Analysis Overview
SHA256
fee35b5b4c29577fe37653a36eca5b693560d4349eb800ad09772c639f62cf46
Threat Level: No (potentially) malicious behavior was detected
The file a47197c6b4bd783ccc6768bff015c874_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 07:33
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 07:33
Reported
2024-06-13 07:35
Platform
win7-20240611-en
Max time kernel
143s
Max time network
147s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a03905000000000200000000001066000000010000200000000922f4c87c120a240b21d9eef4da3a5c605b0ac5cf41593b8f22dad7ce10ef69000000000e8000000002000020000000dfee0e0d3ec64828033845ee62925f264cab921fdd935f12803a85c0d06b3a83900000007cc17ef95a64ee4d6715f68d200a57d07f153913f2df19e68e6cd1b594e9c120d1d38ab24698c652cbb51e11422e30ba4f7261138bdde35f2ed01d47ac03c7e5dd693c044f82c2aa79ab098ad4b12774fea379ed986e103ff6533a96f5b5cdfb8b45ed73f974106082dbd2566967af1d783f747a6800a504c03958e613ef34765addff62c18b44d16fb54c275596758540000000fbda6946cbf09fbb30a3896931deb4b752fa21230bcd0a67c8cb56cb347aa0e9f8f687b47771a5b86aeb0be525e547e9f4a2d4a1d5d01d4100dbe4df801d8c88 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a039050000000002000000000010660000000100002000000018e23a72331619c9f1e1a5fac5a590ef7016805c32ab5d72ecf14a9cd6c8474f000000000e8000000002000020000000cf775d1cbe80c205ba68bfde3a7f265fb0fe630eecdaf01ac3ee8d7740cca9c020000000dacdf564516ba692418446f5d52251dda1fe565a94baa182f0c7bfe5593fed1940000000d837a92458f34421849b9ea9bac111cf5fd213a46660f9bfdf160a6312c62cd393ca0430f61f3642266de4d89ed84f8c9f50bc0ef6e50dc1e6524d298848caf4 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424425870" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{36FF5F31-2957-11EF-9520-E681C831DA43} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 9039f90c64bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2868 wrote to memory of 3016 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2868 wrote to memory of 3016 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2868 wrote to memory of 3016 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2868 wrote to memory of 3016 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a47197c6b4bd783ccc6768bff015c874_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2868 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | farm6.staticflickr.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| DE | 18.64.87.164:80 | farm6.staticflickr.com | tcp |
| DE | 18.64.87.164:80 | farm6.staticflickr.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| GB | 142.250.187.202:80 | ajax.googleapis.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.187.202:80 | ajax.googleapis.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| DE | 18.64.87.164:443 | farm6.staticflickr.com | tcp |
| US | 8.8.8.8:53 | api.obfuscatorjavascript.com | udp |
| US | 72.52.178.23:80 | api.obfuscatorjavascript.com | tcp |
| US | 72.52.178.23:80 | api.obfuscatorjavascript.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 72.52.178.23:80 | api.obfuscatorjavascript.com | tcp |
| US | 72.52.178.23:80 | api.obfuscatorjavascript.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | astudents.ru | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 434622470a584fbe6315f9aaee75686f |
| SHA1 | 2b504f662c6bd813e8b4b076fe7ef76971831b40 |
| SHA256 | ca6893b99a181b5021a59a5824fc6f58c796d644ca9a747659ad0e91925af6ed |
| SHA512 | f4fd24f39d087862c62e7d6663010fd4d691885cee88bdc7684b67ec75cfb23a2e4b573443d98f57c216a892c639e03761ced4d7d2c3072e980a9393d060ac09 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | cb85f3fcf86ef0de7ef258539cae87de |
| SHA1 | c73288fff07885a62f8c7033b348863ed3b8cad1 |
