Analysis Overview
SHA256
50dfea6f5d16dfeb39958a9d7e1e70c50015db278b805d9e597b984a9f0da0b6
Threat Level: No (potentially) malicious behavior was detected
The file a1d42859a8dc074bb61f5b68bb1588d7_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-12 18:49
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-12 18:49
Reported
2024-06-12 18:52
Platform
win7-20240611-en
Max time kernel
143s
Max time network
144s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e020eb5df9bcda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8821DC01-28EC-11EF-BF32-6ACBDECABE1A} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424380051" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a03905000000000200000000001066000000010000200000004c2ff90051fa5f91df7b488f949f50a08b3666083c0042a1de0472539c50990f000000000e80000000020000200000006978f8dc681475439603d5e09296208b72831235e23f2d9942e56e2ac50479eb200000002a9a3783e6461e0f7065d32e310e8984c34acf99049b1e1eeff1337cf38a666040000000dcb2379409bb1502a0f3020ff1ab87917c91648fe44be9f15d120e04fdc150a23a5086ab829553b5228eb922faecbf4408bed4ef0dab868aeb8ed744e3d1a341 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a0390500000000020000000000106600000001000020000000363954385920d3e150ab84d61419ce1f3a70166e0007ec1a6aec1e0fe7ba5e4a000000000e80000000020000200000000c69bffe58e2ba3b4754c9f5609dc7316a412c4b085728e74a946990d883152190000000574c45fa8e738a7e6d1e4d84f5d8e1f9ba963aa69fef799edcb1a3258674186e209551b80ea05553c3f233566b9d2b03247d1d39bd35cda6c014270339e6c5d60f689ea7705f3a1ccedf7cdba246656638c8b6fcabcad65250f166f5dbf49dc832a00f4133d557347fa7b176d3b6098008b0df5c7a493687e012bbf21fb2015b9c13bdb80854ff98f203f5c8107a729a400000001dc57a8463aba2b062378d58de3d20a7319b4755b5405bdba443f85266b5f4aaaf3d14547ad92d040df8ea54ae6b0a4dc12c8b6af8fb6059efc146522e4d2db9 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1960 wrote to memory of 2232 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1960 wrote to memory of 2232 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1960 wrote to memory of 2232 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1960 wrote to memory of 2232 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a1d42859a8dc074bb61f5b68bb1588d7_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1960 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | www.onlineleaf.com | udp |
| US | 8.8.8.8:53 | yourjavascript.com | udp |
| US | 8.8.8.8:53 | cuerosb.googlecode.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | amronbadriza.googlecode.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | img2.blogblog.com | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | i968.photobucket.com | udp |
| US | 8.8.8.8:53 | fbcdn-sphotos-b-a.akamaihd.net | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| US | 13.248.169.48:80 | yourjavascript.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 172.217.169.10:80 | ajax.googleapis.com | tcp |
| GB | 172.217.169.10:80 | ajax.googleapis.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| US | 13.248.169.48:80 | yourjavascript.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| US | 172.67.218.122:80 | www.onlineleaf.com | tcp |
| US | 172.67.218.122:80 | www.onlineleaf.com | tcp |
| GB | 163.70.151.21:80 | connect.facebook.net | tcp |
| GB | 163.70.151.21:80 | connect.facebook.net | tcp |
| NL | 142.250.102.82:80 | amronbadriza.googlecode.com | tcp |
