Analysis Overview
SHA256
04af3fb6933a6c53dd102eea6ade385edb566466447bd63f380567419efdc6dd
Threat Level: No (potentially) malicious behavior was detected
The file a3b357bbe48a276e4cef31bf4d2fa3f1_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 03:39
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 03:39
Reported
2024-06-13 03:42
Platform
win7-20240611-en
Max time kernel
137s
Max time network
129s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8E1E3D71-2936-11EF-8144-CE80800B5EC6} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000d7613cab8c02afc4e33cbb328d0951f8c683428f40be21ae22936a16b1bae36a000000000e800000000200002000000080cb8ee09195ee76d13ec02009e42150ca99c5f63ca00bd78143373fa9f9b4b190000000a6f7a91aa809f41cc502be46c7db9328cf1c5616ac43eafc9f3a1dde0f78dc93f5dc9a12a8b0453eb1ae929606612db4daab10b6e586ac1df4f777e5cc5af1e667b98aabf710a36f1c62fc4da6680c868b440638995fe1e7c00dbaa20d94e00e090fa1310b11d0375abad093efe5f43e4c16db024902a1c69305905552908e6f14774d3924cd62688d9dae16413f55a04000000065d8019774376f9b301d7bbd27376e22884a72384f5ebbceb9368c65937d186f7a978fca326a6e015e662a2da5087f6254396384517840569e082d0d6912793c | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 705a51a243bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000ddaba5b6fd0536931be78b9593abd6b0594f790493cb25c561b8970d1b6a6bab000000000e8000000002000020000000a210fd2a6fc61eda96765fe2cdff20df8c7210a9ada391ab5c0db287424d468220000000e676dda087c1aebb792bf9418322213104acb11fc49931c28bf1d39d67a0b48a40000000dcd2bd0bd00c8c8da730413bd1207cdbf6153098b7013ce31264c0a7395ccce12f6613655d7f32208e9721cc6725e790a7a0f32b4df6fba7068a3696e884f576 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424411845" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1056 wrote to memory of 2652 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1056 wrote to memory of 2652 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1056 wrote to memory of 2652 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1056 wrote to memory of 2652 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a3b357bbe48a276e4cef31bf4d2fa3f1_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1056 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | lagudownload.net | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | ajax.cloudflare.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| CZ | 46.8.8.100:443 | lagudownload.net | tcp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.17.72.14:443 | ajax.cloudflare.com | tcp |
| CZ | 46.8.8.100:443 | lagudownload.net | tcp |
| CZ | 46.8.8.100:443 | lagudownload.net | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| US | 104.17.72.14:443 | ajax.cloudflare.com | tcp |
| CZ | 46.8.8.100:443 | lagudownload.net | tcp |
| CZ | 46.8.8.100:443 | lagudownload.net | tcp |
| CZ | 46.8.8.100:443 | lagudownload.net | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| NL | 23.63.101.153:80 | apps.identrust.com | tcp |
| NL | 23.63.101.153:80 | apps.identrust.com | tcp |
| CZ | 46.8.8.100:443 | lagudownload.net | tcp |
| CZ | 46.8.8.100:443 | lagudownload.net | tcp |
