Analysis Overview
SHA256
efe526484646a4980e317d78042717f5078a63ee5bc887fa23e9f3e77c17ad57
Threat Level: No (potentially) malicious behavior was detected
The file a771ef0df69a508798fe4a7fbf98a18b_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-14 01:02
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-14 01:02
Reported
2024-06-14 01:05
Platform
win7-20231129-en
Max time kernel
120s
Max time network
148s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005394d08ea17b1f45b87acacfd2ca30bc000000000200000000001066000000010000200000003bda6d4c56dfc2e30c8294661f39f62366ea8ce3e1d78dca766c710b3952abfd000000000e8000000002000020000000413a60778f06d129956a237b0abb9535820fb5caf2526fbaf5d357f5ee00ff7490000000b6d119e86c31977ed82d8e2865e1a9fcedc84569a7248ba89acdee4d2fad4bbcf651c3d6426138d76106e386666c24b9f4135277eebc7a9ffbddde6530e972db5e2dfa3117b086b0ccd19167ade4be49ea81a3caa3e7fc028fb9bef1a5d5ac2c89a40269d29884eb7d7ff70cfcf780aa7c23de05de8128d281f990aaa39b6507497472ce2bc7302058e127141061395f4000000017804a53cfa1482edf4ea110486cd05a51e62c4899cecdfd2a50ac94660e46c0c79e75a1f1a88f7f1c6ffca7cbef1c244f2cd32c2a9d3075f42ff648d5b134bc | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424488839" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D2DA9591-29E9-11EF-910D-CE7E212FECBD} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b0939ad6f6bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005394d08ea17b1f45b87acacfd2ca30bc000000000200000000001066000000010000200000006d19601b47da2fc6e0298bd5310ed9f6f98926d3dc9ab6ec2a5ec753b8773830000000000e8000000002000020000000f28f59cd3744219413a7d09d3655a55a8931943b07d6611b6a5440c4ea30eabb20000000497e35526b62476a48e4be32a412b34bf721ea28c451faee6828119409c4c4bd4000000036ad102c730d602fc6694e69fbad809b569becbad15c2265a3318d9fe297426b0931de4a783e75771a0ad6861c3c979e9839adeee0803cfefaadc569bef76922 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2232 wrote to memory of 2376 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2232 wrote to memory of 2376 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2232 wrote to memory of 2376 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2232 wrote to memory of 2376 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a771ef0df69a508798fe4a7fbf98a18b_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2232 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | www.iramafm.com | udp |
| US | 8.8.8.8:53 | graph.facebook.com | udp |
| US | 8.8.8.8:53 | apibeta.svara.id | udp |
| GB | 163.70.147.22:443 | graph.facebook.com | tcp |
| GB | 163.70.147.22:443 | graph.facebook.com | tcp |
| DE | 91.195.240.117:80 | www.iramafm.com | tcp |
| DE | 91.195.240.117:80 | www.iramafm.com | tcp |
| DE | 91.195.240.117:80 | www.iramafm.com | tcp |
| DE | 91.195.240.117:80 | www.iramafm.com | tcp |
| DE | 91.195.240.117:80 | www.iramafm.com | tcp |
| DE | 91.195.240.117:80 | www.iramafm.com | tcp |
| DE | 91.195.240.117:80 | www.iramafm.com | tcp |
| DE | 91.195.240.117:80 | www.iramafm.com | tcp |
| DE | 91.195.240.117:80 | www.iramafm.com | tcp |
