Analysis Overview
SHA256
e2985496aaa6ba8472aef79e6d072b60bd70f8dc513a12f541bba29479f7290c
Threat Level: Known bad
The file c3f3654208148f72eb9c819d8adb43b0_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
SocGholish
Browser Information Discovery
System Location Discovery: System Language Discovery
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-26 22:49
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-26 22:49
Reported
2024-08-26 22:52
Platform
win7-20240705-en
Max time kernel
143s
Max time network
146s
Command Line
Signatures
SocGholish
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430874440" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000082ebb0b9d6f3f0458e93e15bd38f268f00000000020000000000106600000001000020000000b23135de7d0db6632aef7ddf0d52dd9f24140fa206af781b99feb087e661ffdf000000000e8000000002000020000000c83ab5bc5ec76fa6c66bb9ef5085ae96c73d46e8fb12f4b2ad2075ea66d99cd690000000f2ff47facc8bf53e5cb56d3d337aa9e9cc6b1f1e556ac13917b5aa57fca1f4054b4942f900a544061cc28fdee4f498f09b47e55616537a8a4d14e3fd21ea6d6c13153d9b3291bf770a8d06a7ec03359e8d6904d12d2019844db70abffda1468fdda943c44ea97e20c5146206e6d4367fed105036e82363f74efaaab1e827ea2c5ad311b818a14c8b69097d48a4c3d62d4000000005a2a4d1cc1c0480ddd37fddabfce55913d46a973bc4f0a0f36b88432737f90b0ab762bb345efc0d502c0a70156efe7f906979d60e354040273e734b955b0797 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d023e04c0af8da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{759A0AC1-63FD-11EF-9637-66F7CEAD1BEF} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000082ebb0b9d6f3f0458e93e15bd38f268f000000000200000000001066000000010000200000002d5320e5b77215f7247d842b05b4809523bbcadd1330eab0daf574df55148894000000000e8000000002000020000000a3772036128b79da78b8b1c7fb0ffad54889eedbd5bdaa4d91c412fd8a79738e20000000b46154a83ee4806586cd327425a0ca549898fa75ec11c78da09138cabe8b6d48400000009bef50033701790ac1da101e3d3201c3bdfbce43c8278d0e55742b8d207d4992699036eee878bcd2a345d7798318f5d22dd069013e448d251023eaa684f9e469 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2372 wrote to memory of 2904 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2372 wrote to memory of 2904 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2372 wrote to memory of 2904 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2372 wrote to memory of 2904 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c3f3654208148f72eb9c819d8adb43b0_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2372 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| FR | 142.250.179.105:443 | resources.blogblog.com | tcp |
| FR | 142.250.179.105:443 | resources.blogblog.com | tcp |
| FR | 142.250.179.105:443 | resources.blogblog.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| FR | 142.250.179.97:80 | 1.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 1.bp.blogspot.com | tcp |
| FR | 142.250.179.97:443 | 1.bp.blogspot.com | tcp |
| FR | 142.250.179.74:80 | ajax.googleapis.com | tcp |
| FR | 142.250.179.97:443 | 1.bp.blogspot.com | tcp |
| FR | 142.250.178.142:443 | apis.google.com | tcp |
| FR | 142.250.179.74:80 | ajax.googleapis.com | tcp |
| FR | 142.250.178.142:443 | apis.google.com | tcp |
| FR | 142.250.179.105:443 | resources.blogblog.com | tcp |
| FR | 142.250.179.105:443 | resources.blogblog.com | tcp |
| FR | 142.250.179.105:443 | resources.blogblog.com | tcp |
| FR | 142.250.179.105:443 | resources.blogblog.com | tcp |
