Analysis Overview
SHA256
5b1642db79f3f7c1beb97c8b1f0b6b793318811afc12e97e95fa321b86d3d98d
Threat Level: No (potentially) malicious behavior was detected
The file a5f25695d749480f612c075fea959d6f_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 14:08
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 14:08
Reported
2024-06-13 14:11
Platform
win7-20240611-en
Max time kernel
145s
Max time network
146s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6D9EA0F1-298E-11EF-8F67-D62A3499FE36} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424449585" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a0390500000000020000000000106600000001000020000000b894403f678a888d69fd785b0b870450db3dee4b78b6c25d409711513498bdc1000000000e8000000002000020000000af43147b5ee0e05d9d63d1c51a6ea06172e67d1aa498b9bfe4dccc496fe18cc020000000b6a5048cc6e11d4680f79c5ae97dc9bac23cfe03dbd98d72ca0644fc7bc2f498400000009ea2ca9932f93639135e1f88b34257f42d804c40d1c28f88eba0cd9c5248838fd6afa1003ca815ef972bc2cd216227db7ba3c2b33641c1f425f8586a82053ec1 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 3077df439bbdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a039050000000002000000000010660000000100002000000012cf0ebf42a0ffdc8e86e371ea74265520dc27b2bc3257fd1e3f6a6b7010d38f000000000e800000000200002000000048c12240b904b8aa2d88989d33bc1fe975f578c4a83f1230a3ddc494a032f3f790000000f0e15bd6334d2662480b7b53bd9e39d4da956945ab627bf9545fb111061c95a86e44654ebdf418e204457b861a43659917111a7976966f4e98f0fc30495c47b47a6354217a6ec5e187048d9403932cfd85452b3fab8a0adf0f769d570cc0542ac5c020c52b11b9a8ec9476bdac0a2f2b0da3cc0ab91449eefc3e277094dfc8a851133247f9925a4a995b5b03f438a04e400000008fd14f83e6241034b9e8bbe8afd17c6f6c8830480e5601043249ffbf4e1484a1a22e7289dea678774168f06f38212ba08f20a49c796f1db4f960d05ac81ab2b9 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2652 wrote to memory of 1880 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2652 wrote to memory of 1880 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2652 wrote to memory of 1880 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2652 wrote to memory of 1880 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a5f25695d749480f612c075fea959d6f_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2652 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | bux.to | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | tinyurl.com | udp |
| US | 8.8.8.8:53 | utilnox.com | udp |
| US | 8.8.8.8:53 | img43.imageshack.us | udp |
| US | 8.8.8.8:53 | img41.imageshack.us | udp |
| US | 8.8.8.8:53 | img36.imageshack.us | udp |
| US | 8.8.8.8:53 | img194.imageshack.us | udp |
| US | 8.8.8.8:53 | img35.imageshack.us | udp |
| US | 8.8.8.8:53 | img4.imageshack.us | udp |
| US | 8.8.8.8:53 | lh6.ggpht.com | udp |
| US | 8.8.8.8:53 | lh5.ggpht.com | udp |
| US | 8.8.8.8:53 | lh3.ggpht.com | udp |
| US | 8.8.8.8:53 | img207.imageshack.us | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | s10.histats.com | udp |
| US | 104.20.138.65:80 | tinyurl.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| US | 38.99.77.17:80 | img207.imageshack.us | tcp |
| US | 38.99.77.16:80 | img207.imageshack.us | tcp |
| GB | 172.217.16.238:443 | apis.google.com | tcp |
| GB | 172.217.16.238:443 | apis.google.com | tcp |
| US | 104.20.138.65:80 | tinyurl.com | tcp |
| US | 38.99.77.16:80 | img207.imageshack.us | tcp |
| US | 104.20.138.65:80 | tinyurl.com | tcp |
| US | 38.99.77.16:80 | img207.imageshack.us | tcp |
