Analysis Overview
SHA256
25c29f56cb6bb8894f5f6041ac4f8ad83717772313f33f8a5bbf18ad33f111ed
Threat Level: No (potentially) malicious behavior was detected
The file 9245fa3582c10d38c8a1112a37f91eeb_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 15:30
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 15:30
Reported
2024-06-03 15:33
Platform
win7-20240215-en
Max time kernel
134s
Max time network
127s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004508e7c3f83ca041ae3a49036c5d44230000000002000000000010660000000100002000000045fefcb092735bb3e3756f8e8bf302d39d3966ccbc8b3a2f5e195ae5dee62ac0000000000e8000000002000020000000d79c6b17bc0e471e5692d152a5e7385264f95bf1356b61a10656d3f64d36e9729000000052189b19c3ca315a69b7bfe27ad796c2c551ca3e30277495001a3e21d0d56cc9d376dc958919c5c690379f699ca5a1f3bf53f16c5978700a8300ae411f6b906f1da196cd837efaa8489c156e6f103fff546992f85a7c8daff69af7ff06733b49390c451d88d402f00b8e60791b5f0477f1606fbee2a8caceb6c23e2713f14da6ee26014f4cd3df675fd7f9553729a22540000000f8250df3382890feac39f965a685ce221608699cc963fe30ddf86e99e26e72efe1d2bf33e464c429d5803ed83ce9a71f0ab93e9ab94804a3304172ac11b7074d | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004508e7c3f83ca041ae3a49036c5d4423000000000200000000001066000000010000200000005a3626b65708d149785ec96f8957523bf5cc22818ef5cd7c1c0416f558ee6160000000000e8000000002000020000000883f7d668cff418d1dec8bc45107e0f2389f24b37f65dbe74209faf951007cc0200000000f52a2ae3b51b5c74b7ef8643455a80ed65318aa30ecda88eaad629f7639752940000000b49955c4839002cb8d7af9659eec69bd75bdc7a0a6cd8acfbd32b91fcc4c160791e0bb962bcb3f7f5b8c9a4303f23648c371c9a60b35a9879ec32cfb64b26681 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423590519" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{42672EC1-21BE-11EF-9AB8-560090747152} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b0c6e630cbb5da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2272 wrote to memory of 1996 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2272 wrote to memory of 1996 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2272 wrote to memory of 1996 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2272 wrote to memory of 1996 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\9245fa3582c10d38c8a1112a37f91eeb_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2272 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.duracom.ro | udp |
| RO | 89.42.218.94:80 | www.duracom.ro | tcp |
| RO | 89.42.218.94:80 | www.duracom.ro | tcp |
| RO | 89.42.218.94:80 | www.duracom.ro | tcp |
| RO | 89.42.218.94:80 | www.duracom.ro | tcp |
| RO | 89.42.218.94:80 | www.duracom.ro | tcp |
| RO | 89.42.218.94:80 | www.duracom.ro | tcp |
| RO | 89.42.218.94:443 | www.duracom.ro | tcp |
| RO | 89.42.218.94:443 | www.duracom.ro | tcp |
| RO | 89.42.218.94:443 | www.duracom.ro | tcp |
| RO | 89.42.218.94:443 | www.duracom.ro | tcp |
| RO | 89.42.218.94:443 | www.duracom.ro | tcp |
| RO | 89.42.218.94:443 | www.duracom.ro | tcp |
| RO | 89.42.218.94:443 | www.duracom.ro | tcp |
