Analysis Overview
SHA256
712f34a7e82027ed978929070b27c1e16fcff8f8c2ba1b452e060f536b03e796
Threat Level: No (potentially) malicious behavior was detected
The file 91d3c23873512c13eef89b509af45ee3_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 12:43
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 12:43
Reported
2024-06-03 12:46
Platform
win7-20240508-en
Max time kernel
145s
Max time network
146s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a2300000000020000000000106600000001000020000000d09d2d8427f09c80fa682e450fd7371535b53e22b05fd159212d6c0d2ca7ec1a000000000e8000000002000020000000a61fde2cd1a5b197c4a0560e26bb04bf07b1287ef65a44a8c6977fc2445a1f3d900000008a66f6962b86a11c18f80ad21e8be66fc7f5a6aac8f59c2cab61d860bbb0dcbbfc2efd96e71cf4419ca57c3d5ba8f4b64d6a45c9cb2127938437195dea4386b05bb090754053258a9b0094137f17625d4b9315bf7ee3c22522c5d1abac30ac81909df54eeae316cd55eceb503a7553755557ff5948c2e281e321cfdd67eb42dc510932adac25c377c697094bdeeb28b340000000237800e4c2ccf106812eea2cd8a08102cecf3946af717689eb2db022b58d43254bdc55d92e6555721c6f6fbb2bc3aa2ccbdb3503b5efc748f7d5c35ab6a466ec | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a230000000002000000000010660000000100002000000005f9164499e73884fa89dc81ec97103f407d4228f23f99ec0481af1f4a3a11c0000000000e800000000200002000000012c55dfb5a9092b502e7fd4665b5516ad2127e9f5d1782e6c24ee5ffb32e82ef200000009fe896f89e107a712fdfd10ac7e4608408942fe9fe73a0212a2cd2a58163bf0d4000000035bf3d8448d19e3a63baaa664319f62bb52be8d1f35bfc2227e995a18bebdb09da753ab5e87da2c8800ddde1119659e2681dd416750d2d378d3c8259b1a5c3d1 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{EEA37441-21A6-11EF-B02E-F637117826CF} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423580499" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 409143dcb3b5da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3016 wrote to memory of 2704 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3016 wrote to memory of 2704 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3016 wrote to memory of 2704 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3016 wrote to memory of 2704 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91d3c23873512c13eef89b509af45ee3_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3016 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | vnad.vgame.us | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | keyrom.googlecode.com | udp |
| GB | 142.250.178.9:443 | www.blogger.com | tcp |
| GB | 142.250.178.9:443 | www.blogger.com | tcp |
| US | 8.8.8.8:53 | nguyenhuytap.googlecode.com | udp |
| US | 8.8.8.8:53 | i1206.photobucket.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| VN | 123.30.235.49:8043 | vnad.vgame.us | tcp |
| VN | 123.30.235.49:8043 | vnad.vgame.us | tcp |
| GB | 142.250.200.14:80 | apis.google.com | tcp |
| GB | 142.250.200.14:80 | apis.google.com | tcp |
| GB | 3.162.20.23:80 | i1206.photobucket.com | tcp |
| GB | 3.162.20.23:80 | i1206.photobucket.com | tcp |
| NL | 142.250.102.82:443 | nguyenhuytap.googlecode.com | tcp |
| NL | 142.250.102.82:443 | nguyenhuytap.googlecode.com | tcp |
| GB | 142.250.180.1:443 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:443 | 3.bp.blogspot.com | tcp |
| NL | 142.250.102.82:443 | nguyenhuytap.googlecode.com | tcp |
| NL | 142.250.102.82:443 | nguyenhuytap.googlecode.com | tcp |
| GB | 142.250.180.1:443 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:443 | 3.bp.blogspot.com | tcp |