| NL | 142.250.102.82:80 | amronbadriza.googlecode.com | tcp |
| GB | 172.217.16.238:443 | apis.google.com | tcp |
| GB | 172.217.16.238:443 | apis.google.com | tcp |
| NL | 142.250.102.82:80 | amronbadriza.googlecode.com | tcp |
| NL | 142.250.102.82:80 | amronbadriza.googlecode.com | tcp |
| GB | 142.250.178.9:80 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:80 | resources.blogblog.com | tcp |
| GB | 216.58.204.74:80 | fonts.googleapis.com | tcp |
| GB | 216.58.204.74:80 | fonts.googleapis.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| US | 3.165.113.116:80 | i968.photobucket.com | tcp |
| US | 3.165.113.116:80 | i968.photobucket.com | tcp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| US | 172.67.218.122:443 | www.onlineleaf.com | tcp |
| US | 3.165.113.116:443 | i968.photobucket.com | tcp |
| US | 8.8.8.8:53 | widgets.amung.us | udp |
| US | 104.22.74.171:80 | widgets.amung.us | tcp |
| US | 104.22.74.171:80 | widgets.amung.us | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| US | 8.8.8.8:53 | ad.a-ads.com | udp |
| DE | 148.251.13.139:443 | ad.a-ads.com | tcp |
| DE | 148.251.13.139:443 | ad.a-ads.com | tcp |
| US | 8.8.8.8:53 | icons.iconarchive.com | udp |
| US | 104.21.235.214:80 | icons.iconarchive.com | tcp |
| US | 104.21.235.214:80 | icons.iconarchive.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 157.240.214.35:443 | www.facebook.com | tcp |
| GB | 157.240.214.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | scontent.xx.fbcdn.net | udp |
| GB | 163.70.151.21:443 | scontent.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | scontent.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | scontent.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | scontent.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | scontent.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | scontent.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | scontent.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | scontent.xx.fbcdn.net | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | dc3060d6ae054df2becb389029fdf895 |
| SHA1 | aa36e4752c6cea36a13794c3a7c3a588807a1a6f |
| SHA256 | 56127649cbf38987b74d86a3f80235aad544a556750cbfde7ad2981565c8f059 |
| SHA512 | cd5b7d43a9beb351f1d3377c84b792a3d321cd0f3a7fe33e3ce8875653f2b8783433386e961ca264f74866cc29b0146028d526f2bbf34026753747a944c48fc8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 660b6e28b38ebe7e521064e60113fffc |
| SHA1 | f2c25e9f931876bf6834191ec5b409f47f869129 |
| SHA256 | 3e203426c4aa1403e940966905320c612ce4006cc87e03eb64058eaf6d402433 |
| SHA512 | 96868e652d5e0c25b4d0f0ada20d345115f0c6fda26d3cab724c0c1867386d2dcedc408c51f776b7e019ce2e22755017d99bf663cdd9fd0d88b26182c6434bcc |
C:\Users\Admin\AppData\Local\Temp\Cab19E9.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar1A0B.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | ac89a852c2aaa3d389b2d2dd312ad367 |
| SHA1 | 8f421dd6493c61dbda6b839e2debb7b50a20c930 |
| SHA256 | 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45 |
| SHA512 | c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | 40d627d9e26f854a7c207764678289f7 |
| SHA1 | 909aa8e3544958bcdfdcc6a69ed8eaae0eb45528 |
| SHA256 | a06e5a06495cdaa26686a33bfe572e4c440234694b6619be042313a4ef9ec3b5 |
