Analysis Overview
SHA256
a5490722bff2f4513a5a2282044f03eae8e857db854c2dc0075098e94df48eb0
Threat Level: No (potentially) malicious behavior was detected
The file a5f3e221223ff9cb3c153c30f29cd8b1_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 14:09
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 14:09
Reported
2024-06-13 14:12
Platform
win7-20240221-en
Max time kernel
145s
Max time network
146s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9FB8D4C1-298E-11EF-8303-EAAAC4CFEF2E} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004346d38ada3b674ab47c41e58926b7110000000002000000000010660000000100002000000096c038c0ff36dab2f026d125e6e22125b8fdd48df17865584000fdc55159d514000000000e800000000200002000000095f13dfc3d6c4e0ef72b97f96dc707a181ad7e0c5b1dce8d33f2f08d7da93f1d900000002aa864bbcc37f5bebde85af62ab92defbeca362a21adb959c18470fee589939b17851c0e3b80c08b6ffb63276d3c593f23ddd958f7e5c56ab5f2c641c438a4353f4dd859111569608263f4f516d33e0dd46288b4b10bc5b547d8c41d368f84e2849707c3673fcb77663d3a8c18b3b4370766b83fbbbb0f9fbde3d8d132baa10ad80c8bd4b252e53388e1e2581ffc6f9e400000009557b020e2cd2bc6e7a1d59cd417e6f07e87737b5d675d00969cd1ed84871bfb5538d894c83f4a3015b5df5939e9afeb1c2f4b831b39b7153bbbc867606ac3fa | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424449669" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b0ccbe759bbdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004346d38ada3b674ab47c41e58926b71100000000020000000000106600000001000020000000e8fcee0f0b80cf1900d3827aa5a1524e39a9dbe937a42a3567045751e5521739000000000e8000000002000020000000e8fb7ed62bf1930b61a85bb1506082e336afa8706e179b3b8f6225e5a9d1bec320000000dbb58ce2b7832d17b8b5e2741285ed7a2e137829a280a0fecf1a9898acc05ec4400000000991fb4b3f7a6272c966110b4cd097e6f98173d6a87619b14a4b3c87627d9b0afb6b27444f64bd32f66582b2eb4531d41c9b9520efbecc528c4a1ff83ac71887 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1948 wrote to memory of 2340 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1948 wrote to memory of 2340 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1948 wrote to memory of 2340 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1948 wrote to memory of 2340 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a5f3e221223ff9cb3c153c30f29cd8b1_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1948 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | tcp |
| GB | 142.250.180.1:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | ca0fab2b8feb851d7bad9d891141a718 |
| SHA1 | 44dd306dda2e0bb75638c3b88aa324775e2252ff |
| SHA256 | 462d1604f1d391b500b9b07ff785a5b5dc2f4ae3a32fe466d6d848cee12de6c2 |
| SHA512 | 61e13946b83135f0e76aaaf677d1556ec2dc041329a22b59100234aa0cd27eb87d1a5a3298239c499d2dd0408cca7a1e162373ac81749b2b5267964ad1ba5830 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | cb85f3fcf86ef0de7ef258539cae87de |
| SHA1 | c73288fff07885a62f8c7033b348863ed3b8cad1 |
| SHA256 | 7430a96d94b1faa5363b7656b323ffa416fd262e0405e498bb143dc93443963f |
| SHA512 | dc152f2e8c8f7e316e84f7a1f3996e02c08d582d6d0e40b8bf7171e359ea952a80b7452e56690b30fe98b4655d4744e8529a930449ef1cd853e377f86294b2d2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 8b5e6cc208259543646406c32a23e576 |
| SHA1 | 1c499726fd53dfbc8c90cd6fc9ec8640550c8ca0 |
| SHA256 | c3a396d7be81c1d9c94f022b538400d9d244fb5112b2cfd2d49305f261dc62b3 |
