Analysis Overview
SHA256
5fd9805939bbb6489efa2644d40d18e5f73904efb12a3dd3a73e64591fe87253
Threat Level: No (potentially) malicious behavior was detected
The file a2d24210d99f1907e2e61e5b330f0bdf_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Modifies Internet Explorer settings
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-12 22:59
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-12 22:59
Reported
2024-06-12 23:02
Platform
win7-20240611-en
Max time kernel
142s
Max time network
143s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424395038" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30832b431cbdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb8100000000020000000000106600000001000020000000cae6ca2db1544c88b4889d56d0119fa1fcce09a28b9100aac1c1963ee3f79bde000000000e8000000002000020000000f45c856246c503733641cd0a58d62fa2aded67b202417d336dae5e14a2e5eea920000000b82a157d38761ef755447320c868fd3b8874810cd579be76d0852446ba878632400000006f5c7fe6dc7529b112d329606c4e984fde50e59ca668156d4b6f841591a5e58f4327c85f83abff73e38f98e91cf5a8b67f8d5d26c92943b3558ae232279705ac | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb81000000000200000000001066000000010000200000001c300fcc1193aeaabb14a787392f0bb9254164b23fb73aae3c29a85f6e3cf015000000000e8000000002000020000000e92fae291dae64510a740ddb71e979fcdd14341d1de27e42c47b67ce06e673cc90000000ca16989ad56bb5868aada37f41cea43c8958ec0797cef5e2f6ee6e051d5f187edbe0ae7074fd4ed4a5aec2161d5cbbc2fbe5a6740c573d24937637d68e297aa1d444eb307ee47a8690480bd13331ffb2bfedd73763e4ec0ede9895589e9321c5584229bbc46d8c5aa39d803d53eb5a4848f46bafbd457e4f72074672cb72c06672bb0a600ec1ff0402a2306592e47f2e400000007e4b6861e6663f08cc0f8fe862dce73d8adc7b82929ea61ef0b2606398dc123f2a5d1bb27207a8fdf1afc2000a4d3bd4fd1399e9a74f960b0072f4ff50cd42fe | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6D2CDE41-290F-11EF-9586-DE271FC37611} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2648 wrote to memory of 3060 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2648 wrote to memory of 3060 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2648 wrote to memory of 3060 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2648 wrote to memory of 3060 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a2d24210d99f1907e2e61e5b330f0bdf_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2648 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | promo.propellerads.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | googledrive.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | coin-hive.com | udp |
| GB | 216.58.204.74:80 | fonts.googleapis.com | tcp |
| GB | 172.217.169.74:443 | ajax.googleapis.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 172.217.169.74:443 | ajax.googleapis.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 216.58.204.74:80 | fonts.googleapis.com | tcp |
| GB | 142.250.180.1:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.180.1:443 | 1.bp.blogspot.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.180.1:443 | 1.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 1.bp.blogspot.com | tcp |
| US | 172.67.214.70:443 | coin-hive.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| US | 172.67.214.70:443 | coin-hive.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| GB | 172.217.169.65:443 | googledrive.com | tcp |
| GB | 172.217.169.65:443 | googledrive.com | tcp |
| NL | 188.42.208.45:80 | promo.propellerads.com | tcp |
| NL | 188.42.208.45:80 | promo.propellerads.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| BE | 23.14.90.88:80 | apps.identrust.com | tcp |
| BE | 23.14.90.89:80 | apps.identrust.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| BE | 104.90.25.32:80 | x2.c.lencr.org | tcp |
