Analysis Overview
SHA256
bf95683cca52ccfad22859d9abdb059f1f78e33d2b0a9d30aef846352f35c66c
Threat Level: No (potentially) malicious behavior was detected
The file a11a4ac2075cfff6ebf10da0a5f24c59_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-12 15:09
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-12 15:09
Reported
2024-06-12 15:12
Platform
win7-20240220-en
Max time kernel
141s
Max time network
141s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C824D331-28CD-11EF-8A04-E6AC171B5DA5} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ebef047fbe7b284ab77e7a02d9a9f161000000000200000000001066000000010000200000001fa851268c99fdeccc123091941cd00728d38a6f6710dc3c9d4764cfeb9fe66e000000000e8000000002000020000000b43f4d4adee19fe398af75a21568b2702c2dee20e0fdbdab7a7d03bbe96bd88b200000007d27612440d62ce805c2d20b061e21ac1faddd9484a1781e39be5b1a1005cbed400000001b68aeabe100ede3060120c71da53a347ad126ec22860e52c50db820e4d1e20684de692272d3569ed739f9cb26b3ff53fd6e82af7eee73b5320e7738947a09f0 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ebef047fbe7b284ab77e7a02d9a9f16100000000020000000000106600000001000020000000757f9a41284e0e866e24668830ff1587f2c0dd42d51ae04db2be405789b86a5c000000000e800000000200002000000082555bb9319865bbec0a86b0df41e50c9afdc5661a4d298f2e8b751b3e43b31b90000000d16c0e3af5ba4a44e556e8fab29bb0628213874f82572c9b8f7dc28bca97e111480c6114763aa83cfb235557e49ffab14515bea1a17d4db0d873dae3967f287947e58906e71392f7621b59f82362b1354e2773e9e339fdca3ce3899c52e55b7876416d38596727ab8eff18d16b7503abf6c1a21933d6a8fc161e6630232f42d47f5d65ac2744bbbd72d86aad612bbe8b4000000096dc6c012cb37caccc42bbdbc99868c4ebeda01887c12ff25142dda87cf0dd8622f36e5c93dcee9ef08d3c401c910808067bf8f185f3cc8bb71fe4b45e50d873 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424366844" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 8035e19fdabcda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2360 wrote to memory of 2104 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2360 wrote to memory of 2104 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2360 wrote to memory of 2104 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2360 wrote to memory of 2104 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a11a4ac2075cfff6ebf10da0a5f24c59_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2360 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | yophim.googlecode.com | udp |
| US | 8.8.8.8:53 | opi.yahoo.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | nguyenhuytap.googlecode.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | helloximo-com.googlecode.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| NL | 142.250.102.82:80 | helloximo-com.googlecode.com | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| NL | 142.250.102.82:80 | helloximo-com.googlecode.com | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| NL | 142.250.102.82:443 | helloximo-com.googlecode.com | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| NL | 142.250.102.82:443 | helloximo-com.googlecode.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| NL | 142.250.102.82:80 | helloximo-com.googlecode.com | tcp |
| NL | 142.250.102.82:80 | helloximo-com.googlecode.com | tcp |
| US | 8.8.8.8:53 | www.megastar.vn | udp |
| US | 8.8.8.8:53 | traidatmuidotcom.appspot.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | cdn1.iconfinder.com | udp |
| GB | 142.250.200.52:80 | traidatmuidotcom.appspot.com | tcp |