| RO | 89.42.218.94:443 | www.duracom.ro | tcp |
| RO | 89.42.218.94:443 | www.duracom.ro | tcp |
| RO | 89.42.218.94:443 | www.duracom.ro | tcp |
| RO | 89.42.218.94:443 | www.duracom.ro | tcp |
| RO | 89.42.218.94:443 | www.duracom.ro | tcp |
| RO | 89.42.218.94:443 | www.duracom.ro | tcp |
| RO | 89.42.218.94:443 | www.duracom.ro | tcp |
| RO | 89.42.218.94:443 | www.duracom.ro | tcp |
| RO | 89.42.218.94:443 | www.duracom.ro | tcp |
| RO | 89.42.218.94:443 | www.duracom.ro | tcp |
| RO | 89.42.218.94:443 | www.duracom.ro | tcp |
| RO | 89.42.218.94:443 | www.duracom.ro | tcp |
| RO | 89.42.218.94:443 | www.duracom.ro | tcp |
| RO | 89.42.218.94:443 | www.duracom.ro | tcp |
| RO | 89.42.218.94:443 | www.duracom.ro | tcp |
| RO | 89.42.218.94:443 | www.duracom.ro | tcp |
| RO | 89.42.218.94:443 | www.duracom.ro | tcp |
| RO | 89.42.218.94:443 | www.duracom.ro | tcp |
| RO | 89.42.218.94:443 | www.duracom.ro | tcp |
| RO | 89.42.218.94:443 | www.duracom.ro | tcp |
| RO | 89.42.218.94:80 | www.duracom.ro | tcp |
| RO | 89.42.218.94:80 | www.duracom.ro | tcp |
| RO | 89.42.218.94:80 | www.duracom.ro | tcp |
| RO | 89.42.218.94:80 | www.duracom.ro | tcp |
| RO | 89.42.218.94:443 | www.duracom.ro | tcp |
| RO | 89.42.218.94:443 | www.duracom.ro | tcp |
| RO | 89.42.218.94:443 | www.duracom.ro | tcp |
| US | 8.8.8.8:53 | laserlogics.com | udp |
| US | 50.63.8.193:80 | laserlogics.com | tcp |
| US | 50.63.8.193:80 | laserlogics.com | tcp |
| RO | 89.42.218.94:443 | www.duracom.ro | tcp |
| RO | 89.42.218.94:443 | www.duracom.ro | tcp |
| RO | 89.42.218.94:443 | www.duracom.ro | tcp |
| RO | 89.42.218.94:443 | www.duracom.ro | tcp |
| RO | 89.42.218.94:80 | www.duracom.ro | tcp |
| RO | 89.42.218.94:80 | www.duracom.ro | tcp |
| RO | 89.42.218.94:443 | www.duracom.ro | tcp |
| RO | 89.42.218.94:443 | www.duracom.ro | tcp |
| RO | 89.42.218.94:443 | www.duracom.ro | tcp |
| RO | 89.42.218.94:443 | www.duracom.ro | tcp |
| RO | 89.42.218.94:443 | www.duracom.ro | tcp |
| RO | 89.42.218.94:443 | www.duracom.ro | tcp |
| RO | 89.42.218.94:443 | www.duracom.ro | tcp |
| RO | 89.42.218.94:443 | www.duracom.ro | tcp |
| RO | 89.42.218.94:443 | www.duracom.ro | tcp |
| RO | 89.42.218.94:443 | www.duracom.ro | tcp |
| RO | 89.42.218.94:443 | www.duracom.ro | tcp |
| RO | 89.42.218.94:443 | www.duracom.ro | tcp |
| RO | 89.42.218.94:443 | www.duracom.ro | tcp |
| RO | 89.42.218.94:443 | www.duracom.ro | tcp |
| RO | 89.42.218.94:443 | www.duracom.ro | tcp |
| RO | 89.42.218.94:443 | www.duracom.ro | tcp |
| RO | 89.42.218.94:443 | www.duracom.ro | tcp |
| RO | 89.42.218.94:443 | www.duracom.ro | tcp |
| RO | 89.42.218.94:443 | www.duracom.ro | tcp |
| RO | 89.42.218.94:443 | www.duracom.ro | tcp |
| RO | 89.42.218.94:443 | www.duracom.ro | tcp |
| RO | 89.42.218.94:443 | www.duracom.ro | tcp |
| RO | 89.42.218.94:443 | www.duracom.ro | tcp |
| RO | 89.42.218.94:443 | www.duracom.ro | tcp |
| RO | 89.42.218.94:443 | www.duracom.ro | tcp |
| RO | 89.42.218.94:443 | www.duracom.ro | tcp |
