Analysis Overview
SHA256
8db7d50e76226deae9183e53701bb9929f302946aaeddac504d56f2f90144452
Threat Level: Known bad
The file c3896217af88b7fe18aefcb61b375f09_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
SocGholish
System Location Discovery: System Language Discovery
Browser Information Discovery
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-26 17:55
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-26 17:55
Reported
2024-08-26 17:58
Platform
win7-20240704-en
Max time kernel
143s
Max time network
144s
Command Line
Signatures
SocGholish
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000043174f1aa2314a47aa677ebd5ad1f6c700000000020000000000106600000001000020000000007c15ed519f78f1ff225b5f4ab7ff2be0df343eb88742d5792c1ee65a7d7422000000000e8000000002000020000000db07948922f7f015a0ed05dc5b1c7086cb9b7bd1ffb1c4982c5f55bbfee44c7e20000000bf28b6788c2a0b2947d9f100e55d48f08eef699d6dc00323b5c1457e221aa68e400000003715a4c30fd61072cdbd4879a0cdd67106190d577f15968c0475f64391fe1a5cb00f3ebb3a2db1599611f77dfb18e7c7580e8de053355621d41ab8f8995bf3fb | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6C4C50A1-63D4-11EF-9994-C278C12D1CB0} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 9023f041e1f7da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430856815" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000043174f1aa2314a47aa677ebd5ad1f6c70000000002000000000010660000000100002000000086c521a8686f519456ffcc7591aecff87158be8eb352990b6137e7b58a874f3d000000000e8000000002000020000000e451d5d855e9a5fa2b766639016628f210fab101975f8787154967b08e40d15390000000836c42b5326ffa9869cea5d6e853a128de3da3366bcb10940a6ee4db8246a52730d5771adede2e5b1198fc24107a3c1b2d546740ed9a10569610477ecb71814a5c15b24da28d4b3a16881d8e3fe81b5e6a52b8c414e11f386501d5bcf904a88bdefd4ca17082c82b02ab36d64b9e4977c698c7aed627547cf2d5eec3a5ea9c50db6c1658dbca35d0dd15652e44602cd040000000ffa62d88e8425bd744badb41d174221e096b2b7014dcb0e2bd74b097625e809eefa8927cf99696c0c2163e62bee7c930e60ae16e76c1e82dafa06a5307ca85dc | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2636 wrote to memory of 2888 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2636 wrote to memory of 2888 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2636 wrote to memory of 2888 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2636 wrote to memory of 2888 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c3896217af88b7fe18aefcb61b375f09_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2636 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| FR | 142.250.179.105:443 | www.blogger.com | tcp |
| FR | 142.250.179.105:443 | www.blogger.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| US | 151.101.2.137:80 | code.jquery.com | tcp |
| US | 151.101.2.137:80 | code.jquery.com | tcp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| FR | 172.217.20.174:80 | www.google-analytics.com | tcp |
| FR | 172.217.20.174:80 | www.google-analytics.com | tcp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| FR | 142.250.179.105:443 | resources.blogblog.com | tcp |
| FR | 142.250.179.105:443 | resources.blogblog.com | tcp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| FR | 142.250.178.142:443 | apis.google.com | tcp |
| FR | 142.250.178.142:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.147.35:80 | www.facebook.com | tcp |
| GB | 163.70.147.35:80 | www.facebook.com | tcp |
| FR | 142.250.179.97:443 | 4.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | badge.facebook.com | udp |
| US | 8.8.8.8:53 | www.blogblog.com | udp |
| GB | 163.70.147.35:443 | www.facebook.com | tcp |
| FR | 142.250.178.129:443 | lh3.googleusercontent.com | tcp |
| FR | 142.250.178.129:443 | lh3.googleusercontent.com | tcp |
| DK | 157.240.200.16:443 | badge.facebook.com | tcp |
| DK | 157.240.200.16:443 | badge.facebook.com | tcp |
| FR | 142.250.179.97:443 | 1.bp.blogspot.com | tcp |
| FR | 142.250.179.97:443 | 1.bp.blogspot.com | tcp |
| FR | 142.250.179.105:80 | www.blogblog.com | tcp |
| FR | 142.250.179.105:80 | www.blogblog.com | tcp |
| US | 8.8.8.8:53 | m.facebook.com | udp |
| DK | 157.240.200.35:443 | m.facebook.com | tcp |
| DK | 157.240.200.35:443 | m.facebook.com | tcp |
| US | 8.8.8.8:53 | crl.microsoft.com | udp |
| GB | 2.18.190.73:80 | crl.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\VGXFB3C.tmp
| MD5 | 857cf81cfd3449fd408ac0604cd3a326 |
| SHA1 | 69209e67fdd7533fb3c76a7f3e2430a63909e4e9 |
| SHA256 | 380be71e72fb28899a6cf71bad4434677a6df3a2fcce56d23c28bc4794549047 |
| SHA512 | 8b6171180e1145953f185cf01651a3ef0fcecc2cc44a921d70f0e6fcaf58b42672943bc4f3e933fb333bdaab8ec0350dfb34c14aba30645463c12239d8814dc7 |
C:\Users\Admin\AppData\Local\Temp\VGXFB2B.tmp
| MD5 | 94a1820903fb1f98de19df188a6ad531 |
| SHA1 | 599ad7d04fd5b1fa13f334e95240a5a9f4a66583 |
| SHA256 | 6e232a3693a281342acc16b293dddeafcf91579f1b52df2cf22303b17c2a0e57 |
| SHA512 | 25a8c568e85b48d20455872d8e4a189b024071d0ec19ac5b273faf52916f5d4c42fae0f78179bd7b07d35ecfe7c6154950acdd15ea5011f8155ca3aca8be1c7c |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M7H6XY0V\plusone[1].js
| MD5 | 65d165a4d38bfc0c83b38d98e488f063 |
| SHA1 | 1c4ed17c5598a07358f88018a4872aa37ae8bc07 |
| SHA256 | b1320e0dda0858c87971f7baa0d53063ad2a429d232fd06b0067bda8b9eeb0ec |
| SHA512 | abf4c755d88193e7e05398b6f934fc561d8e2adbee7d2170af399e145e54a4a8a93988e4af4e28d6240c0bd1bda7035ae97f67a85a471088820baae8d89f3d41 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b914e9de72a6866a0c8c6c1af87659c1 |
| SHA1 | eda700bc9ea3fb4b94cdd8d53ff86a7c534e4ef1 |
| SHA256 | 008f879d65ea71f89e50db464a730265fdc812ce8226baf36b8178adee346a50 |
| SHA512 | 61994bdbe543b066b5cf8f7173d73d89df24e3f2eb81577cc6d5e8477968103a7fd0b580fc6298f76e93df33bea0199191060d4f3e5c84510bc35021c49ce211 |
C:\Users\Admin\AppData\Local\Temp\TarF703.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 02654382351680b51d95b71b44ea5828 |
| SHA1 | 54b8f448c8796bb028b8ad6bd762da64045c1453 |
| SHA256 | 98c1146c005b2365cdcdfb481601b2a4d0fab66d8e0daa471bd1471522c26b34 |
| SHA512 | 64fa212a23288dcb5638e3c2a13d31f3dbdf9fbb320c48835d142122796860e59e61c1195f6cc8c700bd4c1844e5a74a8cedb111d4511f5f3baf6640a5c81f54 |
C:\Users\Admin\AppData\Local\Temp\CabF6B0.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c43dc2b224ccbfe6b4a6d14918d5eec3 |
| SHA1 | e401239cb37e9cfbf0c84297a3f435d9d49a7e1c |
| SHA256 | c4b5af60a4effbe640299c3d51ab395bcc1a95a98c1206c5a1eda90c67e8741e |
| SHA512 | 16535faccbbcface11b8428227d25a46e206bed6f343072d6f89df9332a52fa1d2e40d81b00c7030e4a1aeb8c460c96ff4c1ff145fa08195779faa2bc0aa0f02 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 69214806d3db6d439c37eb705bce120e |
| SHA1 | 6bb181ad219a509faf8904e8acc059bccf84b10c |
| SHA256 | 9fd1c93cfe3665d73a85621aa70f2d7675adb4622ef044d383ee1b3a65b8ea94 |
| SHA512 | 94227d33402664f8c03338cea04bed4a903bea68b4bfff7c0b4452d4909bfe1e8090d7e894a05abcdca99fc69e728f2e89396e839c154fccc106b76f38ec5c0b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 617e2265f60ae6bad81f2ff01443e144 |
| SHA1 | 6f17c05a77bbc63d8aefe3165fb6301c4346d5a2 |
| SHA256 | a706108f485e33a7243b5b870699ba73ae57cf49b55ef50d5909adf42bb021db |
