Analysis Overview
SHA256
abf898f717f6858264e19b9ab0e16bdb8728f4d5da936c86000bf9eab42ba69e
Threat Level: No (potentially) malicious behavior was detected
The file a50b9b34c4a9d9c56699155ac25d33bc_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 10:18
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 10:18
Reported
2024-06-13 10:20
Platform
win7-20240221-en
Max time kernel
140s
Max time network
141s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004aeb68e4e8f4ac4783104cc99ec8d27800000000020000000000106600000001000020000000b8a502b2db74573e019c3fe9dd69477f4e50d199a1fb629cb500c641819c70ff000000000e80000000020000200000005a804fee783ebf4da0be936b3214d6be9d0e3e5eded3f21b023810abdc656647200000002cf9f315efe3895c56c3ce0044069ce727ab8482c6a3110aa52b08e1e3c19c46400000006d146f460f84e1661f880eb18926143cabaf6b3fce444b444e7d0416fdec1777931878580ee1fc5e37ca12a1138338d2a2ab2e4754109b29565dc4495c37ca72 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424435772" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{43E22C21-296E-11EF-9CEF-E299A69EE862} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004aeb68e4e8f4ac4783104cc99ec8d27800000000020000000000106600000001000020000000ad6d50ea84e9bee2e1a6cb259b7998665ba260e7d670cfc6f41393ef41c654dd000000000e8000000002000020000000d945f5a940eb89c7fac34eff1836bed8abb1626e4e4440666470e2f53c29f85e9000000016a927df4289306af21d6747f7e035b38b58edb178033f9aa823c22faddc12e71e60956ff4d9dd5baf5c337029af1399a08f000531ccbdaf56bd76cce51562bcc35a658c022c1e14d93e14c5b10bc34792aa50a4ca201560e4c120921b4649b7e30aa39feacc2f18c5f9912abc08941b23f38b3362b67bfe4c054cec7073be4e6690acfb80d5b7051877b455f0f0305b400000004c0a26dbe4d25742568ad1b2fd9e2cf75c30b52f3748e06a1df79dc7ba7425a32594928148a9f66840d97963fe4ef88859ec61a0b6045e52ef1dd2ce130743b5 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90f0711b7bbdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2756 wrote to memory of 1816 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2756 wrote to memory of 1816 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2756 wrote to memory of 1816 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2756 wrote to memory of 1816 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a50b9b34c4a9d9c56699155ac25d33bc_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2756 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | corporacion3d.com | udp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 70.40.217.137:80 | corporacion3d.com | tcp |
| US | 70.40.217.137:80 | corporacion3d.com | tcp |
| US | 70.40.217.137:80 | corporacion3d.com | tcp |
| US | 70.40.217.137:80 | corporacion3d.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 70.40.217.137:80 | corporacion3d.com | tcp |
| US | 70.40.217.137:80 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:80 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:80 | corporacion3d.com | tcp |
| US | 70.40.217.137:80 | corporacion3d.com | tcp |
| US | 70.40.217.137:80 | corporacion3d.com | tcp |
| US | 70.40.217.137:80 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:80 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 70.40.217.137:443 | corporacion3d.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9307a5dafc1b85486d167ab082e56d84 |
| SHA1 | 4ed34d83f66b805afc740be85c68bfd64a29f2c6 |
| SHA256 | bcee57b154efe4a6979d5ef5016f37fdf49b4d509c0290e81e4d113a6b8dfa2e |
| SHA512 | 5ffc7160be62002b05fc6594f63e61c096771d62aee09e8f36cb0e42d96579784d86d26079230043227580697226616f4a7c741fd1fcfe115bcc81cbd5fee358 |
