Analysis Overview
SHA256
8026e06c814902174298ffa3c2030daf38378d196b01d4637d0cd2c12a50aa51
Threat Level: No (potentially) malicious behavior was detected
The file 91f21bc8e53d7f04b77b2a8914ebf1fb_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 13:26
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 13:26
Reported
2024-06-03 13:28
Platform
win7-20240220-en
Max time kernel
143s
Max time network
145s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D9C5DFD1-21AC-11EF-AD30-660F20EB2E2E} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423583042" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002cbd9cba70b09549a66044b9cc4abcb900000000020000000000106600000001000020000000ee667f9d0ef44f3b928de6d4fb0163aeeabe57af21c96150074c5daa342593b2000000000e8000000002000020000000e02e49cf8d4fa00a89cc446317f1105c2ebf3feb1c56c3e34d23c945f289c4942000000033e5c748d32f46cba4f06f1f379d47b56798dc227352621d5ceca0fc23d827ad40000000969dc81210c7497caf7d03bf5b27230a96e9d08b6f30ffa0fc29590738dc39b49a6ef492b647a83b6684b4523121c37d0d7375f083587bd5350daa5f70ac213d | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70dfbeafb9b5da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002cbd9cba70b09549a66044b9cc4abcb900000000020000000000106600000001000020000000dae72271b444dc820e5978dcbb6dce9d3d90e40cea59d92ce069b1893bec39f5000000000e80000000020000200000000460de675834b4402f9481b1322993c6cf70357dedc8f6fd8dab92e4e14aa0f590000000bdadc9a836a4b6847aa9792b00368c362b78438a09a6535cc3b8b75262fe7de108363b40e3f59bb6ddd79fcbefc7d31a1b4529a938138a65fac5d1024a0a0426ce75826291e1f2fa2a543e737c46ae05285cc12864457948033ed6474ddba9ad1f9cf433e304f337116b5f2ad2a92c85514e5ac68b09e899e663c94f196bb02230a4de36f3a0552871b2914556bd4a6f4000000038cebb223337626d2290326fc8d41de4d6af28fb1b2a3fbe033ebcac8517fe09094bf1b5b0c6e6c9491df8a4b44826f379b8bdf713a5a5693e52609b685d4923 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1992 wrote to memory of 2080 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1992 wrote to memory of 2080 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1992 wrote to memory of 2080 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1992 wrote to memory of 2080 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91f21bc8e53d7f04b77b2a8914ebf1fb_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1992 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | cdn.firebase.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 151.101.1.195:443 | cdn.firebase.com | tcp |
| US | 151.101.1.195:443 | cdn.firebase.com | tcp |
| GB | 142.250.178.9:443 | www.blogger.com | tcp |
| GB | 142.250.178.9:443 | www.blogger.com | tcp |
| GB | 142.250.178.9:443 | www.blogger.com | tcp |
| GB | 142.250.178.9:443 | www.blogger.com | tcp |
| GB | 142.250.178.9:443 | www.blogger.com | tcp |
| US | 8.8.8.8:53 | tvbvn.blogspot.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.200.1:80 | tvbvn.blogspot.com | tcp |
| GB | 142.250.200.1:80 | tvbvn.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | widgets.amung.us | udp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| US | 104.22.74.171:80 | widgets.amung.us | tcp |
| US | 104.22.74.171:80 | widgets.amung.us | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 5dc6e0daa8931f6a1fb6ee33e7851c44 |
