Analysis Overview
SHA256
07a58be1f5885cc4d7694f3154bb2c838925afc575d976c762b63bfe6a117cd0
Threat Level: No (potentially) malicious behavior was detected
The file a2fa0ab1f8256b732a7223f6dba3c816_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-12 23:42
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-12 23:42
Reported
2024-06-12 23:44
Platform
win7-20240220-en
Max time kernel
120s
Max time network
128s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000053249af8aea9d4aaeb50c023a1426cd0000000002000000000010660000000100002000000051a72cc60c734ce03279a8098fd45fe49725c523cf531ed16ff9cb9072290c1d000000000e8000000002000020000000a7e749b86c871a189ac7cd4fd9f3d65262f2cc4ced196105d8fa3f414b8ac702900000004325e186943c9c38859be455f60f3c042de133380434290f87c3bf7860ac8c6cf24e31c5406e91ea545e1f0a1bf9065c537ed66f77453a97ef04fc3c4a377c2978583f111999dc366ed667fa8f6a0ee2ae7300aabb36397aed8be735e510fd3007851e0226db15f7e970322d15221570af31c1100f9b704bb5e7a01723acc9dcbfbfb457f94de5ac8d44f3a500618b5e40000000e359250a7228d92741d179febd13c335a2e0873cb18547c5e2ff9b3df454906e884a77d013193f112217df9423989cdc89c1b60e267478e64472ffc7455382ef | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{5E309161-2915-11EF-9BF8-4A0EF18FE26D} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 7041442122bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000053249af8aea9d4aaeb50c023a1426cd00000000020000000000106600000001000020000000b5d4880523c0e3f573f5c420626387b19eae9072510ddbbfd31c794ac070771f000000000e8000000002000020000000e4363a9e007d985f94953db4069a78a85dfd9884213ae283dcb2eb02ce0695f82000000022275577b6c390ce013322a155df6903cdb6ccdbb78225686fd6759fabfaa90440000000f0797b7d97aa0d2574677791c0d0e231e720e137259e8cc9b1afc8072a27d02a312050445c21860e73cd45e5a8ab057f015bd970b4f36d43b18e0b6a931ebdd9 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424397590" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2304 wrote to memory of 3012 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2304 wrote to memory of 3012 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2304 wrote to memory of 3012 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2304 wrote to memory of 3012 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a2fa0ab1f8256b732a7223f6dba3c816_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2304 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | js-agent.newrelic.com | udp |
| US | 162.247.243.39:443 | js-agent.newrelic.com | tcp |
| US | 162.247.243.39:443 | js-agent.newrelic.com | tcp |
| US | 8.8.8.8:53 | ysbweb.com | udp |
| US | 69.162.80.58:80 | ysbweb.com | tcp |
| US | 69.162.80.58:80 | ysbweb.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\CabF6E.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar103F.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f6a00e3636a77313ed77d3e06adf2315 |
| SHA1 | 63e431790700429592219876305e78029d4a4a0b |
| SHA256 | 012b1b950ebfe97092dd84efeea402209f91c555c83972bdb8193ae321a33933 |
| SHA512 | cb2bc1983e60bca6b30b305579d10addd81e0eb5df402a429d691ecca43ea99761579c0cd8369eed461cce4f55613f8f9f943742b418054c25cedff7f111c8aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f67640a06ce8d49c272239ea233376db |
| SHA1 | f3437d9027345b72417d476f55adcdc0c74ad452 |
| SHA256 | 050944f32af0ff04bbe7d1c813746045c6167d54f3039956233587fba55cf308 |
| SHA512 | d6eea8c2f7b85588a3b9d054b1418e32927fc6fb325f4bbb9a02932f5e7be9ef4abd32627907e316c3b5c65542fdce0f5d3a850dd2d5a58c1d982707759cc318 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6cc254a462858796504c9941210cf77b |
| SHA1 | 92a091984e0a6f24dd0d68e49c78517d7beb2b87 |
