Analysis Overview
SHA256
43a38ddcc98d3794a6c5c2a742d42fcfb04bd19ed1cc6c0a66e52c9e2b65d1c4
Threat Level: No (potentially) malicious behavior was detected
The file 742adfcfcf8c629ebed309bc95f94182_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of SetWindowsHookEx
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies Internet Explorer settings
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-26 03:15
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-26 03:15
Reported
2024-05-26 03:18
Platform
win7-20240508-en
Max time kernel
118s
Max time network
148s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\NumberOfSubdomains = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e936100000000020000000000106600000001000020000000ef6c8cc00b7a4d85d86bcbbf36d92f6c5032c77f80138c3fd0435fb95482d35d000000000e8000000002000020000000730ac264aae383ecba2d147336c948fabf9181fe7c65e3abe396980b41ba6caa90000000d4505481a88024e20da2808caa26e7ee895b6ad0445e7e0bbe0ee26b27733167df4dbe0cc152e92613ff9bab9f0450544247d5e1b57b5cf43f9fc03b66c6dca3fb0fd5b4c497ec5c667022decdaee76b5cf7c3796f5250d29008402228403168d1c0eda1ee9dc289efb3a6216f6385e9c2e9d1eea90dd15a7f151764c56d02013d6805fd7f62a63fce16eaf23c256ec540000000c2c760b4d0158ffd2886a150e761b340a2e7753e94b17df43cdbec334d1d95299912347d453164dbfafa2183321c497ee561d81278889ddbf024d3d3782ab6ce | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{42A13541-1B0E-11EF-A7A3-7A58A1FDD547} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "18" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "18" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422855220" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e936100000000020000000000106600000001000020000000195b3244157132bb67a33a5de9b40466c95f04d426d9f790ad31a340b01651cf000000000e80000000020000200000006dbfb0fadfb36f1bba9333f951d3a1a22b756f69e613f4951dcdc597be422589200000008c5c9e3acaf5e83bbfa6997c213e4e20d4c52a1ff4e1b8266bfb0346f75c08da40000000c6e8cc04be9dbe9ad3c8ab707bb607b6403259b00b3bbd6dc0e8a86dba7980fb6020c806d59473ae97465b5ea332f778799eadc0723d438eba6092bebec5d62e | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b068cc461bafda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com\ = "18" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2088 wrote to memory of 2988 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2088 wrote to memory of 2988 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2088 wrote to memory of 2988 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2088 wrote to memory of 2988 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\742adfcfcf8c629ebed309bc95f94182_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2088 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | duckshow.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | s.gravatar.com | udp |
| US | 8.8.8.8:53 | stats.wordpress.com | udp |
| GB | 216.58.204.74:80 | fonts.googleapis.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 192.0.73.2:80 | s.gravatar.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 216.58.204.74:80 | fonts.googleapis.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| US | 192.0.73.2:80 | s.gravatar.com | tcp |
| US | 192.0.78.26:80 | stats.wordpress.com | tcp |
| US | 192.0.78.26:80 | stats.wordpress.com | tcp |
| GB | 172.217.169.2:80 | pagead2.googlesyndication.com | tcp |
| GB | 172.217.169.2:80 | pagead2.googlesyndication.com | tcp |
| US | 192.0.73.2:443 | s.gravatar.com | tcp |
| US | 192.0.78.26:443 | stats.wordpress.com | tcp |
| US | 8.8.8.8:53 | cse.google.com | udp |
| GB | 142.250.179.238:443 | cse.google.com | tcp |
| GB | 142.250.179.238:443 | cse.google.com | tcp |
