Analysis Overview
SHA256
91e7061ea0604d2a4f4158a807d81b06613a99e08e7c07ec70b80cb1efc48ac7
Threat Level: Known bad
The file c18c6cbf9979c49fdcfb681e4d928a21_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
SocGholish
System Location Discovery: System Language Discovery
Browser Information Discovery
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-25 20:47
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-25 20:47
Reported
2024-08-25 20:49
Platform
win7-20240708-en
Max time kernel
144s
Max time network
151s
Command Line
Signatures
SocGholish
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{31413951-6323-11EF-BCF9-7EBFE1D0DDB4} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430780695" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e337bacba951544a9a832c52e69bfb0000000000020000000000106600000001000020000000ed172aee875c78ffc1b013a35bd828588ed06e969b41f924d110401bfd271324000000000e8000000002000020000000fa3f3c1739f807a8142eb700e2db668f38cd68cdac1e6b8952d713539e0a8ba59000000071580207f961a0d784e8d1912c31772a36b83bf575e0abd46d1b87ff3cbe52efca701ac9bb5d63e8e86fb23c035600452c43c20685cebf3525139e94c7e0a2f29245b3bcceabb45523df9a81c28cc9b53ac336911414d967f2d1077d69c53945d3f4b118c68e6fe168afa819a54286e465699105a6629cb8e33b5072126a73be6046a93dec40fb7f2aee78c91edaa9ec40000000862e8860eaaa2a361ffb9ee34c329142f629e71d59f36e9a47517ac1c70fae5d45fa9da13fe5c12416356bef2d8280bca083b6d60d240f7a20bdea9c51777e53 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e337bacba951544a9a832c52e69bfb00000000000200000000001066000000010000200000003374b9a8d1c05feae15532f2014e732b276c31fe759b1f77d0e79bb1ab6b4e7d000000000e800000000200002000000026e709ad8b0716a102aec697e8fbe0047e6a2a4629eb1454d4feee8cee68be6920000000407cc7e84efd15a333894863b67bba56e951b125232750b108848bfade4a7f914000000065e5f4bc3106f79d9f4f9afdd61158a2edbfd33a1371b7397f2f19e36dcefbf10d4fbc101fe79efa0b3e9c34a656bc735cd5b44a4e7f0eeb659b0c876baa7078 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0a8710b30f7da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2636 wrote to memory of 2800 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2636 wrote to memory of 2800 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2636 wrote to memory of 2800 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2636 wrote to memory of 2800 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c18c6cbf9979c49fdcfb681e4d928a21_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2636 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | img.pousadasbrasil.tur.br | udp |
| US | 8.8.8.8:53 | agregando.net | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | blogdobem.net | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | i49.tinypic.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | gosteibloguei.com.br | udp |
| US | 8.8.8.8:53 | www.geralinks.com | udp |
| US | 8.8.8.8:53 | vidavadia.com | udp |
| US | 8.8.8.8:53 | www.eutesalvo.com | udp |
| US | 8.8.8.8:53 | vadiandonanet.com | udp |
| FR | 142.250.179.97:80 | 3.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 3.bp.blogspot.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| FR | 142.250.179.97:80 | 3.bp.blogspot.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| FR | 142.250.179.105:443 | www.blogger.com | tcp |
| FR | 142.250.179.105:443 | www.blogger.com | tcp |
| FR | 142.250.179.105:443 | www.blogger.com | tcp |
| FR | 142.250.179.105:443 | www.blogger.com | tcp |
| FR | 142.250.179.97:80 | 3.bp.blogspot.com | tcp |
| FR | 142.250.179.105:443 | www.blogger.com | tcp |
| FR | 142.250.179.97:80 | 3.bp.blogspot.com | tcp |
| FR | 142.250.179.105:443 | www.blogger.com | tcp |
