Analysis Overview
SHA256
343e6f24e7d24932497c70bbbb0ad3f76eca21d8f996bcedd725d73ee3b15533
Threat Level: No (potentially) malicious behavior was detected
The file 91de8d717e12f7b02864abc390bfbafe_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 12:58
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 12:58
Reported
2024-06-03 13:00
Platform
win7-20240508-en
Max time kernel
133s
Max time network
127s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "18" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 906d7fc2b5b5da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b00000000020000000000106600000001000020000000c11b7884c804edb5b23d24e01c779f13fff31c1b49926e1d438f3fc8be02e3b9000000000e80000000020000200000006460d7dd093a98069b0b3286497fb1139ab7637c30956c944ef1a1c4928211b9200000005f568775364cf8b4daa44094171d9229d176100337866aeddd5c8528b61b7fdd40000000b4d55db8a900b98ff5067867f2c64bf5b06d58c657b853fb67bc8c65dff8804d05301fb29005666a918b340bc18b6b9fea5bc0186dd28fa05140a3b64f4a2038 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b00000000020000000000106600000001000020000000075cf5ac5e92057e678fccfec39e9a5e986e201bbb70ab8616b5d4653fa02c65000000000e800000000200002000000017ff4fd28049453640b69b8c0769e7c6e0f3f4ca039359dae9a37bfbe6e76b2190000000e2023e414738a61c7eb80b21e39cabfe53128614fde98470ed4c5c0731b32bf84677dd0f59d41985b087235e2223fd7ad68d26543b9a759265f44a6f54580f28a5b379e4cca0d48aede909e8acaabd57bc7c4f331cf45ef30d5fb416ae810038eaff678a96344fb1a6feea7f8202bb37571d87b087ca1faaeff21a412943694227ed9ebfdcc2440f1dad477e99db933140000000370e11142387665ae0ff6e4d05a6f8cf57051735a408fd75081ebcabe068eac1ff54cca0a8ffe262a96b155437224ae7ba2ab45afd7696e040742b9307298841 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com\ = "18" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DOMStorage | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\NumberOfSubdomains = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "18" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423581355" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{ECCD69D1-21A8-11EF-91CF-DEECE6B0C1A4} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2412 wrote to memory of 2004 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2412 wrote to memory of 2004 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2412 wrote to memory of 2004 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2412 wrote to memory of 2004 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91de8d717e12f7b02864abc390bfbafe_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2412 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.180.2:80 | pagead2.googlesyndication.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.180.2:80 | pagead2.googlesyndication.com | tcp |
| PL | 93.184.220.66:80 | platform.twitter.com | tcp |
| PL | 93.184.220.66:80 | platform.twitter.com | tcp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| GB | 216.58.201.110:80 | developers.google.com | tcp |
| GB | 216.58.201.110:80 | developers.google.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | tcp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.200.2:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.200.2:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.200.2:443 | googleads.g.doubleclick.net | tcp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | fe0.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IO0LJX84\cb=gapi[1].js
| MD5 | 0fe383a7ddb9bbaefc3105b3297f5583 |
| SHA1 | f80c9d789f251909c7560bd91a9e1b9a10c26362 |
| SHA256 | d7ad4aad4e48174c30ef21fc32c9380659d2c99a5c39680e10ed9752139d8683 |
| SHA512 | 31de1f59377bc76e5d602d02273867ce750bbbccb7edc8f2803c0188002ecae6752ac3ec31c2108e64b0d871b01e6a8a06711969dc68bd9823303def0e7c1ee4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 047ad2e8a1f2c26d8c413363551eafb8 |
| SHA1 | 02080c2b64a9c9aba371136405a52e40469b8991 |
| SHA256 | 4b43a3eb89f8298348d9c761152b2d502df2fab1c34971c5bd930b43edd1633f |
| SHA512 | 2d1553d63e3acc5fd65d431fb0bf14c8816fbb5b99e1ce22ab570385b2c25a7f20cb0a1e0b0310c6c4f32190dc9de0c887a0e4742d39f7df0912b46f0008923b |
C:\Users\Admin\AppData\Local\Temp\Tar33DF.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\Local\Temp\Cab33DE.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar3482.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 72bbb18a5be4d980d7d14e86b92875fc |
| SHA1 | 1783240bae20e7ab3ed431d920ad25899d25ba57 |
| SHA256 | 8e822a2d7de58c6d9d91b0aba289530bfe7a68d8b20dbc80b1109cae320890d2 |
| SHA512 | 066117b28e87e9360826f103d18bdebe83b3efa91be594d4465cc360182b9c5c9cb1dd46c0510d7303c5573de15e16275743981c5d552ec0b8e961b1c1c77b61 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bffe1c38100fb779d8be3b354e0d4b6e |
| SHA1 | 050c49410c553472148db1ef7238d396ac2e07f2 |
| SHA256 | 6cb1d03158085b413c1d4d14f394d0788761d15499258826b74a6665fdd01a3e |
| SHA512 | 79e4ad517d110a4e1c79adb4e63c58ce548d09add0d1fde522f5b78cee17a163e89f552a87a81eaac4ea42d73cccc51ce00dc5dc4547e3b8ce3889cb891bb5da |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9d481979785d92d2f51ebc027db63fb1 |
| SHA1 | a02cc1b5f5a5ed1fe96787fe819530a4af90ff50 |
| SHA256 | cb9ac027a40908d0925d23e6321994b6143b33fda2f55d11d9d0109043cf8807 |
| SHA512 | 25399b03f6f0769016ba36a84d1745e5c9bf7e3167d80fd7bb2f0aa08ea86b92bc68876724157b0df80cbd06b92c70637090bbff0b32bba220e5f4a7b2c2fc9e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5fe3c5f6cc675550a01b880d15519357 |
| SHA1 | 7a7d2fde30f1427606e4ebe5cf762097cba436e2 |
| SHA256 | 4cae203a92744f2dbbefff6a5d836d56214c28f9c2e665fdcb35fd8dd52b83fa |
| SHA512 | 8234ad32b74ffadffab1ea7a8b81a3205aa4f11774de83251ad0b9ff4040dbd80915b5c8415513cfbfe7fbbeae021d3b84b46128bf6f644b638b755a58c0d311 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bd9315d57009a8d2ed3192d87f731376 |
| SHA1 | 1a956f3e85c349df4be7f6e0c833429c49d9847f |
| SHA256 | 8c8667155739b5e7f03c3a7dec9b75544e65fc0d5e64154a1f1f00f5fbfe57ce |
| SHA512 | a26cd70238b44a1cff5248a287e9f79b473721778e5c3330b46e2d064974c0794a2317e57babcc75d3ac138a0875c2598108f44dcf6f22173c0a57001b911c95 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e22836a5eee0f1c570df86d62ccdbce8 |
| SHA1 | 2d2440fe223935eb2c9735156bc8a7e3ea0bef0c |
| SHA256 | 3576788086b15fde8edb8b5903d786dba1fb676b5bdc30efa4d4bccc27fefe2c |
| SHA512 | 22b91e2431ce26e025c58bf2dd3f8c7169f82c8415a16d98b092e3aed522c11aca000023d0a47cec528f5b0a3dcd229775977b0a8decaaf41bf014225f66d412 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c2177220f2ad2c225df7b8e92aef4ba3 |
| SHA1 | be235bf457c94a0e85682ccd6daab8444d847374 |
| SHA256 | a604a9466b54147d44c0460bf27c7d8303d0a6ac51672fd9ee6ab5977f386f76 |
| SHA512 | b93124fd3bdc3aeb6c26261449dd66cb01416f6e0d0fc9057b74a782a013a3535af155d786924362dc46346ada59be7bd3dc83903e692111e82301ef27548057 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 95757e75ff56ef7557db8621f805fc43 |
| SHA1 | 7e4575a280c5f001e18c9e1fa632da7aa227dcdb |
| SHA256 | bfc8b5612be370da2fdb0bfe249b3ab211fee621f21ea257fbb1e71c2cc0b8f2 |
| SHA512 | 0ca45562341521a07a96affa9f5ee196fd4fe3881271a118b775cfde17af771b86d380fcec4e78185a820a587129c6ee417eb831ffa8d29d55145b528d2896d6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cc7fe3b4157fa556b6f0722a8ca4d675 |
| SHA1 | 8dae7d8c44b9d9acff1c23a6f494e9208e35051b |
| SHA256 | a20eb038b5115ab4eec964d3c7fe467bc939cde5d6c9c989acee8e42cbe49ad4 |
| SHA512 | d02d716248d9cfd290158e310d34d22f0dbcb569afedd86d3b949498cf11e3bbdc80f36dc0831f35e488965b3d5a640f75c7b6381db129d7ffa3b863dce9baa8 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\52G8PVLC\3604799710-postmessagerelay[1].js
| MD5 | 40aaadf2a7451d276b940cddefb2d0ed |
| SHA1 | b2fc8129a4f5e5a0c8cb631218f40a4230444d9e |
| SHA256 | 4b515a19e688085b55f51f1eda7bc3e51404e8f59b64652e094994baf7be28f2 |
| SHA512 | 6f66544481257ff36cda85da81960a848ebcf86c2eb7bbe685c9b6a0e91bca9fc9879c4844315c90afd9158f1d54398f0f1d650d50204e77692e48b39a038d50 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IO0LJX84\rpc_shindig_random[1].js
| MD5 | 6a90a8e611705b6e5953757cc549ce8c |
| SHA1 | 3e7416db7afe4cfdf3980daba308df560b4bede6 |
| SHA256 | 51fdd911dc05b1208911b0123aed6b542e9d9f04c94d7504c63d89ca259ef679 |
| SHA512 | 583636571c015af525cddd5b8dc2ac9964aba5a7a9b0acd3908e4aeb4c2ee74cdfaabe49b0aa13d7b142748542426864e91e88e90d7f73bc647f0bfecb0ff7bd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 50a2b4948abc4b7cfd119a372ff0f523 |
| SHA1 | 00873494314490553135316ed6f6b18ff3f77767 |
| SHA256 | 5d63232c7edf1d1b35d8283bbc82ba7968e0f31bcc6501c481a33e2b6df27660 |
| SHA512 | ecde5dc65c22e5de5a64b9a4fd0b69282369cb58dcdbaa659c7d276a5760925ea0e6626d255d6ee682ac5ab490bc78f53bacdf3e8ad82f70afe7e2b0b9910c3d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 952546f4acb317a84b603948277c922f |
| SHA1 | 21da25dca25b9259df0085cff2fcf690ef45c83b |
| SHA256 | f4a98c9be2ff81cf965fb40883749f910583ff218ad04bb09c67eddaa0691928 |
| SHA512 | 02a0c110e54b4c258c9d541d5e8708c989501058ee8c850d5db49f363694e905cbf8ee85baef1b859f7c8c464bce728da39004f0f391e1a6dcea2818b699555d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dbc2fbd173458e5fad3eec59b63a8b5d |
| SHA1 | 82ae14eeca015c6f38baea8273d07f98b9f902a5 |
| SHA256 | 0917ce4965afa1570947de479cd979b62e348dd882559679e8082cb330a1b01a |
| SHA512 | 781503ef662438da7631b6a75932d3da32f1b219f014dfe289c19ab30c993b840fc16d9ef32694b8853e57a7af089b49a9cf6c66c2f25594467bef11c58cd833 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e59e2d30ba1442d68f348099dca212a0 |
| SHA1 | 91c262563e15f3cb985c18b033c76a0266baf60f |
| SHA256 | 683d3a0fe6a85320bcf73b0bcf6e75be4c420f27c9c22298de3ee6b719a7456f |
| SHA512 | 4ca0eef3d33c37c24e416365193e3c4f2d096803fac460cafd71a87a1fcc25999f00d0ab29596d57eedea9a9cd8747aae3da0a7ac2ac2be3345b3cc8ca90c89e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6e8b9554137f4af96d8993ce1918b53f |
| SHA1 | 82c63bb540138f072d03d954cd7edbd2c58b5fce |
| SHA256 | 9fea0403064475d0cd104aa57e2d89e7560aef8d24f06d68fce1ae804ad71ff4 |
| SHA512 | 9d4c25179b55f6238ddb547dab896f0ea81fe0deba6e048dbdd9a11877d9a28c03808275cca8c35db4fd5ac6b3b637252456ad2d68994b5b88c2708d49e457b9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9bce0d48887cfd320c6e1933eb567917 |
| SHA1 | cfedc00d3c9b40f483a25e9ddfb2f51aa214b6c4 |
| SHA256 | 1b941e0f2d1189d46ec992162ddc082c5308ffd8db9b33313d80922f424f5015 |
| SHA512 | ed1e1b612982f73475ed5768bace4bed09ccaf72245e83938452bd2987ed3720a5728d6cedd0d9eca1d68a5e510989b29d0c88a6d59e819c216927f47f1bb6f6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9a26f27554eee57dcd67ff0ff62c888d |
| SHA1 | 7f0c493330431bf0802e50f5f742a18eaedbc1d4 |
| SHA256 | cebbdf02a45fe9922b4ef9c8b9103288c25c192c2d1e7d5afd6aa3f8f2996684 |
| SHA512 | bf3fde3b6f91cd9748e6bf39b80d2347872de354e7bbb3c38dbcfe4e7052d1ba9e4acf1bea91f237fd7807af94778964e86178bbd4928fb80c77f8d4ab094cde |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7d661363735a8c7dbfc6abf04e0d9ce1 |
| SHA1 | 627adebc8794b5d7f01d7a0e020f69914b0b3da5 |
| SHA256 | 759b09ab8704396d10bf61b83f77dfa0bf84ab29ea9a7508bc8ff841ba09beb3 |
| SHA512 | e1837240b17508ecfbf699565baf490d3d07e12e726b92d7069fbf1f69f0eed559d32ef58a5a92774c7d2cf3dc8b74ec0e25caca7cef31612fe97cdf094518fc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 966f87e77f1f2ded7732e8e5d4b94b1d |
| SHA1 | 4b0b8d963eda3646629aa40b7eaccbb316d787f5 |
| SHA256 | 6b61ce1aa972203da1929ad38ddb4f580742c2b749edb6f52205dc83ead86965 |
| SHA512 | 343f8192b3a7781dc47f0cc530eed30aac6ddfb79f99126111890cbfe8bfd60bb80092c4ef996662f51394ed4b5bae9e830d668cdf8b6c77054cea8c03969a52 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a8da0f68e803634e38e09ae2fda397e2 |
| SHA1 | 1c1764b32151c94111f592b1658a0db8bf66882c |
| SHA256 | 0e7383afc9c5bf6733320c9799e907e729bfc94b3b89e02ec3172ce71f864e61 |
| SHA512 | ad0749e9c28e5aed9dc6ea9ff3492ef05a66aeb0510b6084f76a4bc675933f5d32e14ae9b07d9a7b2feffde75d6d81da9cc894ddcc3a1d94dea06ca149506384 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 12:58
Reported
2024-06-03 13:00
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
145s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91de8d717e12f7b02864abc390bfbafe_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8bed246f8,0x7ff8bed24708,0x7ff8bed24718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,17366239997861412267,3898338927003096806,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,17366239997861412267,3898338927003096806,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,17366239997861412267,3898338927003096806,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2664 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,17366239997861412267,3898338927003096806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,17366239997861412267,3898338927003096806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,17366239997861412267,3898338927003096806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4636 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,17366239997861412267,3898338927003096806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,17366239997861412267,3898338927003096806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,17366239997861412267,3898338927003096806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,17366239997861412267,3898338927003096806,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5836 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,17366239997861412267,3898338927003096806,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5836 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,17366239997861412267,3898338927003096806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,17366239997861412267,3898338927003096806,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,17366239997861412267,3898338927003096806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6324 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,17366239997861412267,3898338927003096806,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6312 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,17366239997861412267,3898338927003096806,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3012 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| FR | 199.232.168.157:80 | platform.twitter.com | tcp |
| GB | 142.250.200.34:80 | pagead2.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | 74.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.168.232.199.in-addr.arpa | udp |
| FR | 199.232.168.157:443 | platform.twitter.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.200.14:443 | apis.google.com | udp |
| FR | 199.232.168.157:443 | platform.twitter.com | tcp |
| US | 8.8.8.8:53 | syndication.twitter.com | udp |
| US | 104.244.42.8:443 | syndication.twitter.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | twitter.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| GB | 216.58.201.110:80 | developers.google.com | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | tcp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.27.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.169.217.172.in-addr.arpa | udp |
| GB | 142.250.179.226:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.179.226:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.179.226:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 226.179.250.142.in-addr.arpa | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 225.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| NL | 23.62.61.72:443 | www.bing.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 72.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| NL | 23.62.61.72:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 87f7abeb82600e1e640b843ad50fe0a1 |
| SHA1 | 045bbada3f23fc59941bf7d0210fb160cb78ae87 |
| SHA256 | b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262 |
| SHA512 | ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618 |
\??\pipe\LOCAL\crashpad_2740_FNSGEXKBINQLXPGX
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f61fa5143fe872d1d8f1e9f8dc6544f9 |
| SHA1 | df44bab94d7388fb38c63085ec4db80cfc5eb009 |
| SHA256 | 284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64 |
| SHA512 | 971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\3d4ab051-edc4-4a1b-8678-6c16aec6cdf1.tmp
| MD5 | 35702c39e66820c4219cdac92bf230c0 |
| SHA1 | 3f19d249e654640f79e6824915115370340a6c9e |
| SHA256 | c6aa39dd5b5f508330ed0db88b62a0c3cc70f5dd8d2bcd64673c0c399daeac56 |
| SHA512 | 239ee2a1f9314835d24efd26e75afc0467d02e9ca5bebc3cf5af2476b2431bcc52c638de5c30d3e158707b86780eb1393629fc3ce9cc320b3472c03f60967578 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | e7f44cbb934258dd8827351d7ebd6955 |
| SHA1 | efd78ebf4f71ee83b5c0e167d14dae96e005acc6 |
| SHA256 | 45fdacd9b740b515f0cbdfbe3bb14f019a2fbebc511b81099333318f5b054e1b |
| SHA512 | 3bf8929865602461b99df8afa4eaf7b7439c4b24a05cc0f1529126b3f65420da31a2de05aa68f8d9ed8e61921b0931a1b255542cab7ce8883a1b586b1e26291c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2c069021316b176924c200499a2bba14 |
| SHA1 | a16651934dabbef4b8b33776cc395a58940d1085 |
| SHA256 | ac7c25f771b59f2c000c5ff2017af879f8ef3bd9bf69d593311a2dd478106d17 |
| SHA512 | 75653c5c95db9928ae60655b89d7813ed1244f45fea21e75945ae7dd47612ff983a67657d0d3dcacc28bae5d3a642673d4fd32b1e038c04db5ab5170d7a85cbe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 0193a87a96feb5d364c328e417cc7f8d |
| SHA1 | 24b4c71abdd7dd23b6d8d009daac04c05c298674 |
| SHA256 | 09200dae4aaf5e15c22256d802d2d177257ad295c907c4f3cdc7705d2838b8eb |
| SHA512 | 7fce8ce8f600e17b99f52198850ff62d7925b7a678c6e50550418d0806bdc80b7e237bddcbde7208f00c001aa3bd9f8632ddc14cbe4ce7c0634e869e5da3fd31 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008
| MD5 | e1c71f7c04be834f5587230db2ad24b3 |
| SHA1 | f3bab9cb99d9f343bf7ed3981aaa7450515d2424 |
| SHA256 | 9fb6c768068467b58cc773a3907f3f5ec170bfe02ca8f301f6a232a9daf5a899 |
| SHA512 | 205366b4a3ca0dae58722a19ba24088dd8db483db9d14b376434024b064715ade720347ff5de87db014e32d2ef8192e71bbbdd3c885d5a8581b4aafc6e88ce51 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 00cad35d0c17cb818e130b9d34963196 |
| SHA1 | 7832c097365420a58286908adad7c5d7209b3b0d |
| SHA256 | 03964b8141785fafb4cd984fd5cae35d8241c744149fac33fe6707391c553229 |
| SHA512 | 8bb3c67dc56783e77f8b02665d9b1a0000220d64d2cc348da76e0f1a0deee65bfda377f9a97910820ce2bee7a4cdef1b6249842ae2f473f88771a864b2800a03 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 85367cb7c58b9a6d6bc1a93cab75c7cd |
| SHA1 | 8650ecbaa36dfd3514e48542d966cc64c5b0528b |
| SHA256 | 843b9297341187641cacae147e26733172993579f6ecdfed7e90e33977128e58 |
| SHA512 | 6f3bef58c6b1370d02a20b9e4bc6e11677dccb7fc5879743abc3cc68f715fdf75e533c4913524ab9dba255a8244c596c7c33742b734390ef9765d4710782d107 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | e14953cc863bb4d7a1124a133057d948 |
| SHA1 | 87f0d331c1c4a49c21677b2d8a7bc4768339b848 |
| SHA256 | f28cd4a731dee82e33668fc5d5376b3d653d590cfff35764d97a11343308d9e7 |
| SHA512 | 45e8a9bffec1ed5c1aa128065a019ef2f548b7db1a12dc82b3f40bf4a0a9bae4c834cd549a4b74d27897796d65ffa47627a5a9b2896eb95b0188c3f87a96998c |