Analysis Overview
SHA256
ee4b84aea4503d12d9fe1bb9168589b7c7d599e606776dad8aab61fca7b5ee75
Threat Level: Likely benign
The file c081dedd51507694bb1c19920f6ae7d6_JaffaCakes118 was found to be: Likely benign.
Malicious Activity Summary
System Location Discovery: System Language Discovery
Browser Information Discovery
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-25 10:09
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-25 10:09
Reported
2024-08-25 10:12
Platform
win7-20240704-en
Max time kernel
69s
Max time network
135s
Command Line
Signatures
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{225CFD11-62CA-11EF-A74E-76B5B9884319} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 807890f9d6f6da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430742446" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bb7c5835718279428690b074aa627b70000000000200000000001066000000010000200000002e482717697ecdf32392a2fb1990d19620d8df5c2e6b0a47b10339d9fd005144000000000e8000000002000020000000439ca3ce12a92c130ccfd6e523fe0e08828fff45994701b86fefbd1c3645174420000000c25f349a3c09b1529266b67f7bc0163e718333398ebba0945cf150e237622e68400000004d708bd91805a7f4e956505d63526517e9b4e2fb22b4db5b836a591cde952566706b705bdfc448c2b0d1023240a4a5233002adfbb48978247bfe47e22286cee7 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bb7c5835718279428690b074aa627b700000000002000000000010660000000100002000000028b49f5b7620e2d4be394aa723a1f6708cc4ca124797e58a5e295b9d66b25564000000000e80000000020000200000003735c36fd0c1267a82e127e5743823c3dc8644463f8060015304ed86a14db91e900000006bd48bc33d216392814143e161438afdf76f915034320f73bb5ea59fe3f63cff4b2b15d41fc0b4f2b911d6810cd8d0316153c9f94a767cbe9e291ba34ff8b0233cd6ee13f81b5e7e15786828801a152db814b23f4d74f9e07b2d59c2b4f21fb26bebe742b180c50b05f5459e22db626ea0018e7373b1ed7a8bc9e9c1661f04bf1103107e6d8a54bf6c78128b3f5cf1ed400000006dc234bef284245a940741eb86f69ac9fb1dba5503651954e3fe649f973e40cdd28b1fbfc463f95934f4f08f839f94877adb77c07b239643317b453a4f1280c7 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2928 wrote to memory of 2784 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2928 wrote to memory of 2784 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2928 wrote to memory of 2784 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2928 wrote to memory of 2784 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c081dedd51507694bb1c19920f6ae7d6_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2928 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | stackpath.bootstrapcdn.com | udp |
| US | 8.8.8.8:53 | 78.media.tumblr.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | unpkg.com | udp |
| US | 8.8.8.8:53 | s7.addthis.com | udp |
| US | 104.17.245.203:443 | unpkg.com | tcp |
| US | 74.114.154.18:443 | 78.media.tumblr.com | tcp |
| GB | 104.96.173.184:443 | s7.addthis.com | tcp |
| US | 74.114.154.18:443 | 78.media.tumblr.com | tcp |
| US | 104.18.11.207:443 | stackpath.bootstrapcdn.com | tcp |
| US | 104.18.11.207:443 | stackpath.bootstrapcdn.com | tcp |
| GB | 104.96.173.184:443 | s7.addthis.com | tcp |
| US | 74.114.154.18:443 | 78.media.tumblr.com | tcp |
| US | 104.17.245.203:443 | unpkg.com | tcp |
| US | 74.114.154.18:443 | 78.media.tumblr.com | tcp |
| FR | 142.250.179.106:443 | ajax.googleapis.com | tcp |
| FR | 142.250.179.106:443 | ajax.googleapis.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| US | 74.114.154.18:443 | 78.media.tumblr.com | tcp |
| US | 74.114.154.18:443 | 78.media.tumblr.com | tcp |
| US | 8.8.8.8:53 | 64.media.tumblr.com | udp |
| US | 192.0.77.3:443 | 64.media.tumblr.com | tcp |
| US | 192.0.77.3:443 | 64.media.tumblr.com | tcp |
| US | 192.0.77.3:443 | 64.media.tumblr.com | tcp |
| US | 192.0.77.3:443 | 64.media.tumblr.com | tcp |
| US | 192.0.77.3:443 | 64.media.tumblr.com | tcp |
| US | 192.0.77.3:443 | 64.media.tumblr.com | tcp |
| US | 8.8.8.8:53 | assets.tumblr.com | udp |
| US | 192.0.77.40:443 | assets.tumblr.com | tcp |
| US | 192.0.77.40:443 | assets.tumblr.com | tcp |
| US | 192.0.77.40:443 | assets.tumblr.com | tcp |
| US | 192.0.77.40:443 | assets.tumblr.com | tcp |
| US | 192.0.77.40:443 | assets.tumblr.com | tcp |
| US | 192.0.77.40:443 | assets.tumblr.com | tcp |
| US | 8.8.8.8:53 | crl.microsoft.com | udp |
| GB | 2.18.190.80:80 | crl.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\CabF79A.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarF7AD.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 958114989cd56ae15c5908dbb822e537 |
| SHA1 | 69c1f530ad2aef5cb41ef8a3647db57100f42bc7 |
| SHA256 | 250901bc76c797237be96eff87e229f98e5e5b5863956001d5fb0e0effc1dbd1 |
| SHA512 | 49f254a7467acbdf0269aa90c1be51918812f8170d39a8ac83278f5d076e8090da13a42989a3525fd9ffcbf01d07b884a373c5a14b4b50169a635939af5ef5ae |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8B2B9A00839EED1DFDCCC3BFC2F5DF12
| MD5 | bc30b57e542b8cf967f6847afd37f016 |
| SHA1 | 908a797d9b56bd5525a935943c6efe3136f0203e |
| SHA256 | 0875e032827cd1d52c92e3184102f51f7186f710b2fe1c15c3a5316f412df4b4 |
| SHA512 | ad243c720e73641b4d7920b334a185d3f45f2d15dbca2e36933559bf018359ccaa0bc03c7976e893ffad3cc97e5b8a7cf18ec37d4ffa4f52714772ed21fca484 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b199aef2792e1a37de6a15789c13c8b4 |
| SHA1 | 7f0a1078c8985163e5b242148b69d631fa47472c |
| SHA256 | c0539c73c38561ac0a6f6d0334015da6dbe4ded53c5155205cd6e87642663617 |
| SHA512 | 699940f4d32ee902aee96cf5847ec89bff5b77202766e2245a0d00fc7e9fac851c130cabdab5994c0980338d81c5def845f05b7ac80db75247eda7eaf26add09 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4794722f61187cca796feb20847fd85a |
| SHA1 | b2c4637333e0e841b45b287b8dedf7b9f7e46af8 |
| SHA256 | fd6c2150f2b3fe1e1ee60a732418e48f4327fa2bcb301db0e3bab346da8e3a25 |
| SHA512 | e96a3e3bc1618ad4a9a4330c4ea229b1b14587474145ff0b9180a151da13a9e472be7f46a319a85dd83c35219ff7d286bf26ce0dd1b966292eccf6df633fa03c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90
| MD5 | cf7d087c692c25c749d9788c0562fc8d |
| SHA1 | c7cf8d4e3f13a8df872f6f404472beee709997b4 |
| SHA256 | 981dc4db598e18aac5de909ec21089215a43217cade3a4be3c292a35a96e7402 |
| SHA512 | 67f868d954dee891259818d2286a51a13e8ef71ff03f12eb2f6d9a98000c64bc8978e84899af748b9798723a49c5c8fb1720ca20148d3055293fb7ff5840885d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5B8483C5CBB161D290632B77DA0B0573
| MD5 | 219f44c94634a53fcc58e40ee1e46670 |
| SHA1 | dabb944290c797ab9b0a98d2a082ce385fd269e2 |
| SHA256 | 4c5b38d0f1f7f2f83fe079ed2373f9f1eab4b936470b1462646a9a07e993a3d2 |
| SHA512 | 3889514e449e380da4f2cc94a7f8097b7403cac3612ea965937cfcb708ca7492e46b5165f24f8e75a4b1e27ff076b95a2a900934ef57e9d4786e1cf47253d757 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z7V06J7Q\tumblr_ns4jo73Bjp1u2ieg7o2_500[1].htm
| MD5 | 4f8e702cc244ec5d4de32740c0ecbd97 |
| SHA1 | 3adb1f02d5b6054de0046e367c1d687b6cdf7aff |
| SHA256 | 9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a |
| SHA512 | 21047fea5269fee75a2a187aa09316519e35068cb2f2f76cfaf371e5224445e9d5c98497bd76fb9608d2b73e9dac1a3f5bfadfdc4623c479d53ecf93d81d3c9f |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z7V06J7Q\tumblr_ns4jo73Bjp1u2ieg7o8_500[1].htm
| MD5 | 3ea1c8d079b38532a6e01a96216ba5e2 |
| SHA1 | 598d3ff91d3e252f1e13df8cf0348b270ff2da3f |
| SHA256 | 87a9323ac85ce28867d5d7ce590c8f29b8d1a999961fca71bb33adef48683691 |
| SHA512 | cb4f800a735d5ec435844ac114a81ee6c4a429138119b97f2266edb87cf729f1a64662190d04917ce955b0bd3681610d49be42cd6782989ecd4b0d87ddf8a03a |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XWMUP5AI\user_guidelines_v1_500[1].png
| MD5 | 996e485d4b2667514c66488b2bf630b1 |
| SHA1 | 47d127070f6a7e611e56e59255e3578cbd9774a1 |
| SHA256 | cc75203634e1e05aec79a6bd774a92ae2e2a9fdf46076a64eacad1148941623d |
| SHA512 | 11b910042a96c6ab5a217a0cb70308007e0d88c137b6c6950a65e99d502bb48c5e2270981cb434f88589796a89460f5e2decd44350a71452804676bb35ecf571 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 040c89f52314141c9ec0548ca3172d8e |
| SHA1 | 3f7dac07aeca393fa00eb61abe0ad3aba5559fc0 |
| SHA256 | d0992a3b2d0fe447bd8ebe14b3d34f457fcacb17eac5b3e0982fb1af6d30f74d |
| SHA512 | 8f43a3dd8fcff4e925ed0ed6b8436c69334f4aa77daa1e6434f56c2a442774128f309212e29e4184a86fc9d84671add72b2dde6bde188b046787a067387cade1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9092809e19167e81b0d9660542239ade |
| SHA1 | 19ffed601ecc2bd4e7fffa666004a0269bdd7502 |
| SHA256 | f36ab21085250552979a1540ca53f8823fd52b1c75fc9a5330388465d1036391 |
| SHA512 | efb777e7243c149ac166d42acc1522079fe7bd9eef41801a5b58fafec750534a6d87d282a4f64720c12a229fac81281a4a4cb6b002bbac5f3f8a0f880c5f3817 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c46a3805024b8a9e85f18a5c7802faf7 |
| SHA1 | 06059369b3ab2249df81fefb1ee31ac4a70e4792 |
| SHA256 | 2dc6d8d865e260f3441a14971a8dfdf6cb2b7e7dc69b59bbbf7b9bd001e0cfa1 |
| SHA512 | d38877935b0e34eca5609998fe7f6be7ff5dd73facbfa1c7c502d1149ad3dfa6e507266dded57e93c2d1386ba38c6872d305fb13bc1d817ae868d921b5e0d38b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d0d496ab910866ca963aa28e43faa4d9 |
| SHA1 | 851049292f71162c6a15674f0b20eba1035b0534 |
| SHA256 | f543852a867cbec5fd696d5871b52050eefa5f439f0a3746f639b36addf0c0f4 |
| SHA512 | 3b5a36c06b8d01b32d1bf082cfb724e3063863d634f64ee0fd2497f4853cb0e9f912d44ef81e7305891458f5f8439f912fb22d08febff3f3e08062e14f6dbdd5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fd9c2a2212fcff839879e4e69dcb1c74 |
| SHA1 | ed84701050eaba3a07e387a834b3cbb3a040f1be |
| SHA256 | 97dce679a76d2f2a4d53ab03249c3725289ffc5c4130e87c2b14f9d872e51291 |
| SHA512 | 3853c0494e56109297c65323fcc91953e99aab78d86c6dc9dd4f21a3445eaf94c61ec3f9d7c7ac1462ec4db6696ac20113a2ef3008735ef0b4e6bd1b38796c95 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 735e0c440285a4fd0eed3c73d397dc13 |
| SHA1 | 92fcbfd286873dd4229d4ebdb1666cc14d3dc864 |
| SHA256 | 7dd0d3b36454f38fb47828ae304c28832685737e4c7b30032795107cf60f4556 |
| SHA512 | 81eef193b30bd80bac23f6774099302c4ac5a09f10ba5e066dbcb1b5a37aaae3ebf9e863100ca4ddb5a25ead484255967115a164c18de5070aff7f3fb97c3902 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f03d872f886effcf189c978dde7ae7e2 |
| SHA1 | 78d80b1fc2f22c4436f2563b7838bf94d745262d |
| SHA256 | 4b3aabcd041ef89292a70610727cd67b9720ebfdd96d0dc736d4e358df566f0d |
| SHA512 | d68fb3d5dafcc66c4bd89a4258380ad903d4471572d07b3705bd2586668c380ad973e8ffb9fe7d17f6f17b95a44006069f40667292a899fb86f64773ce467d99 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d4e9e7e6a7e21cac47205359c1d4072b |
| SHA1 | 66d38976516bd99a3b6cb75c957a0f0cfa0ceb61 |
| SHA256 | d9cf9631411aeda7990109200a1ef2451db5a7d83b46a647cda874f306c7e408 |
| SHA512 | 73530b94ca8218fcb7ee41a0ad8bd853afcff01eda155ac9ed4c8ec67586a0a5a56b50ee16267778e529825b65974d9efd31adb43994f9551a0dad6dc56411d1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 66902532ccef2e71ca55aa7f66cab06f |
| SHA1 | b04b692f1cd21da9fd484d87f0a5e0bf6322f354 |
| SHA256 | a07b519209f471bb666994ba052355bd3f1078108e4f47f178025023b68aeb79 |
| SHA512 | 9291f4983d4a6eb40f6879c132da339431fdc43bd43783f8a494173b95763e24382a56d9ec3dae3ba98e381bf2d7c6588bafdd343903974d141a18f56949fe91 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 430f6123c8e7ce76ad726e7673e942e0 |
| SHA1 | 6b9b8c8cccdb88850adb97c1ffdfc785ecea240f |
| SHA256 | a9ebbb1c07735f5b5a4544cb7edbe1a6b9eae977fac50120f595b996e0c3f778 |
| SHA512 | eb2f212baa3e075d56487945ebbb0ba307b837236dfb778105b4edf520619e058afdcd5283fc066ac6248993e96fdfa42b54542d1bb4fd0237c337f41e88a640 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7dc419abfb64decc4ff5db424d11768e |
| SHA1 | db41dca90c159f63f07705c0990cccf568509130 |
| SHA256 | 3cf2b871e26a8d2c0500882087a96495d96ef04357e52e40ec2e8eecdc2e86ef |
| SHA512 | 6702619570211abf8056dc95dc94298a781be0f1cd9a0abb1c17f673978e99c588a66c3957b05aa1128df55589926a17c07684851c32612b44b1ca9ec007359b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 9f96df2df943a47d54c622e9ed6e1a99 |
| SHA1 | 99bad0493763d18b48914ebbc3a82bb645aba94e |
| SHA256 | 5d37ac436b5745f5ffee0ba9859c2b4a009d19e16b43a29d6918e453e231d425 |
| SHA512 | 012d7a01f399f1a3638ecf4fb5ab60c66f10ca3929aac8ee0d070f974582ad85188e0b364ec0bd8c765a0465641bb44dc0d0a388e2082c326fde4b2cd4945bc7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a014267a68907ef15693d1c3543fac41 |
| SHA1 | d1ae764918712e544637b77beb9b4fe2cfa1cf8d |
| SHA256 | e5136a8e7aeb0b8548c6d45f3ea0eecf459a0895067117ce4ae10112882e6af1 |
| SHA512 | 0c0f9866696d24e6987152d3c3b750de45a42f54266e3c64927624a118344c41cf2baf2c82c4a3433a84facaaec5c4bd9a7de0591db6af1f47ca1767351cdb04 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2d671c269be06259f4e294d1cb31ae0e |
| SHA1 | 164dc5b47c0f82cee7d2b226ac28de97d4819fbc |
| SHA256 | 29c9f105fb4f34a1602a80ea7c6054b3f645401c962d6bcb7d3f4a74a0e99e68 |
| SHA512 | a44c0cb7fe93e521ffdd9a932f2082df1bb253eca59293135c39cd7667bf845ca423ebee1eba2b1e3bcb47df536e8de4c687a4f9e6ccad96f7c75b2ec372bd8f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1ed2899222559cf3ce60c1db4ec1f9ce |
| SHA1 | f982b785a0e7a1961dc955b7e9e99e39d425c33c |
| SHA256 | e46a75317858206c6b03c1e3726dc8f54ab350bf8e2c1cdaff9a6a891f401d73 |
| SHA512 | 47f476a156381b2390f9a7c58547c89efc808a1de56b90e5fcf57ecabba52c67c67da2db16f00a2ae4c6fe32b6b781b7c1c92579debfd5a9a3633a956cc3da64 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b0b8af04af96c2c4c75a0a41d152493a |
| SHA1 | f79e89d2d946ee2c2fc444179bf3c1ec46a19357 |
| SHA256 | 87057224cf0efd285591a521072b276a03baacd4a6c1cb4dc8bd2137ba509095 |
| SHA512 | 1c0d333e960995745afcc64acf96ecc9571bc19c5b10235231e5ed522bf4e232499e167ce5ddf20c6d6b75436fd363690a8a3595ecd7b03ea2602d71e7fbf0d4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bc666b4735a7580d5190040caaa0c21c |
| SHA1 | 90628bac4b1433ef3356b137baf0398150d57eac |
| SHA256 | 971db226fe8e4db6cf5e23d693b62140190671825116d6478f913b2158364101 |
| SHA512 | 71db438038cb3a79afe228249a9d0b700b806fc2a1c8756051e3d387f5ded694c3f7edcef71ee5306196f5d3163c1508b600d3fba1eb1d8a9d2c15bdba6dd631 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 23585114c39ae0f3054765b576af7934 |
| SHA1 | fa9290a1b69aafb251183e4df94fc87948cf3a7e |
| SHA256 | 2201f5b920e70ca231e4db7bcb8bfe5b85ca8c293c1e7f182a2e1d528fa4eb38 |
| SHA512 | 0ddb30b3040bc5d625bb50bf98df171fe8e29267d0b01813183c461983c7733878b069beda0cf95af9c761ace260a38bcb3eb18a16f9f274bc50bcf993df27e2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 79c60f2f7db7579cf4b11001258b648a |
| SHA1 | f1acfde7decdbf87b413f54fa382f43e4b716264 |
| SHA256 | 0ed964fbd6e9c9ffa1f73b3edccc393c4fe4d278b248996231f60293a8db09d9 |
| SHA512 | 9339f07351b316afbd88b44ef00611d34feb404a60f769eac488961f34d28a3a27ea7722fd249ab65b4aeb9265cb95140ee71a9d1acc5cc31bdb0a54311ae793 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ebc7b3efa7b93f8d3b9cdde7310e9643 |
| SHA1 | ede23123faf58b8425ef93a2899ffaedae6761d5 |
| SHA256 | e7091b99f960d4aaaad37fa4dfdda673b9bd7fad39d4382697c54f2e43722390 |
| SHA512 | a7feb9978a430d7058ff74d0b8cc0081b240b191120ce12e0488f7f9ee45d534e5c7b5cc5a9c372aeeb8ee4d99b8ab4fd6f51ad52311c6d7af734283b3e83afe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 10a767cf0fc5f8e59e82fbf7a6dfc131 |
| SHA1 | 44326cfce956f8ae111a11aebec5a8bc25e76acf |
| SHA256 | 6b8abea04235d76e539362ac2f65904e3db84064d90c966404ae3f34b59d969a |
| SHA512 | dae70ff2d9992d35bfd7c2f0208c140e60d331b2be90223901177159de13fb912991fbde7b9abce4caf72669bb1cc3bfc221249dae8a5a120da8ac8684d7071b |
Analysis: behavioral2
Detonation Overview
Submitted
2024-08-25 10:09
Reported
2024-08-25 10:12
Platform
win10v2004-20240802-en
Max time kernel
145s
Max time network
137s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c081dedd51507694bb1c19920f6ae7d6_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ff9991f46f8,0x7ff9991f4708,0x7ff9991f4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,7311948445074961721,6037224215786354764,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,7311948445074961721,6037224215786354764,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,7311948445074961721,6037224215786354764,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2892 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,7311948445074961721,6037224215786354764,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,7311948445074961721,6037224215786354764,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,7311948445074961721,6037224215786354764,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6060 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,7311948445074961721,6037224215786354764,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6060 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,7311948445074961721,6037224215786354764,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,7311948445074961721,6037224215786354764,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,7311948445074961721,6037224215786354764,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,7311948445074961721,6037224215786354764,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,7311948445074961721,6037224215786354764,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4852 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | stackpath.bootstrapcdn.com | udp |
| US | 8.8.8.8:53 | tumblrgallery.com | udp |
| US | 104.18.10.207:443 | stackpath.bootstrapcdn.com | tcp |
| BG | 79.124.78.7:445 | tumblrgallery.com | tcp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| FR | 172.217.20.170:443 | ajax.googleapis.com | tcp |
| US | 8.8.8.8:53 | unpkg.com | udp |
| US | 8.8.8.8:53 | 78.media.tumblr.com | udp |
| US | 8.8.8.8:53 | s7.addthis.com | udp |
| US | 74.114.154.22:443 | 78.media.tumblr.com | tcp |
| US | 74.114.154.22:443 | 78.media.tumblr.com | tcp |
| US | 74.114.154.22:443 | 78.media.tumblr.com | tcp |
| US | 74.114.154.22:443 | 78.media.tumblr.com | tcp |
| US | 104.17.246.203:443 | unpkg.com | tcp |
| GB | 104.96.173.184:443 | s7.addthis.com | tcp |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.10.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.78.124.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.246.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 184.173.96.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.154.114.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.media.tumblr.com | udp |
| US | 192.0.77.3:443 | 64.media.tumblr.com | tcp |
| US | 192.0.77.3:443 | 64.media.tumblr.com | tcp |
| US | 192.0.77.3:443 | 64.media.tumblr.com | tcp |
| US | 192.0.77.3:443 | 64.media.tumblr.com | tcp |
| US | 8.8.8.8:53 | 3.77.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2cnjuh34jbpoint.com | udp |
| NL | 212.117.190.201:445 | 2cnjuh34jbpoint.com | tcp |
| US | 8.8.8.8:53 | 2cnjuh34jbpoint.com | udp |
| NL | 212.117.190.201:139 | 2cnjuh34jbpoint.com | tcp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.142.123.92.in-addr.arpa | udp |
| BG | 79.124.78.7:445 | tumblrgallery.com | tcp |
| US | 8.8.8.8:53 | assets.tumblr.com | udp |
| US | 192.0.77.40:443 | assets.tumblr.com | tcp |
| US | 8.8.8.8:53 | 40.77.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 847d47008dbea51cb1732d54861ba9c9 |
| SHA1 | f2099242027dccb88d6f05760b57f7c89d926c0d |
| SHA256 | 10292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1 |
| SHA512 | bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f |
\??\pipe\LOCAL\crashpad_3176_FRQDWFDFAOOYMJNY
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f9664c896e19205022c094d725f820b6 |
| SHA1 | f8f1baf648df755ba64b412d512446baf88c0184 |
| SHA256 | 7121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e |
| SHA512 | 3fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6efb8969469073b65aa5c1139f0a1110 |
| SHA1 | ea56b3515836e384fbcb2ca3d19f3be38c1e2986 |
| SHA256 | 6575ad777e143ef64299dddb44bf0738d321d31e06560dd6985b6c2ff7283101 |
| SHA512 | 3c5475c6d93afdbd08a84a7d23947f1a8f273c13928e961c71448437ec8886da8a9fb12c7aa59eb08221b68cf564281b0c410fa87a24dbc7c5a0b865a8760a1b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 60fd44c5ac52bd905558f5ce01605f13 |
| SHA1 | 520557dc344691d2064d5a111bdd6dc7419aeaae |
| SHA256 | cc138c542974f67d0330fd7b0bd0f5b432ea111aeaaae89a70fd61cb349820fc |
| SHA512 | 60583bce2ffbd9f347ab6879ab981bb13db8a96b3344f7ac8ff2a585512d866d93dc18f91d3e1b8c2d0a6c77b7723c75ce9ddf1a178c6e2b5206a579e8ac7b22 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b596905b37ffb30c5b39150fd0a9178a |
| SHA1 | 6832a7b6e1e0e9d3aace47129913771b3c429f9e |
| SHA256 | 7742d413b9ca05fc61381efd069235018485fb5880cd78846cf4538f8bd7f3f0 |
| SHA512 | a173d32bc66f403de4c7048f7440cdca8450d262326c3060e889a8d60f3ac6fe32fce6429370a1db3242230fcd99c58c727f4d4e93ea6f772ab7107f60d84732 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | dd1bdbb7c5bacf14149243f2b09f8661 |
| SHA1 | 9a42ec2a94027a6ec630281e494fa52206243c5f |
| SHA256 | 67052e73761a03abce7f0e440584085c5014870ea9d0ca926831b616743df09d |
| SHA512 | 353bd5b41709c9577da0eb8555ba7f6b9ecda9c921470151b7e26b3e21f459e2910109be55a7386bddf741f168a596b20304facee65c0f4ab7dacc4355b006e6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 11a71905af278cee75027b808773ee8b |
| SHA1 | 866ff71d211f4d76050833482704b15cd96b8127 |
| SHA256 | 25ae2e332104d37e77e4e0c6f8d69d699c49e5bdb0ec62f76d88c2711c6a9c1e |
| SHA512 | 42c3610d67b0a286a2558d03554036debcbb0ba3d9d2e5c1d030e0d1fd362b26fec4565d016e3734c680905e8990fe2bf3adc347fae17b082fa178dd96b3dd70 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe585ea5.TMP
| MD5 | 398a8ac88c825023e1f5f5b5b19b7ff4 |
| SHA1 | 35652dc726835edcf9494cd2a4626e5bb8651c17 |
| SHA256 | 75eb3a57ebea44e3cfa88126cee74395dae099193aebaea63d525fea669c0e50 |
| SHA512 | 90321a41c065c2b0863d3a7781b12694dcd4c6a3712c15546ca95a434d49fdb61b7d98e4ecb15538245ed863bc7af9957b99fa4d1607d9bc295afc3c2f9e2692 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | c8e8138d3b622f674e67d90883159f92 |
| SHA1 | fcc55696f0e15ca76afdaa1ea0307d8180f43676 |
| SHA256 | b5dcdf013e979cf30f0f2b9a770d19caaf7fff5f960de3f8a596be7c9a98f516 |
| SHA512 | e119d11b000ef87a94f991b3594ca017869b5f1b56c2e970e0ad821aa638af433e25c39fa35f0c5770c1007261d7bd2eca0d4af0788a1277aba92265a777b89f |