| GB | 3.162.20.23:443 | i1206.photobucket.com | tcp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.180.1:443 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:443 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | lh6.googleusercontent.com | udp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| GB | 172.217.16.225:443 | lh6.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh6.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | embed.tawk.to | udp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | widgets.amung.us | udp |
| US | 172.67.130.30:443 | embed.tawk.to | tcp |
| US | 172.67.130.30:443 | embed.tawk.to | tcp |
| US | 104.22.75.171:80 | widgets.amung.us | tcp |
| US | 104.22.75.171:80 | widgets.amung.us | tcp |
| VN | 123.30.235.49:8043 | vnad.vgame.us | tcp |
| US | 172.67.130.30:443 | embed.tawk.to | tcp |
| US | 172.67.130.30:443 | embed.tawk.to | tcp |
| US | 172.67.130.30:443 | embed.tawk.to | tcp |
| US | 172.67.130.30:443 | embed.tawk.to | tcp |
| US | 172.67.130.30:443 | embed.tawk.to | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 13ed5e0369cedc64c8437eb9a493a981 |
| SHA1 | 880053c91809fef7b2a3d688143f554d5a05c0bd |
| SHA256 | 3560614f2f62c19498d2ad6c3b9fa8f232883167479de05e924a5a3ab19a8454 |
| SHA512 | 18b3c940a3b722b58c476af4141ab987ed9f7557c1e52f3f20548b2c209abd67c943761d22e20ed59c36d69f8cd911285aff7efdf2d20f51c35cad62932aefa0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | df4232c3a2513d277b1d598c2f8e09fd |
| SHA1 | c4dbe8987d4adb08c1b2d6503af0ec677e1d1c68 |
| SHA256 | 9de9846b2aade07ef7ed85c0759372e546bc8b41e81af71cffec776bad035c92 |
| SHA512 | ef5f7de71d87282a0eb1b013b9d68df085ed45e64ba3abf8d675d6838d52658deaad6e3b911dac1db36faa44d60c4f7256c84f75c7fa830b18aa09c6330d0838 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | d301e5a5cc3fed8ff136801f4b3434c3 |
| SHA1 | 528f1b15dcfc5e9adfc76858b89bdcdff152ba53 |
| SHA256 | 458c56484a3c72761c989e4ce34e12deef150cabbb0b0c5af289911ad85cb775 |
| SHA512 | 4510e6b013dd2bbb45164d22ff483dc5beebfa9b2eb35b3c8f0d5397538c563723e5d994d0b91bb1458edbaaca2ee353dbebd32b1d07ce22c7871b8722ab7d7f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | 6aee20c7ececbb33854232141fe0b49a |
| SHA1 | 43d7c229b3488a400102e53e4289f9a1545720af |
| SHA256 | 1198a8693c61cf9e57d69b7f819b86f26fe4a6b1686e9c41a5b1626393e884cb |
| SHA512 | ae6adb772f010121b9fa8ec1cb012b51fd2fb5c967717cabce3a18c1542e8ab853bada415a428321512b29ab9dc614eea426e99ca2b931851454586005115c6a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | ac89a852c2aaa3d389b2d2dd312ad367 |
| SHA1 | 8f421dd6493c61dbda6b839e2debb7b50a20c930 |
| SHA256 | 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45 |
| SHA512 | c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36 |
C:\Users\Admin\AppData\Local\Temp\Cab142E.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar14B2.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7b77c9f4ec3a8539ab76967994dd306c |
| SHA1 | ba91e88a3f1be20900098766b504ec55918c3a9c |
| SHA256 | 615e6e8d88e209c9e8229f7aa51d324bd059af0bfcda4fceb399c8a0885b3fd3 |
| SHA512 | 306f83ddf3feb391e7b6051e11a85ad64fd882d1b54c6f417424c6b231feee73c1c2c90e071665c0a2e4941edb556f0cbb1e47d7996a056dab7c0441659b2ae9 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H09CVCL3\plusone[1].js
| MD5 | 53e032294d7b74dc7c3e47b03a045d1a |
| SHA1 | f462da8a8f40b78d570a665668ba8d1a834960c2 |
| SHA256 | 8076b082eadf0cab4a8823dbd7628a0b44f174c17b3221221c0e31e7c60307a2 |
| SHA512 | fe263fe86aea2ba1b86d86305650cdeee45cd1f7b4339f9d4fb81db776b78abedccd0ae77262f45d579751daa26f81385354b3d126fdb5577036e9dd1db33276 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 71b632af4bb38af9770ad7701949c0f1 |
