Analysis Overview
SHA256
c409415a7ee1ecaa02cbe355288611cd897d7fad794554645468274035fea18c
Threat Level: Known bad
The file c53569739dc61facd0c5e70b741c8701_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
SocGholish
System Location Discovery: System Language Discovery
Browser Information Discovery
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-27 14:54
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-27 14:54
Reported
2024-08-27 14:56
Platform
win7-20240704-en
Max time kernel
140s
Max time network
141s
Command Line
Signatures
SocGholish
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002aec918cb9fa9248b7812ac80df2e74c00000000020000000000106600000001000020000000934c0d17b77c52ddc76e0b90437f562c9a9f9ba26cee9a2d16fa52869cd3f418000000000e80000000020000200000001b95aab37437821d2653a47fa68e86f13201182524c9bedd33d0a7ede40636ce20000000182b03342849c0de0feb1801300abe653d11bc4becf7a4ccef101bfc5e81fc4640000000cd0ef18c20e020076650eca2e121873a66350c014fdcefeb39743afc79a5bfda665baff4501bb40befe2cafe747aeb388aded93ee342a861590e7318dc93f038 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430932328" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002aec918cb9fa9248b7812ac80df2e74c00000000020000000000106600000001000020000000caa5aaf53786a5f1dcec36906b2c02219c8db3b1c0ce96682fe56a385a3635d4000000000e8000000002000020000000609c5658bfe694ceef5ee8f1771aa2838439eb811fb6813e37d12f43e6efd76690000000a2650286d88fc003d09cedaac9388a14fc46751f0480c299728debb9578a7ce3ed88e5b90596d3ec6586363cdb6ce27b45ed0fe3d22a361ea29d781cba15cf0bb3c4d3929d455729ded43948bcb615dfa295e8dd948b644df693bc8a13089ca60a2c067a2342f9122e7e6d8ca5d2975a64024866a48a20ca6d359dad8c86b3d756305f68bdad314a466b793c10a3904840000000b2c54276998e08df25da1e1a40d50475d133d5f75be08783f4362e01cfb35200610849c4aaa1e9b6f49c8a3ad610407e487582843d0897ec90521d7b53555646 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3D914D01-6484-11EF-8FFE-7A3ECDA2562B} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c0ecac1291f8da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2272 wrote to memory of 2824 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2272 wrote to memory of 2824 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2272 wrote to memory of 2824 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2272 wrote to memory of 2824 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c53569739dc61facd0c5e70b741c8701_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2272 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.assoc-amazon.com | udp |
| US | 8.8.8.8:53 | ecx.images-amazon.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | buyplasmatv.co.cc | udp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| FR | 142.250.179.105:443 | resources.blogblog.com | tcp |
| FR | 142.250.179.105:443 | resources.blogblog.com | tcp |
| FR | 142.250.179.105:443 | resources.blogblog.com | tcp |
| GB | 18.172.153.222:80 | ecx.images-amazon.com | tcp |
| FR | 142.250.179.105:443 | resources.blogblog.com | tcp |
| GB | 18.172.153.222:80 | ecx.images-amazon.com | tcp |
| FR | 142.250.179.105:443 | resources.blogblog.com | tcp |
| FR | 142.250.179.105:443 | resources.blogblog.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 52.94.229.212:80 | www.assoc-amazon.com | tcp |
| US | 52.94.229.212:80 | www.assoc-amazon.com | tcp |
| KR | 175.126.123.219:80 | buyplasmatv.co.cc | tcp |