C:\Users\Admin\AppData\Local\Temp\Tar4DD4.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\Local\Temp\Cab4DD5.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar4F26.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fa6499e62bbd684f50aba9e42e6b5721 |
| SHA1 | 6a2f41f9eb7a972429b769969072d8509235f926 |
| SHA256 | 713e1f63182b2a0349596817dea2db3abbe4376ffa3770a8d14b84d046cf8307 |
| SHA512 | 76b84eab473f7e89c5fac5183912d63427720f18cbf182a6cfe72228196f8ffbf3ee32aae7416f39b3bae0e4c216d5e39adfc688d815f010aec37144041140de |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e4768379877317d37a8e6e2256ccc423 |
| SHA1 | c2cd61dbffb0fff9f2c6df16c3235db816c38a86 |
| SHA256 | 9e5e3b1db3c2d6bbd2b877bc53076783df683a92534ae2849f6d20b2360ebf73 |
| SHA512 | 41e74cd12a1a7c6f8613b84fd4d8b35e5c8590dab06143a92107da44edeb2882e7a85238383a9126c6fdc22411c4d15cefa916f79d8312d3edcdbba99e187173 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e5b844720a164c836f0b60f053573be2 |
| SHA1 | 7b0153e2de3e57a509258e019943e35c88701d0f |
| SHA256 | 935b0b5e62e4d5e2d22194311e84c9f82d6cc2c67a2d5041cb738f1b453bc952 |
| SHA512 | 5b8be6d69cd2a0625ffdc41ca2fc21addd2f93212c8328ae4ad4672ae1b81f33c161f330aaf5651bfa0f219965418f2d1010bdfab9af22ffa4451e24012e4194 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5db26891a8d3bb4e9e013e5387bffc27 |
| SHA1 | 9e5fa6251f34371a0e62887e7c345a253bea7069 |
| SHA256 | 9c51c4009b0eb2018bcd2a94a4bea41e8290e9065256ecf9122ff1a8d43d3c44 |
| SHA512 | b1f5abf2396a73e9d8bae48202b759759d5642ab2ce66d9279b4685df0ead388daabe13c83c65ddc82c74ab447b90457c0215b54c0a77e426e6523e01d5557fa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f34191ed7eb0fb5ee2f533d752a9d467 |
| SHA1 | 29ac8b381008b04cd6e52d63f6542e9aa6f20224 |
| SHA256 | ca1eb8684e1c107d977d5ae930ecbaa0f5a7a0f1e80c0faa4c730040cba55ec1 |
| SHA512 | 03e0e867b1ed88578b3853c848af243df24225ca5df6641abc950b1817d44ff136ef946812979f2f240ca0c536353270f46f1227717e8db71bab5ba2f796b055 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 269d7971fcd5162fea6a999cf75431bb |
| SHA1 | 444ddb3018a9fceaf55c858b20edb6a35ab5f050 |
| SHA256 | 112fb4c75d47fd9c8f558f1cf653ba6e58e14c316eca106eb1d601eaaa61c1e6 |
| SHA512 | 854648b39a49bf8a5716fa58b2fc777b0dc84a68c2b903d55930aac2e1b2ad9bf372bd7678b87d97b3a91943f4f9424dbf83c63939cb0f427158b4c7c336efc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 93cb47ad649f957ace27ee9fe2019b7d |
| SHA1 | a282560bb3f1675223711da3f5bafd45421c3be3 |
| SHA256 | 4b82cc7b0b56779d3362732ec91fd4e62195cd63efc4705881a4c670fcb74484 |
| SHA512 | 485b5c9bcfeeb091359d5e47f4e41ae4c2a9e6cb8005cf43f5b4c5c6181a3398113c906fa5807a009bfe1b456bd8bbd12f253e96cfc287d5c4d41ce253c4ebfb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 146941ab8ae012f7e4ef5d77a18cc8fd |
| SHA1 | e2be9c928869b820264088956c86dbde40f69ffe |
| SHA256 | 54b837baa4a0c8e4ccb5e8e5d32f5584c8f3ba8136d17cc1caddc256de386f9c |
| SHA512 | c9b3b68be9057296f99b94860fba05b147c8009dbe1399912e7ed961f81b23e4fbd14fa9c96608547ead964d15093511bc57ed96f13e45e98861eff1eec79f1b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a810ebe95381a58995630690cf560fa4 |
| SHA1 | d6bdfe7f2f55535c92eb50a1f843052e8d438864 |
| SHA256 | 5a81021277fdd6c2b7f4c2c758e8e9e807d8fcd241bbfa36227854e61ef692a4 |
| SHA512 | 6153862d8472934f20368567815580c32c230e52632df65ddf65b15e470056708bf43f000805da091d098b3b7c6d58e3fca978fe0e578377d9b755a8e919d419 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 04d70c7852e3a6010ad1b6296b8801b5 |
| SHA1 | 0ebe42ebb804f1099a02306e70b0a29a25f86710 |
| SHA256 | 56a63c481eb58dfb81fe33a58e36f1c4aaf126886eea7ee876352c0cd93a7f43 |
