Analysis Overview
SHA256
4526ec0525bff3057178942ae962a1487a4c82ff5ae664eadeddc1f97c8a5a28
Threat Level: No (potentially) malicious behavior was detected
The file 7a17f00a742a68ab27493c4794cd1706_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-27 18:30
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-27 18:30
Reported
2024-05-27 18:32
Platform
win7-20240215-en
Max time kernel
141s
Max time network
142s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008782cfd43a4d6143bd78362b17be40740000000002000000000010660000000100002000000025d0253e49a181b022c626a3de78aedf2ba5032017f29bd653dba9f69a2e3394000000000e8000000002000020000000cf3151fac0765f328f1cbab4b757e6e2b566ad1cb489eceb052a152d1dd50dbd900000008279a418e4f00a6e4388b1960a974e7c384238c5f1225684cc8fdc6f88282e3a377aef7918dc48168599f3fc6d3360d15f86e0e7cdbd56b4ad86dbc855e77e3cff0a60b08b799620c213c5297df712426649c384dd22226100c4c7d87a5a9379776523d222eaf40c8b7c2fa3806e496d90dd56b82a9c99824c982d755cdc934fdfc4923fd43be7305694444e641aae6140000000e00dc325ab1d049b6fe6a655f9c28cea9c2638b4036b43c24c233d781884ded444181f53a8df29a1d39c9e76bb36e8747d8876fc243f26000450f724af3c29a1 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422996482" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008782cfd43a4d6143bd78362b17be40740000000002000000000010660000000100002000000075e3bff33d5f687a2a53c8525805606f89f325abdbec0c5fe4b4eb463d07025b000000000e8000000002000020000000e87a6eaa4c47e189f314e55a4cdc11e884b568919009d9ea2566fd5177b3d3a920000000625a7c568887571f6f0201d90a1206be24daca891f73f66443b720f4d864146840000000c5bb9a00372ae5a6d59895de5aedeb2b04f0640d0e04e665ed8cd7fd10e35d54077a1aa3e23a8b55cea0dcfd6fbf11d96dd32d34e3d8d7df1d569b77efa54ef5 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{28C2A4C1-1C57-11EF-A2CF-6EE901CCE9B5} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90e685fe63b0da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2040 wrote to memory of 2312 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2040 wrote to memory of 2312 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2040 wrote to memory of 2312 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2040 wrote to memory of 2312 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7a17f00a742a68ab27493c4794cd1706_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2040 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | yui.yahooapis.com | udp |
| US | 8.8.8.8:53 | babygracephotography.com | udp |
| US | 8.8.8.8:53 | blog.babygracephotography.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | www.studiocontact.net | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | toolbar.wibiya.com | udp |
| US | 8.8.8.8:53 | tweetboard.com | udp |
| FR | 172.217.20.193:80 | 4.bp.blogspot.com | tcp |
| GB | 87.248.114.12:80 | yui.yahooapis.com | tcp |
| FR | 172.217.20.193:80 | 4.bp.blogspot.com | tcp |
| FR | 172.217.20.193:80 | 4.bp.blogspot.com | tcp |
| FR | 172.217.20.193:80 | 4.bp.blogspot.com | tcp |
| GB | 87.248.114.12:80 | yui.yahooapis.com | tcp |
| GB | 87.248.114.12:80 | yui.yahooapis.com | tcp |