| US | 8.8.8.8:53 | duckshow.com | udp |
| US | 8.8.8.8:53 | duckshow.com | udp |
| US | 8.8.8.8:53 | duckshow.com | udp |
| US | 8.8.8.8:53 | duckshow.com | udp |
| US | 8.8.8.8:53 | duckshow.com | udp |
| US | 8.8.8.8:53 | duckshow.com | udp |
| US | 8.8.8.8:53 | duckshow.com | udp |
| US | 8.8.8.8:53 | duckshow.com | udp |
| US | 8.8.8.8:53 | duckshow.com | udp |
| US | 8.8.8.8:53 | duckshow.com | udp |
| US | 8.8.8.8:53 | duckshow.com | udp |
| US | 8.8.8.8:53 | duckshow.com | udp |
| US | 8.8.8.8:53 | duckshow.com | udp |
| US | 8.8.8.8:53 | duckshow.com | udp |
| US | 8.8.8.8:53 | duckshow.com | udp |
| US | 8.8.8.8:53 | duckshow.com | udp |
| US | 8.8.8.8:53 | duckshow.com | udp |
| US | 8.8.8.8:53 | duckshow.com | udp |
| US | 8.8.8.8:53 | duckshow.com | udp |
| US | 8.8.8.8:53 | duckshow.com | udp |
| US | 8.8.8.8:53 | duckshow.com | udp |
| US | 8.8.8.8:53 | duckshow.com | udp |
| US | 8.8.8.8:53 | duckshow.com | udp |
| US | 8.8.8.8:53 | duckshow.com | udp |
| US | 8.8.8.8:53 | duckshow.com | udp |
| US | 8.8.8.8:53 | duckshow.com | udp |
| US | 8.8.8.8:53 | duckshow.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | duckshow.com | udp |
| US | 8.8.8.8:53 | duckshow.com | udp |
| US | 8.8.8.8:53 | duckshow.com | udp |
| US | 8.8.8.8:53 | duckshow.com | udp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | rcm.amazon.com | udp |
| US | 8.8.8.8:53 | intensedebate.com | udp |
| US | 8.8.8.8:53 | edge.quantserve.com | udp |
| US | 192.0.123.246:80 | intensedebate.com | tcp |
| US | 192.0.123.246:80 | intensedebate.com | tcp |
| DE | 91.228.74.244:80 | edge.quantserve.com | tcp |
| DE | 91.228.74.244:80 | edge.quantserve.com | tcp |
| US | 8.8.8.8:53 | pixel.quantcount.com | udp |
| US | 8.8.8.8:53 | pixel.quantserve.com | udp |
| DE | 91.228.74.159:443 | pixel.quantserve.com | tcp |
| DE | 91.228.74.166:443 | pixel.quantserve.com | tcp |
| DE | 91.228.74.166:443 | pixel.quantserve.com | tcp |
| US | 192.0.123.246:443 | intensedebate.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 216.58.201.98:443 | googleads.g.doubleclick.net | tcp |
| GB | 216.58.201.98:443 | googleads.g.doubleclick.net | tcp |
| GB | 216.58.201.98:443 | googleads.g.doubleclick.net | tcp |
| GB | 216.58.201.98:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | rcm.amazon.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | fe0.google.com | udp |
Files
C:\Users\Admin\AppData\Local\Temp\CabFBC.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\Tar102C.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b2fd79c61b751f60e71a150c6ff6c1ab |
| SHA1 | 6f3f6b159e5a34516ba8185ade9db6794bcb351d |
| SHA256 | fb7f57cb57a90a762167460b8a30dacfa3c71d95c8290e07942f6db91a809124 |
| SHA512 | a9728ba2dc72abd6eaa02c7541988ce2fa852375e8d83e93f630d6c8ba6793b9a7cfda34b6d0e88fe4ac1be5a3459228c71194709d5ca3d817e89d48a6daf55c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3323b7c9ec4f7251b120d1e65b0515c4 |
| SHA1 | 22dd582b9318a5736a31b54df405c69660d45d74 |
| SHA256 | 342cd352b508585a67937edd91e283df9a7d74121e4477838018216a7cd2a039 |
| SHA512 | 7ef21f5a8dbe0ac14c3181931ab857643917a73eae593295ed9b4f1d6658995bc113f24a2a5e5a4adf517d4e07019bb2eb348c6d75ac00949e4c1d3ced92a90b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f79fa94829e5115e00a3322375b47600 |
| SHA1 | eacc1e4d3f596f5ab381fac29497441ce7ee1d38 |
| SHA256 | c64ed4f939fc58311f5af15bade65dfb8eb2ef5f67d1295364ef9d1a5c7ce427 |
| SHA512 | 522d13a1a3edcc3443dc272e3c89c5b6bef3c265c6254cf190dda254077720d3df2474b734f21908d1a02e07ed2a4f190fb595de0accf2bd1042c902efa3189f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e35a5a82da27abace6da545a26a8d245 |