| FR | 142.250.179.105:443 | resources.blogblog.com | tcp |
| FR | 142.250.179.105:443 | resources.blogblog.com | tcp |
| FR | 142.250.179.97:443 | 1.bp.blogspot.com | tcp |
| FR | 142.250.179.97:443 | 1.bp.blogspot.com | tcp |
| FR | 142.250.179.97:443 | 1.bp.blogspot.com | tcp |
| FR | 142.250.179.97:443 | 1.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 1.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| FR | 142.250.179.97:80 | 1.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 1.bp.blogspot.com | tcp |
| FR | 142.250.179.97:443 | 1.bp.blogspot.com | tcp |
| FR | 142.250.179.97:443 | 1.bp.blogspot.com | tcp |
| FR | 142.250.179.97:443 | 1.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 157.240.221.35:80 | www.facebook.com | tcp |
| GB | 157.240.221.35:80 | www.facebook.com | tcp |
| GB | 157.240.221.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| US | 8.8.8.8:53 | lh6.googleusercontent.com | udp |
| FR | 142.250.178.129:443 | lh6.googleusercontent.com | tcp |
| FR | 142.250.178.129:443 | lh6.googleusercontent.com | tcp |
| FR | 142.250.178.129:443 | lh6.googleusercontent.com | tcp |
| FR | 142.250.178.129:443 | lh6.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | crl.microsoft.com | udp |
| GB | 2.18.190.71:80 | crl.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 1d77892dc8a061b804d4e44beca41a45 |
| SHA1 | 8df53f8fb16a9c547d4c981452d0996133b300d9 |
| SHA256 | 8fc564cfccbd201ffea383d4d50cebec7e32df4313c9cfa0ec7b9caa43de0e18 |
| SHA512 | b130038c3c6800aed8df81b77cf4f97dcabdb826271d9da16c4bcce0ee921da126904c11e56cbec045f22638f7a92a1fb9ab88b8f626003444ccd9687cd2591d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 5b80b7db25ca8cf97e3e559efc6fe0ac |
| SHA1 | 17268e268bdf33f58e585c840e8f12b1edcc9793 |
| SHA256 | bce94058599bb5c98f74fcd22d224c93b576c73bc3c3ce3032af01b719d0240a |
| SHA512 | 8260c031ea0038e49bccec419669767a9da89b1455629bc92da897449eafd48b15dbb32a5e203d33bf3b18c7855ed50f3a213970f2bbb9a59b61ecfa568853ca |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 2a4dd99a5f4c9ee277eb2a39a089d33e |
| SHA1 | 30f7b3fb4bc0907f4b1182b1fa37b65a4a76820f |
| SHA256 | 4d966aa3627a3361b115d9383245c45e009c2ad5e25d822cbff95b2ba6f1491e |
| SHA512 | 967d76094c395f57aa8a82217d620ca4fb0bca4e1db21cca6696cad9601aa2ab01a1b21b529bcdfa48bedab5ca0dbe40a5534b11a0b358d8c4d2826b86824d5f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199
| MD5 | f297bfd2618e6983b7c7fcb836368359 |
| SHA1 | c196f680c6cd03be22082c5cb97a1f63ec58d763 |
| SHA256 | 98afcdeb4e123c5098acbee3f9a5a6848d1b788c104a906a1ae8d9737d5a3f0d |
| SHA512 | 36a77dde42eca76098d1a363a438d8ad522c67b624e3df6f46a50fd7d3b79d2d7826814f29d1902b5f56c563659d3e79b1f595d4255f5827b6eaf6fcc10536de |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199
| MD5 | e935bc5762068caf3e24a2683b1b8a88 |
| SHA1 | 82b70eb774c0756837fe8d7acbfeec05ecbf5463 |
| SHA256 | a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d |
| SHA512 | bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199
| MD5 | cbe730dc11fc5b1b6e63b111ebe282b3 |
| SHA1 | b6323ae5f8dec6f23869e906c58c033d19cf0b31 |
| SHA256 | 65a14721d28250dde00a3acd87fb9a562c15c168d69b45108540d1e8c3f15e13 |
| SHA512 | 4b0e5230152128b6e6b44b7619ffca9c8cc6655f06d1c90a4bd44c6ca71fa3d2f831f84332291fff6fdec49b81a6c8ce159ccb3977dbfb271274224b18d72c55 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B3513D73A177A2707D910183759B389B_147AB4536A182B9FCE88E194D59F3B22
| MD5 | 1c33733bba48dc1da9b3b72aa0d51872 |
| SHA1 | 4cf2d3db81647006bb5f53aa30b9db7bcaf0d655 |
| SHA256 | 88c15dbd932201db0eb1903827bcc264ed9abc80bcf323f4c49080ffcacc58b0 |
| SHA512 | 3336ea7634bf22b2989549b621596496308446595d0e3b291902767883d901106aa5ed405789047b83c5ab97ffa05db2afe0d987593cae37c5a90c9e1b680988 |
C:\Users\Admin\AppData\Local\Temp\CabDC3D.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1VX38S3F\platform_gapi.iframes.style.common[1].js
| MD5 | aada98a5b22ec7188655c2c17a083c57 |
| SHA1 | 7c3c2fb8744e7412d8097e28f588788d91b9cd9b |
| SHA256 | f2f09baa213dd3dd95edb5a30c7764e4a44d9a79c0831f90b1ad8ebedec9dab8 |
| SHA512 | a780aa3b9e36f61be8240487e75c19a96fe26d54abf9006680a00af9d1d394e81e517f0bbbc13edff3a7190679260ecd56fd5cdd7c2d2f416ab8982c3277b953 |
C:\Users\Admin\AppData\Local\Temp\TarDCEC.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1VX38S3F\cb=gapi[1].js
| MD5 | cb98a2420cd89f7b7b25807f75543061 |
| SHA1 | b9bc2a7430debbe52bce03aa3c7916bedfd12e44 |
| SHA256 | bea369fc5bdd5b9b473441583c46b9939232bf1f98c1cedf6bc2241c4f5068d4 |
| SHA512 | 49ccede4596d1e5640a9c8e8be333f9c18812d58f02b2b15adb54172df1387439e9dc5afc4ccd9d8f0f75f092318bed68d3cd577338e88ef4f9373de8a07c44e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 8c73ea01185ee225720742650273405b |
| SHA1 | 83b808ff811205068e553fb936e4139613759f4a |
| SHA256 | 382449d78b2d6b7d47fda4935e0b4af5d4f093c35cdac645b150c62c28054b7a |
| SHA512 | 5a46a294db75da6ce65281e2353ca8bc381da68c890331812d0ed44a1e2f4809f60ffa0c631ea818fd52a899a64f6e9334774b209e2517b85964665bfad01d47 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2c8420de33e5cbce7ad8ae1cd3c33094 |
| SHA1 | aabb400eeb4f4a695501346d9f5e2d31b5cbf628 |
| SHA256 | f755446b0b4456930c002ba92144c0dc38dd3788cb9f708dc66c283d259c285c |
| SHA512 | 176651dbb563eeb466b398b4e709cab7b2431eff69f5a94a231396f1b3b9714ab3c4454fa4963a380522acc7ea2e4bb9076af5624a5863e22ff9e1947654c95c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 47c7fda9c4493c4ecd602c57d3bce340 |
| SHA1 | 2bebe2d12f11177da99fc4b384892aa5f35c0210 |
| SHA256 | f21696f8cf9130a1258b6516b0f430f7b417839d3042aff04c72255da832093a |
| SHA512 | 49338c94aab69ba4cac4999e651cce77f7b8c5f34c58ec1ed99fe5740407c7ec469c561ecd116e19438db1a93e02faa1fc1e4bfcc7206db55a89415b739d34c3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d498bf768aaf03b4ef7e5d5f191a9aa1 |
| SHA1 | 4f00bac486abf0eabda6b5d43ec513ca76e27fce |
| SHA256 | 5af8f6b08c64e654911aa99059bba93fc20b0349515ac355b43101d4b024d290 |
| SHA512 | 81a8f5343b22cad54dc603b87eaa57f7a691534cc3ad17bec63ce9f204061c2265580b037c71d714de9e4be9c604e7955f505d19b7aa46c95a07ba82c15a6e41 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 763fa20e5289479db6abf2b1da94d6c9 |
| SHA1 | afaecd0224ccd0a88503dac0e410a17385293454 |
| SHA256 | d8e69f8166365ec401c117d41d648ca7e64736bb176a81dffd1869c8aa669bbf |
| SHA512 | 4a70f37c00d45e86896603a2f96dec81d2dfdcad1ced6255380d1641223ed3e85a973bfd5a5f1aa7a4333195b08861edd4c0e9dd40193389a689f969363fc133 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cd8e0a59d087055ad8db878290d74fd8 |
| SHA1 | 0edc054fc8b03f3ed9784bbfa8016bebe9f235e6 |
| SHA256 | 130d36df4b315dc07180fef8ddc7a837d107d4f77ed14e8aeb20aac6d1f2fb71 |
| SHA512 | cc1174fe05477a45d297d36f42a28829d59cfeceae43fad5bb2689517b84a2a30d187a339066804879fca47ad30141bbd19507c6a990ddb93043e2538b048872 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8520b7e1928ac2f101cac880cbc364e9 |
| SHA1 | 82e3ad6f3e1ba239246b3deb2367923e87c4cbbe |
| SHA256 | f8a40d404264e2d8da6355f68b1499442175f17ecb30849e615a15df419d8607 |
| SHA512 | e98551d907a250b63b0f25b67e38d749342e983c63d60722167eb36bb7fda475a2e3711be28389d3d40cdd31b4889e957f2e62c2b9983fc1613d2c6d6e499173 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bc75556b2cb3a6b644af4803b795fb1f |
| SHA1 | fcf726d1de1bfc4fcd43d1a0efbde924613e7d3c |
| SHA256 | 042682513ef41837e253ae620152ef2645ed779b2105b76052c9c4aa9c21279a |
| SHA512 | cf94407e5ba8ac3fbbc818354aaca082184d5e99ff592035e387c570956d23b200fe4f0d1cdf66926f0f3d3ee6d9389dc72c13ca0fb96bcbdb81164fd9b68155 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2bc726c2f2fcb0ddb498c41402afdde4 |
| SHA1 | b3c81688eac06738bb70878d3c8d75779bfcd45e |
| SHA256 | ce209f2aa2a8c337efd8b9eede0b7eeb1d30c644a94d52d4df2faee9bce4017b |
| SHA512 | 4519c0615560f4623fffc6926296e739559f7979ac332ed87594bc5a259fd02dd53004e8d08678ba52159d0718fc510806c578b2e726e397b1b0d872751bff08 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2b17677bfefe5a3b9cb857b652d77688 |
| SHA1 | 87a58938472f05497e933bc76981908569b64c3f |
| SHA256 | c4a73d92fe3c1f9f6a20f6a19129ad0abac826a63e3ec049aa64099da62103a2 |
| SHA512 | 8b9fc6d3ec7b8ea505b1101045b107490a2c0b502d47b307a083ae8917d5ae7858438903154529a12ad8175e082cd5777e1022b5880a20e4017b0791260bccd6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3fa7387a736e54ec1c09dc62a2a476ac |
| SHA1 | 85778bf7ceaecb2c68532ed36f1a5a97cebc8719 |
| SHA256 | 5de69b9d1a002d9efe026057c0afdd6f2b9ad3f634b28cfc4e90283647c8dd34 |
| SHA512 | 134ac536d79810515ca5a8cef3f1e0aa111bf2446e99a5aa0abdd1f4cd2828d17b88ba9641d9fdd49c809db60ba43976642d5e12f6f7eaadd2a314b7bfd4f460 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 8cd527bf42b6a872cc7a242eebacfb06 |
| SHA1 | 2e2c727ccda759b59688a6f93806cb633eada577 |
| SHA256 | 0e8bf8239e1ad50654f111e3c441857f3e0fcc4d5999673946f75a963dbeccd2 |
| SHA512 | f76d3cdca4da127a08ce2684286425d571af6685a42cd8fe768bfc8b3f433d55eded06bd184c9187001b30ee0f2933964584e1342e938f5bb056c29c3d1221e4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 04486ada78470a5bc672dd7fc4e984bd |
| SHA1 | c1259acac76d490f18f20ff069785db9643b2dac |
| SHA256 | 2050fd4bb78f264b8d27af17cdc528d89459288f66e6245e7a6069cf1aaee783 |
| SHA512 | 345fc4ba8ddec231defc8976a5eb41978735ca56de3c32dc6d67d8f32e3a3cdab9bcf9ea7216af63a2558a8a3ff6e37c1b74dae1ab71c2a6d59fc6f1947ba325 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7a401b33e3a44c4a770eec040461e4d9 |
| SHA1 | d35b24c570520daeef7f75866709d11e3d7cb152 |
| SHA256 | c0fb7c990704ee19de815ee7e53667f28ff26893cf022d66c58861a579ce3bbf |
| SHA512 | 7ec401638f2dac5b035e5e0615fc5bfc2ca3aa70aada1c9b6aad7f9624763d48b1a89fb06877e87617099028231bd318872f19bed2a2cc22f06d97ead6de4b5f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 36b975016c82c64e6e9318c1db9e6d93 |
| SHA1 | a26c4d59e192803b1e98fcc43e29354201cae152 |
| SHA256 | 236e2b5e453d26a6398b760ff60e06276f6540e9a6043ac20f9a1484e59a8dbc |
| SHA512 | f56703c644c95c28c2a74402842634c36d2b76e663b775864aaaf4706c04c69156bd41d66e523c2114633ae331a831756ae5f96324e21889c9af2c7fb7fc5671 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 48f5729e90a0f97c155c3a74e7a44de0 |
| SHA1 | ead07642f2cd5cd02627dc0f0a8f1e8223e208ca |
| SHA256 | 1515b3faee7f44b1b1b9bfc6944a9283d53a7ef16fb768f013abd818a3bf782b |
| SHA512 | 8ed1b9dcc8ae2716b40d39e993484efe9c9dce167460d24804484124db2fac5a55402851a6889f4dac6605073b6c2b9d7d039df450d5eaa62204a4fe64956898 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9c3d46f88bb5c90baa40846536fb69b2 |
| SHA1 | ebb53247eec33c991afc63f4097a49aafeee44dc |
| SHA256 | 42a687e423c21c65ce91c60d291189c0ae5e9a7f3918835d8a7d0a789e192cd6 |
| SHA512 | c066050b082d375e71c1bbf6b4f744d2b610f0e0a8a393f2f133606cde82ebf711abf36af91920e9dc2d468f230b60de0ffdf88fd7a0fd6addc0df2c91c99de9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 78e97832e6083be2425547654e7edb83 |
| SHA1 | 9b8cff423dc1a2a302e3205011a9df6cdff42d25 |
| SHA256 | a2d5736d9e4d6041dbce5a4aed55216bc0ce54592a6a4d89c4cca85fff16c6f5 |
| SHA512 | 9ef0d4d4e73841a317cd7ab81334acdeeddd51fbb8e3cf32371e4968d8b484a26b6cdf7a20c8673e01ac4873485d3d623894fabeab29623330d96851e1e20ff1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cb8bc0c2217f0525f177d33bdaea06ed |
| SHA1 | 012f5da2e2fe2f56c7910ab7c77ea43c125f5aae |
| SHA256 | 7c53db2e2bebc3eb6bf6f84bc6a00b93255905eb18553d23133567fc5c0a65f2 |
| SHA512 | 873ad4e23d3c2a26dee2047526b9a9ed8c0eba6b2b162aaee23620ce4c6d385ea4f648241dd88127548f2ee9016b6cc181530b9a5da40d7fdbc081d06768bd5d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7f8ac6ae945e6be66cc992d9b7b6b521 |
| SHA1 | 34b86fa67b49d89f86b638c573903804715de490 |
| SHA256 | 51f915f43a139710aeb2c4e8a768f1728eec0fc24df5af850cb9c15f80849dd3 |
| SHA512 | 9ca2cfee4dac03962045f70141d48ffa8bd9668e3350b034aba27b8e273c0cd12cebdfd9c12b5c715f582dddfa5e251d699d5d487aff95c673536d1d4169c381 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4e4815ece579def96d8428ecbcbdf3dc |
| SHA1 | cafb04a1e2f1691fad720468590db73f3a3f760c |
| SHA256 | 69e3c9378b52b898d63566d9247f9350155d734cd476dd8e35818f9ce1b5dec6 |
| SHA512 | ce7f949176aa6709abc65d2b86b54107765c8f234ef412c84e77a72c80d35f54c41d3cb7e0c53068264e22d6fb8b420e980b26707e1acdaede45823c937f956c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fa904296dfc881812f475ae2f534331d |
| SHA1 | 1a01987406a2c49fa53ac02eda98e621ad05c6f6 |
| SHA256 | 4d64779e081ce32a2bce7d4fe7782601bb76e13a86093ea7fa3cb9a8671a2895 |
| SHA512 | 15890b97553b699ad480725eba57c5660a4b9ef01897170058a39331cab4fb3c569cc3eea573ab25cf276174e3f8ea0453dfdc3e708f6986d6efe2f3dca32a67 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-08-26 22:49
Reported
2024-08-26 22:52
Platform
win10v2004-20240802-en
Max time kernel
145s
Max time network
150s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c3f3654208148f72eb9c819d8adb43b0_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa08db46f8,0x7ffa08db4708,0x7ffa08db4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,18286384653326532875,6530140219816658461,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,18286384653326532875,6530140219816658461,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,18286384653326532875,6530140219816658461,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2704 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,18286384653326532875,6530140219816658461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,18286384653326532875,6530140219816658461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,18286384653326532875,6530140219816658461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,18286384653326532875,6530140219816658461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,18286384653326532875,6530140219816658461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4700 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,18286384653326532875,6530140219816658461,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4620 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,18286384653326532875,6530140219816658461,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4620 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,18286384653326532875,6530140219816658461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1856 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,18286384653326532875,6530140219816658461,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,18286384653326532875,6530140219816658461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,18286384653326532875,6530140219816658461,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,18286384653326532875,6530140219816658461,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1980 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| FR | 142.250.179.105:443 | www.blogger.com | tcp |
| FR | 216.58.214.170:80 | ajax.googleapis.com | tcp |
| FR | 142.250.178.142:443 | apis.google.com | tcp |
| FR | 172.217.20.194:445 | pagead2.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | 134.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| FR | 142.250.179.105:443 | www.blogger.com | udp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| FR | 142.250.178.142:443 | apis.google.com | udp |
| DK | 157.240.200.35:80 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| DK | 157.240.200.35:443 | www.facebook.com | tcp |
| FR | 142.250.179.105:443 | resources.blogblog.com | tcp |
| FR | 142.250.179.105:443 | resources.blogblog.com | tcp |
| FR | 142.250.179.105:443 | resources.blogblog.com | tcp |
| FR | 142.250.179.105:443 | resources.blogblog.com | tcp |
| FR | 142.250.179.105:443 | resources.blogblog.com | tcp |
| FR | 142.250.179.105:443 | resources.blogblog.com | tcp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| FR | 142.250.179.97:443 | 4.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| FR | 142.250.179.97:443 | 4.bp.blogspot.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.200.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| FR | 142.250.179.97:80 | 3.bp.blogspot.com | tcp |
| FR | 142.250.179.105:443 | resources.blogblog.com | udp |
| FR | 142.250.75.226:139 | pagead2.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | 97.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.179.139.118.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.28.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.99.105.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | themes.googleusercontent.com | udp |
| FR | 142.250.178.129:445 | themes.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | themes.googleusercontent.com | udp |
| FR | 142.250.178.129:139 | themes.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.blogblog.com | udp |
| FR | 142.250.179.105:445 | www.blogblog.com | tcp |
| US | 8.8.8.8:53 | www.blogblog.com | udp |
| FR | 142.250.179.105:443 | www.blogblog.com | udp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| US | 8.8.8.8:53 | bnpost.blogspot.com | udp |
| US | 8.8.8.8:53 | lh6.googleusercontent.com | udp |