| SHA512 | 801127d65e9dd116ce971fa89418b0a06556f872e99a55c988df9e8f96941128e76c36d03200db0e4b1911f2def4f4124aca80982aae23225b020726e7002e01 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 0b017e658c2308cfd25fba17dd314814 |
| SHA1 | 9db6bd5630368bd859e3101dc6c9babca5e12314 |
| SHA256 | 43dfb7a3badf78013872e33405f86601e4290aee21935091cade9395a2d8c03f |
| SHA512 | 2c15bea2466035fdcf3da8deb721563805f7f089a0cb18737cb411e57b47ea424abc5720f6d1e927e32acacadef5c347053a4863ad261bb3101c96cd7f774c36 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | ac89a852c2aaa3d389b2d2dd312ad367 |
| SHA1 | 8f421dd6493c61dbda6b839e2debb7b50a20c930 |
| SHA256 | 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45 |
| SHA512 | c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | f004bb82a447c38868e2518872e03963 |
| SHA1 | 3f79f090a6abb06e38df6220e85ecd51576e4438 |
| SHA256 | b646535a192d05ee38a300b3f31994b8bf2a8191b3e14ecc627b9e845277743c |
| SHA512 | fc4577f72b9437dce519cdb7fa1ef4589f6943fbc0a60dbe1cdaca985f5b1ea846f5df41964b284506ca4ce2729ab7608392884bf9ccf54749a45db66d31cfd5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DACC52A1882A05AED14688828CFAE295
| MD5 | 7b1741c1b825eb84417708afe78f926a |
| SHA1 | 038bff19848caada3c89c839eb0772e666e87092 |
| SHA256 | 1e645ef6cde8e774d2958f4e2988ff3470be621f24ce874c929426fdde8a22bf |
| SHA512 | aef01e0fb5a52894b90bba998a9033e14edf4ad2dac1a329a5a13709a9157fde4e6c56cc5504bda373ee2efd1191ede0c4529072910dd8a7550ee16069094da8 |
C:\Users\Admin\AppData\Local\Temp\Cab3056.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Tar3068.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d96ebe8974e4eb2a66126706ab36e856 |
| SHA1 | afd21e664d0960fd63b9a2338c76a3251da655b6 |
| SHA256 | 4d720e0a834f43d31b25bd3a46ed12e91316eda5b10904392c1c9c171fac3725 |
| SHA512 | 43abcb8a91d3253cad1507a3ace2414e1c489549f09f67cdd438ab87331a20dfb2746f1ad566f587ec48a8c08a2e5b5ef196f4bcfc596d93c8120ec7d80d4070 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar3149.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OORQXHVT\platform_gapi.iframes.style.common[1].js
| MD5 | 682c26af19b240f98d2cb951721fa54d |
| SHA1 | 18e58b652c7f82a55ab4b1910693686049e25d62 |
| SHA256 | 96428f0f585a874c185d560538ad83ebfad0365d760fcf9fcefe80add9e3c980 |
| SHA512 | 078aeef086271b7f9cf0f6e3a1e7908d7e38465a1a7a4de6f2a785147e9130551a2995e80600824da9341d58e5425d4505518e90eea9ffe1c64f4f41825a9660 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4JZQ5QLK\cb=gapi[3].js
| MD5 | f9255a0dec7524a9a3e867a9f878a68b |
| SHA1 | 813943e6af4a8592f48aeb0d2ab88ead8d3b8c8b |
| SHA256 | d9acfd91940f52506ac7caeffea927d5d1ce0b483471fa771a3d4d78d59fda0d |
| SHA512 | d013be6bfc6bcf6da8e08ed6ff4963f6c60389baa3a33d15db97d081d3239635f48111db65e580937eb1ea9dc3b7fc6b4aecb012daeee3bf99cfebf84748177e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ea65d0325bacdb32c4609f30a0865e71 |
| SHA1 | 1cb2a4a4014c44cdf8c66b6710fa634863a93fe2 |
| SHA256 | 967d575e786cf6b97bdd96a558bd373f92e837169ac89a086dd705a0c661cb91 |
| SHA512 | 1455c80f24b1981f4edac94f4473f656102becc5fa2882dfa1a6bd2338d57dec4f3399b54d4a2d64a49bf9f7534cb4ab759be9491aa2f85d61c3f040f62292f5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 001b523791bb51c2b03c3027eac76f9f |
| SHA1 | a29dd9c85af73754bb52a7850f48fb36d65ca5ae |
| SHA256 | 7ef728e5512d82cfc63854e87943b34d6b2edf0d5716f479b1e46ef41c575665 |
| SHA512 | a7131e646edade779665f3fe5c3c8ce61f6e2f2e6752c80d9135c4d220503876953f7fd2e51dd70db249c4e077f40fde63db76a18a43192f607b2502fcb83e35 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 64c60c3e656d3f4b55cdeeea5f93af76 |
