Analysis Overview
SHA256
6c6462e14ff1be1776e540b007220471d73ca163c016daae77191034e38201f6
Threat Level: Known bad
The file c2d4d2d4ce51cab7a74d376a5ef83f17_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
SocGholish
System Location Discovery: System Language Discovery
Browser Information Discovery
Suspicious use of FindShellTrayWindow
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-26 10:45
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-26 10:45
Reported
2024-08-26 10:48
Platform
win7-20240704-en
Max time kernel
145s
Max time network
152s
Command Line
Signatures
SocGholish
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{542B66A1-6398-11EF-9143-7699BFC84B14} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430831006" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bb7c5835718279428690b074aa627b7000000000020000000000106600000001000020000000b6ba88cd0aa31efc7c729145c84697ef801dc9adecb24d630322abd9de7ed2b6000000000e8000000002000020000000b5181a06ab046fbfcd2fac5d3320f1a1b09fb01ba2661d75722864132e53c1b1200000001015330636b624108a242faea7d155010c941089b61c8317e8fa141e4c8a455840000000674b56d07576dbd0f91af611acb2073b3f7b12542209871c2c4bc5ba97ee9436a32175cb4737275de5c48c4af287a187e2a60875d083921c574005db3655a83b | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 907d052da5f7da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bb7c5835718279428690b074aa627b70000000000200000000001066000000010000200000009f1439f21f372be384c243ae4922ce7eac4dce74a7eb58b8ede4e61d87a9f0d7000000000e80000000020000200000006da09b4efcb56a16670fcb4431af0f263916492624c55a447caeffa21857f6e7900000007bb077f8ed415828885f483ef2fe9213d24ee0b3ddb594365e52f21efcd8753edb3594bf4a33e60c3e4fac98525a82779ecebf8a40d420f7ca35458bf3ff143d7bf61aa1b24858b243af08f596517ef82148e2dc699db26b1f04f6ffdc1d86a11bfc5f8f168d5acc335c7537e7aa9cfc9d53f5d62a189084a36d9b8752b4e046846483b150b2aff2064b6e64f03687a240000000e2adfa863a14bf170f034257b37acbcd188c382c4bb707d1dba569a3820815ea957175ae9f9928d921756ff5aa3a359249ee5c5277740807a8f1f2ade1115f50 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2124 wrote to memory of 2288 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2124 wrote to memory of 2288 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2124 wrote to memory of 2288 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2124 wrote to memory of 2288 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c2d4d2d4ce51cab7a74d376a5ef83f17_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2124 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.edomz.net | udp |
| US | 8.8.8.8:53 | scripts.chitika.net | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | img2.blogblog.com | udp |
| US | 8.8.8.8:53 | img1.blogblog.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| US | 8.8.8.8:53 | feedjit.com | udp |
| US | 8.8.8.8:53 | i43.tinypic.com | udp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| FR | 142.250.179.105:80 | resources.blogblog.com | tcp |
| FR | 142.250.179.105:80 | resources.blogblog.com | tcp |
| FR | 142.250.179.105:80 | resources.blogblog.com | tcp |
| FR | 142.250.179.105:443 | resources.blogblog.com | tcp |
| FR | 142.250.178.142:443 | apis.google.com | tcp |
| FR | 142.250.179.105:443 | resources.blogblog.com | tcp |
| GB | 18.244.179.68:80 | scripts.chitika.net | tcp |
| FR | 142.250.179.105:80 | resources.blogblog.com | tcp |
| FR | 142.250.179.105:443 | resources.blogblog.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| GB | 18.244.179.68:80 | scripts.chitika.net | tcp |