| SHA256 | 7430a96d94b1faa5363b7656b323ffa416fd262e0405e498bb143dc93443963f |
| SHA512 | dc152f2e8c8f7e316e84f7a1f3996e02c08d582d6d0e40b8bf7171e359ea952a80b7452e56690b30fe98b4655d4744e8529a930449ef1cd853e377f86294b2d2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | eb7c41be48df5a970c61840a73197c35 |
| SHA1 | 3b57d242e02a70fba213f51f45f0fe8c6746ff41 |
| SHA256 | 80c9601d461aefaad96bf0ae828cdea82595e05507ce00acf245d6d7c6b871a0 |
| SHA512 | 7a36340294f407ec44da5af598f76ac36ab52f17964ca9dcbda05c8470f0bf22e6ec5988ddb4152c9b2a013734ebf9d4cae7e419df48fc0fdf8ce467b28b31b0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | ac89a852c2aaa3d389b2d2dd312ad367 |
| SHA1 | 8f421dd6493c61dbda6b839e2debb7b50a20c930 |
| SHA256 | 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45 |
| SHA512 | c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DACC52A1882A05AED14688828CFAE295
| MD5 | a4c3e4b3f212ccf9719236eaa8f728be |
| SHA1 | e017a18974a9969ca60ca2499ac54b464d91a2ef |
| SHA256 | 0641546fbe6a6bf201d918796cf5efa992632208053037f369a6173cc2afd39a |
| SHA512 | c4c229eec604f4022ab0d439eb8b95bbdbb554d809d4571745957f0da5dc740e4ecb13757273b9dcf9f431a5b1ca40d53a539e2ccfaadbf7c161dba6b8b2734f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DACC52A1882A05AED14688828CFAE295
| MD5 | 2b9f82fc2b360c7a4ee4c3774c9a8ca5 |
| SHA1 | 50d9d980a4c5ef891328703fc93cf36948669beb |
| SHA256 | ee435b48fd46214e2a54af4444539e1ec8c939f3dc569e1963dbad44e2966990 |
| SHA512 | 904395731e5030d499a6fba577ceb85ec59d1d8e7e843ee9f649210c29ff4b8d7f00d43a5e98d5f51a7380770f113d0b9a017ecaa2c3f7a1b4cc72df3043acc3 |
C:\Users\Admin\AppData\Local\Temp\Cab1B02.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar1BC0.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c7f6038364b683d494261aea063817b4 |
| SHA1 | 0efd0d1f1ecb1aa15946ca7afc7f5abd2edf87e6 |
| SHA256 | ff3bf6a858073dd2f763402a135483292ad0b0494295b7ddf73debcbf4afb25c |
| SHA512 | b3aa3929c2e085e2131fedfc4010ebb6df7771acd28a00716ccaf0b1bfd856eeea01980690eb6fe5c12302e323698311d4e78a9611277ccf14bd15b069ae9f69 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DODQ7AEY\platform_gapi.iframes.style.common[1].js
| MD5 | 682c26af19b240f98d2cb951721fa54d |
| SHA1 | 18e58b652c7f82a55ab4b1910693686049e25d62 |
| SHA256 | 96428f0f585a874c185d560538ad83ebfad0365d760fcf9fcefe80add9e3c980 |
| SHA512 | 078aeef086271b7f9cf0f6e3a1e7908d7e38465a1a7a4de6f2a785147e9130551a2995e80600824da9341d58e5425d4505518e90eea9ffe1c64f4f41825a9660 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PJARS8CM\cb=gapi[3].js
| MD5 | f9255a0dec7524a9a3e867a9f878a68b |
| SHA1 | 813943e6af4a8592f48aeb0d2ab88ead8d3b8c8b |
| SHA256 | d9acfd91940f52506ac7caeffea927d5d1ce0b483471fa771a3d4d78d59fda0d |
| SHA512 | d013be6bfc6bcf6da8e08ed6ff4963f6c60389baa3a33d15db97d081d3239635f48111db65e580937eb1ea9dc3b7fc6b4aecb012daeee3bf99cfebf84748177e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1c3fc299ff8cdd42883ab86380cb3665 |
| SHA1 | 16c6dc6f12f7ef184612b60f40ff1705ffc8a5a5 |
| SHA256 | 444942fe4aff9e9dae1ebe889345db52aef2a747fe669a2fabb4e213b3b32252 |
| SHA512 | 6c9161fa1c086ee974c0847ca775c7a674d59acfb9beca74086f356003cc056480a776523607c7143a15c7a1085feb55631dc31648c0c3301f71871bd22933f0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 716c664eb2a854510ad4ab518e29f56e |
| SHA1 | 3f3c0bd6529992673f58a3a8abd994c93e89619a |
| SHA256 | 3a38e270edd66636ad16447936a5ad617dfd69c0e76f8447eba9a5f61c20c612 |
| SHA512 | 1cc02e2c2e0e78e36c10bc01b564ef6f1932c19201b00b1711f55586ca7d5692afa6ec93e8af730db20f429d31d011734b1876dd031954416f18ac64ca74c043 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 47318e2a3000859c9c880409af341c22 |
| SHA1 | cff656a368c2240877bc83645fac964dd1667308 |
| SHA256 | ea4ee0ce6d57f8887aff1ddd5889310b62bf7c19b87c069bbfec201b963ad795 |
| SHA512 | 8630860ea43f3be065d075046db99332783f6905f1bd1868fd255d2c130c9642bb93bbf7614ec7154e405a93feb9592510be7a99f47c16a388be2a9199b8e69a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 307f0a99cd4fc56b667d0e8048bdc165 |
| SHA1 | eaecb4469fb4296c84a1dad7548245f0648b10bb |
| SHA256 | 06a2203492371e9c13e94d2a44bd40616bed8fe911849e80a6049f4a12d6329a |
| SHA512 | 9d06c733b6fb34289fd3ac2bb9f48dac9fd21c75d5a721ac3bd047b8d77a3b30d984b47fadda053146a7cdf4f1b2a081d68098dc443b0920f2b9d04a22eb0463 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2f160c762943b9b43598e15dba1510bf |
| SHA1 | 38e62141d20e57e24c6ae53d6d22c436f1d08a2e |
| SHA256 | 21300b9ad032808037907ac89145ad9d8a29e1b21b1ff85e35824c35afad2946 |
| SHA512 | a52241343a809a27556821f3a5e5a2e21f0a54d8620bb6a069f2b238019fc05999a92c630efc4376fe52e984a9e87fd1d7b45f0f7ef59f810faef6a013fdc137 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2e8ada77f183fa82848cae54c5f59430 |
| SHA1 | 02200eb12711c2a47b86a863b2f69ad2381a050f |
| SHA256 | b907f8025c7e06bd0a929b8174424cb21d52d43d24229c96694bf5108bfeb21c |
| SHA512 | 82c69a0e1a99964d5da7d7c6f0824036ef090669b5bee3948bf5a858437b60305c4b7fd0ed31183feb3673bd03c0d578408e8434367e0b5f04c0e7129b47b401 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e77a5364cc5bc1b8ed5904dc7f677620 |
| SHA1 | 9e31370ed86042f6759ea6b961d2aec5b57dca4b |
| SHA256 | 190d754ce7221bff0389aafd0be32d946a75cb5f8ac33bca35df12c5661f14bf |
| SHA512 | eb9be5c42f4591f7c5399569b2dec8c80abd46ae7ec6046285cd342be083b04f31d9fbbe7aa9a0760136a07b808c8496037d6b7819ac41ea3a3f5dc3ff7666df |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8e0fc2288604a7a3bce8bf4c87fe4759 |
| SHA1 | 302e7225f0ddce4ad4d01f50cd4c3d52878f15e9 |
| SHA256 | 3f9b6b69a3b64c935b3a4f1993305e2de50f15ae914a3f67a3e36b88c6313c6e |
| SHA512 | def8fb316eee1b81fb29bacd08836ce1e9db982e794a85221b4ad43f2323dfeae9ea4b4bca20b1aa1ff71f372c1905408d37e7ee80247e83a3f2d640c4c4072a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7a1cf18b220613c7376659b49509f31b |
| SHA1 | 07ac6a24b822f1516ba5adc2637a32bb7d14f587 |
| SHA256 | 17803c5440ac6da384fcda130500eb943da7253057c6efd55b9719f76f2faa36 |
| SHA512 | 66293509e677ea755402165a155c67ba13e297f1dbca1d8fe9c5cda01d8cdd96c4ac6dd03e87e9f96796ed29d7a776a0fbe1dea4c6655b63e85a04fee2650f5c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a8502e6ed46a152ca8c83033b5bc6a8b |
| SHA1 | db43423accdd8d2bf01adc32617074515057dc5f |
| SHA256 | b5d621cb7254bb5edfd704c51c7c66edfdba49f450207580903d44d7e10e6e98 |
| SHA512 | 5138742520d4267da5ffa5be92afd611b46cca997331ab90ce5eeda5c627c504c3b410a68ba1dc8493dca4bd96135764f377bfada065e788d8c2cb4a39f7578f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 800c24304eaf7e32bf889d1584e91161 |
| SHA1 | e71c9a6387cf990c5944b7d4bf91b7b5843ab8c5 |
| SHA256 | e3d8c19c30809393c90a23457737c56b199fb8a77bbc89d6e155992b7ebfd5d7 |
| SHA512 | 37a017d372aef9ae943184ca112fc05cd3e0c7647c26135f86e1c393acf87d2b1adc64eb85e457230456cc188bdf6d5a35c411b2805ceb973cf5e88a6330bb5c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e213852e4382f9c416e9d158ccdb863e |
| SHA1 | 5b8a01fe2f61a54c8dd1416323bcb16abaf39922 |
| SHA256 | ba989c99f06223895a9c748fbdde87f2553d87b1e561425859d21938e809a33f |
| SHA512 | bd501d6ef009aa6d64a45f27539ff3af7a49519c9d825e314efee425ad623276a1b324eec6eaec5df84b6416ab65efa320f0671ba65f768e1c8c9573d68fc4df |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ccba8a7b4cca434675bfc4fef8709788 |
| SHA1 | c7977c617abdd24d9d9fa3534a8423b12411443d |
