Analysis Overview
SHA256
eed8e8bc9cb83eed9a6b26f188405ceedd2e30f91b69e6c38fcc44d9f17afe11
Threat Level: No (potentially) malicious behavior was detected
The file a43b99a57f907e0604741af3e9f36941_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 06:35
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 06:35
Reported
2024-06-13 06:38
Platform
win7-20240220-en
Max time kernel
120s
Max time network
144s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70f42a2a5cbdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000085abf2d331244f48979f94164fd93cd500000000020000000000106600000001000020000000cbeb8c8241d4d7977d5221de1c91c3293b56ba14eeb46f9ad608d49fa4471188000000000e8000000002000020000000e47e59ed168057a4054d848e0f244bbbda47327ecf6b20411320af56943ec1d6200000006d48f3462d030bb98d5438845a4b8632329840e5f2b5641e0ce5f457ac46f63040000000f8070f31ef4f2e5afd1bbcbdf5d6ca075bb566345e99d254729a3811e2be90325fa40f64d39de9f3b1f5967e6776e5234af6b8aa83e609f08275d80d994cc018 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000085abf2d331244f48979f94164fd93cd50000000002000000000010660000000100002000000046e0617961106a03267470d516114866bef35188ce83c0bbfa970383dd6a44fa000000000e8000000002000020000000947955ce587c4de82a7c9f12cefa48c581afbe2309b63c3049a8058445050399900000007c82aaf59b58963dae5ba523fe99e01dd42b906310c2a197dfcec3bca8b25d93fa1267d50d75efbc91143042b796fe3abfdffa651a15098d44d2494f9f2ab2a865342d9420f75830e577b69c83fde14ff7f0a1cb7b60db814dba7108d0d7fb28033e3214fa40ad858696d17ff280b9d575cdaeb2f30da582759f8a9a6953581219d9296157172fee9c8823f91811cbdb40000000a63ed47b0c90f82e79848f183b385816649d2e6b8b49432ad61d50329da102e43ee0f4a386e12570655656cd9dd91d4172f57c53bd280db042b8e19fa6e14c7c | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424422423" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2FCE5021-294F-11EF-AD12-DE87C8C490F0} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2340 wrote to memory of 2960 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2340 wrote to memory of 2960 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2340 wrote to memory of 2960 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2340 wrote to memory of 2960 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a43b99a57f907e0604741af3e9f36941_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2340 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | vmg1.info | udp |
| US | 8.8.8.8:53 | images4.fanpop.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | mi-cache.legacy.com | udp |
| US | 8.8.8.8:53 | www.spencerchristian.org | udp |
| US | 8.8.8.8:53 | thumbs.mugshots.com | udp |
| US | 8.8.8.8:53 | chessandmazes.com | udp |
| US | 8.8.8.8:53 | image2.findagrave.com | udp |
| US | 8.8.8.8:53 | peerbackers.com | udp |
| US | 8.8.8.8:53 | www.turtlegardens.org | udp |
| NL | 94.100.122.215:80 | tcp | |
| NL | 94.100.122.215:80 | tcp | |
| GB | 216.58.204.74:80 | ajax.googleapis.com | tcp |
| GB | 216.58.204.74:80 | ajax.googleapis.com | tcp |
| US | 104.26.11.178:80 | images4.fanpop.com | tcp |
| US | 104.26.11.178:80 | images4.fanpop.com | tcp |
| US | 104.17.59.215:80 | mi-cache.legacy.com | tcp |
| US | 104.17.59.215:80 | mi-cache.legacy.com | tcp |
| US | 3.33.130.190:80 | vmg1.info | tcp |
| US | 3.33.130.190:80 | vmg1.info | tcp |
| US | 3.33.130.190:80 | vmg1.info | tcp |
| US | 3.33.130.190:80 | vmg1.info | tcp |
| US | 3.33.130.190:80 | vmg1.info | tcp |
| US | 3.33.130.190:80 | vmg1.info | tcp |
| US | 35.164.64.246:80 | www.spencerchristian.org | tcp |