| SHA512 | b3899871d0857af3d194535185d43f5c1a76825814824aa72c191fe99f8c8e3b2aa7f529c6dd20fed7995e939b5bae6422ae2477d89e7ca9daec9d57271a0976 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fad839fa4ef1b173e80f4eee75a9505d |
| SHA1 | c5c7e2789a054d8ab0f7b2d0c00c77542fb57231 |
| SHA256 | 8aedb0f16be8aab1c48f23c3b920ee7fd88cee3ce9657bf7cc6923966461d2ad |
| SHA512 | fd58161ff1f903918bbb3906b2bfe4d66ca7255bee40f2bbaff42437cdbb999750b76bf1743303ec0f44abaf3940b876af300f809eef797b140984291d296e4a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 901b6c8a7414f315ecbf4a69b36a0399 |
| SHA1 | a42c74e3116486ec7110434ac324d706f61617aa |
| SHA256 | 2e1e6810b800dac7f9aa2b099fb76796443c0b26226e3f247e04ff4e45eff65e |
| SHA512 | 7632898984cb1fb92846fc68d748dad4567344146ef23ec1850cf51a7c4fd37312f0c7095177e98efb0d7b04576d88fcd2f46dcca7a89b5c85535fbd7b807e92 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a4cac02d2f763e09acc235badb08b1f6 |
| SHA1 | 9cdaf73e85504cc1ce40c034626587b23d97733d |
| SHA256 | fd7e0626bdaa915c2c8c6ba78e7e6c4e99abc1b63def6d138165dcb84450e9be |
| SHA512 | 7f08d148e622dbde032351d6f368d01df49e4ff48c7749ebe6c6e7ac4b0705877c3207aad1cdd42094321c0fafa6a239f0032a4a3d7a492d27549eafc33a5655 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | ff2620d23cdee21e8104ccc07094521d |
| SHA1 | 9c541eea9dc721627014dffcf2ed081c84751928 |
| SHA256 | 1fb264d344f3be7be3bdf22a786e938c0407124b428e0736a48eb81c4f363be7 |
| SHA512 | 9a4a65453d82e2266e9c479d2538987879d9654ec682806d8f97ec391f3afcee9880441219f62ffa4dbe0c152e95f9bfe24f19c2f8b1516d3facefda6f15e7c2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 403848d7d3c054e8e28f26fc0f091b6f |
| SHA1 | fb0b908fc17e5a94bdbce92d373460eb19c02ae4 |
| SHA256 | dfd4a6d704441c3c8f059e9cb9b7244a44917d104cf0481879c77cac2e250e5c |
| SHA512 | 4bac3a95b73560c04c65321761d96144e6e03be2b8202bb98d69a83f6d076910591ea3ca4e40e0f6ed913364a8826ac70946aa83ff79a0ece33fc604ae30c1e8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2f4b3711d69949af5fb8086bc19e621c |
| SHA1 | 3b6f663a081f06a456450351ea23c960d5bfef22 |
| SHA256 | a00975ce51b5a92170682a300e625e0707b1b20eafe4d6bb53c6927d8258a754 |
| SHA512 | cb7d16a581265d9c8e32077469bef9e9cd53e86ea69b9e8f4094e8b730249bb8de73208edc1c5388b6876f5e7b411840544cb704a4834a5e7aa5101c986cc28e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ffe098040640c52238497908920fd9bc |
| SHA1 | 6e9b3635e5e4e5b4b315081bbee63389183a121e |
| SHA256 | 6abcbe67f345ded9d078ec69958be653a20ae1d1081783f536fd09ab916fd5a6 |
| SHA512 | 6c67b3392f454f937cae0d748eacfe7db07de801e6ceb0322fedcf24239798e61cd5b816b100a09f8de3ab5d7d00554bebdcad5e4ff4c2a30b8ff7cede4f0a1b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 52023e05346a10febd83bc9a143deb50 |
| SHA1 | 8c26d1653473cdebfc7eac666b0840926aa52236 |
| SHA256 | 0652e4682652e463233ef90c45a91668378a7c28fcbe2dc7bb53a4460af6d981 |
| SHA512 | f3574527487a598296c9bd6fedd8f60cb66c45576370db51e95a443cec2b476f207840e9f77bab0ea2bd85e6454406888ae117fae22336463704dba015b7c46f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6dc7bc3b9bbb3b17aa9077dbb66c1fa5 |
| SHA1 | 9a7cbaedbe1a1c3ee090e232e48dd91f776e28f5 |
| SHA256 | 5d4e55cfdcd3c14c5c8bae329d5e6c97956d0ab17b99fab622c215fa676bdccd |
| SHA512 | f6c9e53158031ca9d0de5b9de289547385570f591d8702e0b07af136630f44458b1d7d2659a72249c412eed5d133221f935724320339cf1babdabc3c8fb009fe |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 10:18
Reported
2024-06-13 10:20
Platform
win10v2004-20240508-en
Max time kernel
147s
Max time network