| FR | 142.250.179.97:80 | 3.bp.blogspot.com | tcp |
| FR | 142.250.178.142:443 | apis.google.com | tcp |
| FR | 142.250.178.142:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| US | 104.21.58.245:80 | www.geralinks.com | tcp |
| US | 104.21.58.245:80 | www.geralinks.com | tcp |
| US | 172.67.174.14:80 | www.eutesalvo.com | tcp |
| US | 172.67.174.14:80 | www.eutesalvo.com | tcp |
| US | 104.21.234.48:80 | vadiandonanet.com | tcp |
| US | 104.21.234.48:80 | vadiandonanet.com | tcp |
| US | 208.91.197.132:80 | vidavadia.com | tcp |
| US | 208.91.197.132:80 | vidavadia.com | tcp |
| US | 104.21.234.48:443 | vadiandonanet.com | tcp |
| US | 172.67.174.14:443 | www.eutesalvo.com | tcp |
| FR | 142.250.179.105:443 | www.blogger.com | tcp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| FR | 142.250.179.105:443 | www.blogger.com | tcp |
| FR | 142.250.179.105:443 | www.blogger.com | tcp |
| US | 8.8.8.8:53 | widgets.amung.us | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | bit.ly | udp |
| GB | 157.240.221.35:80 | www.facebook.com | tcp |
| US | 104.22.75.171:80 | widgets.amung.us | tcp |
| GB | 157.240.221.35:80 | www.facebook.com | tcp |
| US | 104.22.75.171:80 | widgets.amung.us | tcp |
| US | 67.199.248.11:80 | bit.ly | tcp |
| US | 67.199.248.11:80 | bit.ly | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| GB | 157.240.221.35:443 | www.facebook.com | tcp |
| GB | 157.240.221.35:443 | www.facebook.com | tcp |
| IE | 74.125.193.84:443 | accounts.google.com | tcp |
| IE | 74.125.193.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | imagensparaseufacebook.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 142.250.179.68:443 | www.google.com | tcp |
| FR | 142.250.179.68:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | crl.microsoft.com | udp |
| GB | 92.123.143.234:80 | crl.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199
| MD5 | d81867ef09904cd8bad14b045cf82c4a |
| SHA1 | 388916047e6f36c9fb5f4387c0ebb328cd435960 |
| SHA256 | a41810364a52aaac18388d4090844fcdf51f48b84d0653b9d4a6ecce767eceb0 |
| SHA512 | 358a61f69b1318171ed298036a55e5ef39b9d8611c6927b36a303499488c1d146aa9c99e8f36d21c2082491dc3fa6b3d61106b8e09e5bc56ed9359953f8646a7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199
| MD5 | e935bc5762068caf3e24a2683b1b8a88 |
| SHA1 | 82b70eb774c0756837fe8d7acbfeec05ecbf5463 |
| SHA256 | a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d |
| SHA512 | bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WHDSWW5V\platform_gapi.iframes.style.common[1].js
| MD5 | aada98a5b22ec7188655c2c17a083c57 |
| SHA1 | 7c3c2fb8744e7412d8097e28f588788d91b9cd9b |
| SHA256 | f2f09baa213dd3dd95edb5a30c7764e4a44d9a79c0831f90b1ad8ebedec9dab8 |
| SHA512 | a780aa3b9e36f61be8240487e75c19a96fe26d54abf9006680a00af9d1d394e81e517f0bbbc13edff3a7190679260ecd56fd5cdd7c2d2f416ab8982c3277b953 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6XUZ2JLF\cb=gapi[1].js
| MD5 | cb98a2420cd89f7b7b25807f75543061 |
| SHA1 | b9bc2a7430debbe52bce03aa3c7916bedfd12e44 |
| SHA256 | bea369fc5bdd5b9b473441583c46b9939232bf1f98c1cedf6bc2241c4f5068d4 |
| SHA512 | 49ccede4596d1e5640a9c8e8be333f9c18812d58f02b2b15adb54172df1387439e9dc5afc4ccd9d8f0f75f092318bed68d3cd577338e88ef4f9373de8a07c44e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B3513D73A177A2707D910183759B389B_147AB4536A182B9FCE88E194D59F3B22
| MD5 | 9567f5fa5f9ab437be782dd03c82992f |
| SHA1 | 1b43a7366e8048396ac77aab2f664b7f04e297f3 |
| SHA256 | 9c3b0a98bf69d02ee9a23c48ba3ec79898db6bdfdb3ea2fa9df9ae582bbfeac7 |
| SHA512 | 41865f00932057bb7d225735b1a2ed844ceda711f95dba8f630fbea78d9043ff09bbfb9614ac9cbdc2947ff8035cdeb13a9e04eb0960c54c8d1add8824a93e47 |