| GB | 142.250.200.52:80 | traidatmuidotcom.appspot.com | tcp |
| US | 172.66.42.211:80 | cdn1.iconfinder.com | tcp |
| GB | 142.250.180.1:80 | 1.bp.blogspot.com | tcp |
| US | 172.66.42.211:80 | cdn1.iconfinder.com | tcp |
| GB | 142.250.180.1:80 | 1.bp.blogspot.com | tcp |
| US | 172.66.42.211:443 | cdn1.iconfinder.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| IE | 2.18.24.9:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| BE | 104.90.25.32:80 | x2.c.lencr.org | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 17334bdf95a36a06e3cd5c4bf4f428fc |
| SHA1 | 885e0a37176fee38b4d6ec09c38d1d5a0d9f1961 |
| SHA256 | c768aa03561655913d97fc95d03c6c74ea398886635bc7423c04623007fe326a |
| SHA512 | 4642228a4bc9b3e383ef226536569b0a1527c9d70e51c2d61113d354c6fc1029bd83205694c5fbce360f397c60a4fe86f18742e711b78d4beb0394b2ac68ad67 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 962debf6fda6f65f06a5df811f4a7407 |
| SHA1 | f6257069f9287554248fb2e067271b77ac9a7136 |
| SHA256 | d57f0a30d35d94a2697ba14ea6bb57f2ad52b4b612a8fa5f37ec31cf08e40e6a |
| SHA512 | 8bd8b1e5d0a3995ec7bbd1a69b01c0c97d9cb436d803ebc91f691d0a91cb3ba429edc588de9d33bf2d2dc5dc2a1ce27f572989f24cf378d58480bad856af0074 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | f428f13e23394c97ecf38bd66755f19a |
| SHA1 | 09544f8cdf480201b7fd4c6af97b2fe3662d0c7a |
| SHA256 | 57ad0806345ccaf3910258d23ef5e7a0750fecb9daa8dda44c45739b35d04b13 |
| SHA512 | bfd129396a421d93d5e3415d859f6067f51a2f708b914bd2fc656971945162def800d528c5cef39c9b67011065ffddbc80bc47cf93710a41b38257f9273bed97 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | ac89a852c2aaa3d389b2d2dd312ad367 |
| SHA1 | 8f421dd6493c61dbda6b839e2debb7b50a20c930 |
| SHA256 | 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45 |
| SHA512 | c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | ea9e3ef60737670e7c238af4ebf43823 |
| SHA1 | a128efbaa093e3de4b8d6bbdbb383c1209d271da |
| SHA256 | 250a6f76dc68c794cb78498648c9d8a951e48a61f46b3d0c45b76ba5dc06fb8b |
| SHA512 | f7340992636fc53cfccd920f25c062b99e4ee9379860cd79aa8d10cb9c52b6532dda77e5d7c1a17b342b39d33b66aabad23a640561b4edc11cc194a7088052e8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DACC52A1882A05AED14688828CFAE295
| MD5 | e41d2aa2ea9273328de6231b41ff037c |
| SHA1 | 7efbe3882d0af84260c48b5ab08399eae31f211f |
| SHA256 | a788b4d2c346430a00a3d2e8a518141954f2e429a401573091a789bafcb8d36a |
| SHA512 | 32080c6cd34bd95dc69e93f0fb3de30d688dbcdfb479582436b26b290a726bb872f00b33e167601a3997489ad5353a3ff98d96d8f50b2e56221fec2b64960ecf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DACC52A1882A05AED14688828CFAE295
| MD5 | a4c3e4b3f212ccf9719236eaa8f728be |
| SHA1 | e017a18974a9969ca60ca2499ac54b464d91a2ef |
| SHA256 | 0641546fbe6a6bf201d918796cf5efa992632208053037f369a6173cc2afd39a |
| SHA512 | c4c229eec604f4022ab0d439eb8b95bbdbb554d809d4571745957f0da5dc740e4ecb13757273b9dcf9f431a5b1ca40d53a539e2ccfaadbf7c161dba6b8b2734f |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYNL6UIN\plusone[1].js
| MD5 | 53e032294d7b74dc7c3e47b03a045d1a |
| SHA1 | f462da8a8f40b78d570a665668ba8d1a834960c2 |
| SHA256 | 8076b082eadf0cab4a8823dbd7628a0b44f174c17b3221221c0e31e7c60307a2 |
| SHA512 | fe263fe86aea2ba1b86d86305650cdeee45cd1f7b4339f9d4fb81db776b78abedccd0ae77262f45d579751daa26f81385354b3d126fdb5577036e9dd1db33276 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I819HQXH\cb=gapi[1].js
| MD5 | f9255a0dec7524a9a3e867a9f878a68b |
| SHA1 | 813943e6af4a8592f48aeb0d2ab88ead8d3b8c8b |
| SHA256 | d9acfd91940f52506ac7caeffea927d5d1ce0b483471fa771a3d4d78d59fda0d |
| SHA512 | d013be6bfc6bcf6da8e08ed6ff4963f6c60389baa3a33d15db97d081d3239635f48111db65e580937eb1ea9dc3b7fc6b4aecb012daeee3bf99cfebf84748177e |
C:\Users\Admin\AppData\Local\Temp\Cab1151.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Tar1164.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6eb7658fc3d7cb84af49acefd7063f16 |
| SHA1 | fc6ff17b9f104cc3144cf5313cf15d0e3dc7261f |
| SHA256 | ae605e7d22bd2d1db4924e3c635d9382cbfa11ec8285960a47bee8ade90e86e2 |
| SHA512 | 29d1c61409a04529525022df722c7f31ef7cb5544ea6aa368b5183707d7578f385669e8ec9ea9baa6c68caa9a2c11876bf3b2a04aed0745aa6f935c5fad9bee6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar1283.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ced143da568f37af4e00e766e68e498a |
| SHA1 | 3ba25ac0446000fc63a61a5ff0442dd3d3f7b658 |
| SHA256 | 6186ad1b89ac426353f602ce1c22fec47cebc0145b2416abd4ed7bdedd8e0468 |
| SHA512 | 901d36322b18a2ea26bc2d2ee96c9200ef8eb755b1d9bb88367631288172d6da408ae15ef5fae4f704ee787a109201769bca880fa5dc43d637643437dfda4c47 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 65b8a84efdea13bf1e78acc2820dbac9 |
| SHA1 | 48643206a588f7fb05746590a5d72acf90c0cc77 |
| SHA256 | 4f9f9980d851a8fa1a08f282a95e496c98fc5b8a0288955072b84f292aeea846 |
| SHA512 | 7b82a21b04da620ad665aeeefa01b9c48023a7f40aaa2f8d625ff04c0ad671264484884bda7dff5e58c49ee29ea3eb809770ed55a0f8e37cab9450f74674533c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ae87ded88857daa7a93d854481554095 |
| SHA1 | 7b8c9ceb6efc64e93d216f41eb33fdac9b0c9fd8 |
| SHA256 | e2309770a927b6957cb57d0e2f39fe4aebafd4c9d9826b5e6bc6207318245b13 |
| SHA512 | 7d08b749c30202c132eef0cbc8d1e55ff8ba5f0b2d6a85c3e9946b3d8665d4b48ac77b3aa36019aaaaa40becf0cc6201c74dcf7ac0501d498f142a0831ce911f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1b2039391e09c7939f362e281659eb07 |
| SHA1 | 71981c4527d43ee3fe4321ad9977e0fefd7be710 |
| SHA256 | ab9d74127b2737e71cb6e4a20ea2e940c63ffa83fc3a308b7235be246acb2bf2 |
| SHA512 | b1af96a9fd16684f926d0171d508f7130ef29eb10e6d91310d1bace1024856606dfc1245424fdd84b7d2a0f515acfb3f63a27478960a5dada09ff27c96375b2e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | da7a495abf8f2397bd716c7c12341c05 |
| SHA1 | 2819aa047d80d2e5968db7c280946c4128593c09 |
| SHA256 | 46ad393076f2066ea96d54d864185d6823387f72b2e3fbbd8a7aff58b4bdf642 |
| SHA512 | c1f00eb06db9e674d3e4386416e44d9cee87f50ca7c1fc7952766c24663724e9b69863a2ef622f13a8393fad989ed143fe727468b9243e5cfcb567c964f9fc0d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 94a8c479ee70c5a60efe7da18943eab9 |
| SHA1 | 3c29c23e79b3e214a4e379c5b0049e08c1b63309 |
| SHA256 | 8fab08bd980f08fe227992afc3f822245d83b4bc1e580657732fa12aa30e68f0 |
| SHA512 | 64b6d03fc643ab1a033c501483ec36d9eaed689174dbb901ec26645c0f86f1fd3bfcbd086cbd46ef137cc19b3f0fa5db484371d217b36c7338ed1cde67d4c06a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5970767005e19f3163555e4e5cfe9001 |
| SHA1 | a390333252849d4196ad49960f49052b0cdfc767 |
| SHA256 | e15ee653ac66e4dfb5c86b892c8075ccfd076e38505a2317cc744a2650303238 |
| SHA512 | 4c36e8bac467975b71f08f535a9473d79f3912f579644875bba8b657f18f1d3ac9a502600890bafc71b494424c3841e8f62eff55e580e82775fcf802e7562e71 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1c119e6a7b2ce267f30a66759279b3f9 |
| SHA1 | ff1057d3b8a01dbd26dedcc85884fc59e9ae5c4b |
| SHA256 | 55e4015cb4b1b90a13cf1f9d9526caba50540afbd4de439504041705fae1f7a4 |
| SHA512 | 730fe765d71e39606ec0cfcaa7b4d0901908da84a4ec0c9f8ad7f7c96434b306a6cc7ba88f56ef844909da55fa7a695683972b6aa7a2d7db9665d96c64e13a59 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fa1beb7cdb12f91bdb177d263c2288e6 |
| SHA1 | 8c770c7a7335ef426c306ce6da49d7e4c01f9428 |
| SHA256 | ca52ff8ea0381371b820fc1b2081da815dbb207bf7bc9ca39ebf2d67d8b40ec8 |
| SHA512 | 655fd8b1428d2fd2c7f20748aec118bc08f8f2e443175852ee752bb795e6a442d1ffefaeb8649fe19296b4d21cd79b2fc0bdebaf625562b996e0892843ec6bd0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b072524b8a2ae1b975ac8fd8d65e4b0c |
| SHA1 | 23015800b8b0c5a01d7ec12e2d653eb0c81412a3 |
| SHA256 | c70eda6f88901181bf83313690e8657a77078248e2fa6abae644bf17b872dab8 |
| SHA512 | d704ee51f2ec76d062377d939b1a09471c164614883ec5274714e2b37e6f0f225807a9ce0193fe0ff5228c80f7e8d23eeac4e358b02858028a7ff2e02c1999aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e12e14569d47e374f23eb79ba9c7013a |
| SHA1 | 07a3d0e9c3dc2add6125720642ee5bb1b6245bf8 |
| SHA256 | 0cd576f1a9fb18d7d8ccc139edd557238e57bb73fed95fd375c7c0130f03f095 |
| SHA512 | e97c261d397e76bd0a4bcb6dfeae34aee676b476e315d3982d910e00c1dfe0fc30057b14b831d26a43daf7cdd5f824278fed6b0e027c076c71a179020c5879b6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a7ae9dfa977534c1b3a117a16ea38dff |
| SHA1 | 76df697dbca7661ebae6ce930c31a8e42d1a1ccc |
| SHA256 | 6c4fb35ff36bf3c84819227e245c900025cdbe4b3e8d303506454f9e53fabda0 |
| SHA512 | 85f97bba1fade1427a450503cd07703f7f0213727d57121ef7d81972c2ff555f6558b75d92d3ae1f3435b6ab2000f207f3e148ccf9518b9426d51e042c5349b0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f19df1b643af389d621900d50fdb49dd |
| SHA1 | 8bcb5abafcb6773daae3ef690e5507975a4660e3 |
| SHA256 | 9b28d6c4c898e07bacefa242d5c82767247ed70085587957ccabe28e5dcb7acc |
| SHA512 | a0292ba84164d9fb71e18c9c4bdd1e2278522fb17206ac2be3655546427e73b3316bd448b6024d44559df8db5b7b8ea8d59920a17ac8e0ea78f17f3b20371bf8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b1a284382b078e276c909d520eec7ed3 |
| SHA1 | 2198bd35a0f6338d4bbbe50053e3ebd473a307d4 |
| SHA256 | 3d41c956f82604a89182eb98847e21bea8a4ec9df2b25e265332c25968025098 |
| SHA512 | 92419e81df53c587560814f61b0da3374dbf0c75bf40ea04147428c25dcde527e9d620d28ee6c22e36c10e2d229c64f72610da1c373a04762d203ea583cc3096 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | b53b65b3aa4225456b8d679077666d28 |
| SHA1 | 0a965f5cf0dcf48ce3495aac48dd2f4e51df80c3 |
| SHA256 | e8d9701312af01ae5416abda7190cf4d3218a1d6bb6b13740706a56c36b815c9 |
| SHA512 | 22ec5c91d0526efe2cfd8b66e705ffb79c6967b9e50411eeeba6744dcaf5a554ae3e4a223fa11d215480802b50f22d0826d8243d671faa7ce85a2618847172b8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f713e05aafddfe91edab28a2bd547315 |
| SHA1 | 1bf4e349816d23c77528e05f0fa5e961a8799663 |
| SHA256 | 3f07b91a4444ad8fc33f14431ad7b93ca894da210853851a9c38ad181c528a4d |
| SHA512 | 1b2e88783bc26fb1fa17a770f67b2de74897025c96c6d4f8f5e25e16ed67acc75bdeb83081da3582e3945d19fb489b0458c472dbeda34799d4efbadc2550edf5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6bef02283f9182dbc3338b431a079986 |
| SHA1 | 610eb089312ca949b8bf7b86df5800a6b6122304 |
| SHA256 | a85584c1ddd04bcdeae0bc2732f948ccab661bff9c8683abc8d759bce90b4c03 |
| SHA512 | da138a3125dc6893d0b3fcc3c9374e61d0d41587762eddc5f9390ec0521edfe8a2362c751fcc07957ade980c066494acc8d6a243b47ba40931aaa93fda28c7a0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8ce844d9762686b27eb08513d128b968 |
| SHA1 | 089b00fc0f304831d0825af1161fe92aec554ba4 |
