Analysis Overview
SHA256
17ceec8ef835047e39923853d1df86195819f5c0be56fa954cd87980dd129232
Threat Level: No (potentially) malicious behavior was detected
The file 925559088be860d113356da6708736d7_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 15:51
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 15:51
Reported
2024-06-03 15:53
Platform
win7-20240215-en
Max time kernel
144s
Max time network
148s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d092ecf0cdb5da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000034b2a0cb465eab4db5271728d0db3c9c00000000020000000000106600000001000020000000db49bd77ae8db76349546a669d2c6f1b724b466d659a19b0fdb4f2f194df47d4000000000e8000000002000020000000c4b468690b7d50058486a1ae0256cb5489a0b1058ac41c912e8ae42543e44ae990000000e4a166d1f4198dde861dd6a58c2804f7c2d4d41e737f65a55ea59940e9985d8415058e2ed77a5eda0b7b10864394755d8d0b2ea9d10e6ac0c6b405abc6976677a82bd96f34cacf678cb7d1742d83fed28d2ac05ee9c3ac7b075fb85c512d7c0fe31c67e1affabb76a60b7bca7ecf054600414739006c85b785bc3b2fdf3d7ef6f46fbd3c5d0f2e79c9c8ad4c7a6f4e5f400000008a770eb309aa1bbada7987ad3407a8599199b49efe15dc911381d3501a0905eab989c1380e62f33a6af31dc3e4b3bfd7d9fa997fd295947bb3c4aa131a300e33 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1B5B74F1-21C1-11EF-AF73-469E18234AA3} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000034b2a0cb465eab4db5271728d0db3c9c0000000002000000000010660000000100002000000058bba6767dab3b5e312665ef27f2ec2ab508728421e780e525b55a5e04d0a969000000000e8000000002000020000000b087153ec8ac258217f9aeb99980b5d089a98f4e816354a280e1e68c1bc495c82000000001cdfb3be10cbb82e59b6522fa8e345656bbb3e1071b78acb231220a7505b00340000000ea60ed307feff68416c8a545791ac89a003598bc9f8c6831cfedabb6da8147c3799d861859298e2fd408813df345f96ec22613ba5023308cead8c4d786dcb2eb | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423591742" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1200 wrote to memory of 1540 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1200 wrote to memory of 1540 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1200 wrote to memory of 1540 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1200 wrote to memory of 1540 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\925559088be860d113356da6708736d7_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1200 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | journal.cyberpartygal.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | www.stumbleupon.com | udp |
| US | 8.8.8.8:53 | platform.linkedin.com | udp |
| GB | 142.250.200.14:80 | apis.google.com | tcp |
| US | 76.76.21.123:80 | www.stumbleupon.com | tcp |
| US | 76.76.21.123:80 | www.stumbleupon.com | tcp |
| GB | 142.250.200.14:80 | apis.google.com | tcp |
| US | 198.187.31.93:80 | journal.cyberpartygal.com | tcp |
| US | 198.187.31.93:80 | journal.cyberpartygal.com | tcp |
| US | 198.187.31.93:80 | journal.cyberpartygal.com | tcp |
| US | 198.187.31.93:80 | journal.cyberpartygal.com | tcp |
| US | 198.187.31.93:80 | journal.cyberpartygal.com | tcp |
| US | 198.187.31.93:80 | journal.cyberpartygal.com | tcp |
| US | 152.199.22.144:80 | platform.linkedin.com | tcp |