| DE | 91.195.240.117:80 | www.iramafm.com | tcp |
| DE | 91.195.240.117:80 | www.iramafm.com | tcp |
| DE | 91.195.240.117:80 | www.iramafm.com | tcp |
| DE | 91.195.240.117:80 | www.iramafm.com | tcp |
| DE | 91.195.240.117:80 | www.iramafm.com | tcp |
| DE | 91.195.240.117:80 | www.iramafm.com | tcp |
| DE | 91.195.240.117:80 | www.iramafm.com | tcp |
| GB | 216.58.204.74:80 | fonts.googleapis.com | tcp |
| GB | 163.70.147.23:80 | connect.facebook.net | tcp |
| GB | 216.58.204.74:80 | fonts.googleapis.com | tcp |
| GB | 163.70.147.23:80 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| BE | 23.55.97.181:80 | www.microsoft.com | tcp |
| DE | 91.195.240.117:80 | www.iramafm.com | tcp |
| GB | 163.70.147.23:443 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| BE | 23.55.97.181:80 | www.microsoft.com | tcp |
| BE | 23.55.97.181:80 | www.microsoft.com | tcp |
| DE | 91.195.240.117:80 | www.iramafm.com | tcp |
| DE | 91.195.240.117:80 | www.iramafm.com | tcp |
| GB | 163.70.147.23:80 | connect.facebook.net | tcp |
| GB | 216.58.204.74:80 | fonts.googleapis.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | scontent-lhr6-2.xx.fbcdn.net | udp |
| GB | 163.70.151.21:443 | scontent-lhr6-2.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | scontent-lhr6-2.xx.fbcdn.net | tcp |
| US | 8.8.8.8:53 | 1419839.sites.myregisteredsite.com | udp |
| US | 209.237.151.18:80 | 1419839.sites.myregisteredsite.com | tcp |
| US | 209.237.151.18:80 | 1419839.sites.myregisteredsite.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| NL | 23.62.61.97:80 | www.bing.com | tcp |
| NL | 23.62.61.97:80 | www.bing.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar4FAB.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d81988ac1300d4899b86b508f631f8ed |
| SHA1 | cef934b9465bd308a50fc6f03a9a96f950a05d03 |
| SHA256 | dd1e9017dc5710c9e2dc7be47eafc3370b4c047323e2f9a39d0ac70920b422a3 |
| SHA512 | a2aea85b0f1a9226e95e48ea1723b4346506e9f0d98435f3a9e9b572de0d3c13df86cf4c81dc88c996315b4090d1dcbd06e4cc793186c4911ee22ba0fa20d5ce |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | ec4462b4cf442e6275c69372e59eebba |
| SHA1 | 04d3488c1534c7a46537a113c941f702022e0844 |
| SHA256 | f5645dca1137b589965683073384ca5d2289ff9a37942b272f978283c2ddbbb3 |
| SHA512 | a4813893bf5857ca6a6401876ae83603dcdd84fe53051a68935fdf0ac4fef8ab8a3ad05e71cbaeeae9b73090a03db7f5631124f7437d0efaa928aa05a2532544 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 96236c515a62419a19f92e88f881e9c0 |
| SHA1 | 115f9ebfb79a29d4fc44a059d912a8be180b50bc |
| SHA256 | 173e1852d137c9039a4e79aaf127f591df29b91f47298862b7e41a84df8ed740 |
| SHA512 | ab6d02ac7a1b25d5177563636a037ef55126976014003d85c15e25b52af97ee36c68955c59dd957a9e46353ebcf178d8058a56e2593112e2fd57224009531489 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dd84f8bc24f4a194fb1c6eda3df9d04c |
| SHA1 | 21a885cfcfb26502f6aa2e87c94aa4df52f422fd |
| SHA256 | 023a920582c853deba17620e05fe7250bd2955a25fa999d2bb5d0f55cc100004 |