| CZ | 46.8.8.100:443 | lagudownload.net | tcp |
| CZ | 46.8.8.100:443 | lagudownload.net | tcp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| CZ | 46.8.8.100:443 | lagudownload.net | tcp |
| CZ | 46.8.8.100:443 | lagudownload.net | tcp |
| CZ | 46.8.8.100:443 | lagudownload.net | tcp |
| CZ | 46.8.8.100:443 | lagudownload.net | tcp |
| CZ | 46.8.8.100:443 | lagudownload.net | tcp |
| CZ | 46.8.8.100:443 | lagudownload.net | tcp |
| CZ | 46.8.8.100:443 | lagudownload.net | tcp |
| CZ | 46.8.8.100:443 | lagudownload.net | tcp |
| CZ | 46.8.8.100:443 | lagudownload.net | tcp |
| CZ | 46.8.8.100:443 | lagudownload.net | tcp |
| CZ | 46.8.8.100:443 | lagudownload.net | tcp |
| CZ | 46.8.8.100:443 | lagudownload.net | tcp |
| US | 8.8.8.8:53 | ww82.lagudownload.net | udp |
| US | 199.59.243.226:80 | ww82.lagudownload.net | tcp |
| US | 199.59.243.226:80 | ww82.lagudownload.net | tcp |
| US | 199.59.243.226:80 | ww82.lagudownload.net | tcp |
| US | 199.59.243.226:80 | ww82.lagudownload.net | tcp |
| CZ | 46.8.8.100:443 | lagudownload.net | tcp |
| CZ | 46.8.8.100:443 | lagudownload.net | tcp |
| US | 199.59.243.226:80 | ww82.lagudownload.net | tcp |
| CZ | 46.8.8.100:443 | lagudownload.net | tcp |
| CZ | 46.8.8.100:443 | lagudownload.net | tcp |
| CZ | 46.8.8.100:443 | lagudownload.net | tcp |
| US | 199.59.243.226:80 | ww82.lagudownload.net | tcp |
| CZ | 46.8.8.100:443 | lagudownload.net | tcp |
| CZ | 46.8.8.100:443 | lagudownload.net | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| CZ | 46.8.8.100:443 | lagudownload.net | tcp |
| CZ | 46.8.8.100:443 | lagudownload.net | tcp |
| US | 199.59.243.226:80 | ww82.lagudownload.net | tcp |
| US | 199.59.243.226:80 | ww82.lagudownload.net | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 24f3ccfbb23497a0b44cb024396d85bb |
| SHA1 | 206fd1fe75281703be97915464c1a921018bb36c |
| SHA256 | ecc96505fbfaa7c73c764f6535964f6830bb285fb9e8943b774a8873752c69a2 |
| SHA512 | 2900358542986a5128af6ba3c0106611e19688bef0e0a1a956fff7bf130c0700d6c60c4a3f0f4cec0cbaaa505a305c20b7668514bae02163082bacd61c29c54f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | d3049f1a4b143f13261e38abab901109 |
| SHA1 | 1810917619ef7b98f40697c12f35a75575665f8f |
| SHA256 | 69df6863aa24aedecf107a7e2e0353d592c52a5905cc2833d824c2298733e9d6 |
| SHA512 | 6af844057e960d6f4165f297891b676492281fc4abdd7346a220b1972124fabe2a9e0f7b3825c9f67c1ed885262cf6fb994c4dcd607c1981005291a240b6e958 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 3828a73d3e715399d0163f8b243c582f |
| SHA1 | b9a6a7eb79c830083b757b449b632aa8f73ef170 |
| SHA256 | aad4f71034f21bfdaaea84a94d1390b9828b68c53ac1efeb0a50d73635885dac |
| SHA512 | d2d3926a7b81f4f481ced54d7e13d7acf4fc61483cadab0ae368f7fdc4cf88da379d4639d107ef569917c88351b98b3253ac94f3c9bcf54fff04c0697182bfc0 |
C:\Users\Admin\AppData\Local\Temp\Cab5A04.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar5A26.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | ac89a852c2aaa3d389b2d2dd312ad367 |
| SHA1 | 8f421dd6493c61dbda6b839e2debb7b50a20c930 |
| SHA256 | 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45 |
| SHA512 | c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | c1290d937910024199be84cfaf193604 |
| SHA1 | 20a9fa90bca29b2c7ba6ac0ff8838fb66c741852 |
| SHA256 | 6e9ed6ea91ff7ca2ed1559dd0e8c588513432aab363c790f1c7295a326317599 |
| SHA512 | f0c9cc6f38f06fe179bad9eff0f29e74adeb45af5dc105cf2b3b48fad532df6c85dfba993e8c7aa8b7b4f5c5eb4ed251a4a365c29f66470c506e38d5df089e66 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9712f4d5e264c91e720b4c4016cc0a06 |
| SHA1 | c401fc1899f294dec9bce7d5a35af4c55be9b03f |
| SHA256 | 75f2018b21a79a23fe20d6e53627e304b393f8ff38ba23b1864fa6bf0fd792b2 |
| SHA512 | 9618482271fc3b816d5ed25ba45b539c1710f441b4c0d2705063fa06eb5f11e0f3ef10d0390d7002a3ec24cbe4d0e25bcf582e58e41ede5a4c3999d60b5356d2 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z5LT06Y3\animate.min[1].htm
| MD5 | f1b98b4b21b505f3c97a94b30218e26d |
| SHA1 | dc78db861db16ddc3db9779b8f13a33876f9f3af |
| SHA256 | a1e319b2b07694e26389e7837caadf313f897aa4f1ec159686eb23da7a21a806 |
| SHA512 | a4ed34b37eb5e653cf429774908faf43451ef9d76597553e8b1c9057abbd5e467a55894407e60a93a23d3f3f68c5d5768d1cdbbad85144e25d7db7bb2d83388c |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A8DU897P\jquery-1.11.1.min[1].js
| MD5 | 186d86b12ef82ec067ef688d14baffed |
| SHA1 | a936cfbd349e2d45e352bc3e0b24a0973e8ab407 |
| SHA256 | 105e1b4db63c43261ea5123232f6504b7c152be51f1398019fa8d7de7554ba38 |
| SHA512 | d46e450b22a61f62b8042f89ff117f94804fe07b99698b226141fa90aecd64ece93343fd6fff4eb4f4fe25308a978a69e080586f9677ae2e915c5e4db4df27a9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a3019009ca7f574211db796c0e622738 |
| SHA1 | 48d0b6eec34f63944f5d01e0079f39fbb62bddbf |
| SHA256 | 93ef9e4547fa331fea0869ebe085e53c97074572b497289d8db2a745579cf41d |
| SHA512 | 8365184e7db08b9a815e5c0bb0e8c2867714eed0f8c297fafd9e2885feed0f6797bf2df0226cb04fa79d47b0c24780d9e8bf71d0791bf9a7b356da940717c627 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e1ddedaa4d69e7573e7943a3b1dd962c |
| SHA1 | dab502e54ef42465d7d575c690ed09178f27bd3e |
| SHA256 | 50df50823f56f236be4bbb49d45bfd535117eca83deb913c98b7404c53dd1db4 |
| SHA512 | 4e7f056e1087446b762e035208fd7e438f7222d5f922e568f534d2df828cb03557589d2f1d0aeb5989faf37086b7f5560a4b666c46a450e70ed53868e08486f8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b3ddcc5816b871a87d512e05941e28c1 |
| SHA1 | de8b7f69e2d8f0e29061c6ee5749d928d21c4bdc |
| SHA256 | 4ba282cf3ec0096090877541368d3db5239542aaf679da2d728aaa4a1dbba058 |
| SHA512 | 9aa42177a97749e38e7790f9d6679f5a0d1cb77e91c437bfc0555018bba0888db10a245c6d2d221d706b01851f8985f89a8d831bf3f8b37994c3419a1cebeb29 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8171a6cc9132ba3e90b181472286a573 |
| SHA1 | 4436db3dfc9f5b4bb9be2b8c335918cea46192f8 |
| SHA256 | eca3cc4cd27adff4e0a6b3d8a06edc4777a47aca97e608a676f2cf1ccad60302 |
| SHA512 | 513565e0bd461acdce40f173697e1f2b45b9d4cbb0bd5b5873fbebaa2122e52874ccd9973aff0fc7294733098b8e9641ff98193159e2f2e89cebf750c9cc9aed |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 165f0dcda2cae6fa7a5a0b541c060edf |
| SHA1 | 7c0c27b1f20b488a903cf2d9d5a589face4a33bd |
| SHA256 | c0f72dc28b451f2a5e557e00d759b4d93f654c98b6521ddf04b63633f02732ad |
