Analysis Overview
SHA256
391bb78a74eb56df9e7623c759a9630caea029c1fc45fa27348707c22d2de680
Threat Level: Known bad
The file 2ffcd63801dda60d84319b7b8ecd8c70_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
SocGholish
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies Internet Explorer settings
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-10 16:20
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-10 16:20
Reported
2024-05-10 16:23
Platform
win7-20240419-en
Max time kernel
139s
Max time network
143s
Command Line
Signatures
SocGholish
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4538ADF1-0EE9-11EF-BD6B-4E7248FDA7F2} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421519919" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d1000000000200000000001066000000010000200000003d42982677ce1d36816c6f0eed08ba4142701c52687c2359d77d7d48711f89f6000000000e8000000002000020000000bbdce434fafb5146ea8ed1508685cbfc907e1671a6efd0b9dde4e1cc3efac53020000000056c051e1e0e1b568cf1a61d87537117e5f1262dfa2e3e235c9419e4e465aba540000000faa5d3a1a26bade32de9503526c7dd4fdfb1def37fa5c7472880d0badc4a5df78ff8f964c2dcde6bbf8ec218b36fc6a59da50fe70bee1ff5fff61e09bcf8e487 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d00a811af6a2da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d100000000020000000000106600000001000020000000d5f636dc959fead358dd45584415bccfed92e82d00aecc5ff17a944b3a725328000000000e80000000020000200000007ca66dccefb69f6f9474947a38b1f9df7b5d3a892336ccda6bda4603d1ca946690000000b773244b13dee1776bf505b31c62d7105e0ae87e7b9e06b479c7a10b2637c754a1cd41c1302164a9bad465e8454a1a572a171ea27b52d90ddd07dd645b96c5fc2511c5553eaf7b63ac65b5f2c61a5df1cf6ba7583655b6eb30575618bdf0654e31454cee489663cc4dfd074c8d118d4a3bdd527cac0c04bd8e5786c0a58b6c2a2d7199cd4734985f7e54c352fd0ec7f840000000a69aa0d612df0c63c1e5ec5f248432bdc25c9897dfd2873d07ee65b73b6e092eb9909304eaacf709cbcbf32403c97a3a1bfe4f97cc85ad9d4ac92039a327c327 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2052 wrote to memory of 2604 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2052 wrote to memory of 2604 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2052 wrote to memory of 2604 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2052 wrote to memory of 2604 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\2ffcd63801dda60d84319b7b8ecd8c70_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2052 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| US | 8.8.8.8:53 | rcm-images.amazon.com | udp |
| US | 8.8.8.8:53 | img2.blogblog.com | udp |
| US | 8.8.8.8:53 | img1.blogblog.com | udp |
| US | 8.8.8.8:53 | clickserve.cc-dt.com | udp |
| GB | 142.250.200.9:443 | img1.blogblog.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| GB | 142.250.200.9:443 | img1.blogblog.com | tcp |
| GB | 142.250.200.9:443 | img1.blogblog.com | tcp |
| GB | 142.250.200.9:443 | img1.blogblog.com | tcp |
| GB | 142.250.200.9:443 | img1.blogblog.com | tcp |
| GB | 142.250.200.9:443 | img1.blogblog.com | tcp |
| GB | 142.250.187.225:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 4.bp.blogspot.com | tcp |
| GB | 216.58.201.110:443 | apis.google.com | tcp |
| GB | 216.58.201.110:443 | apis.google.com | tcp |
| GB | 142.250.187.225:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.200.9:443 | img1.blogblog.com | tcp |
| GB | 142.250.200.9:443 | img1.blogblog.com | tcp |
| GB | 142.250.200.9:443 | img1.blogblog.com | tcp |
| GB | 142.250.200.9:443 | img1.blogblog.com | tcp |
| GB | 142.250.200.9:443 | img1.blogblog.com | tcp |
| GB | 216.58.204.66:80 | pagead2.googlesyndication.com | tcp |
| GB | 216.58.204.66:80 | pagead2.googlesyndication.com | tcp |