| KR | 175.126.123.219:80 | buyplasmatv.co.cc | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| US | 52.94.229.212:80 | www.assoc-amazon.com | tcp |
| US | 52.94.229.212:80 | www.assoc-amazon.com | tcp |
| US | 8.8.8.8:53 | crl.microsoft.com | udp |
| GB | 2.18.190.71:80 | crl.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | b9e7bf2ed18a6d830cfa58bb70fe42ad |
| SHA1 | ced89b679d474a85c77314602abf8361a7bf895d |
| SHA256 | 858b45c98608b511b87d2786c7acb8f6de6a027e9dd840bcb675c8fe16b66fb2 |
| SHA512 | 20283db73d9f00f5de9e81d6f437ff1d3e1f0d2e3a585626327e275e8b93d1644aeb3dead5bb7741a46de57b2ccabd355ccfee9aebc4d9eed42ba6bee77da68b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 87fa9f6f83f03415eb42142fca23a046 |
| SHA1 | 60f5f9294cae9db950c402a955c86e1bb79e4863 |
| SHA256 | b4041cef3159c88b6b989f149da07a87006c6bde2d50cc54a2c3b8a5234efdcb |
| SHA512 | bde1e05488417f531512d2929ea72859bb4d5610dfa3750ce8e0c9992cb398fa2e788987cba9b0af0ee2b1bd7d470cd83bfbf97f61663dcd511bab3b2977e81a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199
| MD5 | 0971ff0c66d8da73c94bd0a32b0fc5dd |
| SHA1 | 0f1e526c9cb4bd084361a30ffc4917fe025551c1 |
| SHA256 | 9c4b1ca4f24a3ecb4633126dff1a31bec1a4b2bfd796d9de0c839481c803c2bf |
| SHA512 | 566000880517efdd443022e91e490ba9c1867bcb77f3c69d7288a4e82de7d2c2ba8ab047d238ab01ef436c9116efc6c0b46dba8dce18ceca77cb8dd9f57677f6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199
| MD5 | e935bc5762068caf3e24a2683b1b8a88 |
| SHA1 | 82b70eb774c0756837fe8d7acbfeec05ecbf5463 |
| SHA256 | a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d |
| SHA512 | bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B3513D73A177A2707D910183759B389B_147AB4536A182B9FCE88E194D59F3B22
| MD5 | 72bde6d1c35fedc47a854d0764f02719 |
| SHA1 | 148144084bfda73a05c0dcdd7319188b2ccfe710 |
| SHA256 | c0992afdf2a1b91920cbc3f207bb5013437f8ecf8af00cdf22dcdd5dba916774 |
| SHA512 | 71262c425eb8d1aab973778720fe489931d0abd2b3bf3de0169e0c90afb47ee522ad749c2472440f228e4a707887aba78a46a2245bc4b5a9339a0609de169570 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 794ebc73750cf6f1b0c99659d8c81efb |
| SHA1 | 2836192309bdc79102b25d440f63dd535851f58e |
| SHA256 | c7dc093bdaab61e8b44fffb21606442217a1cee28c3b0813b917e9f17fc98b82 |
| SHA512 | 2285fd3569fa124d35a3b95ac3d2dda50042569b26c2f4724f917916e1ff3e849a71c31ddf74d42219f9d90728c5c668fde6d41a6a6edb3d7ea88a02daf80132 |
C:\Users\Admin\AppData\Local\Temp\Tar745.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\Local\Temp\Cab743.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1d3ba47ddaca1ed5405cfa1cd87004ec |
| SHA1 | dbb8a2dfae11e885ab0ea52c3f0a5c9627229385 |
| SHA256 | 1c98dc54afef293ff28d2a506aa16a7dde980feef985d5a66cfeabd1ce484b09 |
| SHA512 | c8118ee52cca3a0171e89278de46f4acfe91e0675ea002433b0fed20fe1bbc949c39547d4a91b851f6cecd0f1f502558af96b747834ad9a6c0e6f5222b864378 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6e33df5319584cc3e27f5d076e36e446 |
| SHA1 | 986964c5d27364d3c953f0871c604881d607e286 |
| SHA256 | 6a4c0ab0d6fe88f86dc97dacff7d7503cae4ff1ab49be2f854c885b292ad6a9c |
| SHA512 | 3e381ec569d85d0916220073bea3aca5a34f35da9155728a45acabcedc93ee71a0edb14887afd361834a07e15c033a114f54f444d8444c28cb1691e119ed8c3f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a116b3969d30a2a6f2aa3dbb78159637 |
| SHA1 | 682299acdb59b0eb8bc1487ac6c51c727c82d958 |
| SHA256 | 33e364a1bccf072c2d2477c9e5e09b2578eb801c539d5a10cb85db9fb577b08a |