| US | 35.164.64.246:80 | www.spencerchristian.org | tcp |
| US | 104.21.61.211:80 | peerbackers.com | tcp |
| US | 104.21.61.211:80 | peerbackers.com | tcp |
| US | 3.164.163.89:80 | thumbs.mugshots.com | tcp |
| US | 3.164.163.89:80 | thumbs.mugshots.com | tcp |
| US | 172.64.145.151:80 | image2.findagrave.com | tcp |
| US | 172.64.145.151:80 | image2.findagrave.com | tcp |
| US | 69.175.102.130:80 | www.turtlegardens.org | tcp |
| US | 69.175.102.130:80 | www.turtlegardens.org | tcp |
| US | 8.8.8.8:53 | www.findagrave.com | udp |
| US | 172.64.145.151:443 | www.findagrave.com | tcp |
| US | 172.64.145.151:443 | www.findagrave.com | tcp |
| US | 8.8.8.8:53 | vivopets.com | udp |
| US | 194.1.147.68:443 | vivopets.com | tcp |
| US | 194.1.147.68:443 | vivopets.com | tcp |
| US | 194.1.147.68:443 | vivopets.com | tcp |
| US | 194.1.147.68:443 | vivopets.com | tcp |
| US | 3.33.130.190:80 | vmg1.info | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 194.1.147.68:443 | vivopets.com | tcp |
| US | 194.1.147.68:443 | vivopets.com | tcp |
| BE | 23.14.90.73:80 | apps.identrust.com | tcp |
| BE | 23.14.90.91:80 | apps.identrust.com | tcp |
| US | 194.1.147.68:443 | vivopets.com | tcp |
| US | 194.1.147.68:443 | vivopets.com | tcp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| NL | 94.100.122.215:80 | tcp | |
| NL | 94.100.122.215:80 | tcp | |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I819HQXH\dropdown[1].htm
| MD5 | e89f75f918dbdcee28604d4e09dd71d7 |
| SHA1 | f9d9055e9878723a12063b47d4a1a5f58c3eb1e9 |
| SHA256 | 6dc9c7fc93bb488bb0520a6c780a8d3c0fb5486a4711aca49b4c53fac7393023 |
| SHA512 | 8df0ab2e3679b64a6174deff4259ae5680f88e3ae307e0ea2dfff88ec4ba14f3477c9fe3a5aa5da3a8e857601170a5108ed75f6d6975958ac7a314e4a336aed0 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CY2G78MW\superfish[1].htm
| MD5 | 00d64a82ba2d055e5facd3a30efac924 |
| SHA1 | 308e275068e3bec5effca608fe9df2008c979650 |
| SHA256 | aaa3feed097fda6687c7c27860c24980f3ff105b6f326d10c98854145e9afa6b |
| SHA512 | 1151e227086964ec19c11eb388ace411a56a6e1da96409b2bfdb5313fb5df75223add437a653decf3afdfbd2be2cde421c512f9de423ad74f2ebbaf81119d8fc |
C:\Users\Admin\AppData\Local\Temp\Cab1A46.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar1B28.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a2ea12055a83452c20c272da12ba6630 |
| SHA1 | ed99ff32f134828d6bbfb68954b0cdc765aa6db7 |
| SHA256 | 36a31ab1af85f5a6f015eafae2676ef38c1c0b7c8e83d9404047edb90dc82561 |
| SHA512 | 150ee49b38cbb89f819831b8861e33d24eaa225ae6eb366cede7ca6a6b2db9fda752f4f3b06be5e8a948e817c1883a86424e02fa167eb2be7a36ce98f1b555bc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e3551f5e6048a7dcc0f6dddb39e1ab48 |
| SHA1 | 6702582a1c1f9fdb19e369a66c3e92ca84c885e2 |
| SHA256 | ba425fcec9b4fd0f8cbc6f31b959523a194b84c059375c09bf9d7abf36f10573 |
| SHA512 | 7a260431b41d228625403ae36ae2421f873631002bd3f54e888a88d1f6888694213f33afd4a0549891b94e141cf87c058fa3e0c37785d8cc63569d3cc272b037 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6805b88058966a1b8f9a2dbfa7199bb7 |
| SHA1 | 8fc33c0dda70c675b8b7bb8a0d88002f44cece44 |
| SHA256 | bcae610b223006ac4dda8dfc582e9d749b2173b2e3d80ce637a2c126b2bed2f7 |
| SHA512 | b88e36c7de2ba792677d8a920202bdfa5d3afe7fa20875a2ba564e6652fb637bfc8ddf1932cf6d1dc55d58ee927551d221cf3355715d40c04b696b2dc68f41d9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2ca9d067fc45974e38f06eaff5ed9dd1 |
| SHA1 | 1f97dcecc073c89a1d0d221481eadde48c10d477 |
| SHA256 | b2b3fe9a415b432baa9eea21edca60cbf908f1147952413aec584057a283bc6c |
| SHA512 | d81a7653e3382e0a00e3a117e6523815471d30f892d0090eb7d1ed9d9cc0a9299ae1d5a49ea68f234e9cf6bd5964ae8289bfce06a4a575ffcfc001950ee69467 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 477d928a922ba2d1e81d245421c648d3 |
| SHA1 | 266bdaa3d1230ded37e93f65b2887672ee2a0457 |
| SHA256 | b48ee23d75e6434903ab6016ea6110bf37113e731d79d7f04cd1d873d2bd8a35 |
| SHA512 | 41d66086dd43f08729d23001a655111320f3d5d36a012e384e1b9fe10f8b935e598117c248029d15d504d1349ab643c6325c721e7416a40c7da5958c6a09c811 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5acf7ab5d480c786f19af98980df531d |
| SHA1 | 7f4ac4702c5a8a9a2c7c03d5a8a36a896b51fa56 |
| SHA256 | b6799842d66463d67b517b6441d4dad2ffdc788c5f3d79e2c24fb51b9b630209 |
| SHA512 | 5a6dd35b295b8ccecd8f48566ab4ccf521d98aca3db99387fe9060667bb71ac3725d6f82983a2e11cfc6622f1a77fe5176eae3b9745a8348e44781ece235bbda |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 75216bfc702934cd2a5f91bc997e16fe |
| SHA1 | 97ef0330132a87a6e6a0b957be677588d7a5144b |
| SHA256 | 13130907739d0df6dfadd7c54e07fc20b6dac3a81505831f618a8cf9cdbe1635 |
| SHA512 | 90bc51104b1bc2ba047e5ac93cfa56c3dc7b8419adebb328ee10cc3885018a4b41b17331713007b15199b4ca0cf3b0f3160cc159d27f68be5b128fe8f2f32670 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e70530d9008aa2261ea160d22378cd8b |
| SHA1 | 43aad5a720422adf8d5a61b28874454047dfdd9c |
| SHA256 | c3c16fcfd9ea5851d684d8e128efe6d19d050c42eb666d222b905bef7de4384c |
| SHA512 | 5a683a9552ddd3287304753f144ae6d881923a1f636ef6339d4753f2584b6206d8e8bb3b5a7f90b5af075d1b8503429da79ba37145b1d8b8b84282c97bf02244 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | ac062a5219be9466e52a43217c6e59ac |
| SHA1 | 97e35fb59aa79a0dbe14994e8c5c1910b65214e7 |
| SHA256 | 5b9b81f8ce1386ae9a46a1d91bd8dfe56f4eda789e4a8419b1a08c69f35d55cc |
| SHA512 | ea40e3d7110717c62ceed6683f5f354ba02f74786afcc0f7313062b57a2cced6b006866c53a76a722dcb076f71648ada1faf5bc6446dc8ebfe9961a1e78c444a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e00aba89a29802aa601e8dce9c8b093a |
| SHA1 | d8747fa4c283f845243de37c6ea481bd11a3fc3f |
| SHA256 | faeb2d3d23323fe50c2395026e8e2186f544a02692daa56576aa9e203437f0a1 |
| SHA512 | f832e761af6cfd296439e5f863babf2250c7901d49dc48b306034e9c45acff636986c4569876d96b8628c46761a4caadd5ae92dfc28c2ecb7ba1ed74199a988d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2a5c39aa4d9d98544635fb2cda67ddcf |
| SHA1 | 9f9c078b8c5bf2c2092d80b82413588432cbef03 |
| SHA256 | 1498c4e188bc747cc791d276b6109a2e4781d836dadfe76256ea8220c8213520 |
| SHA512 | 1b98e7fe821b934bfea9f5b7155d21fadb95b70fed51d37d403e23e9be952294832ebf64be4c88c7ab2b5c818c217ddb4e3a22c525af249aa73e8004a10d120b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3a72a61f3ffc3c639bcfe1c83eaadb62 |
| SHA1 | cb762a49cae58c5037b52232ce623e9450037c5a |
| SHA256 | 8bb85b2888e9ea41a01107e17eb31b44f5e45399d85a54be12fb74ebcbabe264 |
| SHA512 | a54f3d4a973dfd317dde70ca2fb6652830af7e926fd08154778bbb84f6fee9d58d4219cd242e176cf1db7d06346eb88150d6a42011f336eb1e280914b0a5133c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9461523454a9951001f7ea631e3a18be |
| SHA1 | 219e100650ca6ac47f5ef73e5825b82a1b7332ca |
| SHA256 | 373aff94d720187a7a761fd16c03a420799fa55a692f6b4a82fb99077a1a9b45 |
| SHA512 | af26831e7ef053dbc520db2f55dd43b5e6a80b38a0c75d26e00c942e30df6850a9a4d086bb489bbac2d3d8901de3fabfa10e0571918d7692839c61206ce5c9d1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6c245c52e42b5274490d35f8372502f3 |
| SHA1 | 51474b2629ceb4df36457fc86e8874a60e6c891c |
