Analysis Overview
SHA256
f2867cbef9d77ffc2e042408555a522dc9b12a1c3204c869cef799766a0a0202
Threat Level: No (potentially) malicious behavior was detected
The file a3a691a37c15512ef326123e8e6c81bc_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 03:19
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 03:19
Reported
2024-06-13 03:21
Platform
win7-20240221-en
Max time kernel
145s
Max time network
148s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c079e59240bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000000f0250ebc8c7a4996c6c3ac375da87f00000000020000000000106600000001000020000000a2261dfc78d7c45ac190e7a99ea0973c2f8eeee3c15785655fefbd55d59f50f7000000000e8000000002000020000000cbb8942158b1935bd4e4009867b83acd27608390b4c987fa6e60dec9efc063d39000000070ebb80be59cd1f257a0d5d9766da73e97ecd86af5658d95491238bf486343c10e6247b333fa35d5a8861304f321737a2ccfe7a1745c2159dad4742566c30f5b2e9199e5c87632e1dd90486d6060773f317baed62c33b6a8c9e36f98d5792e538fa133669a893bf4e00ae18d5a4b590f33eedbde8c766ecada68990d1a124b79993da2283656e5836ef20a9b42ca2e994000000005d2e6f1b11ca8bdbe7ea3d341fb9353a6ed2270a5baf7ae38bdbf9a464f3d7e05b38c245aa6f499142ec27f6aebe29acf2a64224bb019ee6d0229b5f9a62f6c | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000000f0250ebc8c7a4996c6c3ac375da87f0000000002000000000010660000000100002000000069310351b74f4d0548037a947e371dc5db14f29459cf6b9ff03c42c86ad4f2bb000000000e8000000002000020000000f6d1c571019290ede7ea769863b2ba276a241d854cb3eccb280f9e14a50a30622000000069ed167d643c2d12b51960e35365e8c7ce02e5e09dc5c62170f5f7a8e41a9e024000000058642ea6c2d69235f61e3eac91daa69f4a9fec967dcc32b055237354e0fa49e8f8781269cbed1a54a1888dcbd288a00a2041caf94bb8adeb204dcf183086fb3e | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{BAA57FF1-2933-11EF-8F9A-6A55B5C6A64E} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424410630" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2128 wrote to memory of 2696 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2128 wrote to memory of 2696 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2128 wrote to memory of 2696 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2128 wrote to memory of 2696 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a3a691a37c15512ef326123e8e6c81bc_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2128 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | i43.tinypic.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | i41.tinypic.com | udp |
| US | 8.8.8.8:53 | www.betobrasiltv.com.br | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | dl.dropbox.com | udp |
| GB | 162.125.64.15:80 | dl.dropbox.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 162.125.64.15:80 | dl.dropbox.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 162.125.64.15:443 | dl.dropbox.com | tcp |
| US | 8.8.8.8:53 | img857.imageshack.us | udp |
| US | 8.8.8.8:53 | goo.gl | udp |
| US | 8.8.8.8:53 | 2626-1.blogspot.com | udp |
| GB | 142.250.187.238:80 | goo.gl | tcp |
| GB | 142.250.187.238:80 | goo.gl | tcp |
| GB | 142.250.187.238:80 | goo.gl | tcp |
| GB | 142.250.187.238:80 | goo.gl | tcp |
| GB | 142.250.200.1:80 | 2626-1.blogspot.com | tcp |
| GB | 142.250.200.1:80 | 2626-1.blogspot.com | tcp |
| US | 8.8.8.8:53 | i40.tinypic.com | udp |
| GB | 142.250.187.238:443 | goo.gl | tcp |
| GB | 142.250.187.238:443 | goo.gl | tcp |
| GB | 142.250.187.238:443 | goo.gl | tcp |
| GB | 142.250.187.238:443 | goo.gl | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | brasiliantv.blogspot.com | udp |