| SHA256 | fa8e0e71d9adbb28a9ac590271d0396b0dea7d1d67d8370ac60373ea20434a02 |
| SHA512 | 538b7da3ce706b76a596c5081f4116714dbbcd5a5ff3038ea3398a2439012c14f626c104ca867d1d14250ec2d3d3e3a4d53fe53693806bbf8b68e9179482684a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4361df6547e4c89de702b3d41af0a213 |
| SHA1 | 2fdbf3627df475763593bdeedec242943e94e90d |
| SHA256 | 1bcf64f58552c873717553418ccc508bd333b84a79dccf3e4a087e8f1495a9b1 |
| SHA512 | c15898d768b503c60e654025823f68a5cd5a5596760432546619c489cd56e4608330d200230374fd2988d989ad4aa968d5873d5f934220782247da919fd8fde7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 16135925394c9bcac89abc217d5e5ba6 |
| SHA1 | f329f5261e6a332b88b5fbe5963ab3c2adcbdf9d |
| SHA256 | c250412229f4a10b7935b08249340379e99d33fa86f0c8286d40ca6b6aa23b9c |
| SHA512 | f46eb6a5ad2d3def63c8d6456ae58fd7b3f31e7e42f768fa01cf1c7b1f711d60dd701bc56ba92fd6555456e685193bbcffa69e0f7ec6503203f51a4bac6ca89e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 08609508cf4f49cf90a3dbbfdd405ff2 |
| SHA1 | 737cf7d98d4074b5459640ee4076106c17c2c064 |
| SHA256 | 72a81ed6eb258650663739bb8161e09c8566f8e25d8a9b70ff0151670a4de514 |
| SHA512 | 0c93337829dacd806cc4e406e81534461e31fde8f841bbb04b3a5d5b5421004adabc90a0838f47d0c1c71c58b8db696afec80dd0d3df14ff9d98239f32bd6a6a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 76d9cfccfddc53574c7291b47e024fef |
| SHA1 | fa594e10194ea05ebc5cfb32caec208817c9f7d9 |
| SHA256 | e0bc5cf9acb47c1b838cbfc9947db2c999abc763c1e4b1cb6dedcf798e50b9d4 |
| SHA512 | 183728da2337cbfd7e3d5d53063aaeb0712d123deb9d4c87c3aefeab2da7fb8410023c4812b381771a298133325a48e26dbf8c6e7eb84092a29c4dfcc4f1dba3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2a7ee0a409a61d8fa77d3fb8b9d22343 |
| SHA1 | 29b7e9718a289755cb11dc5a20c0db886db82475 |
| SHA256 | d0ac6b029d5b00eaad442b57ac47443c6960dc4d9c7935b2b42e7e8c6dddfb62 |
| SHA512 | 5e9bddcaca543aaef3bca88b00aa7c02a438ea5aadbd1cbb0d77453f33b0c0938476df780d7cb706962deadf340a1fd090a5c8587e7b6d92fa3c7f228e8cd6db |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b24824e547308c80bf8776fb930a3bfd |
| SHA1 | 84d78f7cf659c3daa18083d22d13a56aac5c49bc |
| SHA256 | 75aaf5773cbc58f5abda8fca39cfab04da4449a51d3aa5ea62fdce0ae4710212 |
| SHA512 | 5683a40a1e1aec855c4c9bddcb0f90d0a4d8fa170d40a8b7d911fca06505ed53b597467b3fd422a7818282fc1679e308bfb7be0a42e46fdf514e944d93758a78 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7c644c5c5bc3ab6e4f8d5df75f785a5e |
| SHA1 | 9cab27f9164a4f3cf2ceaf30477d86a4f4ec27b1 |
| SHA256 | b9c88fa5c64773fa80981f14ed84bee334d46a956f5f45279b5acd99900f99c6 |
| SHA512 | 5727b115cb09767e08671b5ad323796b8c4773295e459518d97d34b0b0747aac2d661efcfc4953935515fc3add097a2f550eadf5d855f09d5f4541906e2ef6f1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4cf8126e44253f9c77c8aafe574fe77a |
| SHA1 | 5e18c2e8d73b7028fd0e187c332bcd0bf6f4f9f0 |
| SHA256 | a867e212c81f01c9ab877b5ca39280210d1fde5815a41f02b24f78bbeea2a626 |
| SHA512 | eaa849104805e33163796df2bba2fc666f477c04733842397e1d5636f3b61bc25a57504fd060229311bf153ad2f2ed098cbc3fde69995e7c069dc5e21f0f37d5 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-12 15:09
Reported
2024-06-12 15:12
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