| SHA256 | 47f67970f7f2f244e31b6b3c9d994fef9b8b63328b2b3c9a8eac6a9a46bad106 |
| SHA512 | be15cfd02d95cf3f7169aad60cc4139391d233c1fe85a30657062929f2099e346adcdc62184b1974b2c0960b3f87a5fa95edd597b5ea96a7691bbc067f743b4b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fcfbfc00766d2450ea07d2d5af7f2ed5 |
| SHA1 | 5393effdab5ef39e29b45bf8df2a798be07e3454 |
| SHA256 | f0953957bd256bdef97179065f835e8606257f4474f65a4ccea1ee04dcfdfbda |
| SHA512 | bafccf13e1f5918c401bdb28b7878ca9d2b185c77af1316558bd3845896d792c4eb8c4f6b876f377b0e48db2baa8b7455f99c4fa91255f14b66af592b5948daa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a6428900b7205b65f372c8d9052c82f5 |
| SHA1 | e9b153043b83b5385ccc6af781a8dbfd53fb5025 |
| SHA256 | 22eedf15d6c36655f5c2632afbe4837a68927315c5bf333a12cc82593f4a90f8 |
| SHA512 | 0a6909b1adfc029cb1d4b8044fbfac2581022f548283b48dd6ec51c6bc15a982084c2bce7675a1ecc6fb3ad99422f2ac3fb99dc57fcc0c167921a57b7ef8e496 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f52110d98de19f0c30b0a1b45e3da28e |
| SHA1 | 9e06fe5ede0d396a3507a196bac4ce20e5b08fdf |
| SHA256 | 4b0c899ba9e71b866fbd29fd15bf83e7c2357a95623ecf420c3cc5db3699c35b |
| SHA512 | 67222eb7e4e2147a8eef5f7747bb80b8d58a3c0eb37e4419e646bce28a44592120e96bdebbb18b97ae1bc90670b5c8982d638c6e4db50b0b08c5987428c3579a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 44951f1d77f7c244c514ed199b36a2f7 |
| SHA1 | e12d708a5d07513373fce16e26cddc79bb3f1fe3 |
| SHA256 | 225b97329ca62ce88f87c7821a969012e041c2b8ebbc77b4738710f17ab41d0b |
| SHA512 | f7079a411c6115e998b749cc9a3ccb9653f98965dc9a95809a77aefc382245ec54838003a4c743c7a6f2b9278ec92f2e5bd0ef53820e7e91b464ff8e33efb215 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b2e871937a303a943c8933219bf2f1a0 |
| SHA1 | 309617dc132e940f6f81a3e70d46b11deebffd67 |
| SHA256 | 112127a1c0feccac3c77d8ac2e8f84a08dfc25962afd2232b4901bb65a98ef84 |
| SHA512 | e97a83ef7401e16b5d5ee5b682cb35538966d09d800367ce0bfa307be12020f14d3fa6e39916deba258b7f613cc037fdc8626955a3ab3d58f4cd5c452db29051 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 89dfbb56afd5a84f437c6b5a480dd4e8 |
| SHA1 | c42e53883710f339c6c497eb16d4a00799e8cb76 |
| SHA256 | 71933bdbfb1088fbdf8aecff39593f599ba5a25d738c8736264966b0394f92db |
| SHA512 | 1f9c8b5985e96443db9331cc8872c5b1266042fa9538a2bfb1072215cbfff5fb0c401558d6d972e94b95384e1c8ee153362a83fce0da940437b10f8aa23d979b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7df769ddc4dc1e84cd60cf7d1a49b0ce |
| SHA1 | 44fdf6d934b81938dae7187505232578d961f5fd |
| SHA256 | c7ae69fc00a24ceb4174190df51e79b970e3185c755b555e8945e905ad4e326e |
| SHA512 | 8c979145a96053ad4f38103e5a670de2ad3b734c042a535e1b1b5fdd70523dbe8ea16e9e0003409b6f742d7b51daa9779f92f740d9aec238a1bfdbdf45ca5986 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 95e60570e908dd772a2ec99d202fe32d |
| SHA1 | 3514327e3550ec6439c3db86d7a4c8b5b3105685 |
| SHA256 | f258f0a9050616c31c3667d62ce06e0cb9cfcd354d01688a16e3ddad2df407a0 |
| SHA512 | ddd0aee5bca51444f522d5af3ab76197e57a038f80099de527797199627cb6466b1e6a140558a06596eb350594d41d56342bbda866152a9adf935d0d50a1f3a6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 67bc7e77de983abb06b729caf86e5c6b |
| SHA1 | cc28294bf526b92995031c138ae857b9efd746af |
| SHA256 | a6f65168007e56ed322a8853dec32521093bb9bc6322d77cc7d51389f1be521b |
| SHA512 | 0a38e9a99d66bda40b16379dcfba59d8e8cf296ca5450ea0df0d5d39c7034633d27d2afe63f532a25e30ae4d545787a94832c11fbf70cafdaa6f56481d64864e |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 06:35
Reported
2024-06-13 06:38
Platform
win10v2004-20240508-en
Max time kernel