| SHA1 | 345db04b726edca2e73129dfeb9cb11ea6a96562 |
| SHA256 | 85337871487faf7238b033fb0c16505f27422b4d26bb744f8fd96a18df470f25 |
| SHA512 | 5406717b6947678df47d8f96d78385471fd829de844895febf7a0f88a2613da4b332f4fd7fb98c45e3b07bc24ca48a6bc00e4f848997a27b5bc4a3daccfe2780 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b5c930cce0ddd5a5c7469139e8983987 |
| SHA1 | 528a06032b92dff2fde21f1fa395ae1d3ad846f8 |
| SHA256 | d87a19ac6b74c2e6be3d890088f141a15d05f7fbe210b4041ec251225d97d400 |
| SHA512 | 8d80b8b5bba4c34aad2fdda66120e41959c6761a8bf8e1515174766ca9a2cd77d91a57ecd4e4f7b3f5a0870a1a12068f62d4f886efb7bed22ce9674146bcc680 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 64cdc8ea83b5828090c003340e327346 |
| SHA1 | 3f1f1f67f29bdd19af5bc80c21b83a4ee2f7dd97 |
| SHA256 | ecbcc5856dd4a5229c9428fd25dc58480df5cd9eb2f5ed4cee63d4c8239adb3c |
| SHA512 | 414804d4264ec8332f77b970ab4af5f7c55c6c01c83538d67562531b6847d64e948f9081199783e437500c29128fc8d42b3153ecca49dd267a1dfe303d25086f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4fe26b07efc7d53b24a00dece1f1c772 |
| SHA1 | fc9cb780a17ec0e08d3d4357fd050df2dce772b2 |
| SHA256 | 602c7a2494b1a69ec6491fe1191675900795ebb17e3a37733973c65a48114647 |
| SHA512 | 3f5aed18a0852648751f77adddbdabe2a14b22f008e58cc1c81f4da88f0c9f322b4980dbc5e2388f39b7501b695f8106c1dbd746a7a7df55316f80514eae5f06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ad6fda50dadd454d7c1fca9ffce71fdd |
| SHA1 | 8f10f3ed3beb8cc40053e23c7fc9130846f9c745 |
| SHA256 | 4748d5ba78e384a897a3267c5bd2cf6e0969ff08b7c8c1f368fa7fb83f55990c |
| SHA512 | 903d7870badd8899b75b24bf400093dbfd5fee2616c7b74521df33e22b3012c55eec28c1e5fe0a23682f020f222c6cd76f2e9c2477bc48dec7d6e718b73aa69a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 025a71fee36e3a155344eff733a5c175 |
| SHA1 | 60fbf21bcfe91a166b4d8cc0061b5a76e7e1965f |
| SHA256 | 8c271f223a7a4f6ed60b66ac31780d9b83e4489af797a7d2cf7dfe17863bd745 |
| SHA512 | 4396b4b847d06cbfe9554948022179868100a069f11f9e8ac321cac2f93c0f9c73fc82a4e07a88c78535e441d2969f1386cb86914b50f1c24156b1b0a5575571 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bfabd949d4c7a3aabe101f67affada8b |
| SHA1 | ca66e341053d5092078380a2b01055a7826c8743 |
| SHA256 | cbee68ae631bd3f2226adb56ba38b3946650c0b4d4df02172576754fb093beaa |
| SHA512 | 99f4f1e249da6f13afb8b4c486c841a5be15d51a0a324941cda8141c1c2f93ccb9cb9a0a5a01603d8167200e3f3a222826174a72f16306cdea5ea45b308f3cc3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 441c782808d70b5a0a620560845d4336 |
| SHA1 | 40d92cc574d19054db68867466185ad500b599ab |
| SHA256 | 90eccfc1dff0bb9108e1327fb6764624eb24568ddfa5a13b1b9b966f99025b80 |
| SHA512 | cc46f87044af86b2aa67371d465bd468e89ed5fc2996e0e9ebc89ec8937404f6d357a5004e8bfcc30bc655c8c12c73d2b730aeba63a802c50482bcf63ed9bc56 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7a8f0b63dca0bcf986c8d03e4e8e3a55 |
| SHA1 | 734f9b9cf1b6a03cbc90b163b4e4fcf257e0d66b |
| SHA256 | 24444edf1f8c3a6d9ede8d23058b3e8486dccba04f168f8ca6419e09fc1fe9a4 |
| SHA512 | 8a07ae655312207281d69e03f9ff2b2910de4f7d058ca63ab8209c08c4c9b7fbf488d402e5f34ec6dbc7621788ddc1d34af31be9ed7b3fb3b44695f95fa20a2d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 86f36dc027266a20e798c7886dc75d54 |
| SHA1 | 4c4257ce99a40968c198d3d198d06acbaadc842c |
| SHA256 | bf23b0715fb09bf65786710e3a26011be03ecf5c6351d8ffcae38e9659742aad |
| SHA512 | 4d57e12447dd3ba33b5ec828cfadfee6e0849d524ff1d52f729aac0698eaad799e9b2415e88db6919b700d9b63a0bd1ef6824f0d1f551060b39be44be6929949 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d7db46c6bcbf8084d74a9cc429e569b1 |