| FR | 142.250.178.142:443 | apis.google.com | tcp |
| FR | 142.250.179.105:443 | resources.blogblog.com | tcp |
| FR | 142.250.179.105:443 | resources.blogblog.com | tcp |
| NL | 190.2.139.23:80 | www.edomz.net | tcp |
| NL | 190.2.139.23:80 | www.edomz.net | tcp |
| GB | 18.244.179.68:443 | scripts.chitika.net | tcp |
| GB | 18.244.179.68:443 | scripts.chitika.net | tcp |
| GB | 18.244.179.68:443 | scripts.chitika.net | tcp |
| GB | 18.244.179.68:443 | scripts.chitika.net | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | statinside.com | udp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| US | 104.21.57.149:443 | statinside.com | tcp |
| US | 104.21.57.149:443 | statinside.com | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | www.blogblog.com | udp |
| FR | 142.250.179.105:80 | www.blogblog.com | tcp |
| FR | 142.250.179.105:80 | www.blogblog.com | tcp |
| FR | 142.250.179.105:80 | www.blogblog.com | tcp |
| US | 8.8.8.8:53 | s10.histats.com | udp |
| US | 172.66.132.118:80 | s10.histats.com | tcp |
| US | 172.66.132.118:80 | s10.histats.com | tcp |
| US | 8.8.8.8:53 | s4.histats.com | udp |
| CA | 149.56.240.129:443 | s4.histats.com | tcp |
| CA | 149.56.240.129:443 | s4.histats.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | r11.o.lencr.org | udp |
| US | 8.8.8.8:53 | r11.o.lencr.org | udp |
| GB | 173.222.211.9:80 | r11.o.lencr.org | tcp |
| GB | 173.222.211.9:80 | r11.o.lencr.org | tcp |
| US | 172.66.132.118:443 | s10.histats.com | tcp |
| US | 8.8.8.8:53 | crl.microsoft.com | udp |
| GB | 104.77.160.148:80 | crl.microsoft.com | tcp |
| CA | 149.56.240.129:443 | s4.histats.com | tcp |
| CA | 149.56.240.129:443 | s4.histats.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | eecdf0a7dcf35d061d4f6ef3a799307f |
| SHA1 | 9204d28a1720eb5f94c303ed96a0b9330cceb647 |
| SHA256 | 37e52308a382dfa7a2233b3a708175fe7945ed6c90605ec50c7171971c06f923 |
| SHA512 | 370a6a75c2328eb5c37ba8817c145b571108644edb28ea84e8fc6a759006161cffad3db4f21d6d00b492894d1ea7f07653aeaa325f6f7eb74ea48e96aee8ca65 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 408c191c8eca237268d75f5b7270cabb |
| SHA1 | 3b5d2eefa16cd46d35cc28a731525c7ac535873d |
| SHA256 | c5f8a12984c9045b26df6f42140f3964ea43b912fedc10082eda7fb0748dcc09 |
| SHA512 | 53da64a78af19fba7a0f160ee4d64c21b2cdeed534c6a5dd6b8bea9d97e9847167938f21e92e32e2786ea503ed0c4511ec891b6b0c951d2449a15f808f73c316 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199
| MD5 | e935bc5762068caf3e24a2683b1b8a88 |
| SHA1 | 82b70eb774c0756837fe8d7acbfeec05ecbf5463 |
| SHA256 | a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d |
| SHA512 | bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199
| MD5 | ea4f296abc07730df38c0930465011c3 |
| SHA1 | c9aebaa1be20d1d27c4bbda36312ee16c213cc31 |
| SHA256 | 37f42747e18a80fb71b3f02d9ed3505f28cad43cde066757c0114efbd13c09b4 |
| SHA512 | df84a091b299cbad7a85158f77a2770904b2b665c464c80cd879d3741671264497c1097c77b48adb1f574fc770649fc247359cc8311559703d6bb5c0ff3dbf75 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B3513D73A177A2707D910183759B389B_147AB4536A182B9FCE88E194D59F3B22
| MD5 | 1c33733bba48dc1da9b3b72aa0d51872 |
| SHA1 | 4cf2d3db81647006bb5f53aa30b9db7bcaf0d655 |
| SHA256 | 88c15dbd932201db0eb1903827bcc264ed9abc80bcf323f4c49080ffcacc58b0 |
| SHA512 | 3336ea7634bf22b2989549b621596496308446595d0e3b291902767883d901106aa5ed405789047b83c5ab97ffa05db2afe0d987593cae37c5a90c9e1b680988 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VOGNAB2O\plusone[1].js
| MD5 | 65d165a4d38bfc0c83b38d98e488f063 |
| SHA1 | 1c4ed17c5598a07358f88018a4872aa37ae8bc07 |
| SHA256 | b1320e0dda0858c87971f7baa0d53063ad2a429d232fd06b0067bda8b9eeb0ec |
| SHA512 | abf4c755d88193e7e05398b6f934fc561d8e2adbee7d2170af399e145e54a4a8a93988e4af4e28d6240c0bd1bda7035ae97f67a85a471088820baae8d89f3d41 |
C:\Users\Admin\AppData\Local\Temp\CabCEA7.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarCF94.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1ddcc02d97ef18f2e9552f50d79bd710 |
| SHA1 | 18ad866bb62bb9b6bc2f40d3088c85c2e6a7ba53 |
| SHA256 | 6cc691f785e3b836e430b7efb535a881cd53a17c762aaa73a50fc50300bbcfde |
| SHA512 | d28c35ac22311f78896019f9afa4b50a670e4f99cf0858cbe5612c333b6e845b083e9d7ce0631aa498f42e40e97378d5e012c8eba9a686a9e9923814d2759a2b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 27a93321c788d76e68adaa82ec1e656d |
| SHA1 | ed67953abc96d437a24cd1ad975f1eb658e2f1b2 |
| SHA256 | afea6924a7b03b3cdf025257f10aa62d9096fcc34de276b8ac83cf16125d9a40 |
| SHA512 | 004a737f2a38a0f0371e6a2defeda37e5056ddffe4ebae4682eb7b7bca83b74db9cea0e7614f24ef432c4f6bb1fd9cd0ff57d710dc6af53f75d4393be533d98b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4855cb4056909a245757ff6ef21f395a |
| SHA1 | aa01b6a5efedbf784dce6dfb80aa74a4911e4b39 |
| SHA256 | eea953c657a152a0dbbe7de7382ebe3f575c463567ac9a741c4a4c0201cf2951 |
| SHA512 | b449d89f6da880cf6e82bf7a823da16e50a575959a47b36dbc0124bb3f22b3e9db7c7c471a369a676caeef76a160729f8f3d8bdf5628ec15a02e478340acd4c0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bb670ae8039c99a0232e147ba839e0a5 |
| SHA1 | 4949f017074aa7a389beca4d8f1eab62c266dc65 |
| SHA256 | 7e86544856b153335da87d26a39aedee574c310ff0cf6440a73e06cda8b09379 |
| SHA512 | 171880f7535f25e4fa924fb63634bf50b6f02b7ba5012c595bc2f048fc3dbf3652830fc4d5b9d7e81d6960477bbf40433b93507c91799e8e04d28b90520e95ec |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9d5fe9ddeb40e5b64b5ef8c1cddd3982 |
| SHA1 | 8693a39a9d94a3b6f947cd80747a0e2e588c4b57 |
| SHA256 | 7ec15c12999190b2110d8c5bf4e4b1c170a4f0f9c1cc967b01bebc58aba43813 |
| SHA512 | 84ffffecd6ca9a52e0cc9ba651ee571c85a24151b6270a600f19f7e3473ee47dae91d1a138fd5e4dc86c87a4148e21e1324c3b0d2845fabf81f434d9264ad21d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 381ded0347366b2cfa047f0f03cc80f9 |
| SHA1 | 5f90a0f19601c9f2faa7b2f46fceebb96eb63338 |
| SHA256 | eb3883f513f57d40f73e0702b94df05c530db018101981250cdec015c856b976 |
| SHA512 | e77c7251b25032e1683980f1f4e8724daccbc58df30274a984a7963650241d4c493abae784877dc502ed93aa993684a244ea55da6b32991c425b287242e65b3d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 64181176fa10f401f5f0c84a9fa75bc7 |
| SHA1 | 23c2e99f23b07e57af1e430b13571e90dd98e7d0 |
| SHA256 | 1230c674ac28db5eac033d6248ad299c485513b9864a09e63ad99c924ecca2be |
| SHA512 | d2d71df1560377d9c6b2330104246ae798d5fdb7a6d1210075f8cecbb905171dd3b4d98f240d5a4090f808ddaada5a199dee839a01a6a6dccbaf3a29ac268cc9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 46e4c72c3f5a6f8239397ec2c3d43df4 |
| SHA1 | 4bfe9afdd27177e537cef1511a04ada4d14e7a78 |
| SHA256 | eaf8c67630032d44bf8c10528ad1f69e272a1ea9b24bb1cffe224b83beac9e5d |
| SHA512 | d79b070e462d61581d066c2536231848d3c2ae1089c6816be146d8bfedbac9236a1994e98631f111d22bcd171ece7e2e53161cc602f72f6d2071809f727c8959 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9b1c0d0be01e11c8f9043ecd00a9f610 |
| SHA1 | 24281ce6eb37e049fc39e0368b772066217a4d17 |
| SHA256 | 2b0aa0b0075b09df3b183e9f76beae017d681fad9b1a8ea43ad3b42e1a29a717 |
| SHA512 | f866c8ac46cf47a59793356cc6737e7888bb1f0f8d8583c37235c5ab523919370c26582657b3893948c8ca7c5674c0d9bdad3e273e3f6de8801ab15fd5ecc240 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a52445010c8b2ba84ce7062703e79c9b |
| SHA1 | 2450a6f599c511e17af249a567496f504d9c7e05 |
| SHA256 | bc71adeff1f7698e2c93225bd3825ec8ace0f6b61a0a0b9eaa1a75ad3a252d6e |
| SHA512 | eee38df66c54c215f07052bb37db12829f69c8ab4e4f37b9d69076f093a93dd57487d5379e7f026b4fb330230d00bb44c6ce3809d94652032178d0b708353a15 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 05aea545d293e15c4e120a2392be5717 |
| SHA1 | 4df15c206f28c09b515c67dc9d59c962c671c99d |
| SHA256 | a909af5a4fd499412cf8f4168ce4b92cc07cde68183e1eee27ccfdc21ea47780 |
| SHA512 | ef9cbe5e92a20b37e1e264368982df6f02d854b4064b0961cd2610cd50e07fcb879931f70b5eb27ac3364985f3c88ae0963021d76fecff118ceb009167f0ef75 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0942f4b4cc9ecbb5de7b56936803d822 |
| SHA1 | 56b8929a76487f3a0778f267f3bd7e9a1fd12a80 |
| SHA256 | 827f897449f90a6c1a082268765760b987f166466b5fa85288a6397264faded4 |
| SHA512 | 5ae816a72f9dbe6ff1d90a1f8e1b530ed352c9a9a917fab1f33d61335df5a2700e2c74418d3aece9547b9be98246d2765fb0a92b417708dcdfd0a539fbad25ed |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 4bd6b6d61bc31b2a3bb95a8fa52011d2 |
| SHA1 | 34bcbc94a4319d965c8eb90f61f608ac2c1b6c4c |
| SHA256 | 61bb8ad2973e0c19bf4bf83608bdaa9555dbc8aab4c0b7a0e065291c9757971b |
| SHA512 | 8a6e0d1382e74861b633d93e2c3b800b5f3c9fe3d1834987cb9b03c37d78d57d3eb4fb6ed76ddc4b230630a806efae5882a735f82e2a944916d98ece8ddb4436 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 12cab8c8d43e02a58bbba945922f41a2 |
| SHA1 | 052c9a633dfb18cbfa5fe2553c6b2333e89ba492 |
| SHA256 | 287e037f398c41e0f77d3d7ea6f12d15c5f4932c1bcedae4b9c37f5f91ad94a9 |
| SHA512 | 664e530167bf4243dd33165f283c4e5fa17de67233a4d9432a9dead530fda54574d9f9c52e11c6cdb6bfb0e1cf1b5d5b912dccdd655fb27f6745d9a465b34e42 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6f05e041f1617279a8e5159ac3b9649e |
| SHA1 | 86df21f6d7a3c5872e19c2c896a5aa34dfab9ded |
| SHA256 | a5d734cabb693e78b41a59c9c8eb39a39bfff7225491cb3e4d961883c6243626 |
| SHA512 | 4db59dbc23291ac724e266925487c2d1408181b9a8f471ab182996d8b1dfb783e46e38af7999b6c4b4e3603c05d7a4c9e508df01caa4ad31344e211959f63c60 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 42cd7203285b50cc52a344f3dba61fd6 |
| SHA1 | 630c506f085fbd8eb0ad6440ea3c7bb3dc7f09f9 |
| SHA256 | 784e3bee0f309bbf2bce31927c9ebeb9b34c10cb01d1592ef1105d2dfbaa8770 |
| SHA512 | c85990b696017476824bbe3b26b9caa416566fe5ff9416634fdf165f7008246169a0f2542cb0bfbc7ad5f755e6c6c8dce280ba09161d43fb3f44d2e1959d09b9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 947127caa4caa6da8313fbde9440b8a2 |
| SHA1 | d06937dd5d8462dc4ba56ba08ce2800d9c6aeac1 |
| SHA256 | d5200dcb27901ccebe8138a70898355f17c0ecbc5c7cec09348509d9983682be |
| SHA512 | 0e1333f98bbf5fede5ca7a92aa33ab70ad1985dcc8d53589cc1e82fc94b318a0b4b426a3e93d4b151bf2fc98c954035972a4d71623a5932f63afcfd49297b5c2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 93a9c6d6fde5f65159f4705ce8f53329 |
| SHA1 | 0782f521e3ad6a4d629a73c66455d809f15e86ea |
| SHA256 | 6392d5c8d5118e4d34ecb1e90e2505b74d3a138f7187cd86dc47b6da22200f75 |
| SHA512 | 5b311e38cf7f47e8564bcae2ffd804e156ba3151341d7ce6faf1c34e118134e0d19bd1bc36cac1d7f5e8a9904ca370041fae27f7f85836648fa61d3800699f2d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 6b3f20ebbbc26d4c6611656278922e56 |
| SHA1 | 0d1527a3f80c9858dbc1bc1a500a50c4de0a96dc |
| SHA256 | 4893ecc17ae419e0f8b8f844dc5b805bcc136274bbb4f22da179ca96963bfca1 |