| GB | 216.58.201.102:80 | clickserve.cc-dt.com | tcp |
| GB | 216.58.201.102:80 | clickserve.cc-dt.com | tcp |
| GB | 216.58.201.110:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | rcm.amazon.com | udp |
| US | 8.8.8.8:53 | blog.prestonbailey.com | udp |
| US | 8.8.8.8:53 | bp3.blogger.com | udp |
| GB | 216.58.212.206:80 | bp3.blogger.com | tcp |
| GB | 216.58.212.206:80 | bp3.blogger.com | tcp |
| US | 8.8.8.8:53 | rcm.amazon.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 0e2e2c163f52d2975a07adfb1034e5e1 |
| SHA1 | 2f99117a05b2b15350c168421af912516f53b40b |
| SHA256 | ed4c159e1e0e77d8edb180666bca1d23a5b288c9b46939b5226547bcde949766 |
| SHA512 | 855b0a4b7fe16de5d88b0c5ab4c957f285523c916b8bac9bd6e9a0220c4b2d260cb67d9b5e9fca8539ce79d63d95078934b3e3c618b79f33a0c0c6db4ed950bd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 30ba39f0d9dfc242bcf5a13148c65714 |
| SHA1 | f35a36a5dd87eec68ee6d1e621224995838f30f2 |
| SHA256 | 6cb7722d1559158bb31024e172b224988f0963e043cb8f60065c94c0e9f5b0a8 |
| SHA512 | bf732a235af263d14562f0f10495e910f18affdf4dd1f1f0507c470de7e9cc0d3f122f4e114962ab3342c434d71b20e97ee78dde7339a42300cb5a394f500a45 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 794bfc1c91ebeab3e88350f166ed8498 |
| SHA1 | e15f7e4d2b22e63c328b17b20e28026b8bf14c88 |
| SHA256 | d7a622df45d560fcdae406a27b4e7cfabd34ee0ad1ab486cb0ccfe4e2167b460 |
| SHA512 | 00a669586cbd305d4eea328eba245cf6110b8cf7ff246c7d79e20ee7d6cca200813f080ff6b55e6f2be1433dd0804b90813cc3ce6bfc1ec4b532ced8bc37767b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | 66d2ec23c4e347e9be0f75f05067ba3a |
| SHA1 | 562643eac16753f94ba062868477798515e10c5c |
| SHA256 | 9e5ad6a89ad6acdb7b87ae7547b432af6ab808d7f66c7e3dfbaffb1bd6127139 |
| SHA512 | 6d218239d8457cec0d3f128191173e2de787fc35efc16ab55f90e1afe3b4da5344c3e0c5cfd3f92b4b61b03af4c0a3999a73f9d97a34c83f24fd8da2e154f55c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | ac89a852c2aaa3d389b2d2dd312ad367 |
| SHA1 | 8f421dd6493c61dbda6b839e2debb7b50a20c930 |
| SHA256 | 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45 |
| SHA512 | c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | 17bfc27d34198766916ceca9055da4c1 |
| SHA1 | 066a12a310cb6e94a7b1a5dff793edda3a836060 |
| SHA256 | 52383ce5eb43addf0f8da45befd5ac3912a4eb13924b2da5a873bccbdd48b2a6 |
| SHA512 | b042fe47103fd983a94d32d14dd7d1804cc80ad608e0ffec137771a03d98eecee5990572b2c442bc4a7c64bbafe882d0ff2d0908750eaeabc4ab49255a27c1fc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_F82FCC341F124F6AC9D153F6ECE89FFA
| MD5 | 43ae1240e82a88c27729aa2e43fdcd18 |
| SHA1 | d3d075e4a91481cb936b162a4aef36a7ec25ee70 |
| SHA256 | e3502b118ac5ee1eb32690694f604b973f3d5c4a8bc00c7a41e71c63ed96bdf2 |
| SHA512 | b41079e60d4fc1c4640a119dc1fa47bec6efadabbc0e5f4e4a3f4c89abb160e74914531088e273feaa670d3a92b00a0e6380fd94fa480913709f34ad1c971a5a |
C:\Users\Admin\AppData\Local\Temp\Cab18B0.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_F82FCC341F124F6AC9D153F6ECE89FFA
| MD5 | 3a6afc8cd24e1d153ea7da8f3b113e5e |
| SHA1 | 8f21cd0c8402eaefe6d5a9351b903a83c5de04fd |
| SHA256 | 4c11f375d421a64a03413e298d9d5a877987ff284ff1e1b39f1e4fc51845f7f1 |
| SHA512 | 790fcad59344dd5b36777e534011bb8e4a422ccd83a1719ffc827a9a8afab40ebdea4674af39bbb0d44cc79ec7a7572c7af0bf659239c82c49d82b17d8e55244 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ed575b679ff1a2db4c575b36a8df5912 |
| SHA1 | 1d85af54dad93b3b4df4ab4db0ee4636f6882fa1 |
| SHA256 | ac1a68fe5158d1e2097b58cc3fb866ec93ba86cc88088536e32a5134d1a10f7b |
| SHA512 | 5585f4880e7fe9805bec2c0ca5583c835d97d976322b520463e7aa4157666f138c5b8437d74c50ea8ef7fb8cf86947be8c89674a1e3c602980334379e1f0e0aa |