150s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a50b9b34c4a9d9c56699155ac25d33bc_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xd8,0x100,0x104,0xe4,0x108,0x7ff86ae746f8,0x7ff86ae74708,0x7ff86ae74718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,7230273287338831918,17848167532126385443,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,7230273287338831918,17848167532126385443,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,7230273287338831918,17848167532126385443,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2704 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7230273287338831918,17848167532126385443,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7230273287338831918,17848167532126385443,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,7230273287338831918,17848167532126385443,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4908 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,7230273287338831918,17848167532126385443,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4908 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7230273287338831918,17848167532126385443,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4280 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7230273287338831918,17848167532126385443,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4628 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7230273287338831918,17848167532126385443,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4244 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7230273287338831918,17848167532126385443,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,7230273287338831918,17848167532126385443,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4536 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | corporacion3d.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | corporacion3d.com | udp |
| US | 8.8.8.8:53 | corporacion3d.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4158365912175436289496136e7912c2 |
| SHA1 | 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59 |
| SHA256 | 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1 |
| SHA512 | 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b |
\??\pipe\LOCAL\crashpad_4532_UFCMDMRDKMNMSXEL
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ce4c898f8fc7601e2fbc252fdadb5115 |
| SHA1 | 01bf06badc5da353e539c7c07527d30dccc55a91 |
| SHA256 | bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa |
| SHA512 | 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | cc2e900318f134e9c905f30897036b2a |
| SHA1 | aafe6e355adb21f9f18523368bbfe647474fb900 |
| SHA256 | 70cbc446823b03c348d9f6786bebb4d1d8e320ccd226298c65681c19a4bfb959 |
| SHA512 | 5f1a5fb9a6ec317838d5d6338e1d86db040932e1ef552a604f5bf12e78a6af0050b023d22c46f8608b28a70e6e1f2d18e63f0d7b49150f1811dd8bfa25edaaf5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | eaa7dfae69fb0ab9b46c7d17eb101cb6 |
| SHA1 | e7421abbae31ffc81da34a194a331c50814286be |
| SHA256 | 81ef7198f137c96fbfd9f2e9c751ff3cda8527bbe349f7a6f6a568fa8f46e8fe |
| SHA512 | a6aebdfd76916e2af0cbedb046b2e4cd3558c669793c4cde0d35832afa3fbb777787740124b2de27adf0883fef92d5bd0911ccbe7737fc2fe7fc9202ce22da68 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 41b5d701325282f98677db9c92b0f685 |
| SHA1 | 695150abd6b27c8960119c265cd667b94072f061 |
| SHA256 | d6e01b86a7df715f5a72b18885c23aa9baad517085c3d1adbace458469ac0781 |
| SHA512 | b1d4bdd6ae54206be2de73d54a428d4c0d0372dc37adc4216897b9d716be13a79a7ca95f55227217dbb13c18c60ae41fc403acfd5a968b5b0a5371ec8de200d8 |