| GB | 87.248.114.12:80 | yui.yahooapis.com | tcp |
| FR | 172.217.20.193:80 | 4.bp.blogspot.com | tcp |
| FR | 172.217.20.193:80 | 4.bp.blogspot.com | tcp |
| FR | 172.217.20.193:80 | 4.bp.blogspot.com | tcp |
| US | 3.33.130.190:80 | babygracephotography.com | tcp |
| US | 3.33.130.190:80 | babygracephotography.com | tcp |
| FR | 172.217.20.193:80 | 4.bp.blogspot.com | tcp |
| FR | 172.217.20.193:80 | 4.bp.blogspot.com | tcp |
| FR | 172.217.20.193:80 | 4.bp.blogspot.com | tcp |
| FR | 172.217.20.193:80 | 4.bp.blogspot.com | tcp |
| FR | 172.217.20.193:80 | 4.bp.blogspot.com | tcp |
| FR | 172.217.20.193:80 | 4.bp.blogspot.com | tcp |
| FR | 172.217.20.193:80 | 4.bp.blogspot.com | tcp |
| FR | 172.217.20.193:80 | 4.bp.blogspot.com | tcp |
| FR | 172.217.20.193:80 | 4.bp.blogspot.com | tcp |
| GB | 87.248.114.12:80 | yui.yahooapis.com | tcp |
| GB | 87.248.114.12:80 | yui.yahooapis.com | tcp |
| FR | 172.217.20.193:80 | 4.bp.blogspot.com | tcp |
| FR | 172.217.20.193:80 | 4.bp.blogspot.com | tcp |
| FR | 172.217.20.193:80 | 4.bp.blogspot.com | tcp |
| FR | 172.217.20.193:80 | 4.bp.blogspot.com | tcp |
| FR | 172.217.20.193:80 | 4.bp.blogspot.com | tcp |
| FR | 172.217.20.193:80 | 4.bp.blogspot.com | tcp |
| US | 165.22.38.244:80 | toolbar.wibiya.com | tcp |
| US | 165.22.38.244:80 | toolbar.wibiya.com | tcp |
| US | 3.19.116.195:80 | tweetboard.com | tcp |
| US | 3.19.116.195:80 | tweetboard.com | tcp |
| US | 8.8.8.8:53 | www.tealdit.com | udp |
| US | 104.21.72.39:80 | www.tealdit.com | tcp |
| US | 104.21.72.39:80 | www.tealdit.com | tcp |
| US | 8.8.8.8:53 | www.hugedomains.com | udp |
| US | 104.21.72.39:443 | www.tealdit.com | tcp |
| US | 104.26.7.37:443 | www.hugedomains.com | tcp |
| US | 104.26.7.37:443 | www.hugedomains.com | tcp |
| FR | 172.217.20.193:80 | 4.bp.blogspot.com | tcp |
| FR | 172.217.20.193:80 | 4.bp.blogspot.com | tcp |
| FR | 142.250.75.238:80 | www.google-analytics.com | tcp |
| FR | 142.250.75.238:80 | www.google-analytics.com | tcp |
| N/A | 127.0.0.1:80 | tcp | |
| N/A | 127.0.0.1:80 | tcp | |
| N/A | 127.0.0.1:80 | tcp | |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OOWQLMJV\calendar-min[1].js
| MD5 | 53be4d85829221f66232d883e3a327c7 |
| SHA1 | 88f8b450538e5aee6d142192cfd8ba9496ecee26 |
| SHA256 | e3468b5f1f6d645c2b1a58636286f72d503b00789205b9d9895b161372a90bb9 |
| SHA512 | 00e5ee012e696829100d11a475dbf31dc19e4ef5220212c34aa0898bf9a1398eef32c361662d3a9df4bf5c992f7990e7e3738f50bd7c730d7a4aeb1cc4c709ee |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OOWQLMJV\yahoo-dom-event[1].js
| MD5 | 8df028d2d3bb6f05621ab23d215ce7ae |
| SHA1 | 3fbe84dae8d7e5d0d776d2ca166eb06c4b21ef99 |
| SHA256 | 51322e416967b25b9e30eff75661f6d108445c040f91a2b590f59f44e3991509 |
| SHA512 | 150dfe2872bbe9620f08be7fae51d468a39a7b673e01444eacc9f106b5011231f475efeb07c371632380e1ce48c3fa4e529aac925f4daaf91aa43cb4f312df42 |
C:\Users\Admin\AppData\Local\Temp\Tar2E45.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\Local\Temp\Cab2E34.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6fb1562c0bc4494bfb1e416301f1cd71 |
