Analysis Overview
SHA256
fad6f7e3f530b042f710e5540c8b2e4244b9c2e665f0a7a99402472b9eef85fd
Threat Level: Known bad
The file 2fcd0d42b3a66667773d6ce91c1a4d2f_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
SocGholish
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-10 15:30
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-10 15:30
Reported
2024-05-10 15:32
Platform
win7-20240508-en
Max time kernel
143s
Max time network
150s
Command Line
Signatures
SocGholish
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3A3DB0F1-0EE2-11EF-A4C2-6AD47596CE83} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421516894" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 300d3312efa2da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b0000000002000000000010660000000100002000000094e7a5e03ad95071835c5e8e838dfa9cca064d15bd7c4473b930ea829d373749000000000e80000000020000200000005d5da9e6a7c0a1ff627c2048d3edc0c04096a114ada04589900d19f5c279e703200000002d48dba929cf6df9e61cf7ed9d00a9993f09515d204a72dd3c6619e303d8b4d440000000cd27b5982ecc415b0b126982d61ff699ac8b2ce4ff18dd0728b682efad16fd3ade8941f4bf8f8f7d841b2eb38c060669cdcc9d7cdd6772be461840255c598af5 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b000000000200000000001066000000010000200000002508f89022a6dd5011aa592a5d568266f535849333b5e85930a923d415885f53000000000e8000000002000020000000c20e7a63ef05c2b65b56744cd01972d07e1ab4833cc94c437b13c33058bcde6690000000cf3c39c9d169871b0ded050905574c7e99b472312f9c5b75210e7c959ad46eba8653f892c253626201a460055b341ddd233d485234242b96c03c81614cb80847154241c5301611300bc5fb6432c04ee4d895fec2b8afd44fc72a6291a498c399810d889e7d5ea214ba40eed85065e6fa9fb15e23b7f24aead510ae2a9ecf5bb169fc72f80cb22dcd58f6362889c7522740000000f6d4825dc0a7dcfa6516e5639d87ec92c6cedd1c4bd3a39b21da80ed4de78f680b58f5290dd9a6d40640a61c08eaef2186ef7ced14a7b9cc4cd920871819a08b | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1640 wrote to memory of 2168 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1640 wrote to memory of 2168 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1640 wrote to memory of 2168 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1640 wrote to memory of 2168 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\2fcd0d42b3a66667773d6ce91c1a4d2f_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1640 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| US | 8.8.8.8:53 | platform.tumblr.com | udp |
| US | 8.8.8.8:53 | cf.ads.kontextua.com | udp |
| GB | 216.58.204.74:80 | fonts.googleapis.com | tcp |
| GB | 216.58.204.74:80 | fonts.googleapis.com | tcp |
| GB | 216.58.204.74:80 | fonts.googleapis.com | tcp |
| GB | 216.58.201.106:80 | ajax.googleapis.com | tcp |
| GB | 216.58.201.106:80 | ajax.googleapis.com | tcp |
| US | 74.114.154.15:80 | platform.tumblr.com | tcp |
| US | 74.114.154.15:80 | platform.tumblr.com | tcp |
| GB | 216.58.201.110:443 | apis.google.com | tcp |
| GB | 216.58.201.110:443 | apis.google.com | tcp |
| GB | 142.250.200.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.200.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.200.9:443 | resources.blogblog.com | tcp |
| GB | 163.70.151.21:80 | connect.facebook.net | tcp |
| GB | 142.250.187.225:443 | 2.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.200.9:443 | resources.blogblog.com | tcp |
| GB | 163.70.151.21:80 | connect.facebook.net | tcp |
| GB | 142.250.187.225:443 | 2.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 2.bp.blogspot.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| GB | 142.250.200.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.187.225:80 | 2.bp.blogspot.com | tcp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| US | 74.114.154.15:443 | platform.tumblr.com | tcp |