| SHA512 | 0b7499cb49dc6d759f13b9511c79059a6d0bf2c1ea3f4a08b463f7270a83ab2c1308b0433c6ce8a395d43d370db5c0967f83b15f57ba60351a52af584bd78cde |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | db2f7324c71cf203bf2b9c61cdf520b5 |
| SHA1 | 6eddc96c4526e527569141d26581bee683a8e535 |
| SHA256 | b6e88088a04faad7e9ca3db183228cc1ad40ae0bdc31652445286a662261317c |
| SHA512 | a078c0276ed23ed403ce3ef7cb43dd1a54ebeb0fb19d846727938bd99bf2086e7e8a27870f5d58fce759953dfd0b1d2b121c5e14db0c7e26485aa489015f5ce0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DACC52A1882A05AED14688828CFAE295
| MD5 | 06ae58083ea6eba576dda730e0f0d3e8 |
| SHA1 | d3d7fcdde70e85e644cbe26643b4530a7e6c5290 |
| SHA256 | 455def4698ca0aa0fd3ccb21101c365a927998fd18466178a9c0542a0b509eec |
| SHA512 | bc2cd99a6f95c40afdce4336bb9ddff6c828e44fe825fcffb705bfbe09150519a4a1389b15dbefe40c89ca0fd9b500a704e69eee530b049a974bfa4081c71dee |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DACC52A1882A05AED14688828CFAE295
| MD5 | a4c3e4b3f212ccf9719236eaa8f728be |
| SHA1 | e017a18974a9969ca60ca2499ac54b464d91a2ef |
| SHA256 | 0641546fbe6a6bf201d918796cf5efa992632208053037f369a6173cc2afd39a |
| SHA512 | c4c229eec604f4022ab0d439eb8b95bbdbb554d809d4571745957f0da5dc740e4ecb13757273b9dcf9f431a5b1ca40d53a539e2ccfaadbf7c161dba6b8b2734f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 689fdc76624e8ab3045357dfafd68bed |
| SHA1 | caf72e38c3d10379dfcf587e991580d823005023 |
| SHA256 | 2c5eb2ec96a99959b8f19bb6740fb1a09b4ccfee0cf6bb0aa9c16971dbd07303 |
| SHA512 | 325578779abfb01f2d5e9bc1b787eb3e48388a61e760e83c5aaa8f97ebaf4c69d1d04f763347b6e21a768fa97601704c9d543f76f90b7e1fa1abb608150dfc44 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 60d770a2b509c9479244f3af5b40c63d |
| SHA1 | c2b9354fcc0b3bfaf14de1508690d0b1caa864e9 |
| SHA256 | 91896ad61d41644707d9a7402eac443d24dca4cf973eaa0900cea2f2ae526da2 |
| SHA512 | 7bd43c530ff33b316d7ddc85fc161bfea57cf4771c5fe918f06d9b61dd862241dc2a507c6ed8744f431fa88a0aa8ca3ddd25ef1c5e6336ca5da96c5ddda61092 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | add5b7e3e68a53f8efcfed8f7ff438db |
| SHA1 | 456658e56daf06958424186a2126e3787ca9a390 |
| SHA256 | 5e3298735a9184af0e751fc856f2ec05aa71e985260f010957a796b8460632f0 |
| SHA512 | 62d543355438f3dab32f98a110ca9c59fce97de302c658b7d58c663ff7cdb8c1569d6e8a01d3a19ecb0d8a94eb5b3ae9315bd937e66a60a9e28ea8c8dc1a688c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 861e827c56e9d5fe52f862a2c411a050 |
| SHA1 | a8c67f6c29fd8466d1ab092db12cc55b8d33c7d5 |
| SHA256 | 7fb80d3bfc1b22df3ee99569977aa26e5c419d2855cb3fcda33059efdaa533b9 |
| SHA512 | 39f30f4c050f2eab773bcc42747fdb980f6007759a8165e992c41ad49617c0bf3111f24cef915377ed8b7d907f2f3f37b9b17b39fd5c462df44a9a621ff9a779 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 05c380bacf6317955a9c65c9b04ccbf4 |
| SHA1 | ebdb45ff1cfa50d2d7067935d921959d80ded84d |
| SHA256 | 676a8e36645edb2aac09d74edab6f85b071e518ff35fbf6f77972120c638e620 |
| SHA512 | e16ede03624b9a5a538d310c8cc37b15ae61304e6b18931a84ab459ea06233068e0bcefb609b874ac5234dd0592e5c5eb42d0d1c354c9e501c4a26e8eb513238 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 19786fe1baa305561d1297562a0f8f59 |
| SHA1 | 07a8e94612d66bfd3e6a521c5d9e78b009600a91 |
| SHA256 | 37508726f54f30c5ae942cb9b922c0850106353bc0a9315849e664aa832d0cb6 |
| SHA512 | 30205838b4f43991d09e5aef6f560e9c94d485c4dd7e76199a894d0dd17c291d879002b7e296ed7359c589405c42175762ce13f4dfa70f7af09c519dcc7e7a55 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f785c522dbb9540ddeb7958a6e35f270 |