| SHA1 | 642a911c9a787509c6292845d84ca0a2b57f82f2 |
| SHA256 | ae9753bcd4b631e705f9681d9cb4256745677b4197cf7185a94190d3cb35f7fd |
| SHA512 | fcfed3b8e1a05b1a0dc2921ffcb17e910869db59667e4be96808d0b0943797411ebb617726ee0fddef3be98250e19b8f08bdb352a1a122e2db3976f220f86fa5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 13ed5e0369cedc64c8437eb9a493a981 |
| SHA1 | 880053c91809fef7b2a3d688143f554d5a05c0bd |
| SHA256 | 3560614f2f62c19498d2ad6c3b9fa8f232883167479de05e924a5a3ab19a8454 |
| SHA512 | 18b3c940a3b722b58c476af4141ab987ed9f7557c1e52f3f20548b2c209abd67c943761d22e20ed59c36d69f8cd911285aff7efdf2d20f51c35cad62932aefa0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | ac89a852c2aaa3d389b2d2dd312ad367 |
| SHA1 | 8f421dd6493c61dbda6b839e2debb7b50a20c930 |
| SHA256 | 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45 |
| SHA512 | c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | e097a45946dc11edb2f48c5bb1459769 |
| SHA1 | ec1fbf8764788f1e2cc74ada71a54f94656518e3 |
| SHA256 | 7956b48e7b47e5bcffcae4b22ab55becb10a894b02f3a00e29dac0c531a706ec |
| SHA512 | c7c88831752d8d38694e6076bb524685c6a5b945563380c9a4aaf490ba9de614ec0d7b6d3c630ba2925d7936e13528e96f20470c3659ec8796e9ff64f0858c29 |
C:\Users\Admin\AppData\Local\Temp\Cab19E9.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_827A2BD464611B5891D523F77B43FEB1
| MD5 | 102e3a3324d5c621694bc0b59fe2839c |
| SHA1 | ffd4ba585a9667d685951086d06de0a24582cf9b |
| SHA256 | 6c7c39d92058341b866b1617190b8f3012c543b23d82360f1eea6f79592c763b |
| SHA512 | ce1de8b9b608923808fd549d9dc7ba5c4b26a5913c6d841112a77ad927e4e48664ec1c98a5ec78719b0e9ed7955ce895c9519e10c2aa6ee3137db3d3d7556972 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_827A2BD464611B5891D523F77B43FEB1
| MD5 | 3cbd995f8bc61a3669d6dccec2391d8a |
| SHA1 | 39e5903bb99f1d045f6b0c2429b43ea8e2d551da |
| SHA256 | d302d7266945490d5d06e91e1c2557830688004c572f39343357dfd57ada50e5 |
| SHA512 | 6335e0e9db04d46564a47818a02c3ed714ee705dbc70ecadf252f2813ef62ed14bf739ea545d69e3214d21600a2d9257013545ab3bd7eeba17fe1fb07b2a22ba |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e6cdaf258a2ad3c69adc42717f4d7982 |
| SHA1 | 3bc02ec7c22c0f5130dc527b73c4758e35e23bed |
| SHA256 | f8c28146a2b6a455bc73630404f0991fc0675e1bb918f3d796cd8b182775f5cf |
| SHA512 | 3df9d1ef73a095d05b04fcea7760f99541307c3e3a46c9ff81dab87c12e328d3f9fb142fa07b8176733dcc5eb96b8c3f8cd00685d4d5dd57946938710f1108a4 |
C:\Users\Admin\AppData\Local\Temp\Tar1FD6.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar20D7.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ee9a1f9f5416fa83678059fc94a0f153 |
| SHA1 | 3aaafd11273b0e90bdfc1a2beb7f539bde14f967 |
| SHA256 | 64cde6f2bda663bf3693a572c37a461ea1da7f7eb2013260888ac0a182e50570 |
| SHA512 | ab2e11ec7c870e9746471ee627419e8c9d3b1125d55494f10e730cd0cd39d2315859aca20f2257eba8ad15b5c0284c303f699411970044a2366f8d07658a62da |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a6a2cc306483adb4e07ed912b65a0aaf |
| SHA1 | 759bef31e928c75e4b3e7a6e401684f7328bf5da |
| SHA256 | 320d3649c2687d5982e367bcb5a99bac6e58f6c3f7afbf81533c674b407cb7ec |
| SHA512 | 6f4d8a28d3280295a59fb6d95e31ef0e46effcf180620c0ff09576b3a2fcae52c83e0b935e91ba8cf9f806fb492e80257be847adc99081da44f9a8de33f6a579 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4854abb327b79a24f4d431c93a0f8cf8 |