C:\Users\Admin\AppData\Local\Temp\Tar103B.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\Local\Temp\Cab1039.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b4593f41bcb708ee6da48b666ade9c66 |
| SHA1 | 92ba1326019895892b1bd2c435a0d67f84fd86fc |
| SHA256 | a5e28ae6daedc8dc9184ac839c6feeefaec211120c4c2453ed65481b5504b945 |
| SHA512 | d821e0e03e939fdc1c429de7e2fc32512e897b3c1431e1e30ae44a671d73cbee29733d0337c6eef554040e0332bb3141fd401e200c046f1a0135e21f16cce221 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f25a8545cc4c4b2566a0cfb54c1757f8 |
| SHA1 | f510d4b0014fdd8e6b28b27f2f97b8758aba27fd |
| SHA256 | 74d407fa24c99b6ea940bcba0e36e645f61506b42c5b8078badde1ec26938d1e |
| SHA512 | 792b07822a37ce1993a967ebea442d8f410d9a5212f338669da192f84a8dcb03ca7fc2196a505377bb34bc7a16ea0bd29e7cc2d8d67c5119982c2f7245dcdfc8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b9c252346eccdd875a1557511aa32ae5 |
| SHA1 | c460ecbf18116824413b90b6b2a6c7e8d7d8f61f |
| SHA256 | 4f6126d146a16b08399f3e2ab4e0bf2a75ea4f99c52025faa58968a28c087e91 |
| SHA512 | 23fd1d792f2f451075ae8a886786299dd967b49f2834d4c1b55b2b9ccf208400c678b4fd634d33ee3817701781cf689bb06d5f5bf28ab67eccde42dad5e9ffab |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9e2f4b190ba2446c3f71da703b6f2e96 |
| SHA1 | 798fb140660f4763d3df802648c84b3e7f9d65d1 |
| SHA256 | 9d00540896d5b8229d9781d67cf8e2faec99c4fc3ef05a9f4ceca8ad0ab5ad47 |
| SHA512 | 8b1a188c761c0fd65644c866d4beb2f0e44a418654d487b366801d6dc99a9e72d844b704e66584a12db8d6a15480fcaf2350a0bae7d3a0cd9449ad5d254ef3ae |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 973eb53724dd5334d86bdeb865787ecb |
| SHA1 | 4187cc3f16ab4e7c6c8de6649967f5961594969f |
| SHA256 | dd716ee40247bdb97344f97457f9bd9188b440e5972f73e5f76cd204397fac9c |
| SHA512 | b6bc2cea65f908ad8c212caf8b74234b0b4567816f3c8a782140874f215b5acfeb2ab6e7aa0b1d7c0159467a9a5fcdf416f79e033e2cd9bc8794398e0c5cd67e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 56363935cec8d5d85d9ffe9b59d621c2 |
| SHA1 | 128d297d3fe10b5491e2d9af63ced452936767a1 |
| SHA256 | 995fc4f9f71ae64b149e2567b5dbfc75d3a47135a60254e9ed00b4377b51b19f |
| SHA512 | 99cd3c7201b01271a82538a95f3530eba2cbabc3b37ffc0078523f86b88ad640b84a54a218db9105fdf8c0f6831f460e1a822ddeeff8ee24fec96ab1143ce8dd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 72d5e340d9128009094dfc48c835d457 |
| SHA1 | ed3dbc686a2d5f0a708a2ef031437c353fcea41a |
| SHA256 | 5f94d306b2757d77af7a22b052f3cdae17c76c7e0a40e04cfe73f6aac052e72b |
| SHA512 | a5308a136f6e561ee24d39120c0248f7053e2534cffc788687f0a6b63ade01db18c7f9741210cd3dd41e5c63b0b11aaec557a69b9df857d45b20ff72fce7543a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 17c58bbad5109fe92778bf74a1684ca8 |
| SHA1 | 43ff07a3fde8fec00cf15945309aac68daa77cb0 |
| SHA256 | ea646b55c88786945da59aed42b23c2e6eb699d40876a08f185ddc3c781a31a3 |
| SHA512 | 007befad043523a1702b4c5c9da9d472c06237fe6c190b9d9a3bcb2f40f673c96cf68475e6a885defc3e49c6864e50344b574a7f4d0c00ad5967333e17551479 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | df79880fc0404ceed875c64207698f91 |
| SHA1 | d7b6e13446ade212ad20d120811133710b98332c |
| SHA256 | d167a308933d66c6425ae25d114b8ba8c36ae0eb55f758ed127b2a4f3af32cb2 |
| SHA512 | a758da9ca5eb5657b3d3110fcf8f7c2f232c26b1eeb0c2f8a96318d655ee57a8f7b904568cd3f4b3fa3e8a28060f431414f9d834c8687335b4c569f386b875ad |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5730cff74a37ae79857fdac4d1c69c14 |
| SHA1 | 07ed5fdad69602eab8fb11d0fe51b2a8cb6542af |
| SHA256 | 8bbcfa0f7812c420fd3f75deef26aa1d569b513e8ad00d3a82bbef3c279b6de9 |
| SHA512 | bf9e8e6e4db9c3722b8be2044a83a8e302cc30afddb834c8a955a1d1261a0310ea2f832fdf1775f8976bd693476404d73b9b7fa03f51da78d548e306d2b51eed |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 748ebf5b1dddde578fe27f9e020b141c |