| SHA1 | 6c2ba1dea61d1d82174e8d4f04784212b29cefef |
| SHA256 | ec3871ef2b226bf1f66813e5a2f9f375f0c1c94c6260b76892c19f66713a802c |
| SHA512 | 77f02e2c6510b94827d415e2bd97cf17db5ce04af8e453b2de94d6cdd6ba2136cd1308948d0629e298affae2b8348ecc210ace87864e2e5c0af01ffeb2366299 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 34f7bf45f3655bc241869399b0cb4477 |
| SHA1 | 4c2722e61c97486e9d5c349340de351336318a62 |
| SHA256 | 565f03bff52a2d39cf7279edd7cc4175f277850e8d552e8b73791b28b291e765 |
| SHA512 | b2042223c3ababff5d4c1dde837d0a0fffbf9e3d7e6353b37aa980b18c8bfd5767ae2eb58183ae5fbf2e06a9684e8caefabd6059d93e8334c918149e7bb6f41b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d9ee6e6982170a6ac5e1e8de3b8f2bcc |
| SHA1 | 0e44f2a63298a786ca991b6e6bf7ff009b742bfe |
| SHA256 | e33ee50e664593d3ae9b77a6a3fd9fdd463fb486e83527928d08d7962dfefd5d |
| SHA512 | 9bf5272137b2f50524dd9e6b7c6e9a366824fa6be1dac4aa0a6011e5ed4b0a3e2ba00eb85015a99437c2361b9da5bee7abd9220c686525fe967f2d456db127a3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 048072217cbfedeb39ba1963f058fe35 |
| SHA1 | cde36f5c928a306787ed1aec53159c0e8047ade3 |
| SHA256 | 643e6e113f1950e035ce1f6d12a4f59722600edd6936061f949dac8e475048ed |
| SHA512 | 7a2256c9fea8a56c12c87c039cf05997ac10b0ee5f3f1cba26a9b98dc4e5760a01930cb6ddcc345378bcb32efbb94f5ff5313a04ec469538e250558b1889e47c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | be2ba0fe25ea261652976807dfe46401 |
| SHA1 | b268905078fb2e161334ff82232c0d7a199b4875 |
| SHA256 | f311808c709a6a526da446fe620c20642d7ff7071490fc5dd166216b2d809f39 |
| SHA512 | f546d98aed710fafe0820ed17de2dc70170d1c2d3be3d5e41a8cdaf4a4cd3f8f9405dcab90813487cdbf9f5deded5e85ffdaf7eb5023d3c69589db38db670029 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ace8bbcb42a0bbc8e0d80eaffcda6a3f |
| SHA1 | 1ec5f6d7482014e2603e6997340a7fe6aba7c85f |
| SHA256 | 50d61d43b5c051e8cd5dca54d35ec3477213266f3b11780aa202d263fb274206 |
| SHA512 | df8422de04461d90e1c9f5f80943a1820d5e222e7a7802cd82f13f9b8ebb71185806cf4903b575e4f622276757df4b714cbf26a4c17578a2b1fd06ccac8866d4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c5c4667cca9241141baac5daf59fe700 |
| SHA1 | 924420b7eccb8d86d193843bd5a85f9b9f0014e3 |
| SHA256 | 8279c728c99e6385f66457721b30a84e1198787abcf5e81f4a261ac34ccd9f70 |
| SHA512 | 2b4f4d48bdb9b4278c1fe80d0fb9179f74a46cd9232b5a240b0ed371c31e2ae6e993d930e37f95c9a306c629fde3a9fdb3ae74a56ba0a59b497d25b952d7f33d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9cb746ab418059e195d6ac69d662d75f |
| SHA1 | 734580b4fe80da3031c0638a408f2aaf6cb836ef |
| SHA256 | 212b0b27b955e32d1263799cd87d9ac0af8da7d97221cdbf59efde1f128f7a07 |
| SHA512 | 33df90eba98b23055e29e4e3ca906f2e4832dbbd7c9ab3a4e1e264723328c5029886e818918d2da23c01db16e558b7f19c142a0514e9bbc79db06d6757e5d9be |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 618e5a3a89b4d37fbea3f077d2929627 |
| SHA1 | 88284a229521afbe61403f459d6fc6d8573e0866 |
| SHA256 | 4f40a28cb83272bfb7818efc39241ff9497872aca8f95f1edd984511d8de06d4 |
| SHA512 | 2c991723fd13218152c43c2716bcb02b23bc1808de24cfb4cb699330761f8ab8ae80497870a70a6b023c91ebd5a8a3b9150e4b55116350f47d0e79cd49b79afb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b66aabd7c60a5aed89da25474e25ca89 |
| SHA1 | 8b8bca4625ef67a42cb0a7710166a8b2cc09535e |
| SHA256 | f36ac0905375fd64677ce834e8cd3c19bed9b1c67ae518dc09e4330297f168d9 |
| SHA512 | 7a886d6fe39c7259d7db9b4dbd180461cf3bc5958082d9f0f545a5c225cc2864fcb49c86370c82ea1e8124f9811a99d6480adc8e0a702e11b0295fcaedd3f1f5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 93cbb02ee43bf02f0c1d365010e16210 |
| SHA1 | 7c04a404e8f03b0a3e6199f2138a5bb194f362a1 |
| SHA256 | f2a674f944ff71b37ad21e4128a86405012e0d4e99d705964130228ebd401d11 |
| SHA512 | 242764384635bd62fff90fd7807c689db3c8bebcba7407b03c1f802ce85970f3bdf4310452cc09445c2acbf1904f3e2d329490bca971bef646fbdcd59235111e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 076e78adf7ed10007496a6dc59e9a011 |
| SHA1 | 01a27387c0945548fa9f1f65bf9778721dff6b16 |
| SHA256 | efde9e8e76c7cb5ab3804014d0b69b31517dc0ae93c5f6a512e0c11bc431777b |
| SHA512 | 9bc267d5dfcd17d1bbfb88441423f3b4280aaa530cc91a324714cac27eae322475ecd854bf39ed5a8f2d59815b97f4801a0386c5bcd79cbc7c2d05a2fd17e9a1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9e7c799130a19faae2024e52ab30f2a3 |
| SHA1 | 42928a230cd83760048d5304161af6682a3faee7 |
| SHA256 | 75cf7c769133c1ec8cdcd1763b0129f850806202930f858d104af5f7df9788c4 |
| SHA512 | 59bc42c10be145b7da3389ce08e26f0159c219f838a32e7a2ceaae2d54195ff6c0a1369a01107badb13a0e40dfc401ee9327717aaf5c8f61d7e25dbabfb53ed5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9bcaaf154bcfdd80c2f7df1421463e63 |
| SHA1 | ee65f145f8ec8ce14ddb511a9aa1fce0a868650d |
| SHA256 | ca6faef99df0ce035a44725b91f55987367ac08e6cae1f537ee47920e845c58e |
| SHA512 | 0b5413d8a3106f0888b005e94f615e55b44a3e01ab64f155c654f7b61705d03eb2640edd69f9906c3598157e049a09efac63d3776d19a8d825bc80955e3ae71f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 102131ea52f71c350f883022835beee5 |
| SHA1 | 0d5846fdb05ec7f26a46f769068598148f6e13de |
| SHA256 | d4b7abf951d5c473b32bbb42de2b6f57aeaf48d68ca90d243da2d4620b95cbcc |
| SHA512 | 9a6d3e7db99f432467977094ec770c9536272fb12a839e394172e2c1a5ce4d2aeaab67539ff233f58b2ac604a1b9e1d9db9bf2510594d787fccec792b5c5ec5c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5189f08f4e46383ec6e495a628790be4 |
| SHA1 | 5c8dcc7cc425b822852b7a2a7fd85c9ed48f1675 |
| SHA256 | 03cdfa4ef436046d160ea3cf07d90daaaefb2ea980f5df7f05b33e83b2d82105 |
| SHA512 | c7bf4aca20909a389a0af973464d76dd6ebc2f7983ec9053a1df618991f470bf38e5bd2158c95a80c4e37d28290d3e01748f4d2150565ed2842938aaac6adc45 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 91b6d57255b178cbd78d151c720cbd72 |
| SHA1 | a7cbe3ffc6bb9e1b5d07e31691e7f8d0c7cd7cf6 |
| SHA256 | 6660abcc972781a5ea7d9b85a1bb690d1a49b1392eebf36259b950b6af7bfbb3 |
| SHA512 | 26e5ce9da6415b64ffcfc644195715c93236ec1f371d7b29b042d5861c42c64b55cbab494ee53a513883eedc9750786b8bc39262bfa17ac04011cf0badff7bbe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 370014816c22d7e9a4fc5cfe40e9fe8d |
| SHA1 | 12fe0c0c996e90a17064e33da76d1f6c518ac44e |
| SHA256 | 6bef94cae1b93756c8757220f23ab49ef89d4c84963a688b6d0f5e3bac964828 |
| SHA512 | 72718031dbf6aa7bfcaaba0c9f4c88c4902ed4c227cc1d014dd3c27f3125b1b1304a0808c740d0cd413b7f4ebbaec744413d511ce485d5095c808b46db0c659a |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-12 18:49
Reported
2024-06-12 18:52
Platform
win10v2004-20240611-en
Max time kernel
145s
Max time network