C:\Users\Admin\AppData\Local\Temp\Tar3112.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 495db3ec8d27e0833527d9d684e43503 |
| SHA1 | 0309421a7b723258488fb63ca59bea946c19da1f |
| SHA256 | 5dfc349391ca2bd703a37786b8647ee3135c8d1429ba61ede20e813d4a22760e |
| SHA512 | da818bfa3a7c8ea9e59a274521921d0e394d8517e5d91e62a5e1e1e8d38651c2cf780d4f070c7cc7434b94c35d33e05e254e58fd3e0582f81db4249fd3be4c1d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c520a21a65f239ac351f0b3e80b6d689 |
| SHA1 | 3fb59e7ab99dcc35156c156ea5efb4f0ea452828 |
| SHA256 | b55dad655a47ee2ca977fcc03ec9eb1aefa08d8ff00d726beaf891c6a395408f |
| SHA512 | 416125d0eddc33247dbe24685ab1d5f5fa701f9f01f87f921410ae4c1a05c302ba3bdad04f8ed0788f93632ac1d5a142e9b3645c8e7121d56efa8444ec84bae0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e4b7318ee55108ec561c68ef350d222b |
| SHA1 | 74e1ff3f1bc8d8aa5f55ca28a83243bf558404e3 |
| SHA256 | 6bbb81ee9636fc46e13ef7f311b162149aef928d5d2bd0563560a370aaa91b4a |
| SHA512 | 6f7837a7c153a1846a87a46a247eb1351e248b50c007d3697d34a6c399822b9d015cec12eea7b632a892923af465d35262a01e0a4208c72ee9fe5b6dca1ef763 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8eb2897d5ade75208c68eb55a38e6e3b |
| SHA1 | 479e93ac3b83b284f3e8c100c3d854258e1ae43e |
| SHA256 | f425d88b2156d7fe0c7cac9889c4c4632a9290fadc9fd89fbfa6eeca09eb6234 |
| SHA512 | 0330ca28f49657212f8a12911318b62dfe8cab31ce450ecd1e3357c6f59a2087a3e8390741a32bfccf5e093b084067f747faed72c64c4dc6d79adfab5e3e5821 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 87503b4238c1d25d52e87448aa507832 |
| SHA1 | 97e80815ae55fd40ad4755effc61b220b35baa1c |
| SHA256 | fa4af84cd0acb49a8e8026744a0fe56ae52331d3fc783a7b926aca380f10ea1a |
| SHA512 | 274b321ee9339b73885aae23f52554265076733b2c1113707a4eb8970e6e3294cba673eba9f708846f8bfdada96e9478534d0e5c0b5702d41e6bce76e3064c19 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 356d8a6268cf964894497ccc54ff2e26 |
| SHA1 | 8509bf33a08806cb0a960b401f68d9ad0ddd4985 |
| SHA256 | c59bb5b1c226ddf421abb2ceb5a2d86ae08d09ffd10dd3340c8468018334eb6b |
| SHA512 | 77fefb73bbd053e1d25c8b4d3903751b927490ce0f56df3636caad58464ba6fac4cb138f6b8cda3e62e93760fcd05c678ab8d33d0e4db2d9014c81c8e743bf46 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 130d57fa1e63e6f37f9bd39c51edef9f |
| SHA1 | ff6ea0d68a73efcd98ba19ee2bd5d5f9e8cf6b1d |
| SHA256 | 55f890144244b54fedef09b1e49ea6c9adc7faf37bd51a8da907e5b1759301a6 |
| SHA512 | 97595b128bc6fbf477d9d7e010c3189c63ca4ceae0f48b181d1a56c7d551638f3d95b1b9cecffe4a7125a8a71937293b6a8dd931299c91905d0f0ce05cac9407 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1183330e85c71a7c478821a1cc15bdeb |
| SHA1 | 78f6717656ea0a323ec856c31fbd8053d52940d9 |
| SHA256 | aa3dcd5e763e230d352cc4eefbe3d615ec2a2b46a4505db85a93ca16d7e8ab2a |
| SHA512 | bd96ecc71d3cd9b564a9233c7a1d70f5e347c676605828bd6dfb6440e48997a1d90086b28c218e6d36c5655fd9e64421be0dabb4e0c6f9f138fb28e8ee79ac82 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d2225890e974b16d8a092a0f24ef3f69 |
| SHA1 | 31c7f50093a01c8d30878ab3f9d3dc73a07926ea |
| SHA256 | 6f23cb1f75bdb94d411be524fafe9a0a85bfda076ed66cd8d75ffc26b13522ac |
| SHA512 | 4c14c75132afd101503bf15bea4f13cba5f2b48880c325ccffccc11f27e287912d5343e8ad4b4fa0f0c0c016e343829b51e5d9035edfd3c33abc43cb0820044d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7bd5c682daa0ac9c99d831e25e4224b1 |
| SHA1 | 6832beb4a715285cf51cbc9ddd720de50820667d |
| SHA256 | df0397fc809e1a4807581fb0bb0f44099cf957844bed54ae7378293e0898a276 |
| SHA512 | 215476c74a5109b4bc0a13c2c3b1c5b254aa0ce41f060a0e9a653847e419f1367a31b69e8c319366ce0daf6baf0bb677eda8506f7bd822a92d21aaf471644941 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a5426588053b2c98e9f2c870fb1900e5 |
