Malware Analysis Report

2024-10-10 07:29

Sample ID 240616-lygj2syfqc
Target https://gogle.com
Tags
evasion
score
4/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
4/10

Threat Level: Likely benign

The file https://gogle.com was found to be: Likely benign.

Malicious Activity Summary

evasion

Drops file in Windows directory

Resource Forking

Suspicious use of SendNotifyMessage

Suspicious behavior: EnumeratesProcesses

Checks CPU information

Enumerates system info in registry

Suspicious use of WriteProcessMemory

Checks memory information

Modifies Internet Explorer settings

Suspicious use of SetWindowsHookEx

Modifies registry class

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious behavior: MapViewOfSection

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-16 09:56

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-16 09:56

Reported

2024-06-16 10:27

Platform

win7-20240611-en

Max time kernel

1562s

Max time network

1567s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" https://gogle.com

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 4075e8b0d3bfda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000372300cbab700a2552042525d3d9e32079be0da36e80d69ab06fec311378fcf1000000000e8000000002000020000000feeb7fd85aec0f95e29251809d8b758a8a819e8fb8e09d838bfcf66eddcf0703200000002251f9185e53af5bfdeba9c8c23e6251e5cbf47207ab1ff4beb715a17b3f3ad240000000f8d1038aebad9ef5e3e6d47cbd4743d2d1819e14c3a7d1614f360dece2ff3dba0976561c0a636323917b9da7e695dda8a27cce63ce874b725195e091819eb642 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000de3c12810e6d7a9d456535fbcdf719ef25694cd700c313afd4a34b980e872e27000000000e8000000002000020000000f7c0a5410d8e7574904d806555bdee00e591b0d059dbd03df8decc5a5d820ff79000000059f197b495831eab9e00e924b7fe53e11425ec42f419004c4cbab5cff4da8211c9cbec8cb3ef67a9c01de91440f52aff44d8d9fda3823adc6f154d15fb96e40c31fba575678ab20003c9f641f7269dbba12a39316dcf534ec79f4a02748d2ce6d797c7e6fedc1862cd5c179b72aba8e7e9a2fa3a5f55162301640ce900ff00171a707ab2add1dc386001226064c819bf40000000b8d35d5ee1d4307262a51df72b6d0123303d55bd7c358da8857a9c6a71dfc485532df3048c69dc381bf2a22dc940bc7c99dd76a50b9df320117cae99e6427641 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424693723" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{DB2AB1B1-2BC6-11EF-B918-627D7EE66EFE} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://gogle.com

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2448 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 gogle.com udp
GB 142.250.200.36:443 gogle.com tcp
GB 142.250.200.36:443 gogle.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8dba7b25e04ab9bb75392717b24abed5
SHA1 cd8691e9f3e0bae581ce696c6dc0ff59a61eac27
SHA256 93c053c7e4c62f6bf9f64d400b893af4f73814776d45f72fe59bd71a3f04dcf9
SHA512 62dd3f138059bf60c68acdb3d22e350a6e8933845ba1a62b6ad99cbedc01d3e154116c6ffc2725763f4404f0e25dc566b15b655fb4eff8ad94c3178fec04c7bc

C:\Users\Admin\AppData\Local\Temp\Cab6E21.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar6E20.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 90b6ff8696c418253a2faf51d1d5678c
SHA1 42d5b114de17967155495c9fbc6bc333f298b935
SHA256 efa05c7ffb27b96b6e2ba4354d5cc55e208dea2ba4a732940b08848200e0bfa4
SHA512 e261985cbd307d11740df06ecf23de0bb7b903e870bc0d862ced890f7ebc501864b3523e0d517c6f46da8963895213c01f24bae895543916364ff15bc8800cac

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 353db693b8808361907d4c5e53d84f96
SHA1 fe2ae12f6ecc955b7f6f8c0140d8639d63b222b8
SHA256 a5ce017ad1f539dae198664fc4b245537dd602761e09224b2391e1f310ff5708
SHA512 01a996c55cf75bf62e6319079bbdde6960e606f73efea067063c6b6cec5df3e08812e519e2ecbbc3cf39332d0ab71825ffaa34210f02125bcfe86e14e7233d9f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 879afd5ef342475082ad1f731b82fd9f
SHA1 c557fdf42a0f881563df28dea10c2d6a761ef7c0
SHA256 53e58ff65fe3f4372c09af4d0693c3ba25139bc1bfb210e70f9c8baf86b3f3bb
SHA512 f377b324354d49b38d0c9099e6902fee49daecfd533b3b6c560fc71efa61e58d4821e6ff1dd0d7c9c63d4ea41ae0b52b0361ddd52b95e5d2195e1c705cdf48e0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fe15b8fc5833d1aa2ae8bf24eb88afd6
SHA1 a77456a791f62009d1c2442a5e106079621e7a4f
SHA256 faf4e26fc2ad955a70103f88bbe50f5a0f508e1bad79a30f068a4b518f4e0657
SHA512 e993486aa2de3749e60be527e7392c13900e3ba8d7e5a41c6ce201d305ecbcfa65f7ed60d821af16b5ad88f62468696dccf03ed8d32df02090dace11fcd7f296

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 56e36898485d38f388b52fefd2f7b7c8
SHA1 1bd93431fda0c8d9c96540fcaab8fc0fc9455e4b
SHA256 0ce7cb1876ffbadd09fbf558bab06b984fa91c6b34a3dfc00a4ed65d73670b05
SHA512 0066559a532639472cf8829c43020c26b4550e96e231ccead233192228899b489d1d8638551bb705f904e116ad16973b3fe556c1efb389e32cca7bbe678ea3ed

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 89aad269d362f2aeb9da75d509c60ae9
SHA1 43b3f5c94ce28a698c775544c949950dc1b40303
SHA256 08fdd3f935e6d22a5ea1254eb9128a0b64401e04747cb9d3b36a0f5ff61e7228
SHA512 f010a4a3808db212978d9e4d65b51e9769a76cf86699288fcfe48aa50d05d9c88620aebe11ce6017e228225a541e03b5a92bd5210982d08f65b6ee7e29824159