| RO | 89.42.218.94:443 | www.duracom.ro | tcp |
| RO | 89.42.218.94:443 | www.duracom.ro | tcp |
| RO | 89.42.218.94:443 | www.duracom.ro | tcp |
| RO | 89.42.218.94:443 | www.duracom.ro | tcp |
| RO | 89.42.218.94:443 | www.duracom.ro | tcp |
| RO | 89.42.218.94:443 | www.duracom.ro | tcp |
| RO | 89.42.218.94:443 | www.duracom.ro | tcp |
| RO | 89.42.218.94:443 | www.duracom.ro | tcp |
| RO | 89.42.218.94:443 | www.duracom.ro | tcp |
| RO | 89.42.218.94:443 | www.duracom.ro | tcp |
| RO | 89.42.218.94:443 | www.duracom.ro | tcp |
| RO | 89.42.218.94:443 | www.duracom.ro | tcp |
| RO | 89.42.218.94:443 | www.duracom.ro | tcp |
| RO | 89.42.218.94:443 | www.duracom.ro | tcp |
| RO | 89.42.218.94:443 | www.duracom.ro | tcp |
| RO | 89.42.218.94:443 | www.duracom.ro | tcp |
| RO | 89.42.218.94:443 | www.duracom.ro | tcp |
| RO | 89.42.218.94:443 | www.duracom.ro | tcp |
| RO | 89.42.218.94:443 | www.duracom.ro | tcp |
| RO | 89.42.218.94:443 | www.duracom.ro | tcp |
| RO | 89.42.218.94:443 | www.duracom.ro | tcp |
| RO | 89.42.218.94:443 | www.duracom.ro | tcp |
| RO | 89.42.218.94:443 | www.duracom.ro | tcp |
| RO | 89.42.218.94:443 | www.duracom.ro | tcp |
| RO | 89.42.218.94:443 | www.duracom.ro | tcp |
| RO | 89.42.218.94:443 | www.duracom.ro | tcp |
| RO | 89.42.218.94:443 | www.duracom.ro | tcp |
| RO | 89.42.218.94:443 | www.duracom.ro | tcp |
| RO | 89.42.218.94:443 | www.duracom.ro | tcp |
| RO | 89.42.218.94:443 | www.duracom.ro | tcp |
| RO | 89.42.218.94:443 | www.duracom.ro | tcp |
| RO | 89.42.218.94:443 | www.duracom.ro | tcp |
| RO | 89.42.218.94:443 | www.duracom.ro | tcp |
| RO | 89.42.218.94:443 | www.duracom.ro | tcp |
| RO | 89.42.218.94:443 | www.duracom.ro | tcp |
| RO | 89.42.218.94:443 | www.duracom.ro | tcp |
| RO | 89.42.218.94:443 | www.duracom.ro | tcp |
| RO | 89.42.218.94:443 | www.duracom.ro | tcp |
| RO | 89.42.218.94:443 | www.duracom.ro | tcp |
| RO | 89.42.218.94:443 | www.duracom.ro | tcp |
| RO | 89.42.218.94:443 | www.duracom.ro | tcp |
| RO | 89.42.218.94:443 | www.duracom.ro | tcp |
| RO | 89.42.218.94:443 | www.duracom.ro | tcp |
| RO | 89.42.218.94:443 | www.duracom.ro | tcp |
| RO | 89.42.218.94:443 | www.duracom.ro | tcp |
| RO | 89.42.218.94:443 | www.duracom.ro | tcp |
| RO | 89.42.218.94:443 | www.duracom.ro | tcp |
| RO | 89.42.218.94:443 | www.duracom.ro | tcp |
| RO | 89.42.218.94:443 | www.duracom.ro | tcp |
| RO | 89.42.218.94:443 | www.duracom.ro | tcp |
| RO | 89.42.218.94:443 | www.duracom.ro | tcp |
| RO | 89.42.218.94:443 | www.duracom.ro | tcp |
| RO | 89.42.218.94:443 | www.duracom.ro | tcp |
| RO | 89.42.218.94:443 | www.duracom.ro | tcp |
| US | 50.63.8.193:80 | laserlogics.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OOWQLMJV\style[1].htm
| MD5 | 5d8d79c3cb9af023240b1be6f5057aaa |
| SHA1 | df22980677b134e83d878893f7c7984e0d78a240 |
| SHA256 | e8b101a7c7f64aad528cc734513cbeb02243c0af37930dc0f3239749cff184b6 |
| SHA512 | 66f432b622cee0bcc06cbc0f833de1471ea36c295b4cd93eb848d97e69c2252acd2fc8972db51ea35475a424f4d6cb5001325525fb04f71b8704eb24de1c4008 |