| US | 8.8.8.8:53 | www.natureoutdoors.net | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| GB | 142.250.187.225:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 4.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | zatolab.com | udp |
| GB | 216.58.212.195:80 | fonts.gstatic.com | tcp |
| GB | 216.58.212.195:80 | fonts.gstatic.com | tcp |
| GB | 216.58.212.195:80 | fonts.gstatic.com | tcp |
| GB | 216.58.212.195:80 | fonts.gstatic.com | tcp |
| GB | 216.58.212.195:80 | fonts.gstatic.com | tcp |
| GB | 216.58.212.195:80 | fonts.gstatic.com | tcp |
| GB | 142.250.179.238:80 | www.google-analytics.com | tcp |
| GB | 142.250.179.238:80 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| IE | 209.85.203.84:443 | accounts.google.com | tcp |
| IE | 209.85.203.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| GB | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 9c12dbf6b58d08bae559df493608d7b8 |
| SHA1 | b1641b1cbf4de6807ea325d3ee4c84d4c7bc96de |
| SHA256 | 19512886632fcaf25dff0d9713ef6bd820c1dedbeb66fce1eeb056b656f65c55 |
| SHA512 | 66208d8dd560d8f40fde9593447677b9b3dd4e170c5f9488dbcb0dc29fde324afc52c8d60c2a4d327a7c5a138b2b6f68d1f141d73d82930753debc17d419a42f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 30ba39f0d9dfc242bcf5a13148c65714 |
| SHA1 | f35a36a5dd87eec68ee6d1e621224995838f30f2 |
| SHA256 | 6cb7722d1559158bb31024e172b224988f0963e043cb8f60065c94c0e9f5b0a8 |
| SHA512 | bf732a235af263d14562f0f10495e910f18affdf4dd1f1f0507c470de7e9cc0d3f122f4e114962ab3342c434d71b20e97ee78dde7339a42300cb5a394f500a45 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | 52ef29485d188008302bae4db0cea001 |
| SHA1 | 88509181d878f1a1be3ec1a153a1212461951bbb |
| SHA256 | 2a7453fc0ed5cf02452b41faa90815bcdf04da51951afee11e7bbc0d923d1b51 |
| SHA512 | dffae2a8482911431dba04a9e809d7731bffeea06bc7ed4a1efbeed5b1718ad3f45b628a7346064887de98aebb9102c679929358d2e2991497f76b7668bd00cf |
C:\Users\Admin\AppData\Local\Temp\Cab1EB9.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | e11979a44f66050647f0bac2bf56e2ff |
| SHA1 | 8dce9df100fd8d3ad9dca8ae2ddc3661f527fa2a |
| SHA256 | 9ea5e11ce4bcfb8664c945037b26919d27eec4230318118d32072e2fcb860137 |
| SHA512 | 74c23ec20e1b88afe0123946bf7d80b74b7276647ddca8a8ab82f574f88431e993bc3ce2fe94e785cac1d53b407133683c09b87c645c85d2b8d332855fe782fd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | ac89a852c2aaa3d389b2d2dd312ad367 |
| SHA1 | 8f421dd6493c61dbda6b839e2debb7b50a20c930 |
| SHA256 | 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45 |
| SHA512 | c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36 |
C:\Users\Admin\AppData\Local\Temp\Tar1EDB.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_F82FCC341F124F6AC9D153F6ECE89FFA
| MD5 | 43ae1240e82a88c27729aa2e43fdcd18 |
| SHA1 | d3d075e4a91481cb936b162a4aef36a7ec25ee70 |
| SHA256 | e3502b118ac5ee1eb32690694f604b973f3d5c4a8bc00c7a41e71c63ed96bdf2 |
| SHA512 | b41079e60d4fc1c4640a119dc1fa47bec6efadabbc0e5f4e4a3f4c89abb160e74914531088e273feaa670d3a92b00a0e6380fd94fa480913709f34ad1c971a5a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c4f9bc9ae425e3e52af0d1a787d6779b |
| SHA1 | 14de0d38b0ab3cc0a6349669ab4d2038ee3e8699 |
| SHA256 | bcfc96700d8bd316e61a5d93712bd610d394af7708820b41f8599768e9341aa5 |
| SHA512 | 8ad45763ff02f7e13dd588548755d84183177a939f9666391ac34f0309874016e56b68edddfc1cb72274125eb6b13baf342a9585648ce327ebaa3d7cc2dfde09 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IO0LJX84\platform_gapi.iframes.style.common[1].js