| SHA256 | 85ed2ef618063956cfbf5b552fb7564e12f975067269b5e9de18ba2bfc087aed |
| SHA512 | 18c55eb842ebd0adccf1e25063263a8a7572e69ca48fee3f235fbd1ee694a754c5b545c6c865efddb701e3437276df5dce674645626298d108aefaa490eefc7c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aad5e540541c14e866dfc1fa0bbb10b5 |
| SHA1 | a64a4500511a85bd29b57c385d57837dff32ce63 |
| SHA256 | 055aa91e83e38e9c5c5958c300f5dcf51dddcb75306b9b1cb9858445c7d60241 |
| SHA512 | fa301292feaf0dbfe1a4016136245eb1e8c69e6daf14dc4dd8d6d789dc6e0053491604aa3bedb85d01deeb822adc91132e7321800e927f13d2d7133942584274 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4062b310c28da85be0136ddf5f066050 |
| SHA1 | 659970fb920fedf73ba3a54b9dee1432fa5bafa1 |
| SHA256 | f8319f9e5dc664ecaca4769566a7d3362c5a8c6c821cba25d454478365799da6 |
| SHA512 | 13e873a08a23c6a26fd84e66fda1f606dc16d32f8e0bb93df7fe1a52ea7a4a0fe05cbb8a7f20002ae82917d6e1ef6d8c72de5a4cfca4226ac7c0bb4856c80885 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | da53747dd5a8c4987f5c5f8567d7b353 |
| SHA1 | ceb455ac42e6da4283784f2d0234be03679b87ac |
| SHA256 | ac73241367eb4e02fc85986fbe2c73f0a90b5fb7a4f7e3fbe6814c2e8b56c570 |
| SHA512 | 7b3ab6d0c6aa3bf754c5f7590d98531562f8284781cc8305cb404b7e677c22044b54bd7046e1bfe0e9b6ee46f84cf486329244576c6b68b3cc02a37e510f170d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c79416e93c5109e36065365c92d6d273 |
| SHA1 | b6952a063e4add7ee4f41707f39355de880e1a8f |
| SHA256 | 4481668c044947bc04752b68877866a80e90741091d18f92f4e256461f1eadee |
| SHA512 | c11565125cb1afd49198a0188758250ad400b5b40bcf1277049d244db30d7c43d081aa97e976759c04fc4e893c4bcaf18e37c796fbf25c30c9f0061991a688c9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 01ebacc902e5d6e405b7d2fa48b23085 |
| SHA1 | 8972341b55d1f1277a1b7b1ac5e4ba6d2de3decd |
| SHA256 | a675d6530625fafadf2fd085e91934fd6c9df5ef72e12614d1814555c1ac0d73 |
| SHA512 | b03991af8ae29880ff0d97ec0c9a27c9844280df73f63a0e062c5ca89bbb1b13714a9ec7f722884a5ef6441b514092b4193733321a07ca38330a1482ce83b7f6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5fdc6e1cedc492c43651052e1fecc78b |
| SHA1 | fcb4b8ba39e7c2387854eb30066a631c5824359f |
| SHA256 | 11d3eda5028f21acf33151f22f8fb819f2231a1d5c274e61cb6c6e07b5456d24 |
| SHA512 | 9f89d109b1609e41cbea9132c13bd7f9463cf01b9a98480d3ba7e9f5608b48b41a62bcd8af352cd76b862a1e565fe23349763e6091e0c917462bee3abb263b71 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 802b55c54023b3fe857046286adf1a16 |
| SHA1 | 5a2ae681f0c8425add8290784da9f7322869d211 |
| SHA256 | 0401143726bf03281d2e0d0178d3a192cdf437addbfe2f3b8c893ddebef33af4 |
| SHA512 | e77662d88e198d5c451fe40665073b54f13cd5de50f4f0ceb3db79c04b3a0e5d0b2e5167260af91ba9982e4bed53d9933703aa604a4264e605ed259668550f81 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 666937fd9be62a077615e68ca03892d3 |
| SHA1 | c134aeace927edb7cdf5baed6b6995a04259b184 |
| SHA256 | a87ceb20370b62aa8c60e0bd49c48b3b1a74bcd0326fc258c6bceabbfb6e82c9 |
| SHA512 | dc212f337c20ef7ae638c3bb403746d59e153e75478e6a8007f3332f5431e1107c1fa00bf0d8f7987a4b171ba3f54c1b96466e77a3a1e28115d3c6f0c8f463fd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d35367da2867440f7d31c6d7a9ed2f80 |
| SHA1 | c0c4987c462ae6acf1b860855530594c0e8eb784 |
| SHA256 | 565ffc8b2b728137e9e03c4011cc4f187b4720159f4308409b90774ca7c51cf2 |
| SHA512 | 739483fb9312bfc58f5d1b15466f311d7e6667ac80ae189622df22a4df9e414ad69747d62bbd42e811087a4ab37d681962d5c52063013529caf92a7ad075cdf9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a01844d95f4cf4606367c79d7c56745a |
| SHA1 | 57db7ee909d75c7370da80ffc008bb0cb9dc5cbd |
| SHA256 | 3270762aa15f723dacbcaa220d156e538b2574a1d6302ba9a268ab3f2f44fc4c |
| SHA512 | 36ebee39a88eb7f3952e52bf8a14a71bb3c169dc0c75d2050b7488ec16457d9ce45ac138526d98937526ed3cd5ca7cf3e0d0ba54b1eaccf39e7b123cf054a6e4 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 07:33
Reported
2024-06-13 07:35
Platform
win10v2004-20240508-en
Max time kernel
147s
Max time network
150s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a47197c6b4bd783ccc6768bff015c874_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaa37e46f8,0x7ffaa37e4708,0x7ffaa37e4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,715259425596512072,9121598076749468314,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,715259425596512072,9121598076749468314,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,715259425596512072,9121598076749468314,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,715259425596512072,9121598076749468314,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,715259425596512072,9121598076749468314,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,715259425596512072,9121598076749468314,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4376 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,715259425596512072,9121598076749468314,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4376 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,715259425596512072,9121598076749468314,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,715259425596512072,9121598076749468314,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4536 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,715259425596512072,9121598076749468314,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4568 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,715259425596512072,9121598076749468314,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,715259425596512072,9121598076749468314,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4256 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | api.obfuscatorjavascript.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | farm6.staticflickr.com | udp |
| US | 8.8.8.8:53 | www.blogblog.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 439b5e04ca18c7fb02cf406e6eb24167 |
| SHA1 | e0c5bb6216903934726e3570b7d63295b9d28987 |
| SHA256 | 247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654 |
| SHA512 | d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2 |
\??\pipe\LOCAL\crashpad_3276_BYSDUTCGCENMAXTK
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a8e767fd33edd97d306efb6905f93252 |
| SHA1 | a6f80ace2b57599f64b0ae3c7381f34e9456f9d3 |
| SHA256 | c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb |
| SHA512 | 07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c696ccb72b4d6585f0efa535a071c548 |
| SHA1 | 50c03877cb2671e9c866eda71841217450874226 |
| SHA256 | a7ad38b05ec9b3848717f0c8ed8fe9c170b18a734203ee857cc591738f1f439d |
| SHA512 | ef9b5bec73fe706858272c92dd41e2c9b2a24dd7fce65bd2a67cf9042c6768aa082757684407ea2d3fb37bb5fdcacaa6b324ddadd7bc1599efe26f688d64740e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 5f1505d79ed1238575f82090cf35a64a |
| SHA1 | 46a1c9d35642d12c62bdaaae34acd397c14d3c55 |
| SHA256 | 3a2fc663cf43c1354a337847701260d1a796e9e7534d1e29dcbfba0beb430001 |
| SHA512 | 860735c2b640fb6bfb8a4d47f5f0dd73c40ced128e513a13a20bf12cae634e50695d708445111162e38f8b1abaef303d61f9eeb46008c40cf56f42724a5aa3ad |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6efaa37c0fd7e063b46cb7105078c140 |
| SHA1 | c7b57a393c1997c189869e3216b8f142fdfbe93c |
| SHA256 | 36801d7932f029f25d20b4bf1192cb3a4e430141cfc0ae19e21906cc0fa0c8f1 |
| SHA512 | abada792ffdbfb8e8f2a68cf07a0ca4669bd29a40992546a691c9da9df1d7460e5abe4d3a0922c00f209f9fdc847edb72c2eb729a591ded39674b2956142c602 |