| SHA1 | d69a154504d9cad35fd60dd856927869df954c74 |
| SHA256 | 6d6cf28c4c0c130d0040b9842bba91191a5c7e5891ee1e88da5e654f238a8480 |
| SHA512 | dbace0719de7ecf338a82d3f9528ff0aec6da458cf62d6f53161242eba41b52b515cbb8638dfaf17ac92a40c5b69888f969ef4eea50c0b21b568f7a228115cac |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 905449a00eda97b728847ac42107e7a1 |
| SHA1 | 4e549158d281bcc454a046692d32473637ba0762 |
| SHA256 | b522919bdfb753552b5db3b4750f102f1fee32dfd3665322451569b6187dbe43 |
| SHA512 | 054f3c963e68aa3ef5e4a7d42042f607de766d07c5b89c9462113efd0defb9b4aa9501e400cfc00cc9824c0901a30459f318aceb9a4a06baad44ceaae10c8b3f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d949ce59e272ddc2c4f90b6a8ab7a90b |
| SHA1 | a8bf42d90793f5aa95b5b5c98dd3d041468224a7 |
| SHA256 | bdd9caa80a1de106fc455795bab2c53f907e854068f86a59015dd96e0c32a503 |
| SHA512 | e651a00afba985f0758cb4f76cdb9f042384e935e95e5776ef35ff4b98600d6822472b490509e38eb88399f409e9519dc218139e513f24eb59b1bf860d1676bd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 18fc880f939ba21543ebc1afe5bfee58 |
| SHA1 | 2fa3fdf0ed8ccac3e470e532d93a4e02eda0dbcc |
| SHA256 | 66eef50521eed192da9d6d7afaf8873717eea88759a6b82f357e1a1d09040bd0 |
| SHA512 | 7f04a80c1702d6f8eab704052708da2ae249a19a3fb22dc3e1d4b751eb2ff1634d4725ea713aa2b3f985a70f5cd446e8cdd1cfb3e6089d062d5bacddb993ed39 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0d86e29205151f931e327d554482d55d |
| SHA1 | cbab84bb47cbe2854a391ac14ba82195152c7254 |
| SHA256 | 24eb89c1a1124da2c4ba3b6fc88bbe470cc9cd0132c12b9a5fd39daf6b5e019e |
| SHA512 | a763d11a7743243f54c237347ca0583cbae72d243fd7e250bf7bc0f226c30a69aa31c7b8777ea3059e8503df6a5edd4d355d8b798e9f9baa032202835f25e28a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a87b4741e361b030db96663bbea53793 |
| SHA1 | 2c0599a4e1b92643ddc51a658ffef62b27ae1d74 |
| SHA256 | c5fb05cfbd24e44ee54371faf1f5d7c6ac67851603cfff5568b0fa6dbde61b38 |
| SHA512 | 3217df1ba0a226d72bafa1e0d2675801cd9354eb28b841a4b1ef6c9f331c9da5bf4b7719b3405e8b481b8b06ac1038c7f530281feb218367b449d597cc62952b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 09a300e4c3955bc8b7d83076107b5101 |
| SHA1 | a023842c5d38cea355a8623756db27288c0a1399 |
| SHA256 | 4c57907daa045812bf662221508d3a23793a5c5915a7e1deaf565bffffb4d21e |
| SHA512 | ac3b711249e70d53a2b04df1d198f5a910f3a713946757c60c9bddc8f76c2b4549730615fd67160fde3c21524ba9f1a89e001546622b05fc89d3415b360558d3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 87d81a0f2aa29c6aed41faf8de60bb64 |
| SHA1 | 7eab3d3c0193c0bad172dc51f72bb100d785af2b |
| SHA256 | ef60ed1eebe6240aa770b7a51e3b946123b0be777b1322ffc3204d0256559edb |
| SHA512 | f5ebc091b749c7ade579e95ab3c8fc2e6b0fe4a96d88f91464276d9a622d25f57ea8ce878d6abcadfe9c90417e200f92959c9be5de4131929bf22605777d450a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b2930db9fe0617028aa47bd0ce7a0a04 |
| SHA1 | 75fb9edaef377f9feb84debe7660e6dcadd10f6e |
| SHA256 | 7ee31119d551a65fd86b0adc9c34575accee47313174718784f291c8943ecb47 |
| SHA512 | 6312e891598aac61774261638bd21a1a1a1683e4c3e1df374e7501502a6b383db7f4a0ee6213dba8e47ce23e040452ebe454b2658aeda08175fba508ea860180 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fe8dd4a77e244ca069cf8e960019377a |
| SHA1 | 58c99be74152168eab6397f8cf2c465a4e612a71 |
| SHA256 | 302c2656a2e5855c3c3b187b2b67eaf1c8a69873e473c45b180d903b3d4d254d |
| SHA512 | 5133977661da50134dc1766a22fb557b90989428009dc6591a2319ecde01519670704f2cbf86b006b4718ca58d4be0cad9db6a12f2fdf9f3da36b9f2998311b2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cf2442b30cb8ff316af68fe7eacc9275 |
| SHA1 | 2ebf082e6ed3a63fb786102992795ad32394a9d3 |