| MD5 | 7ef4bc18139bcdbdd14c5b58b0955a67 |
| SHA1 | afe44fd9a877f81a3c36f571c0fc934324c6cbd7 |
| SHA256 | 192bc707852c5986f930528442d88a79e5bcf4513aacc2b722a3c5e964501838 |
| SHA512 | 6c2920e80e4d5059588a32f75bc2b5dcc19f8d68224c0935d74f9fbf49476ca5b1ce43c279768f3d36871dfcec39f36db3fcad559c2f93cc540154cdbb04dec2 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IO0LJX84\cb=gapi[1].js
| MD5 | 4d1bd282f5a3799d4e2880cf69af9269 |
| SHA1 | 2ede61be138a7beaa7d6214aa278479dce258adb |
| SHA256 | 5e075152b65966c0c6fcd3ee7d9f62550981a7bb4ed47611f4286c16e0d79693 |
| SHA512 | 615556b06959aae4229b228cd023f15526256311b5e06dc3c1b122dcbe1ff2f01863e09f5b86f600bcee885f180b5148e7813fde76d877b3e4a114a73169c349 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3ecbd4c9cd79b4be935a70ff12bc173c |
| SHA1 | 0264e6b280c0dc977ae58ddb40395ec3c55a6a3c |
| SHA256 | c235787774547fe898a7edc626d188a62e38af587d914771f1f54afd0d9fdeec |
| SHA512 | ee6b8a65dcf49f9798f0c4bc315b8a7498ac860691fb1807e4da2d41e00f725355af9e0d8cb61b74f00f660ce87588fdbd8a3d038358e348ff4e2220f69e4385 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ecc8009b6be1b791646ed30666e02221 |
| SHA1 | 7e7d26cc48c1dd768a0c8c5a668b929fab979c96 |
| SHA256 | 74f8462322034fcbef408c12a26f6d08f2382689064eceb8e90d0ec82ec1601d |
| SHA512 | 820388c3426b2cb983b1bf8a0e2e41d600b920cd2390d48484eefbf54928dfd190785f00c6d4117d34efd52e28dfe702f50febedab41ac014c52f18fe9145d92 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bd622d8a7c6d8b89c3bbdd500e1a5c76 |
| SHA1 | 03b18911ab631e0c90e794ea944bb8b76b9f6c77 |
| SHA256 | 65c4aa3e730d52ba8f8b2c458b462e274ca8d49e5b2a723096bdc5d7dc5eb201 |
| SHA512 | f7501bdbfd5ac922adce368492bd2bba045c1e96ace57a4c345ba4aaf39669e97902b06ab25840071f42f1f2f0fd933092a2dd0cbd5db200dc7c83fa9d45beda |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bc2b5be94cb42040c8c01958546b345a |
| SHA1 | df1e8581418c2de0b42e13c992a5be551bddcfb4 |
| SHA256 | c0f3cd2bbd70a2933dd8af5fa2fea8afd54452a60b010ceca255dfa4677a567d |
| SHA512 | 044ea3d736d109543e0ad5c51a44bb4d3b45ae9cbae4bdc15b75fce5204b7080513352b9ae467fdee136d030dea7e016370b084af29ac5f3569537aa123d0eca |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ebc993e6186e70da50244e8c4e3d3757 |
| SHA1 | 6912806b71260a7d0317c139e81dde67c02dec05 |
| SHA256 | a8935759a8d33f547a9534e3e182e538c4dabf11e334351616c296a00b83873b |
| SHA512 | 8f09a860c197fd5a82a774efdbdb8eef5fcc3d9abdd568c887b50e4491c1c03102275b9e9d92145c055bb104501a273face2836e8858a26b0997fcef3eea32f4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a37fd1b55362f5d14403056d0252a098 |
| SHA1 | 7e30dc7d7e0971a8879713705dbe8f158c87d5cc |
| SHA256 | cf9d8ac829e61551a03e68b3ef537a62282e0f9560e2ae3e54d3065ed25e0020 |
| SHA512 | 19438c164cc4780527e5c15dcd23a91e3758ef05c8e7b947ba9b3b3e092c07e5c5147874f1db788c02ede58bd19b231a88d4b54ba486856e03b84563699d348c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 68a199e7c6c26a1f4ca3c5446022773d |
| SHA1 | f023aefcd6110c0bde6fde9805cd30b07883c61f |
| SHA256 | 7f6fe1794c78d310dac35e73b8fd8816bb9a81c498e63f706cdab3c3c35f41a9 |
| SHA512 | 932caea602f2306a20404e0f57cd2141342176beef42fc1dbf9e7386e05b577fa3d7aa5479abb05254c255e0d1c8ae87b43aa5b6954aa2c0e10a33de8757c161 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 08ac457d8f70059b8d39d3ace7ceafd1 |
| SHA1 | 8cabb1e6aae6f8d4887b7206f3dcb5cc74b7ca7b |
| SHA256 | 46afad921908c9650ba5e5dfa03ecd0ab5b0c4cb03b5d64f03856054967dd22d |
| SHA512 | 53eace16b9e49aa53851a3082b94d568385acbc401dc9d210abdb9eb2a80145e03f53655df59e9c074e90ab6c5991ec609fb55148741ebb704bf272868d70d44 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8c3d9c4963556ed2b6b950ec22e56fcf |
| SHA1 | 39396ab6b3c160cb4c83d2b5a2359d2bd90d3da0 |
| SHA256 | 954eb078312117d99ce8ca2bc87bf722552fb5f25cd6a1247bac909dc7495b56 |
| SHA512 | c823e633ba4eae1885abd2703a8184293329b891c4a281c821d7ad64f05338c353556024b68cf102f6d8d83fee0b3a8014211693dc930c328664990702c40cf1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f15de7b8c256ef1bd698bf79ee03deb2 |
| SHA1 | 76b515f2b966747da1ff39da29478848a1260425 |
| SHA256 | 5a6a59ab04aec6b7ee007b3f5d2a41ba30d102915ea2f77a3dd6d8cb6a1e575a |
| SHA512 | 7560c3c33dead93bb4e6b2b34f5bc371db95d720375d420e8b7a78ca9d8982c916d9fb351d1a708143491d3530070eaa79f1220e14e0df65cb40992eb42a9d92 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 89b887707e3eebcad77594d649c2a400 |
| SHA1 | 6ff772d47f752afba95785b3a7c230ef95d700c1 |
| SHA256 | 0fc47c1f719aa211dd993709518f2430b79c46a8c3eeae478da7ae8d00e96e01 |
| SHA512 | fbae68d874b0760898a108032b0a5a1c1607a8f8a257d62e5645b73e2017307fe43ade1f41f353eaf5027a76dac6caff1d34e71eee69c061a12c462ba1620865 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6d70bee0fed44386369f3c1a9d077b4b |
| SHA1 | 2a4ede75e650eea6409458512a0b4a854d809e5e |
| SHA256 | ea42cf026766b509783a055c5654de60f5fc5cf04719be9f972092b031ea2a48 |
| SHA512 | f90394a8bb16f994cd149dafc0036d6249abf2acd9489460d55052535ca6443def79d08e88cf06bc70f885cd09c0e724b0fdb57ef211c8f0a0324e49b81ed6d4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 962981f2122fdaac62e54fb80c4cb347 |
| SHA1 | b77b7096e2929a6c67e06aad9f2eb0dc7361d6db |
| SHA256 | 032f0f1b9520e9a4ea58ddc95963c9857faafe34acd9c2be78c4b2ac0c834273 |
| SHA512 | 11f4fac0d98085b663688d05a7996b641b218e12b053afe605cf504a91a499836d4f9929da3879b4629ae1c48f137199991df2792abb1ea3626ab8381ad10ac6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 044ff3517c4e2b456189c2f6bd69e1ef |
| SHA1 | 6a3e6689dd7a7bd280ee66d7bb596cb0c6a01d22 |
| SHA256 | fcf8827492d34613743fe081ef3b716cdb2586c9e0ae1f189dc507d7cadeb527 |
| SHA512 | d78a7011459e2393f63261cc178fbb252fbbdc740bd3306c07e8566ac20064eb6d2f591d4ba3623edcd1695c9c336b73547ce1d88c64c96191179bfb5ca7d7c4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ab0dc9b345becbbf217708e3374ade30 |
| SHA1 | a8cfcf95a4811260ef3a24d9f8c4c6eff909aa57 |
| SHA256 | f8dda355398109685c37b51596581ad145c7cfb6a22b49b74a41c040a15fae87 |
| SHA512 | 0bd58d73bf50ab59a00e83f391d3c41d6cc02f80649f91bddadc6686ff27452e8e79e921d17e5a7d29b8d90a6934c6a6d0936d49042a8c3c222d2e61c1c8d292 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4f169e1c79480cda8e5f5716fbcd0004 |
| SHA1 | 54584c6bc184de675a349c963e89290542d5b5e4 |
| SHA256 | 0acd50b8aec902b47fc7bddc3fa4933e4197212dbd1a4d9a1493bcf5bff6e99e |
| SHA512 | 39c8283e65f82c4440478249a80920e1f468398beb28f0ed22f5c44f969a56db76ba617ba6195ae5d5efd8d07b970089bbf05bb1cb9a672f51824416c2a2fcb7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 00a3688ecb0084617808d801b5eb202c |
| SHA1 | 80634758ae304862182c71b3f592cd620d164122 |
| SHA256 | d9f027e2204220f019437f58c59b187f863b84119746dd126e806ebbdd716a33 |
| SHA512 | e01e8b64d46c42a5f2c1f108bf67116cdd1aa0f6e76100db5f42788acec8a337ee62e35cb5b7999372c597ef9adfd96c932a3fca7c9f598a9aa7015dbdb04f57 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 25cb682dd07844d3a002d0a205c792b2 |
| SHA1 | 3beab99fd0319890df4a7dc63da5d37cfc7ae192 |
| SHA256 | 11f05db462d6cda8c1f82e777bd727e55033dc1a1c0b11cabb95b5067b472eb8 |
| SHA512 | fba0a23b4d829cf7d7b7296aa8f84df9a781d33207c90aec8b6712535e0c8c65726b013eb6f673b3ab74485dcf1cb0f17b254a1cc23a5c59315dec5af4f11225 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7c88db5fd398efdf25655e69925049f4 |