| GB | 142.250.200.1:80 | brasiliantv.blogspot.com | tcp |
| GB | 142.250.200.1:80 | brasiliantv.blogspot.com | tcp |
| GB | 142.250.200.1:80 | brasiliantv.blogspot.com | tcp |
| GB | 142.250.200.1:80 | brasiliantv.blogspot.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | whos.amung.us | udp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 172.67.8.141:80 | whos.amung.us | tcp |
| US | 172.67.8.141:80 | whos.amung.us | tcp |
| US | 8.8.8.8:53 | maistemplate.net | udp |
| US | 216.239.32.21:80 | maistemplate.net | tcp |
| US | 216.239.32.21:80 | maistemplate.net | tcp |
| US | 8.8.8.8:53 | www.maistemplate.net | udp |
| GB | 142.250.179.243:80 | www.maistemplate.net | tcp |
| GB | 142.250.179.243:80 | www.maistemplate.net | tcp |
| GB | 142.250.179.243:443 | www.maistemplate.net | tcp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | use.fontawesome.com | udp |
| US | 8.8.8.8:53 | blogger.googleusercontent.com | udp |
| US | 8.8.8.8:53 | templatestopbest.blogspot.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 172.67.142.245:443 | use.fontawesome.com | tcp |
| US | 172.67.142.245:443 | use.fontawesome.com | tcp |
| GB | 216.58.212.234:443 | ajax.googleapis.com | tcp |
| GB | 216.58.212.234:443 | ajax.googleapis.com | tcp |
| GB | 142.250.180.1:443 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:443 | 3.bp.blogspot.com | tcp |
| GB | 142.250.200.1:443 | templatestopbest.blogspot.com | tcp |
| GB | 142.250.200.1:443 | templatestopbest.blogspot.com | tcp |
| GB | 172.217.16.225:443 | blogger.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | blogger.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | blogger.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | blogger.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | blogger.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | blogger.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | blogger.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | blogger.googleusercontent.com | tcp |
| US | 172.67.142.245:443 | use.fontawesome.com | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| GB | 142.250.179.243:443 | www.maistemplate.net | tcp |
| GB | 142.250.179.243:443 | www.maistemplate.net | tcp |
| GB | 142.250.179.243:443 | www.maistemplate.net | tcp |
| GB | 142.250.179.243:443 | www.maistemplate.net | tcp |
| GB | 142.250.179.243:443 | www.maistemplate.net | tcp |
| GB | 172.217.16.225:443 | blogger.googleusercontent.com | tcp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 968b6b4c955e2e7daa61bba759c5ebb5 |
| SHA1 | cf3857f58bfd08e2684ebdfd0e28bd111d6ceb25 |
| SHA256 | d0fcd49e3c7caf38a5ff4dc2df6c03fc2f59644d2c500832d4f4c0a2872b06a2 |
| SHA512 | 93dfce40e4f3c48f331379510c9bc53ab4d11f8d93ea8ff025c8b4fcf336d5d3a064638de31475b2a83433415754a2c832199d9a9ddb6823de5401168d4ed398 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | d3049f1a4b143f13261e38abab901109 |
| SHA1 | 1810917619ef7b98f40697c12f35a75575665f8f |
| SHA256 | 69df6863aa24aedecf107a7e2e0353d592c52a5905cc2833d824c2298733e9d6 |
| SHA512 | 6af844057e960d6f4165f297891b676492281fc4abdd7346a220b1972124fabe2a9e0f7b3825c9f67c1ed885262cf6fb994c4dcd607c1981005291a240b6e958 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | c1ec2892dc4c692f4222235a0b5b407d |
| SHA1 | adb08315ddf71f0e06c38edb06a763f27e525ac2 |
| SHA256 | 9a738b98074e2a45fccf511e91af4f1e63f3562144ffc8e8e2d090a6f9fd33ae |
| SHA512 | 0bdc78df4ba5ea8b5659b5755af70ad7559492bfcc7d6789ddb4c6351c13f7ec1cf78b71eee7cf67ccc3f66a579771425f08fb262e70eb0306fd099e7ab911fa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | ac89a852c2aaa3d389b2d2dd312ad367 |
| SHA1 | 8f421dd6493c61dbda6b839e2debb7b50a20c930 |
| SHA256 | 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45 |
| SHA512 | c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DACC52A1882A05AED14688828CFAE295
| MD5 | 945c62ae176d5ed67e588d309c8fcc91 |
| SHA1 | f2699255b425206e52833597af493c5c566aeaaf |
| SHA256 | 690fff9fea14e1b1ced7d93bf61c5c1e0631336b4f34e1626c7f92b0585c16d2 |
| SHA512 | fd073d9abbad72322676aeae8605ae1f80f10f6e6577786d8e791685ae132e541746ab980534f9eb3f28799243ecbc735071bec2e72c280ea8f28f4638ae2760 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DACC52A1882A05AED14688828CFAE295
| MD5 | a4c3e4b3f212ccf9719236eaa8f728be |
| SHA1 | e017a18974a9969ca60ca2499ac54b464d91a2ef |
| SHA256 | 0641546fbe6a6bf201d918796cf5efa992632208053037f369a6173cc2afd39a |
| SHA512 | c4c229eec604f4022ab0d439eb8b95bbdbb554d809d4571745957f0da5dc740e4ecb13757273b9dcf9f431a5b1ca40d53a539e2ccfaadbf7c161dba6b8b2734f |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B1014REI\plusone[1].js
| MD5 | 53e032294d7b74dc7c3e47b03a045d1a |
| SHA1 | f462da8a8f40b78d570a665668ba8d1a834960c2 |
| SHA256 | 8076b082eadf0cab4a8823dbd7628a0b44f174c17b3221221c0e31e7c60307a2 |
| SHA512 | fe263fe86aea2ba1b86d86305650cdeee45cd1f7b4339f9d4fb81db776b78abedccd0ae77262f45d579751daa26f81385354b3d126fdb5577036e9dd1db33276 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_89FBEB9EEBFF8AABF1EBFA20B87AFE7E
| MD5 | d157608864bb7117489ce9ce5ce0fb96 |
| SHA1 | 4c1e456e5dd23163757fbd1c2299992d38dc91d2 |
| SHA256 | 747cad6be1751b1cf3cd3b328b40ff375dbc1fb110c065022900a30a16916aa2 |
| SHA512 | fac6b54217c9128179434aa027e5377a2a2bfab46b9ad747490839a4c6001a878377e2cd79de874fa29894f9a0972839aa57eb1f5def65a955984ca3272b7f16 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3NPBB818\cb=gapi[1].js
| MD5 | f9255a0dec7524a9a3e867a9f878a68b |
| SHA1 | 813943e6af4a8592f48aeb0d2ab88ead8d3b8c8b |
| SHA256 | d9acfd91940f52506ac7caeffea927d5d1ce0b483471fa771a3d4d78d59fda0d |
| SHA512 | d013be6bfc6bcf6da8e08ed6ff4963f6c60389baa3a33d15db97d081d3239635f48111db65e580937eb1ea9dc3b7fc6b4aecb012daeee3bf99cfebf84748177e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f36e0330f6ca206f1475bd3965e9a00e |
| SHA1 | b2288703413cf1ef6189d9ed6507b6379e246e6d |
| SHA256 | 6970da9893cafdf04ebd267d6715ddc56d98ceb0c450951a3173b6a73cdb3eeb |
| SHA512 | b7cc59f9555238d999aa9044c1a6b34123d704b9c922ac3d05827a871fc43cab682a8586960d7f8ea87e4297e59f8ca306681459f54bcff13511702075986a9c |
C:\Users\Admin\AppData\Local\Temp\Tar373B.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\Local\Temp\Cab3729.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_95776108E5303B05527E9B63C6628F47
| MD5 | 31c72108356bcbb5569409aa463923e3 |
| SHA1 | 647712555d187d6763bdafc3e9c2ee9645bae56a |
| SHA256 | 16c8fd04d2e7f175e0092f4e468aaa9b762e79720e99683c787e4ed130404cdb |
| SHA512 | 4768ecbf85c6c15bad385b1c5b6937e4243aa4bdd0163ef49bf219047b6d9920a535a860cb29cc02dd5a427f170ff43d4e6e7fb5b3505233d24d671e84205e60 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar381C.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 55cd0c76e2027e58344abd24838651b0 |
| SHA1 | 4362e0ad38210f2a62639054ddbb91d95bef4b5c |
| SHA256 | 55c43ed290d86bd963724cff4f8dc40e4c17ede884fc3b36ebbf26c98b619b52 |
| SHA512 | 5ae3fe89a186440fbc04c786b10bc91d1aeb2d3eb1dc41066d7ca9acdc0a4e7333396e6a61e8fd770f1ccfc243e7e4e5ae8eb88db675d3a536b62359ee87eb40 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e859562a1f2fa069fe4ad30c472a1779 |
| SHA1 | 20af040ef50bb130afea1b0e62b151f453ba9391 |
| SHA256 | 1f9bb4978a21148f860c32e416fc1caf7d205ea2aca2935a328e602b37ecb8ef |
| SHA512 | fb0ba06ef61b5317cc9cd791a6fb81e553e8cda204593ccf12f49a646cb0aa85737f2b35d12f789de5f5abd465839824e7306ada9498163cf3e06491eb300f52 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a5e9fa854abc652ee4461713e4391f85 |
| SHA1 | ff3c6dd524ca28ac261e2571e4f5a65e483b83db |
| SHA256 | 16205d0af54a61cea80ad535b9fe9a2abd10dc4a04d731c6d6599a1d29224086 |
| SHA512 | 06f35627202be34c46eca6c3dd85177969508ead5abf0135937abb0f0d0e0eefa2c4ec8c409dc4f3171e43f4c7fbf1c421c264dc5f941fd90ceb2d038c4285a0 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5OCCPTL4\favicon[2].ico
| MD5 | 59a0c7b6e4848ccdabcea0636efda02b |
| SHA1 | 30ef5c54b8bbc3487ea2b4c45cd11ea2932e4340 |
| SHA256 | a1495da3cf3db37bf105a12658636ff628fee7b73975b9200049af7747e60b1f |
| SHA512 | bcfebb2ca5af53031c636d5485125a1405ca8414d0bc8a5d34dd3b3feb4c7425be02cf4848867d91cf6d021d08630294f47bdc69d6cd04a1051972735b0f04d4 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\sxsuh4u\imagestore.dat
| MD5 | 2def9cffdeec417855c7a4f4155ecaa3 |
| SHA1 | fad09b7058e8dd5927d56a62d1ba5526b29f910a |
| SHA256 | 7700711ce609f4ea87596f3731eda4940dfdd0d96aee6bfc70be8eae41e26327 |
| SHA512 | 1e489e352c1e6abab10455950b10218615764ff5d7b5c2eae0d10d2bf3656ae81ccf652cf274138e2b0dd2e21000756cb01b6e95f0871594de7eb5f33f98944c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9fd60716bc90499843f726d997013dfb |
| SHA1 | e99261758b8e99e8c47057c3252151488c720200 |
| SHA256 | 13e3d5be4bbc5ceccbec12644d82ae5bd2aace157961a072e9e2f47ce8ed4196 |
| SHA512 | 9f5e9f7097e2f98e59f312a403aa085ed3ae8935ace0a9a6e95a0d1c5a0005f0c82a98b794be0850637bdb4364c187ab1c24a372d4b6b6e45a3076d12c195462 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 93f7e742209f9f9217dd7b59ff2fe74b |
| SHA1 | 36a76a7da6f1f9063745a16125bc31d8c01b4d65 |
| SHA256 | 155a12bc397c3f01cc8989d8bc7475903b10f3b39c0ecd83967dbc1fcde64ed7 |
| SHA512 | 75b9befd7e29fa2702718fa2ffe73b7f00dc41fcfd9537b285e9325738fcc0308ec16aa2a5eda37bd3eca677ab1ce701faa5e7c95b2f0d0e68c69396e985a5b9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b1ca1546660833d5ad7cfe8a3c3363d2 |
| SHA1 | 6d582a49c984ca62daf016639c9b710f130475c6 |
| SHA256 | aa9a3d7dcf76862736e59e97d599c3cdfe0577fdd7161bcc45c214f65d1fe0df |
| SHA512 | eb6280acc26ee47d2ba367e0104c60e59a1c33c02604f419df4d3ce6fb7f1c529bc1fb524e5f739dcad65fab1446c990d1dc55d0ed98e0eb8117dc4374ce587e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0d85af1b66fbb4d50072f4ed447ce3c1 |
| SHA1 | 90c41ecde7cd65fa35991c6e0abf3d9d99fa539d |
| SHA256 | c488304554462ce2adb452c1a73cc31241ddffe39969783870db3d88474d84f7 |
| SHA512 | 02e2b7bed173aa37ee6306f11ef0020fea66176dda30458a5d664ac1154591761a07776491afef2560b9ad7183ac05a46acdb0e88a16f4dd7fabaef0103e25b1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 064086b6e309aa14b28cab30c08b4c43 |
| SHA1 | 43005d50de1c91b866e08e2435cf16c2704fe263 |
| SHA256 | 46e3c5a2437233c70088d7f803900a60e2ad15fafb4754308fae50bbf4f0c99a |
| SHA512 | 7768b875cfe2817c9897a8a83bec448783d2c58f6913b12d144e164d116f1f3d203547e470753101513d832d55343ce29ef058d224af2c1d0940c5f1c9568693 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1bfd3907229c93207d72e9f99814d21c |
| SHA1 | 01b5a808b34aebaf6df5cacc5993b4e0d69bdd7a |
| SHA256 | f15384ac6235ca4dfae7d9cce3b1a81ce1effabce9e4279d9aed8e784930bff9 |
| SHA512 | dd9b5956fc8256bec50dffabc6ccb56b8e8c5ce30dc499f489b5662b730e358805e678adecd5ea50642af1181a700b60c498e0f8c07f7989a69fa61f26355913 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 185a8bae9e70b77e901e2a7226b44d51 |
| SHA1 | 26083d7cbba4a75433274dd10e8edb13617dec16 |
| SHA256 | e4427e39d2566750c5c47ffe601f14a8282e3b093bc6ba677616e02d52f3c510 |
| SHA512 | b777d90485b4de88ff3ce05431d2169ebe8da6a75d9df463f5c23da0893ad76c2ed7b2f54e0dcc13dee27c52c6e75ef42c2edf9537344b0540d5da4fb6a3ebb6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e72ed2af90bea483ce580a9492c9b697 |
| SHA1 | 6ae1c4df444d9c7a7c0ee899d9cd8e15acf90bd9 |
| SHA256 | 0b0619998b35821bd3654fc9895efee2ea8cbe6d9f7342adfbc541cf0511f5d9 |
| SHA512 | 24d3832d931d157ff30f0f209b5320e018e617738612e4b5e0f8e3ecaf505ecabd2c438bc33895c2591df2ee9d73c6e3993deed1bc5008de305875d76967c5d1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 53fde939e53ddf3afd798cf7b1687e85 |
| SHA1 | c0cc1e38c81dbea53eef46ab08ea27a1968e44b1 |
| SHA256 | 2508eb5b77b0a75755ffe69e09d3f427ac0db32a809b1ae6b1600385c7c85271 |
| SHA512 | 4934c25bf4555a441d8cbd2781577f6e94d59c1a9cc517fc315d9716bee1deb4e3cca177d6f943dfe9fa6c97fc5413d67973d4c94a3417896a866bcffacab975 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bd08ff2cfb955b301e0d52ee141f3ef1 |
| SHA1 | 78783a880a87281fb7213ff254bc3051d1275c4f |
| SHA256 | 3e4822e17df7d4c06761ef2758e3f7afab13b4bd336c723a6654dce8535cb1a5 |
| SHA512 | 3e4922c9df2cdde69264964279a9145623cce5c9da138b8b20aa82c7b57e99c26ba8c24851a9c68b8ef7c9f79b93cb4271eff17cf4b2eaaf8031b339a2b7c7b2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 13304706b96872b93e37f16b548ebbcb |
| SHA1 | 6cc94f3090aebf23a7b9cdc59c7677c148058ac3 |
| SHA256 | 6f150cd89f0776a31fbcc5ca65042df727e3046512a11f824519bfbd020fe127 |
| SHA512 | 4283a6bb337818ac9d4a149424e2f1e7c3a4b8be67ce6a91d378e22a15d818c5a6d818d1e6f0fabb81ab13539579be62f5265ba9e7e5bb1ee0886c5be32c521d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6a70cb8ec9e3716e719616d19cd60e5a |
| SHA1 | c6262b039cf6da19db4e7760858579da309012ee |
| SHA256 | 6d141f35f14e6d13f8de05e1658cc49352ed357d861531e21651057bcf4a8c11 |
| SHA512 | 2b3ee69a2f2a0dc891791ae2423bc578aa5d42925cea6d03393dbc10844968015d0e7eb2e9191ad6f704482bb4162d3b9f200b31892e5a10bebf8cc4dc750578 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 51b6071e98eb9bf03ff43517032c814c |
| SHA1 | af2155b3b243b62009b73952e08af4a40a718bfa |
| SHA256 | cecdc011c920591459f20bb080c339067341f146796fdf9a915f19e09d472f68 |
| SHA512 | ba9344d7f3b390f8d915a1a7f0079a25773bda212be2640949a264ca9d340ebb9db13be346c1bdf4fa9f28124658874626fa6ecee55fc0a494dd8bed0fc702c7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4f8ee3dfe898dd4c5e16521d4a4c7750 |
| SHA1 | 921589d4cd50fd403b942e90590f494165a86bfa |
| SHA256 | 1b968768e8927ed6305a77f9632b4a94f967f8118e054077177b9ebf810dc48a |
| SHA512 | a3e3b5b7408d9e518431224c2e8ef10902806897c8516909328205ca54fcc050dda0724ff225ded4be92f90ad380976513653d7e5d083f94cae30fe9050772b6 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 03:19
Reported
2024-06-13 03:21
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