| SHA512 | f09f43bb8e1343bf3d7b562af802b3d6050499b313f99adf671c2aa1fbbf0111698e49d8dd647eb40291b1ea77bc8f8b77d887130a5454d6766a3c17202db2e9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0c9a345b46ee577dc7cc2f15bdcc359e |
| SHA1 | 50cebb0e36960cfedf07e81adf7023feab9d9663 |
| SHA256 | 80eafe4b708c3aa85e8f22c4f9217ca7f886c2c323ba6be29f5bf8f26b3e9601 |
| SHA512 | 70e20464c4ffaaad7a9716f5b30e74a3af883dad51fb539beb061377b9b3328c382289357f9e8fc90fa0f8fb19acb0a725c9730bb345ed67781e9f17b4806f38 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 02df0b389744b78c4e0cfdc245eeef06 |
| SHA1 | 75e01d11c1ffb890072a2332f1610de841c05435 |
| SHA256 | 1b130f150a2e1c9e753f7aec40d2a907c6f17341657fbcdc2c91f39602b32a39 |
| SHA512 | 8523ed3f707a065b9ad82ec72095d56d81541e262dc9b8673e094a289f0949b97d0f9f9587e1f38842b0fcbd1530687d074d94b69604161d106b8d20e220c03f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 73c485faf8c7d55939e7692576d0a274 |
| SHA1 | 70c5f422824a672dfab0b3f57c481122f46cd05d |
| SHA256 | 5b9bda59efdbf0da2b4245e16d0d09a213f1fdd86db45df9cb9ef063b0775a08 |
| SHA512 | 331c5e8b2889d5b00c767457df1561f17beb787b30957cdda880e7a69c80cb4684418716036f8f480233c54208f0c078b0e77d827c2b609bd93690769717bd26 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 64fd0c53d99406c9ad650cf47e93372b |
| SHA1 | 387b24621fda81dddab0ec579a27d2287e4c5c1a |
| SHA256 | 0806fa46014c057f7378d6e75c60fe8ff35b8a537718c7b2b9e5551cbfbb874b |
| SHA512 | e40c6e2e43c94af1cdc068c2a5c3f7b3ac2d6188bf6bd9021e92735c1031ba5b3b8bef26763edf07c34cb94c07868d32f5a122a4a9a6eb59caf44396286d3b8d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e243bd1b071739ab932f00288a6859f3 |
| SHA1 | aa3d964c670f8e96d3feb9938f77e20770cd59fb |
| SHA256 | ca332dfe9ee8199d9d2196acd3f7e2a80bcebe3f8eace9c26eefe7750234ed18 |
| SHA512 | 69d4c5319135da2e954254a33e94db356d21a01b6627a14bc060cd04afbee8cc0ab29331a0d5455e71a97234ff88a91f22b3409b65efeaa9d7ace67ef1ec317a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aef80cdb85f1d7f9177b643a4c18111b |
| SHA1 | 483cdaae59cf9d08be22bb1d3af68d7ab56a5d2c |
| SHA256 | 0439c2cb1e73a48c566496538ab9623c70f52bd6904fb1eee3d95d3a6fa53ac8 |
| SHA512 | bb4cb760cb3b800eb4ec0d9ed9b459b499c0103a2d6f50464d1a86bfa40521ea94926feee5ef7f05ccc38af04c2492075880450179bd7822455dbe114a142b3e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8a77393e536d1a68784d2c75b5c0d2f0 |
| SHA1 | 7000ef65ff99727dafdfcdfd984040085ed07929 |
| SHA256 | c7dad5313033af6a39ff1d4083f1c216bbda005e8a8e8ab48a0924044d892c58 |
| SHA512 | 2006f4e0ff6718eb70c14263f8aaa7bb4160a790c386d6193739617f4f7c896ad434fe58fe052ca78c0809d2a0a5f0e57f63903320380113551dbb5f1ea1b9c4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9061045217cfca7e5c016a0f6ba13d26 |
| SHA1 | d41946b3eaa97c0f47e9ec735d233e08d6cecec2 |
| SHA256 | 79ef0519f737b608af27589fa2a51b6e02ca8501d79b2bd441568cd28e20c205 |
| SHA512 | b7daf874dfe7ae70745cff66ee3b6908b8a10ca91c7e2d88f067c3d2f409d2d279f3790a168183ea7c927d05c7477b692ebd175be0e2f29aa5fed9aaadc36c2d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aaca273daedf09c833541a9f3fc5a794 |
| SHA1 | 166356297b839465ad3a9848e85c8415b4fa65f6 |
| SHA256 | 44d86a1c72e96646774b8a5c126b0b87f8c80abe2f84bd28b3b08b495d2bebe2 |
| SHA512 | 46f4321bde5d59e86e41ff3e8fb60690e85df5123daf1b582363b6fa916fe45b140fb9d82815fe5f509c886942145e4cd5f3bf75221127b1371e82864dff68e6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bee744fbe668e8a8254f8fdea6a30fc2 |
| SHA1 | 0b06c5d32883e4005f2212343d1537aca0968034 |
| SHA256 | 1831ff40b8e451d91e1fdcda99b6647ea06cfe1d471b1d402030ba435a51865e |
| SHA512 | fe0bc281dad69f43bcc6d650a09f384fccf00e1fc4a28fd9999d4d86f5fc0a7ab17ef41b077a3f6c20ab192e0040f1475edefd5eccfe3f1fba24b28f7db01b54 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e3f19352ad7289c11db4446bd4b57c38 |
| SHA1 | 1900df95fe3d823d28e666eefe18963554001022 |
| SHA256 | 570cc17804d67fadb6dd7e443a4a999e2adc96601a1a79d826ffeff1ce49521b |
| SHA512 | 5b5170471a125baf26e4647da31d5d2ec119145c22444713164ad01bc0360f6e985ca4f9770552b618bb93bf52bc5aa9728d7af43ba9fc204075d9449d98f695 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 7bf6c73cd6ec691cc412d2031876e690 |
| SHA1 | 834e8f343ad85e9f376c6a279560871bab2e4e58 |
| SHA256 | 5f0e69330bbecf7eae7833aa0c304c12e679f7011abf1ed625dbed92a6d8f2fe |
| SHA512 | d37edcc8893176771fbfbc73e3b51abd0ba3d60ae7fd909387638fe8a59644dbac99fa24e194f02ec534320facf011d080d58faa2860d668818dbc1ec5b8b209 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 573c9514806230cef1d7fd76f59e42e3 |
| SHA1 | 260ac3de975429238af1f3ae319f72bc9c375c9b |
| SHA256 | fdf5ca7f460e0a7b7d21d89df84e46a07ca51e5da287dab4450162c90b3e3eed |
| SHA512 | 3cb9a2fd943569a4db9e9eec63262d6b0e43313a4d47e518ba55493ef6daca1accadb3569810d75950885bd3785dee0a600afead25bd30895999fa8800d3de75 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cf7879676aadac452a2478656b3c8a0f |
| SHA1 | 68026c6b82fbecee1f7c34b399c062a4f5bcb494 |
| SHA256 | df53df439a57139c769901ad82b6dd988b72dec2a360e6e9d120a77d4fc86dee |
| SHA512 | 7527a80aa4abedf32d4e950dee828d9bdf92b74a21641d7e009f09c0dc5bb95e542d829c44bb69868ba4e23a3447da3e0ea7761547d974d2e57c6a8115d93a6c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e717db60d72af211e698bf3a47adab1f |
| SHA1 | a8c68ef1e8a1394ae9e1d083f186e3af15eefea3 |
| SHA256 | 775c7d370dd9c7e893abef556fd7f679e883fda80cefb57f13d0382cc56eda63 |
| SHA512 | f63a0f96a5aaedf1b140be861982b313b911bc57a9636a81634f0ca9c678522c58d526f0c68d24c889cb770e640eaef9b3a57821fba6e2c730ccd010896f0da3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 65670c23adb35627584ff3a850b91933 |
| SHA1 | e4d95f5306b7b4c449b7d66b243d9a595ea48214 |
| SHA256 | 3a92539176fa003256a54f3371534010a6b0847a78bacea0fa5bdbe12bea7648 |
| SHA512 | 31330c8beaa23aabb5f2b45290e58d0ae880da7da57035f97f47f29f2ad16766489546a79c9e772f4a17ea77971adb9f93ba523795d3d5f0906abb93c832cb9d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 94a7738b31bd08efdf68153057ca4287 |
| SHA1 | d9bfac5621bf810a16d01d6c2ef1874a37a8e407 |
| SHA256 | dcfd27952bbc329901af83ced927258563b7570e459b1798e9a6741038452294 |
| SHA512 | a058c69131034211cfff974e29686f89db651dab143b84ba56989f865d2daf6989a7e4b1b017f3072b1ad5ffab23b37bd4564ecbd23523da644368c35845ca6c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0e5fbb1aa5745be16277bdfe1972e565 |
| SHA1 | 80fc9c29522dfb98185c59483c7906b9002ccf86 |
| SHA256 | a96000998d86da748b28e6d8a63e573a8c77060dee4874123dbd6415987e6213 |
| SHA512 | 69b903ad9e031f520c85b390ba0bedb77a2442cb42887b40deb98ac73dd176314ecfb2f474d206ab0abf84dd2203eae690cc210367ac5f83d6b1dd996ed68e44 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0c2ad8be51b24dd3fea66093dd0f2735 |
| SHA1 | 4293d7a09ada691590921be7402dc90084156716 |
| SHA256 | e92272e6bc9b9c1c2c807e0562225d68ca414f46cdcaa1ac93bc9aca1995303f |
| SHA512 | a7b2f67246d87bb575bdcb1158557fe527048911915787b6998b2743cb0c4ad954789e8bc79bef8d223bd9c6c8630edee6840ee2433e78e2aa0852b2d40d22af |
Analysis: behavioral2
Detonation Overview
Submitted
2024-08-26 17:55
Reported
2024-08-26 17:58
Platform
win10v2004-20240802-en
Max time kernel
145s
Max time network