C:\Users\Admin\AppData\Local\Temp\CabD220.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarD321.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 58df2ea1405275545aeeaaa778eadee1 |
| SHA1 | 70221f154a9614e4896936b7facc7a8c101452fc |
| SHA256 | 716a6f87f1a533961c09b65fb0b9b72cc69614b41b441f293b81ab55d91e8fe1 |
| SHA512 | ec7221f6643db36fab4de8869cdc50d5db7465ffdd708131ebdcb434f50aebf88fa3ed0ed790c80e55c928f49fd4b7dd6d4871c345b815a41518af075766ee60 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | edd4eb83b6ad91859f3f1674acf0aba5 |
| SHA1 | eeae090255bf44d706e0d629bf73e578e8d1bf04 |
| SHA256 | 58d0f9e823c40f8ff0c4466fdfe498ac42f94105a05a0960550f5aeba7e30b6b |
| SHA512 | 8a4cd79cda932b6590761d5f76e3f951b98d15f196f957fed101f6ee4757457da1c05575a9cdc74427155cc638ce1fc08a051cd87926ce6d47eecae2f53aed1b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2d284101628d70543697f7e9f7c6c2d8 |
| SHA1 | c3f0e66960dd3442b9a5efb3be7b91e02dba3985 |
| SHA256 | 9690394871e6d501779431b31f122b7f13b6a7e44b7af2ae2c70b862fa5a4d7d |
| SHA512 | fe4167bf79e85a20e83f07f228a089a27cdb74dd0a3998747f69cc8197e62d8f017e8dbb3b8527f71f0daa67c859c6559f173e5db08c654b6951b515ec90bf77 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9448a9046305641f2e84b46381397ab2 |
| SHA1 | 76405dd3c8f7ca8ff98172c968e75eadef49a81d |
| SHA256 | c93f697f1ee039dd3a6841cd71d05e65f078c3172f8935e642fbb5b342f21fe6 |
| SHA512 | 0dd5d38cc25c292d3008adfb84bc92148929f6ae718a55068a25cf515bef35a0195a4fd4a146f3d1eda735e7dfecb02008a447cf527e149e97315375420b37b3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9383b80e1e3bfa6efe041d31c1e6cb64 |
| SHA1 | 41157215e1bdee81f73c6673bbd5a20d105d3d79 |
| SHA256 | 52195f37013940edbd0e0d3272f247a8da5aa590b78b8da459eed198af062892 |
| SHA512 | b6ec4721a310564276b4fc500517411c44444a4a065d52f84bf3657a1d019766d4b5c98ed42d4ab6cb64ab364a1cf77530429919d8b283431c8accef66a9a50f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3036d43d11f313e345de7fba455b0314 |
| SHA1 | 391958fbd16979e3ef1b0f2e38baf749963d7cb1 |
| SHA256 | 4a97b3199bea66c1e7468e97896a855f0ccfe1e23f71f7da91098d4810c8629a |
| SHA512 | f096a30f663ddc0ebdc083a947a497962527ae0b4f597b165c750ea311df291b7689ed3378c9e2ea329fcdf288d6425b578051bb240bb49fe2a04741dc95588d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0658e2cad9e238abc230b404e78e022f |
| SHA1 | c815b35a6439b4434018af08de299dabe7f305b6 |
| SHA256 | 7b3d12276aa8a2f4c0d55a3190193fb6777b97d0a466684923101f4778473b06 |
| SHA512 | 459e98e09496c0b99334052fb4bf59d542ff09664619c1a034d8f682b90d2ac3cb75023c5baab47935d148dbf887afaa13da7df5b198b4a84a473aee6693109f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 893ca89c59874b991c03e7a89203f16a |
| SHA1 | acddeccf4710625ff1a10f010772af2ed669b895 |
| SHA256 | 4f79f3b16980a787b51f8bde956a76ecb5e4a933c0ea1a3843aa5b8c07b55ec6 |
| SHA512 | dd425b7ec4523da74e70021944adb0894ab1f2554667b6af088c984973fee95f4e612a01947f64413e3b7a7f0928519d53a775893262382355e2b45713525ae5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 61da075b718cf494eaa110543990c744 |