| SHA256 | dcb4e73719b23483cfc0e67c3b3968c8af1ced573b3e2551113fc51b6e106620 |
| SHA512 | 95d82c68adaf7f33191daebaaaaff8b8d472c53e2e04b57c6e32e50283d9d07a146829cd98d84f61ec62c683110f8b2eafd4473d7448bc0925c29403ae906d27 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3a6a0e0a34da129e09b37e2716c4f09e |
| SHA1 | 8049acaa71d356c29975a9cf66d38345d713067b |
| SHA256 | 948dbb3d6ba6412a2a94b2ea38b88cf2ee7be91f6c0aabf054c36f94d0120925 |
| SHA512 | b9d3f0d9abe42d9cedc245dc22f42ab5f43e12d5ed0d07d10f4e26746f0b5470678e0c40abaf0e632f0cc154be95bbef669b2b6136b7a59611913b41a2f8a819 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ce5c44e6d7babfac810265cfd7020fd4 |
| SHA1 | 3d19ece52d9fcd24123972712ac55ddc24cd260b |
| SHA256 | 1c7f565008fb930d47b33badaff84277d42e122c9d68a27597d5c1673c9db0d4 |
| SHA512 | 38e96f1a0d2529966d0ce7e3a96bded686b0f57a3cdef7651ad8e4ed67f2466c3fe16df8f9a2919363fe87861538c6c5675b81609f64bebad57712983c44e614 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bfa0769c2cbf4e3330b8d1e07cdab8a9 |
| SHA1 | 9e0f3faa1dac169c98be7f120bb28cb44e009856 |
| SHA256 | c21bbb40b824368819f211f89124ddf697c67583478a92d78080c74ba11562a1 |
| SHA512 | b1cbb01f7b79ac7be4354faff229a9afbee3d0c91bed059fa32c2a9f3e13f48611238fb1f2c0eab5161c8d13441d0375bf649a5c8fa882ee3f0298681224cef3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F59A01A8B782D93EA6991BC172CEFFB1
| MD5 | c5dfb849ca051355ee2dba1ac33eb028 |
| SHA1 | d69b561148f01c77c54578c10926df5b856976ad |
| SHA256 | cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b |
| SHA512 | 88289cdd2c2dd1f5f4c13ab2cf9bc601fc634b5945309bedf9fc5b96bf21697b4cd6da2f383497825e02272816befbac4f44955282ffbbd4dd0ddc52281082da |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F59A01A8B782D93EA6991BC172CEFFB1
| MD5 | 2cf68f2eb24be1dfc2dab67df19e8805 |
| SHA1 | d965c82f62a95dd89fb04c4b4120e8571ac70e60 |
| SHA256 | 26422f5ef6dd5f6acb9d9c72eccb76074ccb9585fe7055df0e58344b73209a31 |
| SHA512 | 6d6a5f0bca37820e2ce3fd3a4f3ec5d9dd66e92e8f1e855e9bfa4d5f8379fb6d8156b2e4c876ed0de8ec643a53c9df6693be00d57a1009c1e6ed479088bb0d7f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 18e358f51c29799887ad0deb116d26b8 |
| SHA1 | 9c4bc4531f6545913c2b1459543ee1a7e9f5d308 |
| SHA256 | b1182361d5eefab18b71fa3f95ce21f51d61a63e31ef06d9ee13a6d958578960 |
| SHA512 | 83d732202ad7e8a5669493c72213740404e22840d8dcdfa59d7480e71e11513b9761adca2adf5c539fed227e01390b6bb991dda14166d10db9ecf348ba053f3b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 896e95c18206d16c87d79039c4a3b276 |
| SHA1 | 18d8cd19005e0f7e723d7a6d08ccb59a19cbdc42 |
| SHA256 | 77d39ca626c1b49103a7c074992174a781eca108525f34f065eb05df3dd5507c |
| SHA512 | 1553aa1d014ade9485d4d1dd4ad8bb4503fc4c8647383c7f4a22c556d545ceb29bc7d3a86a4655d7dd85d0bdf423e64cfee4d35ab2d2cae8bd862f94bbe2ef7b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 61e33980ce73187ae8990119b09508b4 |
| SHA1 | 1212803bcd2797d2576a93387754c6a23380e715 |
| SHA256 | a88c62e63efa0d2108a64a006c19d78a7c56215684dd04d9c45d05b001c697e5 |
| SHA512 | c05c574cfced7a86ae6090190f833df00b6b022632c22e70313cc5b9143933ea773cb54a26c940c25ea659016cb42e8ad7610efa0f4986c73cdcfed01892266d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 91223139e0c45175e58ec44b19978b7c |
| SHA1 | 3d1d2a599058c9e37b57e893cdcb4b82cdd41c70 |
| SHA256 | 1b05d4673666f0499560fd8a3db03054b35e9a8c5507eea2445d310eb35886ba |
| SHA512 | 5d02d1806dd5366d87aeba68466629e6d934cb800b1bd1902d1450064807c4c7cc2f668a14fb18a0c609c506b4efa2ffabb9755cb9585fef57ae5157d20987d5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ac6fa9e644863a08d93025617e378ca4 |
| SHA1 | e87a5ce72714db819d821bd73c979dfb3c317568 |
| SHA256 | ea09f2b817b4d0a6e0862c2e3076168dab29a604f2116480c9c5925de17ba11a |