| BE | 104.90.25.32:80 | x2.c.lencr.org | tcp |
| US | 8.8.8.8:53 | coinhive.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 104.21.57.186:443 | coinhive.com | tcp |
| US | 104.21.57.186:443 | coinhive.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | e56e8a78c63bf428e8186c359188db32 |
| SHA1 | 4b93123e24fd5fb6ae6cc24cd34f10edcad3c366 |
| SHA256 | 923d62615b366a5efb3ecb1eb53d50aa7639815b1d6418fd44f619d810709d59 |
| SHA512 | d4d2d26ba9ce9fa36de6f0c34ee296a557fe8ca8258a003fd8df3555f3448cb26e64ab01ed89fb7888e9cc0608d6502192052a1d52d6030f192f6096353c274e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 0f4dac1d8155de06ae46df941cbf9d71 |
| SHA1 | a43d24fd72d20d624c2848687a2fe95641323c44 |
| SHA256 | e8703f35063c21c790d6e30dbaf869826ba1158bb430f3e2b9270e402e009282 |
| SHA512 | b42f7559a8577297ff3ad839a0234f875269046041c5b9ec65c181eb5c0491f23d18225f624ab8cf1e1c64c03611c7a9b048fffb4ed88f0a079a7aadb7d35fc4 |
C:\Users\Admin\AppData\Local\Temp\CabA2E.tmp
| MD5 | 2d3dcf90f6c99f47e7593ea250c9e749 |
| SHA1 | 51be82be4a272669983313565b4940d4b1385237 |
| SHA256 | 8714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4 |
| SHA512 | 9c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | ac89a852c2aaa3d389b2d2dd312ad367 |
| SHA1 | 8f421dd6493c61dbda6b839e2debb7b50a20c930 |
| SHA256 | 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45 |
| SHA512 | c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | 478765bdcb6567486c653c58d9c9c44b |
| SHA1 | a6e54237118ae685b38d16f711ab1866722a7274 |
| SHA256 | 5f950be291cf5fd5c77f5c4e74cb514a90ac5ff28ea9cb1e213a02b61a6f5016 |
| SHA512 | c54917e1cfea1d392d07545afc2353944aadde56ffba21a73ee64a1b9ecff647ceca265c7b8e85a5f63b3b18cd9f7a73617c01aeb2211ea8995a4b02e6b166a5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DACC52A1882A05AED14688828CFAE295
| MD5 | dc3978b9ceca089598ec41f78e9228e3 |
| SHA1 | 33dc36b076f46f45b30d7c89c54d5424d718d613 |
| SHA256 | 50c9827b34cf62fb33c27c65f62024f97056ea5f40a44a8d47b849f67894cb15 |
| SHA512 | 6f0c85edf742e58711fc4a5f12f8690105ca7dc05bc79eb2ac6d45a33ce8f4d0c44c40d05ad4af981012b10533cdc8769aa066b99c18038c8e8a380b187ca6ef |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DACC52A1882A05AED14688828CFAE295
| MD5 | a4c3e4b3f212ccf9719236eaa8f728be |
| SHA1 | e017a18974a9969ca60ca2499ac54b464d91a2ef |
| SHA256 | 0641546fbe6a6bf201d918796cf5efa992632208053037f369a6173cc2afd39a |
| SHA512 | c4c229eec604f4022ab0d439eb8b95bbdbb554d809d4571745957f0da5dc740e4ecb13757273b9dcf9f431a5b1ca40d53a539e2ccfaadbf7c161dba6b8b2734f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d2135119869d3f6557ee1c347fefc005 |
| SHA1 | 0cb0def7bfd409394c37096ef107476b8d7532d6 |
| SHA256 | 019f05cc4ece6dbbd388b574dc3c53a2dddc77f0df2eb2f0480666c3d8bc938a |
| SHA512 | b63884b1a05ecc30480faafcff5b68af8fafb0fadb7023a0bef11e2685978a6df14b3b574085f7c61afb44997328f9b1445225c95cf4f37e184bab5143038a8b |
C:\Users\Admin\AppData\Local\Temp\TarB13.tmp
| MD5 | 7186ad693b8ad9444401bd9bcd2217c2 |
| SHA1 | 5c28ca10a650f6026b0df4737078fa4197f3bac1 |
| SHA256 | 9a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed |
| SHA512 | 135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R54TGSS0\platform_gapi.iframes.style.common[1].js
| MD5 | 682c26af19b240f98d2cb951721fa54d |
| SHA1 | 18e58b652c7f82a55ab4b1910693686049e25d62 |
| SHA256 | 96428f0f585a874c185d560538ad83ebfad0365d760fcf9fcefe80add9e3c980 |
| SHA512 | 078aeef086271b7f9cf0f6e3a1e7908d7e38465a1a7a4de6f2a785147e9130551a2995e80600824da9341d58e5425d4505518e90eea9ffe1c64f4f41825a9660 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FY3LN490\cb=gapi[1].js
| MD5 | f9255a0dec7524a9a3e867a9f878a68b |
| SHA1 | 813943e6af4a8592f48aeb0d2ab88ead8d3b8c8b |
| SHA256 | d9acfd91940f52506ac7caeffea927d5d1ce0b483471fa771a3d4d78d59fda0d |
| SHA512 | d013be6bfc6bcf6da8e08ed6ff4963f6c60389baa3a33d15db97d081d3239635f48111db65e580937eb1ea9dc3b7fc6b4aecb012daeee3bf99cfebf84748177e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a8d1cf13de05ab931b82ce9b36c4160d |
| SHA1 | 7c9da012f40c218cf660ecc936ed45a403526b97 |
| SHA256 | fc68c5aa2643e94f7542653252e1822187785106d215b13a87dd7541e35cfe07 |
| SHA512 | 427842687b7d8eb56a15ad339a669de8cacd477e20ba0efd0e83ced31f5876a91dbe1c48b9f6069072f9fad9a175b9a4387e711f4b957ec14659d65bd0a9a73d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 748d40cf456604924f27b564ba8fdf26 |
| SHA1 | 144cde9ced1e09811edb95c4ca8ca6834a05e0fb |
| SHA256 | 585e431df4f7be549e713c7957f07452157fd01c1262fc3b202e9fe683d1516a |
| SHA512 | e80ab353f65f0e5d034491e60b0e11a9393d740ddcaf700de87bec88ca7f1514feb99ed495bb8ef006c3fdd91a8e9ba9a60e76bc5445111df636c658ef608292 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0d126e3019fcc6bb957594caafaffc76 |
| SHA1 | 5fb4b9703f38c29c40074af85512c48398e0c95d |
| SHA256 | 8915110b76f34efc4ebd9f6f4857fcd6c058721c8cb695c81750ab88dbc36fd4 |
| SHA512 | 6b15fabe754cf844b5de23287e983ee993cf89630903fd54dd887f38bca445290fa9692e2382dc754fb12ddeb08dfff184c094691ea7c572b5882c517066292e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e2588ec18cd20c3ce44223ac0ea9178e |
| SHA1 | d6f635bf9475f1e9f3261ca06ad426cc12429716 |
| SHA256 | b8d31009a49f9964a19a7939595a4f1aaef9dbbc89fc6a015b1cece215a9b090 |
| SHA512 | ed0f86717eb5d39a945dda6578ffb618533a507dc9b7ad0c4f58436bcd04f9696d09934787b5fca8f75f00ca4a62b864b6b56f53dc7130170ca8c4d6885bfb25 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6ff93d23aecf6e441c18b629156dd131 |
| SHA1 | f3ec28ce2a0adfcb3895c3e191f598d3842a7ad4 |
| SHA256 | c904dc9f1a290000db546210888635d29b32166f84c1ebe6bffa084b6fe06506 |
| SHA512 | 34c89f8375001f8a50ae2a5297779132078a89891aa5c2658a199b1476c3acdc7129919517b7908d95d1d5319149b7b493f9cb1c8dbe3c36bd7c8c49c85c39ab |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0ca38c31d474708524f158af0a3b909f |
| SHA1 | 6c4db3aa1f086b770b081e9a179651896de3278d |
| SHA256 | 172599b0a73e2bcc8b917b937be93c5b7461e78d361c932ecc8075fb0b35da54 |
| SHA512 | cc74c2f63585c942fc14b0c1b85de94a61b7bde36e524c20c63869d2de90fe128951b0ba44017b6262366f6c13fec3c7df522ece22e94f45f443a53ab77bf2b4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8c6019d86b437aac48ad4b843820ddab |
| SHA1 | ac206e9cecee889865b6adf16b232fc709ab7bb8 |
| SHA256 | 67f19472fa1c4ece814d602760afac8c246ff6ef2694a2eb69f13c654d942075 |
| SHA512 | eec7bc645467270b12920b236299efe6dd8bf83666a83a056025b092a1db211933aa5cc01ac5bc8c8e83253152ac1716eea08d8608ca14fcbbe2a98dd927fdba |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cec9d1a8d07f10be38981fe8ba2c9714 |
| SHA1 | b8147e1fe406aa83ccad26b3d75c1ff9c2d3e086 |
| SHA256 | b89d34503664dd0d9e3568520d0acef4285360f43fac8f857b7e1a3fb818bb9f |
| SHA512 | 935100330ca9353f99ae9bd580a28455d92ed831247e32b9d6bf7307b6352e992b54dde0bcd370f4e9d7ca8c78a55493754c7ae9d1fd3db3a179a0d77dbc9d8c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3190bbb4340d17dd024fe3af51047da1 |
| SHA1 | 48a34b330fbb6655784ef7879761fb887066117a |
| SHA256 | 0bd1a120e1055cce333405f6e62c1a93d38774f383e0c29654ce85048ebe2f3a |
| SHA512 | 4a09357333e8ab04ca8ff11cd9e635488b6e5dcb428f9746cb4017618d2e0f3c2510455aaaabd9d59f93474e79f0cdfd6c996a7a823132e21e7226fc78520a95 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 18bbc38b3164da6336068e96ad45fd1c |
| SHA1 | e3c790c313d0ca57310a87da0bdfa51631bc08b4 |
| SHA256 | 496949dd1dbc36471ba50f85d1d88f6782e1a4208fefe3d2ca44cd768636dd62 |
| SHA512 | bdc836737ecd48675a12baf15ebe61f6824debc2d0fcd841eacf13d8223c3d3abc8a308689608a6553f019160765719133b5d6c289922554907eaf0576c90a9d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f694234e5ef2350d73e2421f7500afc5 |
| SHA1 | a0f47e28c7a49e620029c7f73abd813d0b7b8927 |
| SHA256 | c6854594d28c3a16bb27bece1a56a04518888dc839cb6ea41d1fa229c42697f2 |
| SHA512 | 17e8b0dfb7bc2216ac3f7db724e3646bf53b9e92d1d5895fe6b3bcda743617fccf68dc5510046c1a8e5094f9374a256bb409d284c73c245c9090215f10aead47 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6d8419ba631c61d557300df589504a77 |
| SHA1 | e0405be32c6966b5f527e38957baae32bee8275e |
| SHA256 | 3cf4e411e6daa55b7ab65f6ff1c66dde332572c184b7313bd28e02ff8074e46d |
| SHA512 | bec8ffe33d6de2104b25a5490cca5ba1aeed20c872ef53f5058d32b60f78819c7ed4fa6e6e5fc21d5003e39b971989d14fcbb749f5179f4d6dd48ca77603a87a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d160c97e97d7f9a2c8ef550747e642ca |
| SHA1 | 1cad826d6a6ef980602260c7e6b9fa74e2878506 |
| SHA256 | 730600fba1eca06bd603a0bc7e59e2aa411ce1c8f3625c69d9212f5b58c0a460 |
| SHA512 | 6638f60f9ec9e3fb03afe3b8850dd40d068146f5d7ddd8b7037f2386c5128c4feb9d311f32916b1eda1c328f5abcce504953ac3f0d5433b3e07f0e902ac25931 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4e6447fbcb37f89957d7dfa980dc487f |
| SHA1 | 1778ce6d95d314c4a0155a66e500ae55ede993dc |
| SHA256 | fb43f9589bb5b1e5562cdd0880617c52fa4180322fd8e4dbceac66f2bd9dd828 |
| SHA512 | 32430a1a99712b5d686684f98a39b1e550dc85d084a38de0927f1624e679f976011318bc537b3889b8e829a7e98565568d2b8f1ae194bfc653f39c9a0154b6b2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9db49c1cd2c04891aa2a2421698ba34d |
| SHA1 | b759fb86e12a0f86ff28539bde2589bce74f845e |
| SHA256 | d8e79b590cb7ac469124a0908390b9b2977fa54aa40ba74986d7d788e9d47a82 |
| SHA512 | ff3c64c5607fa34067c4170dfc04def013662aea1f4a827bb1edadd835792b00d32501a51e324690c0e2db25f05cbc32b4e3de614fa95817b9f26006fe2e1c37 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 89296af043329c902c99e36f97f0b3a0 |
| SHA1 | 5906285d9b2b4e026280038003ad10772f8b4a1b |
| SHA256 | 80d6d2a4ba58779cd69e1ff408d050f80acdcf46973837405f4af6b308b48d03 |
| SHA512 | 56b764998d2ff6b3dc3da4aebefd45af5d921521a54988ab1ea8ed95de2be7a92c14c96575348ef1321a41485597009571f6fe33b1661f5e19189be67ce1f5ca |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ce3b2b6aacaf03b037d2de88a62e6fb7 |
| SHA1 | 6132a444e7ccbb72342d120074b2077a49f619ce |
| SHA256 | 9ea1f8cdb0dc0f967ca2f08af13320ae1327498e445d87ba2e2fc5904cad0a52 |
| SHA512 | a887ad73e006e5560e135928af3166668a7415dbf9023a4360bd668dc267cb11fe886c624f5d1d423dd7c78289c3ae04228d9927b13e9042cb7872782ba65637 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c206dddf8d0b0f823c329ad0ba65cb13 |
| SHA1 | 8d9720bde4237b375ec3a159381904053f195538 |
| SHA256 | 27e27f3a3dcecf692284afa562a4cf2c5f418a657d5dde7b9763afcd11cf7a21 |
| SHA512 | 4fa57feaadab9a43834936c513d94578fead163949a8ac54348d6eae1b6c3a03ed7521dfa5c1be01f6fde082206f56cb41e37182694fd0f230e971f6493ed219 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4dcc8997d5dd991605969f1c0059a918 |
| SHA1 | 32cc9b500604c167cce19e505d3df4ee727b062e |
| SHA256 | d658eee77c133715efaf7fa8bd96aa5b52a9517ea2b6fc442e9c7c5cb9d5efe6 |
| SHA512 | 6724c70309d848b5b74e2f67702f53fefd1604b15ddc472a3fe7ecb6b7dfe6702cdd86148578e7cd39ab95ff1f507d6f666046330eeb365d675010578687138b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 53e88b6440735fdbe40aa76092cd5a18 |
| SHA1 | 1772333b2d0ff7c94a40db25ae937d641cf92c56 |
| SHA256 | 6631d1893d1811e16736189b4d579deea5ef3e379d79eeda0e4420f4b346087d |
| SHA512 | 5c8d5ec1c097f56a85d72bc390b903ab2654c05f1f1ed9497de5cb012394d3d29e5ebca74fbbb8e73b17298b3f20982443c3dbc159cc62f79dcef4bcdc53ec1f |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-12 22:59
Reported
2024-06-12 23:02
Platform
win10v2004-20240611-en
Max time kernel
144s
Max time network