| US | 38.99.77.17:80 | img207.imageshack.us | tcp |
| US | 38.99.77.16:80 | img207.imageshack.us | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| US | 38.99.77.17:80 | img207.imageshack.us | tcp |
| US | 38.99.77.17:80 | img207.imageshack.us | tcp |
| US | 38.99.77.17:80 | img207.imageshack.us | tcp |
| US | 38.99.77.17:80 | img207.imageshack.us | tcp |
| US | 104.20.18.71:80 | s10.histats.com | tcp |
| US | 104.20.18.71:80 | s10.histats.com | tcp |
| GB | 172.217.16.225:80 | lh6.ggpht.com | tcp |
| GB | 172.217.16.225:80 | lh6.ggpht.com | tcp |
| GB | 172.217.16.225:80 | lh6.ggpht.com | tcp |
| GB | 142.250.180.1:80 | lh3.ggpht.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.180.1:80 | lh3.ggpht.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 216.58.204.66:80 | pagead2.googlesyndication.com | tcp |
| GB | 216.58.204.66:80 | pagead2.googlesyndication.com | tcp |
| GB | 142.250.180.1:80 | lh3.ggpht.com | tcp |
| GB | 142.250.180.1:80 | lh3.ggpht.com | tcp |
| DE | 185.53.177.10:80 | bux.to | tcp |
| DE | 185.53.177.10:80 | bux.to | tcp |
| IT | 81.88.52.17:80 | utilnox.com | tcp |
| IT | 81.88.52.17:80 | utilnox.com | tcp |
| US | 38.99.77.16:80 | img207.imageshack.us | tcp |
| US | 38.99.77.17:80 | img207.imageshack.us | tcp |
| US | 38.99.77.16:80 | img207.imageshack.us | tcp |
| US | 38.99.77.17:80 | img207.imageshack.us | tcp |
| IT | 81.88.52.17:443 | utilnox.com | tcp |
| IT | 81.88.52.17:443 | utilnox.com | tcp |
| US | 8.8.8.8:53 | img32.imageshack.us | udp |
| US | 8.8.8.8:53 | img29.imageshack.us | udp |
| US | 38.99.77.16:80 | img29.imageshack.us | tcp |
| US | 38.99.77.16:80 | img29.imageshack.us | tcp |
| US | 8.8.8.8:53 | img39.imageshack.us | udp |
| US | 38.99.77.16:80 | img39.imageshack.us | tcp |
| US | 38.99.77.16:80 | img39.imageshack.us | tcp |
| US | 38.99.77.17:80 | img39.imageshack.us | tcp |
| US | 38.99.77.17:80 | img39.imageshack.us | tcp |
| US | 8.8.8.8:53 | img19.imageshack.us | udp |
| US | 8.8.8.8:53 | img13.imageshack.us | udp |
| US | 8.8.8.8:53 | img8.imageshack.us | udp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 38.99.77.16:80 | img8.imageshack.us | tcp |
| US | 38.99.77.16:80 | img8.imageshack.us | tcp |
| US | 38.99.77.17:80 | img8.imageshack.us | tcp |
| US | 38.99.77.17:80 | img8.imageshack.us | tcp |
| US | 38.99.77.16:80 | img8.imageshack.us | tcp |
| US | 38.99.77.16:80 | img8.imageshack.us | tcp |
| US | 8.8.8.8:53 | s4.histats.com | udp |
| CA | 149.56.240.130:443 | s4.histats.com | tcp |
| CA | 149.56.240.130:443 | s4.histats.com | tcp |
| US | 8.8.8.8:53 | img190.imageshack.us | udp |
| US | 8.8.8.8:53 | img40.imageshack.us | udp |
| US | 38.99.77.16:80 | img40.imageshack.us | tcp |
| US | 38.99.77.16:80 | img40.imageshack.us | tcp |
| US | 38.99.77.16:80 | img40.imageshack.us | tcp |
| US | 38.99.77.16:80 | img40.imageshack.us | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | fe0.google.com | udp |
| CA | 149.56.240.130:443 | s4.histats.com | tcp |
| CA | 149.56.240.130:443 | s4.histats.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | e72dccf6c033fe96eb1bef1ce1e8d6fd |
| SHA1 | 4555e972e8b14abdffa962279b91774e6d46fd66 |
| SHA256 | 157486368dc32c9e5f1a671df0c94275b031b2fcdf4660a5061a65981cde382d |
| SHA512 | 934669273f6c0d5cd72e3655a811ba226440c3880e61346de7b95e7db60c0afb71dc91347d5012f1cc11f2b331c9c42c25d819a6a34432a00b98f53b90608695 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | cb85f3fcf86ef0de7ef258539cae87de |
| SHA1 | c73288fff07885a62f8c7033b348863ed3b8cad1 |
| SHA256 | 7430a96d94b1faa5363b7656b323ffa416fd262e0405e498bb143dc93443963f |
| SHA512 | dc152f2e8c8f7e316e84f7a1f3996e02c08d582d6d0e40b8bf7171e359ea952a80b7452e56690b30fe98b4655d4744e8529a930449ef1cd853e377f86294b2d2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | ac89a852c2aaa3d389b2d2dd312ad367 |
| SHA1 | 8f421dd6493c61dbda6b839e2debb7b50a20c930 |
| SHA256 | 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45 |
| SHA512 | c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | 318fa6ff35dc44778edfcec2e7385894 |
| SHA1 | fd8dd5b5258896dc595be22a252883a738fb514d |
| SHA256 | 212a012beb591c8f154d0b8cf2093946119c054cabf152a2c8461170f115ff06 |
| SHA512 | 2dc93eee2a70592e82d919b21cddfad2eb52f35b4ac87961c295cc01c3c4a17f2e9898590311c153ed7c7556315e46f848b4f4b900fa724414f7826f2b971a67 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DACC52A1882A05AED14688828CFAE295
| MD5 | 7b1741c1b825eb84417708afe78f926a |
| SHA1 | 038bff19848caada3c89c839eb0772e666e87092 |
| SHA256 | 1e645ef6cde8e774d2958f4e2988ff3470be621f24ce874c929426fdde8a22bf |
| SHA512 | aef01e0fb5a52894b90bba998a9033e14edf4ad2dac1a329a5a13709a9157fde4e6c56cc5504bda373ee2efd1191ede0c4529072910dd8a7550ee16069094da8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DACC52A1882A05AED14688828CFAE295
| MD5 | b260b1a156ea542600980518fdea0bde |
| SHA1 | 5584fa6e7ff7d691f95b02179799fd2117a50d15 |
| SHA256 | 10b6eca9aa3fc00a3bf2641866f8ce7180b4721ebb868276d205baad73bdf980 |
| SHA512 | 7472e80e4351daa4bf6670535a66e1a06265e3af603db9584ae10faf4db367259c21b5dad172df86f0bd45b5612c1469923d91ff5b6197a55e11312603bbe5f4 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PJARS8CM\platform_gapi.iframes.style.common[1].js
| MD5 | 682c26af19b240f98d2cb951721fa54d |
| SHA1 | 18e58b652c7f82a55ab4b1910693686049e25d62 |
| SHA256 | 96428f0f585a874c185d560538ad83ebfad0365d760fcf9fcefe80add9e3c980 |
| SHA512 | 078aeef086271b7f9cf0f6e3a1e7908d7e38465a1a7a4de6f2a785147e9130551a2995e80600824da9341d58e5425d4505518e90eea9ffe1c64f4f41825a9660 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TNPG4FQ8\cb=gapi[1].js
| MD5 | f9255a0dec7524a9a3e867a9f878a68b |
| SHA1 | 813943e6af4a8592f48aeb0d2ab88ead8d3b8c8b |
| SHA256 | d9acfd91940f52506ac7caeffea927d5d1ce0b483471fa771a3d4d78d59fda0d |
| SHA512 | d013be6bfc6bcf6da8e08ed6ff4963f6c60389baa3a33d15db97d081d3239635f48111db65e580937eb1ea9dc3b7fc6b4aecb012daeee3bf99cfebf84748177e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 04236a8a03f49f0abe06d3aa70459c65 |
| SHA1 | 1662b0f73d2967c20b574a537c2c47692d4a6de7 |
| SHA256 | f0eb65301d763a8a9521e72a2dbdad263b7263b27120f50b962df8d7e942c257 |
| SHA512 | 52d3bfcf4b08884d94c776b4d47c095258dcbb354b7b4812f32ec8a8dac536c25c5f0c04240bffbf89be111fba4893ed2388b34a7b310aa077706c3546097cf6 |
C:\Users\Admin\AppData\Local\Temp\Tar476F.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\Local\Temp\Cab476E.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4be8d6b94bf9cd7927f4f47473f20151 |
| SHA1 | e918f8621862b64d123bd75202e2af168b4f21e3 |
| SHA256 | 1a59ae624acc3d97ba1ea4975b64df82e92f5b3f1c27a1cfa386f5ecdd6f3752 |
| SHA512 | f5dda472e4f550da968090d708f77a04129ca7ad9016df6dac4372a39f47b6b9ba0cb63f4798a452ff5a43f2761e1a4013383f46b0aa802bb92717e6030cd064 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 574ac005d9293a55727f3e1e3471aaec |
| SHA1 | 2f11e7f3671a012f01b29d23aef36783efcbc500 |
| SHA256 | de025197ed605e215ff58a116c86a0298615b6b38007cfce5f347d2648acf393 |
| SHA512 | c673c86d14bdfaa798b65477fe00bcc47aea58b8ad1b5e31e28ff89dcf8dda53dc9c7f53e0d89ea7c406bb941b15e15c1df4dbd4e0e29a7590f8d8c6ab17410c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c0065f05a7043098abcd8ce2e56531a2 |
| SHA1 | 994ba24873207e697f4a861b97c0ae980e9f0813 |
| SHA256 | a60a89b2976f70e17e882406e24d15b528c1c1ee85c2f5331e36faca50843db3 |
| SHA512 | 34cbe2cfaf1f2d1a0905aace5ebe94122885a9acb5748b77dbab86442896b668f8daa7fa2a6c005b7fea0e3aa1e3647e750ee587ed4c5e29e49ce6a618004da6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 54dde5a7de30ae4d4a9de2406a5e5d80 |
| SHA1 | f18f48933032d88815aa7b2aef2ed8df5eb7e662 |
| SHA256 | 85d37931a29d03f6e5c7e6b43c553ac7e4417b8e113c3fc1c130958405e030f3 |
| SHA512 | 38d1295ff2dd34314da6be141ec0a9ff21f4764eaf78d3bf39ca828e4b8f50dad29e43c99b44eebc25f56c1e8dbb145069a4efadb901d462de073a6c2997c4dc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1c6892757d7dc2d1a595ff2560958d8f |
| SHA1 | 6c62695212fc1138d6d1c5f72a52210f23547700 |
| SHA256 | 182ffdb691c07fa54ff42478d8fa7b59fa63d07bad6486766ad827baf0458bd1 |
| SHA512 | 071517d17edebcc193fcfb08b49d4b575877f92c0a669a8a537f2a5def9f5ee68c824ecdd0084b2c1312ad19596550698e6ba828906704212678c7a96a3b260c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 584fa4d54bab26a1a81c6e8b68a46e9f |
| SHA1 | cf81f6b8d80c71d9a9f6fbbf7deceae6ea90e474 |
| SHA256 | 32073e0feffdd3b6e937248c6e58c92e9b4f80cfa9192c2a4c99f6e6a6e87d96 |
| SHA512 | 72d1dc9aee484d7f8d5b0034b12546fd478a63c7f9acfd81461a6746e56ec7923311c237ff896c327efd7639f10181d1af5b19108bbb93a6a626ca1479607c08 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d4206d95b0ef17a77b9dd08672b313e2 |
| SHA1 | b0e822eb34d202eff8a3cd9dd8ce934d3349095d |
| SHA256 | ba53a6d2ac40263218a59e90a195cfacd6f7add1456d4c3978cd7529cab02be6 |
| SHA512 | 6c1316af57b365e705519535e6d3cd6f974ab729b56f8fd5cb7ca1f4c74e7b25e34ffd85f1495454e41cb4495d3238ca65bb69c36886168d39221d0ecebfac9f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7685b10cc36edd37cfc7088878e30bdf |
| SHA1 | 7aa8b0b837c4a4b3cd807837abb77659443437f1 |
| SHA256 | 90d51ab58e8b878a6980551c7a78bcba19d2b64cd2727494e18365028e50b0d3 |
| SHA512 | 2c842985654062aac090149ad4899664b0dc710ba8d696c65d1ce2cc78312109a33d07ca99f5521db7a9d67a8c2d50d68fc470571bf23fda081b4d66342ac49e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c1e4269da03bac8708c965b26057ac0f |
| SHA1 | e9ef5b1bcea0bda3c1dc6613b75d679ea8fd87aa |
| SHA256 | 2159fc95533ecd04b979dc66b8c603e4508346669e32c032e154fc71ae4e6753 |
| SHA512 | d350a64740fab388678f8b41f7d070e144da219ced31037073606652e1de6556857d704151809db2fac077b67d8321f7141d8032930526f94314ffa26a9bfb65 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PJARS8CM\e[1].htm
| MD5 | c2b26b17141e97da490556030d44f1c3 |
| SHA1 | fe0d875538ed94e607d4f3fefecfc8f797ff3ea9 |
| SHA256 | 892d55861a7789eec2cad963b875d9ebf537ff3698f08d0349ce86395d224262 |
| SHA512 | 67db732d53c80d1bf30ef6ee75a73ed69ed071ac4e84ff86789a16dfae810bef0d2cef472d6e8624247196334b7f48a65158552fc8a012f968ecdd332a840235 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1ae3cce52a025ef468e131ab5418ce96 |
| SHA1 | ba8b60a6be2d598933d00f66884a4c2f776d17cf |
| SHA256 | ceede172628a4568ca3c69a7457438dfffc662d4728ee8ea0d98a56f2a5602e4 |
| SHA512 | bb051ae837374e2de760ffedd59f733f2b6c6107cb5638dee10e54673c8fe0fb6337b19c1c78c83ff596e77aca54223feb5595fd28393be83eee6aae12f047b5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b3db51dc72691406e6c996189c86e122 |
| SHA1 | fca9a7859b65e6ecf6f3c9b136d97d622c14e2e7 |
| SHA256 | 82e907ea7130acc5b71704ac0d2806e65d28378b520ccfceea6fcf46cb21fff9 |
| SHA512 | 07eb24a8228e6786e53437a575c422cf8c58468372393c18c947fa2b64134cfa5cce5aca635c616be14536deacdf207922d6a69548c4f87170b0541d4f06e535 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c48256b2845ed568c56dca5febf76190 |
| SHA1 | 3abf6ca479e722e690312f2fb33a57b78d30d80d |
| SHA256 | 9dbe0bb5268a8869619dbeb72fef6976a43f42f3ad8527253d6f9e00b47c6c45 |
| SHA512 | e5bfb31a38b84580a50f4b3048e2eab2ab847db636753a21b0287edf21961a40cfd07ba0381c0b4fb7b308a2f16155e7402f326120731c393779628a02477469 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 16fce5c4e445930afbf3004950245e28 |
| SHA1 | 280d7d0c91effb1153d2049d3727a6aff27a4864 |
| SHA256 | 93d61e4188449876733f2a0db0adda208fd8d9400e8fa0969448e69ba18e89d1 |
| SHA512 | 280df3d67caa540ba40da23a71eff05e49707532146976293f939c02abb9f13c9d42a6e8ca254fb4cf21fedcc51867beb23688942d05bc4ce6009ec8a86c2f07 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a39163e82e0a8cf5410b79c8a8d12802 |
| SHA1 | a1ab62dc07210773af76c4289b2f3ff983ee5887 |
| SHA256 | f3d7dd780a161b9a3ff73f2d1343baf138ab0a95d8eb297411777aad2cb58038 |
| SHA512 | 837825e3014196e886d24dbb0e08710dc3cd6cfdbf2a34571bf27fc3605a5706ae310516582e958bffef03010ed676fe63030c41aa355d99f54d0b0ab3392f42 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0a49bcc15200acaa8a53e2dae151dd90 |
| SHA1 | 1e57f74f0f907245fe8424f3f61456149a5cec5d |
| SHA256 | c159156e2f2b1eb0652cd7d102fb12bc06343691f535aca34cc4dcdccbffc101 |
| SHA512 | f6220422e4708295acb2b3467f6d5ebbde300fd91024a38a3e75a447bf425a39b3c7335ccf447a48041e1723c77edc812eb8a26ac71e22cc246812d886d1ab86 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 10af31b3bdd0be03cb70223bec7cc917 |
| SHA1 | b3196dad33d89913e7fc28b275cfb126ff695236 |
| SHA256 | 29c1ea37137b3a524b4eaed16705101edba67d09e025e54cb526b2f151c02422 |
| SHA512 | 660dab1f6e54563ff38f07ba420416b66c9eb8ee1476c41e13f2f8ebb21b28ada7a37ceead3b0a1d32428b9fb6319baed7b5d47166dd8d73a5f07652f68b9207 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8484f9300b45823c8cce413bc19c47db |
| SHA1 | f1c756770986307345defc4b9559c555b8328656 |
| SHA256 | d3e600a9afd30ac1d64bc23cf86602f0b5110340188e7313235e348cea7af783 |
| SHA512 | e2650da0c1af52b2ad00c2fa29b4842942b4a2b106bd846c767e304bf649ea1669fa9423361a2fb96fa67c9a15d2dbf8ec308ace5832d7869e5416029745a93d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 78a275207dbff52fca398d6bc0379bb6 |
| SHA1 | 57052f8c4953f9a62c8308b80954649edaf7f59f |
| SHA256 | c3d69aef0d608a45500f175b2d12c8e1bd4a796d9bbb8a13a4ec7c096cff0466 |
| SHA512 | ccba2e6cb6a8c523ec7eb16da9d83a347730955dfb48092c9e4ff1b196b3168380f8bdb95f85c5242ef04213009b99ffbe40670f86dade8601bb9bc081df0fad |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 14:08
Reported
2024-06-13 14:11
Platform
win10v2004-20240611-en
Max time kernel
145s
Max time network
139s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a5f25695d749480f612c075fea959d6f_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffaab146f8,0x7fffaab14708,0x7fffaab14718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,2617663528980527853,6089817184258766348,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,2617663528980527853,6089817184258766348,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,2617663528980527853,6089817184258766348,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2508 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,2617663528980527853,6089817184258766348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,2617663528980527853,6089817184258766348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,2617663528980527853,6089817184258766348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,2617663528980527853,6089817184258766348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,2617663528980527853,6089817184258766348,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6200 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,2617663528980527853,6089817184258766348,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6200 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,2617663528980527853,6089817184258766348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,2617663528980527853,6089817184258766348,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,2617663528980527853,6089817184258766348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4060 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,2617663528980527853,6089817184258766348,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,2617663528980527853,6089817184258766348,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4984 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | utilnox.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| GB | 142.250.178.9:443 | www.blogger.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| IT | 81.88.52.17:80 | utilnox.com | tcp |
| IT | 81.88.52.17:80 | utilnox.com | tcp |
| IT | 81.88.52.17:443 | utilnox.com | tcp |
| IT | 81.88.52.17:443 | utilnox.com | tcp |
| GB | 142.250.178.9:443 | www.blogger.com | udp |
| GB | 142.250.200.14:443 | apis.google.com | udp |
| US | 8.8.8.8:53 | s10.histats.com | udp |
| US | 8.8.8.8:53 | bux.to | udp |
| US | 8.8.8.8:53 | tinyurl.com | udp |
| US | 8.8.8.8:53 | img36.imageshack.us | udp |
| US | 8.8.8.8:53 | img41.imageshack.us | udp |
| US | 8.8.8.8:53 | img43.imageshack.us | udp |
| US | 8.8.8.8:53 | img194.imageshack.us | udp |
| US | 8.8.8.8:53 | img4.imageshack.us | udp |
| US | 8.8.8.8:53 | img35.imageshack.us | udp |
| GB | 216.58.201.98:445 | pagead2.googlesyndication.com | tcp |
| GB | 216.58.201.98:80 | pagead2.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | lh6.ggpht.com | udp |
| US | 8.8.8.8:53 | lh5.ggpht.com | udp |
| US | 104.20.18.71:80 | s10.histats.com | tcp |
| US | 8.8.8.8:53 | img8.imageshack.us | udp |
| US | 8.8.8.8:53 | lh3.ggpht.com | udp |
| US | 38.99.77.17:80 | img8.imageshack.us | tcp |
| US | 38.99.77.16:80 | img8.imageshack.us | tcp |
| US | 38.99.77.16:80 | img8.imageshack.us | tcp |
| US | 172.67.1.225:80 | tinyurl.com | tcp |
| US | 172.67.1.225:80 | tinyurl.com | tcp |
| US | 172.67.1.225:80 | tinyurl.com | tcp |
| US | 172.67.1.225:80 | tinyurl.com | tcp |
| US | 172.67.1.225:80 | tinyurl.com | tcp |
| US | 38.99.77.17:80 | img8.imageshack.us | tcp |
| DE | 185.53.177.10:80 | bux.to | tcp |
| GB | 142.250.180.1:80 | lh3.ggpht.com | tcp |
| GB | 172.217.16.225:80 | lh6.ggpht.com | tcp |
| GB | 172.217.16.225:80 | lh6.ggpht.com | tcp |
| GB | 142.250.180.1:80 | lh3.ggpht.com | tcp |
| US | 38.99.77.16:80 | img8.imageshack.us | tcp |
| GB | 142.250.180.1:80 | lh3.ggpht.com | tcp |
| GB | 142.250.180.1:80 | lh3.ggpht.com | tcp |
| US | 8.8.8.8:53 | img29.imageshack.us | udp |
| GB | 172.217.16.225:80 | lh6.ggpht.com | tcp |
| US | 38.99.77.17:80 | img29.imageshack.us | tcp |
| US | 38.99.77.16:80 | img29.imageshack.us | tcp |
| US | 8.8.8.8:53 | img190.imageshack.us | udp |
| US | 38.99.77.17:80 | img190.imageshack.us | tcp |
| US | 38.99.77.16:80 | img190.imageshack.us | tcp |
| US | 8.8.8.8:53 | img40.imageshack.us | udp |
| US | 38.99.77.16:80 | img40.imageshack.us | tcp |
| US | 8.8.8.8:53 | img39.imageshack.us | udp |
| US | 8.8.8.8:53 | img207.imageshack.us | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 38.99.77.16:80 | img207.imageshack.us | tcp |
| US | 38.99.77.17:80 | img207.imageshack.us | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.53.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.52.88.81.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.83.221.88.in-addr.arpa | udp |
| US | 38.99.77.16:80 | img207.imageshack.us | tcp |
| US | 8.8.8.8:53 | 98.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.18.20.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.1.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.77.99.38.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.177.53.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.77.99.38.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.16.217.172.in-addr.arpa | udp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 38.99.77.16:80 | img207.imageshack.us | tcp |
| US | 8.8.8.8:53 | img32.imageshack.us | udp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| US | 38.99.77.16:80 | img32.imageshack.us | tcp |
| US | 38.99.77.16:80 | img32.imageshack.us | tcp |
| US | 8.8.8.8:53 | s4.histats.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 38.99.77.16:80 | img32.imageshack.us | tcp |
| CA | 149.56.240.130:443 | s4.histats.com | tcp |
| GB | 142.250.187.194:443 | googleads.g.doubleclick.net | tcp |
| US | 38.99.77.16:80 | img32.imageshack.us | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| GB | 216.58.201.98:139 | pagead2.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| GB | 142.250.178.9:443 | resources.blogblog.com | udp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | 194.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.240.56.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.27.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 131.253.33.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 237.33.253.131.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| BE | 88.221.83.208:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 208.83.221.88.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | e.dtscout.com | udp |
| DE | 141.101.120.11:445 | e.dtscout.com | tcp |
| DE | 141.101.120.10:445 | e.dtscout.com | tcp |
| US | 8.8.8.8:53 | e.dtscout.com | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| GB | 142.250.178.9:443 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | tutorialautoit.blogspot.com | udp |
| GB | 142.250.200.1:80 | tutorialautoit.blogspot.com | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 1.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c39b3aa574c0c938c80eb263bb450311 |
| SHA1 | f4d11275b63f4f906be7a55ec6ca050c62c18c88 |
| SHA256 | 66f8d413a30451055d4b6fa40e007197a4bb93a66a28ca4112967ec417ffab6c |
| SHA512 | eeca2e21cd4d66835beb9812e26344c8695584253af397b06f378536ca797c3906a670ed239631729c96ebb93acfb16327cf58d517e83fb8923881c5fdb6d232 |
\??\pipe\LOCAL\crashpad_2552_VETQZEESUHASJMED
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | dabfafd78687947a9de64dd5b776d25f |
| SHA1 | 16084c74980dbad713f9d332091985808b436dea |