| SHA1 | 9f73cb1ae0a51393788bd4e2433f4eaab541eaaa |
| SHA256 | ca6c41f1add8b67954ea434c6c257a45178ad757703a5ee81725b13e7c11352d |
| SHA512 | 0948a86dd12499c5788bc598e5e865b06c91498930eace6d370e4799575a3fd2abe343a699d30746daf07806d7f4416fbab67c903afb484099e3746cd8d05c58 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7fd7eec71938298eed3ede65104e4597 |
| SHA1 | 1e2eb13b081c84a460fd522fa19d7fdad9294e51 |
| SHA256 | 93398d9347ffc7aa0beba5304c5d7d9f428b8a93708618a0dc01cd4ebc52b103 |
| SHA512 | 6bd287f7842e4e52b5ccac625cae41d49fc17e9cdab419b48bc6840c3362a31e8d58f15596dadcaa7543c5138a2a0f37c3f0914599e8fc6fc1af0d82adcf8453 |
C:\Users\Admin\AppData\Local\Temp\Tar2F16.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e6bb5b9ea1465b9ab790d0f7bdc5620c |
| SHA1 | 8a8b4ccb51c4052cc2b260b6bd3fa639a270e4bc |
| SHA256 | 16a78860a9ea6fd524aa2538f58d123f86676081f3f11518964b8b2e90744e56 |
| SHA512 | e5cc520590caf0dd2a35b303a4f49d896111361f529f0675950444ee41ee67d53eabecb8a4fd220fb0e0d7d0707897439c49744b03099a3db1875a84d8ec9db4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 76c48aac8b9214d50168046c64bf55b7 |
| SHA1 | 95847d7a1d98336fd79c8c2e9c67f60bce388ad9 |
| SHA256 | e5abe756bd492d0127d4d4708a06fdae3d9e9ae4a513379dcb7502f91752e564 |
| SHA512 | 215c9a9ade15081378908c6d73734d1e27f914d7c36c6bda52996077020b4dbec1358a21c13f695ae893e242cad047373fd52f03fbe2fb5feb56a506f7b2d517 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 852ab5c3f4d3ecb1bb268a67c1671310 |
| SHA1 | 9234154f3af235c2a3f214c2701c98eed76931af |
| SHA256 | af87faa4cbd46694f92e145a528c55bc03f9348be61bf4b40170f92908d7cd16 |
| SHA512 | 4ddb191a47a0d75f90ce5cf0d36a2007313c7d3c74e277a3d24b4272eb2a1eff4614084434fb4ecca88b93fa8bc6e22d0b4de8adf71aac93e620b3fcc48d42b9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5d607d6b99a9cbfc6a38a750335145e3 |
| SHA1 | 834895a5f57b6335b572ef950910a5175add62e7 |
| SHA256 | 20023ac458c5783db66a2e9a8ae14d4450ea1cd1070eae6e35ece749cc8ca7db |
| SHA512 | f4c986a173a5685ebbfb4d3aacb0c7eda68a1e2ecdf026c890f143f4897508f14c703536f2ba4cbc6caa35ef9875331265cbab9fa9b1e8d0451cf036623aee3b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 39705e1068c0f88edfcf45d891f5dd54 |
| SHA1 | 7d0d10703bfd61d19b418fa58755e03f7b5c9afb |
| SHA256 | 214b4139a0719fb4e6d1b229c978d33afc11f80984106b32c4f08f51f3f40320 |
| SHA512 | 39c516e71de1b3404d3add651062f9bff3e226ee79674efd1e13541e73a108fbc8c454598e89798c6bc8f2f9fd455d6201626a7cfe0b568f9c1637ed6c6d7e06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d4259b479ca59926cf3ef9f1024698ea |
| SHA1 | f7866cbe30b9c8cf13a1bef1ce84a1a9c119ce98 |
| SHA256 | c45e21bc46060dd1edf2b33a5095ce9eb663e1aab023790d3707ee764c8d8f8d |
| SHA512 | 8e37a9fdf5e0b905fe8fab5b338ba0ef837e33d55b6c0cd446402f8f2145e74b2212d5b9fb659efb615214c5c5f29e198ee3635c002831421f6816a71c8d9e6f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | da75de27599d838ec400071421e20a3f |
| SHA1 | 8065c9ea737e27789cb45fdc04cc428582c10bc7 |
| SHA256 | 0c4b3de7a12cad331a9e1daf40c5f09a4d82330bf8d4f826123f748b7aeed0cd |