| SHA512 | 3ef62a3dcb6d5ed11335c820d28a89dc52486d474a5841481b87c2f604b82a89417cf7089ddaec1631db26bc1766a1eab31b375bc0abd477c4b5fc66df5b5852 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 333e89d7ba0c5ac2ff633f76cc08e221 |
| SHA1 | 4a40fd73172b7c154ba87c2cb86a9f33faa53485 |
| SHA256 | 172abc6513e44f6e75a4e6441ac21a2de294acaade07b34835cb1683641aba31 |
| SHA512 | 2f1a4573521f9a8e2124fd6595e8f4dc682e1ad9ca8cb3cd2b680360462be07f87896bcd58e49d178b4ef6c9f78f6e227413a5f0992103b4bd58107399972bec |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 12ce1902b533c8ae25a98560f94b8899 |
| SHA1 | d16c88add966fda13570f6eee57ec9b4a71ac7ad |
| SHA256 | 0c9c79b0f42113c2182a1b423ea83ccdf1dd0ac541d1ee7a34560fc9605b1a91 |
| SHA512 | bb181cab6da8ab4d740979ed0d89c4c37c861258c2b4d98b227d7082d9376f4effc3e8439510733df7805e1983da1a8d00efc77331cb2076e35919f7067311f6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 14e5ae1831ad3a1099c500e21bdc15dd |
| SHA1 | 088912d407066984c2e6189fee027ba20dab3359 |
| SHA256 | 47de6562406b8ce5a47579878d2ba32c6c17f5db0a0bb640ab274ff7c9779520 |
| SHA512 | 0aad7f82efaa921ade43bbe13795588d2df324d2c5e6bb21bacbb1b79ca65a6d80a4d7186b6b0c2c52d3d5f2c63817f2409a7e770f509d9fa0ad14a454f398c4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6c380c622b5455408e040b608e1d8140 |
| SHA1 | 5ae7d5d00a895305373b6cddbe8cdc81db304dca |
| SHA256 | ee98f531a6178e1f7b1b2d26e80b87a9d9c22b43aaa4512df3444d4a138123d5 |
| SHA512 | 827449ef01c02c0be07996757b9603cc76fc02140745e18ec9c07482b947ca7870273c33aa6d406af6e598c4e56cfec5a99fd2b46f64fe979727cc900415a642 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4133482e5f41720c2389869384cf712e |
| SHA1 | 53c302c89e31d8255a16059828ba970b9e1da956 |
| SHA256 | 17f6ade045694302dde4c92aa78c8585ac80334f1c5174c174d7c62647dac56f |
| SHA512 | 689718ed860ed3db6c4b43f5fbf22b0c8884f520ebfe5b46ef8c2f284efc7902edb7436c8169c93c0ae53c957f19659560143aca49f6d89f1e70f40903c271c2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 779c29614dc32c65a55ec4dbfddeebc4 |
| SHA1 | de7f8f29c21de395dd531bbf52e58f2c75fc08b6 |
| SHA256 | fef01d22ca256c59acae4bfc96600a3153e4f1d004182fd0ca97f9d9ddd2631e |
| SHA512 | c05df8220e00ccc7fe99be01068e36de9e8a35695235114e83816b05bbf88d75157c992233aa7d028b65a43b4e64dcc7a24b9c5313f33bf85d47eb196805f3a3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 861811deb42536f7276c841938b19dca |
| SHA1 | d2329ac1d381d45d014f617be0edf3422e9a533f |
| SHA256 | 6d8f0d1f3abd1d031a2b76826b17d5ca622a9b27278bef2db1282180c54c4f01 |
| SHA512 | 61eb3ed6698735b0017ace47c2d559a836c13795b91f5d5cd29ef0def8dae9d6fd1396db0b8b143c0d71a00b8758d096ab75aea5a8310c7cc7e536b1d31278c8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 67fef910a714e9c7d6ee7f2577a5f0de |
| SHA1 | a4582a0a43c5274e738f536388a61699968a4b36 |
| SHA256 | ab7318080f2811fc55ec2423a4c2b9ef9a5564fa34e2df32a09730cb02651d1a |
| SHA512 | 89d115b07727b694c04608e155d792e30b9f891c4aacfb72c0bf90e6b274b273fdf8df28660ddc7430950e58a31148a62bcdffce12d0112de288d474b65ee32c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | c2e8ce58eb787a93b14f9250df8df727 |
| SHA1 | b88d23682cef1f2190981bf62e595886d63396ad |
| SHA256 | ad1758450a108d33604c6aeb796e0ce80f62953a2edfd5d3de3c3d037fd435dd |
| SHA512 | 0e6e899a4f856af01000ebb9550353a223d2b097ddda0ab99df746af1129475388ad91c0804c46ac89149d5d5d469b7cf97bb5ac370ce709fa368873a54f412c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c29e8a637a1a62d5c68e95008bca1067 |
| SHA1 | 85ce87937e45f4602e706c4f56b6743f50ac32ef |
| SHA256 | 0ca138b57d6fa4e401d2ac3266f8599e004fa0567bc8b12a25c8ea3363c05fe2 |
| SHA512 | 24a0ba9cd5ec389fc084ad4ced272a15fc021b8d4cc9c3338dc52914726577c5dd30d9db649e6ae4285d262bf1d1cbad1f72f303db78bc715e4318d3ded16bf9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cef080a1971c9d90a0886b8d7cf00d33 |
| SHA1 | 2867d574fa2c5e4dea85c56b9f3868525b25e016 |
| SHA256 | 2afc84bfce3f575e9781db01d08a7cb1727a42002819fd635d9ba1ca9df50499 |
| SHA512 | 5652ae564c8bad591213b813024faf4da259dfc778f01be2e9c841158180ebc95bb28caaa21618069f0ab2437140ffbd202971ca0204e89950124da84363a9cc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 53c9990a3846a0b170be23cfd4038c9b |
| SHA1 | 9955baa08a13ff1c149fc6e22841ed83c74e0ea0 |
| SHA256 | 535963af8a2fd3b0542cd0fb461381899e53f681e276172394eff0cce50d238a |
| SHA512 | 425dd4f0742874919ee4618051bb9e18fe3637ba2410db945300351d5579c3999d08c365affb1583edd627a87f61729f42b83fb64d8783ad6266e10ae007acae |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c8787d809c07c4daf6ce33c559af6bf1 |
| SHA1 | 8136c888bcefdfd7e4705d2eedb22b5576fca21a |
| SHA256 | 5575ebfe7f4d03fa7fe2b59ae4d9f1750c8fe99df986cc8b29e4ffdc06c9491f |
| SHA512 | a22191bb2bf66ae0cb5f967b42ee7f12ff2c2ee1fba6237ab947d2f7b1d5f244d70327e020334a13bca506c8744313572b9f2086fdf23a02419dcaf81631457f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a587858dd770aeaeddd7c814382cc3a9 |
| SHA1 | 87d84335cf71e1868286973b6474baac38fd4216 |
| SHA256 | 852c1b9632136d8eb0c94ccb9d6875331f5e07bf85e895edfaf9f2dc2b6b612a |
| SHA512 | 21e9d263f7d1b317ea930fd81b4e258e1e8f54feecbc6c3ec07640bc249b0c8d7aee1f78a15f35d3eed4901a8ab74af5a44723f6fec3ad574210401c622e1e10 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e37a3fc3bbf0a172c44ff5434d1f70f8 |
| SHA1 | 47db2d378287d96727fcec94205bae9f71822465 |
| SHA256 | babdf3ab554aaee3757f703ae54f4ec828f1f2588c3bde7cb832eb50438adb40 |
| SHA512 | e298df1767924d6fa583c23864d6423d6495aac6f037f44b00b031d049e0617d6cc824052fbce22f1eca178c6b422f4ce0a05c61514e6b42e0d8f1c909909ed0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 47948c78fa30d6e26d2616ad51017a07 |
| SHA1 | edab5e54bfbb9426c3479357383a0dfad292b47c |
| SHA256 | 85be38f496c8bc40cb60dc0d73866096c6e8f6f9cb497e37ab821cb64b62275d |
| SHA512 | 08989fa2e5bb548ca7c5cacf781187f90de5b6e8311d07b9dfce541d06fdbd1d7c7d8f05693acae1df52058639c027f458fbe140a0cf7e99c34fb917d32033dd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | b156208b2bd1998d0477e4fb0e111884 |
| SHA1 | a79911ae19db870fa375f3ee15c98623d959b8d6 |
| SHA256 | afcc5bda1f622ae7c36dc5a837a0cdcf65ca7f7f73155a9ef41b07822003badb |
| SHA512 | 492191257ffd8ed766b932b95c0480257731703716f45c664d5079cb40ee717e7e14b88ba4fdd1719c06d4fcedc3df0fd44490d6f324b623fd3455a1b2eda9a2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4f3273dee08317cd31d6b6c924c9a83c |
| SHA1 | 170dcdf7acaef5613257659f9c64ab237ed2d4d3 |
| SHA256 | 816d83877aec57b61ad74a9bb812588511fadbf210ed31e2169ee0663e3b0dd3 |
| SHA512 | b9dfc9cd08168a0d4cb8d8ba758fe746221bb204464c409ab8a86ca7a4abe114a5a2a196922ab52dd2d929fc82d562fa22026c9a2b1c53a54ff77e32e134b74b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a26e4df52aec1f850e18fa186c5c5b3a |
| SHA1 | 1b969b93473c1881e2b2ef86cab4da5d29c426f1 |
| SHA256 | 85c6fb038c6bbfc58ef02748153b9b6ff1d20cfc6ea445b471765c71d3943218 |