| SHA512 | 4dd01e2e407c3755bd790ac2bfda88ab3e42742d55be6c59fc6f6dbe7789a6fea9687fd83609d58dc536261798f57ef8771b2867554bab1e0eae70abb56bd058 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 54776120682f567773250f829fffc797 |
| SHA1 | 9b32cd4405368c78337eeea9c6c0e7193ada8e8e |
| SHA256 | 1e710696171c4f021275c00abe07dc9f03ea3846df75042bf2f51663ebd5bee3 |
| SHA512 | 89fed97e7a71d6dbd611b5e112048e4a0044703ec73b2d0b07b5542e46024b023f074de6d43a9f1141911a357fa0d9bf53ee426b2013f16e5f86226e1b55d0d6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4c689631389743c7ca0faf6be87e0a9d |
| SHA1 | 06d5ff128ea5751912a07cfda93d250e0227acf4 |
| SHA256 | 363ad2fd2a38a5bfc0330ebeac29626a0d3b778b0acbdb097028dfbcb1b98ae4 |
| SHA512 | 08da4f34367195c14d60014d94b220ee7865ae0a236e069c0e371e4a4a9daf4bc8c3705df2bee2d2dc5b2dc57dd4c26e925c2e3aaaa57697a7dab6b5dec91262 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c1f752b70511a40e96f7c06141da69de |
| SHA1 | ff2578722557d2742eb36f384c9530c8eaebc098 |
| SHA256 | 66de0ee0b33f02ad81d05394fc8bb69c62141b7649117c5b55ff17ed9238cad9 |
| SHA512 | 26a57fcc68dafac068f5053ec5fd04674c114bfb6f9518e50b653623849c7f52505f90da6bfc4d688b3337288a077519d255bf0ce4f6015fed75fc1e06a9cf9d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | beb4fd9342fb5b327b1f0ea8351ce90c |
| SHA1 | 556c550992da6490d4346aad90d8cca37999fba5 |
| SHA256 | aeb20c7fd49b69014d3ee232cd4e9405d1ba424630b8486b34c7bb0fac73f428 |
| SHA512 | 5d317bd2ce28e20d5d7ab466e7d2de728ca81d87382dbdc0fa24b8aa4e03b1966486de0b57907386038df4a93a61c57678c8882613e521f14f1441b5f048a8ae |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6e9b0f8812f694c55ec7ef5c84867495 |
| SHA1 | a56f8a492fc63098474e1c5005f5774c72d86b65 |
| SHA256 | 77447efee5a3638eb9e2c62594ca30ba2d57170059d9c6196ecedb49aef33d67 |
| SHA512 | 7ed38c00ec75b6fc70c7b9dc27f765f0c6c62319282251df9e9c75767a265c2b3cb61b3c2e7e004997e40c2e3a0a79b0041727d0e6299bcb33af6270b81ce9fd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 33a26edfd35136ed22127f62d528252a |
| SHA1 | b25beb7c2775928723e44035ddbc2c6a5ca9cf55 |
| SHA256 | 3bf2ecd3e718ed6e177e67423446a1a46aae2c85714152158893d82cff362fbf |
| SHA512 | ed52a5e0797049134d7bf000a49c7f70e914599682c798e1db00cb2a31daf5ee6bcc860690cdfb1f7ee31dbc7c98eb7139e171c66f20cc2d87e7c051c1a9e92e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | dfafa5de63ed7e6f29d75dc90e64ebfa |
| SHA1 | 0e69b7a41adabdbf5383cafad158211587f64bb1 |
| SHA256 | 42bfa336a8d19c0fa43dd20911cc9417730006a47f8a43e976f63a026bd5aad5 |
| SHA512 | 53bf6003ba76cb23726c8bbcb57fb5b6f78e9452b59397f6830ab614824b4eb655c717f80e5b28dcfcd54432190b694578cacf94ffb6929ff0790abd840219aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6433290af7009450895ee3b9fd302254 |
| SHA1 | 366d9498e0ec6ba2a93b1948ec9043e98b4eb1ec |
| SHA256 | 6daba4aef080b1dcb2270dcf14d45f006b277b14a0335e2782793d845573ff3c |
| SHA512 | 66aead09e54a7bc468f6cd8e88022245c34e5550e091c1269dffc5059d857003f56eba703cf2397f689ad15493b05fa8671300a62cbb7c20e19eee395895c513 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cdf92f99964bb15387417d206f731099 |
| SHA1 | 68a3437e3e7fd4bb334c122aaaa2cb2e08999176 |
| SHA256 | 44bd987a90f6ef2aeb9cbdfe45eab310a00c4128db575645f57cf51ae782cdab |
| SHA512 | 467100ef4bd3d703c9f6a61e9f7ddffebb0bcbc39a248165a58b39f42041172e0866f77ba04dfea29ee2886c7353336575eb682e3ac7ca23a977a5732987597d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d6d75d786738f2b092e1145789cb1d29 |
| SHA1 | b63bf28d61e396fddc523d380f160baace62aea0 |
| SHA256 | 8080f730a06e3bf2135d76bf4ff38258f34b965977b8869476f6f836836abef6 |
| SHA512 | 822c86136c8611464a7c2fcded3264d96c252b29afb328d68a81962bde5f8190c312e1c1b648ea5ebbee29c0ecbc336fe711855233f9cc0c455e2b19a62637db |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 999649a83eae828d9a53326e71be698c |
| SHA1 | 5741a1ef7341c1717561e1523f3518bc66becc7e |
| SHA256 | c91a4470eaef07fe4f7b6e9a4f6b2c5dc6dc368a389e0431e80757490766b177 |
| SHA512 | c57dc3f98701f212083e30bc7e1b75b8c95eb136456d09ba46b31e0876733a86548c0c93563d68564b09a56fd54e215011c61ef527248612fd51506222fac889 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f19c95e12c5367c6eb529406364676db |
| SHA1 | f5f32fca0f9ded6a69ba582c04b0b6aaa7120325 |
| SHA256 | ad271ece50f4a0d2673deed268d25986c51fa81824386e2fea6a00877511e957 |
| SHA512 | 53e3245c90571a4689d993ec884db0b2abe781a3af8c488074245c0187bfa102fe277330099a9619f1f498a6549e0461537563c9ce668a498b94a21933bd7467 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 74581b23d0917c567b422daa63e3f11e |
| SHA1 | ee53ef3c8c61e6f782cdb34d8ea30167443d8e82 |
| SHA256 | ea62f8f90f3af1c6acc9c5ad95c89cbf01b1508c223818a320f311a99b8d639a |
| SHA512 | d456d9ab14297d07ddb2c809b6cebc8d3c5ff03e2620039c564c5a8f76bffe4b56865dcfa08d1071ca4beb013ab5ff7c16aaf1d4c4e9166ab2341cff2353c925 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 788a3d8b3b58be6789f76811894b9960 |
| SHA1 | cfb3d41dfb2845affcbb9c884218fed18003dc7a |
| SHA256 | 8acfe8e3c20dfb136670f9148631f3c1f691aa0ef2dc8dfdf4059cb2cf5a9d53 |
| SHA512 | db94c27a9dbeae684daf74409f50ef13451842226c53ea3ff868c41b9d22d8911a564c994c6f76cddf1b39b83732eb8e9a0abe5106c3d87aade96a4f166f9dbd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fa1849ef79fb17be2d121c520a4d5d42 |
| SHA1 | aa1f02aca654019e8a1731cedcc9c6381a1a8ef2 |
| SHA256 | 65b3ccd35b38bdf580150c6960f6b2bade3b1e9bba15127a767065064a205ef0 |
| SHA512 | f8453b7aaa16830d1a1708ee3c3b655d8d663eab5babd8694cac41c2f78e8cf300e0f84490ef36e62d715c2ab514ff8c7373f842c19841376f3a57c4d0f7e9a4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 383a70406971d9ad89e7cc6a780fc177 |
| SHA1 | e0d0f834e5e0f831175ff0f2390741d736ecc3b5 |
| SHA256 | 9ca6686208aaee1121189fc35039109308ac43a2a7cc73e12461d4f9c960b186 |
| SHA512 | a4f2511560d7fd566cc48f7c4d97d05288a8d05b43e984c79bedef2c6ecb83b7044d710027efc3c24ace6304c28f73a37fdcd94766ace56e8b04ff32a4c86cba |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2557cde823f2d51fb23cc9b4e7190863 |
| SHA1 | b57ddfe204a44b32e1b4bdf43f671a42136c8ae0 |
| SHA256 | 209e31ba00f0e81b35b3ef0de69a39b91085aac781f29bacc041b04960fc2d20 |
| SHA512 | 11cd6fb84fdc69c9e0a3e7af5abfd1b70a56eb6cfd09bc18aeb43720f6f5538778bdf1e0f97e70a6451fc99a6f7f315a65ae56920c3d5fbf468bb136d67c3447 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6f5ff0739d58d4502d5ca420c68f3115 |
| SHA1 | c6c19092ed2cda6c374addf1f72f59835cfe8c2f |
| SHA256 | f55fc0a2f48f976394bcc11b68c7bc8af76a117cc61082595a727432ef5d4d4b |
| SHA512 | 6ae689be9f98b93fde9dd3457d7327e86753d4cf6128df09035cd8384c78e321b7d78939bb74729dc8505826b93c636821585b2d7480f93e6c21017df477b943 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 42bf7b1cb0987b5b75ccb9d6eb9427fa |
| SHA1 | 1946f4f9fe5438e7a801362d9c357e5871f459ef |
| SHA256 | 2aaaea9915c7e8db3c0814213c75b7e3a48779d07a5eefc5254dc2c1e39c6021 |
| SHA512 | 162ae35f437ef6d4ea34f6f0eb8a80f0874f0932008b8ae095841451f4551f9c7810689b1fe2568613cb4b1ffaf78a2e03e03f2fba2d58b341678306fc39a8cd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 63355d7feb55b7576c8d6fd3499e8cea |
| SHA1 | 767e600cb5550bc8d65f5c4025ef038086a13664 |
| SHA256 | b52623307e1fd864b2791c730fdba362f82e36089263033e728b5001eaa8b0a0 |
| SHA512 | 0de1e9a966a4a9d4bedcf2e833a6870ff1c648e24a1fa158a5a9ce8a7c07c13a48bc31c7cf3c07388802e3ffb53cc2c0ad4c6c4ffd19893cb7cfa9b07e1cf0d2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
| MD5 | da597791be3b6e732f0bc8b20e38ee62 |
| SHA1 | 1125c45d285c360542027d7554a5c442288974de |
| SHA256 | 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07 |
| SHA512 | d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-14 01:02
Reported
2024-06-14 01:05
Platform
win10v2004-20240611-en
Max time kernel
148s
Max time network
150s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a771ef0df69a508798fe4a7fbf98a18b_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb4c7b46f8,0x7ffb4c7b4708,0x7ffb4c7b4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,16291333820187401672,6234715701953655908,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,16291333820187401672,6234715701953655908,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,16291333820187401672,6234715701953655908,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2912 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16291333820187401672,6234715701953655908,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16291333820187401672,6234715701953655908,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,16291333820187401672,6234715701953655908,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6096 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,16291333820187401672,6234715701953655908,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6096 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16291333820187401672,6234715701953655908,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16291333820187401672,6234715701953655908,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16291333820187401672,6234715701953655908,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16291333820187401672,6234715701953655908,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,16291333820187401672,6234715701953655908,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4836 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.iramafm.com | udp |