| US | 152.199.22.144:80 | platform.linkedin.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| GB | 216.58.201.110:80 | developers.google.com | tcp |
| GB | 216.58.201.110:80 | developers.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | tcp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | tcp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OOWQLMJV\plusone[2].js
| MD5 | 53e032294d7b74dc7c3e47b03a045d1a |
| SHA1 | f462da8a8f40b78d570a665668ba8d1a834960c2 |
| SHA256 | 8076b082eadf0cab4a8823dbd7628a0b44f174c17b3221221c0e31e7c60307a2 |
| SHA512 | fe263fe86aea2ba1b86d86305650cdeee45cd1f7b4339f9d4fb81db776b78abedccd0ae77262f45d579751daa26f81385354b3d126fdb5577036e9dd1db33276 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_D727CFA7BCFAF501CEA426110263B756
| MD5 | 495abe1928643ed730ca074a5266a645 |
| SHA1 | 1e29b95486a0eff557b8535c607c2240ede505db |
| SHA256 | c4267593e63a51c0e3103d42bfa4667515ce34b8636011959e0aedf58e82cbba |
| SHA512 | cb994c8fede0f952460368b3a53e8bcb76b45f92e53f38f93fbf57d91cdda01354b22e172c40e4057ac002a6e443a0a5beaf0fefaf2c7f08b3165a8dc45c5e1b |
C:\Users\Admin\AppData\Local\Temp\Cab18D1.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar1A2F.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\902LKC6A\cb=gapi[1].js
| MD5 | 0fe383a7ddb9bbaefc3105b3297f5583 |
| SHA1 | f80c9d789f251909c7560bd91a9e1b9a10c26362 |
| SHA256 | d7ad4aad4e48174c30ef21fc32c9380659d2c99a5c39680e10ed9752139d8683 |
| SHA512 | 31de1f59377bc76e5d602d02273867ce750bbbccb7edc8f2803c0188002ecae6752ac3ec31c2108e64b0d871b01e6a8a06711969dc68bd9823303def0e7c1ee4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 99080083c14ce02edf1c566d07a50b34 |
| SHA1 | e436a2bdc9742a99bf16f219d573defc1407a164 |
| SHA256 | 936d6f283f7d0e36aa4e6ee77e40a0bc1e2d5f2655ca40380ee3283260494a5f |
| SHA512 | 50069aa6cdd4b243ec64d079e5bae917a84193e3bf9691311527755f4efa683c912c707a3d11618759b17def0c559698bc19fd9a184109f25f1a218c6747497a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 38b4c3fcd0d48b53b2eeb5c14a1606e8 |
| SHA1 | cf1617102f6711cad91f651748da2dfe4a091a56 |
| SHA256 | 516766cfa22656a8e7b5e9a3b76094a4db9cc412daed1ffc2849829e2e7991a9 |
| SHA512 | 465056e294126012f8e7056d8c96a4ff0e2d6fb4a73eddcbf13d17d240105de716af099f168f199b42c4a39a1d2ed4bb83ee60a19315b4f4d6b4c8f77351fb61 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5456ab7694c21cce2cbdd73bd4c75fea |
| SHA1 | 9035e08a0a4244ed4e2d50be86d4cf14663ff1c6 |
| SHA256 | cf45a5f55cccf86716bbe1e7b0ecd03a3a651aceda2c5776689bbb700390eb0f |
| SHA512 | 87157e774ea10dc049e145f25bcb73943b518a3ccde99c59d1f2ff161a88e360e0a6b13361e2769549867468ef3d9d5ef6fab188436e7637ff471cdabb4dcf2a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 544358ee8caf720c400f1f13f0872abe |
| SHA1 | a7a59fa93c7d4344a66f10d990fc0ea75ed00811 |
| SHA256 | 21486fb24d2a3b1e880e9107a428f34b4629a48dadff620ce387777b969c02b9 |
| SHA512 | 11985d91018ad41568b36afc8bfa9370e8ba9e94146f11bbb61e7a40cacf146366f742696a726e9c73669c49592535ea9d40934e6b28134a8129226f066bc69f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | eb014e6005002e1ce67cdea8c203bc98 |