| SHA1 | c1fd97cd24175c4ac1c8fd5613ffead819f68be8 |
| SHA256 | a62825a105a095636b1522597bde5ca5b63efcdb918e204e8c125cd76ee01c33 |
| SHA512 | e4664be98b6fc030a250d50aeb1210a1cadc482ab6c85aaa912e7680e552a48eb8cd8c4d3c873c071a5d03e4032f6b2b7eb9cd3981a1cb5ecfefe473ba53c6da |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a797c0d24c974672a2d16b36dc5ddbba |
| SHA1 | abc3e28963c86d51ea64e65fb929b3b855dff6e2 |
| SHA256 | 940ab29a932f198ffa129e89ab3a46e5d2aabf1fed90f3b95a0ad0d24f55c285 |
| SHA512 | 1f3b30bc226d7849854fb1a905508ec663fd9cc5da0d41324a851c05461c33cc5141a90aa97ed69f438d540db5f3b3d495b8f8a94030138772cb34472f79511d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c6a67518e616a44f114d9ef4bec90c7c |
| SHA1 | 0bba3e35aa9f827e64695c4f976384e9df431055 |
| SHA256 | 79d76e79e6c5effec139d1e1666c620c3007209955e22309145f9d3df14212d8 |
| SHA512 | cd832820ab35902e06a65703ad79c2d6d8dbc75d057726112c84cc713e10088ce814eaafea998b89cd4705705296c44d0c6ae86cfc00862704d664a8bea02940 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5ff0e13b7a11827a56c4f0c6c704a747 |
| SHA1 | b202b1d5602606e78a8a9848950cc1e30e33b694 |
| SHA256 | d40141fb0b1295ea8ab056d219aa476dba92b309c27f86be84466e795a3a1514 |
| SHA512 | 715c879c3a16bedfde8f4aea2308fa7a567ae28ed6bf8b83921370e99d36c38eedeb5d61d3165077cc23a9624896cf76cefbd12e282b6053e38ac1a594dd5041 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 60a82c04f91f64df8ac706e774b409ce |
| SHA1 | d6e03e003e1ea629c76fe4ac5413fdd239052286 |
| SHA256 | e3f6a02d75af89dd2b92950a151bc2bd9eaad4bc574f5b3f8b412eb791f4e7da |
| SHA512 | 5afb1ba2a5b557559334f28c5f4507e981483c838fa8679679295b35b51fd9ddfac52bbcb440f46c068d19c12c7eb98d2f6f6812a0ba50e085ff3417d7361581 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 42f6aa1caa8abd9500ba1d22001d52d2 |
| SHA1 | d84ebf0f7fab4e23c3fc64728534b87d37394774 |
| SHA256 | cded3b3c7e020a8f320b47e6440fd374b1567cdc5beb11674d2645aa59537285 |
| SHA512 | a3558e34d6839477e880f6dc6348428db6d6beb7bda0fd2b873b01cc25f8aaa8db28310679f5c7b6ad7ca11b03004cb83abee7909e77ccd0a8ac175b8a53ba06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3ae9657c3912a6c352e34357d074aedd |
| SHA1 | 6f4e721311a10218347f0eab1311b83279d576ff |
| SHA256 | e6d2d7b1ec482c8850c601a5758be1774447681939214bfa0e8c5a136c3f932f |
| SHA512 | 4678b923cc4b2d78bcb4c208f1d1d77f011eeb5a1b2f8055343b574b26bf1c83c6ef9873fe9b3886c5bd719d15ea5812a0688e715c6ab1399da5d8e2f0fcb9f1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d7f7a9deb8954ba2ad2d516521cb618f |
| SHA1 | cc97d7d37bfa62f507c85adc382d53b4cf0a0479 |
| SHA256 | e3020530f5377affb9f8be886da74d2d35abadd2a935cef8109d5ad68a191511 |
| SHA512 | e0cd10d4dfb1560f5fb1a999af763379202414f9f964751048989cd698b2509d926ab81be71166e35953d2711c6238dae1b3c28c85d40a25a17bf1fcbb82fb50 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7352fb73171f40ee23e8a6aec78d656b |
| SHA1 | 85468eeb6a867d78a33987813f523e871ee4e2b3 |
| SHA256 | ea1b9b3cb959b223b5016769b0fd2406d4e763181202ee86ad6ff180bf228254 |
| SHA512 | 3451c527232dfa790a63b6869223446eddf637e95739ba34835cab99f3d3ed1c05b6dc5c1ebc248b25fdac25ff9c974c9d8a237e8aaff1f0e3b93a8776509932 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 45dca9201e5c4e309a4dedea423fbbb4 |
| SHA1 | 8a384a76227be9beaf93417e20cb6e753cfd8b6c |
| SHA256 | 57f37048d49263eb035aee02a644167f51f26fe202b2ba07b12db9d992cb4a43 |