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a6a92a223ee2b651d58b5777d5589fbc
SHA1 f43f7c213769348046269d3b05facdbf789631eb
SHA256 98c6551d5b6878647359620ef3df12b6008a24ef9f89d78de242ad4d50a381f1
SHA512 d895eaa65eb08d6280aa33561a0f36120761b962aaf8a08da218c8caa0e29d2d6a0360e49f3e614bdbf2464bb2e12e1af4110c5a739334e86ade420643cfada0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b2bc6eb7a2f0662568042608a9752b8b
SHA1 f0a93a3a1b74e99411cf9008d7d6b5023fac639f
SHA256 4e727b55d00e74e4f2f9ad27da5a7aa708b5f16b4b33ecc3c5ba5bb9f9b26bd3
SHA512 3e49852bf4948910674da89c14595c202d5d1a9169f5169eed3ec35432ba5273578160d0dabbdf758aeece1a4641e959e0deb6dbc861b22d8e851e60c5b289d8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ec32011e456ed60481ad35e1ea4add38
SHA1 88e3da9b56039e5b08cc842eef07478b8776472c
SHA256 2b4a2ff9e2288e3cf89b22807ebb9903c91b86b91ff1c6cb3572a1244d3c241e
SHA512 86171fedb690c9fa38e834c37dda50066ab75cb7aa4b9149b56de724e36b09d696cf9fc5a8a99205cf4d2abaec56ced979e8d4f56dddd58467f7bca092948b25

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2f293f566fa7fc1bd65060772b8507a3
SHA1 ad4c718ac969e1a83fe7b7c193996e72e33e360b
SHA256 c2f0b60136cedfcfd216ebb0c7f02bc9d0b8eb24310eb4897f2e3b896f105388
SHA512 20cda9be97d64d37430d03bcb2a4ba54c1ae793cdfcefb157be87e9594de991f07dcdeb2a513c3ed192d6de251dd8280317441a4a4de782ba7040651bb41c06e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 87e38ee8145a999e8700bc11f4f38625
SHA1 4597515b655131ce5795aa8ebfb887be9a573443
SHA256 c7fd746a33a85eda94673c5fcdf9ff4584d1a1f1bcecf522414c6c95d5b50fe3
SHA512 98bb7db86d087c7492201bea2886affd99778bd1a157bb79bcbb35c0a964f564c19789458e893acdc3d3cabf91d86f73e1ecae4cd8c9da3d1e41b7487dd2f5d8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2a5040bface6a70994e30f61b4845a58
SHA1 f881ff5bffac2954a9ba1c99a4cf4f176c898b76
SHA256 4432bf0fd10b151f3b9b9c77b96bc0cc1232287bdffce53975ef57e85f6fc7f7
SHA512 f7b1fd2e71f5e024fb9491802d38d90911dd938e25c325c30bbce0cea19b62710b0a398686a1afd0117f65dcdf64559c96e47acf016e5a7fe9a9269e41fb6558

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 39a036c17b7a406efd73a18893729cf2
SHA1 86562e441fe0a2c88fd7631705868b7b7ad8f1d2
SHA256 adce2281d269efcc46e210d0f94467ca0cf7a2386498c029b566e66e282abda0
SHA512 410af1c8eec4de569e846cd4b4849e9b43e6deed868f85fddc76b908159f0292c41a7c4c069e60d7df7ec3a81cd4cade4de5366f782d94b106c89deee3c9a406

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9845680ab52f7044e12ce952cbca37ad
SHA1 c496b83a78ad1be39a6b32ecd82ad82a9267687a
SHA256 8a26d2d37e400812f717098552ca85496039e4fab431d23a3d57fa82d9c18f6e
SHA512 c2548f7c684756048a9a8d1f224c6d4f6aebe979024e625ec07af59330e0c0c1d7e033b63656389f2d57267efc13872cebe60c025d179fa1a674d9181fd0b269

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a1860e7da8e7e0205be058546faf556e
SHA1 4d5a0748f82badc77a24260554c57707dd5a3692
SHA256 4bb76e7a84ea5a274b3ab616d866b413239bc98772afdf8f674afd5de1faae8a
SHA512 6817a13add7cc9604ed84d5c756e3a8e7df6b371eacfe5323296da75356f40ffe3dff9daa6c0e14cff1fb417f3422950eb1249975a7af7e0e84738e3b270a1c2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0ddf5f37cf1a19a29adb8969d4a817f1
SHA1 b733ff9fbe2f15a5d0c816ee5d1304b28269354d
SHA256 6c9cac7adc59058fea82f099d6770236d77292ab634a968d233b453ddd74bb4f
SHA512 3e8f88513eb859324e18ce4b4c6cbcf4f618ad972de98f02cbdf1b014e23df755262b41cacb85fdf4e870a6f3acaaa8cf6d16598d4d4ffa521ea280f10fba582

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b6390d3231a9c3c8ea6fd0f9e8cea7d0
SHA1 42190b2d03540b8d15e2ca798f3b133dc4332da3
SHA256 4e2df8bbbffc10d61f194212a61bd67d6e4518555c7c8bcdb49bdc693711fc93
SHA512 1041ef44c76d601d2de258d32b8282e1fabdb0eead6c173d5c2931a0d2c966fa23ce0b4306a74f399ded445fba56d2530d4cbe983a86b3d89d53057df405bd46

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b7913ed84d7eec0f3a602260cd8adfb1
SHA1 d73e78715f5dd8b2d7147934b6c7a4beb3d08e28
SHA256 cd886f788b7273245929363150f0d63a337c391b2cf4a644c3d73d1ebfaa2004
SHA512 9fbff33bd5e03ae9dc65ed2b1bd5b6efeeea382690ff861feaac112893a65bffb4ceacb1ac7af59605b87ab10963740eaf322bebae408308c9399dae2009b61a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b27f04d3d3ff6fa67e7837124e923aa7
SHA1 f4df3cdac275d30554dc084bb87ea73903aa128a
SHA256 511822e1f13698ff7a98a32b8b144fc7ecefff09cb28006a369f1e03fc5182c2
SHA512 95fc10562ebab43272d4412dd7cb7513ff4e9738d76cee00ed54ce32d8fde60000b5f2aebbe28abc455f5376d8aab57c99f3e42c7ac67a0707b9ea64ad48e678

