071be2797c5 |
| SHA512 | d107cdd68bbc5c174f0627f3a9e23535568f8e93e2ad67b0e58c6583f3749370696d941a3d4f2b640068134d084c49ce9815e05ef4e95b5d4f1ff5148223753e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 24d2d3adb7b4409d3a5060313f7e0816 |
| SHA1 | 6d5aae177c45352142cef23624fba2a778f56efa |
| SHA256 | fd5cd327bc71f3fd29ec2ef0b0c71da24151a9dd0bfb0ff7e52af985d7c7b181 |
| SHA512 | af0d7336bc0ac7b50c3de09253c8679cac17964dc8e021e4f9c61945a548a7f217495a40a9e5571855a46554543ac936f083d14c6c163fb1224becdd396da0ce |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4396223fa576da0c8c8185954a1cd529 |
| SHA1 | 33c443ee7e796cdffa178c241992e37da23aa9bc |
| SHA256 | 6c49c879b991ac8f2243e7232cbac2591fddbce26a5ddf6bf0c70a38a2a043f2 |
| SHA512 | 830efcc2597027e65427dd47da53cc4b84000b3b6ffe904b7b6188c13ecd06d46162dfb06cd4c97cf536d10c06e03b0d739cc80992bc89625c24b34107c2a944 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | df62dcf0d91d9cda0b195e00cb220dca |
| SHA1 | 0311da957d4c4d1b35402588f6f7785a62e6babf |
| SHA256 | 0c02f5f64ccc0f7c06a6c79817d3de5924e4ea3e8b7c0ec4fe21b8d408845168 |
| SHA512 | e3d94eb09ca310220f7358ad9d632c6eb5709c20bf9c3996d4362c2a06c1deaca4c777d6a0561c28d073ba8a84ff1a2b03b7ae136cb19e36b84cf72ba092e80e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cad93ee0ab7e9188e42d943e4f6e1f5f |
| SHA1 | 2fbd8b203a06855de7a466c519f43687cd457099 |
| SHA256 | 31826ffc0cb3b6a083dcbba406aa207f4c0c300e9d57326cbcad1b19e6c95a92 |
| SHA512 | 9305b4140d23d7a7a4f2d17700cac6ff742dbdb292646db035dacf360f0a925a8ec03a9baebbcb758bd3c72e8c9044a2683d338a15f8e9593e195473faa22d48 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bd2e679e8ae27f0bd62dc7f675272c79 |
| SHA1 | 61c7a85a92d944b59033d597d5cafab1fbea41ed |
| SHA256 | 343f914effc1c0690eaad765d6a147655abdc540634116557b701029ce8ceb8f |
| SHA512 | bfd852f0558973d9127fda3bd87df481d7809f0c5af61981110ad2baeedbb5ebe09e5c638c4428c3e95e0d267206362a9387d54e356777821530a147b173deaf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 31597c9f97d500562da338c0577e9df7 |
| SHA1 | d295b2d0ffdfbad47bba8f62685c9a15fd8ddb00 |
| SHA256 | 703316ed31bb83c00ce5eb371bb6f7036bb31086aece8bc30f4602bf3f93efcc |
| SHA512 | 90a9033b531a7a5152f28816f047d28e17399fc3d396f19d957148677779c9f9b93105cd4f88d02051ae8318aec459fe4c8ac50af1786d87c7aa2d56a01d4745 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d9f1cb873bd0eeffa36a36b01d29b202 |
| SHA1 | d0a409209fb0d99bbc0c696c28cb3fdf705ea69d |
| SHA256 | 00b223bc7aef22ce78cf4b860f3167eb547958f88ce63606d9e5305ed5ce1ef6 |
| SHA512 | aa331486b9789db221ba71807f248f595afc4d1a1e1795d6e1723b4d15094b2dd9a41d5af79129f6c1fbad4436c6e0243ce17fae4133f7630534d5c538abf892 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f859ba0290d332604e657c9213ce346f |
| SHA1 | 6a4930b1040c5b5ddb589ea73e83f4d0643d4b58 |
| SHA256 | d575f06ae6fbd915243e0c3c274e0124553dbf6069da8905986643b67fac92d2 |
| SHA512 | e1cfade9fba3c3c121af7cd27ae88ae2c2c13677521a35acf3f61d98b15107c20c00c9a92891b7e4a1554bd4ed468891604201bc99c2b772bde854e1d227b622 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9633d95c61e7982f3cf50e71cfcb33a4 |
| SHA1 | 9aed91add7e90137db4b4a6912491d995bb25d7e |
| SHA256 | 0d4e619c47e29be9afa6077e05520d5b2ca532ec238487a71807b3db25fc614f |
| SHA512 | 8dbae911b13b10670f5fb457088c3abcf0ba340090946cc5c86dd4b91fdabbee2c8dbb6465391e62b0549a3960979a27659992d0406868170732371481d5b792 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ce67fff0684ec862ae0142f286a2fbdf |
| SHA1 | ace2e62532a3f9d4458201c615c0c67f3a5bb606 |
| SHA256 | 0b00a0949369e6463d282516c76f59abfba4522f77c5d396078e4546badb48d2 |
| SHA512 | 34b174c4fc05c03ac9f941b481149fd16d53b3876084088d097c92187a3b5ef5c735f91e3f0fccebe9eb6d1e4ab44b462224f5711897b32c59760d4e131b25dc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c1a2116f699b543e634fcbb135440695 |
| SHA1 | 2dd020df26399c9a1a27ff24e8ad85046c3e3565 |
| SHA256 | 42d41ddfda0e69498ab34d3aebd53684df8dc021271ed55879c14bd80236bc44 |
| SHA512 | 2735422f4c563960a28a6e43d989ad9df7de2106a2da497810edf9944d9e30082623b6aa4f41bf67a84d3e8197f08a805c3ede5cd301f9b816b516945ee84f9e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cc98195b6af976960ba381f7316ffef7 |
| SHA1 | 9e9c5f6a07c678345557badb90e167e6a8ff9a5f |
| SHA256 | 0d1657847b4541e8f959cecd43ba9c2cf344293064c8710f5ce2c8dd31e27bb3 |
| SHA512 | e4f1f50053ec4e3b321e9877294fd04595861ddebf9ca9b7477b61788a678638f64ac98104cc764d95615a412333a08c1283578d6b765d3ebed3465bd240e5bd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 96413d491309299c032e0fa90cfc7e9f |
| SHA1 | 72a50a39a3661de04026195912190744dcf9f6fd |
| SHA256 | 4fab3a7baddeb2ac8c8e83e201cb9105c8b270aa2c0c81ab1aa7de65eb18a9f8 |
| SHA512 | dbd0275691b207c581ddf854b008f26a3f034ad1dd8d11ae22b8bb13275fac0aa3cd9f4110a81c87edb2b1a22a3ab9158cf8af5620b16a65bc97e745f1f2e1f7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | abb17aeef579a2c61c1b0534bb410600 |
| SHA1 | 705488630c8f3151dad4f55e2ea31ffd0947d789 |
| SHA256 | 27d3eaf3d91c0a0069c43999f018fd04b555df0112b3ec214c109ab11a31e99a |
| SHA512 | a513402412aeeea0ff92eb8d985d1b83dd41803f8910f4c86d37df61e641952e88cdb4dde1f525491d8a42c5a5e41d361fa6058cb160557392aeb543c253b1d2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cadef7431c8e3a39cde8d63e37aea0b5 |
| SHA1 | 3790a903b129198cec23f7d36afb750e739b365f |
| SHA256 | cb8c5d5bffcd36c4d652e139a8a41f0d1c0a4b8d3c5aecbfe8f714b66aea61ea |
| SHA512 | 7b92d100d2cbd8ecd5fb0259197749b96143c9a087cde9e5b1d25361f283e4a7ff9e1111edc6677eba9c9e45bb8832d9bdc806ca232f9574e2e21ada460b97c5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 92015f60e3fee73b911016a8e79fcf82 |
| SHA1 | 834522da6cd0721db6cc505bf6cd50997ebff3c4 |
| SHA256 | ede820cef5c823d361af4dd97fd13c72a818a5c7ba58267f036b67d6b9dbb724 |
| SHA512 | 181bc4094a352e43ea00810dbbf977f349a2fe1a527cd71cc7a5e8403ab223af00b5d8659558d13d0fd0d20a0d69a744a722c0c809d7f67f38caf23cf7bf9191 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bccb4aab999129d1260711e101e7d0d2 |
| SHA1 | 9a0f0b5a192dc6b035f7834526074efba79fbd3a |
| SHA256 | 9b61a9d3178bf5a9dd926c53c9f2d1206a0c2d6c0c164070bac5d16c81ee2605 |
| SHA512 | 952befdd143df68ce886e7ff3f9afc191ab9619086f37a6496b0800fa965fd36cffd8965c7e6d0490afe6fc2e9c7964eb0a18638768db8cecc15af223c142b75 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | ee207abec1ae6573851eb174e83115f6 |
| SHA1 | 62c5deb8b7f32ad06410035a76a25d449f8d16cd |
| SHA256 | 605a6e5840f30ebdde3b95ff95acdf16c555ac1ec0fd09e350e9d0ed52db6996 |
| SHA512 | e4ef96fa160933c4cccb25eb2643f736da9ea39cc108f240032ea59694c6a997878253c88985a6b2f10426d1c545984802855939023b00f9bb4e63a488dd7de3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2240dba7dbcf203aafa2b49159b775a7 |
| SHA1 | aea486673e1888797ac0beefbd1e5e08718707d7 |
| SHA256 | 18d1bcf5862e109d25432e61e5baa1a16e71fd025aebc8d6647d47809ea53f94 |
| SHA512 | e9d8b863af902afe416bbf522b3b3304dbe9ffa220df33461cbcd83557bc52c454203fc382c101a44b1dd58af01406bebe9bde91df81e5926c25dd9293ff0476 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b0c8cadfd7b78848578c99ea48fe4a2a |
| SHA1 | 8f02e4e9ba94cd2c059377696d66cd7f3e8c9dab |
| SHA256 | d8f0a51214f2d729b67ab7547efad2edd2d93780cd07e493bb52fb990b9a521d |
| SHA512 | df737c3ab7c24bd8d9c1e6e8a85c73b1df10d0e78f79dbd1eb1ba5417c60f20b1fb4a22e8292ddae511c08c7b00c54bdc3684a357879d3bbbed6235684b3a025 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 13fc041ef1f13e02942b55454decdbb2 |
| SHA1 | 8cce0c7d98e3ed130b55cacafc0b71a79b0d5340 |
| SHA256 | b43ec1909e5e7ce6e3ac9d294297f9d92bf193211952b1feeb565894f769a2e4 |
| SHA512 | fde652bbe82ca573b20b1c21341875d8ab69a6359e3f647326f8c865acb598dab7e144331a116d50bf66aa77e60ac1017b45ee56ea43e0f2783bb695daed1609 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4dc14668ed9bc6c0700997091c438b79 |
| SHA1 | 9e534cad33d2ca34213b0fafc0760b1d40fbf365 |
| SHA256 | 3df2c8f38ab0f530ca76e8a4e87ff97d50a4eb58fcf2c299f3030e140bc0d449 |
| SHA512 | 079d457b55d75d0a5c5603113b42310e7fcdc925dff6c1a6b4c62922346eb9e3bd2576b3af607ca1367f109a15d45a2fda3e7f0debf4caaa5143dcdcaca9024e |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 13:02
Reported
2024-06-03 13:04
Platform
win10v2004-20240426-en
Max time kernel
145s
Max time network
139s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91e16dcd6553144d91e5fceced880e8c_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd9d0c46f8,0x7ffd9d0c4708,0x7ffd9d0c4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,4906561238430562338,2394374346027821840,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2188,4906561238430562338,2394374346027821840,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2188,4906561238430562338,2394374346027821840,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,4906561238430562338,2394374346027821840,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,4906561238430562338,2394374346027821840,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,4906561238430562338,2394374346027821840,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5488 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,4906561238430562338,2394374346027821840,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5488 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,4906561238430562338,2394374346027821840,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,4906561238430562338,2394374346027821840,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,4906561238430562338,2394374346027821840,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,4906561238430562338,2394374346027821840,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,4906561238430562338,2394374346027821840,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1808 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | oceanofgames.com | udp |
| US | 172.67.213.70:80 | oceanofgames.com | tcp |
| US | 172.67.213.70:80 | oceanofgames.com | tcp |
| US | 172.67.213.70:80 | oceanofgames.com | tcp |
| US | 172.67.213.70:80 | oceanofgames.com | tcp |
| US | 172.67.213.70:80 | oceanofgames.com | tcp |
| US | 172.67.213.70:445 | oceanofgames.com | tcp |
| US | 172.67.213.70:443 | oceanofgames.com | tcp |
| US | 172.67.213.70:443 | oceanofgames.com | tcp |
| US | 172.67.213.70:443 | oceanofgames.com | tcp |
| US | 172.67.213.70:443 | oceanofgames.com | tcp |
| US | 172.67.213.70:443 | oceanofgames.com | tcp |
| US | 8.8.8.8:53 | media.oceanofgames.com | udp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.213.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | oceanofgames.disqus.com | udp |
| US | 199.232.192.134:443 | oceanofgames.disqus.com | tcp |
| US | 104.21.93.174:445 | media.oceanofgames.com | tcp |
| US | 8.8.8.8:53 | c.disquscdn.com | udp |
| US | 8.8.8.8:53 | disqus.com | udp |
| US | 151.101.192.134:443 | disqus.com | tcp |
| GB | 18.165.160.19:443 | c.disquscdn.com | tcp |
| US | 8.8.8.8:53 | 134.192.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.192.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.160.165.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.81.224.13.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b2a1398f937474c51a48b347387ee36a |
| SHA1 | 922a8567f09e68a04233e84e5919043034635949 |
| SHA256 | 2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6 |
| SHA512 | 4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c |
\??\pipe\LOCAL\crashpad_2144_XWLXXTLKONDNXMUF
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 1ac52e2503cc26baee4322f02f5b8d9c |
| SHA1 | 38e0cee911f5f2a24888a64780ffdf6fa72207c8 |
| SHA256 | f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4 |
| SHA512 | 7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 495f4358d7db2df059576e01e115a61c |
| SHA1 | 857c36bc54c77532f5c0f77f818ffc3840a18fd9 |
| SHA256 | 9e53b878b5c21f2803f0889163d01e727ac893c74557638dcf5dbfdb40654ae7 |
| SHA512 | 36483ed620a211b7888eb2ed3a00069972e25a5ffbd89abf4e1274ea8e2c35992d78eb7d5e8af264d8d45e4f81655d5317d534ff3e7285342dea1db034d99089 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f5890d007a6cf543fcab5d2822738de8 |
| SHA1 | 7bae0609c35d493725f071afd2d8bf9224149e66 |
| SHA256 | 5628f8d1915ba255089f3b84f572285caf643d2c86b751ae04611a1ad2f65921 |
| SHA512 | 56d91f239d27d3f914189fd28cbf28c3fc068905c20291d560425c8a0671aa1362d1718f3c00ffa6b008572023cc6dc1bf2039d01af2eaea880c3f83852c1704 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1ec4137123c53643103f9c176aba1edc |
| SHA1 | a155a14629f3b0573ea84f4f8d38f0ee22714279 |
| SHA256 | 8c7f435fe7760cb4eb47c45cb483312e8162268d0430e0a986a608dc6f5b7c1b |
| SHA512 | f1022070beb96cf9c03d06f0d4cd31224d8fda0bf00177adbe6396890ad266a9e7941f581df02f946032dcc1557bc57ed376eb8c817e2b65c5ee97882d39fb79 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ad76.TMP
| MD5 | 7dae28ba2110a24451cd319f7243d0cd |
| SHA1 | 38348291317c245725313419970613573eba9153 |
| SHA256 | 4aed52774885459a45822735de604dcdd51a9021148b8971031c5fc0fb132077 |
| SHA512 | daed36803ec84300eadc04d7579dbc978922d1b9e3299b72fbe601378242319baac0cb1d5480d53b07e80a40d1463dfa6e3a0bf1f93be8c82c7f352ed6b3393d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 095cc15b27c778d5cc2a80c88ff02bfa |
| SHA1 | c4f9a4276a8c49979e7253f6e523fcd5388bbd8a |
| SHA256 | 0a48cce300440f017f98324f0bcf5221bf9734b783c33573cb048dd2f32fb761 |
| SHA512 | 142bddecbd86c2f695151b3653ff2bd2e53ddfeb43665eef40a5a6290975d187704a018db03244b94931b82b5a6f346ed18297d0777be05e0ea126bda2e57bff |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5bf0636f08a9914756e5e339057e2da6 |
| SHA1 | 26f88409cfc422c2a12784c4ce3a992badf76372 |
| SHA256 | fda5c59b1b28b452659a20c52b1aac4f8a918f41c3ea64a654c908ee16ed2696 |
| SHA512 | 7419148a1a8227ebde2200bd1dea13dced8521c2e77bda72f36c8254be7942ff006514866852cbe889a678728db7003f309c56f0326e00b8cf48eefbe2832282 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | cb1e4540c6a1914428adc546a85ab822 |
| SHA1 | d2fa243765e46e1b6aedaefd35b23b1ee2f98d4d |
| SHA256 | 2a976325302c19af4a83126cc9ea4167efef72241d6aef3a89228219d056884c |
| SHA512 | 2c74e644ee784748b8321a5ee52ec7dcc151f6a49b5a333becf6f28c5c1567c062777e8f9f698015de82764fb4e5d7a9e87391dd34f8906207aa3f7a5a92b0d0 |