| SHA512 | d5786000fd10c7b00bcf9e5b74e280799e1e3163008bde43b2d1dd204647d3c0e2e1b5831007542605aaebc7f1c00739dc9daded74d123842e5c577bcca01dde |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | b2686df55593dc68f2bd4ee0ab0c394c |
| SHA1 | eb78b43130ecd75b7bd68189233b465fb3ae8da8 |
| SHA256 | a7fbe4287543eaeeb44d7a7e6beca3c755df7e9b4e6f1e033078137983f9b461 |
| SHA512 | 4d3d3c8179b383f6728d495626bd49d8f4863842ec27f86f881a831a7d2bdb8d034398cc75de73eeec0bdfea99117fa2a33da7b968c2d5dc36b4271d0ef712fa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f0daada156d39060858d93f5c0723476 |
| SHA1 | 38fc540323c631b1a46cc254dfcfe37fb7f9fc83 |
| SHA256 | 9ed3c481ef97178baa93c529be67959de18d34b483d48da2fd29060e7bdf6e36 |
| SHA512 | 045dfe1ac8e3000bd0fa4b298abe96deba8eb1cd93d861f93fbf6eff8514c7b3631d78c9a201a1a745f333b766cde8f420053dea75f25515eda09c3b429c9bbb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bc7b6377b73472a52e087f0a069be252 |
| SHA1 | 756be96486d4b9924043c04285a3d9d6b9ac0368 |
| SHA256 | 5a7c938dff78abe1da5f7e1273a7d80b7f09293f91a13a6a9c16463151e81705 |
| SHA512 | bc56cc95465bdb3736a79d1992d18d4657e6d868155dc3a8c74fd95cbdfc004f57a460bc2dc422b1ad7febe1f19868e980af0797d6970bb4937961284a3ce8d9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3b23ca5c3c48673377129b92f551a578 |
| SHA1 | 2547bd288e7d7d2c7ae869542e44db815a00bd05 |
| SHA256 | 272944caf705bc11020a8738dc514ec427a6fb60b190ecfca5eaf672cc976584 |
| SHA512 | c792a903d2cbdb890599a5fac747059add1a9f11e7c6d437a5939bb6d634d21e30fee93cc94fe09e7108f553d6b4c52dfd9c80587f44a87056ac57e0bb79c4a2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3ee55a8d5d5e52689f0f486b93b8e6ef |
| SHA1 | c8514882c77a95b8471749c5d938f51c9a8b57d6 |
| SHA256 | 75db51a036a16f4b776f9285907334ba1fd33700b475896290a54676261756a4 |
| SHA512 | b07ce9d00babf5ea84a62e6081309ba3f241928f013667be127d40d877fd6e334ac266d9d1904ae21032ad35ed73627822e9bf294730e29acf8486507e35a330 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 43753b6601212077a37dc963e69ec014 |
| SHA1 | 2db0b6e1bb76e20581cec125a95b5b8d98f9ef0a |
| SHA256 | 3cc52bdbab70898ff26419520f046c572705ef1805d9217ba7efe96696d4da45 |
| SHA512 | 320ca2172fc3d421cf57639a8b21bea787dabfa13f51435a6b75392c73af2edce46a4c4d14c455bdaef81aa7f4886df666a9ea34d249635bbf96df0e9ba47e44 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 976f1160cc193d6201ae96844808e080 |
| SHA1 | 6dc7a19a2bc001f73f631785339f05754441c973 |
| SHA256 | e9c082a02de5f1560651fe964c4318331609b7d1bf7ab1e69c0ea588d45d102f |
| SHA512 | 322d7a8a01ddde2dc65679e3b8dcbff76fc51c609522c3be606cdf7108ddc121b582c6b99f2166953f13159f86fe7afe0e6157d6e10535dc6c23d47ef3372bb9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 288f13b9dad610c329fba765b9fb2457 |
| SHA1 | 3c72a5bebb35aba703d5229be23053ccebad8134 |
| SHA256 | bc16f80ac1fe7896c96a298fabfc5d8ade46b49f985bdb7cf23d41f32c9337ed |
| SHA512 | a4e01a35221f5b63e0be964fa6b14b849f2060219635fe03b0cacb97f32735505e652c2f31e7113d3f1f98173f68bb4956f450c0ca1645dc73626f88fcbe041d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2ad22b719a8d4f890978aee475ea3bba |
| SHA1 | faf98bdce45e10d83eedaba5f3f3a7f0d9683619 |
| SHA256 | 19a9be8a9c8aa58763147049a71d06bf3f22361013792d8c9eeeebee27f0bc76 |
| SHA512 | a1142bf2856b8052da0a7c646601ea1814ffda34920d35c9e5a67716e5baf5177a330f2304afad4af2e94de19be86a8eb200d4db86f0a014b9498d307a2836d7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e7d85a0b49933ac6a693ff636d152737 |