| SHA1 | 5c573ff8738219522103e8e78190ec419c4b75ca |
| SHA256 | dc712fb05bcb6755ccecd234f90fb100a611a7fbe3162b029fcf68513942142c |
| SHA512 | aeca25521e41b2b0c0911824ff48d2678d4f65fa1848041256d2f3ecd79cfbc0359e016443c809ed06c7e86e33b1ab0e8e9f722b018fb255629c1281e80247d1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ccafb10bb54830c5f011a17922d669d2 |
| SHA1 | a1e515d21f3969f3b2658ec977f62f283ac829b2 |
| SHA256 | 8bd274efbf3453e65d192512e95bde6092c146ef80dfbdd0b92e5938d7aab057 |
| SHA512 | 950750baf7d4eec69451e48e3ba9c7f28f135a9a3783457b6bf9d9db6d77c6b526582c2cd7c5fc5b518bb78d913da4e33b9ac3e700d4692973d501f9ba781122 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9989a54b5059a242f5c32bf26463e0df |
| SHA1 | 92a5f6e32d328505e26783c8d22d1c4a2106a834 |
| SHA256 | 1383c023b5637ef58b3cd6e5421f68b1698b28adb0d7be1f5cf2d023152f12f4 |
| SHA512 | c66e56f530177ace354e89658f8daf0b01aeae3e442330f048181898f9ce9fb2c0a4c9b2886f8f073a85fd279f0c526bcdb4eef8defb0fa6a63615827abd7313 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | adff69ddf1f0d4266374a6643cbdde17 |
| SHA1 | 0605f56af5bf6a0405ee9310a643f4f4abaf4d99 |
| SHA256 | e5275084a78e4057118e21f3f18c5ed1d64a25a20cac90c24698a7833645b5ca |
| SHA512 | a766c71ccb7f3f659e8cc9b5b9856141b262f46697b0a6bcb9c2abd2145c03e0a8c2f7390f9a3dce2b51201a9d70841be84052e791c29e4f70b53192dc2035b7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e8712cb26883561a240e274f789a6253 |
| SHA1 | 0e0fbe83f400564aa68b8b14c33731196c6f4457 |
| SHA256 | a3a019bee0524c2bfefaa454a65c0daa25962bfca002df8fc67f28d84c353f61 |
| SHA512 | fe55b05ce012f38c0eb2ac3269566718f2fc2fd9fae7b0cd27733d9dd99df30944f41ad52c573bd2d6ac146b01c4d0f6f3099546ba67960e0e4ebe959588a039 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c530f0def842cc8cdf1b10dfc7ffbec9 |
| SHA1 | 861e621df475312ae6d9bc3eebbb03286789fa6d |
| SHA256 | 83547fe33a1f66db71929ec21d48f1286fe94b131eecc50d7c23ed70f1b02032 |
| SHA512 | 8ee7e6b8ec3274c2fb7f968c6c77cdcb69fbeb23c6097fb129f81e06a54c10715920821c76458143ef076c241ac3e04a4daa247e5f05a3e4dadb3f38bd72d892 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 272dca4c9a350d90bbbbef8ecf60404a |
| SHA1 | 592ff875cd15fc54f24f74d062f26248c1d07a51 |
| SHA256 | 508b9fbd269bfa9d06da65c68d8eb0484ec4ee292c250440f134f14811b233b8 |
| SHA512 | 7e510099f2b5649af46ab69923c8fb8f660a5e9c5f31791cd794df492f8cc265b6b913cf47ecc0b09d99c885be89002f1ab5e4809a298f5ce8441d0bccf9354e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 80a8dae85a9cb5a00974f9597f66d4c2 |
| SHA1 | c1a4256ebfa990531301e4dfdcc758647c474ea3 |
| SHA256 | e75771a7f24679ecebe49ccbb9b28682feb7e020d4d32cd9b98bc52220615179 |
| SHA512 | a2a6e3d3bd3930a4970f5799afbfbfa727b0b9eda75d32e1ee9398b650a1379d159e04d073ab341abc0a29da56cdae47f8fc8544f9f3caf2bf15d9c1eadf4240 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 01869febe4b793bfbbef9802089305c2 |
| SHA1 | 2124694760882d1e16d18eba15b0c4313a3332a1 |
| SHA256 | e6f77fce84fa1586678087cc1cf5f8f0dd37ac498ab9868cdebcaa17e9ddfdea |
| SHA512 | bca8bbd761bfcdef3d24a97aa45c618f6897d7aef343f988f3f3ec26d2ec82c3cd47431506350905c45f4ecf87bb89294014e10a99dcc05fe3a37259cad3c042 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e58c198fdf06aa7eeb042b6807b1b966 |
| SHA1 | 1a4473483d2775ccd7ab7ada0c8166259c76e1c3 |
| SHA256 | b4c13fc0c6a0461c506349abec867ad0ad1da047b222870dbcd1d70abdebe350 |
| SHA512 | 0a290e4a3e855006bc583ccd42dcd8ebd93dbb925d391f0d8ad250f1952f46ac11e420dc341860c56753c10d3b58d3cfac517c29c31c6aed4be7ac291d40cce3 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-10 16:20