| SHA256 | 17d463cddf83bc47e05bf38d417ae038d168332b05e460b42100005325fd35fa |
| SHA512 | d3a4fc688fdb2db1aee8fcd7edad0756934ce87701c8593f166dd59d2f12f6df328b581ba329080fd9ea2f3085978b1b914114d9b71ff5a7ef1a8ad404ead134 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9eea5a8a22e409070fbea0e4aaea0287 |
| SHA1 | dbe468d90957412eb78737febc7331247af134cb |
| SHA256 | be1d1aa10630b00da1798fc6b2efd0b1f2b89c07dda6ddf4ffd36b24c4d4fdbb |
| SHA512 | 2f1ed042d5ea43bb72f68a1bacba1f786ac1dcd5658c8b940a3f8ea5462cde73fef4e3cd1be45237536ec413c7bc20790ba950e7907a953464684707a9817400 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b5b620f4cd9e86bc8cbb232fa47bdf38 |
| SHA1 | a1c414bb1d5f8bb9beef90cbbb53f6ab46208eca |
| SHA256 | c594d7c1f2e68bf3f1921237ef3b63fe97e019ab564f12039ae2e915a9472923 |
| SHA512 | 1c6085892d20bda8dc04289d8ea9e686ba1797e9d7f83eb6eb0e3ae8bfce09fcc48299728f98416da181440b953a3ecfe2f1e52de3281917e0f453ca719412d2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4c4499108a25879f41e583eaee403e5c |
| SHA1 | 91d0cd07b5bad8e4c5dbcb36a666ea63d911a6e8 |
| SHA256 | 3c7800e62b42577c54a575632bef896dfef396a0739c3dc91e71f8d4b1b41d6b |
| SHA512 | ef064afdd1a994a199e1439e7acdc0f881a20e7480cb9d7e81ed393289fac1f2e6e225c5b9be6e9b798bb30189be303691ffd90a8503d23f2da7eabca862f729 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 819cf228f4eae13229da45fa5a6b20c2 |
| SHA1 | 5e52db71db0abac3af22c6c78cdeb280090f15ae |
| SHA256 | d70f1bdd965d112bd12f33585a6441254b66d22c603b36001057818f679a97f9 |
| SHA512 | b6c8324b6f8786d55d60c0b3c01a22741cadcc84f5eef90bbdebce34d0d9f17b0409383b2bb88f573f2e315c6eaf1d716df7d6028338a56709ba46ee701bebd8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5b9c4bd08d6887895434dfd537eaf572 |
| SHA1 | 55165268b727905aecf2f4cc0406887ee536190d |
| SHA256 | f9ed73ebc97d57f87f883b4ddb957e92602f4cc50acebda6cbc1d40318207fc0 |
| SHA512 | a5aa74b4d27dbbbbf6d65cbe5608e00b9b4614750cd370c8131a6bb8bfda9fb25e736839c5db14d0395dc4f03384495c94ce24ebb57bb7d86d5aed2ec5bbc424 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2e989a7d03b10686a0bc48a35ce259e4 |
| SHA1 | f6e91a4da3368ac55f2244e2120e0811273fb37b |
| SHA256 | fe6b88d9ebebd2466492b3d886b491a43727b3120ea2fac909ac465f2c32dbf6 |
| SHA512 | 07f9b94ad525f21a30a3fed246aa8715ba8a9cdb0c978802a178865f3e8972147474054da1ca3c49ef96c594ac816d8adc63f06ef7a7e0ea584278dab647383f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9d3398059500e532541b508aa68866d1 |
| SHA1 | c321494d28db8941e4807c519c6b34e97c2686d5 |
| SHA256 | 352c46f0598c29ca751b100c3943eab97385b7962fe336bab3821db99806e0c4 |
| SHA512 | 8b1c71de92893803c43e9fc3eedaefe124f4452cd534bd61e2e4ef2060e027fddd19361b446dbd96b84b0764529911702603b5b43dfbe5891e09b4ea4aa9e726 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-26 03:15
Reported
2024-05-26 03:18
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
138s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\742adfcfcf8c629ebed309bc95f94182_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc19cc46f8,0x7ffc19cc4708,0x7ffc19cc4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,18158288611781221013,13030647366277452681,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,18158288611781221013,13030647366277452681,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2340 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,18158288611781221013,13030647366277452681,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2948 