| SHA256 | c7658f407cbe799282ef202e78319e489ed4e48e23f6d056b505bc0d73e34201 |
| SHA512 | dae1de5245cd9b72117c430250aa2029eb8df1b85dc414ac50152d8eba4d100bcf0320ac18446f865dc96949f8b06a5b9e7a0c84f9c1b0eada318e80f99f9d2b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ecd6d16f189087f19f412564bde62a00 |
| SHA1 | 5f470a7f500c311610e89d5b9a9f6d7f42eb6434 |
| SHA256 | 7cc0823bc949cabd344562eef790289d0f8c6c3cbaf1ad51e09c2284aade2c25 |
| SHA512 | 882a314dba1bff720ecb13b8746d1b8ab8198ac931827cba49e6c857f5c3a3ee1ac6cc6632c10a2b2aa40864a25c40b29dc32ee06f7b1754aceb9e47f851335d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d
| MD5 | 23536ccfe05b737ae639fe63ee4cc435 |
| SHA1 | 6d2e9822835dc3e6117a4d2addfc8f241fbdbc82 |
| SHA256 | 6ae9edfc411ede03661a3d910fafddab3d6b313d1f4668dc8c5a84c5ab23a3ce |
| SHA512 | f416e36b2322bbebd211fd1ea69c88883f00c7b00f14474a5fcce4a408840c0d1b0304eb8941509a38157d0583485f638959eb7d5b9ae668aa88c1d3eee8dd0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 6bc4fc1afc5ed8d700c6636617de3ccc |
| SHA1 | 697a01ca0b9225c721db03def27413937a38e86b |
| SHA256 | 21ab560366e575ca8a1d6b841a6d9f34429737d75aacf0869351a752b486a02a |
| SHA512 | e4feda2d4282f821f1e62316396c2b9672d856b9061d5bdf6ccc3cc593addd7f400d8ade0eaeefcfa5f2311beb3f0cd14bdf76eb5d9776641f5e4d3798bb1cc8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 256d3d2cb80b7df9c101f7ff17b5cf58 |
| SHA1 | f1ae4f712ab98e308c75ac4e06f06e23e415aeef |
| SHA256 | ab208ea683eb5985f38c292de524effb4394a278c58aebc25b00b9c7187356de |
| SHA512 | 7bcdbe260c8462e7f7189a21ae55db3ad1b765b13dd734fda8a97d2095cd2fdca34f2f942d58c6edae18634f1a9050490f2c89d1ec61ee36d87c921ee77e9590 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 48d001d57ec47b53088fa6fb20569896 |
| SHA1 | edb0483127774825e2f2a0f9060ef4fe2ccc04c7 |
| SHA256 | fc36fa1b52c17531cc27566df2692aa9e965daaf62fb1b582c4b68d5418cce53 |
| SHA512 | ff56537506a4c227178f07abc44df15fdb012753cd82be08630e7b9cb5eb861df84def07ab9b151f979cb3a409f6a16ec04336b766ebef8c8706eecb34615fbd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a59d9fcfb5848f90c432efe6611ef404 |
| SHA1 | 987e9eeb854d2e5a30d352bc27b865db7a8c3c56 |
| SHA256 | 5297a09e4e2242203e65872a4b2a4a1637450bd236335034fe7802ae12e05495 |
| SHA512 | 2ab59cd6480c4d80e875bf85e19109789f3247eb31e28258c843c4fb8a7afcc52d4b330df5911ac5a2162448334d388b2670ce6b262d84024b3d5137dba6f4fa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 83da5a6dc69a3c8e2fa33828dcafb539 |
| SHA1 | 7d072228fe4c30cf92229b273b9b0b1b718f2233 |
| SHA256 | 1dd803b4a327e13c807dc74d4afe6c9aa6b47216b0fc0bdf4d557e687ed57d74 |
| SHA512 | eea879550edfcff615db13ccdd347b2dcc5e378bdc681c2466400fbb19024997ee35674f2bee47235b2223df0b6f4f438e52bd3cddc6179ce8e7a573ceb4cd03 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | c6874b719ec74b73a292eaf66b07e96c |
| SHA1 | 36b610ef1500312e234fe75e2510cb52ec20e264 |
| SHA256 | 85b16d09f09480f8664aac603df1fa0dd4909c53812e559eb874692157e8977f |
| SHA512 | dcc1c8c10c9b77f2f2746d5d16eaacf2c1800d54f6dbb699750e408bfe4cc6670b9bd7cfef2c8ea52a96045e467d1bf2f0f8a13843ecb6fd4d535c598dbdb027 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 9a202aec26a477a814539e726e79628a |
| SHA1 | f35aa6d99c7f17080b7d3ae3d3b5e84ba5889142 |
| SHA256 | 1f27689f7e558c53f7e89585e73655203d1ad857f33621bafde85543ee319bee |
| SHA512 | cb5d4a1d25b7c401f83c2af97f2efda605999c426b52b45057cf366b470599ef977845b0877f48de2c68228cd31e18c27be241be5c2a0e42b5f0072ce946c9d7 |