147s
Max time network
149s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a43b99a57f907e0604741af3e9f36941_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff9c6246f8,0x7fff9c624708,0x7fff9c624718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1816,18427292344997779237,1158189245883005806,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1816,18427292344997779237,1158189245883005806,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1816,18427292344997779237,1158189245883005806,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2932 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,18427292344997779237,1158189245883005806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,18427292344997779237,1158189245883005806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1816,18427292344997779237,1158189245883005806,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4340 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1816,18427292344997779237,1158189245883005806,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4340 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,18427292344997779237,1158189245883005806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,18427292344997779237,1158189245883005806,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,18427292344997779237,1158189245883005806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,18427292344997779237,1158189245883005806,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1816,18427292344997779237,1158189245883005806,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2744 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | vmg1.info | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | vmg1.info | udp |
| US | 8.8.8.8:53 | vmg1.info | udp |
| NL | 94.100.122.215:80 | tcp | |
| NL | 94.100.122.215:80 | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | eaa3db555ab5bc0cb364826204aad3f0 |
| SHA1 | a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca |
| SHA256 | ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b |
| SHA512 | e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4 |
\??\pipe\LOCAL\crashpad_3376_UNGJVBXWNZMTGAEF
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4b4f91fa1b362ba5341ecb2836438dea |
| SHA1 | 9561f5aabed742404d455da735259a2c6781fa07 |
| SHA256 | d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c |
| SHA512 | fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 63be8a3fa7e912c9f984d88ffb896c55 |
| SHA1 | b99e40e61c51a4f0d68f751c9d43057e9a73146c |
| SHA256 | 5476443d3e16b90d16d510470ea2d17cec6113115f165ed20cbf8065fa2b8035 |
| SHA512 | 70dcc01ee33fee0043562e6fc310a242c4a98b1930901e3c4031d686635cd8e6c950b16f09e544b795f5e79554db5c7b0d2855cd6fd06229ad1bc2703e3d8e82 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f986db03c393aeb234b29e6d98404c2e |
| SHA1 | e40e86188ddf8984e4aefcddfeac5a00132a9917 |
| SHA256 | a4ee67c61cae4fe326cd1016caee885d3135545207785a89ec3699da8accdd3b |
| SHA512 | cc70407968e67061cdd42a6621c4beabe299b6efb4770a9a15ac4d964b1d45e37d60794781b4a091eb1d73c009db3af695b939c0b37632eabd5ebbd2135aafb3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 72fafcac9a5f863d9a1bbbfa6b253376 |
| SHA1 | 92f91f75b0f887f7dd9a336eb2f5cf4326cc708f |
| SHA256 | 3a049c9422c74f54c3de324598bf9a66f58449a9dfd1c61e5422589cee65731e |
| SHA512 | 5884cd648b40274220fd73217ffc5d4798c85a6f8ad0b20a8ed87f23e5c4cf3a6fcc32711a9adcd2efef286870d5b9cb59ef6fc8e30bb9656f460bd55c59a106 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |