Analysis Overview
SHA256
7b42fb5060cac55b4ad023230b0c1c4af36d0136d90a5bc3adaa63af10615175
Threat Level: Known bad
The file 2f0866f12f8f456ad4eaeac60b3bc62d_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
SocGholish
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Modifies Internet Explorer settings
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-10 12:12
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-10 12:12
Reported
2024-05-10 12:14
Platform
win7-20240221-en
Max time kernel
146s
Max time network
156s
Command Line
Signatures
SocGholish
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8DB03E91-0EC6-11EF-9667-569FD5A164C1} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000112dd71d930ff24b8b2b71a2c228122b000000000200000000001066000000010000200000006b798cbabd403e8bc447c5f629e94797cb9f052c247f94adfa89b2d3ff696ac9000000000e80000000020000200000001968e8a7c2cac0524d5e5a7dbd42d1070f32cdd9bc6a2b3c6e680a8638620047200000003360516957734b9346374515329d07a7f7aae65c2fe6f32d55bce4e3eb6ac2a54000000093976ef5d3b57498a029c07d85a9de01d33c9605b9d413ca19ce84f7e69d1e39c75c21f095037bb095276bd5d495a477277c95bbdb3cd283fb08fb7bfcd0d004 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0e6b667d3a2da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421505011" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000112dd71d930ff24b8b2b71a2c228122b00000000020000000000106600000001000020000000b7e1443295c02cf9f5786339df6f5c3a5b33b04a8c311fda5df64999f1325154000000000e8000000002000020000000905c35589e44ac839ecaf1bcc32f2da2e8fd50e8c35ddf29e9aa8f9965808ace90000000efb4bf8a237488770ed0f25d7bc75d6b3b6bc75f8d7a78c9397ceca96fe04d122ff8cff9abca5bc0ea9de7d480289bb865317ed24db092103d7e1bf1464208466c92f8d2b44543952eb690e57ea5b1e883d01d7179ecebd9002370e0bafa368800d13cc98bccee91671543473d0fc8b215ecdce0467ba7bfd7852e7513908e26e3be87ded7591abadcbdc33fa3dc671940000000522f7c3ca20ee25d551c7953c584ffb9854a7bb544686d6c7b0c610ef8c58c7db49394fc5b9180ed1e81cead748f081d3099a3722fc39d19f444f66fd355b7e9 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2344 wrote to memory of 2932 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2344 wrote to memory of 2932 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2344 wrote to memory of 2932 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2344 wrote to memory of 2932 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\2f0866f12f8f456ad4eaeac60b3bc62d_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2344 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| GB | 142.250.200.9:443 | www.blogger.com | tcp |
| GB | 142.250.200.9:443 | www.blogger.com | tcp |
| GB | 142.250.200.9:443 | www.blogger.com | tcp |
| US | 8.8.8.8:53 | www.potter.web.id | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | g.imagehost.org | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| SG | 172.105.122.89:80 | www.potter.web.id | tcp |
| SG | 172.105.122.89:80 | www.potter.web.id | tcp |
| GB | 216.58.201.110:443 | apis.google.com | tcp |
| GB | 216.58.201.110:443 | apis.google.com | tcp |
| GB | 142.250.200.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.200.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.187.225:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 3.bp.blogspot.com | tcp |
| NL | 172.233.44.120:80 | g.imagehost.org | tcp |
| NL | 172.233.44.120:80 | g.imagehost.org | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| GB | 216.58.201.110:80 | apis.google.com | tcp |
| US | 8.8.8.8:53 | kumpulblogger.com | udp |
| US | 8.8.8.8:53 | static.ak.fbcdn.net | udp |
| US | 8.8.8.8:53 | tweetmeme.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| GB | 163.70.151.21:80 | connect.facebook.net | tcp |
| GB | 163.70.151.21:80 | connect.facebook.net | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| US | 69.195.73.201:80 | kumpulblogger.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 69.195.73.201:80 | kumpulblogger.com | tcp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | www.blogblog.com | udp |
| GB | 142.250.200.9:80 | www.blogblog.com | tcp |
| GB | 142.250.200.9:80 | www.blogblog.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | cd16131ce2c1bd74ed30b4747bcb7c59 |
| SHA1 | 70a2b7130dd4fc000aebf1c45f3028d64092a347 |
| SHA256 | 92bb3e78de6c380eecf463fd574337450f9903401694528137b5be197928bfdd |
| SHA512 | 85e9be0e76c278c285183eec878c2dc850690035fed5d37c111b85ec0f81cafe279152fd43e103e67a9c8f07b9aa4c8cc8cf19c225683285612fc8bf5aa12d1a |
C:\Users\Admin\AppData\Local\Temp\CabA3ED.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 62746c9cb3839f4def1f7a67721a5b5d |
| SHA1 | 432b021fb575767d4a0392626445e5b2b1c172c8 |
| SHA256 | 5f8e55ab5d9e2aff579876961e9f267af958ef9f2d000b241d8b8cff503d7120 |
| SHA512 | 7bf29fa9462b689a1cca81ef62313fd9292f24288a51ef876947f5c5011a529e1fb2001285b04475076d2de278ab575c0fa77f2e6636c551f07b34effda1da49 |
C:\Users\Admin\AppData\Local\Temp\TarB0BE.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\TarB40E.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L9PN2QMY\plusone[1].js
| MD5 | fb86282646c76d835cd2e6c49b8625f7 |
| SHA1 | d1b33142b0ce10c3e883e4799dcb0a2f9ddaa3d0 |
| SHA256 | 638374c6c6251af66fe3f5018eb3ff62b47df830a0137afb51e36ac3279d8109 |
| SHA512 | 07dff3229f08df2d213f24f62a4610f2736b3d1092599b8fc27602330aafbb5bd1cd9039ffee7f76958f4b75796bb75dd7cd483eaa278c9902e712c256a9b7b9 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5DKX8QD5\all[1].js
| MD5 | 1dfe1f4cf5a73cf4d47684f22a2bae57 |
| SHA1 | 60b3901c0f35462bb88ef28983a327878dff5bc6 |
| SHA256 | 54f19d0ac2d754a6d2cbb941844ff9ee8d9c1abce7c931888d29d3c1f11d07b2 |
| SHA512 | 10d6abfa9c1bfa34934888ff62bdb3b6a9ef6b1bc863116366b887c688f2cfe7bd2d72eb757dcb6c157310adb2d61d8d701d1da34b292fddd1abd0c4ed8de706 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3b6d5bc103f3ccd961bb2bbe4216021d |
| SHA1 | a026a31b7b828995c6a615c401a2fec9814da0ca |
| SHA256 | 89887174f65c9b5cbb3b06d5a57150a5fba322eb2831067a207bb2306a7c39a8 |
| SHA512 | 481b570c37c0828dc23ad24ba0bcfe860aa62897fa87e8891cfca6c59b5bde509e164f13b02450a0e5ea45bbaca3cf8fbfcbaee1610ac89c8422e90404742d6e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2213ee535281125318441171166f9446 |
| SHA1 | a55f78e8da93f7e285fa79550a98afa1b24e5f3b |
| SHA256 | bed3864c1ec4d7649386c0de5006f94e45840fae3180e6192528d06812438a0d |
| SHA512 | 560ca4afdb4bc5750daf253179fe604e869a3043eb14d4bcbef4b4b83d7d1672022734e49efbbdfa031102884c6356ffede65be24ea0e28814e63bf203ba9f72 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 70be3043fa94e09cbc6eb1251b8c2cfb |
| SHA1 | 9283c965e3780f5cae0b2fd68d314eaf61b86688 |
| SHA256 | 8170d1cf9dec41312dc813ba6641b05e69838fff3e9a3e16447a6f45e9988919 |
| SHA512 | f72ae38e9867982afd5d81a56374e825598b46a3377ccd614e6328e89fc3434533fbe6b568323c29652759814248890688651cb064247e4b38d524ff2c158416 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9fd148549ce08e7a80eabc7627631e06 |
| SHA1 | 1f0015c27f5e93a49c7a32f53abad55e3c6e40fb |
| SHA256 | eeec470f84854a1bccd3a092547eca8c541fbef5edf163d88da7d9328f9884ff |
| SHA512 | 49d65a2a4c8d4e42ed9eb2443432a75fb6f235d01d102db34f67a4c6b233ade64f65106ac3d5626fba1c3c5bcfdb26f778f6dfad93a545a2ee3fab6d6b59c574 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 364d27b9ea2cdfb91380937e62044ddb |
| SHA1 | 6d4c62664bcaaab6201b81ac753c16284dd9df0b |
| SHA256 | a7416c324bc7663d2db115ff130de946c7861f1b2a45af356c1f6b832e85748b |
| SHA512 | cc03c6407d34e7b6e1db13ad7d48e89d2dc764f1dd61cb6f343a6dfc8050e9511228d42f947813c6571bb81d50ddd6c6b65df602c5897d14942f66bb8ffe82b0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8c81edd62a7e7a78ccc38293e9fca579 |
| SHA1 | 4b93035835bcd3873180484e0f2d4fb412cc9814 |
| SHA256 | 5e039d0ed7de4597c68491aad8f7dce20e56503a5b6bc4ee740ef9decfa0bf15 |
| SHA512 | e2726783e937f3d59452ec1a6a0029e14a2868647b45b6131ad211b3c05ae38865d51726a16d9ed1507b333b2b0748b622ce30c02e8afabc3a6aae40bd37fa4c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 818cf8ccfb9fff7f269c91d6daf0a1d2 |
| SHA1 | 4306f276c06dd2b774212e26d7a1cc24c8152055 |
| SHA256 | 219ce496b85a8130d717095d8c93b6ddceb884f905f59cf6696bb93dedfbed85 |
| SHA512 | e579e72a97f0c13d7b5a2d01bafc5b0b3072be86b7915c43d72dd94b734a3f3bfc9918513a7fc43ccb379c9a090970900e27e5523c2d8d8633cf42f7479d68a4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fb9cbcc10133958559fb741cd77cb9ee |
| SHA1 | 563aaaeb600715c0fac2886753b45d46da055c4e |
| SHA256 | 8b223ab699711f0672a11e7ed76e05323553e0e3e8a94624928c8e822e548165 |
| SHA512 | a999dbdc1b30f51ab636e8e98f28cbe868305c0d9d7b420ad73815382f66e5adeb71602a19c4272cf6858f42eb4782361b9bc67c3c0b3f7493eaf92ce274410a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0352615e3a9a9c921643b7302da8e7d8 |
| SHA1 | 031df715387d589d4c5b7730737bdbb466119320 |
| SHA256 | a9d32014d826fec6b70e231dde1f3521a2cd75e80065b30584090cab4b385430 |
| SHA512 | 3ec94d62130e265564001a3be50211b467dcea5f9488690f1b411fbdaa012c035aa777c8d43de114fda4b743dcdca2a46ad280ab14ddacee91ad19112ae26ccd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | f030e73f1dbd9abb06f630055164a03c |
| SHA1 | 7db64bb7f5f2acc30ae408fdbc0e23549f605842 |
| SHA256 | cd7c6d5c608a6392aa22a6978ea48fb54b5ec3e20fd747d4b01242c34f887594 |
| SHA512 | a0d93b73db4632717fbfcdedcaff874cf5b1e749e3191d0d15e029333afdd155ae65f1d78fcbe9874606cf22b3de5f2944a2756f2d5f4269067757a1836ee1ad |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 24481f429b08d688b7c7430e5222e632 |
| SHA1 | a20adbe63b6d7594274c145fa920f93d746e0ce5 |
| SHA256 | 83697fc16b0333cb04b02cf6d38aa25f44df3b7704d318ff007ac58be8dc6505 |
| SHA512 | 115094b0959c921f2cff021c2a762a9be961307ac3b06206fe0f037aaa16ae481a46c809441cf725a3e2cfc51a749730b43619d9d05b383077c1790932f1c639 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3e0b1785ce6c51d2f17783cfa91a2b4b |
| SHA1 | 6f3ef6fea1aa6f25c523de5514234b47fd514b0a |
| SHA256 | b163d9780cbc027ab29cbf13fb0abaa45e982f887320a0b9603db43304674bfd |
| SHA512 | 9910596c58290a37b9ddb21bc13e1901fd7e9ce4ea151c4715a8a28f8a414a407f4445c6bbe95c60b00daa25b64e8116291c25f58ded3724aee12d1496c5926e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 08fcec2c2e94217fd3eb0439205ab982 |
| SHA1 | ec0414996dce5e3a5ae1b0bdefdb11da7256a7ec |
| SHA256 | 8ae1ae6bef43e4db6795b1dd45928a62157ee9805984a678707fdac3285e4e1e |
| SHA512 | 9b7bf48de60b9bbf7ddf09baceee02daa18088afb57c0687b5518e5a807c84c15d2ab05a162dfc5c45f660adee67b15cb361f0ccbd191ec2df6aff8fd4669cd4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 97621a68f2b0ecb2c74e0b95b11f8124 |