Reported
2024-05-10 16:23
Platform
win10v2004-20240426-en
Max time kernel
145s
Max time network
138s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2ffcd63801dda60d84319b7b8ecd8c70_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffe8ad46f8,0x7fffe8ad4708,0x7fffe8ad4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,15608992719379343788,15851625261212682959,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,15608992719379343788,15851625261212682959,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2452 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,15608992719379343788,15851625261212682959,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2924 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15608992719379343788,15851625261212682959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15608992719379343788,15851625261212682959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15608992719379343788,15851625261212682959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15608992719379343788,15851625261212682959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4900 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15608992719379343788,15851625261212682959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15608992719379343788,15851625261212682959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15608992719379343788,15851625261212682959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,15608992719379343788,15851625261212682959,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4992 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,15608992719379343788,15851625261212682959,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4992 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15608992719379343788,15851625261212682959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3476 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15608992719379343788,15851625261212682959,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3720 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15608992719379343788,15851625261212682959,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15608992719379343788,15851625261212682959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15608992719379343788,15851625261212682959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2264 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15608992719379343788,15851625261212682959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,15608992719379343788,15851625261212682959,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3624 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bp2.blogger.com | udp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| GB | 216.58.212.206:445 | bp2.blogger.com | tcp |
| GB | 172.217.16.226:80 | pagead2.googlesyndication.com | tcp |
| GB | 216.58.201.110:443 | apis.google.com | tcp |
| GB | 142.250.187.225:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.200.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.200.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.200.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.187.225:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 3.bp.blogspot.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| GB | 142.250.200.9:443 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | rcm-images.amazon.com | udp |
| US | 8.8.8.8:53 | img2.blogblog.com | udp |
| US | 8.8.8.8:53 | img1.blogblog.com | udp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| GB | 216.58.201.110:443 | apis.google.com | udp |
| US | 8.8.8.8:53 | clickserve.cc-dt.com | udp |