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18158288611781221013,13030647366277452681,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18158288611781221013,13030647366277452681,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18158288611781221013,13030647366277452681,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18158288611781221013,13030647366277452681,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18158288611781221013,13030647366277452681,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18158288611781221013,13030647366277452681,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4876 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,18158288611781221013,13030647366277452681,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6304 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,18158288611781221013,13030647366277452681,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6304 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18158288611781221013,13030647366277452681,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18158288611781221013,13030647366277452681,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18158288611781221013,13030647366277452681,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18158288611781221013,13030647366277452681,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2544 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,18158288611781221013,13030647366277452681,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5200 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | duckshow.com | udp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 216.58.204.74:80 | fonts.googleapis.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | cse.google.com | udp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 142.250.179.238:443 | cse.google.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | udp |
| US | 8.8.8.8:53 | stats.wordpress.com | udp |
| US | 8.8.8.8:53 | s.gravatar.com | udp |
| US | 192.0.73.2:80 | s.gravatar.com | tcp |
| US | 192.0.78.27:80 | stats.wordpress.com | tcp |
| GB | 172.217.169.2:80 | pagead2.googlesyndication.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.73.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.78.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 192.0.73.2:443 | s.gravatar.com | tcp |
| US | 192.0.78.27:443 | stats.wordpress.com | tcp |
| US | 8.8.8.8:53 | rcm.amazon.com | udp |
| US | 8.8.8.8:53 | intensedebate.com | udp |
| US | 192.0.123.246:80 | intensedebate.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.179.226:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | edge.quantserve.com | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| DE | 91.228.74.244:80 | edge.quantserve.com | tcp |
| GB | 163.70.151.21:445 | connect.facebook.net | tcp |
| US | 192.0.123.246:443 | intensedebate.com | tcp |
| GB | 142.250.179.226:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 226.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 246.123.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 244.74.228.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| GB | 163.70.151.21:139 | connect.facebook.net | tcp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | rules.quantcount.com | udp |
| IE | 18.66.171.123:445 | rules.quantcount.com | tcp |
| US | 8.8.8.8:53 | rules.quantcount.com | udp |
| IE | 18.66.171.11:445 | rules.quantcount.com | tcp |
| IE | 18.66.171.87:445 | rules.quantcount.com | tcp |
| IE | 18.66.171.10:445 | rules.quantcount.com | tcp |
| IE | 18.66.171.87:139 | rules.quantcount.com | tcp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pixel.wp.com | udp |
| US | 8.8.8.8:53 | pixel.quantcount.com | udp |
| US | 8.8.8.8:53 | pixel.quantserve.com | udp |
| US | 192.0.76.3:445 | pixel.wp.com | tcp |