| SHA512 | ab226943351cc502244e595eac13505068f514102f87b6a891b1faf366e0d3260cc8624c23b0fe373f9ea1a16ca79c2ac67271afe4954665b70a64085125072e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 469963a34a4241372a0a829ced86e69e |
| SHA1 | 3af82b67346c42e5fdccfb77d2ccbb3bc044e1a4 |
| SHA256 | 98311c55c25d9d4de6abd4b614b45f12b53a263fa4e178a3f7fc3d57ae30125a |
| SHA512 | 9d870d80f0ddde1eac5aa34b1aa3c22b3510ef5d7bdf6f25ff67e645cc3f9ccb86a85e145d15c927b3b8d7c01a22a4dc9a945dcce6ffe4dc98f8c47eeb59fac8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 081f20fb9116cb40e30489915ce5fe91 |
| SHA1 | e51546ca661456a03ec23f432f5c284a2b478799 |
| SHA256 | 98e8790b6fe63adaeb0ee39bfafb3a3e6e8845e8d5a8c0c9eb42bd622121b2ab |
| SHA512 | 534c05cf4785dcc25600337083c1a4bbfb4148b3b4ded8de9258aea8b43f0d98c5cca4cafd753fe4b98012e9776380c1aa076560bb18db9d91899ef0990a7c0c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ddfddd110f448893a73da18fce58b9cf |
| SHA1 | 8e62e18100f760b1e9aa35387e51b40ff2f60791 |
| SHA256 | 5fe35c0d264de5db6972a078bfbd62496d93bc891e0566228f41569ecc839db8 |
| SHA512 | ed04aa697cecb35200faf58a5e8f60fc0e8d7d182cf05f3a5ed97db8f55a1b3badc59c28691f3c6174074eb48037cddf5f40fecbce0ca996e17954106cf8cbf9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 59327254ac627fca10a9639674eee6e9 |
| SHA1 | 20ec7fb2454e00af8217fc2b4e0e727d74c1faf8 |
| SHA256 | e77ec6fb4d8e3485cd3edf26e2d74ef73718d2ac0269a4a1e88cbfaed866dab2 |
| SHA512 | ce166bb891623df09b6b951c4138e9864869dc64368eb1f48e359fe7e4e84d42a688e74372c72f3ff41fc3a320e334ed9d33d0a3f440aea7c2e95755f6dd209d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d535ae587f37d3fc461107e00667284b |
| SHA1 | 628f845c1e0c94eb2eb70e3a3ba85e34c9a0dcb0 |
| SHA256 | 634c88db7b6440e0635bd8a8350a91b32a298cdcd090f440f52f9da32e6e5852 |
| SHA512 | 1c080ae1042ec7c7ccbebd5423e864e4018c937e2dd83209c78f7ffb1db921a38191ac7cb4e6e0b3f5d2f2ab5635213a17ee44148283bd203168c03e4df2fdf1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cc9d6b67924da4de1baaaca4fd5a2097 |
| SHA1 | 3bc7144b6da3e60ad250b7020733b765788e7e98 |
| SHA256 | daa21349536b2f2444dd30d35f2d1c9f9576fdc2a8861229c8fe2b42b82b5f7e |
| SHA512 | 753126017e282188472824bb858c498e6b63028eeec2f1847b63f3facda584dafeb230cb9bf827443eb7abe4a20af4d77804ae006ddf0a8a5c0a6c521fe2abbb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c586e0c9a38488336b8e7e524572216b |
| SHA1 | fb6b893f88094d759dc8373378ac50772567ea55 |
| SHA256 | 7cda82d70ba44dc669b27a48a97c67a8d948ea5fc56e9d72c7ddd324c2f6e588 |
| SHA512 | cadbcfcf93c60022f5183e425757acda26684a93c2ce3773810b0c65eeae08a216be6567af50973254d6e519e3a2872f9048d1faf9c6ce2670e52f2c3865b884 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 65052acff00f57ef6a74e95b54928175 |
| SHA1 | 6e5e4619fcc76658774914aa53f2140248dd61db |
| SHA256 | ee44d02e7c4d41273fbdad05a200f71d2b3c676535e419a829cc188c3c53354e |
| SHA512 | f5d5e9b983202af1e90f8e1b615f93252bc2a1ab1d2e13d04ad47a502a6bfbbf556a25407e100c8101998491255f1598647997c858cfb4701e4be39b38699c6a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fe33af1d2226de5502c5860ace1acf0c |
| SHA1 | 24f070255d6ceb3dc03d6fdcf10d723d94edf81b |
| SHA256 | 5595ef2d0c93fc0350d7a874b92b4705a4410e0ee6a5b4f52519eebf14aee73a |
| SHA512 | c199c16cbc4d9750128f08e5fae4f4f3587456ddac1b7e1cc2a4183f7d90216f386e85a0490a8a7b1b182b3cc13f8e70debbd3b388cbecad71b02d884ef01155 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8b59b8b0660b80801e7468d0412f82af |
| SHA1 | e5bb59a2e7b706d5971ab61af83d4b5f38e24614 |
| SHA256 | 5e61a6f6447938f9f77ba069103a799344241deac0ab1fc7518e2c92fc87488d |
| SHA512 | c99ff7cbabd0c1a58fab5e417f897c3599e11658efe077d1da77bd574f14cfd2927a8c19442d1ba15d27f4e58c2dff1147f9a120d5dc5bcd73a26185636ffef7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 62d3d8c109bacd8a70cebc86e863bc17 |
| SHA1 | 4cd56b992c7782e77a6c28e1b40f7d578f21be32 |
| SHA256 | 1b156444f7f07be767fa615776c29f154a91eb5618dcc77c5db49b608a6bbc4b |
| SHA512 | 40e63f38fed0c21e65f8a55c50c9a6fef1e6ae2c93f0a4a630fda3064d7edc72b64bbbeb47dd70a14bf2cf9592712269a4aa58408ab1ff181b7857d4b305ecda |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 98728e883f0703b795f6f4a854947274 |
| SHA1 | c294aa1867342d1a553868f4f060cc6e9605a808 |
| SHA256 | 5fcb4180f5d3dee816e3573abeded37b605dbdbb0f0e2900c9b63361aba40921 |
| SHA512 | d8994fb4f97b351c08ed40e91238c3d6188c72a835e9a479dd5551489790fb3016b4794727186abfe37944fbff48062e0e214e8fabaeee3ebe7afd10e61a3f68 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a3eda3cc605fcd86a170732876f39eb5 |
| SHA1 | 294f79c709cd8f6de522b7b639098e6c33ab57cf |
| SHA256 | 9cf35efa116a134c6315acdb9dc8062340fd623e5a4e2404cc3fdc0f3d304648 |
| SHA512 | d6ef01cb4819dd208793ddcaada05ec4a6e2dcf1f2de0bdf987e0e2cfe302b6779553c04e1458ed1029e626ba8dac360d07af51cfa7d4dc5f3d0193828cb0922 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f129e5a7ca1cd2816a194743b6c4696e |
| SHA1 | fa1d5eec5d4450f8416aa44c75be6b3502eb1ce4 |
| SHA256 | 8da7ad29e91b141f5c1b89848fdb0b9f92a6d38af13d1c3820262a80a6e28825 |
| SHA512 | 3904e3b7c9f2c84cc4cc3c72c06c4438ee18ec68aea1c3d715926193f3324434288dcdf707806485d4841f9a042ac87b2cd1c541188fc1b3c060a2c515105b52 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 03:39
Reported
2024-06-13 03:42
Platform
win10v2004-20240611-en
Max time kernel
148s
Max time network
152s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a3b357bbe48a276e4cef31bf4d2fa3f1_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcac9d46f8,0x7ffcac9d4708,0x7ffcac9d4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,4718946047667427511,646619564250858009,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,4718946047667427511,646619564250858009,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,4718946047667427511,646619564250858009,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,4718946047667427511,646619564250858009,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,4718946047667427511,646619564250858009,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,4718946047667427511,646619564250858009,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3972 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,4718946047667427511,646619564250858009,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3896 