| SHA1 | d2f852bca6a230ae7500d64dc8bd757c542b73af |
| SHA256 | 7b5ce9840f6803282c9eab68fc5ed8d20e301b789fb5a0e1428e3bf9c78ebeac |
| SHA512 | 8390041d78a516ec4d164478a10ff5d6e043f3024aef75333d21dd31f57e019a936833a8fcb310d62033a7ca188c6ddc1ca3c3077e360b21c6854f35ce2e6271 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 14:09
Reported
2024-06-13 14:12
Platform
win10v2004-20240611-en
Max time kernel
150s
Max time network
151s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a5f3e221223ff9cb3c153c30f29cd8b1_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcdc4846f8,0x7ffcdc484708,0x7ffcdc484718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,1433426738423206705,12472215960434162438,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,1433426738423206705,12472215960434162438,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2520 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,1433426738423206705,12472215960434162438,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1433426738423206705,12472215960434162438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1433426738423206705,12472215960434162438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1433426738423206705,12472215960434162438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3032 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1433426738423206705,12472215960434162438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3080 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1433426738423206705,12472215960434162438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4816 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1433426738423206705,12472215960434162438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,1433426738423206705,12472215960434162438,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1356 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| GB | 142.250.187.202:445 | fonts.googleapis.com | tcp |
| GB | 142.250.178.9:443 | www.blogger.com | tcp |
| GB | 142.250.180.1:80 | 1.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.178.9:443 | www.blogger.com | udp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | tcp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.16.217.172.in-addr.arpa | udp |
| BE | 88.221.83.185:443 | www.bing.com | tcp |
| GB | 142.250.187.202:139 | fonts.googleapis.com | tcp |
| US | 8.8.8.8:53 | 185.83.221.88.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| GB | 142.250.200.42:445 | ajax.googleapis.com | tcp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| GB | 216.58.213.10:139 | ajax.googleapis.com | tcp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | yourjavascript.com | udp |
| GB | 142.250.178.9:443 | resources.blogblog.com | udp |
| US | 76.223.54.146:445 | yourjavascript.com | tcp |
| US | 13.248.169.48:445 | yourjavascript.com | tcp |
| US | 8.8.8.8:53 | yourjavascript.com | udp |
| US | 13.248.169.48:139 | yourjavascript.com | tcp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.147.35:80 | www.facebook.com | tcp |
| GB | 142.250.178.9:445 | www.blogger.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| GB | 163.70.147.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.178.9:443 | www.blogger.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 35.147.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.27.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| GB | 142.250.180.1:445 | 4.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| GB | 142.250.180.1:139 | 4.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | 145.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| GB | 142.250.180.1:445 | 1.bp.blogspot.com | tcp |