139s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a2d24210d99f1907e2e61e5b330f0bdf_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff90e8746f8,0x7ff90e874708,0x7ff90e874718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,12258040867579762984,9482802931024487604,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2052 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2036,12258040867579762984,9482802931024487604,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2036,12258040867579762984,9482802931024487604,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,12258040867579762984,9482802931024487604,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,12258040867579762984,9482802931024487604,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,12258040867579762984,9482802931024487604,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,12258040867579762984,9482802931024487604,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4844 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,12258040867579762984,9482802931024487604,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2504 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,12258040867579762984,9482802931024487604,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2504 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,12258040867579762984,9482802931024487604,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,12258040867579762984,9482802931024487604,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,12258040867579762984,9482802931024487604,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,12258040867579762984,9482802931024487604,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=180 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | maxcdn.bootstrapcdn.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 104.18.11.207:445 | maxcdn.bootstrapcdn.com | tcp |
| GB | 216.58.204.74:80 | fonts.googleapis.com | tcp |
| GB | 142.250.178.10:443 | ajax.googleapis.com | tcp |
| GB | 142.250.178.9:443 | www.blogger.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 142.250.178.9:443 | www.blogger.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | googledrive.com | udp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| GB | 172.217.169.65:443 | googledrive.com | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | promo.propellerads.com | udp |
| GB | 142.250.180.1:443 | 3.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | 0.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| GB | 142.250.180.1:80 | 1.bp.blogspot.com | tcp |
| NL | 188.42.208.45:80 | promo.propellerads.com | tcp |
| GB | 142.250.180.1:80 | 1.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| BE | 2.17.196.177:443 | www.bing.com | tcp |
| US | 104.18.10.207:445 | maxcdn.bootstrapcdn.com | tcp |
| US | 8.8.8.8:53 | maxcdn.bootstrapcdn.com | udp |
| US | 104.18.11.207:139 | maxcdn.bootstrapcdn.com | tcp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.208.42.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 177.196.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | img1.blogblog.com | udp |
| GB | 142.250.178.9:445 | img1.blogblog.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | udp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 172.217.169.65:443 | googledrive.com | udp |
| GB | 142.250.180.1:80 | 1.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | 84.27.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | img1.blogblog.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.178.9:443 | img1.blogblog.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.178.9:139 | img1.blogblog.com | tcp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | resources.infolinks.com | udp |