| SHA1 | 5835d4383a4891ad48bbddb2e805152c3246af49 |
| SHA256 | f1121b41fb030cc3605fac5cdba887645afef7ca1a13c28dfb7521a085d93361 |
| SHA512 | 9991ca781586246f27b44d6afa020c93c42e80364a480add65094fb483f9ea8c2dd25f587127a6a5c04492eac92fbb91d33af4db90768fac4a051a7b7a032838 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bafb373982865ce03527d48e897ae054 |
| SHA1 | c6bafa340d2d509b289d9368fdf47e072625d5f8 |
| SHA256 | 0acae15396afcc0edb5f7b240bf78bf6d4f9228ffab41174e3eeec1e0a28ad25 |
| SHA512 | a2297928a59772cc12277ac2f6cf3c9fdf69b99faccd27f86482b91c923c3a13117941570657cac5bf8d2f4031f0826f21b3e189edbf0cdab3e175698f97fc54 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d1a91ef2b47a87d3da142ddfb10291f3 |
| SHA1 | b41e388f61dc1a8b6403d4cf67300945675eb8c7 |
| SHA256 | 3611e3a738e02cc74f3fad5d67c867237a58c27d453efb0987657f8325daca83 |
| SHA512 | 4f504e91b1a163a77890d4a0ec04e6a6f1a1e86d453069f80f95ab39b885fc06c89f55ba2743938b14c3fa765ab5ad403c6d4149fd1e6b5c382fdce1ae581d07 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e4fc095431c3ccb5aa3eda93a33218d6 |
| SHA1 | 3827d7cf25949fe3d3665bca389ce27758fe9f63 |
| SHA256 | 1f4776996499cc00fe1234148d29e870f551deaee6264c8c31cfb6f55039eeb8 |
| SHA512 | 6211a1bc1e380c7847d107a01dd7c922fc512e0f4744858ca7af2dbfa538de57bfda696698fe94cf66a35805b2028b9892e11c3b53a82a1d2fe48b24aa7c8c05 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d01d953b0aa0c8d05bb7e0907e0c90d0 |
| SHA1 | 81e45e7fefe953ed32d0217c321ffde1d2099718 |
| SHA256 | a0e31f8bcb7399b4344c10cc1d0dd12d7a133bada26c183026000fe88a60fc45 |
| SHA512 | 94cc2a2e737dadf0d9166152066f88bcd59062bf949a7ed6a9ab74e0a0610ba92c9250cf7544af9978e64ad1835d350f61a4d6439622b339b57f241e99547bdf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c938a29f0f28e3754182c314693a1aaf |
| SHA1 | c0af172e659d4ebfdcb93d94cba6252181065d4f |
| SHA256 | d63f4ad1f9823038e8fb3d97e337000e13d400e105c4dceba2a949ce0567236b |
| SHA512 | 1521b17d9f5d87f18f79f7d834a5e05889e5e73eefaa07d0c045939e4f56de23d2d351a01e788e209ef871a66f020238480439a4a67fae7ba0c4ba50df0bb262 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\673IEUYT\3604799710-postmessagerelay[1].js
| MD5 | 40aaadf2a7451d276b940cddefb2d0ed |
| SHA1 | b2fc8129a4f5e5a0c8cb631218f40a4230444d9e |
| SHA256 | 4b515a19e688085b55f51f1eda7bc3e51404e8f59b64652e094994baf7be28f2 |
| SHA512 | 6f66544481257ff36cda85da81960a848ebcf86c2eb7bbe685c9b6a0e91bca9fc9879c4844315c90afd9158f1d54398f0f1d650d50204e77692e48b39a038d50 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\902LKC6A\rpc_shindig_random[1].js
| MD5 | 6a90a8e611705b6e5953757cc549ce8c |
| SHA1 | 3e7416db7afe4cfdf3980daba308df560b4bede6 |
| SHA256 | 51fdd911dc05b1208911b0123aed6b542e9d9f04c94d7504c63d89ca259ef679 |
| SHA512 | 583636571c015af525cddd5b8dc2ac9964aba5a7a9b0acd3908e4aeb4c2ee74cdfaabe49b0aa13d7b142748542426864e91e88e90d7f73bc647f0bfecb0ff7bd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 36718b303ad7b99b261a74c2b4ef43d9 |
| SHA1 | a5589d1f67b495b6ef8d424307c0ff088db9d2f0 |
| SHA256 | d525e0bfe4b13a50649bc43c0f0c9fd8971e696bbadcec1d969a5cbcac3be5d6 |
| SHA512 | 491b3aff276230cc94908b3936bb8272361a0c01bd9504f74cf5e279b9a0446d1e42d2d5c156303e64827920024bd1c5b87cf4505243fff255010d7274bff66c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9ea960547ced6e4fc66c8c82ca8dd307 |
| SHA1 | 3d6bff20cdc3e8126622fa7de931ce3b5a55c07e |
| SHA256 | 25c163fe88305e9ba01983238d3cfe1d1400490a70c90f680a950b997214cbed |
| SHA512 | 463fba88600720abe0c1d4ba10827e7efb357f6f56b54590ec654fbe2408f9db20eebaa4426fc88dcba77e7218104340268f95c049a4f298fb305bd5e31ee1a7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 743383d8c8639d850651d867d3803749 |
| SHA1 | 55299807908ac8dc636ef0c4b50e21380289425b |
| SHA256 | 2c193749b81a70f539cef5a99055adfd029dd58492b71992854db12cd09cb6cd |
| SHA512 | 52fac0711d882cb38ec91687524bf96d1e79517338142212df1c6d2c165160d362f42682deb32ed2a3e1dffe3b93297e345fce0d34d335adc196900683f11d11 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ebc2937b64c2d7edf4706f6dad710831 |
| SHA1 | 5f33eb609ec83ed4fb9d4505de08a0bfcf4d1aaf |
| SHA256 | 077b0bf8191078e52cf1cea0163c0c3e5ba147185c71e0ce2144d815f4882944 |
| SHA512 | 2769ef57ed071a9d80edf84c800aee4cd2b6f48c0db685c80295ca0e3d2f6559294acf13e7d6470d42c81a79790b307c14d6ad8c7a7673636ee99905e0463a08 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 209b070919f21edd1bc2ad1244f5a657 |
| SHA1 | 7c836b7abee1f092062412e58d836b22a407fafc |
| SHA256 | a551dc7e41bac50eeb3d578ec78157e4ae8d2dca938072508fbfa2972f644b53 |
| SHA512 | c0e66fa04aa344328bdd2450b54a5ede7a626246b80c0ef237c0d6a19145a7fad87f0345d86359864ba8098b686e4bbe15642e1f1ab54b8cf5a3272f747a2c80 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 28222c88012f77677f72c6a1f2c3e1c0 |
| SHA1 | 1ec73751b2e86884d971fc15e27aa57ef5facdc4 |
| SHA256 | 1dca9a1c2ab9c0274d0a606aa564272d4913cb4214eddb52bbecef73041862f0 |
| SHA512 | fccd23771986494373c34a042cdb26d68d87a0589fc14b88cfda1705aa530146e593aa5b993f1461a4834c41a5c470955903cf3a6a5282bde97b133448d407c0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dd4894661bc006f67d9aae2b8709318a |
| SHA1 | cd3e503f6f2bada3b752f3019a45319d5650e387 |
| SHA256 | 69e15ac35ed8c56939345a0f96bd5d74b02d3decc9f2d122bf59b969a85fdc40 |
| SHA512 | 304031a0f0e8c514169cf4437f7570a56d76300f7871911a2c31588972fb18a6984e11e8b3883392fc9a474ed9dae61d8e9de7f57de1972034262cc46db57ab0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0b18070daf29b3ad0f2150f01590c877 |
| SHA1 | 5731bb96725f6fa780ad4eb16e9be87bcaa90501 |
| SHA256 | 63bad8e620c270ba072bfc550fb14b7dbd4cb610c1ed4d811e141cf0c8777936 |
| SHA512 | a53156b0d29ae0ea0c74f456a6f3a3892eda34547526d7b604444febcd7cc8fcabf7db86fbb068796af08c0d4d089afafaaa41ec759ed84def8a87e83aef2c24 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | b1bd6da69c62b7208f0a61b80e366d0a |
| SHA1 | 848e22cb7a7c2bbe34244326384a5746c867efd6 |
| SHA256 | 1e5d23077125fbcba672159a032d87179063d0fea88b23d36ff5e7c2219eca9d |
| SHA512 | cd3a62583d4db0493ecf625945863a14ff2747435f4310898dc5d26d3c0601a55d2f37ff6d85681215fabbfbada41a9eb65c95a4b735c6ba371b5858a4f7a7c1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 42b4938e7485ffaec47ac78886a48c94 |
| SHA1 | e648d7b9804b3780e032a664772c3081a81a54bf |
| SHA256 | 0284c1bc676d2d895871fa74c7acdac2ce0b41608c4d59a39e6d91399605b88a |
| SHA512 | 74af05d9073e382a348a392e8569f1349072baf4599c12a32bd51a8664cd9b9999ebb5e2b256f8ae14a1368e4ea661a960f8d708c3e9ea225694ec0f9746f6eb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1c14f050535f117b62e79647fe1d4719 |
| SHA1 | 0da65c3d30c54dc4e515ba89062f04760c35d0c8 |
| SHA256 | 2c9bbd68222aa4f117553deb6ef974e225a89754e36bb4287fa37ce558375f60 |
| SHA512 | 0c543426d6f659026c54e9a839cc97575bf30baa31a1d1eaa729dd14a9d8fee68dec921797d54169b3cb9fb1eb272a734876147bbcb9e355f88e63467693b1df |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0300afef8937c668fd768832c1cd4f12 |
| SHA1 | a37b14d0750a0223151253fe73d5f3f1433f1448 |
| SHA256 | 2768916f3f7e2a773cce6a34dabf670404137e46ae851c7106a92ea33918ebf2 |
| SHA512 | 7a1de11e955580e241bc9fb9f589c2c255090d065fad9693b669820a5e131dd9a806e60e9b6785c192217138c8a68f80062df1644fbddbe5b2a3aab59da14230 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cee9febe5e5e938ae1de74da5377a1b4 |
| SHA1 | 7cbdb82fca4af176b42310be5b4e4e4de659d892 |
| SHA256 | 6034023f7ffa91ecece2b040f38448e8450e5e9a91d1a9181340f54e3396c058 |
| SHA512 | 8457bd27cd1a56f4aa81bfdf8a6b463fe861833f554649ceda9ab00a06b9abf911842e347d281bef77b9721b92f858a34d2207a2bbf48e81a5ed810c0772571a |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 15:51
Reported
2024-06-03 15:53
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
146s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\925559088be860d113356da6708736d7_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8c04046f8,0x7ff8c0404708,0x7ff8c0404718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,7918004218797268513,9132355202149733754,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,7918004218797268513,9132355202149733754,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,7918004218797268513,9132355202149733754,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7918004218797268513,9132355202149733754,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7918004218797268513,9132355202149733754,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7918004218797268513,9132355202149733754,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7918004218797268513,9132355202149733754,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7918004218797268513,9132355202149733754,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,7918004218797268513,9132355202149733754,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5852 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,7918004218797268513,9132355202149733754,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5852 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7918004218797268513,9132355202149733754,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7918004218797268513,9132355202149733754,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7918004218797268513,9132355202149733754,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7918004218797268513,9132355202149733754,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4624 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,7918004218797268513,9132355202149733754,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2740 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| PL | 93.184.220.66:445 | platform.twitter.com | tcp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | journal.cyberpartygal.com | udp |
| GB | 142.250.200.14:80 | apis.google.com | tcp |
| US | 198.187.31.93:80 | journal.cyberpartygal.com | tcp |
| US | 198.187.31.93:80 | journal.cyberpartygal.com | tcp |
| US | 198.187.31.93:80 | journal.cyberpartygal.com | tcp |
| US | 198.187.31.93:80 | journal.cyberpartygal.com | tcp |
| US | 198.187.31.93:80 | journal.cyberpartygal.com | tcp |
| US | 198.187.31.93:80 | journal.cyberpartygal.com | tcp |
| US | 8.8.8.8:53 | 76.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | platform.linkedin.com | udp |
| US | 8.8.8.8:53 | www.stumbleupon.com | udp |
| US | 152.199.22.144:80 | platform.linkedin.com | tcp |
| US | 76.76.21.22:80 | www.stumbleupon.com | tcp |
| US | 76.76.21.22:443 | www.stumbleupon.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| PL | 93.184.220.66:139 | platform.twitter.com | tcp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.31.187.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.21.76.76.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.22.199.152.in-addr.arpa | udp |
| NL | 23.63.101.153:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.101.63.23.in-addr.arpa | udp |
| NL | 23.62.61.129:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 129.61.62.23.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | udp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| GB | 216.58.201.110:80 | developers.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | tcp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| US | 8.8.8.8:53 | 35.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.27.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 439b5e04ca18c7fb02cf406e6eb24167 |
| SHA1 | e0c5bb6216903934726e3570b7d63295b9d28987 |
| SHA256 | 247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654 |
| SHA512 | d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2 |
\??\pipe\LOCAL\crashpad_4180_RGVJCURZWNCIQPBP
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a8e767fd33edd97d306efb6905f93252 |
| SHA1 | a6f80ace2b57599f64b0ae3c7381f34e9456f9d3 |
| SHA256 | c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb |
| SHA512 | 07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c5eb95fe86e59d122e838e896acef1c3 |
| SHA1 | f36655fb1e7eaa2e5e9efec38944b2e7398d3872 |
| SHA256 | 9b33f98fa88803cdeb48318a70fafa454403d80b9af8853373dbd86444096f11 |
| SHA512 | bce6b4fab61d33520e70537fe1de514ebbbd18b85354bb14a4a9b43db51422516016fe4b0302ed89726aa9c24c43eba27b7b9e7621fb844516a463a24e95a155 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 0a26e68887c188a614b225f875feefba |
| SHA1 | e17b41498b3b9168420a368177268a6a46bb8386 |
| SHA256 | 6f8b117b1ec7b59dabbf76aa9dd3c0f21ccba336a60c79fc6aed257dc5dea4da |
| SHA512 | be3c8d5e154bd73a73173bdc12173c63ef9c7d643fca4441d943c0623dd62c15d16da5d8ae88e245c5089b4086988ec7b367c1029849bb2461f6b93d578b5fb8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ec393d47f977caed68741d5da3b55a7f |