124s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a11a4ac2075cfff6ebf10da0a5f24c59_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdbd8946f8,0x7ffdbd894708,0x7ffdbd894718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,15817032634666311728,7897175577807080386,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,15817032634666311728,7897175577807080386,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,15817032634666311728,7897175577807080386,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2944 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15817032634666311728,7897175577807080386,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15817032634666311728,7897175577807080386,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,15817032634666311728,7897175577807080386,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4652 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,15817032634666311728,7897175577807080386,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4652 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15817032634666311728,7897175577807080386,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4892 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15817032634666311728,7897175577807080386,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4820 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15817032634666311728,7897175577807080386,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15817032634666311728,7897175577807080386,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,15817032634666311728,7897175577807080386,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5360 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | nguyenhuytap.googlecode.com | udp |
| US | 8.8.8.8:53 | yophim.googlecode.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | helloximo-com.googlecode.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | opi.yahoo.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | www.megastar.vn | udp |
| US | 8.8.8.8:53 | traidatmuidotcom.appspot.com | udp |
| US | 8.8.8.8:53 | cdn1.iconfinder.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4158365912175436289496136e7912c2 |
| SHA1 | 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59 |
| SHA256 | 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1 |
| SHA512 | 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b |
\??\pipe\LOCAL\crashpad_376_YRICFQHTYXKHUPON
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ce4c898f8fc7601e2fbc252fdadb5115 |
| SHA1 | 01bf06badc5da353e539c7c07527d30dccc55a91 |
| SHA256 | bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa |
| SHA512 | 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | fb1f93572d45d21fb409ddda6901b28a |
| SHA1 | f6b6706d6b620cc6ef091592c76f39147c893591 |
| SHA256 | efee6a380822ccb452f31544a0fe766a792eb96d6739164450b23b5dda229f95 |
| SHA512 | 6fdbbdcd72b7cb05efd7161f8b06751be09732fad25f0e34f918c4b7e7f612ee3c507c630cd695e27ebd9449567843b6212c5e6342cc384b50ac75db37690ab1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 8f3bb00f97bf8ee2ed0551e626c48ace |
| SHA1 | 79dba0ba9c55ab50b870240a7d08dea0c8e34b07 |
| SHA256 | 5167e8ad77891b983d780a82be6919192369fc713f34ca2fc288b15dee5fdede |
| SHA512 | a78d4529ec7d76e5151a9f8af976611919a10ad8de69e34ab467f1e5c7309f64af3966d2b7a76a10f93074e82639237b9def5c3d48034c34773a4cb6f4e6ccdd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 00f17b59e1c4eaf2e27804788363792f |
| SHA1 | 9b668fd46e1c822a2957fe3dec846cacbe47e19c |
| SHA256 | da4e2c995c6916abd609fea1753f9669d64d7cf3ea20fbdde9353a78d22003cf |
| SHA512 | 42fd43e716b2372423c8ec6dad11573fb30c87eec2eb26db23e480609de3b3f25d673406f426b6132e448065d24876fcdff7609f4c0dea03cb488c88cf976dfc |