| SHA1 | 82e12f2b9b8b69bf0a89f0cb436fc8996bde182e |
| SHA256 | e5e97ad6fad3c00a8b736773d1183afcee68bf476ae140244af1d71b1bdb0b03 |
| SHA512 | 4ce46b25cc2bf9546d1dfbcccfb13637e17abac333cf34a26e989363f298541c53fc37431cd587ec5d90b4874065934cb02befec833babb26d302574011220a7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4b65fe67deef2537f6056c08797d88f9 |
| SHA1 | 4efeefb2123b0787f136941a8b4c97caa2b41167 |
| SHA256 | d09ad6832bf7e7ae0e370c86205f25ae31bdfd6e894f53770d3107c00607d4d1 |
| SHA512 | 7f896a6b64a6e0d53037f5b37a6c66f954e4619e89faf61cda3bbe17fa8eb0dc954ff03eb10280bbf33d0c250d5adc6d3772c627e83c0200711f759042ddde04 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8324885721010463e5c2f197de78668d |
| SHA1 | 1bd8bd9bd94142a4e110cebad938f67aa4d740ae |
| SHA256 | c360b73bb9d5f3724613a72d3754ae3ebd1ff58add727aea5526ec7ed692ace8 |
| SHA512 | 71cad096f1a44703dc67c8ecf97acb061e843d1ccf1fd6b2c33201582ba7435113bfe655db5ab633c1790428fc4e96c451f5fa68108c8d8fd1f0972194edeb91 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bc4ee30f1a6edb7094915d4b3889f53c |
| SHA1 | fdf148f637c317a221d3442f47c7667eec6f3352 |
| SHA256 | 431e5fa0a0124c5dcf05ade1a7a96066f6a83d1246b9d7ccc04e4c466a31a245 |
| SHA512 | b3b2d9d68f9c808b5c6432fb6fc77875cb716bc979d76ed32e83a24e336ba985a5fa00f383009539090590f6e9c1c146a193889b21cef3d3223bc98eeb9f9f6a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 2150287b1f702c2c0aa2ec3047ab812a |
| SHA1 | 38523b2a813a83f6a614c4eb31561310747f0c87 |
| SHA256 | 5e7098150b113b2c694c0997f1a49b99e16627e086980d68d5b437313bbf35f9 |
| SHA512 | 571d498547354f0fede8fcf9234895e0eb30bb39d43df8230091a4f968eb561a639a52dd696a8934f3ac9969ebc3b9cbcdbde370edbd990bd5cd4831adad9077 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 262cafde6e27fceac998c425fff02f95 |
| SHA1 | 66d5af52502c0700a38774cbcf120f5bf1a5d591 |
| SHA256 | ba501af97d10c45782a37851059e6ed99bb62ce233accacfad97806f49a6b355 |
| SHA512 | 65483d7daf5e4a2526e06d81046cb659381323eadfeee6b1a9b2459aca91544032fac5866d0b73916a95fbf7d071c9a2f3334218da2e9e796906c655b94378d6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ad887452ad833e64f90a3e41176a01d5 |
| SHA1 | 933e7240400b3b4cfe70f430307584f55043f8e9 |
| SHA256 | 5c12d4980929ab3e9facbe64a2e4f7548f8d2f3cddd2dc8efe9eae0ca80535f2 |
| SHA512 | a1d4f418a66152a47757aa7ef9639903123dcffc9731fc931c7dad45b418539d9ef49e4e4a18af315b72a243f2f02a1ad73ebf8255e70b1a8fdf9f172aa675ee |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 910e39804e6dfda09db636b5c5af409d |
| SHA1 | 3f6f1f65d79590c53f8cf999186f24a44fcaf744 |
| SHA256 | 256901d0952b02a878386bacc93a32f152f74bb71fc079b04520d4655b1cd397 |
| SHA512 | ac4d6139dda0d3637beb2ce8863d95bb36c9c67b31c578e31682ab0ee90f4701dd78249a362905ceedb604c241d454d6d490875c92940c3f4104b2df934afc11 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-10 12:12
Reported
2024-05-10 12:14
Platform
win10v2004-20240508-en
Max time kernel
149s
Max time network
151s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2f0866f12f8f456ad4eaeac60b3bc62d_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff85d2746f8,0x7ff85d274708,0x7ff85d274718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,4006285175429299395,16506772056766891047,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,4006285175429299395,16506772056766891047,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,4006285175429299395,16506772056766891047,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2648 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4006285175429299395,16506772056766891047,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4006285175429299395,16506772056766891047,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4006285175429299395,16506772056766891047,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4006285175429299395,16506772056766891047,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4006285175429299395,16506772056766891047,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4006285175429299395,16506772056766891047,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4006285175429299395,16506772056766891047,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,4006285175429299395,16506772056766891047,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6228 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,4006285175429299395,16506772056766891047,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6228 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4006285175429299395,16506772056766891047,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4006285175429299395,16506772056766891047,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4006285175429299395,16506772056766891047,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4006285175429299395,16506772056766891047,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,4006285175429299395,16506772056766891047,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5436 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.potter.web.id | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.200.9:443 | www.blogger.com | tcp |
| GB | 142.250.200.9:443 | www.blogger.com | tcp |
| GB | 216.58.201.110:443 | apis.google.com | tcp |
| GB | 142.250.178.4:445 | www.google.com | tcp |
| SG | 172.105.122.89:80 | www.potter.web.id | tcp |
| US | 8.8.8.8:53 | kumpulblogger.com | udp |
| US | 69.195.73.201:80 | kumpulblogger.com | tcp |
| US | 8.8.8.8:53 | 136.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| SG | 172.105.122.89:80 | www.potter.web.id | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| GB | 163.70.151.21:80 | connect.facebook.net | tcp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | static.ak.fbcdn.net | udp |
| US | 8.8.8.8:53 | tweetmeme.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| GB | 216.58.201.110:80 | apis.google.com | tcp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 8.8.8.8:53 | 201.73.195.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.122.105.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| GB | 142.250.200.9:443 | www.blogger.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| GB | 142.250.200.9:443 | resources.blogblog.com | tcp |
| US | 8.8.8.8:53 | g.imagehost.org | udp |
| NL | 172.233.44.120:80 | g.imagehost.org | tcp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| GB | 142.250.187.225:80 | 2.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| GB | 142.250.187.225:80 | 4.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| GB | 142.250.187.225:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 3.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | 30.179.139.118.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.44.233.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.187.250.142.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 216.58.201.110:443 | apis.google.com | udp |
| GB | 142.250.179.226:445 | pagead2.googlesyndication.com | tcp |
| US | 69.195.73.201:80 | kumpulblogger.com | tcp |
| US | 8.8.8.8:53 | www.blogblog.com | udp |
| GB | 142.250.200.9:80 | www.blogblog.com | tcp |
| GB | 142.250.200.9:80 | www.blogblog.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| GB | 142.250.200.9:443 | www.blogblog.com | udp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| GB | 172.217.16.226:139 | pagead2.googlesyndication.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| GB | 216.58.212.238:80 | developers.google.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| IE | 209.85.203.84:443 | accounts.google.com | tcp |
| GB | 216.58.212.238:443 | developers.google.com | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 142.250.179.227:443 | ssl.gstatic.com | tcp |
| US | 8.8.8.8:53 | 35.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.203.85.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tercopy.blogspot.fr | udp |
| GB | 216.58.201.97:80 | tercopy.blogspot.fr | tcp |
| GB | 216.58.212.238:443 | developers.google.com | udp |
| US | 8.8.8.8:53 | tercopy.blogspot.com | udp |
| GB | 216.58.201.97:80 | tercopy.blogspot.com | tcp |
| US | 8.8.8.8:53 | 97.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| IE | 209.85.203.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| IE | 209.85.203.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 175.117.168.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | eaa3db555ab5bc0cb364826204aad3f0 |
| SHA1 | a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca |
| SHA256 | ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b |
| SHA512 | e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4 |
\??\pipe\LOCAL\crashpad_840_XDMJXTWXSVCMQVCQ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4b4f91fa1b362ba5341ecb2836438dea |
| SHA1 | 9561f5aabed742404d455da735259a2c6781fa07 |
| SHA256 | d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c |
| SHA512 | fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 351560bbd426ce28739d5fafe21ecd19 |
| SHA1 | 963d535aa6d41da6fbe84bb21f17917ae79e08eb |
| SHA256 | 17f11c51e085940f2f834af0b94b3cc89c05192413e2a1ad1731af464947ecf9 |
| SHA512 | 0bc0c357074d2a41f22c5809e59a651ab81c3fd31592aa5349e74e5c06b4f325c5513b64528f613a3247cb4e41e1e15bf8b4f4cc08f2de1c821e47716be1fdcd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f3b5eb79dc874c9b772b1182a0d3324d |
| SHA1 | ea90a4ab62803221a7b4e80e26044387e398a6f3 |
| SHA256 | 49b8d1c1bd9decbbe2623512a1e7c7ee9567650819bd787ed6b88c8429a0c76b |
| SHA512 | c7715ab8acef97051d0622aee2883bfe117e9d3c6cb5a64bc9d82dadaba66578d86a1efe1102d7ee4dcb3ba5cac29fbcc472085bda82852b53425f15e4681572 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 493e8c3877cad1778c5aed39ffe51907 |
| SHA1 | 8e0aff693add3df9e5a70ba8fa63104e210d86f4 |
| SHA256 | 732519f31df9f14c068f8c104d32b95cd0ddec424d243acb1cbf3cd771f307f9 |
| SHA512 | 3ae7711c7079314dfe3a07ffc98caa1022704537ab32792bbc1bffe96e404d3ad6c8742d8fd11f2263d41e447de7db3556b080b9f0ec8d3d62b02363a1a51eee |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a
| MD5 | 397383c90a2d930f866f405747e27466 |
| SHA1 | 7bb6b5d6cee104c877dc5c3462f61232ffe5b360 |
| SHA256 | a67db01d19e15d8fa76e5a075e336e195325d79d277a83aadb6a440acf887c47 |
| SHA512 | 4357eddc0581e3cd6209646540bf59756cb4035d7dba47d5cb6b0050e6c202bda65721d4e9d644f37e3cd105bc5fa240574cfa96649f01e2769b796b523e08aa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d
| MD5 | 5e74c6d871232d6fe5d88711ece1408b |