139s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a1d42859a8dc074bb61f5b68bb1588d7_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe706746f8,0x7ffe70674708,0x7ffe70674718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,3328736648596107855,5346304873300847845,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,3328736648596107855,5346304873300847845,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,3328736648596107855,5346304873300847845,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3328736648596107855,5346304873300847845,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3328736648596107855,5346304873300847845,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3328736648596107855,5346304873300847845,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3328736648596107855,5346304873300847845,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3328736648596107855,5346304873300847845,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,3328736648596107855,5346304873300847845,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2976 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,3328736648596107855,5346304873300847845,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2976 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3328736648596107855,5346304873300847845,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3328736648596107855,5346304873300847845,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3328736648596107855,5346304873300847845,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6312 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3328736648596107855,5346304873300847845,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,3328736648596107855,5346304873300847845,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5488 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | yourjavascript.com | udp |
| US | 8.8.8.8:53 | www.onlineleaf.com | udp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| US | 8.8.8.8:53 | cuerosb.googlecode.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | amronbadriza.googlecode.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| GB | 216.58.204.74:80 | fonts.googleapis.com | tcp |
| GB | 216.58.204.74:80 | fonts.googleapis.com | tcp |
| GB | 142.250.178.9:443 | www.blogger.com | tcp |
| US | 13.248.169.48:80 | yourjavascript.com | tcp |
| GB | 142.250.200.10:80 | ajax.googleapis.com | tcp |
| GB | 142.250.187.238:445 | translate.google.com | tcp |
| NL | 142.250.102.82:80 | amronbadriza.googlecode.com | tcp |
| NL | 142.250.102.82:80 | amronbadriza.googlecode.com | tcp |
| US | 104.21.51.21:80 | www.onlineleaf.com | tcp |
| US | 104.21.51.21:443 | www.onlineleaf.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 142.250.178.9:443 | www.blogger.com | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| NL | 142.250.102.82:80 | amronbadriza.googlecode.com | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| GB | 163.70.151.21:80 | connect.facebook.net | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.102.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.51.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.169.248.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 172.217.16.238:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | img2.blogblog.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | ad.a-ads.com | udp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | i968.photobucket.com | udp |