| SHA512 | 51961afc075878290e0a2d59a79edaaacf1a04ed80c43b33bd9c65b2ce35935dfe33cc35a7646ac5fc62b09fb264a9b9395dd2177b58605d746642647d28780d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a9106bfe29f61ede3c74e55716f3ac49 |
| SHA1 | 002c62ce149221fa58c127ba17e9d737308be158 |
| SHA256 | 3f752efd9d1c9aae452c29033eb0db96a8456a3080b0cb56559a4778a8022120 |
| SHA512 | c3c507e1410072995d71c3d13a1b84452f68864b34b5a79cf538ed243cbea8f499f36b1e4f3ea138424d531859e070160fcfc8a37707cddc275c2cf85d8d3291 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d0340cae748475b52c8364b2ada02f5c |
| SHA1 | 455fb5383e2ae71bf1b2b7593750b0960fc240e1 |
| SHA256 | 6f728c5b27f63fb357c5d529b21327374e99dfeaf4ea89cc502689727ae9416e |
| SHA512 | d20a6015eacbd3de2115a6ba91528464606ee559472c5d5a0b75c0c30573e85f0da24502df872bec63eeed4435047215a1facd0cee612d1cea97e53e70363902 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | b672c22d249f42f29c27bf7bae258baa |
| SHA1 | 65db2802cd84b78733ca2e4a4d519c1a532713bd |
| SHA256 | 6052ec740a00cd743248cd2aa48ef1f94b97185015bfd955bf6b06102e1f5e59 |
| SHA512 | 3c8445aa5e7f21049541608550a805e1e07b7b08d1cf942e204203479afb026d09e79ea4183912fe7a905b9d128259934aab0a7b551bdd929167d5e8a90e8219 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7744449913296475c79d068f581e879c |
| SHA1 | ebf622a6c2a998c5a68b29b258236fbb2cd460bc |
| SHA256 | eca5d1315073f6e6606da5f708fa7f688e61db13049e447499e7810b32158c33 |
| SHA512 | 413e8b21ca2382f0a7e3fb7a054701bd275ba773eb8c6350b2c0df8732ebf4be257c6bbb80725a688c96845c7b2540ab353b9fbe00b402626f2f673831740b83 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 046e028ff81062310d37f6abfaec5f07 |
| SHA1 | 981b74f6b2fdebbbb04b4d80fb7e90822814ae08 |
| SHA256 | db66f854007f85e9da4dd09b99ad8347d224edcd025c5ef377424d3526c6fc69 |
| SHA512 | ce1da3a005eb843d9cbb94b5e5c27de98d12a82a1ae4ec3e09386e0678a2ff2c1d68711139490543aa0df9cbc4cc81d5f6a6b9258edeacae918457017dac370d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2056e0d26da735eadc49f879a5530d08 |
| SHA1 | 0b4f3bf9500030a8b0da95764388c57f15122330 |
| SHA256 | 20b8881e0a752ee67fddc5b0a3fdc57530caf40df84f4b9e401de0306b2f26fe |
| SHA512 | 29911cbaa274ff9bd654c6ccd6ef3d5b9066ae6223fd04d4c2f87504c7802fd814d97e455072e7878de8f1677b280fea6ab49521490024d3346c975f63f4415d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 94d43d7a2609a4d22c1e26e70be50585 |
| SHA1 | f3f1987907ca3c6f1c62ee020efa9091914d1239 |
| SHA256 | d790abbdd98f650142f0dd1a0159be8efced03ede94470e7a55015042fc0bc16 |
| SHA512 | 96a1601ee411d1cfa5c66051675b0b3417b3548155b16c555bf4f379d8ccf37dfd68314204b16025d39316a52a965820984acccb3db8a828217e134decef974d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 575c5ca0572de05fcb10c6dab6f8097d |
| SHA1 | 6f5c1a4f562730ae67ad818616c3ab5b5387ac23 |
| SHA256 | d91d754b4db2743d05157939a33ed2a2f4245bbbccfa16a49f8ab35f5041ec51 |
| SHA512 | c0d8810eb35989c014d2da1c5ea4e2f0cf98a52a88fd99434e5d65cd78c64812f9b435e0cad54c47b0cdb612d2b2ee79a057cb6d8932406359da0eb86c8ebc0b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 49cc61beb2a8c5659a7b9fdf76a13bc4 |