| US | 8.8.8.8:53 | s.w.org | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| GB | 163.70.147.23:80 | connect.facebook.net | tcp |
| DE | 91.195.240.117:80 | www.iramafm.com | tcp |
| DE | 91.195.240.117:80 | www.iramafm.com | tcp |
| DE | 91.195.240.117:80 | www.iramafm.com | tcp |
| DE | 91.195.240.117:80 | www.iramafm.com | tcp |
| DE | 91.195.240.117:80 | www.iramafm.com | tcp |
| DE | 91.195.240.117:80 | www.iramafm.com | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| GB | 163.70.147.23:80 | connect.facebook.net | tcp |
| GB | 163.70.147.23:443 | connect.facebook.net | tcp |
| GB | 163.70.147.23:443 | connect.facebook.net | tcp |
| GB | 216.58.204.74:80 | fonts.googleapis.com | tcp |
| US | 8.8.8.8:53 | 117.240.195.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.147.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.32.126.40.in-addr.arpa | udp |
| GB | 216.58.204.74:80 | fonts.googleapis.com | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| DE | 91.195.240.117:80 | www.iramafm.com | tcp |
| DE | 91.195.240.117:80 | www.iramafm.com | tcp |
| DE | 91.195.240.117:80 | www.iramafm.com | tcp |
| DE | 91.195.240.117:80 | www.iramafm.com | tcp |
| DE | 91.195.240.117:80 | www.iramafm.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| DE | 91.195.240.117:80 | www.iramafm.com | tcp |
| DE | 91.195.240.117:80 | www.iramafm.com | tcp |
| DE | 91.195.240.117:80 | www.iramafm.com | tcp |
| DE | 91.195.240.117:80 | www.iramafm.com | tcp |
| DE | 91.195.240.117:80 | www.iramafm.com | tcp |
| DE | 91.195.240.117:80 | www.iramafm.com | tcp |
| DE | 91.195.240.117:80 | www.iramafm.com | tcp |
| DE | 91.195.240.117:80 | www.iramafm.com | tcp |
| DE | 91.195.240.117:80 | www.iramafm.com | tcp |
| DE | 91.195.240.117:80 | www.iramafm.com | tcp |
| US | 8.8.8.8:53 | 10.160.77.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | graph.facebook.com | udp |
| DE | 91.195.240.117:80 | www.iramafm.com | tcp |
| US | 8.8.8.8:53 | apibeta.svara.id | udp |
| DE | 91.195.240.117:80 | www.iramafm.com | tcp |
| GB | 163.70.147.22:443 | graph.facebook.com | tcp |
| US | 8.8.8.8:53 | scontent-lhr6-2.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | 22.147.70.163.in-addr.arpa | udp |
| DE | 91.195.240.117:80 | www.iramafm.com | tcp |
| GB | 163.70.151.21:443 | scontent-lhr6-2.xx.fbcdn.net | tcp |
| US | 8.8.8.8:53 | 21.151.70.163.in-addr.arpa | udp |
| DE | 91.195.240.117:80 | www.iramafm.com | tcp |
| DE | 91.195.240.117:80 | www.iramafm.com | tcp |
| DE | 91.195.240.117:80 | www.iramafm.com | tcp |
| DE | 91.195.240.117:80 | www.iramafm.com | tcp |
| DE | 91.195.240.117:80 | www.iramafm.com | tcp |
| DE | 91.195.240.117:80 | www.iramafm.com | tcp |
| DE | 91.195.240.117:80 | www.iramafm.com | tcp |
| DE | 91.195.240.117:80 | www.iramafm.com | tcp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| DE | 91.195.240.117:80 | www.iramafm.com | tcp |
| DE | 91.195.240.117:80 | www.iramafm.com | tcp |
| US | 8.8.8.8:53 | 6.160.77.104.in-addr.arpa | udp |
| DE | 91.195.240.117:80 | www.iramafm.com | tcp |
| DE | 91.195.240.117:80 | www.iramafm.com | tcp |