| US | 8.8.8.8:53 | fbcdn-sphotos-b-a.akamaihd.net | udp |
| US | 8.8.8.8:53 | widgets.amung.us | udp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:80 | resources.blogblog.com | tcp |
| US | 172.67.8.141:80 | widgets.amung.us | tcp |
| DE | 188.40.69.138:443 | ad.a-ads.com | tcp |
| US | 3.165.113.12:80 | i968.photobucket.com | tcp |
| DE | 188.40.69.138:445 | ad.a-ads.com | tcp |
| US | 8.8.8.8:53 | icons.iconarchive.com | udp |
| US | 104.21.235.214:80 | icons.iconarchive.com | tcp |
| US | 3.165.113.12:443 | i968.photobucket.com | tcp |
| US | 8.8.8.8:53 | t.dtscout.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| DE | 141.101.120.10:443 | t.dtscout.com | tcp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| GB | 142.250.187.238:139 | translate.google.com | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.113.165.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.8.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.235.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.69.40.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.120.101.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.201.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.27.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.178.9:443 | resources.blogblog.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 172.217.16.238:443 | apis.google.com | udp |
| GB | 142.250.200.2:445 | pagead2.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | scontent.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | 35.151.70.163.in-addr.arpa | udp |
| GB | 142.250.178.2:139 | pagead2.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| PL | 93.184.220.66:445 | platform.twitter.com | tcp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| GB | 199.232.56.157:139 | platform.twitter.com | tcp |
| US | 8.8.8.8:53 | 217.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | whos.amung.us | udp |
| US | 172.67.8.141:445 | whos.amung.us | tcp |
| US | 104.22.75.171:445 | whos.amung.us | tcp |
| US | 104.22.74.171:445 | whos.amung.us | tcp |
| US | 8.8.8.8:53 | whos.amung.us | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | lh6.googleusercontent.com | udp |
| GB | 172.217.16.225:443 | lh6.googleusercontent.com | tcp |
| GB | 142.250.178.9:443 | www.blogger.com | udp |
| GB | 142.250.200.1:80 | addell-71.blogspot.ca | tcp |
| US | 8.8.8.8:53 | addell-71.blogspot.com | udp |
| GB | 142.250.200.1:80 | addell-71.blogspot.com | tcp |
| US | 8.8.8.8:53 | 225.16.217.172.in-addr.arpa | udp |
| GB | 142.250.200.1:443 | addell-71.blogspot.com | tcp |
| US | 8.8.8.8:53 | 1.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 56067634f68231081c4bd5bdbfcc202f |
| SHA1 | 5582776da6ffc75bb0973840fc3d15598bc09eb1 |
| SHA256 | 8c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4 |
| SHA512 | c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784 |
\??\pipe\LOCAL\crashpad_1952_BGWBKEZOUDLZXEMR
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 81e892ca5c5683efdf9135fe0f2adb15 |
| SHA1 | 39159b30226d98a465ece1da28dc87088b20ecad |
| SHA256 | 830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17 |
| SHA512 | c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6d6d0030e0c4ace5f3d2cb06dc4545d3 |
| SHA1 | 8bd8a145b51fee389ace41a24de718935f06b344 |
| SHA256 | de88bc92c0e08eeaff1933887d0313feab1f00943b0275b6d237dd35ec0cc4cf |