| SHA1 | 2c5d0891feabbd8cac43a382e3f31bdb96b75277 |
| SHA256 | 97db9b531dda6acc8337a3dd0f04dbaeca8e4b8f322e1d6b766df42c5376fe9a |
| SHA512 | 9b59198cb488db03a8fc227ed4cfbbb7d7889c5d5a44867f57ee4fffcff9356e2a58486c0b9572dfdefe69f5d953cb88b60fbc3bcc7bab46b8aeee680c313360 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c8963babd7494569ed91f2620b40c569 |
| SHA1 | a492d1f548342bdb2fc143c45c77a62103bf2a65 |
| SHA256 | 4425a47ed2e4d3c44241b3c4d89fc2383bd349372520e528e7cd90735d365add |
| SHA512 | 155a7d43434b91c9079f41f39a7027ca54e92c209e65f8fbf4feea3efe3776067ad6d943efa3ed0f550550f5c9a300ef864200864df0761f4b8fa7241aed0bbc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c2405d10799483af70485c243973476d |
| SHA1 | e1a8701bd6b84956b5317567edd1b0a1206eb267 |
| SHA256 | f3e32cdae6606565dc62432dfa80e68eec9c28585335853a08360064b434420c |
| SHA512 | 38ffe685dd0ce569bfd91b6efb41be109816987516313649814594af2cbbc0cf6994097f3061c1865cc12f8344ffd04c0262a4484cce4d3168f5dd8f52ff4ed5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | acd81779c61381fc379e56c1c5834386 |
| SHA1 | bf51e5ead3c4354d9fc4f0a1914c9e0eac3f9f4c |
| SHA256 | 7e26df97d444d2314c27a87d1b683e7bda5933f77d397e67449867595eaa6e41 |
| SHA512 | ac8751b9b6e88d78e826ba8941837e72249c7df4bcd9a73588ad48f0ee062389f9d8e623740be474d8382fd1d18b5b19d3de3f8fdc7eb3c913dd5d99ca7d2b9d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 7f6742062588b809de2fb2db9b8e5660 |
| SHA1 | ae1833e960a79fadab512cf72749f3c1546b3b03 |
| SHA256 | 8ddcf0ce537b38d4fa0237eaad2bd5b398c7544d97d385d810c934172297ffc9 |
| SHA512 | 4c816df324f4a76a9d70342e1b74b13523202b43a8bb422dc02b02bc8753870531e885f0fa3c7c0a4c16d6e322db91f81190248a8979667eda6e12eeab0b4997 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0e0faf4641e8813b35c7bfdcd4a280f1 |
| SHA1 | de4252e338ba51b4f1a991db97cc463802c85187 |
| SHA256 | 13bab6704126539682eeec741f6a17032c07198e0f8803db5c7f6283f2a12afc |
| SHA512 | 97adff6a51c373e6001ef2bebcd133cb1e5c3abc28f0b8becf903047c8bb82dd798f98c0d900bec2bd0531ba910bd7a3435519e8d9fc6e9599c8b3ba94a0f906 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 070a6ba91266bf33145c82e35a93a5c2 |
| SHA1 | 6c5662168c15e3aa14dc99ec054f8d2ee97822da |
| SHA256 | f67bb6834c05438ce98f8188b822353f37ada09de200c15f2511d9666e0d50c0 |
| SHA512 | 91e70c90745224c7ddb276a809cc45b766c0dec2ce6e9b07aa8989d3c217264edd192a57127db8ee03ad409dc5ecfa7ced56e7c6c9c04b525003910e14a9a347 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5a6032ad9b1ad39fe97ebb01714b9d62 |
| SHA1 | 8ccada621020aafcd389bb8f5918edd8338a57f0 |
| SHA256 | a0cb008bf99a41fa6faf795b8837f0277e2fcf38e644fa8dde448c91b24d0ffe |
| SHA512 | 3d0f1b11a956e416dc8a24fafe5ed12742defe4de8141a812564888db2114aeffd76fa386ced9c47c6cd3971503d7733ec8be58539fa3f47bb270bc9feb215c8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e82b4fddf297ebca8523ac7c3ba7285b |
| SHA1 | 7cb54064bbfe7c9895bae6057816d7c8fd2c2299 |
| SHA256 | 08df2e0e270425046d7c61c37cf74211a3d4108c7b18d5053dd5426a888e4826 |
| SHA512 | 749582a4be271cff8593dada2bd0ca34e86f70331f59ac0c7086693b6f16cbeb204988a3849c722f0b847040cf81973c65c18624e242fc96558eee12e58d2608 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | df9f6550c72eed0056939250fba154f9 |
| SHA1 | 5b7ae461c37357d568f206ff5be75909b310ad97 |
| SHA256 | e0d7df71a3e6019244c52064b3a51c501ccff8782e947aade5b7f110573e76bf |
| SHA512 | 44307e75035758fbc3cc722a97ef6a6120b3eb57be0f04646ad35f21f84d245a02ed55d4c173fba29f54958f1cf93a9832a43bc4bc705cd4dcc3a0a07e1d65fd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 721628c46fdfee2aa80c8658af36a416 |