| SHA1 | 61434dc8f7e0c34fea41a23d8e2ed98d9401226b |
| SHA256 | 712b092c3c5b7428b75324be87181d5591842fe403e12627dc0093fbdef15c9d |
| SHA512 | 25e2ff90686203b30d59a1706957f62132aa76ceb7e90e76e0082caadeae4dd17dee16079967c51170d8a02936f59d2fda40541c7f4d24621fa55fde6cdd00fe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 66fd0215f74501bfda610b02b5bfb6e8 |
| SHA1 | 3676fed9b15cb4425a972e0fc92ad3e40d365c15 |
| SHA256 | 02bbd518db0c63ddced5fadac594dba06f33db15d2305a086268914affff2787 |
| SHA512 | a54f4a27343a64919e5c9e69544a576ae364076cf579503a5ac2bceffc9225cd00025d3681a009bb3561698a0a8ef9f2368515efc94284c79098e40ef63d1881 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 82e03db82b72d6efb078a75e3b1645b0 |
| SHA1 | bcedba8646be95cde461cbd131b0d3372143969f |
| SHA256 | cc4e1bb64fe8835ec4bd6324331869e9546445fb5e5722108bfac4fb9e055b6c |
| SHA512 | 05782c1624c362f902c578c98553fb247dfeb3b87cb7a7fafedfe57c07bb3ae936cb77be68c3034b6ddb77789db13ae86278ce8d2d6e668015d723c4cad93f86 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c7c36ec290fdac08fe205fdf9391108e |
| SHA1 | b626753b177e5ff86b5a02eb5f2dc00a676bed6d |
| SHA256 | ea1c2b6f11ef6b706feee9193273e16449aded633823b92768d98d2c237d96ed |
| SHA512 | bb8853f4cadb99b0e24c8d3157b68e1178473ff7759d75b0f41740bf47801facb6f4c16a907256a3fa5554ebace11d503affda9a0dec830833c9385b8cfad1e2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 295e7430b0c700c420a992f0c71289e2 |
| SHA1 | 3175b5d81efcae134fd519b22dbfe7bca0d63f40 |
| SHA256 | 352a86d3ae189ecdcc93787cbabe4fe6dec3f12fff9733ccec7b4d826b62ad74 |
| SHA512 | 1c79d9231093eab7ab7711b3187eaa67d1e1838d4798bc9df9fcc05d988681a1b79e28f0f730abb93d1083aaff0673ee8abfade79c74c478b0afc1c41d57d92f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0436396ee555ae6996cabc0c862fb822 |
| SHA1 | 9ca2eed333062990d14854016cf5ca59683aedbb |
| SHA256 | 3e51ed702624d295775043b738c380bc518b6076537610cdf519b18175e56035 |
| SHA512 | 4d74c630a05d8603a543c0dabd68afee305d1068c0eb35824458f949862b8bdd339cfeb5a56319aca63cbc5fb04f88b14f937330ba4ecbd3a0fb15c8c94b6fe4 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-10 15:30
Reported
2024-05-10 15:33
Platform
win10v2004-20240426-en
Max time kernel
149s
Max time network
151s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2fcd0d42b3a66667773d6ce91c1a4d2f_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbbb1b46f8,0x7ffbbb1b4708,0x7ffbbb1b4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,1611355924146265038,17536282405079846841,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,1611355924146265038,17536282405079846841,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,1611355924146265038,17536282405079846841,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1611355924146265038,17536282405079846841,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1611355924146265038,17536282405079846841,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1611355924146265038,17536282405079846841,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2148 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1611355924146265038,17536282405079846841,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,1611355924146265038,17536282405079846841,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5856 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,1611355924146265038,17536282405079846841,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5856 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1611355924146265038,17536282405079846841,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1611355924146265038,17536282405079846841,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1611355924146265038,17536282405079846841,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1611355924146265038,17536282405079846841,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2768 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,1611355924146265038,17536282405079846841,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5320 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | platform.tumblr.com | udp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| US | 8.8.8.8:53 | cf.ads.kontextua.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 74.114.154.15:80 | platform.tumblr.com | tcp |
| GB | 216.58.204.74:80 | fonts.googleapis.com | tcp |
| GB | 216.58.204.74:80 | fonts.googleapis.com | tcp |
| GB | 216.58.204.74:80 | fonts.googleapis.com | tcp |
| GB | 216.58.201.110:443 | apis.google.com | tcp |
| GB | 216.58.204.74:445 | fonts.googleapis.com | tcp |
| GB | 163.70.151.21:80 | connect.facebook.net | tcp |
| GB | 142.250.200.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.200.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.200.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.200.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.187.225:443 | 2.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.187.202:80 | ajax.googleapis.com | tcp |
| GB | 142.250.187.202:80 | ajax.googleapis.com | tcp |
| GB | 142.250.187.225:80 | 2.bp.blogspot.com | tcp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| GB | 216.58.212.195:80 | fonts.gstatic.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 74.114.154.15:443 | platform.tumblr.com | tcp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.154.114.74.in-addr.arpa | udp |
| GB | 216.58.204.74:139 | fonts.googleapis.com | tcp |
| US | 8.8.8.8:53 | 30.179.139.118.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | maxcdn.bootstrapcdn.com | udp |
| US | 104.18.11.207:445 | maxcdn.bootstrapcdn.com | tcp |
| US | 104.18.10.207:445 | maxcdn.bootstrapcdn.com | tcp |
| US | 8.8.8.8:53 | maxcdn.bootstrapcdn.com | udp |
| US | 104.18.11.207:139 | maxcdn.bootstrapcdn.com | tcp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| GB | 216.58.201.110:443 | apis.google.com | udp |
| GB | 142.250.180.2:445 | pagead2.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | www.natureoutdoors.net | udp |
| US | 8.8.8.8:53 | zatolab.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| GB | 216.58.212.195:80 | fonts.gstatic.com | tcp |
| GB | 142.250.187.225:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.200.9:443 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| GB | 142.250.179.238:80 | www.google-analytics.com | tcp |
| IE | 209.85.203.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | 35.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.203.85.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| GB | 142.250.187.226:139 | pagead2.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | 99.56.20.217.in-addr.arpa | udp |
| NL | 23.62.61.72:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| GB | 163.70.151.21:445 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| GB | 163.70.151.21:139 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| GB | 199.232.56.157:445 | platform.twitter.com | tcp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| NL | 192.229.233.25:139 | platform.twitter.com | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 23.173.189.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b2a1398f937474c51a48b347387ee36a |
| SHA1 | 922a8567f09e68a04233e84e5919043034635949 |