| SHA1 | 5f7bd178a5c04eadc537858d49071a3880e3d3c3 |
| SHA256 | 8f27f67aa9044fe266bd81d963c16ad5d43a81fc282d4032c0751b4665c6b7b6 |
| SHA512 | dd0f974df74d2334741030fee62bc5ecec4aa108f19407b3e7d42934007d82199265817a7036a53fbf0c9c31811d3bd75fe68129afd591ff0a02d7ec7327bc67 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3e79578931f5f6f0ed0a863d547e834f |
| SHA1 | 5b151618ceaa0446768497aafc50b52565f18635 |
| SHA256 | 8d332aca370a94e25f2193453d6dd8641c5e9d77d213afe79203696c1063fda1 |
| SHA512 | 08bb84bc8938fa4caf914bf67525bd933681014043dc02a22652ff7735f4c7f9c0ad42cfce0a5a9a0a9e2f6eb54cc7e113f5bbe82e67d890185407c43e45813e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0f5ac4e3fbb08fdd188e1e5a2e58fa71 |
| SHA1 | fa2ef7e16306577685302a9067589ad213d97961 |
| SHA256 | 2bfe117ffcd869b89f8856d720fe69a0f08d2e2df4778af48dad4ce196fee9fc |
| SHA512 | e34ea58c5f9c246c6d8e9a1144b66c03e8109eda7e2d3d137ad7034d325e8df36a7f8d00350554b31ad07fdd2dd520d758f8de6092dc8fe7e520da7ee4126f38 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ad5943192f256a2312bf4d554aed5810 |
| SHA1 | 599588a0ace5f259c1b76d3b984bc35f2104369a |
| SHA256 | 6d2ee5fb16f3ee1fe5ee807762d92a7c57e3d7e64a90d5ddff44456e216f8331 |
| SHA512 | dc57796ceeeb10a60cb4cd84c94318a3ff2cc1cd817ac536195565baa5d8051c9a8bd19eca6584c7130bdefb816b34493bcfe163f1f3618b4edfbb06fb3b1e7d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 68e31bb0dba32fae99f88f3b5dc4f27a |
| SHA1 | 084a9e4f8f8334460df3db176a68ddfb5088181f |
| SHA256 | 866546feb1fb5336dc533b31099f1ae428f6fdb9c413f73642f572d9a45455aa |
| SHA512 | 93804a0803f704e3853fd3c25f79c2540915e084177435432eee18fd5832f5c67fcca8946b199ffb32587cdf8f812da09cd338b5b2e36ebfb4b9dbe09787aac5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3b29b791026d75bbb2ebcb78e597dbe9 |
| SHA1 | 7a4bedf14dda2875c9bc9a04456a1b84fe46fa1e |
| SHA256 | 09ce08bbee9c4ed4eed240b1f9e5b28875439f11210bc4c2b9a6095f06ed3e68 |
| SHA512 | 73377e2358038adf31e4134fd7541cbc39837f10a560ab9099f0046199771b8b7216abf7d184be016d61af6886aa86f4086ef2cc662232660f739556bd3635c6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 703d3cc6744476e1b9bfe0a52e26097d |
| SHA1 | 79a1d342c641276c2a8850fb747ffbcd81bfecd2 |
| SHA256 | ffccf4f226333e7a44ccb39ba2b024e3a0593c94cfcb039da0b47756e0a1560d |
| SHA512 | 5d38dcb0647a22fbdd15366a15db1da45b6697e713dca31e9cf44d885e30aabee22828959fde0ff6984e9644562e3dea9bda0a6db2c9801960d21c63f897af74 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ba214024cc0205d888e788683f093fc8 |
| SHA1 | cdf077ad4cc87f0d714116270cf8d338d920fb7e |
| SHA256 | bbb1262f23455811b238dfbc7c4738f75bde950a03c9b0b6abe86af460959746 |
| SHA512 | cdf074fd13605f466a775204c29572df3f1773bf0825a70d224f7579a9edc247c65a80bb5e5ba50bd0185904666c2ffd5539d44345ec7ec9907156586179673f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5ecfa245a3c9a66a77d4ab93409ce638 |
| SHA1 | 19ec8ce2b448f48fd69db4b33394b2e284a0f97f |
| SHA256 | 7f3d9ef6a7ad92a20764ef8119f8037b78819d5a84577a496661800a73f7717f |
| SHA512 | fa92c4aa9220e964729c3d533e5714775a46a2675ffbf9e9d0b4d682fc246ae2be1ff89249e7194b0ee16734d9975eac8163533f2488ddd0722a58e12905bd3c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5436259fa148040f7d99eca2f5eb858a |