| SHA1 | 068efa56bc94a95db3cf126bd49475a97f59564a |
| SHA256 | 3e7f2922e64fe2bb99335f043a488c2a10eb0a700dfed46f1568914217a94444 |
| SHA512 | 82cfb466632782193e6efc3377208a551032cd2404522a53a3a2c70ac0d0b4ab1fc46ae0ef58ce5b2930c36dc13b1049b9aed0c9443af0a69ae015e61578bbd1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 3072fea9043552c2c8e3105bca9f919d |
| SHA1 | 6c744f145c247e7aa88a878654b2fe7f62db969f |
| SHA256 | 4e47b37d5488a9351e2487fa21fa7785e7d0649c168d92e4d85937661e7fbc74 |
| SHA512 | 3c3d1ddc8ccd1ad27fcc3e12d1a5236b9580e144cf4c382d3ceb38566559b3ce1816725a7aa39c1899ed417efce29c344e1ec28fc985b4a7a105f223cd92fe70 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1b62b8674a226a092a76885907dc2045 |
| SHA1 | ed3f0ffe9b68330f3a5c84788341e0db85aaae2c |
| SHA256 | 3cace41e74fd5b6d6bae6a26f816fcda8f3e344d541454f95b0720a58378823f |
| SHA512 | 202815e9b9c1a987cb4e4356674ff105496dc95797c5c359df69b85c076ff58e0b3c9833ecc98f237901b360a4b51e7b605adeed65c634d844d12f0732e786aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c29ef8ed1b51d1d3bec8a90f4b5a20db |
| SHA1 | 15b2c48087c46d85cb8612fef4fd049fced810bd |
| SHA256 | 437bf486ef25c7a79083471a8a15ec4465e3de0c1477dbc670bfcd13aa3dcd3c |
| SHA512 | 02a751ec8bbdca38dff2de8e7c58d99dda9931a55cd68fcf0a49351f3cb4632d873bbd2fe9f31030687af146ccd15d3bb99748e9e875452d03be4fe078dd5439 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-08-25 20:47
Reported
2024-08-25 20:49
Platform
win10v2004-20240802-en
Max time kernel
145s
Max time network
142s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c18c6cbf9979c49fdcfb681e4d928a21_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9c78546f8,0x7ff9c7854708,0x7ff9c7854718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,13077965359580637699,2003719384710315459,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,13077965359580637699,2003719384710315459,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,13077965359580637699,2003719384710315459,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2636 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,13077965359580637699,2003719384710315459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,13077965359580637699,2003719384710315459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,13077965359580637699,2003719384710315459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4640 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,13077965359580637699,2003719384710315459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4900 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,13077965359580637699,2003719384710315459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,13077965359580637699,2003719384710315459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,13077965359580637699,2003719384710315459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,13077965359580637699,2003719384710315459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,13077965359580637699,2003719384710315459,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5160 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,13077965359580637699,2003719384710315459,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5160 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,13077965359580637699,2003719384710315459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,13077965359580637699,2003719384710315459,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,13077965359580637699,2003719384710315459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4036 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,13077965359580637699,2003719384710315459,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,13077965359580637699,2003719384710315459,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5124 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| FR | 142.250.179.105:445 | resources.blogblog.com | tcp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| US | 8.8.8.8:53 | agregando.net | udp |