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,4718946047667427511,646619564250858009,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5708 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,4718946047667427511,646619564250858009,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5708 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,4718946047667427511,646619564250858009,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4820 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,4718946047667427511,646619564250858009,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,4718946047667427511,646619564250858009,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4140 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,4718946047667427511,646619564250858009,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,4718946047667427511,646619564250858009,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1812 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | lagudownload.net | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | s7.addthis.com | udp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| CZ | 104.64.162.56:445 | s7.addthis.com | tcp |
| CZ | 46.8.8.100:443 | lagudownload.net | tcp |
| CZ | 46.8.8.100:443 | lagudownload.net | tcp |
| CZ | 46.8.8.100:443 | lagudownload.net | tcp |
| CZ | 46.8.8.100:443 | lagudownload.net | tcp |
| CZ | 46.8.8.100:443 | lagudownload.net | tcp |
| CZ | 46.8.8.100:443 | lagudownload.net | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| NL | 23.63.101.153:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | 14.24.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.101.63.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | s7.addthis.com | udp |
| US | 8.8.8.8:53 | 100.8.8.46.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| CZ | 46.8.8.100:443 | lagudownload.net | tcp |
| CZ | 46.8.8.100:443 | lagudownload.net | tcp |
| CZ | 46.8.8.100:443 | lagudownload.net | tcp |
| CZ | 46.8.8.100:443 | lagudownload.net | tcp |
| CZ | 46.8.8.100:443 | lagudownload.net | tcp |
| CZ | 46.8.8.100:443 | lagudownload.net | tcp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| CZ | 46.8.8.100:443 | lagudownload.net | tcp |
| US | 8.8.8.8:53 | ww82.lagudownload.net | udp |
| US | 199.59.243.226:80 | ww82.lagudownload.net | tcp |
| US | 199.59.243.226:80 | ww82.lagudownload.net | tcp |
| US | 199.59.243.226:80 | ww82.lagudownload.net | tcp |
| US | 199.59.243.226:80 | ww82.lagudownload.net | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.adsensecustomsearchads.com | udp |
| GB | 142.250.187.238:443 | www.adsensecustomsearchads.com | tcp |
| US | 8.8.8.8:53 | partner.googleadservices.com | udp |
| GB | 142.250.178.2:443 | partner.googleadservices.com | tcp |
| US | 8.8.8.8:53 | 226.243.59.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| GB | 142.250.187.238:443 | www.adsensecustomsearchads.com | udp |
| US | 8.8.8.8:53 | syndicatedsearch.goog | udp |
| GB | 172.217.16.238:443 | syndicatedsearch.goog | tcp |
| US | 8.8.8.8:53 | afs.googleusercontent.com | udp |