| FR | 142.250.178.129:443 | lh6.googleusercontent.com | tcp |
| FR | 142.250.75.225:80 | bnpost.blogspot.com | tcp |
| FR | 142.250.178.129:443 | lh6.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | 129.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.75.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| NL | 52.111.243.31:443 | tcp | |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 847d47008dbea51cb1732d54861ba9c9 |
| SHA1 | f2099242027dccb88d6f05760b57f7c89d926c0d |
| SHA256 | 10292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1 |
| SHA512 | bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f |
\??\pipe\LOCAL\crashpad_4736_FWYOLNNHDKKGDLVL
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f9664c896e19205022c094d725f820b6 |
| SHA1 | f8f1baf648df755ba64b412d512446baf88c0184 |
| SHA256 | 7121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e |
| SHA512 | 3fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6672320f070468270ecd0909053e1d21 |
| SHA1 | 00e0fdfc6affc4a4dc379b04f8968f6c0d24f68a |
| SHA256 | 1ea92614ae0b7a184409ceea17b7f3fc2d949735dfcf2caaa901540316bdf072 |
| SHA512 | 30b779efc94b5de742a36e5b6881a4b76b85125d1e87532c1954f6583b17912f8cefc99786837760c5062d59f78521f8d8083ce52fa0ee661eca8fa114f325ee |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 41dcdad112b88a864cf8215b83dc9c1d |
| SHA1 | 7ba7024096dc4c89b6b6800d4af0f3548dbf947a |
| SHA256 | 3a8a5ba6a5b066c6ab49f70afa5aa36e4b183644583a12dfab32f3bd67e4ff92 |
| SHA512 | e3c0968d0bdd14be6c4e535e0329f39f6e653c76aba8371675546cb4edba27a0202c05ac534c140b5436a15fdb3182b1ad6e69b744288716cfbfd9350860c930 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8a3902b1e72f3b5030581f1081bd235d |
| SHA1 | a85d61b1a686fbc5581a78fdef8500f540f10adc |
| SHA256 | cc9dc9024268d9799d1e8558b71501794d1ed15bbcba187d04ecfb347a26ef85 |
| SHA512 | a578f24c5182d1f45bde8e40d57cc7b79aa96000b5088b3d88865d4df805c4c80bb9b1f7d048611e6c46cb5ff826d17ab48b9eb1af5acb6807a7301639c1ba3d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 0d86d40bd4d8c0f0448967989d92c9be |
| SHA1 | 14173fdba1b5b43e4fc78e9211fb9b258ec4f0ac |
| SHA256 | d93097a5617179b368410ecc800dcf3ab3db64b44527f5f959884d66c55318f9 |
| SHA512 | a656350f1afd2995228fe651c44ed0ca560dcbf801e8a4d82f5b9b3a251f7557837600caae61dcf18b80d0a09b5528c829fab34abd330a07e0f2d820ab0da12b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 13eb3886047cab1a02dc176aa66d4e24 |
| SHA1 | 2a5582101992d6f10705863b0e68c23792e7385d |
| SHA256 | 71d6473e7cf3431f7c5e57677f3d6a9361abad2a8bc4644247704eb6504ad266 |
| SHA512 | c018760c69795ca85b2bc787cbe93375e57fc716ac024c702c5ef8c50a5dc00d2d7ea1eb521d31b8f3e94859d78e1256a72e5112b5989bcb6546fc3278c4d0ef |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 9b0405c64b6183a9abed62e5712c22c5 |
| SHA1 | 1c6ca1dd3a171ea5d8b3b7e0e388e39c3f8e0530 |
| SHA256 | 7ea0e9f69951384c1369f421535061a2158a045f905532873617a8d25d98b7f8 |
| SHA512 | a461c49ab50cc2bd197b9e952758917ec6e1cdbb635dd1189e0b0b84d65b2124e2a522d7dfbf9c985f0f87ebac2cd6376232481f8cb038659872648d6cdfcbe8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 687ac64905010215e06c204cb892fd7b |
| SHA1 | 11a83d995b570417fce66e6bccfed542aaeb968b |
| SHA256 | 1ecb2cf3d994292c2f8140532228f8e7abf4075b356c69adeb4c38906f5e0992 |
| SHA512 | 10235d55f5ffa57428179f1372da6dcd110fc55db156c39c9b9a85294dad53663bffdf0d125a38dc4c0462ade6855f1c2ad2c711445f26b86bd71ec6286a6852 |