| SHA1 | 1a5d3ac31e833df4c091f14c94a2ecd1c6294875 |
| SHA256 | bcadf445d413314a44375c63418a0f255fbac7afae40be0a80c9231751176105 |
| SHA512 | 9d001eabce7ffdbf8e338725ef07f0033d0780ea474b7d33c2ad63886ff3578d818eb5c9b130d726353cd813160b49f572736dd288cece84e9bd8b784ce530d5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 71c0dc7ecdbcd5b7205a009e63107c9d |
| SHA1 | ddff74b73165b6544448ff692a343074ee604241 |
| SHA256 | ae06a6309411232cfb8ec73378ca9d2184978d71d95cd8415ead6c95d6901fad |
| SHA512 | 9296382bdfe1e750025a4012605dbe2d3997510e7d2fed35471fab7a42a9960d0d3c211fb612f01de8c82551f900b187dc21194526c40ed30d856ebeba28e5bc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d06f.TMP
| MD5 | dd5c78d57a4ea4a9db5bb713ce64d351 |
| SHA1 | 32fa2768b640caecf3fad1ed4a87634d944fa815 |
| SHA256 | 9fadb2f00c110c1754fbc2f4ed7c8df3fbadc56a6760e0279cb465585f40629a |
| SHA512 | 0df25672a72547296e4d30eb11d7a2a76c9a95b0cc135ac433a978f1cbb33ed326cb1edef42f478fe0f883c128df9255aef2dde1c2df24857b9d3c5194b186cb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8fc2c26c452a685821700dd5a9def980 |
| SHA1 | 9c2656f02219cd35b3601cf27502efb9516b2212 |
| SHA256 | ee37d7ccf8b70d7098aee7079762e84664c9a8e1b150fb1a4926fc2387458be6 |
| SHA512 | 7f409efd487527ddb30894b4c6271b057c99ba85db8951da5d2cb5d243192c59f56b589a8e4ef92fe67a57dede6cdf2f4d97ee0444001932dd492df417a941cf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | fb4f98eb1b4588f4a187b9ceffd452d8 |
| SHA1 | 1bafa4c40dd8418da760ad6e7425fe4e144a0e3d |
| SHA256 | 33e1c14543eab69afda9b6460725a5a45de8c74152064b76ac8b74eb3f87e8a7 |
| SHA512 | eebb678137717d11cbd0fc5a513d2cb18bd12ac88334f34e980177e66fc73e1b01e3bcdac35d72ed1063b64e26291d67aa65048d8811370dbcbfb0204b8259db |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | bb99fd898f6421d1ff707df47d6251cc |
| SHA1 | 43ff2422fafbd4a4f5fc8c34d316a7300af29858 |
| SHA256 | d9224521e1da09ee5021fbe139261d422cee21c8ae06d84034683b4223b2bd9d |
| SHA512 | c9f985cfd7a21f9d6d446219041927ed4fe523d2ae086e9e3a355dafb05b400fcd4d83ad7c65a7ef417489258f3cdc6956843431a53cc4d3488e0dda82f90bbb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 964e41b6dd0d4a509b4b48115ef997a4 |
| SHA1 | af6e79e1a78b5329f8bdd11e131145cd257c8c30 |
| SHA256 | 7c3c593175c3398cd36e2002ff0f3246d91289ec6a0d0bcd9aebf92c8e247cf6 |
| SHA512 | de52fe0b43d53d3e40373baa367d7a4534514ee354e5a047dae1a70242ba206bb1fbe7dad56d3d7cc26692d2b10191d3c411a662bbc1e16615af4263ef771ee8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 07d724531cc05de73fa8d487604d8589 |
| SHA1 | ed8f19c210fd76fcbe39ce412313133587307bf6 |
| SHA256 | fba126a9d31726a0bd86dc25a17f078cf172b09effab0c19d003a213a811b2d4 |
| SHA512 | 4157a54a9d65e1c3a5ebb184805e3a4376e65aa3fd34bf197540ae2c6175421538fa5c8608ac7124323ed0c35cbaaf685fe13445498bf152a10f5dda3b40d9e3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 56611cdbacd18a708b97cc20dc924bd2 |
| SHA1 | 3f667d07b4bd03a0697363fb9333013d4981fc56 |
| SHA256 | 432146dfb9ccc5d2c4f88c6d601c2a02e0cca5bbb9309f3f5e266bec95c3c233 |
| SHA512 | 6a9f71ab056ac662ea84dfd17b09db7404f460fec2e407cd9ec5ccf82624c9ea27134cfada4bb1c85d514d65808b1ff519856949482fe4b677b29a81f02199e8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 41670cb8b72bcbc5b821ac935cf15759 |
| SHA1 | f0ff42cc5c4d6d80270a1f07de43775a22ed9398 |
| SHA256 | 9e5182ee722252ccd21a725143b94ea7629b9ebb1615179018db97a01f3588d9 |
| SHA512 | 7a04f9acad0343d767b659a2da314a3ab26d27b4b41ab49784864b1b48801b2b877bd1b3f75b2610f9ae36e8589c2eb8c23ff511241f5b2ee70225ca94e04400 |