| GB | 142.250.200.9:443 | img1.blogblog.com | udp |
| US | 8.8.8.8:53 | bp3.blogger.com | udp |
| GB | 216.58.201.102:80 | clickserve.cc-dt.com | tcp |
| GB | 216.58.212.206:80 | bp3.blogger.com | tcp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| GB | 142.250.187.225:443 | 1.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | 23.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.56.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.179.139.118.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rcm.amazon.com | udp |
| US | 8.8.8.8:53 | blog.prestonbailey.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 142.250.179.226:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.179.250.142.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | bp2.blogger.com | udp |
| US | 8.8.8.8:53 | blog.prestonbailey.com | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| GB | 172.217.16.226:445 | pagead2.googlesyndication.com | tcp |
| GB | 172.217.16.226:139 | pagead2.googlesyndication.com | tcp |
| NL | 52.142.223.178:80 | tcp | |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | blog.prestonbailey.com | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| GB | 142.250.200.9:445 | www.blogger.com | tcp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | blog.prestonbailey.com | udp |
| BE | 2.17.107.113:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 113.107.17.2.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b2a1398f937474c51a48b347387ee36a |
| SHA1 | 922a8567f09e68a04233e84e5919043034635949 |
| SHA256 | 2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6 |
| SHA512 | 4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 1ac52e2503cc26baee4322f02f5b8d9c |
| SHA1 | 38e0cee911f5f2a24888a64780ffdf6fa72207c8 |
| SHA256 | f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4 |
| SHA512 | 7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e07bd069f2a6d9831d882aa804ef5d29 |
| SHA1 | 4a83ee609c5daf555abbfb933a2f2e2bb77078be |
| SHA256 | d9b73de0c6267669bf1a4dbfb6cb51f1cccbf09828e000eceb3bbeb9a096803e |
| SHA512 | f610f4257a6098ff50e3a3d0948a597bfde16dbdf66b0ce4eeb2ce7dfdb463ca2619f0669ea2e1cc328dd598792b361feada4de6aa70eeac02d5cbe540f40c13 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 4f00610cb6d797d3ce6a525cd5fd0330 |
| SHA1 | 11e1df833b526d99dd039829fa6dca217b8963bb |
| SHA256 | 041c12e9c69c3234b2cafb8027aed81198effdf6850296658e303d582a72a632 |
| SHA512 | f58fce9879ac211c0854345a6d7750bc67e2036fe61c8053ff573e2c423e7c3722502593a7543beb35d6f2234bfe1f5e2b693555129eff26d34c03a524da0072 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f8bc160e148cfc318c44213fc20a8671 |
| SHA1 | 462d856b38b496f8224120f95c1f5eb665f78600 |
| SHA256 | 8a4995e43ca7ce26ee9751a6b4002267e533ed1257b00cf96cedc33f68ee6bf9 |
| SHA512 | 818edcd878dbf6e7cd231a3e4f6f836859cd1e4d291e4a22ad790d89f663aac30b11bd545281fad1614ab5f635135588681ac7b6a3db6f9ef645a609b80de8ad |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 990b3f50bb7c24fd7dd39c14fd1097e5 |
| SHA1 | 19b1673800fb7abf2c4fa84849c9a963c4ed17cb |
| SHA256 | 2c9a5b09d1945385cb91e2659bd425f3a3367a45f40279139ade458bf7ea1a88 |
| SHA512 | 2ad5331921f823f2a8b93ae7ca3b9fbe4eadeed15b69ca55c240e5a24937feb15306d367e8295d069c201d574d6c1bfcbe127d437b46b677d17a0c6762d00570 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | e7ba3100e62e44f3186c03ac3be5fdbc |
| SHA1 | a1076b5e6ed843bce8d4ff7f2879d2598f75fc2f |
| SHA256 | 48d43bd647458109398529fd9e597d6b32eb2b9dd008f2e69fef06ab7f09ad54 |
| SHA512 | a450e20b304256aeba681f901c3a2494790ba66feb00575663165d313395ea8563efa94cb2f73472a18008e04d3825683a1ea34a0c105c26e33ca17e414efb66 |