124s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a3a691a37c15512ef326123e8e6c81bc_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcca3d46f8,0x7ffcca3d4708,0x7ffcca3d4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,10469010797174397041,18152626777950097064,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,10469010797174397041,18152626777950097064,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,10469010797174397041,18152626777950097064,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2892 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10469010797174397041,18152626777950097064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10469010797174397041,18152626777950097064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10469010797174397041,18152626777950097064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3912 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10469010797174397041,18152626777950097064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,10469010797174397041,18152626777950097064,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6084 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,10469010797174397041,18152626777950097064,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6084 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10469010797174397041,18152626777950097064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10469010797174397041,18152626777950097064,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10469010797174397041,18152626777950097064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10469010797174397041,18152626777950097064,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,10469010797174397041,18152626777950097064,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1888 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | dl.dropbox.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | i41.tinypic.com | udp |
| US | 8.8.8.8:53 | www.betobrasiltv.com.br | udp |
| US | 8.8.8.8:53 | img857.imageshack.us | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 2626-1.blogspot.com | udp |
| US | 8.8.8.8:53 | goo.gl | udp |
| US | 8.8.8.8:53 | i41.tinypic.com | udp |
| US | 8.8.8.8:53 | i43.tinypic.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | i40.tinypic.com | udp |
| US | 8.8.8.8:53 | goo.gl | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | eaa3db555ab5bc0cb364826204aad3f0 |
| SHA1 | a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca |
| SHA256 | ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b |
| SHA512 | e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4 |
\??\pipe\LOCAL\crashpad_2976_RIDIRRHHBJQQCSGC
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4b4f91fa1b362ba5341ecb2836438dea |
| SHA1 | 9561f5aabed742404d455da735259a2c6781fa07 |
| SHA256 | d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c |
| SHA512 | fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\b20fc468-b7f7-4405-b4e9-b17359de951f.tmp
| MD5 | ab7edddc906acdb943928c96508a84ce |
| SHA1 | 756761dabd997cdbfe280f360b342d225ad031c1 |
| SHA256 | 3c518a126fbd55af226196f4188f38f11b70c0e7c77e1f4794e8f3cc623ea845 |
| SHA512 | 34ae07829576e75defb3c29e3aae0973c928ed3431eea2e6ff63ffcef6a52659c2e7536e9a6bb20bb897f621c8e923652c9e2c6d25a63f3f0b077899768ee402 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 1fd6ecfcd422bd3f847ffaa1b1e572d8 |
| SHA1 | dd09a73af719d334f5497f2f3b6b9b7c371400bb |
| SHA256 | 426914e427c2321dd326a4a79a145f7bd5c91cd8727c90c0618b3488c9f3a460 |
| SHA512 | 5ed631ce1b0f45916647b3964403ca0ef3ec784b61e0ea3bb967dbdc565510747e8370ac7500bc7ea282e54b7f59b7804ccf2e992952b1053234828cf964f697 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c530ec867f0fa2ebaf2e2632cc594a4c |
| SHA1 | 321cfd9f6cbba151e3b3b7c5b8a5e76d43468547 |
| SHA256 | 480b3b5aaefca003796ce54b680b3dc37e7e2fef3d2a7cc22b7cc64173ce27c5 |
| SHA512 | 991ee523e040253f2b7bffe19fed469d52064cf5410c76b53350c5aa2f13fdab7a780614c8be196b4c5045a0dfb086263851382943af9d80dd172bafa86f4b36 |