Analysis Overview
SHA256
04800ad4f55d8d21bc2f048601261d5d603bce443b72916fb102892ca8e123f4
Threat Level: Likely benign
The file c06b7c40fa8c10dcdd47eb75738a189a_JaffaCakes118 was found to be: Likely benign.
Malicious Activity Summary
System Location Discovery: System Language Discovery
Browser Information Discovery
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-25 09:16
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-25 09:16
Reported
2024-08-25 09:19
Platform
win7-20240729-en
Max time kernel
149s
Max time network
150s
Command Line
Signatures
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C3622F81-62C2-11EF-9438-E643F72B7232} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004961a9603b5d8740891a04601e8b8fb900000000020000000000106600000001000020000000b604db7f16a1268e9652ed42a4c9da2212c09d9d30130d49fa778de127747098000000000e80000000020000200000000f39bd622df917d6cfa5251e7d8675697e50b11fa642b8595b5031bb2f51cd8e20000000fe9ae5a2b04b4c3ec64587ea1463b354eb5eefa7337f8514947c8ba3877ea921400000006bdaccd6e288b9bc8183137e57d938763a72b2ffc2ce57b854d5bccebda040cd580e3e728c847a650287f291ecfa0989362f64047c915f4597944a809f97a8be | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004961a9603b5d8740891a04601e8b8fb9000000000200000000001066000000010000200000004eaba02fd121c9ff893b035f1d352d7540505d74e3d39bd2574ecfc1f1bc2857000000000e8000000002000020000000574a8e75a4c1d1e67c21f732feeb50be43ba6a3dd031de5a667b8b927f790c3790000000881e603fc7422ef68571b29ae186aec05edcd505897598f65c6e4556f21798e2341de2c8816300c1f1746a7e3831b80f8704db816ab19be2de09ec9df600aa59430b3082175d4d799aaa21c864fc4a4151ae483d4851b7dcc9c24d99d068fb471c7042e8f8a56591532cd87d4601c24dae51598f2b0133638540d8608eeafbe37f59c11bda664f7ecaf0386511f3936b400000008b050e138e77b47702b161b0e45e21226514450f1fbd427eebbaca290ee0594d02270fb7878609c5d52a5bcdcdb517f52a012673b85eff28342b9ca892cf519f | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430739278" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 7080df9bcff6da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2436 wrote to memory of 2116 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2436 wrote to memory of 2116 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2436 wrote to memory of 2116 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2436 wrote to memory of 2116 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c06b7c40fa8c10dcdd47eb75738a189a_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2436 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.in-streaming.eu | udp |
| US | 8.8.8.8:53 | 0.gravatar.com | udp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| US | 8.8.8.8:53 | assets.pinterest.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 192.0.73.2:80 | 0.gravatar.com | tcp |
| US | 192.0.73.2:80 | 0.gravatar.com | tcp |
| PL | 93.184.220.66:80 | platform.twitter.com | tcp |
| FR | 142.250.178.142:443 | apis.google.com | tcp |
| PL | 93.184.220.66:80 | platform.twitter.com | tcp |
| GB | 104.96.172.192:80 | assets.pinterest.com | tcp |
| GB | 104.96.172.192:80 | assets.pinterest.com | tcp |
| FR | 142.250.178.142:443 | apis.google.com | tcp |
| US | 192.0.73.2:443 | 0.gravatar.com | tcp |
| US | 8.8.8.8:53 | www.socialsport.net | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | s10.histats.com | udp |
| GB | 104.96.172.192:443 | assets.pinterest.com | tcp |
| US | 172.66.132.118:80 | s10.histats.com | tcp |
| US | 172.66.132.118:80 | s10.histats.com | tcp |
| US | 8.8.8.8:53 | s4.histats.com | udp |
| US | 172.66.132.118:443 | s10.histats.com | tcp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| FR | 142.250.179.110:80 | developers.google.com | tcp |
| FR | 142.250.179.110:80 | developers.google.com | tcp |
| IE | 74.125.193.84:443 | accounts.google.com | tcp |
| IE | 74.125.193.84:443 | accounts.google.com | tcp |
| FR | 142.250.179.110:443 | developers.google.com | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 104.96.172.192:443 | assets.pinterest.com | tcp |
| FR | 142.250.179.110:443 | developers.google.com | tcp |
| FR | 142.250.179.110:443 | developers.google.com | tcp |
| FR | 142.250.179.110:443 | developers.google.com | tcp |
| FR | 142.250.179.110:443 | developers.google.com | tcp |
| FR | 142.250.179.110:443 | developers.google.com | tcp |
| US | 8.8.8.8:53 | gstatic.com | udp |
| US | 8.8.8.8:53 | developer.android.com | udp |
| FR | 142.250.179.110:443 | developers.google.com | tcp |
| FR | 172.217.20.206:443 | developer.android.com | tcp |
| FR | 172.217.20.206:443 | developer.android.com | tcp |
| FR | 216.58.214.67:443 | gstatic.com | tcp |
| FR | 216.58.214.67:443 | gstatic.com | tcp |
| CA | 149.56.240.27:443 | s4.histats.com | tcp |
| CA | 149.56.240.27:443 | s4.histats.com | tcp |
| FR | 216.58.214.163:80 | www.gstatic.com | tcp |
| FR | 216.58.214.163:80 | www.gstatic.com | tcp |
| US | 8.8.8.8:53 | r11.o.lencr.org | udp |
| US | 8.8.8.8:53 | r11.o.lencr.org | udp |
| GB | 173.222.211.9:80 | r11.o.lencr.org | tcp |
| GB | 173.222.211.43:80 | r11.o.lencr.org | tcp |
| CA | 149.56.240.27:443 | s4.histats.com | tcp |
| CA | 149.56.240.27:443 | s4.histats.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| IE | 74.125.193.84:443 | accounts.google.com | tcp |
| IE | 74.125.193.84:443 | accounts.google.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\CabF27C.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarF28E.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a991e74bb028a3efb554062a80f22670 |
| SHA1 | 9d71610507c46de83ea6b0aad848cd1428d0a9f9 |
| SHA256 | 53a5021f7d05a5a6be45fadd0ba658163903e258eff70169460b9ed42baf34e0 |
| SHA512 | 4e5eb1d461fe787f83ccea9cbe85cc61741f2cb77df84b1b5d1630f235ed889f804cc664efa8b3bb32ad0e3da4df23ce0e4213dd276164796f58b6c2ea933de5 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\40WV1DY9\cb=gapi[2].js
| MD5 | b4b711f3e747704ffe02b49791ce8cac |
| SHA1 | ac7ce4cbd3c8ee66e3c8d9d209c1352c160c3b89 |
| SHA256 | f65bf40e2f0ce993b54772f703f72d53f0fa925457346fa8ec2031879ffa91d1 |
| SHA512 | b738deba57337a9147927f7dd35eab7c999dea6d2ff11f57fdc2e5b6f64326028a54778886548ba128a3f03ee333cc9e43de5162d8b578b85c290626577042db |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2f4075338314f0a2f69a2a5690d2b790 |
| SHA1 | 25af2ed8694763880b7623b0c4a7e41efb40b752 |
| SHA256 | 7d9e128950f59498dc2b4fa06260e68c744d114ed3af5b1f5cb55053e2b2787a |
| SHA512 | 8274c02a8a39804147de5bae51923f16392e16355291debccde6a69f6c0e0996bdbe84cddcbf9137d7d5cd2568d9a322a2b74e770fb44d2a58ed3a04cec71e98 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c4e06b02dca4f4b3172da7a3db1828e9 |
| SHA1 | 69e6967207c40defe989330c438173adfd1060c0 |
| SHA256 | 1dd403041f7a7514f9a3cfd63e8b1fe9c29603e882d0a8b192b072ff1188ccf0 |
| SHA512 | 6f1bf653e6b1f8f89b703f5dda4cdf6100a25abf652507afe4f81dd6e38d87b4540f55c0c54104c732c354dd7e21c1bc2406da490ba43bfbce6ef338965517eb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fdb3802f719631e7f47666ac3be6083f |
| SHA1 | 7936f39e208f4b853fc3a18a3052f5be90b05512 |
| SHA256 | b3e31cbb87628b87c0b5b91f28d9fc52bd55b99a04eb6679683204ef26a8a0d6 |
| SHA512 | 297bcce1cf46939d03612615af2d1faa2cab3c5a01ed94060b098bff3411394ef7f15b46ae31b275f39cd408cb5bb589f10161300c2a69f1b5bdd1edd92faf1f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 49a1fe91f71a9d0a3e0bcff6e1d80f16 |
| SHA1 | ca1d47ad55d8ac5d8e445de63bcb8cfcda118fef |
| SHA256 | 6355140751894c741327f639e714919b4ce6021ae579c81d54778f4ef7339932 |
| SHA512 | 37d1162153111dd1800cddf0c38a5f8fe83f4f5f044396f942b2394b364f113045a6fd8754ad69379d7e3f7cbadfa79f69d2a0f27815d411feb87bfe87538aa8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 895fcb68c8796e41db51c8f5cbca0dd8 |
| SHA1 | cbb6cf0db955a69a0df20c027dee8ce130bb7e54 |
| SHA256 | ccbb7639678e0c8bf6ce0b1cf17cfc0dfbe37ee4906c525aac7bd26fe945c1c0 |
| SHA512 | 654cbccbc31921202b8ad054c11299e508fed4c451cb4fb6420c41506ba5d35daa312a83018afba9ee2e0f5f0477994a01cfde1bd16d0b742daec06868fa55e7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ced3dfd1ce6e75998b50bef01f1ddf19 |
| SHA1 | 2be609322df434b19c7f75bf922b617d41252aa6 |
| SHA256 | 4d61ff4970e4ad93ae6b65eb4a1c8a9644a80343771880a7925181b017ae3e0b |
| SHA512 | 4a1649787a3670cdf8656030925e4eb2e1b1ec2de990a238dbc2b3fba7eef435c327707eacf029b9e6c8429e5c4325de513f475ecaa4a746d99b039c5f32441f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 98501c27fdbf7728b84fc2c1bafae5c0 |
| SHA1 | baa9c3d34c107e41bf0c74da15eca2b75a3c13d5 |
| SHA256 | 54349c324e23346f926ffcdb55ce065f37feb422f85ad6d0049341972a82491b |
| SHA512 | 84c0f2a9a0d09ee5e1300323ec50c35d4c1696942ec40676c8f4b265ad775fb09b9d75674dffa1a3b7782f781197679a22835e9f9f5f9e44e61abaad91199dad |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0e439030df792dab4d7ef1f19ac8d0f2 |
| SHA1 | eadf2900cd1df374ec31d508f5b1eae7ebee0540 |
| SHA256 | 728da25906cae2a1ef94418ca89ce3247fbd8c0b562eed3a8b3eef05daf99822 |
| SHA512 | 2e74871054e4560cde4061894613c76ef76d3a620f8b2d579e2290f17ad5d52cfdff4ba61663db9522c175829a02569c427f0fd51c72249a6836541d23becace |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fb474fd8b6f09250bc49e84717719492 |
| SHA1 | 66e9d5f701e2f4a22ee12962848c2546870aaa06 |
| SHA256 | 63ca97f0ce383ad645b76eb29f1fd351b609251dc5e5ea239eb903a22e5cb42c |
| SHA512 | 2b82ac27f32142a0a08869bdff8dde7a975c66853326ba98c299a87e02791757d3af033ae6494cd297b962186ea3179285d2eaafbc7b1c5f736e5491efdbf337 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ea61d26c18fcde8fd826905399e57463 |
| SHA1 | 047378b8d4b2985b4755b99a1bc86be44bf01d9a |
| SHA256 | 2abea6da1baf8cefde016009051e7a7bd01b4fde5db2d235e97dac9efa49487b |
| SHA512 | ffb06791e3d244589f18cdc64abc08258cf981b38c7d57445ca7601ce4f16ccb7b52146e8bd9b9ac839ca0397efe9c07ab6941e59551241a9224fe78d882d477 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 57ceb53f5c51777fc598238f9bde1f0d |
| SHA1 | 629b54f1cc82a65b23bfd2600588a666c60c41a5 |
| SHA256 | 7588f91647875a0e8c1dc09cc0f725b5c4023115ca2292259483b36aa2391abc |
| SHA512 | 5e3c8fc262e1fd3f087685a11f559f2fc69fb8a0a0de9df45113cd4d50b51f2631fc86fdabcd481e3afcebdac30c71398b28432aca329c65ce1eb84fbb05feed |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 79584c82c12895e5381e8f72a237d848 |
| SHA1 | 9a818573f5c818d0036c8c073e7ab1227fea0509 |
| SHA256 | d65a1ef1ab2f657142ccd5f3c67f5ad0875133e191343642343efe53d1813906 |
| SHA512 | d9905c032a1f8b110199566dfebd74ba372c6d52fdbdc6b38d7525f15f82e33ade3a0542f7b6883aec2f2bbcec5f88b8f830a58e15e659b031db9b0650baed1c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 310f5902161d941f21a16666739c3cd8 |
| SHA1 | 6a3f55105b684a1e7c5d526d8e129dc20d30aa8e |
| SHA256 | bc9c8ae0af8b0b57afc2cfe46d47fed3ddb8f845db91634921b4dcb6498b1822 |
| SHA512 | 6582a4150b7ac4e1e90174c956adf9deb51804c2a561940c9e4cb19f484d4d814befdfc47dced49806c61d0822c6640e00528c17c823ef74d14ff16bd6933260 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8653af065a0078a3d186c864b637e8ef |
| SHA1 | ff9ab115c22d02b646ad5931e0cfca5ede0d74b9 |
| SHA256 | af40886f7e997a74cf7d5943c25cc2b9d80c3ed14aafd139820bb9095b6c3c94 |
| SHA512 | ededb13358a30d6996bf4896fa297746e350d1c526662cf9b15b77b159c8ea6a62af3c3bf30be6eada713b832abefe19db785238d5f05f7c591eb44e1650b9f3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2e6cdc8eed19c1e8f1a2b09f0f6ab675 |
| SHA1 | 086d9b38de8bebb0fd4d423f3f8564a9b17397d5 |
| SHA256 | c3144389b2bfc84403a6ac5e86a827e36b15c601762433f188209a6d20ce1f51 |
| SHA512 | 6e24c0d0d144bba889e7b6090334275976fcb2298753a638ab54a9a60d2ac23c6d53b5663b1768291336f040f2af3ec0a12f0df585e4a5137620bc15b157051e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e7c5121895ec140c0d22ed2ea433fcdd |
| SHA1 | 6d08eaa796497a432175efd64d7061a3b61e6809 |
| SHA256 | 36e8ce428c10a610898d3e3f869fca325df3f04c1fd63d97cb0f52f39b7cc501 |
| SHA512 | 19824c1b6d95e838c069abcb2934cf91bacd6032fb73d54d4e177de75e831017506a24bab3d51406a6f88a3be0f6f61387cc190ec4b13a945bc4ed4ce172f32c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a2ff55a18add3d1642c5ef09ec1346c7 |
| SHA1 | 3b5e48e51d2a612f8668ae39e39ca0400cc1f26f |
| SHA256 | 172b730692660c0fa1df982c25108e1454470436b47a3e60220cdf1db4945708 |
| SHA512 | 95bc981a2789d968fc6f29867947f5d50f12d9e8946b8c4a52d79817122302543573ce9d193fed557a6f8573544ce7af50471aacff3a18a123fc61d39aec1aaf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 933b7bbe877003c754b1c045e8112281 |
| SHA1 | 58025c4a98664eefb0b324f2c598498ec293613a |
| SHA256 | f766fd4e957425e3f0e6874ebfc5cb19134dd7c725530b9bb17cde32e6ebca99 |
| SHA512 | 929d987559e46bf74465d4658863e45d0171b8dc32c8d1f657fb78af53577a1aedb39c2073bf565391885d9fafa0cee3d537504ab84c33e8f38f4c792c4ba246 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 104903ed657dfca8e338d0539ca1ba8a |
| SHA1 | 77f05c0a452c099bb1134ba1bffea61054e57005 |
| SHA256 | 8c3afed73c410be2c4c9ca0b973d0089b761e13d7949acce5b7041cae0b5fa28 |
| SHA512 | a5116b94a57343d0a6a41299093863c90de114cd6327a5cdb53d5c39c62c36d8180d7449ce16c9d3e3e0dbe7be58d70d9a0125868192c01d2148ee1f87e77192 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9d18cebb5384954bc342f11a50d762db |
| SHA1 | 4e34f0b960d0eb7828834b0d04235de17365557e |
| SHA256 | e189f64f452c483cd7b288bd4201a536df872df7aeb281dc59f82ebeb580ed00 |
| SHA512 | 4740f51a6fa7b52b868c532e5dc41f5ef7ba2674bb9b589b8924a0c76fd2dbfd9fc3a35ef5d9d0d34469d82507b29d6ca78e1571c8abe45e4a6cc88e2b0598b5 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BDDDRHWK\1380534674-postmessagerelay[1].js
| MD5 | c1d4d816ecb8889abf691542c9c69f6a |
| SHA1 | 27907b46be6f9fe5886a75ee3c97f020f8365e20 |
| SHA256 | 01a956fa0b3ea8cb90d7032608512bc289c4170bf92759352e40062d5be2946f |
| SHA512 | f534f057e46998bd1ff2c423ad2cf04a880c4a5259e95aee5c6ae34ce7121ccd07ad1bce5d4c3a51ad04f7411b0625da78808326b13d2aeefec502988e113113 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LW44N8OS\rpc_shindig_random[1].js
| MD5 | 9e5f0b21584389dc1c7b5da4a900879f |
| SHA1 | 191b84e0f5644398ba99e0aa141a6778c14b83bf |
| SHA256 | 3e21bdafa913fa25276358db1269238db3012ffd8748626cdad442f838e890e3 |
| SHA512 | c1720a420df680bcc46625355ed6d5c35ae280a813692a0fa293f3ba113a023808a781f1b8c9dfeb3ffba29606e1f4bb4be4233983089602e2d2c20786fb0427 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-08-25 09:16
Reported
2024-08-25 09:19
Platform
win10v2004-20240802-en
Max time kernel
149s
Max time network
150s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c06b7c40fa8c10dcdd47eb75738a189a_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffee3946f8,0x7fffee394708,0x7fffee394718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,15649764135627985197,14229716155604412094,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,15649764135627985197,14229716155604412094,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,15649764135627985197,14229716155604412094,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15649764135627985197,14229716155604412094,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15649764135627985197,14229716155604412094,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15649764135627985197,14229716155604412094,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15649764135627985197,14229716155604412094,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15649764135627985197,14229716155604412094,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,15649764135627985197,14229716155604412094,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7040 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,15649764135627985197,14229716155604412094,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7040 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15649764135627985197,14229716155604412094,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15649764135627985197,14229716155604412094,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15649764135627985197,14229716155604412094,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15649764135627985197,14229716155604412094,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,15649764135627985197,14229716155604412094,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5660 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.in-streaming.eu | udp |
| US | 8.8.8.8:53 | platform.linkedin.com | udp |
| US | 152.199.22.144:445 | platform.linkedin.com | tcp |
| US | 8.8.8.8:53 | www.socialsport.net | udp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | assets.pinterest.com | udp |
| US | 8.8.8.8:53 | 0.gravatar.com | udp |
| US | 192.0.73.2:80 | 0.gravatar.com | tcp |
| GB | 151.101.188.157:80 | platform.twitter.com | tcp |
| FR | 142.250.178.142:443 | apis.google.com | tcp |
| GB | 104.96.172.192:80 | assets.pinterest.com | tcp |
| US | 192.0.73.2:443 | 0.gravatar.com | tcp |
| FR | 142.250.178.142:443 | apis.google.com | udp |
| GB | 104.96.172.192:443 | assets.pinterest.com | tcp |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.188.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.73.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.172.96.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | widgets.pinterest.com | udp |
| US | 151.101.128.84:443 | widgets.pinterest.com | tcp |
| US | 8.8.8.8:53 | platform.linkedin.com | udp |
| US | 152.199.22.144:139 | platform.linkedin.com | tcp |
| US | 8.8.8.8:53 | 84.128.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | log.pinterest.com | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| DE | 157.240.27.27:445 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | s10.histats.com | udp |
| US | 172.66.132.114:80 | s10.histats.com | tcp |
| US | 172.66.132.114:443 | s10.histats.com | tcp |
| US | 8.8.8.8:53 | s4.histats.com | udp |
| GB | 151.101.188.157:443 | platform.twitter.com | tcp |
| CA | 149.56.240.129:443 | s4.histats.com | tcp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| FR | 142.250.179.110:80 | developers.google.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| IE | 74.125.193.84:443 | accounts.google.com | tcp |
| FR | 142.250.179.110:443 | developers.google.com | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| FR | 216.58.214.163:443 | ssl.gstatic.com | tcp |
| US | 8.8.8.8:53 | syndication.twitter.com | udp |
| US | 104.244.42.8:443 | syndication.twitter.com | tcp |
| US | 8.8.8.8:53 | 114.132.66.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.240.56.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.193.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | twitter.com | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| DE | 157.240.27.27:139 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| FR | 172.217.20.174:445 | www.google-analytics.com | tcp |
| FR | 172.217.20.174:139 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| IE | 74.125.193.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| IE | 74.125.193.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 93.65.42.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 847d47008dbea51cb1732d54861ba9c9 |
| SHA1 | f2099242027dccb88d6f05760b57f7c89d926c0d |
| SHA256 | 10292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1 |
| SHA512 | bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f |
\??\pipe\LOCAL\crashpad_3820_PEMGSQIRUBEMVNLN
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f9664c896e19205022c094d725f820b6 |
| SHA1 | f8f1baf648df755ba64b412d512446baf88c0184 |
| SHA256 | 7121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e |
| SHA512 | 3fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 68f8ce4e86ae99674b3bf19ad45aa9ff |
| SHA1 | 07a795d2d80e786bd9fcff5ec158e3bd2990c4f2 |
| SHA256 | 3a65611f11577ef3326bbbef936a8d190406ba34cf64f9753c7633a9e7707d07 |
| SHA512 | 7a63c6f3cb53e523acca3d5ad6d421e06b43ab506f32da05d010a2d03f5594474e26065440f8446be26f79939db9db7e63d1b52bffbd3bd3df6b453fb7984f62 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 39a4c2f1a83d2d6e111f384b73b543ab |
| SHA1 | 7e9e83f48e9a7381015fcaa6cf876a03161fc2bd |
| SHA256 | 269817c38c7ad6f5c518996b3a9ced296027b85160704cc4a8a426aeeb0e8317 |
| SHA512 | 2c1d2be082a034e78cc732f9acfaa72ff08e3fb2659e76ecb63ac22d089fcdb060285e6d6d1edf160e21c20a72a239e488475f29c19df0862315e4ad889d9470 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0327ef321b78f94b9200ac08b95de9f3 |
| SHA1 | 1cc27410f722debc86dac4c2969a2e459247aefd |
| SHA256 | 0099915229e504c2d4497059b3e90cbed454d090ef7b4ba0d30a70412fa10ad6 |
| SHA512 | e5e9eecbee0d6bcf31b0db4bc865b15d0fa08ce100339aa00891412846aca9bd988be884d59f517f208a78670c3e0963ea802518fce88f728771fb2356250f58 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1c0bad2570a894f34bac9dbe8a878c61 |
| SHA1 | 9a2828eaa2232e236e9ecc92b12199ba1f40f160 |
| SHA256 | a0369231caf33d12450773b0383db1f201a1846482fdc3ee7a2da183be8b1e12 |
| SHA512 | 60477863c7041e913ea976ff5c7063d3d3fa5cc5a9068ec98bafbdad7467437441bda396fec4ddddd650b0db01e4afa863b94b77aaa649fa67d11806f3f827bc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 25e6ed7abe7f1b2f3dd87f5e4862d97f |
| SHA1 | ce18925e415cd73ba35756e6ede5e40ce16a86dd |
| SHA256 | d9d657984601de3a5db8459a89ce645d3455ebb51e3ece4dd6b2e0c61febdca7 |
| SHA512 | b3b18067b0c68cd0a1fd9a5b411a9bb69fc25204853b62030986d5c1337a2f45760f3a482cd0fc39c8eef830813c5412bf1e6a2c7ab428c3c2a5554e4e3e56f5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 0cca284210135369cdf4edbd79d683ac |
| SHA1 | 54dd5f741ec81c558fdc1e872d453fb66329f92c |
| SHA256 | e995b29567955e66a861d8739a059887e4e79d7b654e4f5657a9b0bc280095ca |
| SHA512 | e0534c3c57706844f690ebd0fb0a08481b822b2aad0a1e08d67ed9cb49431900d05265b5202426332ad4bff4ca978aa3a0efdc00450430277506d54043e2e282 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ed5a0684adc035146f24e882d50d7ef3 |
| SHA1 | e1e4ede47808b716d510e1c1e0b873c9b07eacec |
| SHA256 | 53585effef236fa0be07a7212759ec63ed4e513b5611615b9062751d1b36a56d |
| SHA512 | 87ff437f131531c40b23230b261f19f5adc83c96f043bda5f58acde88a94ee4fa633f8e2d8b4ce7a3f8664f03132e51126ed989d352faaab8eb26aca5e861fa4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 76b1665a25e8e2884da2b5598fb89f56 |
| SHA1 | 4feda95686c0e20967d8ef0bafa93693d705120b |
| SHA256 | b97398e987ac2863f7630f7d0a97f5b5cd4f2b20ce6caf0756d1289a5c2ca1bb |
| SHA512 | 6d46fff76eb8e17d9729cb9de1bbb7313ee2769e164896fe691ac8a58f762879988fbd5482a5e2b41b4683e7da40753fc20074bf5b3ab9c3c08886325061dd6f |