| US | 8.8.8.8:53 | img.pousadasbrasil.tur.br | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| FR | 142.250.178.142:443 | apis.google.com | tcp |
| FR | 142.250.179.105:443 | www.blogger.com | tcp |
| FR | 142.250.179.105:443 | www.blogger.com | tcp |
| FR | 142.250.179.105:443 | www.blogger.com | tcp |
| FR | 142.250.179.97:80 | 3.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 3.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 3.bp.blogspot.com | tcp |
| FR | 142.250.179.105:443 | www.blogger.com | tcp |
| FR | 142.250.179.105:443 | www.blogger.com | tcp |
| FR | 142.250.179.97:80 | 3.bp.blogspot.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 8.8.8.8:53 | blogdobem.net | udp |
| US | 8.8.8.8:53 | i49.tinypic.com | udp |
| FR | 142.250.179.105:443 | www.blogger.com | tcp |
| FR | 142.250.178.142:443 | apis.google.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 8.8.8.8:53 | gosteibloguei.com.br | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.geralinks.com | udp |
| FR | 142.250.178.142:443 | apis.google.com | udp |
| US | 8.8.8.8:53 | vidavadia.com | udp |
| US | 172.67.166.126:80 | www.geralinks.com | tcp |
| US | 8.8.8.8:53 | www.eutesalvo.com | udp |
| US | 8.8.8.8:53 | vadiandonanet.com | udp |
| FR | 142.250.179.105:443 | www.blogger.com | udp |
| US | 104.21.80.39:80 | www.eutesalvo.com | tcp |
| US | 104.21.234.49:80 | vadiandonanet.com | tcp |
| US | 104.21.234.49:443 | vadiandonanet.com | tcp |
| US | 104.21.80.39:443 | www.eutesalvo.com | tcp |
| US | 8.8.8.8:53 | widgets.amung.us | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 104.22.74.171:80 | widgets.amung.us | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | bit.ly | udp |
| GB | 157.240.221.35:80 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | t.dtscout.com | udp |
| US | 141.101.120.10:443 | t.dtscout.com | tcp |
| FR | 142.250.179.105:139 | www.blogger.com | tcp |
| GB | 157.240.221.35:443 | www.facebook.com | tcp |
| FR | 142.250.179.105:443 | www.blogger.com | udp |
| US | 8.8.8.8:53 | 142.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.179.139.118.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.80.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.166.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.74.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.234.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.221.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.120.101.141.in-addr.arpa | udp |
| US | 208.91.197.132:80 | vidavadia.com | tcp |
| US | 208.91.197.132:80 | vidavadia.com | tcp |
| US | 67.199.248.11:80 | bit.ly | tcp |
| IE | 74.125.193.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | imagensparaseufacebook.com | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.28.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 132.197.91.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.248.199.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.193.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 142.250.179.68:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.179.250.142.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| FR | 142.250.74.226:445 | pagead2.googlesyndication.com | tcp |
| FR | 142.250.179.98:139 | pagead2.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.56.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.blogblog.com | udp |