| SHA1 | 1e22694116b42f3cf2cf43b3a198de8a113de4f7 |
| SHA256 | 6cee9f23a122c2c6584bb0c8ee4bcad7a67ef2a9e25a75f8ffe7fd6bfc35670d |
| SHA512 | f0e3f0d856dc61bc9f28638ce543bba6968f2bc572d50beee07277a3d75f3f50c86c23ae579009ebec2ba3879caeb806b571030e3859e0b46158945d98625bfb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e6081b4f7f2b751f021156e7c2fc35a0 |
| SHA1 | 933e7546fe2c3943ed033d024d68ba033c24497e |
| SHA256 | 83c003087237973673c4617e2d032aea215cfade33471b087489f1b306f25197 |
| SHA512 | f92ed7f26498f5065707d3f50caf26b275bfe7df2b4820de404fc3a2b2e06f922e43bdf9bcfe7d3023042d2892190392ce98309c60828ff02606b059f1f8aadf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a0a753db5ec10a55fbb1a8bffe13c890 |
| SHA1 | a21d1206ac1c5228f1fd3439e1a1522c47a3069f |
| SHA256 | 65e935ea5b3c79a5979993e707a31025c5dd922beb1b579c9a34843936557f92 |
| SHA512 | b5f687bc463310c0b24ddc90f9080090f22eb5d51a9d1f324cb23ecdd947933c285568145eb068230e7a6041820e05a3ac8cac7bcb4db247e4535f7258fc7e84 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a52c117d59240a11ab54c551dec1f36c |
| SHA1 | 877a70110c270127ed0a846cd8fb45ddcc631441 |
| SHA256 | ba3fb12589444bca4ec66d142a8552b9e646f50dbed0a124e93c1967006d37cb |
| SHA512 | f7abc4bf6dc7d8febfe0c8012a6f24b50a22b58a373657bc521b8d83a36a19681ac0ac88ad26a50bd022b9fc2004ef3f6a9f11560c0473738970f11394f05d2b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 95cfaa5ccb75d2797b2df9cf52b3c6d8 |
| SHA1 | 32424dd616730c6e07a3f51fc04870f1d57b5b00 |
| SHA256 | fbf7ab7f7f85bd894c7b06003c9aec10cd179f7bdd51b6d30f948f68cc2fd41e |
| SHA512 | 59addca3c12a2844d1417a3565eac772ffbec693f7c7736634365e8095c23eb0d23454e38cfa1543ba4aab7b46ef3c63e327816ac0570a04f3629af15297fb4a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b22df461661826b46ee46c2e0d93ac9d |
| SHA1 | 3aaecfa66a041174ecc0a7f3fdecb59c4ca3103f |
| SHA256 | 7f4b5538ffb383be7cad6eefa233cf1a1f420b2da7aeef5280bf00db6b4db70d |
| SHA512 | 5a2f7ed69bbf761643222969146b1c0b84e81a4d466d8ac825462a4fbb1ab8a093960a5e8f112a3715f7e4c85c9e55fb822002444953ab8037a4a02ea4ee1d93 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fa8ed51cebc9d3c635bcf563c6998e64 |
| SHA1 | a7588e9a154943409705a91f55548cde6fb7d9a6 |
| SHA256 | 58eb912c155c3454611101680fa24284b15157143bda6ce3d69da31dfa12acb3 |
| SHA512 | e1cfb70cdbeb12e951048704422fddb93f0de2701e42207b01f44d992f24d56691b75aab0289908f190018a32a640e8a410c2476626a5589b0904c7cdf23a514 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ad2b23ae08db10cbcb38ff0275b46910 |
| SHA1 | 84bc1f0cab966a906f24c34e13e0b6a426dd80b1 |
| SHA256 | 772d71618752ff65a08e3bb4af7d9cf6fdc6f695750481c80d45983599e65de1 |
| SHA512 | d0fac5332d90f9b91607f38a2e2c0c176c5f59b275eeaa6cbaa0f685514ff8ecb1363a3aba444ad5bdd49d48802f845825803931661897058fdcecec55a4e860 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 574502ed65512f814c22b1e79aca316c |
| SHA1 | 111456ba88ae38955a8dcd6c0e1ee2045ddaf4d8 |
| SHA256 | ec896e26b8d32d0c89545359c97ec135be47cef307bb80e9af22ffc680a58204 |