139s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c3896217af88b7fe18aefcb61b375f09_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb757a46f8,0x7ffb757a4708,0x7ffb757a4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2268,16399431090617337993,4380726856107689414,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2284 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2268,16399431090617337993,4380726856107689414,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2268,16399431090617337993,4380726856107689414,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,16399431090617337993,4380726856107689414,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,16399431090617337993,4380726856107689414,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,16399431090617337993,4380726856107689414,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,16399431090617337993,4380726856107689414,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,16399431090617337993,4380726856107689414,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,16399431090617337993,4380726856107689414,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2268,16399431090617337993,4380726856107689414,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2428 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2268,16399431090617337993,4380726856107689414,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2428 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,16399431090617337993,4380726856107689414,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,16399431090617337993,4380726856107689414,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,16399431090617337993,4380726856107689414,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,16399431090617337993,4380726856107689414,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2268,16399431090617337993,4380726856107689414,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1120 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | babab.net | udp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| FR | 142.250.179.105:443 | www.blogger.com | tcp |
| FR | 142.250.178.142:443 | apis.google.com | tcp |
| US | 151.101.2.137:80 | code.jquery.com | tcp |
| US | 104.21.18.241:445 | babab.net | tcp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| FR | 142.250.179.105:443 | www.blogger.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| FR | 142.250.178.142:443 | apis.google.com | udp |
| DK | 157.240.200.35:80 | www.facebook.com | tcp |
| FR | 142.250.179.105:443 | resources.blogblog.com | tcp |
| FR | 142.250.179.105:443 | resources.blogblog.com | tcp |
| FR | 142.250.179.97:80 | 3.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | badge.facebook.com | udp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| FR | 142.250.179.97:80 | 1.bp.blogspot.com | tcp |
| FR | 142.250.179.97:443 | 1.bp.blogspot.com | tcp |
| FR | 142.250.178.129:443 | lh3.googleusercontent.com | tcp |
| DK | 157.240.200.16:443 | badge.facebook.com | tcp |
| US | 8.8.8.8:53 | www.blogblog.com | udp |
| FR | 172.217.20.174:80 | www.google-analytics.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| DK | 157.240.200.35:443 | www.facebook.com | tcp |
| FR | 142.250.179.105:80 | www.blogblog.com | tcp |
| FR | 142.250.179.105:80 | www.blogblog.com | tcp |
| FR | 142.250.179.110:80 | developers.google.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| IE | 74.125.193.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| FR | 142.250.179.110:443 | developers.google.com | tcp |
| DK | 157.240.200.14:443 | static.xx.fbcdn.net | tcp |
| US | 8.8.8.8:53 | 240.143.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.2.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.200.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.200.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.179.139.118.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.193.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| FR | 216.58.214.163:443 | ssl.gstatic.com | tcp |
| FR | 142.250.179.105:443 | www.blogblog.com | udp |
| US | 172.67.183.234:445 | babab.net | tcp |
| US | 8.8.8.8:53 | 14.200.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.27.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | babab.net | udp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| DK | 157.240.200.14:445 | connect.facebook.net | tcp |
| FR | 142.250.179.110:443 | developers.google.com | udp |
| IE | 74.125.193.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| DK | 157.240.200.14:139 | connect.facebook.net | tcp |
| FR | 142.250.178.129:443 | lh3.googleusercontent.com | udp |
| FR | 142.250.179.97:443 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.142.123.92.in-addr.arpa | udp |
| FR | 142.250.201.162:445 | pagead2.googlesyndication.com | tcp |
| FR | 142.250.179.98:139 | pagead2.googlesyndication.com | tcp |
| IE | 74.125.193.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 25.140.123.92.in-addr.arpa | udp |
| FR | 142.250.179.105:443 | www.blogblog.com | udp |
| US | 8.8.8.8:53 | lh4.googleusercontent.com | udp |
| US | 8.8.8.8:53 | lh5.googleusercontent.com | udp |
| US | 8.8.8.8:53 | shuhaidablog.blogspot.com | udp |
| FR | 142.250.178.129:443 | lh5.googleusercontent.com | udp |
| FR | 142.250.178.129:443 | lh5.googleusercontent.com | udp |
| FR | 142.250.75.225:80 | shuhaidablog.blogspot.com | tcp |
| US | 8.8.8.8:53 | 225.75.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| IE | 74.125.193.84:443 | accounts.google.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | e765f3d75e6b0e4a7119c8b14d47d8da |
| SHA1 | cc9f7c7826c2e1a129e7d98884926076c3714fc0 |
| SHA256 | 986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89 |
| SHA512 | a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079 |
\??\pipe\LOCAL\crashpad_3668_GXHVVGIYVUEZUEOJ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 53bc70ecb115bdbabe67620c416fe9b3 |
| SHA1 | af66ec51a13a59639eaf54d62ff3b4f092bb2fc1 |
| SHA256 | b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771 |
| SHA512 | cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1b63be5039dd4ecd3654ddf5b6df2a6d |
| SHA1 | 57f7d58f39fb3ce07cae1b6588f97d3204d63e76 |
| SHA256 | 46725591036b81875c47121ae3f2384554cc1c032b442822949142a804dec5c9 |
| SHA512 | 52e773e762793a4d4074c449b84871fd727286658cde0c6c91ae52b79d5fd846323eea60c3b600de90c52bd4e84b3b020974a5089c528a71c7adb8c2e386d36f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d
| MD5 | aa6a698d1c7fc6d35265b10af5570e9c |
| SHA1 | 00da372ad4964a5d5b8afff7fe1b207ff284f232 |
| SHA256 | 02f6ae7bda59fb1a20d3386021fb972ced348bf724fea42157225d416f9f049a |
| SHA512 | f5b2f732e899cc0fed577e1ef1c51c154ede5d206543e8ac7c1fabb182901f8e93e137b63f12cbb87b3f570a283a368bfb1b9d637cc5b1c4f1669ff5cfbf306b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 579cde804cabe132a11a008f09ae63fb |
| SHA1 | 435154a3b648c8c468695e56eb42dc08a0adf0b8 |
| SHA256 | b2875fca5f8a41f2b05227a4fd4e6ac5d886179098897348a731553f206d8450 |
| SHA512 | af1fffdc85416c5f3d946b8cc6cc3b424e49757adfc8a4bbded2bf4a35186c3ad4f5c50bb01c42a7249d098bd07f174a8570f785aea9d0f33aa6ab1b2e4e0e04 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 019f4512627b7c536df9ae3a00478c26 |
| SHA1 | 952fb068fb8e5357f1c640ace437508c91681e06 |
| SHA256 | fe2f1308dc62094d07eee638bae25eb7db19f68eec89202016341802cf5fbb18 |
| SHA512 | 1fb5d75b1e0631080a8c0c37bea45fd948af5f7a95001058d60129688d0c07ee203d133f1551ea19d532628f150a5ed22bae5533a6cc385a6bd3dcf87de941ae |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 2b08e9eb8438fc1738a137d2ebe60c5e |
| SHA1 | 970c62a95f3fb0acd570f7067aa6bae09ba2c9ba |
| SHA256 | bdda68b1cfa28ecf682d1e4964ef2c6716d477da973fdf1a87865861f6b0a319 |
| SHA512 | c3ec641151b4b2f9d772c6f0f8f1757f6cc9c812336a3e6e15ceed33566541302047ca0f786b16628b9b5535ff1c830bcec706fec08e4c080e45283a56674f27 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 7f8142f0655c7001bc756f8a1cc745fa |
| SHA1 | c2facb48d046f06fcd74f04e815c74aa5c56471a |
| SHA256 | e17b09ac51b438afc4df7f8f9c7de2e6001841c8a105c01f1296d02008d40eb2 |
| SHA512 | 6443766149c0132b28cbecbd00cec501cbe03055d0270482c501a6294c28bb7454df17d496d3cff9cf4cd2d11b985e3b3f9082a42c2b68ec28f0ed55524de415 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58075e.TMP
| MD5 | a938cb9d76c6099da217da3b9f5713ce |
| SHA1 | 3740bb4baa9686301fea7d137d603293d0709635 |
| SHA256 | c05b45dc4eca3b3fc1b43c97ad9399b6a8fc9da52f8da5ec906c6c6e7a47c48a |
| SHA512 | 0f385a49eb6e1dd065b13a46b41a2e8ffee5f5bc44f5d1db241097e3288622ff5ac106604a623f5eed1a6c4f76801e0c32db89a59a6166c745490158033f2328 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | c88ea8581b419f6aedd7def77dbc4f06 |
| SHA1 | 6442b7d8b7179927b0ae69e64c3280bb7ea300b2 |
| SHA256 | e5a4b1ee891e01e10ccb3388b65cea76d407e8ae2219b6ae01172e5e1c4a73fa |
| SHA512 | 026fe76238025b8a92fc8e9c3ec7cff6409d276e00b61ce06f74c7e8dd039d7739c6bb94d369619c76b7cd58ac196b83645820dde3164d4167cd3de5328866cd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9a6c43071416b7f9b7fbec3080172540 |
| SHA1 | dc0a78e9fcfb1a77092881a1cbb8d14c915811d6 |
| SHA256 | 260c1c301078c7ac628c59f7cbea7855d72fc2d91e94fa9c9630a9dd94f9e774 |
| SHA512 | ce0c5d2f1fa3ee50b2a5f07f7b9d3a507d91fe28c210d2efa837433eeb6c57dd9fa874f0007636a42742546034569cc24658b4548207a03dead057e5056fb498 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | bc7d2bc1cf73568484aba2b3af1af1c3 |
| SHA1 | 9fa861ff6da4189d57f7bf264af5f6c11ae38ca3 |
| SHA256 | d5acc5f4e1cf079650d43f2833b2703c2971e40307dca20c4d747ef10c40b176 |
| SHA512 | 2f61d941e8a4fe1a4124fd7ffd4e4b2d69bcfcb091af0e18db22d531ea1cb3adcfd71689e56ed4c37832a5f5ab8b2f08f5c0496fb858999670200c048530aa83 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | e88c43bc64f187cc995b81bc038ed362 |
| SHA1 | 20b2bef0cf0159bdc0b85bb0b3ddc9c0c99800a8 |
| SHA256 | 0a69a5f75675d226e2602e3fbc2072d0ef9749b9b17863b7973f6e28d4232824 |
| SHA512 | 062034af8656813b84540863cf44147c6399f824fac39cd520eca343aeb32d985a838d2581083e2e2de780978af50e222fb1b35561345682f49434876c702fad |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1a8591ff9aca149cfcd6ac9a324280bf |
| SHA1 | 37f96c58bbcf097572263df102e425bf2e378c2c |
| SHA256 | 6d660372bd146603d8c1f50711491931f4ca4078d9c677f063ef6008f6979725 |
| SHA512 | c4fd6182991cacb2832f097a694ccda632ce2e5b41710aac740644439de25f5eb20556b089630f171aaad38e01243ab7b00b50b175ecd9b7b503d5e9ce31ca38 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 31eed0ef24acf7b3005a2f42f1269081 |
| SHA1 | 3513d39bedfddaabd9a75c7e22ff3ac107842985 |
| SHA256 | ff2aeeec860a6f8cc532ac6f2e385e9466bc929575b72d5696a89de07ef7b0ac |
| SHA512 | b2c95b7b9002a31e5a9abcb6a647d0542f8f1f01d4255ecd1386bf80e5a6f0ad7666765f5740c61ef209e331803f9985ef4fdaee3b3e04bdd08c457d760a4886 |