| GB | 172.217.16.225:443 | afs.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | afs.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | 2.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 252.15.104.51.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b704c9ca0493bd4548ac9c69dc4a4f27 |
| SHA1 | a3e5e54e630dabe55ca18a798d9f5681e0620ba7 |
| SHA256 | 2ebd5229b9dc642afba36a27c7ac12d90196b1c50985c37e94f4c17474e15411 |
| SHA512 | 69c8116fb542b344a8c55e2658078bd3e0d3564b1e4c889b072dbc99d2b070dacbc4394dedbc22a4968a8cf9448e71f69ec71ded018c1bacc0e195b3b3072d32 |
\??\pipe\LOCAL\crashpad_1840_HDWTDMFOQVYNBIAM
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 477462b6ad8eaaf8d38f5e3a4daf17b0 |
| SHA1 | 86174e670c44767c08a39cc2a53c09c318326201 |
| SHA256 | e6bbd4933b9baa1df4bb633319174de07db176ec215e71c8568d27c5c577184d |
| SHA512 | a0acc2ef7fd0fcf413572eeb94d1e38aa6a682195cc03d6eaaaa0bc9e5f4b2c0033da0b835f4617aebc52069d0a10b52fc31ed53c2fe7943a480b55b7481dd4e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f4303f565e6e0959e369a4797f9c3322 |
| SHA1 | 076082aa498e45ec562d4915ec347028f7543ac9 |
| SHA256 | ddb65cb5b173ec8c476349ad75208985828d3ff1a520230d9f75acd237473451 |
| SHA512 | 3f1794d1d351e57478e0d13f3aceeac89bb9c60ed49f311e78751106fe125060f73c96ababd06dc04094425f457a46261e9e6361fdd90c672e2859eb560cc5ef |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 6e56653cbcadb7c134ac2725095f54b2 |
| SHA1 | c6935601306094067378ba2d39501de9a816808a |
| SHA256 | 3cbc534e66979a18aa89b538cfd487645925a974d64a55fb9fc9537d91a44164 |
| SHA512 | d8c23b5dde389333322b4fa2845991c228c19ed16b989ad39b5c90200c9491f1b63f8f2241d548abde065a1e899e4edf600988051a52654c3b187fe3422fac83 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8378c41e3c4da5c798487fc0925ec46f |
| SHA1 | 363623bc72acc677a62e541df9eb6b33dfab40aa |
| SHA256 | 55d3911e594b9426952b28118863de00709230ffb2451116ae2ed231c233f8fa |
| SHA512 | 65d4c9819a2839f87b1296a35c955777adcc39ce489901111a07da3381540de825bc624f330df149c7319e3d3a4f5263bd6f8048cee55badf46a6261af5ca79a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 5e0d9a9d587c2d4d8d3e5bd14921b448 |
| SHA1 | e68f8bd671ef37110c567b9f4d42ce14fba4eefb |
| SHA256 | a58d3f40de89560e32f1fbf5424e115bcba770e482df94f6db337301933707db |
| SHA512 | 426c61a4c24d22bb10a435e47f241f6cfa31601655dd7c6e4af7470fe347b3fa335f02407ef42e863b2d66c398c40112f065ac63536cfe491cb74999ca69706a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 8e76e51f8283f58e52d8d1279e7fc507 |
| SHA1 | 2743ba1e8b37a00b0b235730729c1b3643be615d |
| SHA256 | 4349cf4b5c661fff88febd08839de98b8bc5c32dd0aa8b52c1214626fd873751 |
| SHA512 | 58f02d400b38386c9a15ed674c18c06bd196ef82afbef89e32357f0ab6f893558a33cc22f44a120c8a2412286890325e52d3d54a3e0a24f8a6f5f0456a9a1cd8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 206608045c9ee5c8a5a5c0d9ce77a456 |
| SHA1 | 43153d408f9e4e51bbdfa38a9014b263e623ff29 |
| SHA256 | 9aba54a4a53ee58eed085b9178c936d501ad8091071aad137cc2afd42c71a55e |
| SHA512 | 979bb7ba40cd043193097aadaeb7e6ab9cf441041521f3d439daa2e1d19d6399786741427b3c3d3d9e87a3606db2b827fd4e31ca030abd9c50f9614d13617995 |