| SHA512 | d10397a7813dd500faa26640cf6b35b01f2999063bc79730e3d52afbd7105ff0e99939364dd5c4fdb23d13aab3ba9d87fb34b99a1337e0f4a2545907775da1e1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0a05e562a5f9a62508d265e2db362ddf |
| SHA1 | 9512bd80a526ae20b30207660a725562b4e1caf7 |
| SHA256 | 0046e2ff4243a945e3d271635a9bc86a07446f1ac25108e33ae6c7a5290a8e5e |
| SHA512 | 8b44e4f2b10ce4d3af904fb48f9d5bdc2293a2117e2e44e931145ee5408e15c53a12a62b4d0b60a1f5739a8cf6d220a1bb43b7a5a80dc911f7b91360f8556f34 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cd2b549ef92f3b20d560ffa5dab16202 |
| SHA1 | b046772b61f92951ddb1ba1814ae999362f8f16d |
| SHA256 | 4c0773c45bf2c60f1f2e343e1bcb28a82b54cb833f6208e8d5bd1cf0a92d3d1d |
| SHA512 | 91e15cfa6b3e8947a21e8da640e3f31e6e4594cbb384e63a5fd81d37462710fc0dd60ba2baa6259d0d514e00b5e005522b9c687e97d9e9f14cc1dbfef02c1309 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 784e0763039a54f450dc3ee74b9cff84 |
| SHA1 | 4d2ac246a6302a7fc4dc0cc967297ad04778d822 |
| SHA256 | 0f0ac22f0242c72ee7fee4b5ec2af364d349b263237f7d21fdca842e151bea73 |
| SHA512 | 541c7e696d5c0ac7dda510492d653fddd777c46be416d08b31eab6f07a12799d17e7576ef54a81a497ce01d5f801f3861398de5bc41c3ac759967c4bde8251c1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d37eb04f40e13134a111275321615ed0 |
| SHA1 | a2b1328b7391df7d718353ea4feacf44ee137540 |
| SHA256 | ca946395b2aa595d49d47905da7f3af56e988269c78bdf907083410acaa357fa |
| SHA512 | 8f94624e00f5fa9ab0b905e34af64751921e8665fd5a488e12831b67686217f8f7a13b05950b775945e44941d51ceedd526c9601bdeb36838654ca3f6145e61c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ac7ef84babc80e92482d1ba2d8af2bf5 |
| SHA1 | e5f442037e69dcaf273d29e8fddb041fc8754cb5 |
| SHA256 | 9e37f061205dbd0e4c7d70e0cb9dec0bf951112704ea024cb32fb4c712accf1f |
| SHA512 | d355f6c4362f2c02ce2456aff91c74a252b557864bc4b8b2231d8e445484e8402eb2aef0388d12f3e4402ea1cec9b6dc08532a956923dd16ceb13160bc73de08 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8e895852daedfa9c249af01cd06e4890 |
| SHA1 | d5abc2862c4db46287cf6d72abc7968031567a67 |
| SHA256 | 97c22621c849646ef382a65b23c6c62708e902a0b1a305ccaed677e2b19e86c9 |
| SHA512 | f8db179b6a5c531c23692caac1365d6163986b121262420e75d7189a3ff3a90cdca253f90d3aee46d7936ac830e34d7088e9ea0c0d6b746b7a2a923789868cb4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2d675be9da6e0223689c8aab015f4305 |
| SHA1 | 0fcab6cd8fccab15a75b889ef8e22be1bcf2c8f5 |
| SHA256 | 305e8758616e8daa2f9147557d57461a778f9ff82ab24e31f11d13a704032140 |
| SHA512 | 0df64965cd5df7201d2e10fa56c12b9fe5b26bef6033f1cdfa7e14b81c75e3e7bcb4886c88c75c3e3871aecf222bb6bd2847f483df5627ff3a13e66a0834e39c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 848afe60943aa91cc696222031b0abd4 |
| SHA1 | 5740d38b15777b2f58b1d2e89a83f004a117341b |
| SHA256 | 05af05e3eca1a59b3787a8d369248aa0e24ee15eed0ea6dc6b3a18cb8c94e2e6 |
| SHA512 | d58f9c1390717b5c9c688a19054dd68d57e6816df17282fb02c4ee5746f27ecb41db0f3c5af2d14b2f86ff93e7559debcd12c778ad1e18ebb013d3e386acb189 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a5ee2c7447e7dd3bb13e89314deff284 |
| SHA1 | 8439fd875143b1b0ffcd4c398179c84f2e3dd620 |
| SHA256 | 187740ea6be353d8873f565a92ff65268e8a25c5c02b696ebfa9188914f2e3e5 |
| SHA512 | 7a8686b116090cc74cc40559fa32f399603d2c62d2cca85dd32094350954a5e018ff96743f7ca98d8317384ef6e2418ebb81e1455747f831827d0df5db3e7c45 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1ea0ed7f7f103ac89cbb7fd52149afe0 |
| SHA1 | 3e73878f9afff0855aecc5c5c75fcc2017472780 |
| SHA256 | 8717c57e95852151673a6785a3441bee9b9db639897b037d1826ea772ac00ff6 |
| SHA512 | 6e76e24f8297e18889314074dddde71b6f7d5e4ef24ed97bbf4259f770ab25b0b0b8cc6087928a0f2b9fb80b2e57ee8fb9b5b2d6df1eced4a527ae91415f1c6b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1d1fb6f0819a73317b086accdffc3b58 |
| SHA1 | 662649b68a155773d4a2b83a5a2f86deddbb1d8a |
| SHA256 | e30ff3c6557cf5403dc804c8ad2df800a83c16fa3b7efccab4ade0ae053a7d3b |
| SHA512 | ca6b702b8961da9b0d5f716aa7cfc76eb12365a5cefbbff5fc90e6cbfa8bad305779472820384646ac79e7d898dc4990344e74995825a815b9aee73db3b85b30 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 002336651e67ea0a3e262f56aec28192 |
| SHA1 | 4c4c013edff4d7464cae13354f5b7a3ebd40aede |
| SHA256 | 1ae11cb3d5095cc10909563d550b218e67e2f542286616f467d926a0c2d88863 |
| SHA512 | c7a11901fe514bb1e267dcd015113ca2e555bbb1d51d1eea7038473d302f1d7a5c91df464257eddac60e58d2eb0e04d6ddb9c560963318c596eefb1233c1d962 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 73c2b1701efad80091a73c97fffe19a6 |
| SHA1 | 13aad7c59e3cb4e89416673fb7284b01b5767e0c |
| SHA256 | d23f5e38596e0febf5eb3eae05e28c768a9431dbc939c9139624e8beb418e62a |
| SHA512 | 5ff23c06fcc24a07006094ab46df633a2a626c18f1dee16cacebd70cb2ac3b7db4e530f96e25d911637507ab0b17065d087297f2e864da0614654b0f15c05993 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | be5c90b9712fa5d1926f96b332fd9753 |
| SHA1 | a187543bcfd94c4fe4c32d6b1ef5a09198d4fb23 |
| SHA256 | 5e953f536d1ee55bdf33c432b356efabc385d13e54ba90b0f412990f8340b3e6 |
| SHA512 | 6e8df892ba01ced322e219cc525baf703de58162b39e49ec88f9ed98f9c0beb9e08ea5355b52086c3435abcb4db43cfc8a67ca7dde0bf811571a242611620f25 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9cb34608d5daf703955f48350831af4a |
| SHA1 | 4ac29e215490c6f29d439c26fc5464405e1605e4 |
| SHA256 | c76440aa3457abc634f1e480df58d4ba4a99bf63ade993add27894f8a11143e2 |
| SHA512 | 3237611b3f14efa57a64651885af62c80257772c21d659b87d94b162f304eabf470a16371d13846285cb8ffe8147afc85a3b3c593fa19989b66f3ebf092fd721 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d689d5216278b3860d776c22e3155409 |
| SHA1 | f9f07d15b7f140809c26de666b5c90ca70d2072f |
| SHA256 | e4a27fdea853015536f6adb643fc6380e4dd5618defc4fe1678d43a3936eb160 |
| SHA512 | 5c691605497a4d5ef0f3958f8cbd596c852eabb8236c873c58c4166a725312d7579deb78a4ef44bc7a616ebffdd463327f4333605a34a27d8ce47e5470e7abae |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4a63fb68cbda32417251cbd1ab724a28 |
| SHA1 | fe33402bd1696a3a489ff99b0f47dd2fc538f48b |
| SHA256 | 88655198cd9c451af1cc19bda6f1e6cfd190ce14f265d0427871c5699229dac0 |
| SHA512 | 4138ac1af2c966f8bf9426ba2d8be5f4aead707c5274cd2edd40014971b30e92ef8f04498179dfe9f2b9db1c7493b4e21f922cea16b2cdb7c1ca16d6b6848e9c |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-12 23:42
Reported
2024-06-12 23:44
Platform
win10v2004-20240508-en
Max time kernel
147s
Max time network
156s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a2fa0ab1f8256b732a7223f6dba3c816_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8fd0746f8,0x7ff8fd074708,0x7ff8fd074718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,7711295281545457795,10326971335259583676,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2016 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1996,7711295281545457795,10326971335259583676,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1996,7711295281545457795,10326971335259583676,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2732 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,7711295281545457795,10326971335259583676,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,7711295281545457795,10326971335259583676,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,7711295281545457795,10326971335259583676,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4444 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1996,7711295281545457795,10326971335259583676,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4704 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1996,7711295281545457795,10326971335259583676,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4704 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,7711295281545457795,10326971335259583676,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,7711295281545457795,10326971335259583676,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,7711295281545457795,10326971335259583676,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,7711295281545457795,10326971335259583676,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,7711295281545457795,10326971335259583676,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,7711295281545457795,10326971335259583676,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3920 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,7711295281545457795,10326971335259583676,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4044 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,7711295281545457795,10326971335259583676,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3868 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,7711295281545457795,10326971335259583676,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3988 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,7711295281545457795,10326971335259583676,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4536 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | js-agent.newrelic.com | udp |
| US | 8.8.8.8:53 | ysbweb.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.4.4:53 | google.com | udp |
| US | 8.8.8.8:53 | ysbweb.com | udp |
| US | 8.8.8.8:53 | 4.4.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.211.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ysbweb.com | udp |
| US | 8.8.8.8:53 | ysbweb.com | udp |
| US | 8.8.8.8:53 | ysbweb.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 439b5e04ca18c7fb02cf406e6eb24167 |
| SHA1 | e0c5bb6216903934726e3570b7d63295b9d28987 |
| SHA256 | 247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654 |
| SHA512 | d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2 |
\??\pipe\LOCAL\crashpad_4448_AVRWSTERLKJFNCKN
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a8e767fd33edd97d306efb6905f93252 |
| SHA1 | a6f80ace2b57599f64b0ae3c7381f34e9456f9d3 |
| SHA256 | c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb |
| SHA512 | 07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 499f923f7d339e8a34172271c93bfb74 |
| SHA1 | 1af1da7bf31144a33435c756e5b1b3e8aa51175c |
| SHA256 | c660f4ee908a85354eeb24bfd7a66337f99d67ee98b82c94419b52cf6f329a65 |
| SHA512 | 392e2c66f116f99145c6148525d259a8516002bedd687a6030ca751ca6e42436901db3868bac2fc52d421e7198ab040458321096a5db12b7849879e143277976 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c83a5c1385da59fa9fedf5d0c65827ce |
| SHA1 | 0d4bf5cdf20cf2b913e1311c0b1f4f7da09a370f |
| SHA256 | dccc0388e14a37a4d21b196779077cdf127bc689360ea59cfb5082f3ceb1a894 |
| SHA512 | 4e1eb919c04604747250fcf236ee7667df76d5fdf877753f35fe4daab4bc670cc1c4b3511c2affe467b296405e1e0a7beff2d2cbf43255e9bf962144eb964bbf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5d9677426e74b6489b17006056deecb3 |
| SHA1 | 435d3c91f5eb23a831291c16414ba50a31918ff8 |
| SHA256 | 35494dbe28089a077bc7232d1b9e726d4d64c2a22d98190fd84b8c38f58c8511 |
| SHA512 | 2d21a3985a7c969599901c990ceece539345d67a8ffcb89e76b2760bacf30dd93a08834f2abe5fa98974cc01b5bd85ffd60a3b8d2d1dd1daf6e8668ba5111a7f |