| SHA1 | 136b5279fbdd086a02f1ebd3e18fab4ad2854704 |
| SHA256 | 38ceba421265e9430c22ac71f3f2cf66b198697ef4b8ee0e49175e57f1c0ff67 |
| SHA512 | ad9a52c43628a52687ca478a18c03c45c8f2a468ee3d15bf8066a3b8c23a7e73514d6cabbde9dca2b83d94813c7a575b9479949ca417ce481b4144f8b0b9e0ce |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 41fb2952cdeb3e49c93cf10050b5cf9f |
| SHA1 | d0ad40559cc8506713a98b52f7e9f5926072f2d6 |
| SHA256 | 4ecaef2e1026872055f1db702c4ce0802c9c7f3a94d0d8b7830b0e02268b9109 |
| SHA512 | 703c500e1764b675f829159707e4383e1b9f6d086c1abcd4be676e48e46272fbe8c32a067eb344dde30866e3b50ec90cb6424fb2cc1513012192fe10ad1396ba |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 451d9e7d6f070bd0e5298be90bcd70a0 |
| SHA1 | 759b9bdfcba046115a927f0227ede29882a34bff |
| SHA256 | 0811ac3556edb1872c64aed947affd618a87f3e82a331c421a4cc47f4ac07b27 |
| SHA512 | 5b79d4c271bd25f77a90f9c7310d7667590279b2ef458c574a8cd6bc2fa7574c6a6fcae8e28f20c181d16a5d642b7dd2b9d3bf61bbb148f4d722ff320c321a67 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e535c37e90bbc23ed781d7ea57a1d57d |
| SHA1 | 95638f91f2e4991b0c4b2e4e474ddac951effa4c |
| SHA256 | a0fcd16c83681ccae41601c008a1f1a75c596c5317628bf0b24d0e64fc08de97 |
| SHA512 | 432862f3a3c0ef6fb2a63a0f7fdbd4c8612a69e0619bab7bda185ffbc17ca4d94a53d583155b52034be1b9da3a67a8747845389e0ed8bb4435a1353a13005d76 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e02e5ed4ecf6acff71379978e8417d59 |
| SHA1 | ad8d3e0fc8677d16f15c77b7be767c845317634b |
| SHA256 | 1314a33755376662fa5743f8beb54526420be99088c62ef8b6ca1a5d5cb05871 |
| SHA512 | 508ec0087e6f97dd50080699341d0eb585bbed662241509c858cc87a3a0062cccdfe5f2ac10395f329c5a4db56619ad3429b4f6414dd8bf7727d15589d28591a |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-27 18:30
Reported
2024-05-27 18:32
Platform
win10v2004-20240508-en
Max time kernel
149s
Max time network
149s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\7a17f00a742a68ab27493c4794cd1706_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffee01646f8,0x7ffee0164708,0x7ffee0164718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,5284145353572819499,3970256601704970234,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,5284145353572819499,3970256601704970234,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,5284145353572819499,3970256601704970234,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,5284145353572819499,3970256601704970234,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,5284145353572819499,3970256601704970234,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,5284145353572819499,3970256601704970234,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6068 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,5284145353572819499,3970256601704970234,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6068 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,5284145353572819499,3970256601704970234,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1968 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,5284145353572819499,3970256601704970234,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,5284145353572819499,3970256601704970234,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,5284145353572819499,3970256601704970234,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,5284145353572819499,3970256601704970234,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4876 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | yui.yahooapis.com | udp |
| US | 8.8.8.8:53 | babygracephotography.com | udp |
| US | 8.8.8.8:53 | blog.babygracephotography.com | udp |
| GB | 87.248.114.11:80 | yui.yahooapis.com | tcp |
| GB | 87.248.114.11:80 | yui.yahooapis.com | tcp |
| GB | 87.248.114.11:80 | yui.yahooapis.com | tcp |
| GB | 87.248.114.11:80 | yui.yahooapis.com | tcp |
| US | 3.33.130.190:80 | babygracephotography.com | tcp |
| US | 8.8.8.8:53 | www.studiocontact.net | udp |
| US | 8.8.8.8:53 | www.studiocontact.net | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.114.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 190.130.33.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | s.w.org | udp |
| US | 8.8.8.8:53 | toolbar.wibiya.com | udp |
| US | 8.8.8.8:53 | tweetboard.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 54.209.32.212:80 | tweetboard.com | tcp |
| FR | 172.217.20.193:80 | 2.bp.blogspot.com | tcp |
| FR | 172.217.20.193:80 | 2.bp.blogspot.com | tcp |
| US | 165.22.38.244:80 | toolbar.wibiya.com | tcp |
| FR | 172.217.20.193:80 | 2.bp.blogspot.com | tcp |
| FR | 172.217.20.193:80 | 2.bp.blogspot.com | tcp |
| FR | 172.217.20.193:80 | 2.bp.blogspot.com | tcp |
| FR | 172.217.20.193:80 | 2.bp.blogspot.com | tcp |
| FR | 172.217.20.193:80 | 2.bp.blogspot.com | tcp |
| FR | 172.217.20.193:80 | 2.bp.blogspot.com | tcp |
| FR | 172.217.20.193:80 | 2.bp.blogspot.com | tcp |
| FR | 172.217.20.193:80 | 2.bp.blogspot.com | tcp |
| FR | 172.217.20.193:80 | 2.bp.blogspot.com | tcp |
| FR | 172.217.20.193:80 | 2.bp.blogspot.com | tcp |
| FR | 172.217.20.193:80 | 2.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | www.tealdit.com | udp |
| US | 8.8.8.8:53 | www.hugedomains.com | udp |
| FR | 172.217.20.193:80 | 2.bp.blogspot.com | tcp |
| US | 104.21.72.39:80 | www.tealdit.com | tcp |
| US | 104.26.6.37:443 | www.hugedomains.com | tcp |
| US | 104.21.72.39:443 | www.tealdit.com | tcp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 193.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 244.38.22.165.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.32.209.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.72.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.6.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| N/A | 127.0.0.1:80 | tcp | |
| N/A | 127.0.0.1:80 | tcp | |
| N/A | 127.0.0.1:80 | tcp | |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| NL | 23.62.61.155:443 | www.bing.com | tcp |
| N/A | 127.0.0.1:80 | tcp | |
| N/A | 127.0.0.1:80 | tcp | |
| US | 8.8.8.8:53 | 155.61.62.23.in-addr.arpa | udp |
| N/A | 127.0.0.1:80 | tcp | |
| N/A | 127.0.0.1:80 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | blog.babygracephotography.com | udp |