| SHA256 | 2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6 |
| SHA512 | 4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c |
\??\pipe\LOCAL\crashpad_1636_KSLGQTQRYTTBCZWY
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 1ac52e2503cc26baee4322f02f5b8d9c |
| SHA1 | 38e0cee911f5f2a24888a64780ffdf6fa72207c8 |
| SHA256 | f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4 |
| SHA512 | 7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | dd1650d1a8d2b0dc78a35aa312e51b61 |
| SHA1 | cf489c58a486ddd44d41795b701ebb5db1f95e6f |
| SHA256 | 37476d280596be8f8d21bc666aab1a23d7e53bf2fb1dec6eae0138e37c4f071d |
| SHA512 | 5f26ab7da612a503bd6a0d9dcdb1241969a4dcc5789ceb471d14570a99f89597af819eb1ef3ac29ee8a22e667c72a1da7fffa5cccf440379854f42526a101864 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | a957f9913122befcc4e81c897764d652 |
| SHA1 | de6565aadc002e7bfb89a9ac181e4ea60d4261bf |
| SHA256 | 3d0d6ebb823efc0d937078bd9ce72e07f88df1f90b217bffdb16899eff19c2e1 |
| SHA512 | 5321cbc9be41845a1d7c14dcf602c78ba55be1842534cb4a6b327411729be285b8ee45f9675bdf528eb9e3759f9bf5787208baf0e503e7d354d21ca01db48d0e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f061f33808744af35f3adcb88cafdb04 |
| SHA1 | 33da11539095e394717b89be9a7265f46ada7fbe |
| SHA256 | 2d726b0944286f49db760bbbe68b1e35e45269ec3dff894aa27fd7137e749b34 |
| SHA512 | 4dff9d66cf161acc800c162fcad10818ae0f14343ce99bbca8a8046753c2546c19e74c19572d7dff51683873849c1b9eba22389d5fef896f60a6f6b21951e8e5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ff4f.TMP
| MD5 | 5b3a74614665603bb39b7a1e61e9f8f8 |
| SHA1 | 36fec1c087befc53ab5d641bb23e34b1ca9fe4ef |
| SHA256 | 48e0e4c6da045e8aad4fe5c867461e2f11c8ab1131c7a7bf14fdda32de182d29 |
| SHA512 | 6a72088e454a490eb0d1ad7d649746bbcbc0741d771a2e1d64fd5a3baf2fcb0394d50f5f53d3ac7a6af20e869884530735e11ce9872814a5068f486a57988a19 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c7ad5936677ea24b19569de3df56273c |
| SHA1 | 9cc9b6342dc5c25d9885b60d6a9176f0f6727077 |
| SHA256 | f21d73f23b88c4b35416b040de7a7757b0897fc1f61a6e6d717604f96cd35c47 |
| SHA512 | c36ffb31bdaba333346abe9e2be2842f214f6fec50da0b93aa950d1973602c57f9ff77616d593e5ad93887fa2547d299ca9c3c39ac55968ed989eabeefab350b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d21c05063456a0a668af3f7cf1e140eb |
| SHA1 | 9701b33dd111643363d8024653c259d970fddcb3 |
| SHA256 | 932f91d593b0825995004148612acd3d42f2dc6aaa245f28f7ae7c95cd0c2aa6 |
| SHA512 | 68320ae920205c50656e95473f4e4edd3af35f4039646554e3167b5f98209b3c65ec5fe19c0061a0b1af1e7afd4f3d637ad1fa58075033d3a312b2ef545b32dd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | e8d9ccd526fdc77477b24ab1139c8e7d |
| SHA1 | 68cf2f1c200a6b9a12a3806ddfb27d832e72819b |
| SHA256 | 326b93077bc8a0b4333ba55e170021f504cb1816e2a2cd16621f0fd03b60d4e5 |
| SHA512 | 60a18134e93ff2ed7e1c95a8a4e84077ad1ce47c3e3bdbace8d8e5c0ab80e967910c95f90c2af3ac9c691cbfa865ad9150a774d34f251b1678fcca9e2d1b7032 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 9989b2d3455b81e49b92fe76b6482ec0 |
| SHA1 | 56f9b0c2dd6d25359a080fb6f3ab1cabeb383af2 |
| SHA256 | 5b715e13f5c185fe0957d65f72fec3efc101f37af29f9ffa3cc7bad9fee206a9 |
| SHA512 | aa0d187061e116d64269651998b8e3e04211fd10518bcce2ec34d60d4d7986a5edf0b4a06248e3a0682b60685c7521d59674770445156958634dd187346adaac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 2a9f1332c8001276ae48596c2773c69d |
| SHA1 | 8bcdb4d71826be1edf68d34033048db0f1ccaaa1 |
| SHA256 | 8b405338c5bc0dccd98377251c08c54e6535f667315feb73adb34e4f91e17af6 |
| SHA512 | 8fcac55674dc3ad403d22f89a4d0c273a40f759f898e21fa0f990f88d2c78f017f3625a82a3dfc72a39892e00fba11c4698847e2f19c98792fd7edec6f891621 |