| SHA512 | 31798fa69a6f28e38cc681f0150b5f8fe3d831005b3cb94239f116c8920af13a632191918ffce820b9cc646c35145e62dddb3e91b9b7c4a0aa58e163643c1a47 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | cf1640cbc576eaf098448987c25e047c |
| SHA1 | 693cff08a0fb02ccefce7e63f7bfbc3ba23b231b |
| SHA256 | 9bcf52620f100412d40aa13ce9a31d7f70325844a0912ef1c9ca832fee3798da |
| SHA512 | 1ae89b7eff13f3524b64e9744a4ab231af88df0aec8f3f092be31f1a2d855976663888cb7f5b9c1472e6a7bfb9f2ec7da37e57160a915fd23f5440b4830a15df |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ac98fb7ec6085ef34b0f1ff9d02a2691 |
| SHA1 | 7fd019afc1b186b0764072e27a5b899b2d716d03 |
| SHA256 | a43180113b0f1f7f8c26235f08c368af479207f8762f659583ea78b90b32ff90 |
| SHA512 | aa1133fcc09546e6132e8d2de16056694d9387d029a22cf17b76ddca4923cd09a4c31f73adea547422e027e86c7968f6c21cd2f25a3806e7f2fd4f536b6f7d00 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 77caf65b00b091bf3d2e3d2783c9b5f5 |
| SHA1 | c5e023c5716f098d833247741033aaa690378871 |
| SHA256 | fdacc1d08d2470e63fe0c38fc2a9cac2cd5b7fb1aa366a4046fafca038352b8d |
| SHA512 | 53d6acfeab8224f2dae8e67091be712c78438a8b4565ae4fe938c1f3efdf35d2690f7ae5469416be4c6ac9c2838b38074b2ca762d9505d1bd52d1a91635b5b83 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b47b84f38f396c1e8f453304d8bcf44c |
| SHA1 | 11e2f7dfb7c792f756bbdeb9d51f88e184961502 |
| SHA256 | 5b9808fb91983b85a0f6ac0da5962784e17bd2f9767fa17ef86ef10a58d33fbe |
| SHA512 | 3e6da5cbfff2a0a4d1eb2532e2823d9ce53c54e05c8ea72734aef4f9166eaa533b1312750b0097992952135f5ea8710ea87ea3121fbbb37ebc4a96cc9b49489b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57bbed.TMP
| MD5 | 5ae2c0b12410de62884d2567e562263f |
| SHA1 | e3d80ea5539643cfcee80215be53d99f666dba09 |
| SHA256 | 922a30c564dc803327f57a11521850dceccc8f2130a1955c2331b3509f345cc2 |
| SHA512 | 7782022e770f2467199b8736ce2263a7906b58ea1d7b529dde1daf780f006250804a6a2c105a53290cb6a5a938aca16734e2f02653d70fcf130695c5e5a113a4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 90f37b9e8cbed1a58afac27810637b23 |
| SHA1 | cb554fcd181f34658a918f78165b2b8c7194d84d |
| SHA256 | b1edc47f43e7f05014c2ae179f7912c2048160873ab9d79649994e89d44c3651 |
| SHA512 | 91b8f96a467f6041415767404af954800d3fe6c0b48638a481eaa1b89ae908ea74722ccf5d3061a9bd6dea76ec207780d7eb9b2a333c0c66ca5f3412f5e3c530 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 12aa42485e3a0b72293dd9809bea4639 |
| SHA1 | 771d5e3a9ff52241208f0934b238d4453e3081b9 |
| SHA256 | c0d6ff6f05bbcf75d453614f57430872c8311908b8d1fbbee557ea9b7ef20214 |
| SHA512 | 48c7b128c5b860fba8b8db8a85b8c856819d1c3206355da57fd3bd6638f6654f91e6e98528251f5c66798efab9c5b68ab71cf44fc8b90253dd72a82e8ef1e5a0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | cc8789c3b26b9179594ac5022bf36c73 |
| SHA1 | 8d09e84381f0d479d1f85b9a0bdcc81b350f0a6d |
| SHA256 | f62697417731a9e633acbcfc7ebd3eed25fc9267a55817cd824a9c96d0573c6e |
| SHA512 | c8546049f39d144a24d6fa6108059d0b27f3fec02523f70dc8630265ff4b59244762c31d61c0d20bb504949768050119b9c9cf31df94983795454e0666a2daa6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8de0d42725be9442a255227f2a63466a |
| SHA1 | 34cf19feddca948504c98cbc54e24d08aafb799b |
| SHA256 | 6fc9fc0e08bfc73015144795daa62d5e4bf8939d01b14a973c45d0e0b01551b4 |
| SHA512 | 25cd8fa5599a9d56cdeec3373a99f3287c2dc802dac33a1d472505527133300a6edda95f61bcc161386184a85a0f354a6435ae11d54bc334b49735b68a8a2ec5 |