| SHA512 | c89b85bb58996d1027d117cb688c43a1b06a5f467c8936396f81f5c9fba2dd898fc678a672f9b9f3d410390bf26f7c05a75aa33431e1b324cca500110a330c65 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0ef4f78b05b22acb801ad8d2eb9e9727 |
| SHA1 | 0ee784bac34a74e71f705248a35f47405969a908 |
| SHA256 | 67b8a9474045ff786f5013b0821c4093373e4ea2778854204e66e0869b61deda |
| SHA512 | d03eb146791f424159407478e6c2eed3167f6edd3066ff6456e46819a50425a3e97caf9e6fa97a76c47920236a139105c591e4d6b4ff50c87c41d91013bd9125 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ecbfb29f51146ccc5656f5f091baa51d |
| SHA1 | 53a8ba829170ada417e01291043f929fd9d9ea54 |
| SHA256 | 07ff81315a1a9814475259500128eba9cb6bc12607c42190b2c11426680590ff |
| SHA512 | 66f4a19bf80bca3defc0f752731e28a4c559a4c42042f5222a182c72e417302a0b357e96b901bb129055f5b07006769d820ce1154d408d0d5bd1347b39de41a2 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-08-26 10:45
Reported
2024-08-26 10:48
Platform
win10v2004-20240802-en
Max time kernel
149s
Max time network
140s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c2d4d2d4ce51cab7a74d376a5ef83f17_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbb50146f8,0x7ffbb5014708,0x7ffbb5014718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2232,18254073465763793561,1049908006873949865,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2244 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2232,18254073465763793561,1049908006873949865,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2232,18254073465763793561,1049908006873949865,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2656 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,18254073465763793561,1049908006873949865,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,18254073465763793561,1049908006873949865,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,18254073465763793561,1049908006873949865,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,18254073465763793561,1049908006873949865,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,18254073465763793561,1049908006873949865,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,18254073465763793561,1049908006873949865,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2232,18254073465763793561,1049908006873949865,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7116 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2232,18254073465763793561,1049908006873949865,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7116 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,18254073465763793561,1049908006873949865,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7084 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,18254073465763793561,1049908006873949865,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6176 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,18254073465763793561,1049908006873949865,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4220 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,18254073465763793561,1049908006873949865,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2232,18254073465763793561,1049908006873949865,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4860 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | www.edomz.net | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | scripts.chitika.net | udp |
| FR | 142.250.178.142:443 | apis.google.com | tcp |
| FR | 142.250.179.105:443 | www.blogger.com | tcp |
| GB | 18.244.179.50:80 | scripts.chitika.net | tcp |
| GB | 18.244.179.50:443 | scripts.chitika.net | tcp |
| NL | 190.2.139.23:80 | www.edomz.net | tcp |
| FR | 142.250.179.105:443 | www.blogger.com | udp |
| US | 8.8.8.8:53 | feedjit.com | udp |
| US | 8.8.8.8:53 | statinside.com | udp |
| US | 8.8.8.8:53 | img1.blogblog.com | udp |
| US | 8.8.8.8:53 | img2.blogblog.com | udp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| US | 8.8.8.8:53 | i43.tinypic.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| FR | 142.250.179.105:443 | resources.blogblog.com | tcp |
| FR | 142.250.179.105:80 | resources.blogblog.com | tcp |
| US | 172.67.146.166:443 | statinside.com | tcp |
| FR | 142.250.179.105:80 | resources.blogblog.com | tcp |
| US | 172.67.146.166:443 | statinside.com | tcp |
| FR | 142.250.178.142:443 | apis.google.com | udp |
| FR | 172.217.20.162:445 | pagead2.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | www.blogblog.com | udp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| FR | 142.250.179.105:80 | www.blogblog.com | tcp |
| FR | 142.250.179.105:80 | www.blogblog.com | tcp |
| FR | 142.250.179.105:80 | www.blogblog.com | tcp |
| FR | 142.250.179.105:80 | www.blogblog.com | tcp |
| US | 8.8.8.8:53 | 102.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.179.244.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.139.2.190.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.39.156.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.146.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| FR | 142.250.179.110:80 | developers.google.com | tcp |
| US | 8.8.8.8:53 | s10.histats.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 172.66.132.118:80 | s10.histats.com | tcp |
| IE | 74.125.193.84:443 | accounts.google.com | tcp |
| IE | 74.125.193.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | s4.histats.com | udp |
| DE | 157.240.27.35:80 | www.facebook.com | tcp |
| CA | 54.39.128.162:443 | s4.histats.com | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| FR | 142.250.179.110:443 | developers.google.com | tcp |
| FR | 142.250.179.105:443 | www.blogblog.com | udp |
| DE | 157.240.27.35:443 | www.facebook.com | tcp |
| FR | 216.58.214.163:443 | ssl.gstatic.com | tcp |
| US | 172.66.132.118:443 | s10.histats.com | tcp |
| US | 8.8.8.8:53 | 30.179.139.118.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.132.66.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.193.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.27.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.128.39.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| FR | 142.250.179.97:443 | 1.bp.blogspot.com | tcp |
| FR | 142.250.178.129:443 | lh3.googleusercontent.com | tcp |
| FR | 142.250.178.129:443 | lh3.googleusercontent.com | tcp |
| FR | 142.250.178.129:443 | lh3.googleusercontent.com | tcp |
| FR | 142.250.178.129:443 | lh3.googleusercontent.com | tcp |
| FR | 142.250.178.129:443 | lh3.googleusercontent.com | tcp |
| FR | 216.58.215.34:139 | pagead2.googlesyndication.com | tcp |
| FR | 142.250.179.110:443 | developers.google.com | udp |
| US | 8.8.8.8:53 | 97.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.178.250.142.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| FR | 142.250.179.105:445 | www.blogger.com | tcp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.144.22.2.in-addr.arpa | udp |
| IE | 74.125.193.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 138.201.86.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| IE | 74.125.193.84:443 | accounts.google.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 0446fcdd21b016db1f468971fb82a488 |
| SHA1 | 726b91562bb75f80981f381e3c69d7d832c87c9d |
| SHA256 | 62c5dc18b25e758f3508582a7c58bb46b734a774d97fc0e8a20614235caa8222 |
| SHA512 | 1df7c085042266959f1fe0aedc5f6d40ceba485b54159f51f0c38f17bb250b79ea941b735e1b6faf219f23fe8ab65ac4557f545519d52d5416b89ad0f9047a31 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 9b008261dda31857d68792b46af6dd6d |
| SHA1 | e82dc88e2d1da2df7cb19d79a0346b9bb90d52b3 |
| SHA256 | 9ac598d4f8170f7e475d84103aead9e3c23d5f2d292741a7f56a17bde8b6f7da |
| SHA512 | 78853091403a06beeec4998e2e3a4342111895ffd485f7f7cd367741a4883f7a25864cba00a6c86f27dc0c9ce9d04f08011ecc40c8ae9383d33274739ac39f10 |
\??\pipe\LOCAL\crashpad_3036_LAOINUPHBBVBJDXM
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0e0b11d41ffdf67f2729da7a4ddd142f |
| SHA1 | 2588f85fa889c4f69b20918ba2b981de269fdea1 |
| SHA256 | 8ee423b0abb7686660276951266a9140497b52c303f17a4c42a15515ea600856 |
| SHA512 | 6bb6c7aecf678a7e7e21bebaaa130d46e6c9d51f286b19288ea83b18e6ca2dd4d8a6ed05c0718e457bc853d6c30264663df500e207a20aba67d62020dad06ac2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b
| MD5 | a0423f1305547bb6b8f5a4fb1a9fc2d8 |
| SHA1 | 092dcf1fe57e6bb53821eb754e04188ee70602d5 |
| SHA256 | 6add651cb411ed9ce9a17883c1522920a6ee3b4eb676f5b411e72d1a5e7de6e8 |
| SHA512 | b8487c60b40d332e562cc5d4fc7c515e3b3c2c82311700b788905754c1376ce6f0da650583545a4691d51f04ec5da0c0204997214d167c85b788d4c85236c4c3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 4f6ebf2f527a85a912199e631086002a |
| SHA1 | 578d9a57148cb16e8e17f4cb6958f740fc212549 |
| SHA256 | 3c8a610438187a7ebfdfacf64b7a7f8dcafa8178ff9274946714f1f41d429409 |
| SHA512 | 966078ee53d2da079b3f89876e67b94e007fd4fe49a0d79c41a5ed9758db56f12614b865832bcc08e53e51fb895b5e3aac7d75dd24c71d3fbfd54913661ecbbf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6cc6ae90762b771c3ad9a29088016a5a |
| SHA1 | 1f8c1d3b343f78256dc3d6ab1d7d30275b077e4a |
| SHA256 | f64bbd6c417e10c4dfe96c28dd7fe556dd1c3ed9277831d9af06aba72b8bec34 |
| SHA512 | 6efaca389912308dd1cf07917c0acfe398e0e1dcb9d77413b760f0d87d71cf9adbdc9b72b27d1068b9668378ad998923cf92f46f2ad6f9b98dfc3612427d5437 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | be353e462acd26348af0567c64905cc2 |
| SHA1 | 89f4df6f4926d06c0c6cc3c23116fb61f78570d5 |
| SHA256 | 29c5896342a8cf0cf18e4aad61d7551bf86dd5cccda1ccf75233d88938529f18 |
| SHA512 | 5ef4d0174a8b29cf91a43d9a1225e326b3a0881d16ac7d7add134fd71c395a8f1fa1fd1c4dbf2a29d6c01aa3b49f792ccb07267aa1e0d5ca9cfbcdd6e128d036 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6892dba918573410325911d8949d6ea1 |
| SHA1 | 224659838ff3ae9bcbd6f6a41ce4b99e1b799698 |
| SHA256 | 19126b42187d55c0a11d3053836869dec484d55415b0c76f961b015d4c291a9b |
| SHA512 | 4ebbd632ee841968fcf93272b7046578a4444934cbd690cce215e46b6e7b4945e4598c35c47c126ed6d111cf076e67bd4d3870d64508c30f6fdedb8e5a21deeb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 6d7734e477d36263fb616056121f1e0e |
| SHA1 | 639ed90517cd56bba7f56d9d166858c1794baeee |
| SHA256 | 76c2a70baee7b4cdd0efedf893b3c1e04017b6038600ae8e711924df5d5325ce |
| SHA512 | a2e84922ca9358eeaa7f4b6141dccbba9b84b22194ed180b594671d3e9e7145cf5cca061cd41d231af50944c2397c74d561115f987c6cf046fef08597f690886 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 75b983fd0d933dfa70520c2f0e10ab84 |
| SHA1 | a30689af5231a7e322411666e2dce87c44556243 |
| SHA256 | f9d6b951b5392dcb9649e375f27329b4e2ed783695e41f6e4b0baa0b0c828347 |
| SHA512 | fa7162645a595019c6cb02b9cfbe52305a23560c4aad5fe16d7adf969dce2dcd6ef5e625e2bc7f03c77f62e19ce87422df68111901db3e9be91344c9d7314134 |