| US | 172.66.42.247:445 | resources.infolinks.com | tcp |
| US | 172.66.41.9:445 | resources.infolinks.com | tcp |
| US | 8.8.8.8:53 | resources.infolinks.com | udp |
| US | 172.66.41.9:139 | resources.infolinks.com | tcp |
| US | 8.8.8.8:53 | go.oclasrv.com | udp |
| NL | 139.45.197.237:445 | go.oclasrv.com | tcp |
| US | 8.8.8.8:53 | go.oclasrv.com | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | www.danzyworld.com | udp |
| GB | 163.70.151.21:445 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| GB | 163.70.151.21:139 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| GB | 142.250.200.34:445 | pagead2.googlesyndication.com | tcp |
| GB | 216.58.201.98:139 | pagead2.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | www.danzyworld.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 3a09f853479af373691d131247040276 |
| SHA1 | 1b6f098e04da87e9cf2d3284943ec2144f36ac04 |
| SHA256 | a358de2c0eba30c70a56022c44a3775aa99ffa819cd7f42f7c45ac358b5e739f |
| SHA512 | 341cf0f363621ee02525cd398ae0d462319c6a80e05fd25d9aca44234c42a3071b51991d4cf102ac9d89561a1567cbe76dfeaad786a304bec33821ca77080016 |
\??\pipe\LOCAL\crashpad_2364_LRFVWTHICTIMHYAP
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | db9081c34e133c32d02f593df88f047a |
| SHA1 | a0da007c14fd0591091924edc44bee90456700c6 |
| SHA256 | c9cd202ebb55fe8dd3e5563948bab458e947d7ba33bc0f38c6b37ce5d0bd7c3e |
| SHA512 | 12f9809958b024571891fae646208a76f3823ae333716a5cec303e15c38281db042b7acf95bc6523b6328ac9c8644794d39a0e03d9db196f156a6ee1fb4f2744 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5e2e268a72fd38c82b688867ecd5475b |
| SHA1 | b739ce78536605ef4cccc7fde87704add81b6487 |
| SHA256 | 1e1621a805b3f959292ed96148aad1250e4b7b1784ddf91a75810e2619730ea7 |
| SHA512 | 8c0439269114a52fd7eb35680ccca1dc467b438a598eba57a6470d1c066f3cff40dbb47257d05c99e05d2b34caffaba26b4c3049fde7306860051771d7878b79 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | aacc2a7bfaf6909e7a2d95da2268e44b |
| SHA1 | 60001d0b04286392dfc2c237ca0735c8f456f384 |
| SHA256 | d123a327169c50021de9dc98dae05fa3f73630db60b52be7f04fdf4737ad0ebb |
| SHA512 | 6daca14c4f8d5b5908764c1984e95ea593115ef1808a0850479ff361e1940d18ac91a6cff383e19a9035a823a119369644e309c33029c611810123efd5547d49 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 25746368f843c23bc3e582980474f62b |
| SHA1 | 3dd6c5b2291120f22af7b14baf9c5bebceb7a0f2 |
| SHA256 | 44a2b43e828c802ecef8a87a24911f355efef3d96d665aa2d182e2439afb7841 |
| SHA512 | 8db330db1e4b8d49bf0f13c83cb8e181889279fb675315480e78d89c4691acd1d878f113d8b7d536c977ba0658c82758b60696a2cb18fcf1347a2bcd78c20190 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 1c0d91710ffeb77029ce19043a4b204d |
| SHA1 | 1e8e50ff04f63c49754e2ada5ca205371ebdd236 |
| SHA256 | 46dcbeab3a6e114c3bb07bef88ec7202b9dabb78c34cd29d10377113e78ec40f |
| SHA512 | eb75191857f68e0ebda5970861bbd94d18a7ef3974e010565e81c03745b17b3c4932a209fa7fc2083f4f6829232b7296b9c51890f957cd14505261eca7127cee |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 16ff8ef949d320d90a2a146d287157d8 |
| SHA1 | 3260bd14b425d6e89442087387ca24e0ec5fe943 |
| SHA256 | cd93660d078fea9d26e3112b8d1bb69eb39525c800d291957aa67633109ef917 |
| SHA512 | 003e51aedc46064eef868f570411b6313b09b28bd9c01b9a7051ed382ba4ccb36d5cc5d5bcf3271ab1d1e2c1d8c1fb3dd109fc6c667d04bd849e61b5c7c59295 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ab5c0a1c4166efb05a6a9a51661b69c5 |
| SHA1 | 60d69d1598dfce7e8b1b3a6e48c8dcbd44051812 |
| SHA256 | 710e9eae945d4628a6dc3fd86186654a459fd4cdf34733183f66c29f95e26a8e |
| SHA512 | f4e77c7a680b97ceafefd171f8973812f0357dc1101177fce71e382f49c856400fd28ae5f0ae12c120fb2bdcb4d786965959a5bfa52e83de919aa2013cb0bd42 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |