Analysis Overview
SHA256
6efce324f30675d6266bd8b854e5bf258e61c2337dba010d4c95573db7440055
Threat Level: No (potentially) malicious behavior was detected
The file 91d29814849b3b5249cb801fba2a14ef_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 12:41
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 12:41
Reported
2024-06-03 12:44
Platform
win7-20231129-en
Max time kernel
148s
Max time network
149s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423580367" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9F4EDC41-21A6-11EF-8857-46361BFF2467} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2896 wrote to memory of 2824 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2896 wrote to memory of 2824 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2896 wrote to memory of 2824 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2896 wrote to memory of 2824 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91d29814849b3b5249cb801fba2a14ef_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2896 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | www.advpoints.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | ads.clicksor.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | www.mynewcounter.com | udp |
| US | 8.8.8.8:53 | www.feedage.com | udp |
| US | 8.8.8.8:53 | www.zimbio.com | udp |
| US | 8.8.8.8:53 | i155.photobucket.com | udp |
| US | 8.8.8.8:53 | www.feedage.net | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | raezen.fileave.com | udp |
| US | 8.8.8.8:53 | widgets.amung.us | udp |
| US | 64.34.199.37:80 | www.feedage.net | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.10:80 | ajax.googleapis.com | tcp |
| US | 64.34.199.37:80 | www.feedage.net | tcp |
| US | 64.34.199.37:80 | www.feedage.net | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| US | 64.34.199.37:80 | www.feedage.net | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| US | 64.34.199.37:80 | www.feedage.net | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| GB | 142.250.178.10:80 | ajax.googleapis.com | tcp |
| US | 64.34.199.37:80 | www.feedage.net | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 3.162.20.109:80 | i155.photobucket.com | tcp |
| GB | 3.162.20.109:80 | i155.photobucket.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| US | 52.6.88.216:80 | www.feedage.com | tcp |
| US | 52.6.88.216:80 | www.feedage.com | tcp |
| US | 13.248.169.48:80 | raezen.fileave.com | tcp |
| US | 13.248.169.48:80 | raezen.fileave.com | tcp |
| US | 172.67.173.119:80 | www.mynewcounter.com | tcp |
| US | 172.67.173.119:80 | www.mynewcounter.com | tcp |
| DE | 91.195.240.68:80 | www.advpoints.com | tcp |
| DE | 91.195.240.68:80 | www.advpoints.com | tcp |
| US | 172.67.8.141:80 | widgets.amung.us | tcp |
| US | 172.67.8.141:80 | widgets.amung.us | tcp |
| GB | 3.162.20.109:443 | i155.photobucket.com | tcp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| US | 64.34.199.37:80 | www.feedage.net | tcp |
| US | 64.34.199.37:80 | www.feedage.net | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 64.34.199.37:80 | www.feedage.net | tcp |
| US | 64.34.199.37:80 | www.feedage.net | tcp |
| US | 64.34.199.37:80 | www.feedage.net | tcp |
| US | 64.34.199.37:80 | www.feedage.net | tcp |
| US | 8.8.8.8:53 | www.777seo.com | udp |
| US | 103.224.182.251:80 | www.777seo.com | tcp |
| US | 103.224.182.251:80 | www.777seo.com | tcp |
| US | 8.8.8.8:53 | www.zimbio.com | udp |
| US | 52.6.88.216:80 | www.feedage.com | tcp |
| US | 64.34.199.37:80 | www.feedage.net | tcp |
| US | 64.34.199.37:80 | www.feedage.net | tcp |
| US | 64.34.199.37:80 | www.feedage.net | tcp |
| US | 52.6.88.216:80 | www.feedage.com | tcp |
| US | 64.34.199.37:80 | www.feedage.net | tcp |
| US | 64.34.199.37:80 | www.feedage.net | tcp |
| US | 64.34.199.37:80 | www.feedage.net | tcp |
| US | 64.34.199.37:80 | www.feedage.net | tcp |
| US | 64.34.199.37:80 | www.feedage.net | tcp |
| US | 64.34.199.37:80 | www.feedage.net | tcp |
| US | 64.34.199.37:80 | www.feedage.net | tcp |
| US | 64.34.199.37:80 | www.feedage.net | tcp |
| US | 64.34.199.37:80 | www.feedage.net | tcp |
| US | 64.34.199.37:80 | www.feedage.net | tcp |
| US | 64.34.199.37:80 | www.feedage.net | tcp |
| US | 64.34.199.37:80 | www.feedage.net | tcp |
| US | 64.34.199.37:80 | www.feedage.net | tcp |
| US | 64.34.199.37:80 | www.feedage.net | tcp |
| US | 64.34.199.37:80 | www.feedage.net | tcp |
| US | 64.34.199.37:80 | www.feedage.net | tcp |
| US | 64.34.199.37:80 | www.feedage.net | tcp |
| US | 64.34.199.37:80 | www.feedage.net | tcp |
| US | 64.34.199.37:80 | www.feedage.net | tcp |
| US | 64.34.199.37:80 | www.feedage.net | tcp |
| US | 64.34.199.37:80 | www.feedage.net | tcp |
| US | 64.34.199.37:80 | www.feedage.net | tcp |
| US | 64.34.199.37:80 | www.feedage.net | tcp |
| US | 64.34.199.37:80 | www.feedage.net | tcp |
| US | 64.34.199.37:80 | www.feedage.net | tcp |
| US | 64.34.199.37:80 | www.feedage.net | tcp |
| US | 64.34.199.37:80 | www.feedage.net | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 64.34.199.37:80 | www.feedage.net | tcp |
| US | 64.34.199.37:80 | www.feedage.net | tcp |
| US | 64.34.199.37:80 | www.feedage.net | tcp |
| US | 64.34.199.37:80 | www.feedage.net | tcp |
| US | 64.34.199.37:80 | www.feedage.net | tcp |
| US | 64.34.199.37:80 | www.feedage.net | tcp |
| US | 64.34.199.37:80 | www.feedage.net | tcp |
| US | 64.34.199.37:80 | www.feedage.net | tcp |
| US | 64.34.199.37:80 | www.feedage.net | tcp |
| US | 64.34.199.37:80 | www.feedage.net | tcp |
| US | 64.34.199.37:80 | www.feedage.net | tcp |
| US | 64.34.199.37:80 | www.feedage.net | tcp |
| US | 64.34.199.37:80 | www.feedage.net | tcp |
| US | 64.34.199.37:80 | www.feedage.net | tcp |
| US | 64.34.199.37:80 | www.feedage.net | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4A9377E7E528F7E56B69A81C500ABC24
| MD5 | 3e455215095192e1b75d379fb187298a |
| SHA1 | b1bc968bd4f49d622aa89a81f2150152a41d829c |
| SHA256 | ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99 |
| SHA512 | 54ba004d5435e8b10531431c392ed99776120d363808137de7eb59030463f863cadd02bdf918f596b6d20964b31725c2363cd7601799caa9360a1c36fe819fbd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6d299dc69194c288cd788d37831e6c88 |
| SHA1 | 37e5f7b8a636025673341456e5302a7579e46ee9 |
| SHA256 | 67537393132254b73105bc94492261a636c02d544c8428eaa1db987b43b406a9 |
| SHA512 | 582c02f5bbda1cf9b344de361224eed9111ae1c6afb2e0b5ad31dbe5f4451975d73233fadac4a5596d31967f8d424ee339b69133e7d6173a57478adfde68b06d |
C:\Users\Admin\AppData\Local\Temp\TarDF8.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | d1ac776f1abd209e6aeefd6cad857d8b |
| SHA1 | 971de5213e4d20a33f225f883f015a3e245ab1e4 |
| SHA256 | e608afe9a6bc58545f3a2981b356b1c8ae5a1a4f1559d2b0c9d020daae112136 |
| SHA512 | 557abe22edb77ea0aaee0e5df0857f8415eb68e97d27751be7e09751a810d692ccc47b00faf91cc83de1da20c1b3d09df9264d854866513be7a0f883cc27484f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | d0eccf0e9ec26cdaafd0a661bdc1ac8d |
| SHA1 | 58d23a4504cfcb461f2bafed4629e0d1d2c0a035 |
| SHA256 | 096b5b4d0fbcbbd1b5053863e6d5ecb241749b174459dec9e5fbcd43b6e0b238 |
| SHA512 | c5e9c0ca38aff08676f909b7e4573a0ed7c951c4120a3ee0fd9ded919615f865dc74c986f3804a45be0aed9953868c384b598dfaec7b30dc4880d3d39889de2c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 13ed5e0369cedc64c8437eb9a493a981 |
| SHA1 | 880053c91809fef7b2a3d688143f554d5a05c0bd |
| SHA256 | 3560614f2f62c19498d2ad6c3b9fa8f232883167479de05e924a5a3ab19a8454 |
| SHA512 | 18b3c940a3b722b58c476af4141ab987ed9f7557c1e52f3f20548b2c209abd67c943761d22e20ed59c36d69f8cd911285aff7efdf2d20f51c35cad62932aefa0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 7d900e751e31ff19c5563ff661b9cfd3 |
| SHA1 | f56ed406424c308df102780733fe0a6fa4985af5 |
| SHA256 | 01db741086c75205a49e370a242f853fdfad06178980eeb3cc701c72a73b03ef |
| SHA512 | 42117f0d95b866ad3c4a172f9274432f848704fff5ef4cafa18571ba770a4aa05b70e2e00d254088e59c24c60f7bb988bed3008070ba472da630541b578e51ce |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | 902c32b206626c82d0374bd649720886 |
| SHA1 | 31de7ef46f8582d7ef05dc0359dada044b67d0de |
| SHA256 | 14b374c14793b56c905cda4100cfef7834ae90c79898cbe42fb3db95532f9d2c |
| SHA512 | 7db867102a88fc5ed56781d866d4ade0b03fc57122dc199ae46af8886c35f218dd085285cf3bac987f852e3bd2c2a566c234d488808c8367c9604c52c0e11ff8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | ac89a852c2aaa3d389b2d2dd312ad367 |
| SHA1 | 8f421dd6493c61dbda6b839e2debb7b50a20c930 |
| SHA256 | 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45 |
| SHA512 | c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3c7c67a7fbedcd28da8e88726004cc94 |
| SHA1 | 66c0382bb818d794989c95c485054e973df9dc55 |
| SHA256 | f8f9a8abb11468da1406fe438b9410e686bab04e8592f8ed4821639bd21291dc |
| SHA512 | 4354ec5a07de627f8cdda615a5b26002361f91bcf40af1cd0a563eacbf99731e9ea61bed74b4772230a305343cd73e0d5c750fb7691779e769ce47b38fdb9286 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_827A2BD464611B5891D523F77B43FEB1
| MD5 | 41b9b2982d7d661f164f84fbbdb7b17a |
| SHA1 | 09ece737864e2aa194f49193c9cd35b1bd49ec51 |
| SHA256 | 35abd7b145accf17f2960961ed1dcf6a57910b3f3cd4e36dbc746faf5d35726b |
| SHA512 | 26812efff27fbae7780ba28d6d08785990355b7d204efe6681a74659ef8e002ca3e238aa6e6e41ce4790a88302c7aef4e81150130b7154203b7590c2fe03b059 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ca5841f2fe3d16cc3e46e40fc14b6de9 |
| SHA1 | 864eb1ec6fa2c6268e535982fef86af03c19f0cc |
| SHA256 | 2cc9a919442fce1b4982b4790074f790b917420cc6d34b80dfdb029f68341a72 |
| SHA512 | 03ee4654b5e4017b73707aadc088ca752202c5b932bbc5c016994e2663240178262ef5213f761bdd7ca8504139493a86b1a79b44db7c05636b51d59950dea033 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_827A2BD464611B5891D523F77B43FEB1
| MD5 | 3cbd995f8bc61a3669d6dccec2391d8a |
| SHA1 | 39e5903bb99f1d045f6b0c2429b43ea8e2d551da |
| SHA256 | d302d7266945490d5d06e91e1c2557830688004c572f39343357dfd57ada50e5 |
| SHA512 | 6335e0e9db04d46564a47818a02c3ed714ee705dbc70ecadf252f2813ef62ed14bf739ea545d69e3214d21600a2d9257013545ab3bd7eeba17fe1fb07b2a22ba |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
| MD5 | bf54565e6fe43dc8c984d71414e38da6 |
| SHA1 | 8da44807fd62dc0f4c931a7e419b4932b3230a41 |
| SHA256 | 3a703cf6187895dfce88ae094db6e3bb823597cd1785cac2f84298b3ce347865 |
| SHA512 | 89658d82fb7ec148efdfe6ac332ff765398b34704a952af23969628818913d1f1e5e8e7fc38ee5968ee9f083597947403f57c266a1bc8db47aa6e2cc5cb80cf7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
| MD5 | 55540a230bdab55187a841cfe1aa1545 |
| SHA1 | 363e4734f757bdeb89868efe94907774a327695e |
| SHA256 | d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb |
| SHA512 | c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UCUGVL10\platform_gapi.iframes.style.common[1].js
| MD5 | 682c26af19b240f98d2cb951721fa54d |
| SHA1 | 18e58b652c7f82a55ab4b1910693686049e25d62 |
| SHA256 | 96428f0f585a874c185d560538ad83ebfad0365d760fcf9fcefe80add9e3c980 |
| SHA512 | 078aeef086271b7f9cf0f6e3a1e7908d7e38465a1a7a4de6f2a785147e9130551a2995e80600824da9341d58e5425d4505518e90eea9ffe1c64f4f41825a9660 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RASQO8RW\cb=gapi[1].js
| MD5 | f9255a0dec7524a9a3e867a9f878a68b |
| SHA1 | 813943e6af4a8592f48aeb0d2ab88ead8d3b8c8b |
| SHA256 | d9acfd91940f52506ac7caeffea927d5d1ce0b483471fa771a3d4d78d59fda0d |
| SHA512 | d013be6bfc6bcf6da8e08ed6ff4963f6c60389baa3a33d15db97d081d3239635f48111db65e580937eb1ea9dc3b7fc6b4aecb012daeee3bf99cfebf84748177e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 50375a4db6b3764e66783701c99c3d70 |
| SHA1 | f304ddfa6bc38dd07cfd016dd57c262f0840cf35 |
| SHA256 | ebbce44e66bf8963f7ec9d8632ffe025af1c2edf20d68715a9a8d00d68cd7241 |
| SHA512 | f4924a1c8c1b181fc0ec54fbfde11e4cdadb3978a1d6bf4bb08506d92507e46ff15ffe6a3ff675f4c343bff094bfa54db6cb58d06e21fb76f628af1b06408d22 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 198e5c15e73ed62e00572bd8d22753e1 |
| SHA1 | a7b21cab172d6fdeccc8bfa9eeb0bb519a90ff16 |
| SHA256 | 1d63ff7422b05305d24b240de5e1ac1f8e543929b7b5dc07f5fa2f1a6c17a4d8 |
| SHA512 | f759957744879d74611a5366ca7220c38d6b6e52c586d46b00ad77dbcfbe959ed5d4ff188991062e9a1db61274637ee8705cba99960ab23eaf2064e84a0e99a9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1fd32a5b3bd7f55386e2734d7c611ded |
| SHA1 | dda9ba88a88dd430d022888124ed98b10b143bc7 |
| SHA256 | ab04857fe0077c84b91d0981ae8f1303ebd59fc46284f2c38241a7ac8f2fd026 |
| SHA512 | 1258f20b939709bf5062090743f2842b9eb739b7f097eefe0d160e2543c665bc828fc36ab9f2aa60a865405a525ba4fc229e996beaa605c321b16772747be0e7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 3e4d62e6efb1aee77069b018a6dc09be |
| SHA1 | 83916032ed22baecaa1b4d2e3f2a6afd15c17499 |
| SHA256 | 9fcc0dd8a62400f89e90d1cfc379f153dedd8af16ed69e07ba01b4209dabe66f |
| SHA512 | ac187dd02be10387092d95a9574ae92597dcc94ac5ed977740aa3e1be5342cf781a240fb1ba95b993a91d8cdb8b5f256c21d0d6b6866a7c33a4a4efa0e7589cb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0cd1da7f356f68857eeb2879238906fb |
| SHA1 | 7b0d0788109e906b4b012a91368542c168c09f63 |
| SHA256 | 79d6907dc5e39512c9560dddb9b73c925eb7c5791d558eee6a55ff5119056181 |
| SHA512 | 6c023784bbc760359b12fb3887ae9304b6b31677b8f4ef70c7559f2fe036d35cd65054f88da9659afdfe4c3a22f7136ab15df60f7ee6cb9dbad9f458a660bca6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4a9c8451c755830627d1d0026ae2146a |
| SHA1 | c13ee60491886b4f3243cda67ace26aef7848144 |
| SHA256 | a398787c9bb20e1b10efb11a8c19d7a23ca4cc8176b2482db5890d12d66fbba6 |
| SHA512 | f5d44267a36152a625b8eeb17649f45b98d1ac0ae15b9594bb12f3f73511b5f0365ff2283d78b6aefa6f2ca2ff83b796228c635d90d6325c333fe840a7eb7d44 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7c853f8cfb2b0013261e82e3a0c5f810 |
| SHA1 | 72a1001958d78fc8eddc4f68a48e68c8056d5a92 |
| SHA256 | 72fbafdb5d1272af31ea6e8bef419473b5d7ec75925d338c2bbe9d0fd866b3ad |
| SHA512 | 0617daff2ca225097c5f9d54184b9e8f1f45329ee375f7a24847a8b8b9a828092a16e9b01fbb9aca7270b33f5db382e7688f4198a9db17b7212f9df422c9cecb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ea1c13e89b6a1fa2654a20bbdc0e558a |
| SHA1 | 3e9c7ad2f5ad17d12cb5eb188f1139e435e053c5 |
| SHA256 | 89068c78ab8bb17897d1c2a370f60175272715893a5b68918fca8a7091d6f896 |
| SHA512 | 821b9636bf8e33e993b558d640bdbe06f611e584c9b31be840965442a8680838bca38c23259ee42a2260ff46956e85a16c1195cae1d0e2669ff745452371daa9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e2a2ed77bf0eb1b8297e4d4832f32dc5 |
| SHA1 | bcf352c9e7001066f3d28bff4607a2d0df8bad08 |
| SHA256 | 8ededfb9e1d4e73f6743fdfc1319ceef2b65d887a11a4b3ef6209689801f7744 |
| SHA512 | 31f5151860d1e68ab927926170214c69c4e9b474adc1a5be2c4e825018cadd5a0ca91bf6c75e8e917aada508c73b91c0dc8a4fc52e9fb0735946e776f4e928a4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8473851876819acd72b4aaa9f79a9880 |
| SHA1 | d9bcdcecaa331ef8113bb02f370d3df3deee0945 |
| SHA256 | bbb298b130fc73be2d06c0b5b36b73898886a6b6690bcee378512f2e6d6ed0cb |
| SHA512 | ea7c2a7326fdc61ccbd6c50bb42d9ad72927a5237f00b368b64a56ef54870f14b600f673eb56da916495691063830b60415fadbfc7d07ba9f519a348640dc0ba |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 478df48b58d71ff827ced416d39e6aa3 |
| SHA1 | 4794d8d572220722b63aff9a0de5ed397a25a2ce |
| SHA256 | 36605aebce423e29d1d5f8fc1b6d8046b05ebb5edcc76f230a21b5c4ef1a451d |
| SHA512 | 22d70977251b173747c4d15e218d0a0e0408aba9906ff95ced278c35310b70148b0100486bfadbc58b1fe7491f09bb74909633941a7c9252c602cb145fdebf99 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 12:41
Reported
2024-06-03 12:44
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
139s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91d29814849b3b5249cb801fba2a14ef_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff5a4f46f8,0x7fff5a4f4708,0x7fff5a4f4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,3658419543434829476,11300508940727284815,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,3658419543434829476,11300508940727284815,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,3658419543434829476,11300508940727284815,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2560 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3658419543434829476,11300508940727284815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3658419543434829476,11300508940727284815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3658419543434829476,11300508940727284815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3658419543434829476,11300508940727284815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,3658419543434829476,11300508940727284815,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3032 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,3658419543434829476,11300508940727284815,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3032 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3658419543434829476,11300508940727284815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3658419543434829476,11300508940727284815,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3658419543434829476,11300508940727284815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4128 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3658419543434829476,11300508940727284815,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,3658419543434829476,11300508940727284815,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5904 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | www.advpoints.com | udp |
| US | 8.8.8.8:53 | ads.clicksor.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| DE | 91.195.240.68:80 | www.advpoints.com | tcp |
| DE | 91.195.240.68:80 | www.advpoints.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | udp |
| US | 8.8.8.8:53 | www.777seo.com | udp |
| GB | 142.250.178.9:443 | resources.blogblog.com | udp |
| GB | 142.250.178.2:445 | pagead2.googlesyndication.com | tcp |
| US | 103.224.182.251:80 | www.777seo.com | tcp |
| US | 103.224.182.251:80 | www.777seo.com | tcp |
| US | 8.8.8.8:53 | www.mynewcounter.com | udp |
| US | 172.67.173.119:80 | www.mynewcounter.com | tcp |
| US | 8.8.8.8:53 | www.zimbio.com | udp |
| US | 8.8.8.8:53 | i155.photobucket.com | udp |
| US | 8.8.8.8:53 | www.feedage.com | udp |
| US | 8.8.8.8:53 | www.feedage.net | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.240.195.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 251.182.224.103.in-addr.arpa | udp |
| GB | 142.250.178.10:80 | ajax.googleapis.com | tcp |
| GB | 3.162.20.24:80 | i155.photobucket.com | tcp |
| US | 8.8.8.8:53 | raezen.fileave.com | udp |
| US | 52.6.88.216:80 | www.feedage.com | tcp |
| US | 52.6.88.216:80 | www.feedage.com | tcp |
| US | 64.34.199.37:80 | www.feedage.net | tcp |
| US | 8.8.8.8:53 | widgets.amung.us | udp |
| US | 13.248.169.48:80 | raezen.fileave.com | tcp |
| GB | 3.162.20.24:443 | i155.photobucket.com | tcp |
| US | 104.22.75.171:80 | widgets.amung.us | tcp |
| US | 64.34.199.37:80 | www.feedage.net | tcp |
| US | 64.34.199.37:80 | www.feedage.net | tcp |
| US | 52.6.88.216:80 | www.feedage.com | tcp |
| US | 64.34.199.37:80 | www.feedage.net | tcp |
| US | 64.34.199.37:80 | www.feedage.net | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| US | 103.224.182.251:80 | www.777seo.com | tcp |
| US | 64.34.199.37:80 | www.feedage.net | tcp |
| US | 103.224.182.251:80 | www.777seo.com | tcp |
| US | 8.8.8.8:53 | t.dtscout.com | udp |
| DE | 141.101.120.10:443 | t.dtscout.com | tcp |
| GB | 142.250.179.226:139 | pagead2.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | 119.173.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.20.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.75.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.169.248.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.81.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.120.101.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ww38.777seo.com | udp |
| US | 75.2.11.242:80 | ww38.777seo.com | tcp |
| US | 8.8.8.8:53 | c.parkingcrew.net | udp |
| DE | 185.53.178.30:80 | c.parkingcrew.net | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | www.above.com | udp |
| US | 8.8.8.8:53 | d38psrni17bvxu.cloudfront.net | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 18.165.158.46:80 | d38psrni17bvxu.cloudfront.net | tcp |
| US | 8.8.8.8:53 | www.adsensecustomsearchads.com | udp |
| GB | 142.250.187.238:443 | www.adsensecustomsearchads.com | tcp |
| NL | 23.62.61.160:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 242.11.2.75.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.178.53.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.158.165.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 160.61.62.23.in-addr.arpa | udp |
| NL | 23.62.61.160:443 | www.bing.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 64.34.199.37:80 | www.feedage.net | tcp |
| US | 64.34.199.37:80 | www.feedage.net | tcp |
| US | 64.34.199.37:80 | www.feedage.net | tcp |
| US | 64.34.199.37:80 | www.feedage.net | tcp |
| US | 64.34.199.37:80 | www.feedage.net | tcp |
| US | 64.34.199.37:80 | www.feedage.net | tcp |
| US | 8.8.8.8:53 | whos.amung.us | udp |
| US | 104.22.74.171:445 | whos.amung.us | tcp |
| US | 104.22.75.171:445 | whos.amung.us | tcp |
| US | 172.67.8.141:445 | whos.amung.us | tcp |
| US | 8.8.8.8:53 | whos.amung.us | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 64.34.199.37:80 | www.feedage.net | tcp |
| US | 64.34.199.37:80 | www.feedage.net | tcp |
| US | 64.34.199.37:80 | www.feedage.net | tcp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | paintingartgraffiti.blogspot.com | udp |
| GB | 142.250.178.9:443 | www.blogger.com | udp |
| GB | 142.250.200.1:80 | paintingartgraffiti.blogspot.com | tcp |
| US | 8.8.8.8:53 | 1.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | eaa3db555ab5bc0cb364826204aad3f0 |
| SHA1 | a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca |
| SHA256 | ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b |
| SHA512 | e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4 |
\??\pipe\LOCAL\crashpad_760_HDOZNYFOGIBAXENQ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4b4f91fa1b362ba5341ecb2836438dea |
| SHA1 | 9561f5aabed742404d455da735259a2c6781fa07 |
| SHA256 | d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c |
| SHA512 | fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 82d77cda94daf1615b63ff3c496407c1 |
| SHA1 | 145432a9d0328a7ceaea052ebca8972d2996bd79 |
| SHA256 | 35f3b80ad2ea5c6788081b564274d6e4c12529a913bec61e7b1ea77b7dac1d6e |
| SHA512 | 5a8f4edd07eb0e0adb8d35b8e629af70290ebc6c3fa13180711492d06e8c23dbfc8b58d84af9c97457b2f101edfaecd9aa7e2e29cd7ebd790a78bb3adc2e3cd7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | e958ec4bb22ca9b70b2f9a8e15486a62 |
| SHA1 | c577b24c99b8cc8f72e859905388488b90957696 |
| SHA256 | 72162bf2965dbdc36cbdbb43fe63fc3ed266d9bef80accd0d4858bf57180a1cc |
| SHA512 | 403e72796296d1738ee5002ef0b4339d1bc89fa74bdac3b4971d31e6d47260d3a09988a7d864f218961b091fda6c9b3ec94edcd7b6b0dd97e0d97b29c4a59027 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\9390edb6-30ad-41d5-ad8f-d33a05a7ce47.tmp
| MD5 | 94fb430ee22834b52bf264766d56ee42 |
| SHA1 | a747acb4ea777de776e802f818e2cd4bfb90811b |
| SHA256 | d4ec655e3d1bea13e0bda97db1e38b24167dbc24f94edec94ee49107d5cd0f3c |
| SHA512 | 1eda30a9c14b601f83b7e0950c3a80f280a3097da2cb736897240a1e24390fcc295021444c2b9603ddda0e7c38c87acd4f9b68b4962854442116d835af6b7b26 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 8af3882e17b1f6beb72fae429aac83e7 |
| SHA1 | ee5b74cf178e60ec40a07aa0022e2d2a65fb6502 |
| SHA256 | db278ec8e9354871d31060e902b5578be793b6575164a1cbf82d77c257ccf95a |
| SHA512 | e90678f5fd82c84d7d0eb82c8c4077d60c4264b30b44080941360d93e15949ab300db49fb804198c7cd3605d4c655995c6d559403c86539597db73c57faf900b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9b8e89b0eb11e8f5e7dc3a0530c43298 |
| SHA1 | 45f7ab86c57ffb6c9ed32869d05aec6387a8fa1d |
| SHA256 | d55aad1fcca2a9725fb3d0ab362fa2698e032bb050aecb933c04ba2cef7c761b |
| SHA512 | 927122f4e370a49924feb6d2808a079074c977f13a2bcf881e52e1a1c9f74af9a32a17d980965686a6b6a209ad86be5f40a3d88039173c2c3339882fc523273c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | af7eb63c71072f1baceb871cdbbbc390 |
| SHA1 | 934b05a0a3a411329faa6907e6d7f3c290c3d6c9 |
| SHA256 | bcda8c41ee404eac73eb8daad8187dfab92b26bfcc3587f138761175df6ac48d |
| SHA512 | 81d43a31645723c78ac5a6957d49f771a0130bfdc34d3049b1fa53513d7e44f80e5e32ad0b9cc903153192aca6cd0f331bd1f3ec520a71a18f5a0338e86c1bb2 |