| GB | 142.250.180.1:139 | 1.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| GB | 142.250.180.1:445 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:139 | 3.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 56067634f68231081c4bd5bdbfcc202f |
| SHA1 | 5582776da6ffc75bb0973840fc3d15598bc09eb1 |
| SHA256 | 8c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4 |
| SHA512 | c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784 |
\??\pipe\LOCAL\crashpad_1932_XBPHVHSRCFRFSLCD
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 81e892ca5c5683efdf9135fe0f2adb15 |
| SHA1 | 39159b30226d98a465ece1da28dc87088b20ecad |
| SHA256 | 830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17 |
| SHA512 | c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 78589c9ad4a49f0fc593311dbf24dccf |
| SHA1 | 58d850c8d6836aa0c2c8d35cda0c0ffffffadc73 |
| SHA256 | 3c245195464be03061557d8a044691de2832f9d175990f05a52234f07eed1f8c |
| SHA512 | dc7cd6eec97efdea222dad457ea71ba274d4992a49bc1ba7027d652f54fd616a441c2c3696afe70ec2d80a5f70af72c53e53d0735c80b74fe0a15ba176871c44 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 8b9b4f4828b5ff12d374cf895c21d411 |
| SHA1 | a51b7e2bf5a17efc259afa7f1c92c0a7b35aefe3 |
| SHA256 | 7b16d04f2f09e659b6e6379273411e65e9357e637f803dac604caf5bef4d642e |
| SHA512 | 396878be4f4e8db244ad943b736c5a80b2776f33881129766958425f12c493ad290664a71a28c95094e274bbc77f2f3ff64c82e322d3410d394d84473df029b8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 57ad49a3a65a2f3544cf4f94d21a082e |
| SHA1 | 32d2c1140ece945b1880d97afbfb58bed515cdfc |
| SHA256 | 1774c5fb190ccdc5ff786bcc1171bfb4ec082b6d639c441852e2acc67f08f778 |
| SHA512 | bf27f32f425dc281ccfac9df7b3a22a24d6f7e6480871effa7f6d459beee42c252efada7b016c810aa606b9865d390116b3cf6ca0ca536867beb4746c6f3b9b0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 255b4dbb71ce7a28e7b94bd873273a40 |
| SHA1 | df94d38e5136d30dd643c8d1142cf0e869a4f482 |
| SHA256 | 35352abb66d0650d9d41362b634a58689379b5f519c4b2b867734b0c7bdb3f76 |
| SHA512 | e3371ec26a2f9553516a4b9e882344a9b3e83fa298f07211c705c4411cc73bfbc79131575a825f58a0895cb9822f0e8a14e5eeb3d3e9a4552b0d57eb8d2b38bc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | d71b23c87ed0c49e4bba4c728d38b0a3 |
| SHA1 | fc111ac016cf98e6b18b98acca2d3db39462e9f5 |
| SHA256 | e7a856ec79e09e2e1e92eab673acc2700959d783c9f8190f04495c30e605906d |
| SHA512 | 97e9566b5ca6bbcc17b07e1db614d372a0a5215e0e4ae8f4f63f63d8a14fa0dd74bc45b58374aafafb4259f0b0138c5a33f38ae9a744cfba3f94017b00eedaee |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 0d09428593472e5bed8fa417a1e65477 |
| SHA1 | 1f3e587a0db56bacc6b63c589d5898c78d961e16 |
| SHA256 | 8563ab07ace5acfc9beee0ceb01a3ad57e35cf42096ed4ff29468ded3d907e6a |
| SHA512 | 6ba85ca56c8eca0a5df93a070cfbd62c903c0c89a5be044b737f96c0a04e8a559860ccfab4af56264eb3a2bebf3d114e11e36548c452e9c25b091d87278b7ec8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | e0d4a77f1a824784c3eb736d9061d90c |
| SHA1 | bd220c50275a120461bb436a1409b654cc235234 |
| SHA256 | 5dc01c3ffe987fddfdf475286be93f76d7313c045dc9154e88e8d4d22f925444 |
| SHA512 | 3e162cb959e3e938db1a90306a94e1dd816ce45d30edec919038131feb92856d20eaf2802e366c217b53fb5e9d24a9fd0437a83fb65719c7c3e36fbeea137e0c |