| SHA512 | 462a7b88b15638adddc9ba8c2b628053af183f15a17b2dbcff57cfa3d809e96185147040aa46b0687d0ed2832182f8e6315ae965626018d0a08faaedf338c399 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 78024995ca94f7c120b4a593e9d8e562 |
| SHA1 | c6b4c20cc6fab032d8fcd931bef77c1b6118d5eb |
| SHA256 | d37d5b8059aaec855fa5d33d9a5cd7699a0cf770c19aa4f3a02802bcd61f0d14 |
| SHA512 | 4a9209435992c973de438ad2f9d91c123fee7e605d424cb570e60a46998cf0263fa6b20319a475d76f4505eef4bed7174ef6b2104bdbff5eba8615277a14de55 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 15:30
Reported
2024-06-03 15:33
Platform
win10v2004-20240426-en
Max time kernel
147s
Max time network
126s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\9245fa3582c10d38c8a1112a37f91eeb_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb042146f8,0x7ffb04214708,0x7ffb04214718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,1448773648590962294,9341149428903728389,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,1448773648590962294,9341149428903728389,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,1448773648590962294,9341149428903728389,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2880 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1448773648590962294,9341149428903728389,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1448773648590962294,9341149428903728389,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,1448773648590962294,9341149428903728389,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5676 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,1448773648590962294,9341149428903728389,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5676 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1448773648590962294,9341149428903728389,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1448773648590962294,9341149428903728389,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1448773648590962294,9341149428903728389,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1448773648590962294,9341149428903728389,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,1448773648590962294,9341149428903728389,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4988 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.duracom.ro | udp |
| RO | 89.42.218.94:80 | www.duracom.ro | tcp |
| RO | 89.42.218.94:80 | www.duracom.ro | tcp |
| RO | 89.42.218.94:80 | www.duracom.ro | tcp |
| RO | 89.42.218.94:80 | www.duracom.ro | tcp |
| RO | 89.42.218.94:80 | www.duracom.ro | tcp |
| RO | 89.42.218.94:80 | www.duracom.ro | tcp |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 224.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 94.218.42.89.in-addr.arpa | udp |
| RO | 89.42.218.94:443 | www.duracom.ro | tcp |
| RO | 89.42.218.94:443 | www.duracom.ro | tcp |
| RO | 89.42.218.94:443 | www.duracom.ro | tcp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | s.w.org | udp |
| RO | 89.42.218.94:443 | www.duracom.ro | udp |
| US | 8.8.8.8:53 | laserlogics.com | udp |