| SHA1 | 372a7f5c2403a815f5797bc25945580e6c75f43d |
| SHA256 | 17d459920c07945a262918b5636d712f2605d6c94eca4cc6bbf2f45024e4c4df |
| SHA512 | 19be93b633da8af13a6641a32e547b6e0bda1d3b720f0dbdd4ed25c7f6988991833a1c0409d80ff4529ff57f1d9c82ee90ae4bf94974fe334c9637f472f02d4b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b3093aa0534fe4620ee8ec73cb15ca59 |
| SHA1 | 8d15dadb58b5d8ec317c2ae15a79cdeb92a8bafa |
| SHA256 | f6c701b4b413c22b80734e06cc53865f143ce05d1948d6065af463455dfe0625 |
| SHA512 | fd5b2950823a6495c95c43c13be61c2d615d1c6e527f00a4707c61b1459067b638d32395cf322d2cc1ce8d335be0491b70915e81257cd252303a9d3cbfe1efa6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | b7e08c584d5202138364b0ca2b7644df |
| SHA1 | 3563a2cf5571d51c802309de9bd1cb35bf45b4d4 |
| SHA256 | 6e4464c866fc2823774971c90b0e0b63d8b69d3b8ed130bbe1d1371a083509a4 |
| SHA512 | 61013704214073d50212c88c5593f843cc26ff73b88eaf78a16df8b142b00a9d1dd1080c58def6b59007a2af0f434aab9e3627b1b0eca55b79f79b5f4dd89711 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57de5a.TMP
| MD5 | 984b014cda72e7a1b3030cdf065229ac |
| SHA1 | 8d6e4add11f44f9c28d9f426a38d837c407fb52a |
| SHA256 | 0bc5b565af67d27a14d6b9b60d496116e6ee761835b4314d70a752ea9cbb70f6 |
| SHA512 | 6dcead30c6209bdcf33e56dfeb76e830fc1a9d1d83b1e26b08f8de4a9825adfaf2a82f9f2c664bbebd6023a78494e8541b903da5329cc04c29a0e7249626209b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | bc9301801b680148f5d04688044206c6 |
| SHA1 | c1e42fd3a8660b01ce8db5c33c8eb51c1d90e287 |
| SHA256 | f7c31b942ad72995b5994533f99af11b4b6ed30fb564e125ad5e4e38b98ad863 |
| SHA512 | 7c9a37037c36be0cdb170adbd7f40a57171d7d51be86a3b4c96b9a6bc391df19f3616b6d06518cda5f81b84a712554a34c902f25921c8a6e58bf4952b1111b84 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 0d60b74bfec0aa9e849f4a00c64411ce |
| SHA1 | 50b747860e98fb4af86f92b84f37a2a59c0eb8e9 |
| SHA256 | 0ba209ac93df001e9cc41ca11665f0a378d9504b751a344952ed25645b20b321 |
| SHA512 | 08f75ef6fef34d32191f4e3a1830ba146149508febbe8c9a99cb024556203663f72ff7ae6c6b6bb52e7619b3d2dcb6a67e96e4ed33856b1e7c985d4ba3c451fe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e
| MD5 | e1c71f7c04be834f5587230db2ad24b3 |
| SHA1 | f3bab9cb99d9f343bf7ed3981aaa7450515d2424 |
| SHA256 | 9fb6c768068467b58cc773a3907f3f5ec170bfe02ca8f301f6a232a9daf5a899 |
| SHA512 | 205366b4a3ca0dae58722a19ba24088dd8db483db9d14b376434024b064715ade720347ff5de87db014e32d2ef8192e71bbbdd3c885d5a8581b4aafc6e88ce51 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 169bad67682a28dac9921b816ade847a |
| SHA1 | c0740b5d231d0fa523e85ca222cb5283b010dc23 |
| SHA256 | f559a76dadd60160c8628f75dcc82c7a57b0ea373b27ac65cc90c3d71341ba7c |
| SHA512 | 86bcfea6e24b40fea110881a9259bf8d33ed1dad23c8a8ed73fcc7cf8e57e60f2b340fc13b90355ba5a68fc4a31cc317e562e11b00e5e7f84656d8f5a626bdf2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | f1655fd3df669975eab95313ef320638 |
| SHA1 | 0ab48acf88490b167d73ca11ed1f09de88a4abab |
| SHA256 | 3ba1540e1ee96a39d171d732df53eba5f6d07be8b06c9d4a59b381ce801852c1 |
| SHA512 | 2408617431b4384f8d0ba891567ade7067aae1a246f4b568f995fc8bd2b1d81c7eb029f4d5b615e9a6a25b2fd01e60fb0ca81135332c08bb8f2e507782574908 |