| SHA1 | ddefe2187d12b821ed828c7217b9c288c9441749 |
| SHA256 | 8b84d3c4fd618fbe7500176239131b596ae9392adf7e4a17a2cee89284fb7c4f |
| SHA512 | 5ed7ab8bd3880fbe8307771a886ce8646561c4d90963f0b87bb153b3453527b61d893d755ad42997f3027363a6082f7e01af5397d161252395831106d166ac59 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 145bea3f5034a174cf86de4de2cbd4bb |
| SHA1 | f3a08635b4d26edbeb4e00af705a35391463e8c2 |
| SHA256 | 81aa24251e51130d880e7e6a5a3a5ea5028eb6c4198d6224707d6e7d617d35f4 |
| SHA512 | a0e028f22018b7a7785337aaab9ffa3d12ef9d1fb28d50e56b357eb630396baf0e25cdd9a387f3a61a5261cb4afc424e6972aa741125b9095be71011d2dfe0a5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 72f071a7e4c1f4dfb5e34ee4f581f908 |
| SHA1 | c597cbb0fe12afa2d60d0c54c5ced2c28015c525 |
| SHA256 | d0c78569effc15a1d4c2279d89e92f56335bb86901a601fcf9c2e5dd46675c79 |
| SHA512 | 2a3d31c1efd2fc05f8e19e9c1d72a98217e10cea4e615d7c7c57e82f65d03c4febdb92b89403821f131dab9020720c3467d306b1dbfe9b134a058c2998cc17a2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 350bf1b8cca935bdad03d2a4ea5f85fe |
| SHA1 | b410da3228ae8f08286e714295e8e0e53fdd5a8b |
| SHA256 | 50937ccd6dbfe1f9484a4e179d8c5611a6b98a0826bc2487615b4cf1bf613d9e |
| SHA512 | 7aa5f960e5c0b1a156e741da398d7c820c66bd9e7e201a5c51a3d43c76625d4deec7b9f1802110051ecbce3f189db34d89c2f7d4b4473c1507186c85ebedf6e5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0261888693ca507666cf12a5ed3c0f81 |
| SHA1 | 9a671cacbbd8f9d019e4fba625f5af9815af9541 |
| SHA256 | b54464b1c95a3c5e56e183e9b57fcad41685080135c9f5c044148a152011dac7 |
| SHA512 | fde1656df9a52e2fbba86e54b1bcf5568e656ddd6f74e35c2b98524b0f321ea4c7d5120bd0be346614ff0e57c2d03d22d1434f86da5a24b3e123945145cde354 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ab2e5a80d32e28e762904372a20a3630 |
| SHA1 | 9d979e67cb49e33bcdb9ce4e7029fee42f2cdf03 |
| SHA256 | 8ccf9105e3bc3ce6c012405f7e178d97fbca19c24670ac7678d8181b0a24d68e |
| SHA512 | 794d8c11e13ab9dd869d22ea70d1364f4da2a8301cb384493fbe46da1f8bbbccdc18e0f4c049fab14b2a94f3f238af997c337c3c2a3a4505e1f3b1a50bd42e95 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ba1c2b6629a22c1b39eb4f2dde7a144e |
| SHA1 | 4b008c01821b7fd8f97010db4bafa8971e122388 |
| SHA256 | 688ca6308479718ae229ac4d7239a6d52d12341afd6968a31114634389c44ba8 |
| SHA512 | 3475d9ede564e0514680cf5f3a90804dde1c6b46f4ba201b3e4761516b54867190907cc6b090d85478c7c2b11644f9a0e2b0cce38edf8afcc9cd1b36569679d0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d8f7a1d9a3c51367250984d3ad9d60be |
| SHA1 | 40cb599418f63a50d5cb889ab781b0621fe7562e |
| SHA256 | ed2fb0215938dc15270f54e3c71a8b9feed83fd19cf05066701b4aac4d7b0555 |
| SHA512 | 776943d88976269dbbe0cbb8cb8f99e1033a22c98a5929c6d3d51b68ca24e1223871034dcd8064fc1d9b5e247dd9e340d9936c9abe81995a73463c1aee5a3afa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c022e2a7771cedf81525942d45972466 |
| SHA1 | 36309e5fa150679b0bf598e7caa4a44d02ca811c |
| SHA256 | 25a21cc1a0c1b5e0fdcf3677e7b8998b1ab4b3d0a4046a5122456d694537b863 |
| SHA512 | 7f29447009367d8943c776148635efb5222017e132cb899a64cd45e25e97529d2fd76e57cfdf277a322dc4dacf773a0a3d1284f75000625ac66da127235e0f14 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0fbcfd0052dfe0cae6cd60740376c637 |
| SHA1 | 5bf7cee95a312467afaf7129d51d0f8aa371d00f |
| SHA256 | 0c1c788b55cdb47017573e4447ae725ed0a46a6b3dffab1beb265b422065ccd7 |
| SHA512 | 08730fd97a0a123c02c47a5e9d3dede6a3a6e79d315685df5df50a95128110f61ceac284da8f09517787fec177b7dbed4f8e1a3eaf6d121f113be61644920de4 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 12:43
Reported