| US | 50.63.8.193:80 | laserlogics.com | tcp |
| US | 50.63.8.193:80 | laserlogics.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| RO | 89.42.218.94:443 | www.duracom.ro | udp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.83.221.88.in-addr.arpa | udp |
| US | 52.111.227.11:443 | tcp | |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ea98e583ad99df195d29aa066204ab56 |
| SHA1 | f89398664af0179641aa0138b337097b617cb2db |
| SHA256 | a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6 |
| SHA512 | e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f |
\??\pipe\LOCAL\crashpad_3716_MKWRYKYFDSRFGIHK
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4f7152bc5a1a715ef481e37d1c791959 |
| SHA1 | c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7 |
| SHA256 | 704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc |
| SHA512 | 2e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5cce6c19086127f99a7a2da1be957dca |
| SHA1 | a9ff0e5f7834441f207573a5749393f0d3b756d1 |
| SHA256 | c5695b5cb46fc0c9772c2455f49dc099d17e2e70345644bb59b2728afc545cc6 |
| SHA512 | 2fab0fac6de878742e7d4a88ff2a9072ba9af091ce9ed19180409d4d63d9eaa6ce3a8cc6e7742c20b0153be0ab56c7af0df29cd0e38fc3853675f53177bf4d7c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 059ee7b2a10f73d34587776f76b2c244 |
| SHA1 | 2f1bcf201a4d7d8a623e93c0d46e54ca9a17d57d |
| SHA256 | d57b5326be80ec66c106c84a002ccc90715ab460dc406306e63136040eaa044f |
| SHA512 | 6fc0fd064fa95aed1c2f70729afc911a2860a2d239f6c74ddd2f54bc09f906b7d7eed46d1e1d28adcd9e9bf02b8c7e744780198fb8597952e3b0eae9a783ee47 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | dc2485228069c0114444c6a830c5ede9 |
| SHA1 | 25cce0f9f53e755cca206709cb8dcb86ad4adae2 |
| SHA256 | 435c7e7087c27542fcc16329a55cb41367efcbf25c509af8caaaea3c3136a938 |
| SHA512 | 7fb6e102ab98595fed0524ff1434cce5ee8a145cd6cb0d54f8285e946a72c7c73e2a4ebcfad9db02f07834c99d845612765ba4accee10f50af737a834248ab23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c01e03558795f3427c101956d72a1825 |
| SHA1 | ea602dd20eabd08f132f9134b67813008e417b26 |
| SHA256 | 02636b435298ac12fdec0c4cc8cbd8e717a213d37500f32a4b36550f65de57f0 |
| SHA512 | 40238e69fb163035c933bf82888d2d28aeb2e1358452d0c86bc5db6e37026e2fc506a4c053c88a2531137fd5c8e9bfe07974e63cc2deb02791acabf9637d2ba1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | fab28724414920d00c5470c2307dbead |
| SHA1 | 3b3a60fe57d750954a881eab6041411d9fc1a060 |
| SHA256 | d916065ffd5b04d10706d9ad6ff43d3da9ed58cd7274834979493363d0c98dad |
| SHA512 | 5b4c841e89a08840f19bbfaa1218b35e333407e2478d4f689b2d6ccf27b449134557ace3b35d44f815f30d6a135062129273ff64162d0568b71291c32202ced4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 03f4a3349572f55d2e9c67de9e485cff |
| SHA1 | 8cfe7edecf6605c8fb7a08ad4b7ef6fb675fc3fb |
| SHA256 | fb1dcd91e2a44dd23d3f7772a85362d86a21106b5c757062245e1865fad13bfe |
| SHA512 | a8382000ba2329d1951030b4aba754ba65b63548002c6b75ad45787056944ed60b20d28c614de0bc8627a93bd33998af66ff28e79927dbc272899f5b871c5c5a |