| DE | 91.195.240.117:80 | www.iramafm.com | tcp |
| DE | 91.195.240.117:80 | www.iramafm.com | tcp |
| DE | 91.195.240.117:80 | www.iramafm.com | tcp |
| DE | 91.195.240.117:80 | www.iramafm.com | tcp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.139.73.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.112.168.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b4a74bc775caf3de7fc9cde3c30ce482 |
| SHA1 | c6ed3161390e5493f71182a6cb98d51c9063775d |
| SHA256 | dfad4e020a946f85523604816a0a9781091ee4669c870db2cabab027f8b6f280 |
| SHA512 | 55578e254444a645f455ea38480c9e02599ebf9522c32aca50ff37aad33976db30e663d35ebe31ff0ecafb4007362261716f756b3a0d67ac3937ca62ff10e25f |
\??\pipe\LOCAL\crashpad_396_VBEOAWILBJTOHZSH
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c5abc082d9d9307e797b7e89a2f755f4 |
| SHA1 | 54c442690a8727f1d3453b6452198d3ec4ec13df |
| SHA256 | a055d69c6aba59e97e632d118b7960a5fdfbe35cfdfaa0de14f194fc6f874716 |
| SHA512 | ad765cddbf89472988de5356db5e0ee254ca3475491c6034fba1897c373702ab7cfa4bd21662ab862eebb48a757c3eb86b1f8ed58629751f71863822a59cd26c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b6d08cd0a9fed88f73d7ad0b5f3dcf4c |
| SHA1 | b2e473a3970df4c898107856288f37a167effb6e |
| SHA256 | 24aeac40acdf78ff558d560916346d6e53441f4c5cf5152fc58f19d03cf9243f |
| SHA512 | 156d0f84635992627aedc35ce0a2188fcbb4c94ff4ff7357b51373b6c5d24c0a4339369d6fc31283ff73f565c63c1ca33affa3e95a3ab0f6e8dcfbd22d71957e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 20ef4fdabada3d63900b8df92f15af38 |
| SHA1 | 955fb9f8339544688a013bccef7f1a00caa6cd6b |
| SHA256 | 447e04a5d55d66c3d6752398d6d18dc1db8e0c588da4a1ace5fdd402ee240484 |
| SHA512 | c157fdcb0ec4fe445176837702d85a4f2d4d3784c4f62d7d5c96998d0eff20286f4b9fcc2326cd1341d49cf7f16e3c545be21aac1229c08a4057186140922ea1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3206d9cdf8ad20550f367db3aa94e382 |
| SHA1 | 288c622c7f6b38b5e1e97fa64c4d835a1fcaf921 |
| SHA256 | 6b6568c56b8c5f581e46fa3d0e0cc8726b1c3f1cd49f1f7f82e9248c9f0402a9 |
| SHA512 | 5198eec072e0dca8cb8bfb5992bd3de072adc960e8250ef593cd67b70ebb3b91a1c4cb1bd306bf232f2b23ba6c7698716700981ab81b76a59dc8b8da9fe31c8b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 807419ca9a4734feaf8d8563a003b048 |
| SHA1 | a723c7d60a65886ffa068711f1e900ccc85922a6 |
| SHA256 | aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631 |
| SHA512 | f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7cef87a92caacdaf29718bec7e36f0b6 |
| SHA1 | c111fb9a3386291734dd83507413161cb0945a36 |
| SHA256 | 790830785f5247ced3ed381e39a6906d9d0f22e988b963fc4857936e599b9db7 |
| SHA512 | 45e53d854221e1441492c70fc7b7a359fb6dc2a7710102d8e674744c55e6dc0d804656635b5b18d84c9d7e11506496bc304edd07fc85960e498cac3eb87c4f4e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 4f9499b1cd64e4b092056df16ed386c1 |
| SHA1 | 07583c38cc8b7491eb394a58ecb6f38d7e4fcef4 |
| SHA256 | e74902968fce2d58b31a353ab2c35c613ee988751695e15ea1b02fdf518ad0ee |
| SHA512 | e90553d27e5a6a87d24a27b4a2053b8d39c110ad88bff90e823815c83ba07c226fd2d9667a70c402bf938c723ca112f640946467bebdb9517949fa90efd4945a |