Analysis Overview
SHA256
53ea0191165d701c3923665f5cc263132995a332184608a50a327cc23639da0c
Threat Level: Known bad
The file c2754a5595fd4a06b31b1046d53b8178_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
SocGholish
Browser Information Discovery
System Location Discovery: System Language Discovery
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious use of SendNotifyMessage
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-26 06:31
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-26 06:31
Reported
2024-08-26 06:33
Platform
win7-20240705-en
Max time kernel
128s
Max time network
146s
Command Line
Signatures
SocGholish
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000082ebb0b9d6f3f0458e93e15bd38f268f00000000020000000000106600000001000020000000d6fc9fca0ab2afdac8d8c72320f71150abff0db2c67342d8d693c82fa98f1402000000000e80000000020000200000004a27a7e7b4b99656293c5708f0fa9a63096b82a39ad507d07712b68912e7dafa90000000d84b8767c8dcff916b2b2fe22569e0d39b89aa0f2b32f214feefd0f7c84dc49883a450a8349f6c957eb3fb5c252405bc4eee56c1072602f7e8868c52426bce003e28f73b9542351c3c39dd255b9da8338e3f793a0f319ccf33f087f42e1786d0e33bedfd53478537cf4e59bffb57680e391c19c6c3561fb58aa346da1706956adfa0310541fb574038afa5a056e56467400000001f824d56178819d2faaea93a6f970b1cbab0874d3cc9e9bc70134b887172d6f92c9c84d88f10a5b8c3ba7ba81f347aea0e69c91940c334aac4418cf9a9a64ff7 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 701bddaa81f7da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D29DDD21-6374-11EF-A372-5E92D6109A20} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430815755" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000082ebb0b9d6f3f0458e93e15bd38f268f000000000200000000001066000000010000200000009d2cdc30d1bcc6cea4de9db9c5381214638c0630d0f4edb82007a3baaa08b6cd000000000e8000000002000020000000924bfacff46440e678718ba33e942dd76864dcd4367760db025b902dbbf14124200000001055b23219539659886c0acab8941dd6ee652b2898306393dcd5fc5beadb8b5d400000008245dd8824035d4fe92422669f8a6e315132102c432c906cb3e8be527bae2af5d42fa68526ae6576d1061fe2a66bf51314e61490b77332947d9a868d05a3493c | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2988 wrote to memory of 2276 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2988 wrote to memory of 2276 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2988 wrote to memory of 2276 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2988 wrote to memory of 2276 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c2754a5595fd4a06b31b1046d53b8178_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2988 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | scripts.chitika.net | udp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | data1.whicdn.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| GB | 18.244.179.68:80 | scripts.chitika.net | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| FR | 142.250.179.105:443 | resources.blogblog.com | tcp |
| FR | 142.250.178.142:443 | apis.google.com | tcp |
| FR | 142.250.178.142:443 | apis.google.com | tcp |
| FR | 142.250.179.105:443 | resources.blogblog.com | tcp |
| FR | 142.250.179.105:443 | resources.blogblog.com | tcp |
| GB | 18.244.179.68:80 | scripts.chitika.net | tcp |
| FR | 142.250.179.105:443 | resources.blogblog.com | tcp |
| FR | 142.250.179.105:443 | resources.blogblog.com | tcp |
| US | 8.8.8.8:53 | data1.whicdn.com | udp |
| GB | 18.244.179.68:443 | scripts.chitika.net | tcp |
| GB | 18.244.179.68:443 | scripts.chitika.net | tcp |
| GB | 18.244.179.68:443 | scripts.chitika.net | tcp |
| GB | 18.244.179.68:443 | scripts.chitika.net | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | themes.googleusercontent.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| FR | 172.217.20.174:80 | www.google-analytics.com | tcp |
| FR | 172.217.20.174:80 | www.google-analytics.com | tcp |
| FR | 142.250.178.142:443 | apis.google.com | tcp |
| FR | 142.250.178.142:443 | apis.google.com | tcp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| FR | 142.250.178.129:80 | themes.googleusercontent.com | tcp |
| FR | 142.250.178.129:80 | themes.googleusercontent.com | tcp |
| FR | 142.250.178.129:80 | themes.googleusercontent.com | tcp |
| FR | 142.250.178.129:80 | themes.googleusercontent.com | tcp |
| FR | 142.250.178.129:80 | themes.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| FR | 142.250.178.142:443 | apis.google.com | tcp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| FR | 142.250.179.110:80 | developers.google.com | tcp |
| FR | 142.250.179.110:80 | developers.google.com | tcp |
| IE | 74.125.193.84:443 | accounts.google.com | tcp |
| IE | 74.125.193.84:443 | accounts.google.com | tcp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| FR | 142.250.179.110:80 | developers.google.com | tcp |
| FR | 142.250.179.110:443 | developers.google.com | tcp |
| FR | 142.250.179.110:443 | developers.google.com | tcp |
| FR | 142.250.179.110:443 | developers.google.com | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| FR | 142.250.179.110:443 | developers.google.com | tcp |
| FR | 142.250.179.110:443 | developers.google.com | tcp |
| FR | 142.250.179.110:443 | developers.google.com | tcp |
| US | 8.8.8.8:53 | gstatic.com | udp |
| US | 8.8.8.8:53 | developer.android.com | udp |
| FR | 172.217.20.206:443 | developer.android.com | tcp |
| FR | 172.217.20.206:443 | developer.android.com | tcp |
| FR | 216.58.214.67:443 | gstatic.com | tcp |
| FR | 216.58.214.67:443 | gstatic.com | tcp |
| FR | 172.217.20.206:443 | developer.android.com | tcp |
| FR | 142.250.179.110:443 | developers.google.com | tcp |
| FR | 172.217.20.206:443 | developer.android.com | tcp |
| FR | 216.58.214.67:443 | gstatic.com | tcp |
| FR | 216.58.214.67:443 | gstatic.com | tcp |
| FR | 216.58.214.67:443 | gstatic.com | tcp |
| FR | 142.250.179.110:443 | developers.google.com | tcp |
| FR | 142.250.179.110:443 | developers.google.com | tcp |
| FR | 142.250.179.110:443 | developers.google.com | tcp |
| FR | 142.250.179.110:443 | developers.google.com | tcp |
| US | 8.8.8.8:53 | crl.microsoft.com | udp |
| GB | 92.123.142.59:80 | crl.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| IE | 74.125.193.84:443 | accounts.google.com | tcp |
| IE | 74.125.193.84:443 | accounts.google.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| IE | 74.125.193.84:443 | accounts.google.com | tcp |
| IE | 74.125.193.84:443 | accounts.google.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 11d0005e0b8794ab4aad0542756cbfe7 |
| SHA1 | 7b8418bec44685422de5c662ac7a6d95d3c04a35 |
| SHA256 | 721e5b826a6ca850601660da35945f26f901ac73bd9f707c93faa6b4274f9d08 |
| SHA512 | be28b411d7bdb72d96309bb44930be33db7898078cbcf10ef6fded144731748b7498b19c91cba5f4ac069fa6de0d250c495f4bceaf4f114f522c3947793ec249 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199
| MD5 | e32279bb21fd412cea5f7f4a227a025f |
| SHA1 | 882bdc0007d8b58cb48313bbf2137014c6e5007b |
| SHA256 | b86a5568128c6377cdf363f9f8fc0c03165f2d7d4717a93967d1703112dd8b82 |
| SHA512 | 3a80fbc290cf4ddde410edc133f4fbf007c2e5d8bfe28fd41bb101202b151acb9d24b0a49fde1ac27a97d7b394659b2f81e29cec1043f6d212e0116e4d13f3bc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199
| MD5 | e935bc5762068caf3e24a2683b1b8a88 |
| SHA1 | 82b70eb774c0756837fe8d7acbfeec05ecbf5463 |
| SHA256 | a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d |
| SHA512 | bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BVY7RUMW\plusone[1].js
| MD5 | 950e589a42fd435b2b6daacbdbbf877c |
| SHA1 | 78dc5743d4b541018adafe3a2b49b6be5f1c7944 |
| SHA256 | c5e3093bd5e8a58f04846013ead66d36ca25457a0475c9c72d8cde60e598fc0e |
| SHA512 | cf2aa139ee4c2f79ad5dbca6239e4d5179a21f54cf2c3672c45915b3282bda5f5fa702c241d3b5c02805cdf1b48427d34e86b627904055a46ff6ef11be2b2104 |
C:\Users\Admin\AppData\Local\Temp\CabB991.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarBA40.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M7GT0RRO\cb=gapi[4].js
| MD5 | cb98a2420cd89f7b7b25807f75543061 |
| SHA1 | b9bc2a7430debbe52bce03aa3c7916bedfd12e44 |
| SHA256 | bea369fc5bdd5b9b473441583c46b9939232bf1f98c1cedf6bc2241c4f5068d4 |
| SHA512 | 49ccede4596d1e5640a9c8e8be333f9c18812d58f02b2b15adb54172df1387439e9dc5afc4ccd9d8f0f75f092318bed68d3cd577338e88ef4f9373de8a07c44e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4FA45AE1010E09657982D8D28B3BD38E_F335B2E85BE4A9418389B3DA13743227
| MD5 | 6df1ca5f534a4a5472e05f7c1c117947 |
| SHA1 | dff96746d784514b2d5dc4f0fb2799f930c65e70 |
| SHA256 | f1db491dc0868e382771e8255c4d287174c619b80562c81611d578c70739d006 |
| SHA512 | d7b921ec09be87b8d644fee4ab24f88b7f2f0413444609b2c55b059200c0d9962ad5a2ea8523518cb1953daba87dac078bd30cec6c5494db32148438f44e858e |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HNGGU6NJ\Y6PVLAKO.htm
| MD5 | bfef63417b3ec97cb88d43bfdbd440bd |
| SHA1 | ce9eaf82b0cdffeccddff97c7a27cf7340198e73 |
| SHA256 | 4260cc1276c2b2b791b3a724daffe6bb4f2b67cd76038317599d06a7a469c35b |
| SHA512 | 23613ae526d8a354e95b3a6c6ce580b5a8d3605d38101d89d7d4310c41403c4a001b316a12af98733b6ad9865ab9a26209f44cae5bb638fd365d93d0e25a49d8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | df73aed4c2585792f282002424129063 |
| SHA1 | 3de7ad46437473dcd566fae9d1f287d39bce2f35 |
| SHA256 | 46eacc93db74b48866dec46fbcfc3d9f436eadaf97930d5062377ec413f276d3 |
| SHA512 | 9a2c069f53ea499293be798634207ca9ef977830f80a2b47d69dd345e2d8f0e352c64103b34b3bb9c0cd0df0991c8cc7716b277e9bbe94573e799287ca08d68d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 02684fdc7c067b042b66f5b0e27d2b8c |
| SHA1 | 28e91e7d8de2d28966dc6e540804b8d1a1709f6d |
| SHA256 | 76a82fe13d2ac050de4b3a43065b6b3b25a4f431b8cd804bf74ccaa457311b07 |
| SHA512 | 6c5dc9cb7f9cef74de01e8baa6130ca2e5a9ade260cc3b901a541ee177c9da8a3ca168bbfb9337f8e43b4982c43c2a00ea6f50df61b6abd79aaa042a9083559a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9ff3ca0021ee9f486fd499b5a25bded3 |
| SHA1 | 9b68d89509c87e5f4aa95452fc9766a9b3c37378 |
| SHA256 | e27d2682d8ee9a6a1f0f1525517aeee0f4690cb6f4287ee30637945920d4235d |
| SHA512 | a5946064ae5eb8a8427187f661d16f9d8f31e667d796e09d07c04af274449e5c76f3759d52499b3f209229f229da71e4cc94f59deba8d19ae399d759e51549c7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2bf0ef8b9ee496289fbbdcc6b392a63c |
| SHA1 | 3d7c4e30476326b7a8b8ef1accc9c060c6f7df3a |
| SHA256 | 6e3f19be4cdf578cc6b29495230f28d2a07fcccf1fe4d63b71488a8ae4df50a6 |
| SHA512 | 83f91493c61af9c08083c934155c0a24cadb5174ebbc88ae1095235b6cfde0e6ddd39cebd6d2c63815cc603fec839d10e42fd814247a8a62848bead30e672ac3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 18159cd65ee10be50749184285531d91 |
| SHA1 | ff1e3faf6bc72e5ce6199c5eefaca4119eebcaec |
| SHA256 | 318468f0abb42041dba82f0a576a779f69272c2a1175673af1fb92226b76c67c |
| SHA512 | bc4ea4cd4706626a0aeeec1a1c9e874efc94e5d79202da82abd999efb1e50c3d9147804ee0eebdbd766b02ae09a2356c0bd7375d3633a7c938cbae7a7a6ab308 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5edc787800a3b3d34faffe096b22ae09 |
| SHA1 | a63206003cf414677db589cac09e651698d36eb0 |
| SHA256 | 69203fd334587fe9454318556749b807bb07ee5aab54d7d50df3bd4ff4e1592c |
| SHA512 | 490fd4ded889e5296852a4f399dba76c14baf3f54ea911878c54bc9c5802707bc84c5813d8eecdd0889290030bbdef07fd8689ac0afb55787dbac9fa9e3a4230 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 77e7d65d619567ac2db9e06a2d63916f |
| SHA1 | 6e2abcffed040e547e8d36c297afeca716480293 |
| SHA256 | 6718caf35d67c426d5ae2768aeb1a5913b442a210fd569daeff6e287f629ae0a |
| SHA512 | f7b7e61d55cc93f58bc89da869a6b6fdccd66cb7e9e23fb1fe059ecb4378fb439027f7a6cd07ccaa80b3976e072089305d5d5fea6971da671ac923f9527da910 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ffa874edf8a9ab7c1bc508bf215f14e3 |
| SHA1 | b6f1dc60b2c98253c9a2a8fa2fa0601deeb3c791 |
| SHA256 | 0663a203280ecb988ff63787dce2f7e1a006ce8933396a0c6a961d7ae284bcd0 |
| SHA512 | 4ffa7a1425c50bdcfd18c816e72faa213e0e1b1762a9692f0874fdb02988a3b57d2d690e78e36651b6c30426363709d2474cec3e2accd011a45037e5fb282470 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5acd9b06da5f10ceb394b91be663b432 |
| SHA1 | 3d8fbdb74bef0942de7b7c96ae485357e751cc87 |
| SHA256 | a1f22c995bedd2258d145e73ba5522e6fffcdd6d4b2f6c4bb48c7f882d9b7972 |
| SHA512 | 50afabd1044e0156fffff9ada8bbc65569aa291c45cc624144321c8c9ebaabee06f9428a67100c0367a72eea295980d436a9e634ecbaefb0e138d111078662c3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | eadcb4e60051c24df9a0b0b66a1f758a |
| SHA1 | f7dff96cca2e61ec18fbbc05e2ee746784eeddf2 |
| SHA256 | c4bf38e5c156acd634d9905f572b60b21f6e7e9c76df8ea988b5d06dcd7fae14 |
| SHA512 | 1d230445b345f40fbb7b7b595d6e7544c284421a5ac30e9ec45d14dc7d87af0cda37a20697bfda094b6735c6de00d4838dc4eb9f43e2c2a46d12a9395262b9c8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a3d40e0d5c9c7c093f94cf4ac13edb7f |
| SHA1 | 74de21a28c56c5340f210fc3fcc2259d1328fa0c |
| SHA256 | fb9af1f6c18ef0f9cde620f3556cf85eb416aa0fd6da0ecf4cbd668dd3eabb93 |
| SHA512 | d86d8d0ea654cc3027037d6d01305cd520e85d23e27e97427e3dd7485c6f07bc6ae4f98b95b6a3c719dee90456ba240f660cba6541993e3215d9aa3c80a93e22 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 416de07ff4c767f00335c8ba77c0966b |
| SHA1 | d6dc0dba07b64845d2a8870509e8ab3a73b9a25e |
| SHA256 | f0916e3fe544c46c2e4362fbd2e54b831dc06b32a185f31aeb43bb8dc45f2021 |
| SHA512 | 6b606b515ef6780d4a9ed5a48492975998d691290dfede1bd4c4b03057723f05b9cb4364360ac7d0c700754b19e5cfd5f7d6999ed460d182370b0d4a1aac4598 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 0d8ca5f2ea1a103b3f6c8a17a17e2ad4 |
| SHA1 | 4544c88084f4ea341c8789a4314ff6fdb552b383 |
| SHA256 | f20e13b6d5ca1ad7e7b24b61ec60dfed50fe10b558b09839eb6c08a252a10997 |
| SHA512 | 744b94e8b476d5e66043cb7e95d8b7d9f39dd4be8c9ed23601bccd58f23825461ed4ad9e1969113559d345e3be20436f0f09a54e29f5c256cf7c46b710c9325c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bd7b8f5dd6d421f51a431641919f73a4 |
| SHA1 | f0e6922ab25f1eef63b51380d2b213c3ea50c30e |
| SHA256 | b8b48bed8cffb86b7047416104baa6e318c3409209550b78a70dd370e0cb1ed0 |
| SHA512 | da854a7907259c9a4dd44c57a35654b40283e7b0f8e51cc4c4189f5e5320e8a9dc7c20fce24cf0f96f48dd090ea0c7032ca9bbcfb65617d0d92e50086671855d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ca0955e6955480246eb5952f2a57aca6 |
| SHA1 | c4896eac831a8d6eacdde63055b3b60b1de2f476 |
| SHA256 | 73d64d01f127a1420f0df4564f4a9bd37828649c928073f7f6a15bdcb772f0a1 |
| SHA512 | 55850edb41e2e758f56d58fa1fbbd8eaf147bc32f105ab2cbb9207a71184637d9da328221644f472fed7ca116be89e9688f4e2a25f668276f4f4a9282f951e21 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BVY7RUMW\rpc_shindig_random[1].js
| MD5 | 9e5f0b21584389dc1c7b5da4a900879f |
| SHA1 | 191b84e0f5644398ba99e0aa141a6778c14b83bf |
| SHA256 | 3e21bdafa913fa25276358db1269238db3012ffd8748626cdad442f838e890e3 |
| SHA512 | c1720a420df680bcc46625355ed6d5c35ae280a813692a0fa293f3ba113a023808a781f1b8c9dfeb3ffba29606e1f4bb4be4233983089602e2d2c20786fb0427 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HNGGU6NJ\1380534674-postmessagerelay[1].js
| MD5 | c1d4d816ecb8889abf691542c9c69f6a |
| SHA1 | 27907b46be6f9fe5886a75ee3c97f020f8365e20 |
| SHA256 | 01a956fa0b3ea8cb90d7032608512bc289c4170bf92759352e40062d5be2946f |
| SHA512 | f534f057e46998bd1ff2c423ad2cf04a880c4a5259e95aee5c6ae34ce7121ccd07ad1bce5d4c3a51ad04f7411b0625da78808326b13d2aeefec502988e113113 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 17b771dd916eda682402a3d42746448a |
| SHA1 | 37102305981c5e42d2ca00a407e0efb444baf022 |
| SHA256 | 770223e0eb91722b311c7aa436b850926e2b31932e6382052749089567febb0b |
| SHA512 | a84a95f0e4fbbfbb3a38875075c3b687517a4725a2a9072d64c6b9d5b8aa04628512bccafc58480beae9a0c416a56ea45dc6d1cbb9df8d4da92941d930c5cabc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5c3ac61fb7ce740bb842f01826a5d230 |
| SHA1 | c9d51e6553faa8bf6b2d9696c87b65f77a41a09b |
| SHA256 | c39b6dcec9c1bf9b6f595d3f5b173ff7c42ad03ecf697202b4a3b40035fcbfc2 |
| SHA512 | 22fbae4cd11761754d7529b64247875bb34e01e32831205c9b209fb79e8be94daef67283263db3089118d46f4947290f04f578fc613a4e0877e343d51072c14f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 9da83bfa1b46a8a381dc6b8a95046dfd |
| SHA1 | 3efd94fe3303c1d2cfb97440d0fc5251029afc62 |
| SHA256 | 29b61795f49b79b0620742e7f96709b3453752a3bbf09583b607268975bf3c31 |
| SHA512 | 069a86e6b1e1f58707950568d9de853d49a707a2eca06e913e4445ef9e7bea1a483cd393ae2df693d604a7e7bdb047c91be89b44e28b94c8e3f87b1eb34f1f1c |
Analysis: behavioral2
Detonation Overview
Submitted
2024-08-26 06:31
Reported
2024-08-26 06:33
Platform
win10v2004-20240802-en
Max time kernel
145s
Max time network
150s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c2754a5595fd4a06b31b1046d53b8178_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff92ff946f8,0x7ff92ff94708,0x7ff92ff94718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,3502574561682926619,3195234853228933193,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,3502574561682926619,3195234853228933193,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,3502574561682926619,3195234853228933193,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,3502574561682926619,3195234853228933193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,3502574561682926619,3195234853228933193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,3502574561682926619,3195234853228933193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3064 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,3502574561682926619,3195234853228933193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,3502574561682926619,3195234853228933193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,3502574561682926619,3195234853228933193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,3502574561682926619,3195234853228933193,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | scripts.chitika.net | udp |
| US | 8.8.8.8:53 | netdna.bootstrapcdn.com | udp |
| FR | 142.250.179.105:443 | www.blogger.com | tcp |
| FR | 142.250.179.105:443 | www.blogger.com | tcp |
| GB | 18.244.179.68:80 | scripts.chitika.net | tcp |
| US | 104.18.10.207:445 | netdna.bootstrapcdn.com | tcp |
| GB | 18.244.179.68:443 | scripts.chitika.net | tcp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.179.244.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.39.156.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| FR | 142.250.178.142:443 | apis.google.com | tcp |
| FR | 142.250.179.105:443 | www.blogger.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 104.18.11.207:445 | netdna.bootstrapcdn.com | tcp |
| US | 8.8.8.8:53 | netdna.bootstrapcdn.com | udp |
| FR | 142.250.179.105:443 | resources.blogblog.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 104.18.10.207:139 | netdna.bootstrapcdn.com | tcp |
| US | 8.8.8.8:53 | data1.whicdn.com | udp |
| US | 8.8.8.8:53 | 30.179.139.118.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| US | 151.101.66.137:445 | code.jquery.com | tcp |
| FR | 172.217.20.174:80 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | 174.20.217.172.in-addr.arpa | udp |
| US | 151.101.2.137:445 | code.jquery.com | tcp |
| US | 151.101.194.137:445 | code.jquery.com | tcp |
| US | 151.101.130.137:445 | code.jquery.com | tcp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.142.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | themes.googleusercontent.com | udp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| FR | 142.250.178.129:80 | themes.googleusercontent.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| FR | 142.250.178.129:445 | themes.googleusercontent.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 8.8.8.8:53 | 129.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.179.250.142.in-addr.arpa | udp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| FR | 142.250.178.129:139 | lh3.googleusercontent.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| FR | 142.250.178.142:443 | apis.google.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.151.35:445 | www.facebook.com | tcp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| US | 8.8.8.8:53 | 35.151.70.163.in-addr.arpa | udp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| FR | 142.250.179.110:80 | developers.google.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| IE | 74.125.193.84:443 | accounts.google.com | tcp |
| FR | 142.250.179.110:443 | developers.google.com | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| FR | 216.58.214.163:443 | ssl.gstatic.com | tcp |
| FR | 142.250.179.110:443 | developers.google.com | udp |
| US | 8.8.8.8:53 | 110.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.193.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| DE | 157.240.27.27:445 | connect.facebook.net | tcp |
| FR | 142.250.179.105:443 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| DE | 157.240.27.27:139 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | themes.googleusercontent.com | udp |
| FR | 142.250.178.129:445 | themes.googleusercontent.com | tcp |
| FR | 142.250.178.129:139 | themes.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
| IE | 74.125.193.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 142.250.179.68:445 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 142.250.178.130:445 | pagead2.googlesyndication.com | tcp |
| FR | 142.250.201.162:139 | pagead2.googlesyndication.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 27304926d60324abe74d7a4b571c35ea |
| SHA1 | 78b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1 |
| SHA256 | 7039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de |
| SHA512 | f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd |
\??\pipe\LOCAL\crashpad_2576_LAEMOTVQGZZFHYUI
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 9e3fc58a8fb86c93d19e1500b873ef6f |
| SHA1 | c6aae5f4e26f5570db5e14bba8d5061867a33b56 |
| SHA256 | 828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4 |
| SHA512 | e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1b0497c88276859ead41403970867b67 |
| SHA1 | 6cacca37f3793dca9141f1cd329384e05302467a |
| SHA256 | 7c477eb5a7bbd5d272b96aa29de746da9d21d76ef71c793f48a76d6ea17db55b |
| SHA512 | 0e270ffb069b6591320fb5ae409b971c03a2f0912f7fc1b8ed0adcd98795831eb6ec9be72c670f39a7ec510597391b15ba54161f89164626389ef631c64ac3d7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 3fba0f817c9bdb2846c469fc1d83c4d1 |
| SHA1 | df70d657ec27e61b515098d8e1bcc3670c4372fe |
| SHA256 | 7d318d14150c4293da3d9eaefb72a2e8af9647560319de1d58e677a6befedfc7 |
| SHA512 | cdd9df90f33fe42219fd8f8669d239e390c366d7a6cf255b52df14aa619321fdbd6e917cb84a780a0e451611ff31c6f68d6ddd84a61389d9de87f68cd4bfb31e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ae6e369d0e46364a28d6b2cca73d5cdd |
| SHA1 | 81c3dc48f7a673f1f9c59b68479455a91a6052b3 |
| SHA256 | a6087ecb8ac0826315144fe16cf9451d80596c076cf42a4882cb99747276d9b4 |
| SHA512 | 8217ff124e8f0870a95c9dce9e80452660609bf1789d65cd257ee5abe838b5190550e364d972a27bdc3abdf701ec88bae1fdd844458593cc96a8f08b246f134b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | a2529e3db491fbedabaa82df7642d01c |
| SHA1 | b995ad4d37eaaea153a9afdfb5434c0c73675783 |
| SHA256 | ca9e414b84163ffe22cbe13a8b6d1a01c70a6bbdeddd7dda8598713c5e9d6cae |
| SHA512 | 7d16a9914c0a532ffb681d7ff6b6d42bff3cfe9234c113e9b58f4443ed4367667f9f8fcee3df3fe75882f71a4e9aec83dfc9883ced503a85f241630566459e0c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c7a47bf656bd138dd3513bdcfb66b448 |
| SHA1 | 4a925da5e7f648162d2daeeeb9b5f1f2acc29ff0 |
| SHA256 | 46acf4b317382d6c3e80547aac961e1da9d2564f62d0e512a2556476e19596df |
| SHA512 | af048b68dab9e6a19bccc66c36a8a0393429d8982a925d3948410109ac9f39ddf45968ca2521538c3a2d05be1dffa5d704f707fbdef00f108e8c6b5133578737 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 2ad29c5463cebd65b1a99671bb96386d |
| SHA1 | 885141f97e2f549ce47409c0644313779659f484 |
| SHA256 | e201d1b2be704146940ae5421a5cd3f91cd370c1438cb651bf390d4ab863c589 |
| SHA512 | 22b3fc59baea1fe8e0c68e358f82d9cb3210235f401de5842d3127ab7b5c20c115a3279df5dd6520ab92d040732b3789ecfe6666d6c485331a3f8a238632b9a5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | b293cb823b8543e98fbb485252a18018 |
| SHA1 | 5c5c325940230d53f27338b4fc91d301ce8efc48 |
| SHA256 | 755f881fdd4d82638fd31192fa5742fee4a7c881cacfb5da87362223197c024b |
| SHA512 | 6678a5ae6a287be24b7ae2b1edc7451e101bec3b96f0ff2689e61336048e8e6aebe01bb262451bc235ad4bce7b255f4921541f1f572e54a13516a88193565819 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58d889.TMP
| MD5 | 8c580a037d3ee6d08bc2587ca9695392 |
| SHA1 | b11b90a2b5c7b2b71491b50228e9890acd94db16 |
| SHA256 | 636cf4e73c9fa05591ecf95ac21aeb1e2f9c5b1e3a4c545ec83985fc1abc9d00 |
| SHA512 | d221465d6d48e095d5be3eb6d64685ce4ff4a8c1a10514b4857cc1276f48cf7397fc15c614584b2d604c60225a8d3b29235752fec1f2ff3b0f0898255fa7492e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | d8368c12330758be97ecf60e249deeae |
| SHA1 | 07fa474ca53a70ab3559e18c78fe324b1d405307 |
| SHA256 | 0e542e020c7de7e9ce80482891fd73143983b1a244cdb1cd69fd61e27a57aae9 |
| SHA512 | 4382a82df057d734f91b44fe817cf3b9ecae8c9ac0931a5f39ed8e06817674f58dacb1c51ca8743a2f9fb3c975d5b0f9b041d135bcbd935cf7910b0fe22887c8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009
| MD5 | a0423f1305547bb6b8f5a4fb1a9fc2d8 |
| SHA1 | 092dcf1fe57e6bb53821eb754e04188ee70602d5 |
| SHA256 | 6add651cb411ed9ce9a17883c1522920a6ee3b4eb676f5b411e72d1a5e7de6e8 |
| SHA512 | b8487c60b40d332e562cc5d4fc7c515e3b3c2c82311700b788905754c1376ce6f0da650583545a4691d51f04ec5da0c0204997214d167c85b788d4c85236c4c3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 80e564da1e09594a0c586cd99f9afb83 |
| SHA1 | 9d6106a3344f7ed0e4ff0e72d48882d1f95008f7 |
| SHA256 | 92937a1d349670054cb7cdc2daed8d88ad57571f7a8bc977df43ed33930277f2 |
| SHA512 | 9d92c3a01d75c214b102beb309457c7122134e7c7f2e8cbd6a7b5a6fe61a41473d908ca95c21d3f3fb85685332adee9e280535e46671360146784c76f203a1f8 |