| FR | 142.250.179.105:445 | www.blogblog.com | tcp |
| US | 8.8.8.8:53 | www.blogblog.com | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | whos.amung.us | udp |
| US | 104.22.74.171:445 | whos.amung.us | tcp |
| US | 104.22.75.171:445 | whos.amung.us | tcp |
| US | 172.67.8.141:445 | whos.amung.us | tcp |
| US | 8.8.8.8:53 | whos.amung.us | udp |
| US | 8.8.8.8:53 | putariacomputa.blogspot.com | udp |
| FR | 142.250.75.225:80 | putariacomputa.blogspot.com | tcp |
| US | 8.8.8.8:53 | 225.75.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 150.171.27.10:443 | g.bing.com | tcp |
| US | 150.171.27.10:443 | g.bing.com | tcp |
| US | 150.171.27.10:443 | g.bing.com | tcp |
| US | 150.171.27.10:443 | g.bing.com | tcp |
| US | 150.171.27.10:443 | g.bing.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 0446fcdd21b016db1f468971fb82a488 |
| SHA1 | 726b91562bb75f80981f381e3c69d7d832c87c9d |
| SHA256 | 62c5dc18b25e758f3508582a7c58bb46b734a774d97fc0e8a20614235caa8222 |
| SHA512 | 1df7c085042266959f1fe0aedc5f6d40ceba485b54159f51f0c38f17bb250b79ea941b735e1b6faf219f23fe8ab65ac4557f545519d52d5416b89ad0f9047a31 |
\??\pipe\LOCAL\crashpad_4864_RSZRUSEJFIPFZVWS
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 9b008261dda31857d68792b46af6dd6d |
| SHA1 | e82dc88e2d1da2df7cb19d79a0346b9bb90d52b3 |
| SHA256 | 9ac598d4f8170f7e475d84103aead9e3c23d5f2d292741a7f56a17bde8b6f7da |
| SHA512 | 78853091403a06beeec4998e2e3a4342111895ffd485f7f7cd367741a4883f7a25864cba00a6c86f27dc0c9ce9d04f08011ecc40c8ae9383d33274739ac39f10 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 046c8203151031b22850d9bcd1548d7c |
| SHA1 | 42a3cbc6228e46d10e90ff59c1e7be34b72a05aa |
| SHA256 | 17d9ed4a464ae9fc0a7e13f24c46549f59701b3d176a7177e9b88062e27f4a1a |
| SHA512 | f649062b8ec5aaaed3b8b3e070ae14489b3f33c64c9707e7b318277f019d6eaf5d80b28fb03970398946017db72a48d882050511cf128c1a89e49c9c3f49d6fa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 75483fb92fbfa58fa2cadfd9db4251ff |
| SHA1 | d70dbcb39b22dd1d7653076f649e035cfd9d1976 |
| SHA256 | e9062792a9a34faebc7ff8dbd690a4f352f2b007765824b25c0733a04e117053 |
| SHA512 | 5cf93a084e8db9d06ef77696ecc7be32e3e012117e59fb96317d7b1ab263f18913160b4de6099736a86588c44e44790404e4db2ac39da0838692eee300091b4e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | bfb3ef5f2b388cb3a09b1fa3fd276186 |
| SHA1 | 7ac45ebd1c2c736a5ebca036fcb4ca4662b48a06 |
| SHA256 | f264611d321e3a77e0958530227fb2b808cfb18d4fdd87a9a08243acffbff878 |
| SHA512 | cb6e99ed45b6eb22f9f3dfa34f90653aa7571fbd677d79f0d4a01c4e3b488ed697d80dc6b3c6af7856fa48151790c1bfeb84da616642f91af75889a5821378db |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | e79d6b7d74388d20f534ccfc754e7879 |
| SHA1 | 5ea4aa6bb7b7fab310e569a1d9625d912aca6242 |
| SHA256 | 152ae831fc7ec73307b0f0fb9aaf2e535e5a1dead57e4d019a3aef50360d827f |
| SHA512 | 144e380120df9e3187705aa53e2ad1ee2a9d5fdfd6635fbbe6d7064629cc687a495ead3831b29aae0495c2e3343d8db308e70e0ecd02c0345a673c12b8022cd8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 86d8e88fe91732705cc02e99e0a89b6e |
| SHA1 | 03ab0bd80e414959c6d879477ea5e9fe99eaa006 |
| SHA256 | b8d800fa75e53f8aeee2218fe2e68a742f0066d9a71509832ac46f51ee37ff38 |
| SHA512 | 5fba3fe51487f3dc22f4dbe5226dee7aae24b5c908ff9312e8d6cca4734401b779f59659d3b0c3fdb406c95e5ad4587e573a723fe49d598fbf654e20972e2fb6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 75ad02ba3a51d5d6cb136c95b3f3ec29 |
| SHA1 | 036f53d1bc42b82fff72106be2f779e14e50a520 |
| SHA256 | 43062519242f21ae7e3ee2e399d6a3b35435146a43eff7ffd3df0acef7896f07 |
| SHA512 | d5b0684204f02c2573133ae7081c30d4683345e0392a843d16301c436bd800668bef338b5668f5ca1b9b24f88236fc4c9fc1668527d9d775cea70cbebf098f71 |