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1c949237806cc042c08ae8f7c2e63585
SHA1 02b41d7d86be8a02f1ca8bb6442f862b403f971f
SHA256 9d80e264cd6a48ac0034fa9dac1d2577787c25ac5e8821cd35754980091e335b
SHA512 85ff438d423ce0c3c6c6e036a3588f51146b5a4d1a60e431b328d64a6d3658ce6c55ea294e92362c625006af76ae1a1cf330a84be404ea6741726c484d3abd50

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2d9adde9edab8cfe59b7b2bc0e9e1774
SHA1 f47b4efba4e93730534c1578e1e72ca1d1b5a32c
SHA256 045cf2298fbe7e2fa3b48ea1dbcb6fbdbeca0a666d0f85e6a69d2d805877fd1d
SHA512 a9717aa444bfc4d6f5c733bfc113b1a6eea0e2aa85cb9474b0ac09a53e677a996210b2e489447c7913f3a06b9ecd556c94df2c790c59339d883c25164cf22c95

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6f472ed930704a8781a0669420dba472
SHA1 4583b5f97bb36c7dc86b99dab406d491904a173f
SHA256 3950e3dbeeda776371c377057eaa726d3f37a8969357b5448454c148b909c200
SHA512 34944db60c17f37b310c5db956d5be9471c72ec34b614c399a136741509ba6a0c6c896a0ecec88fbebfc93631122ee8004e0737892aa0dc4abfba88fe29a2967

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 42f17784f4c859b8a2f1146095735eb6
SHA1 2a22f2286ab2143a3bb7909bcc44ec14b1817cf0
SHA256 b09411fbc8773a0778a7bf4d4da4cb23f7b5672317ffcaf271eb3bc7e097a5ac
SHA512 f15b10facb037774df91c2dca2b2e3b3670a906ab68856155ad240cecb89dd1d57ff25ddee11966419646d4c915b2159e35b1c557fabb8fbf37c40b244928cc2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7291a1e25dcccb66ce291919c2b88b62
SHA1 1118eae15795c9ddbbd67595486afd5a3aaef14a
SHA256 47b2241e5d6635504735b536286fa6b2ab06145a68e8dd612066dcb60e1c780c
SHA512 399e64cbd7d8ea3ee7bf8d482911511afab87e02ca4c3dc796b1c89b3fb15ee368319976faa209092c70c806b71348b73cd5735eda34ea1cc3a8cbb19dfdc84e

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-16 09:56

Reported

2024-06-16 10:27

Platform

win10-20240404-en

Max time kernel

1800s

Max time network

1591s

Command Line

"C:\Windows\system32\LaunchWinApp.exe" "https://gogle.com"

Signatures

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\Certificates C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IETld\LowMic C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DXFeatureLevel = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CacheLimit = "256000" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 1fe291bfd3bfda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\NextUpdateDate = "425373187" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\CRLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify = 0100000073cb58716bc87fa49d6d215d34aa68122370be944faa2a28d857cddb3c3b9fff1bcdabfe7063ef0d63bc1897113a7a48032caca4ac04829c72ab C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "268435456" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$vBulletin 3 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root\CRLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\Certificates C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Revision = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\EnablementState = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = ca190ea5d3bfda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root\Certificates C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\SyncIEFirstTimeFullScan = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\Certificates C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x1414\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\NextUpdateDate = "425302347" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active\{2410FD3F-581A-4011-BD48-F4C4CDA51CA7} = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = d58186a9d3bfda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BingPageData C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 0358cba4d3bfda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI\IsSignedIn = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\FileVersion = "2016061511" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$WordPress C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\TreeView = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{A8A88C49-5EB2-4990-A1A2-087602 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Extensible Cache C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\Next Rating Prompt = 80c6f4b4d4e0da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath\dummySetting = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\DynamicCodePolicy = 00000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\CTLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DXFeatureLevel = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Processes

C:\Windows\system32\LaunchWinApp.exe

"C:\Windows\system32\LaunchWinApp.exe" "https://gogle.com"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

Network

Country Destination Domain Proto
US 8.8.8.8:53 gogle.com udp
GB 142.250.200.36:443 gogle.com tcp
GB 142.250.200.36:443 gogle.com tcp
US 8.8.8.8:53 36.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 67.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 144.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
NL 23.62.61.97:443 www.bing.com tcp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 164.189.21.2.in-addr.arpa udp
US 8.8.8.8:53 233.189.21.2.in-addr.arpa udp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 95.16.208.104.in-addr.arpa udp
NL 52.142.223.178:80 tcp

Files

memory/4676-0-0x00000209C2B20000-0x00000209C2B30000-memory.dmp

memory/4676-16-0x00000209C2C20000-0x00000209C2C30000-memory.dmp

memory/4676-35-0x00000209C01C0000-0x00000209C01C2000-memory.dmp

memory/2300-42-0x000001E5E4A00000-0x000001E5E4B00000-memory.dmp

memory/1344-63-0x000001A580B00000-0x000001A580C00000-memory.dmp

memory/1344-61-0x000001A580B00000-0x000001A580C00000-memory.dmp

memory/1344-62-0x000001A580B00000-0x000001A580C00000-memory.dmp

memory/1344-72-0x000001A5914E0000-0x000001A5914E2000-memory.dmp

memory/1344-76-0x000001A5916C0000-0x000001A5916C2000-memory.dmp

memory/1344-74-0x000001A5916A0000-0x000001A5916A2000-memory.dmp

memory/1344-70-0x000001A5914C0000-0x000001A5914C2000-memory.dmp

memory/1344-68-0x000001A5914A0000-0x000001A5914A2000-memory.dmp

memory/1344-66-0x000001A591480000-0x000001A591482000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\L5P12AEX\edgecompatviewlist[1].xml

MD5 d4fc49dc14f63895d997fa4940f24378
SHA1 3efb1437a7c5e46034147cbbc8db017c69d02c31
SHA256 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1
SHA512 cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

memory/4676-95-0x00000209C9380000-0x00000209C9381000-memory.dmp

memory/4676-96-0x00000209C9390000-0x00000209C9391000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\NVYB3WZ7\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-16 09:56

Reported

2024-06-16 10:31

Platform

win10v2004-20240508-en

Max time kernel

1795s

Max time network

1800s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://gogle.com

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://gogle.com

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=3252,i,5711962389779687290,1245653010537220991,262144 --variations-seed-version --mojo-platform-channel-handle=4048 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=4116,i,5711962389779687290,1245653010537220991,262144 --variations-seed-version --mojo-platform-channel-handle=4608 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=5256,i,5711962389779687290,1245653010537220991,262144 --variations-seed-version --mojo-platform-channel-handle=5268 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5292,i,5711962389779687290,1245653010537220991,262144 --variations-seed-version --mojo-platform-channel-handle=5328 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5304,i,5711962389779687290,1245653010537220991,262144 --variations-seed-version --mojo-platform-channel-handle=5500 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=5260,i,5711962389779687290,1245653010537220991,262144 --variations-seed-version --mojo-platform-channel-handle=6800 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --field-trial-handle=5816,i,5711962389779687290,1245653010537220991,262144 --variations-seed-version --mojo-platform-channel-handle=4860 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --field-trial-handle=4396,i,5711962389779687290,1245653010537220991,262144 --variations-seed-version --mojo-platform-channel-handle=6840 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=5644,i,5711962389779687290,1245653010537220991,262144 --variations-seed-version --mojo-platform-channel-handle=5672 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --field-trial-handle=7048,i,5711962389779687290,1245653010537220991,262144 --variations-seed-version --mojo-platform-channel-handle=5844 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --field-trial-handle=5492,i,5711962389779687290,1245653010537220991,262144 --variations-seed-version --mojo-platform-channel-handle=5340 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=7060,i,5711962389779687290,1245653010537220991,262144 --variations-seed-version --mojo-platform-channel-handle=4880 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --field-trial-handle=5496,i,5711962389779687290,1245653010537220991,262144 --variations-seed-version --mojo-platform-channel-handle=5524 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=28 --field-trial-handle=6828,i,5711962389779687290,1245653010537220991,262144 --variations-seed-version --mojo-platform-channel-handle=3788 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 gogle.com udp
US 8.8.8.8:53 gogle.com udp
US 8.8.8.8:53 gogle.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 gogle.com udp
US 8.8.8.8:53 gogle.com udp
US 8.8.8.8:53 gogle.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 gogle.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 gogle.com udp
US 8.8.8.8:53 gogle.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 gogle.com udp
US 8.8.8.8:53 gogle.com udp
NL 52.142.223.178:80 tcp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 gogle.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 gogle.com udp
US 8.8.8.8:53 gogle.com udp
US 8.8.8.8:53 gogle.com udp
US 8.8.4.4:53 google.com udp
US 8.8.8.8:53 4.4.8.8.in-addr.arpa udp
US 8.8.8.8:53 gogle.com udp
US 8.8.8.8:53 gogle.com udp
US 8.8.8.8:53 gogle.com udp
US 8.8.8.8:53 gogle.com udp
US 8.8.8.8:53 gogle.com udp
US 8.8.8.8:53 gogle.com udp
US 8.8.8.8:53 gogle.com udp
US 8.8.8.8:53 gogle.com udp
US 8.8.8.8:53 gogle.com udp
US 8.8.8.8:53 gogle.com udp
US 8.8.8.8:53 gogle.com udp
US 8.8.8.8:53 gogle.com udp
US 8.8.8.8:53 gogle.com udp
US 8.8.8.8:53 178.223.142.52.in-addr.arpa udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 gogle.com udp
US 8.8.8.8:53 gogle.com udp
US 8.8.8.8:53 gogle.com udp
US 8.8.8.8:53 gogle.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 gogle.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 gogle.com udp
US 8.8.8.8:53 gogle.com udp
US 8.8.8.8:53 gogle.com udp
US 8.8.8.8:53 gogle.com udp
US 8.8.8.8:53 gogle.com udp
US 8.8.8.8:53 gogle.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 gogle.com udp
US 8.8.8.8:53 gogle.com udp
US 8.8.8.8:53 gogle.com udp
US 8.8.8.8:53 gogle.com udp
US 8.8.8.8:53 gogle.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 gogle.com udp
US 8.8.8.8:53 gogle.com udp
US 8.8.8.8:53 gogle.com udp
US 8.8.8.8:53 gogle.com udp
US 8.8.8.8:53 gogle.com udp
US 8.8.8.8:53 gogle.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 gogle.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 gogle.com udp
US 8.8.8.8:53 gogle.com udp
US 8.8.8.8:53 gogle.com udp
US 8.8.8.8:53 gogle.com udp
US 8.8.8.8:53 gogle.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 gogle.com udp
US 8.8.8.8:53 gogle.com udp
US 8.8.8.8:53 gogle.com udp
US 8.8.8.8:53 gogle.com udp
US 8.8.8.8:53 gogle.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 gogle.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 gogle.com udp
US 8.8.8.8:53 gogle.com udp
US 8.8.8.8:53 gogle.com udp
US 8.8.8.8:53 gogle.com udp
US 8.8.8.8:53 gogle.com udp
US 8.8.8.8:53 gogle.com udp
US 8.8.8.8:53 gogle.com udp
US 8.8.8.8:53 gogle.com udp
US 8.8.8.8:53 gogle.com udp
US 8.8.8.8:53 gogle.com udp
US 8.8.8.8:53 gogle.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 gogle.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 gogle.com udp
US 8.8.8.8:53 gogle.com udp
US 8.8.8.8:53 gogle.com udp
US 8.8.8.8:53 gogle.com udp
US 8.8.8.8:53 gogle.com udp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-16 09:56

Reported

2024-06-16 10:32

Platform

win11-20240508-en

Max time kernel

1745s

Max time network

1754s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://gogle.com

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4372 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4372 wrote to memory of 2124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4372 wrote to memory of 1504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4372 wrote to memory of 1504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4372 wrote to memory of 1504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4372 wrote to memory of 1504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4372 wrote to memory of 1504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4372 wrote to memory of 1504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4372 wrote to memory of 1504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4372 wrote to memory of 1504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4372 wrote to memory of 1504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4372 wrote to memory of 1504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4372 wrote to memory of 1504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4372 wrote to memory of 1504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4372 wrote to memory of 1504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4372 wrote to memory of 1504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4372 wrote to memory of 1504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4372 wrote to memory of 1504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4372 wrote to memory of 1504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4372 wrote to memory of 1504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4372 wrote to memory of 1504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4372 wrote to memory of 1504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4372 wrote to memory of 1504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4372 wrote to memory of 1504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4372 wrote to memory of 1504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4372 wrote to memory of 1504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4372 wrote to memory of 1504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4372 wrote to memory of 1504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4372 wrote to memory of 1504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4372 wrote to memory of 1504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4372 wrote to memory of 1504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4372 wrote to memory of 1504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4372 wrote to memory of 1504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4372 wrote to memory of 1504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4372 wrote to memory of 1504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4372 wrote to memory of 1504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4372 wrote to memory of 1504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4372 wrote to memory of 1504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4372 wrote to memory of 1504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4372 wrote to memory of 1504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4372 wrote to memory of 1504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4372 wrote to memory of 1504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4372 wrote to memory of 1784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4372 wrote to memory of 1784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4372 wrote to memory of 1644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4372 wrote to memory of 1644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4372 wrote to memory of 1644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4372 wrote to memory of 1644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4372 wrote to memory of 1644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4372 wrote to memory of 1644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4372 wrote to memory of 1644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4372 wrote to memory of 1644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4372 wrote to memory of 1644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4372 wrote to memory of 1644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4372 wrote to memory of 1644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4372 wrote to memory of 1644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4372 wrote to memory of 1644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4372 wrote to memory of 1644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4372 wrote to memory of 1644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4372 wrote to memory of 1644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4372 wrote to memory of 1644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4372 wrote to memory of 1644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4372 wrote to memory of 1644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4372 wrote to memory of 1644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://gogle.com

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff33123cb8,0x7fff33123cc8,0x7fff33123cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,6406421989039823800,17486491765484361914,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1880 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1888,6406421989039823800,17486491765484361914,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2504 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1888,6406421989039823800,17486491765484361914,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2524 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,6406421989039823800,17486491765484361914,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,6406421989039823800,17486491765484361914,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,6406421989039823800,17486491765484361914,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4220 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,6406421989039823800,17486491765484361914,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1888,6406421989039823800,17486491765484361914,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5284 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,6406421989039823800,17486491765484361914,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4588 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,6406421989039823800,17486491765484361914,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4564 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,6406421989039823800,17486491765484361914,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4780 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1888,6406421989039823800,17486491765484361914,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4472 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,6406421989039823800,17486491765484361914,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4036 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,6406421989039823800,17486491765484361914,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3720 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,6406421989039823800,17486491765484361914,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4236 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,6406421989039823800,17486491765484361914,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,6406421989039823800,17486491765484361914,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4160 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,6406421989039823800,17486491765484361914,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 gogle.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.4.4:53 google.com udp
US 8.8.8.8:53 gogle.com udp
US 8.8.8.8:53 4.4.8.8.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 gogle.com udp
US 8.8.8.8:53 gogle.com udp
IE 52.111.236.22:443 tcp
US 8.8.8.8:53 gogle.com udp
US 8.8.8.8:53 gogle.com udp
US 8.8.8.8:53 gogle.com udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f2eb94e31cadfb6eb07e6bbe61ef7ae
SHA1 3f42b0d5a90408689e7f7941f8db72a67d5a2eab
SHA256 d222c8e3b19cda2657629a486faf32962e016fc66561ce0d17010afdb283c9de
SHA512 9f7f84149885b851e0bf7173c540e466a2b2eb9907d8b608f60360933328cc75d9d1b63640ea4ecc1e64ecc5dd7ee74d82903f96a8b4418ca56296641a8c0703

\??\pipe\LOCAL\crashpad_4372_NHXEYIAXDYZKWLJD

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 d56e8f308a28ac4183257a7950ab5c89
SHA1 044969c58cef041a073c2d132fa66ccc1ee553fe
SHA256 0bc24451c65457abc1e4e340be2f8faceae6b6ec7768a21d44bcd14636543bae
SHA512 fd5798559f4025ec3408f5550b8671d394b1ec83b85fdac8c005b0cc3e183272bdd07db15a156a572c9c5e5798badf235dc10aae62a052efa8dd9dfdbdca8189

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5091ed99bf4b96820167e5b435c16bcd
SHA1 d2e92300932706acd2925955ab78fa1b373d9f53
SHA256 8d41b7e120d3ac5b3b96fc5529c2a7035e27fc35b9ef27af7bdc96b1e012ab60
SHA512 86fc5298b58adbac82f2f0e166fd5b28c6486eae8dd88a3e9e8d4b621d400258bf87de3759d9e8c991c915e6715f94f67bd525e6a3a7bd688f45d51820cb2980

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\42fd8c15-248f-43bd-ac1a-4c2aef0a47f9.tmp

MD5 4ab874db61453d75f17a1fa2189ff974
SHA1 429f568bc1c02a4f079fc2b8feb910a9a7ecf979
SHA256 cfbf765af591bf20307e19a91d50623fbfc3a6191736ba6407239882db127c9f
SHA512 3a51a34ad84b46f16169e2137205aae05202f07c2f21cb5f39e98608548999a16bed823e360695169fab6dd31252e2bf846ee40f92327c4690abb3ee366406a3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d3ab8a21cffa37a367a9aaa0b259df45
SHA1 07c1203262cd26e74f1c913f34e755559ea39002
SHA256 2ba8d25de7c92c86d7eb373ffb8312656e702e767008162a0fa055cd8ff5729e
SHA512 a00fefbad57dadd069c36624f93103ba8e3b2d9b8eb320f0ece724c4d7fe6e38b2262884ca11f9abf96d7c071e5f7c51dbc4e4d2cbe241a9b2aff415b99cd10f

Analysis: behavioral5

Detonation Overview

Submitted

2024-06-16 09:56

Reported

2024-06-16 10:33

Platform

android-33-x64-arm64-20240611.1-en

Max time kernel

36s

Max time network

1731s

Command Line

com.android.chrome

Signatures

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.android.chrome

Network

Country Destination Domain Proto
BE 142.251.168.188:5228 tcp
GB 142.250.179.228:443 tcp
N/A 224.0.0.251:5353 udp
GB 172.217.169.68:443 udp
GB 172.217.169.68:443 tcp
GB 142.250.180.10:443 udp
GB 142.250.180.10:443 tcp
GB 142.250.187.234:443 tcp
US 172.64.41.3:443 tcp
US 162.159.61.3:443 tcp
US 162.159.61.3:443 tcp
US 1.1.1.1:53 gogle.com udp
GB 142.250.179.228:443 gogle.com tcp
GB 142.250.179.228:443 gogle.com tcp
US 1.1.1.1:53 gmscompliance-pa.googleapis.com udp
GB 142.250.187.234:443 gmscompliance-pa.googleapis.com tcp
US 1.1.1.1:53 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
GB 142.250.179.228:443 gogle.com tcp
US 1.1.1.1:53 accounts.google.com udp
BE 74.125.133.84:443 accounts.google.com tcp
GB 142.250.179.228:443 gogle.com tcp
GB 142.250.179.228:443 gogle.com tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.200.36:443 www.google.com tcp
GB 172.217.16.228:443 www.google.com tcp
US 1.1.1.1:53 chrome.cloudflare-dns.com udp
US 1.1.1.1:53 chrome.cloudflare-dns.com udp
US 1.1.1.1:53 chrome.cloudflare-dns.com udp
US 172.64.41.3:443 chrome.cloudflare-dns.com tcp
US 172.64.41.3:443 chrome.cloudflare-dns.com tcp
US 162.159.61.3:443 chrome.cloudflare-dns.com tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 172.217.16.227:443 update.googleapis.com tcp
US 1.1.1.1:53 remoteprovisioning.googleapis.com udp
GB 142.250.178.10:443 remoteprovisioning.googleapis.com tcp
US 172.64.41.3:443 chrome.cloudflare-dns.com udp
GB 142.250.178.10:443 remoteprovisioning.googleapis.com tcp
GB 172.217.169.68:443 udp
GB 142.250.179.228:443 gogle.com udp
GB 142.250.179.228:443 gogle.com tcp
GB 142.250.179.228:443 gogle.com tcp
GB 216.58.201.104:443 tcp
GB 142.250.200.34:443 tcp
GB 142.250.200.34:443 tcp
GB 142.250.200.6:80 tcp
GB 142.250.200.6:443 tcp
GB 142.250.178.2:443 tcp
GB 142.250.187.238:443 tcp
GB 172.217.169.78:443 tcp
US 216.239.32.36:443 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.179.228:443 www.google.com udp
US 1.1.1.1:53 www.google.com udp
GB 142.250.179.228:443 www.google.com udp

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-06-16 09:56

Reported

2024-06-16 10:04

Platform

macos-20240611-en

Max time kernel

13s

Max time network

16s

Command Line

[sh -c sudo /bin/zsh -c "/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window https://gogle.com"]

Signatures

Resource Forking

evasion
Description Indicator Process Target
N/A "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Helpers/ksinstall" "--install=/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources/Keystone.tbz" N/A N/A
N/A /usr/bin/tar -Oxjf "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources/Keystone.tbz" GoogleSoftwareUpdate.bundle/Contents/Info.plist N/A N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window https://gogle.com"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window https://gogle.com"]

/usr/bin/sudo

[sudo /bin/zsh -c /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window https://gogle.com]

/bin/zsh

[/bin/zsh -c /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window https://gogle.com]

/Applications/Google Chrome.app/Contents/MacOS/Google Chrome

[/Applications/Google Chrome.app/Contents/MacOS/Google Chrome --simulate-outdated-no-au=Tue, 31 Dec 2099 --new-window https://gogle.com]

/usr/libexec/xpcproxy

[xpcproxy com.apple.GameController.gamecontrollerd]

/usr/libexec/gamecontrollerd

[/usr/libexec/gamecontrollerd]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/chrome_crashpad_handler

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/chrome_crashpad_handler --monitor-self-annotation=ptype=crashpad-handler --database=/var/root/Library/Application Support/Google/Chrome/Crashpad --metrics-dir=/var/root/Library/Application Support/Google/Chrome --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=OS X --annotation=prod=Chrome_Mac --annotation=ver=101.0.4951.54 --handshake-fd=5]

/usr/libexec/xpcproxy

[xpcproxy com.apple.siri.context.service]

/System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService

[/System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService]

/usr/bin/profiles

[/usr/bin/profiles status -type enrollment]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Helpers/ksinstall

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Helpers/ksinstall --install=/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources/Keystone.tbz]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/developer_id_certificate_reauthorize

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/developer_id_certificate_reauthorize com.google.Chrome]

/usr/bin/tar

[/usr/bin/tar -Oxjf /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources/Keystone.tbz GoogleSoftwareUpdate.bundle/Contents/Info.plist]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (GPU).app/Contents/MacOS/Google Chrome Helper (GPU)

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (GPU).app/Contents/MacOS/Google Chrome Helper (GPU) --type=gpu-process --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --gpu-preferences=UAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJgEAAAAAAAAmAQAAAAAAACIAQAAMAAAAIABAAAAAAAAiAEAAAAAAACQAQAAAAAAAJgBAAAAAAAAoAEAAAAAAACoAQAAAAAAALABAAAAAAAAuAEAAAAAAADAAQAAAAAAAMgBAAAAAAAA0AEAAAAAAADYAQAAAAAAAOABAAAAAAAA6AEAAAAAAADwAQAAAAAAAPgBAAAAAAAAAAIAAAAAAAAIAgAAAAAAABACAAAAAAAAGAIAAAAAAAAgAgAAAAAAACgCAAAAAAAAMAIAAAAAAAA4AgAAAAAAAEACAAAAAAAASAIAAAAAAABQAgAAAAAAAFgCAAAAAAAAYAIAAAAAAABoAgAAAAAAAHACAAAAAAAAeAIAAAAAAACAAgAAAAAAAIgCAAAAAAAAkAIAAAAAAACYAgAAAAAAAKACAAAAAAAAqAIAAAAAAACwAgAAAAAAALgCAAAAAAAAwAIAAAAAAADIAgAAAAAAANACAAAAAAAA2AIAAAAAAADgAgAAAAAAAOgCAAAAAAAA8AIAAAAAAAD4AgAAAAAAABAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAHAAAAEAAAAAAAAAAAAAAACAAAABAAAAAAAAAAAAAAAAkAAAAQAAAAAAAAAAAAAAALAAAAEAAAAAAAAAAAAAAADAAAABAAAAAAAAAAAAAAAA4AAAAQAAAAAAAAAAAAAAAPAAAAEAAAAAAAAAABAAAAAAAAABAAAAAAAAAAAQAAAAcAAAAQAAAAAAAAAAEAAAAIAAAAEAAAAAAAAAABAAAACQAAABAAAAAAAAAAAQAAAAsAAAAQAAAAAAAAAAEAAAAMAAAAEAAAAAAAAAABAAAADgAAABAAAAAAAAAAAQAAAA8AAAAQAAAAAAAAAAQAAAAAAAAAEAAAAAAAAAAEAAAABwAAABAAAAAAAAAABAAAAAgAAAAQAAAAAAAAAAQAAAAJAAAAEAAAAAAAAAAEAAAACwAAABAAAAAAAAAABAAAAAwAAAAQAAAAAAAAAAQAAAAOAAAAEAAAAAAAAAAEAAAADwAAABAAAAAAAAAABwAAAAAAAAAQAAAAAAAAAAcAAAAHAAAAEAAAAAAAAAAHAAAACAAAABAAAAAAAAAABwAAAAkAAAAQAAAAAAAAAAcAAAALAAAAEAAAAAAAAAAHAAAADAAAABAAAAAAAAAABwAAAA4AAAAQAAAAAAAAAAcAAAAPAAAAEAAAAAAAAAAIAAAAAAAAABAAAAAAAAAACAAAAAcAAAAQAAAAAAAAAAgAAAAIAAAAEAAAAAAAAAAIAAAACQAAABAAAAAAAAAACAAAAAsAAAAQAAAAAAAAAAgAAAAMAAAAEAAAAAAAAAAIAAAADgAAABAAAAAAAAAACAAAAA8AAAAQAAAAAAAAAAoAAAAAAAAAEAAAAAAAAAAKAAAABwAAABAAAAAAAAAACgAAAAgAAAAQAAAAAAAAAAoAAAAJAAAAEAAAAAAAAAAKAAAACwAAABAAAAAAAAAACgAAAAwAAAAQAAAAAAAAAAoAAAAOAAAAEAAAAAAAAAAKAAAADwAAAAgAAAAAAAAACAAAAAAAAAA= --shared-files --field-trial-handle=1718379636,r,17151000283777166386,14916945265796321449,131072 --seatbelt-client=21]

/usr/libexec/xpcproxy

[xpcproxy com.apple.CoreLocationAgent]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=network --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,17151000283777166386,14916945265796321449,131072 --seatbelt-client=21]

/System/Library/CoreServices/CoreLocationAgent.app/Contents/MacOS/CoreLocationAgent

[/System/Library/CoreServices/CoreLocationAgent.app/Contents/MacOS/CoreLocationAgent]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,17151000283777166386,14916945265796321449,131072 --seatbelt-client=21]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Alerts).app/Contents/MacOS/Google Chrome Helper (Alerts)

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Alerts).app/Contents/MacOS/Google Chrome Helper (Alerts) --type=utility --utility-sub-type=mac_notifications.mojom.MacNotificationProvider --lang=en-GB --service-sandbox-type=none --message-loop-type-ui --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,17151000283777166386,14916945265796321449,131072]

/usr/libexec/xpcproxy

[xpcproxy com.apple.nehelper]

/usr/libexec/xpcproxy

[xpcproxy com.apple.ViewBridgeAuxiliary]

/System/Library/PrivateFrameworks/ViewBridge.framework/Versions/A/XPCServices/ViewBridgeAuxiliary.xpc/Contents/MacOS/ViewBridgeAuxiliary

[/System/Library/PrivateFrameworks/ViewBridge.framework/Versions/A/XPCServices/ViewBridgeAuxiliary.xpc/Contents/MacOS/ViewBridgeAuxiliary]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=7 --launch-time-ticks=290048634 --shared-files --field-trial-handle=1718379636,r,17151000283777166386,14916945265796321449,131072 --seatbelt-client=56]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=6 --launch-time-ticks=290245331 --shared-files --field-trial-handle=1718379636,r,17151000283777166386,14916945265796321449,131072 --seatbelt-client=56]

/usr/libexec/xpcproxy

[xpcproxy com.apple.pbs]

/System/Library/CoreServices/pbs

[/System/Library/CoreServices/pbs]

/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksadmin

[/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksadmin --productid com.google.Chrome --print-tickets --store /Library/Google/GoogleSoftwareUpdate/TicketStore/Keystone.ticketstore]

/usr/libexec/xpcproxy

[xpcproxy com.apple.SafariLaunchAgent]

/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent

[/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent]

/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksadmin

[/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksadmin -P com.google.Chrome --delete --user-store]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --extension-process --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=8 --launch-time-ticks=292920498 --shared-files --field-trial-handle=1718379636,r,17151000283777166386,14916945265796321449,131072 --seatbelt-client=74]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --extension-process --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=12 --launch-time-ticks=292936953 --shared-files --field-trial-handle=1718379636,r,17151000283777166386,14916945265796321449,131072 --seatbelt-client=77]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --extension-process --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=10 --launch-time-ticks=293369015 --shared-files --field-trial-handle=1718379636,r,17151000283777166386,14916945265796321449,131072 --seatbelt-client=66]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --extension-process --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=11 --launch-time-ticks=293805740 --shared-files --field-trial-handle=1718379636,r,17151000283777166386,14916945265796321449,131072 --seatbelt-client=70]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,17151000283777166386,14916945265796321449,131072 --seatbelt-client=84]

Network

Country Destination Domain Proto
GB 51.132.193.104:443 tcp
GB 17.250.81.67:443 tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 gogle.com udp
GB 142.250.200.36:443 gogle.com tcp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.187.206:443 clients2.google.com tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp

Files

/tmp/com.google.Keystone/.keystone_system_install_lock

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/Users/run/Library/Keychains/login.keychain-db

MD5 ee7d7793ee4fb40525579746dd1f9be2
SHA1 e9dd8fbff3eb4fe5555c10af6e472be1ab5629ca
SHA256 1ae43d125847d9afdfcf1deafb1745d7e3550f216812da3af3dd476c2a0257a6
SHA512 612ec84a6a03aaf4594aed006b97ee1483bfb100e57e65716b5d02725fbc561a53034efe756fa2c9f7d7ee5ba50e4124a8dfbc619f5219da64afcd6ef425150e

/Users/run/Library/Keychains/login.keychain-db

MD5 5a00d420b86df81697eb7548491d16d1
SHA1 4b522af08e87846e0f84fc7df763f0b18c2cdc19
SHA256 f5f4d154ccc42deb8cd4c0b6e33120cb8151cac97044b6a196702f9480c5f5f4
SHA512 84eb64f6eb811fc56e07011990d94ca873575c3bb9b51545e205af6654f67216412fc3ad6ab977aa83516435ac9f605db60f1c9654900c31d271c8dc10c08b1c

/Users/run/Library/Keychains/login.keychain-db

MD5 632bf84485f82e1456b9ee79a56ad01e
SHA1 869137404a133dc077e2a1319d8f7b67a28eacf0
SHA256 ad4462e1a89afdbbbff90a4361e0f86264c6abbebed4ff902d70bd6e2f578d5c
SHA512 99fd0941894a31c943b04ff6fdfe178a46d2ba76bc33dac7bcd9e8fea43333a410498a301443b0d25e349e4ba40887747e59d60ebaeee9616882163c1f32fc08

/Users/run/Library/Keychains/login.keychain-db

MD5 9e0c15075f2b833e6204d736fcedfad5
SHA1 92705adb77602dfcac64cbd3888dbb9dc3bfe063
SHA256 fbe9a237a358a13960c41804e87ab630101e02be95036b00c9b6f7dcfb87a0b8
SHA512 9dda6f79ecf51ad46f7645b07703c7c89b814af0099dbcb7165ca17111f4269235fd62c8354708fb7df2dca47429591f3cf00c1eeb5c4c48ecc7a9c75bb805d3

/Users/run/Library/Keychains/login.keychain-db

MD5 847a5b7e1072bafa045911cc1c6a9357
SHA1 2f515270b5ebdedf5c74c7d3e902eccce78071ce
SHA256 1798b3102326740752da0395a92923ed9dc90e0165dedfdb628b43369b2f55c2
SHA512 36def6376f2ff4165a1d26472693a30bc248409d9534362c9615f770f426b27e4cab641ce7f906a88d1ee0fbd9c238464fd22d692699e176a7a4f5fbddbb60a4

/var/root/Library/Application Support/Google/Chrome/Crashpad/settings.dat

MD5 c6db1caaee0095f017c09113d53ed054
SHA1 cc37e2b3948325a0eeb51080f45b17ebf52a7035
SHA256 ca3252b297284a87de2ee1688585f7c37d26b98c05d7ed04bd7d6df10c0d1476
SHA512 3013340ee4157dfef7dcacd690b840f12b876e8241d4e8bc419016d5336810ab77023cdbbeaa896544e4c29f386d21296649542ef2b0fc6b58c49e2ad0337d85

/Users/run/Library/Keychains/login.keychain-db

MD5 340ea0e1aaf7f7d59489273da32614c6
SHA1 a5650186bc3b8d2db9fe6db1cc3b84868cf8847e
SHA256 2ec70ff4985879811f27581d30ed8658fdc999a19777d1cb8e76829d12e7cea7
SHA512 148ce472da0f9789f906fe99ac66654a5e4f61ce179108efad10038b1d6a6fc964a4ce2d60eeff45031487e7af4e7ad9763eaedfdab1757b988ecc320833e8ef

/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C//mds/mdsObject.db

MD5 d3a1859e6ec593505cc882e6def48fc8
SHA1 f8e6728e3e9de477a75706faa95cead9ce13cb32
SHA256 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c
SHA512 ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C//mds/mdsDirectory.db

MD5 0e4a0d1ceb2af6f0f8d0167ce77be2d3
SHA1 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c
SHA256 cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030
SHA512 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

/var/root/Library/Application Support/Google/Chrome/Default/Site Characteristics Database/000003.ldb

MD5 5c4e7ade5753ab7de2c42c04111fa42e
SHA1 fb577b8c07d9617f507a3f2950df0a6dcfebe4e2
SHA256 d3979fd2d9ecfdb05498d79d1f24998c38cfd107e321f6810d8b7f9f12affd82
SHA512 7a7452bcd22e66190e36ff0036f21d854fa57bdcbaebf637aa3a6d932a385a7c90525ede0c124853c218445d583c0edcf45d12159ca452732f31d16c3901929b

/var/root/Library/Application Support/Google/Chrome/Default/Sync Data/LevelDB/000003.ldb

MD5 fe382e791274914bee5950777e4f1fd3
SHA1 53b523b5fc87e66f2520a0b5f9ea080072668f4d
SHA256 935d36c021d0e08a5648c622f3f6fde376e3310013680ae598c0e22dc943d132
SHA512 a5f608fb4f0a1dbc4c5d1b739b1a5b6f50cac1d6a61312b19abf9f601882a291d73524ac55bbe183e4e64db8dcc203d4bf3cedc734fd04bd448cb825d98d1e67

/var/root/Library/Application Support/Google/Chrome/Default/Extension Scripts/CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

/var/root/Library/Application Support/Google/Chrome/Default/Extension Scripts/MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

/var/root/Library/Application Support/Google/Chrome/Default/Session Storage/000003.ldb

MD5 38fc535a8f11d7e955ef58cc63158eff
SHA1 c45ad3ee106dbfb65dce7c09b53140f34454cd0e
SHA256 085c44dfa11e65ac3548c4d0fe1ae641570f90c7caaa2881c3990efcf555e6a8
SHA512 26e70000f77c1b6388dd470f9d7ec6bedc4fc3c43e48efcc853812eb076108bcdd9f50f7a89265e431d33df96e71755ca242dfd0aac16a51d99dea50a5a1e505