| SHA1 | a7e2ab7d947de4e76ec6e4fbed1bb9a0e1852774 |
| SHA256 | 488b1615335f0300421949c4ab0bcbba8717fb6a26d00d8ca2a0578fddae5b0f |
| SHA512 | 145a57e960573caec47f52e82389274bccfb93f9433a899a8ca133f579e3971bc3b5dc43ae97a7bd6b1525bfc66fc17efb17a040bae506612dc95d5a1e04e76b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 5305a6b5a952615ffebc5ec41dfffad8 |
| SHA1 | 5bd33e9472c17288c0b9d265078832c3bac2ed2b |
| SHA256 | 3afbd07965692ef9481480cf0132551ac92434063aa53f8804cca7aae98135bd |
| SHA512 | 05e6fe6cb02fd09a852cdff901fa915fea7de9d5ecd4d7fb528a65190bc968085826d0ebbe36c3f79065a264ba5689bc7a62a38b51ce606c11a216fd2c2a759c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 24d5f470d45fddfb1c5b93158ab15eeb |
| SHA1 | 1b478e69d7dbaaf328edaad5c46fe03a3032c581 |
| SHA256 | 80ce8e848319e0ba51075dd8cfd27842dbe12d39431a81e231234c2cb9819644 |
| SHA512 | 7421dc7feb3f24ef56be0211f6db184d8b6bb08da1ffe0f4a328cce40e92c17c9009d3de039b10cfecfe728b4e276a5e20d765a44da42eb60dff699f8aa6c07b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5b0a10cfdc860bd49edfd2346741732a |
| SHA1 | 6f5425e1c1b69d5c45a43857f197d87a39a6e4b3 |
| SHA256 | d0a81831483b0097e977a7599b085b134d1fd3db760136ec4782189acfc25a9b |
| SHA512 | b52c62f3ecc060df31a04f649aad082157ce122a52fe3c5c1781c1f99760066b50ee088dd767bf1a0532825c49ddcf58dd61cabcf42710e72e2650a508707767 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f29660ac1c1c82eac0cbe6d9a864bb91 |
| SHA1 | 800ae1b9a1dc6fb0921373a0e22a5816f7f4d68b |
| SHA256 | 6f2efc183479b06d4fd9108e6e03637dcf831074c47a232bf50800ec4ecd978d |
| SHA512 | 013910ad819ff7ae7c27a9d2bb691187b0826eb41b4bbd6fa5babbde4799fec7b434a0855a8290c8f07b31b4c77a47657be7e724c7490827960031ab8e81271c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a60464dee2f0d6961f4566f5bd69064c |
| SHA1 | 62db07b2d2f255a123a5b6e64c58435eef6fee9f |
| SHA256 | 3ba19fa537234f204ed75b7f3c41ea4b4a26c7e0024f05a1388d4762a002005e |
| SHA512 | ee59e62c89fc19d8830830a527ea7b346c58e9d1b9c6b2ad792963cd8e8f2db992c1698cda49d0476a823d003f91811ef35e2873512e2b15396a8ed08145b8cf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 440e40fd982f8ad7016e7ea4a60edd92 |
| SHA1 | 9bfe637ed2ce080aab68e0ce808a6be75053c8a9 |
| SHA256 | be5163f6b0c97b1b71688271cc092eb31dac390bfedd117dcd8a56a2b3d4e479 |
| SHA512 | 941ac8507024daa59db4de8c2a9ee5c3611084fc3f7b304ffb4120a3700d0beb7cb068ba8ec5faac98594ea6c3857ec3ec08810eb81b51555031fb31f0941cf6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 577787611086e65345c337452fcff7dc |
| SHA1 | 696da44acf15ce5fd6fe5839378c90df12d73c5e |
| SHA256 | c8ad1f7261ec661bf4e739b7b5edface37b788bb6b8b2aa81eb8826991d7ec6a |
| SHA512 | 7a2b259341130544d09c45acd0ee1d029b7892e399f49050e89352b2fb384ae5a1d0721186becab930c0e7342ddb939f5cb2354f0343cd400d556d896a23a5fc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | c7813ca5b1fc757d71d0bcb3d4c93146 |
| SHA1 | 774e813f2a5944f195729f2ae5dbdd130c15cf63 |
| SHA256 | 98b0ae79838089cd4962fab57a074636ede57de4dda9cacb7a55530ca92088f6 |
| SHA512 | 3f8ee08312c8a7ebbbe0ca7888687860ef3778bac1665514514d3b34d7ef449feea4258311e8a57ccebc44731917937a46ef6a0b7a840d000f48c0313590a577 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1b8b478372f8176f8096f982fb93ade3 |
| SHA1 | 07e2e5a91a8be02e8484e3a4285999befc21f794 |