| DE | 91.228.74.200:443 | pixel.quantserve.com | tcp |
| DE | 91.228.74.166:443 | pixel.quantserve.com | tcp |
| US | 8.8.8.8:53 | 200.74.228.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.74.228.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pixel.wp.com | udp |
| US | 8.8.8.8:53 | 91.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | intensedebate.com | udp |
| US | 192.0.123.246:445 | intensedebate.com | tcp |
| US | 192.0.123.247:445 | intensedebate.com | tcp |
| US | 192.0.123.246:139 | intensedebate.com | tcp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 225.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4158365912175436289496136e7912c2 |
| SHA1 | 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59 |
| SHA256 | 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1 |
| SHA512 | 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b |
\??\pipe\LOCAL\crashpad_1428_PKMSCCLHCPUCLUIN
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ce4c898f8fc7601e2fbc252fdadb5115 |
| SHA1 | 01bf06badc5da353e539c7c07527d30dccc55a91 |
| SHA256 | bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa |
| SHA512 | 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5c90bc8f0f13497ca9c35acd7c2113d8 |
| SHA1 | a2188fcfd058f8ea039176862da978e63bb838ca |
| SHA256 | a9d2efb1078e23101c98a9c814269d6bbed567133df73c1143e21a6d55cc9e56 |
| SHA512 | 2c23ec4406a6c99555eb77cfc184a9b018506d72daee7aa77e00bf8bf3186fa03fc279dcc76827c9740e8acf2506fe2e9f61ab02194fff70e28eb1d2984f45f0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 42882dcdb9f0aae7c0fcda7f1c6d2517 |
| SHA1 | 2f604d8e392ee19e855004497d3ca25d5c40f7dd |
| SHA256 | f95a11611837b3ad68ca7b71d36c01ea3a3a8754a4d8be32687b3b757073b8d6 |
| SHA512 | 0a26b35feaa8fbe48c0a22f8b86944932800125e79173d0379adf3aeb757fb4636e979792b766191680e8f6c364bd67cfffde58ffde078f057f51c14a366978d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ad066c8add9ca91b32afffc3662cab87 |
| SHA1 | 5b4b581cf644e4ba9e56b23d67cbaabc45294dfd |
| SHA256 | 0a16569bbeeb012efbf9d8d7c2bd877e1161b72edc4aab6edee2897a03bf5254 |
| SHA512 | bdc10984370d1aa81fe39e3598a40c41cc39614bdf88d5b04dc30d73b453c6a0f0cce72802c7b490eb7d93c8afbd0c722a4e0dfeab1b9b089b466cfdfd7fb218 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ce0c2e66b34eab598d2222cb86434c52 |
| SHA1 | 5692049f48c96e8e85ad2e49aa70a204c3fa41a1 |
| SHA256 | f95c1b030d4ca2c5ac421b26bfc22269a3b416be2ada5c8294eadcfa3eef9582 |
| SHA512 | eff3e413b26106f275efae10129711ed4b310f05432bd4eafca82f08ba99cbb153dbf691f3f64af7cedf9097dda8d39a8eab7904ed6282655c79ca6a29213306 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582de1.TMP
| MD5 | 4f12b1c4ff1cbb1407b42df518099856 |
| SHA1 | 0d15410d692c6ed7b8bd55d6b468047a267eb0c7 |
| SHA256 | c64915e8bdcd2ee4e0a5be112cf92cfd3e9431c11f45bb11798520572a3d3fff |
| SHA512 | 7ca446abc4d116f140777a3b60db77f734362e43eff4c4821e8813d297bd4a14f019f355cf9294dc48c144b7d5ddb36ea90e4394fa769b8eb72378ad18ee679a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 307648aa852fa870e0272ad7778a2ddb |
| SHA1 | 9f7875e849aa66d6faecd839f0695bfff76f6e86 |
| SHA256 | a33d5e905b4d0db29d46aba571c3d28ccfc6c03a4581c8d50f7dd5f87fe6fdfc |
| SHA512 | f9dca69ea8cd19d0b80251fea1f9b2c963ea785b60c464171c4457cc7a8b50985343aa3e652225455c41e0d92cd3d38c0674871d3b44e1b447424a30c7b5ed2b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 818528a0e5290bc472ff3f438a7c3992 |
| SHA1 | 694aaeb3fdeaa45c82c48e9ab7bcf7f4f4c756fa |
| SHA256 | ecb1cb9d2e5e399e0acffc088d34ed5541262af4be074c9b96c45351e150f351 |
| SHA512 | c65dddb454b127f692e0c13a3d7b543c6a0ac6a690f89f6249b2832e0d32f522393a4800b0ac8ff65e66e881fd9c776535141d4f74c42d8b2462d590fe6e408b |