| N/A | 127.0.0.1:80 | tcp | |
| N/A | 127.0.0.1:80 | tcp | |
| N/A | 127.0.0.1:80 | tcp | |
| N/A | 127.0.0.1:80 | tcp | |
| US | 8.8.8.8:53 | blog.babygracephotography.com | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| N/A | 127.0.0.1:80 | tcp | |
| N/A | 127.0.0.1:80 | tcp | |
| N/A | 127.0.0.1:80 | tcp | |
| N/A | 127.0.0.1:80 | tcp | |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| FR | 172.217.20.202:445 | ajax.googleapis.com | tcp |
| FR | 142.250.75.238:80 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | 238.75.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| FR | 216.58.213.74:139 | ajax.googleapis.com | tcp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.58.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | eaa3db555ab5bc0cb364826204aad3f0 |
| SHA1 | a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca |
| SHA256 | ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b |
| SHA512 | e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4 |
\??\pipe\LOCAL\crashpad_740_PTXYSYBNOLJMWVAO
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4b4f91fa1b362ba5341ecb2836438dea |
| SHA1 | 9561f5aabed742404d455da735259a2c6781fa07 |
| SHA256 | d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c |
| SHA512 | fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d201885558abb682b30d47ea09aff7b1 |
| SHA1 | d836f2d8063a5f0386f242ff7ff657d36e3acd56 |
| SHA256 | 3420297b7cc83c22aefbd1b433810a8b1bdfb72b87959a16bac99120d7f51638 |
| SHA512 | c87b5598b687b7c0901bc55869f8254d2f1542ee05cf2b9f95005c2e91accb7c01d84a3db80417e3c55a472ad684190c58308ef1ea977aee0b58932174a2bc44 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 6af845d2c5e058001f073be8071ee853 |
| SHA1 | 7b5bcbc82157dfbddad9bb97949cd94fa8fdbc87 |
| SHA256 | aed9c8f9a8da9df7ce92151eb796fff573f97befca59f18a3c872e22928aad7f |
| SHA512 | 47ce69565b27e089e94c014d3104116baa5fd9244b661b53d8d7307e3a529868257eb46b008ee2695a80c54f9c887e94456dbfeb18b8ca6ef5734cf06a9ff9e4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 357303a67c2fd8729d77a64418ada065 |
| SHA1 | 82651563c2735e128898239c315d38c68ba68260 |
| SHA256 | ca1702c6de77e00939519305f25cad6522ce2a9f99ef5fa4ce30af6683cd5089 |
| SHA512 | 0cabdbfae022f3f13aec904a0a734e4017d829952d559b17e6889cda8d5ef7e27517b01fe5cd66a883c961f3ca1aebff4abdccc54ab8b129ddbca31a23351cae |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 47665b6b735d5064d011841caddd684d |
| SHA1 | 7e3178e45dcf142185a2f79334a9ecbb0713c9c2 |
| SHA256 | 77a0ee22a24f1650530d6d2346e84eb8bede65de1c7840d94919dac6cd16761d |
| SHA512 | 46f013e095532e56544c9d3f3f960e94e690a97c9241fa1fd1a6e9f1cc62b617dad5ca36302d2fed402ec8721f6cf48640e499a2e4adccfff00c2e23a3f91801 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 9a3aca3f5291d392f442163ac8b38086 |
| SHA1 | 1671f2968e613ca1067cd2b90baf46903bfa345a |
| SHA256 | 562df45648930857adf5f8b8610df1451313af72b7f347f4ac83cfcaf12a4202 |
| SHA512 | 4d9f8656f778097329c318a232ac748a587b1c7fdb3bb0fa44687efb873cb036adfea7928f34b9f6af247f9edbbd1821acbb82fbdb82b90c81332ad76ce960ca |