| SHA256 | f90d94d5115cf84a2c417a9ffb199d72ff16cc3e6a7146a3797a75a071c9d7e4 |
| SHA512 | 391c683812ee1217d16ac67b3ba61ad277a4ac88877b48126e4900e0313240aa74f1a17949de9e796ba4b19dd6d46a9fd9f0e631bda746d92d7fcf4e4cabab0f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a998842410545187e6d8f820562dfa81 |
| SHA1 | d0a5c55e1668d6486545f4ad598e91a71bed7873 |
| SHA256 | c9a5b6745c7b0fdec6e2c70cf6c75910bcbe06d3bd97fe2c3398dbf04f4cb69a |
| SHA512 | 139d8cb46acd0b24afae69c8a49630aba5ad4216c9eaaf3391813e034f8aeb6f915a2ba626d06c9b8cbe5251ba6324b3d73d11ea708b45ce7ea4c63836eb662a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8fb35fae131907e3ede07bace1c17b6f |
| SHA1 | beb81d7ce5c7535cf1ccbf2526308ce8b711d2c6 |
| SHA256 | 5cefef80d9c0e0a744eafbd096d8cde1525bfc4440372bcc922c3e6910fdcf1e |
| SHA512 | 4e79be6aa05f099b90936bdc9ce80924ad0caee7a7504ae9faf96ed6cbea201a8576f061718ffb8ace0c48dbdb2008d3b28cb27f58a263abae524eb081d80ab9 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 13:26
Reported
2024-06-03 13:28
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
138s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91f21bc8e53d7f04b77b2a8914ebf1fb_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8c0a746f8,0x7ff8c0a74708,0x7ff8c0a74718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,1550628522816908800,1959700914570321798,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,1550628522816908800,1959700914570321798,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,1550628522816908800,1959700914570321798,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1550628522816908800,1959700914570321798,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1550628522816908800,1959700914570321798,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1550628522816908800,1959700914570321798,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4900 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1550628522816908800,1959700914570321798,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3708 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1550628522816908800,1959700914570321798,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,1550628522816908800,1959700914570321798,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5964 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,1550628522816908800,1959700914570321798,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5964 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1550628522816908800,1959700914570321798,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1550628522816908800,1959700914570321798,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1550628522816908800,1959700914570321798,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1550628522816908800,1959700914570321798,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,1550628522816908800,1959700914570321798,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4756 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| US | 8.8.8.8:53 | googledrive.com | udp |
| GB | 172.217.169.65:445 | googledrive.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | cdn.firebase.com | udp |
| US | 151.101.1.195:443 | cdn.firebase.com | tcp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googledrive.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | tvbvn.blogspot.com | udp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.200.1:80 | tvbvn.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.200.1:80 | tvbvn.blogspot.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | widgets.amung.us | udp |
| US | 104.22.75.171:80 | widgets.amung.us | tcp |
| US | 8.8.8.8:53 | t.dtscout.com | udp |
| US | 8.8.8.8:53 | whos.amung.us | udp |
| DE | 141.101.120.11:443 | t.dtscout.com | tcp |
| US | 172.67.8.141:445 | whos.amung.us | tcp |
| US | 8.8.8.8:53 | 1.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.75.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.120.101.141.in-addr.arpa | udp |
| US | 104.22.74.171:445 | whos.amung.us | tcp |
| US | 104.22.75.171:445 | whos.amung.us | tcp |
| US | 8.8.8.8:53 | whos.amung.us | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| GB | 142.250.200.1:80 | tvbvn.blogspot.com | tcp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 612a6c4247ef652299b376221c984213 |
| SHA1 | d306f3b16bde39708aa862aee372345feb559750 |
| SHA256 | 9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a |
| SHA512 | 34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973 |
\??\pipe\LOCAL\crashpad_2928_URQTONXOSWTVCWUO
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 56641592f6e69f5f5fb06f2319384490 |
| SHA1 | 6a86be42e2c6d26b7830ad9f4e2627995fd91069 |
| SHA256 | 02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455 |
| SHA512 | c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1733214a6f0cddbab91a82d093934123 |
| SHA1 | 7f5e8fba9df3b57994601ecf174fa3190a76a0b2 |
| SHA256 | 67788618a52440fdcc61b90c7fa9a11ffa8946b594653e26f56ce76d751f5da7 |
| SHA512 | afdbac238432c5be1743bbee0c5aa1600004e23cb61022259f1e911a58ca927af165d707853618b1e21d8b598895af35ca4b244eb2ace5d5579e3d77b956cc8e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f7633997a54954370e43a6f2bc5f95c8 |
| SHA1 | a23b745d9e0524419dc24a4a65b43c18edaeb889 |
| SHA256 | 94f3a4308bae44cc465e31dbb9b7c5d5fd9c4cc2512a5ba62e57f3ffb76f5ef3 |
| SHA512 | 385592924a8b8396003c77b7bbd41c6467468a351aa0e4e20e3c1b45f1c50a7440c6778bb01c3642cbca9df1580f091edc5ebff27d3eceb47258ff877f8fa412 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6109a887bdf3e486ab30ba8d64eee64e |
| SHA1 | 943d6a553b06749add150bc5897e02ea8e7c7370 |
| SHA256 | 766dab26df374678f90b8f0cf0646f3c7abadce992bc3aef0b74358bcaef3a01 |
| SHA512 | 4583182abad8e655d7ec11128d528b3b395a3a46d8d15242fceeda0955e9b24bf82f50516f8249437aab84206c805bd17616f240fae3fe280697e1b7527dfc8f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1427cb7cd5275b44c7a481442a5bcd25 |
| SHA1 | 15429408c91f5f31693b3b9a2c9b7eb6a6fac332 |
| SHA256 | b5506941bad826ce46806f327b1d971e3668c9ed03fbab923ddb54e779ff06aa |
| SHA512 | 035c509b8b75904ca524485ce2f2642f59aa9100dfa80327fee2e7493cc6a3792d5095fb13f96ac3db08a92dc531488ecdbd8dc4f989a95362e52816d6c83788 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 2aab62ab66cb7a28333fa1650f7d6517 |
| SHA1 | 8abf9f0b21ee8bd81baa687b428de625c7441888 |
| SHA256 | 6efe00206c482278e4443a6e86b5141c278d2572bde31d1634ac0bf7dbd7aae6 |
| SHA512 | f3b128835e29afa0eb7012d19d765d4cf5172f7714a28956f80395e1539e800a30acf27ae159b12f8c5de3c124b34df6ba864943fc97e8378362f82474e27e30 |