2024-06-03 12:46
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
139s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91d3c23873512c13eef89b509af45ee3_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc074f46f8,0x7ffc074f4708,0x7ffc074f4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,7771237542241490,5792317664872299604,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,7771237542241490,5792317664872299604,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,7771237542241490,5792317664872299604,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2732 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,7771237542241490,5792317664872299604,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,7771237542241490,5792317664872299604,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,7771237542241490,5792317664872299604,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4324 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,7771237542241490,5792317664872299604,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3004 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,7771237542241490,5792317664872299604,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5900 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,7771237542241490,5792317664872299604,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5900 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,7771237542241490,5792317664872299604,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,7771237542241490,5792317664872299604,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,7771237542241490,5792317664872299604,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,7771237542241490,5792317664872299604,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,7771237542241490,5792317664872299604,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5388 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | vnad.vgame.us | udp |
| VN | 123.30.235.49:8043 | vnad.vgame.us | tcp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | keyrom.googlecode.com | udp |
| US | 8.8.8.8:53 | nguyenhuytap.googlecode.com | udp |
| GB | 142.250.178.9:443 | www.blogger.com | tcp |
| GB | 142.250.178.9:443 | www.blogger.com | tcp |
| US | 8.8.8.8:53 | i1206.photobucket.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| NL | 142.250.102.82:443 | nguyenhuytap.googlecode.com | tcp |
| GB | 142.250.200.14:80 | apis.google.com | tcp |
| NL | 142.250.102.82:443 | nguyenhuytap.googlecode.com | tcp |
| GB | 3.162.20.24:80 | i1206.photobucket.com | tcp |
| GB | 142.250.180.1:443 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:443 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:443 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:443 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:443 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 3.162.20.24:443 | i1206.photobucket.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | udp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| VN | 123.30.235.49:8043 | vnad.vgame.us | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 216.58.213.14:445 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.56.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.20.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.102.250.142.in-addr.arpa | udp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | udp |
| US | 8.8.8.8:53 | lh6.googleusercontent.com | udp |
| GB | 172.217.16.225:443 | lh6.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | 81.81.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.16.217.172.in-addr.arpa | udp |
| US | 216.239.32.178:139 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| GB | 163.70.151.21:445 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| GB | 163.70.151.21:139 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | embed.tawk.to | udp |
| GB | 142.250.200.14:443 | apis.google.com | udp |
| US | 188.114.97.2:443 | embed.tawk.to | tcp |
| US | 8.8.8.8:53 | widgets.amung.us | udp |
| US | 104.22.75.171:80 | widgets.amung.us | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| GB | 216.58.201.110:80 | developers.google.com | tcp |
| US | 8.8.8.8:53 | t.dtscout.com | udp |
| US | 8.8.8.8:53 | whos.amung.us | udp |
| DE | 141.101.120.10:443 | t.dtscout.com | tcp |
| US | 172.67.8.141:445 | whos.amung.us | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | tcp |
| US | 8.8.8.8:53 | 2.97.114.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.75.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.27.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.120.101.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.169.217.172.in-addr.arpa | udp |
| US | 104.22.75.171:445 | whos.amung.us | tcp |
| US | 104.22.74.171:445 | whos.amung.us | tcp |
| US | 8.8.8.8:53 | whos.amung.us | udp |
| US | 8.8.8.8:53 | 0.204.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | va.tawk.to | udp |
| US | 188.114.97.2:443 | va.tawk.to | tcp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | vsa51.tawk.to | udp |
| US | 104.21.7.106:443 | vsa51.tawk.to | tcp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 8.8.8.8:53 | vsa22.tawk.to | udp |
| US | 8.8.8.8:53 | 106.7.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.20.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.1.101.151.in-addr.arpa | udp |
| US | 188.114.96.2:443 | vsa22.tawk.to | tcp |
| US | 8.8.8.8:53 | 2.96.114.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | vsa9.tawk.to | udp |
| US | 172.67.130.30:443 | vsa9.tawk.to | tcp |
| US | 8.8.8.8:53 | 30.130.67.172.in-addr.arpa | udp |
| US | 172.67.130.30:443 | vsa9.tawk.to | tcp |
| US | 8.8.8.8:53 | vsa69.tawk.to | udp |
| US | 104.21.7.106:443 | vsa69.tawk.to | tcp |
| US | 52.111.227.11:443 | tcp | |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 439b5e04ca18c7fb02cf406e6eb24167 |
| SHA1 | e0c5bb6216903934726e3570b7d63295b9d28987 |
| SHA256 | 247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654 |
| SHA512 | d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2 |
\??\pipe\LOCAL\crashpad_2692_OBWCDORUNVIITZVK
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a8e767fd33edd97d306efb6905f93252 |
| SHA1 | a6f80ace2b57599f64b0ae3c7381f34e9456f9d3 |
| SHA256 | c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb |
| SHA512 | 07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 07b7d68dd8b6d41a8ee61edf37951c36 |
| SHA1 | da6a06bdeb788cb844885f7a0282e73ed2b94585 |
| SHA256 | 45401bc275f2dcb4d715ff6cd6c0d87fa7bf77ce463d08bddccc33b48d483dab |
| SHA512 | a4f865c8b0856401bbc7c206a95473420203c7ab8da1ad0210cbf5d6419c3e52384990f884e4f1aa3796392e962b26d60018dd5c20974f11af8af2dbde017e3c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 229c0f896f519ba9c28c72dd62bf60f7 |
| SHA1 | df093979e031cdcf446ac986bf2202538fc9f967 |
| SHA256 | 4d3dd3c0bf54aa9cad35b6be5f1fd3af60772c2385453f56ee6175492b46e8fe |
| SHA512 | a0d21e675955a6f3b1a23a7aba4049047f25e81958f83e44912ccc27edd38203bb2cb251a20badaa08726a20132c83c027e940ed00a522fb633a14c346bd4339 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 577f8fa7f5479dd5840fa9a67cab068a |
| SHA1 | fb3368ff1c4c15257689deb843bb9e221abf89be |
| SHA256 | 09076edf4a1dcf9f763fbe4c167d8b1da2db58bfb329f20b3f5026d3b4dcc202 |
| SHA512 | f68032cb1f590a5eb29be96d1dcb5c34aa24a6c671f131daf268351ceb04bc83151fd1a60e950974c49cabc8ebd8dfbaf8b5ab01f190ca6b7aef3d5ac69fe94f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 74291322bb0aff8b47ee2d84f096f213 |
| SHA1 | e5cf3eade4bbead25ebcdd05212dd08b46d0feb5 |
| SHA256 | 62dd793ff55d7854d27b915df236d4fab415b873a8022e671002ccf248f2fe97 |
| SHA512 | 3413ccecc49015de1e07a0d5893cc1bdd187557ec436a3ae9fd0da71155542ad0230875701bb076b709b3921ceae2265af64d87795e67c764590741a4d83c2f9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | f27a222ff07cefebc070e4cd3239cb38 |
| SHA1 | 8b27485910c0ed870d9a9946b9f1e233d707287e |
| SHA256 | cd088c7e10df229f9211b5f17f74b28acd3c83b554bc091be1d7925319b73179 |
| SHA512 | 1bafee45dddab471db74b92bbbda4a0da871d2abb72a865ea4045997c29d82ecbf28c798f38cae2107b56b7bd924c3ee75c4c184ee37da932bc5e4df09112e63 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 77340029fbcd68543358768e7a94ac28 |
| SHA1 | 3b1bb7f1aa9ab9f7f1dd6dc1e8a07fe48d04a81e |
| SHA256 | 1cfb12140c7a11bf1360a377281020cb7cdfbc79267d5f1ebd3d3c52331f4682 |
| SHA512 | 650408253f3ab30c74eb43ee5972a125469370f6508279205b3f12725dd35ae5529994921292501d4393ec0fa1a120043058a468c051ecc5e7d4356afd890526 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\16953898-ee37-45c6-a047-5fb319c15f5f.tmp
| MD5 | 06eadb2b3ab31ac1bd71ab4e5f926912 |
| SHA1 | 5ba8fbbb93cc0a94e77c374577f0c3eea7152f40 |
| SHA256 | 74c773f4985b868c9ee6dc6956d6a1ce341c791dd16562221e6ae3517bf8ccf2 |
| SHA512 | 537a094d2592c59b7d7817c3dc8f948b4471975e007adf1d67c21fe841788f0af8f70004f39547f64aedcd93f1eb0d0145ac6ef9086bcaf68866a301126f1ceb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d65ee66d4cc8432d48c3d6653229144f |
| SHA1 | 9ca31d1a8e829a3500742637afe81107ebbb1406 |
| SHA256 | 358eedfd38df7c41e5b9f8898c94ae88e589b18321013803142f8b27472ff2fb |
| SHA512 | 39810cb2659555dd23181d62cca87d2c065804b898b43549092fa2957461d465b8a6fb441b38169e92329e8de4405d035664ed60331bee60bdd73418961af8d3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe586c51.TMP
| MD5 | b568585d2eb8abc56e02c73fab56878e |
| SHA1 | 653c016253eaf81e0a9c004d9cd6e97f37fb665b |
| SHA256 | e843dd4e01ecd7892d212b1f08029d6dc907297724e158e521ed388ec3b8ad39 |
| SHA512 | 4de95870f2eaad55b050091199240aa3b56ab0a303d9252a139d356739c6e1559058861ccb1259e8b74aae65875d7df74075e25a3b2e8b88cd5ff89cbcd8ae5d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f
| MD5 | e1c71f7c04be834f5587230db2ad24b3 |
| SHA1 | f3bab9cb99d9f343bf7ed3981aaa7450515d2424 |
| SHA256 | 9fb6c768068467b58cc773a3907f3f5ec170bfe02ca8f301f6a232a9daf5a899 |
| SHA512 | 205366b4a3ca0dae58722a19ba24088dd8db483db9d14b376434024b064715ade720347ff5de87db014e32d2ef8192e71bbbdd3c885d5a8581b4aafc6e88ce51 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | fec2cec73b2e2bb3d0222d82893f6734 |
| SHA1 | 160358bf4ac2eff16dc528b3aaba9a6270bcdd44 |
| SHA256 | 4c4d2dc6896bf4186a06273d8868d9bb912146d80baefc9d4be586ee75c836f6 |
| SHA512 | 47ed62c5092cd5a56c32c8c4b64f34d7202a7ded0703962bba877ff9f3abcd4ae7bd565dcf88cc4e0aa0412576ada00beac77bc2a7d2bcff9b783df6920a43fe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 9cbf415b8eb81897edeedf169ee2f9c8 |
| SHA1 | c9f99c4c16b00ee4600e8a480aef88daacf87de3 |
| SHA256 | d5ed1ed450b93f6c27ce396364ba48363e7eb35dd8394d114032fd47aa150e06 |
| SHA512 | ef86b83271f35157b790925284b4db37aa25e61938924d5306ae8c0a33c0747e60159603b702c7f0a37017e5ffcd0776ac08dd759e78177f42e8f8ffd80ad7e8 |