| SHA512 | 38af5a46565ee2f8dc97160d8db236c7ef723b188e6aa8ef9747a9d745741b9abbe0258342bf9540cd2d109cb94346df74ac58884f77a616a3a3e921eb6a98e2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5770eacced2061f869c0f800778fd176 |
| SHA1 | 9811e4174d94d72bab129463acfa8f3e5f29b944 |
| SHA256 | 4232776c314fd6bd8b7d2736f5a5c00fdcaa7fa39c09a39854272c0fee0122d0 |
| SHA512 | 1fce4fdc3bdba86877782faa5101d14d560dd90cb5ac31c9c8b683cc75482182b30444d1815b9b85364ddda4aea8d6007a055b08c149b9cb06c2bde079f0da51 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-08-27 14:54
Reported
2024-08-27 14:56
Platform
win10v2004-20240802-en
Max time kernel
145s
Max time network
137s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c53569739dc61facd0c5e70b741c8701_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc372046f8,0x7ffc37204708,0x7ffc37204718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,7586206609169763773,3145665290654238424,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,7586206609169763773,3145665290654238424,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,7586206609169763773,3145665290654238424,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2880 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,7586206609169763773,3145665290654238424,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,7586206609169763773,3145665290654238424,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,7586206609169763773,3145665290654238424,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,7586206609169763773,3145665290654238424,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3808 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,7586206609169763773,3145665290654238424,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,7586206609169763773,3145665290654238424,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5648 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,7586206609169763773,3145665290654238424,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5648 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,7586206609169763773,3145665290654238424,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,7586206609169763773,3145665290654238424,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,7586206609169763773,3145665290654238424,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4200 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,7586206609169763773,3145665290654238424,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,7586206609169763773,3145665290654238424,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4240 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,7586206609169763773,3145665290654238424,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2628 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,7586206609169763773,3145665290654238424,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2668 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| US | 8.8.8.8:53 | ecx.images-amazon.com | udp |
| US | 8.8.8.8:53 | buyplasmatv.co.cc | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | www.assoc-amazon.com | udp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| FR | 142.250.179.105:443 | resources.blogblog.com | tcp |
| FR | 142.250.179.105:443 | resources.blogblog.com | tcp |
| FR | 142.250.179.105:443 | resources.blogblog.com | tcp |
| US | 52.94.240.125:80 | www.assoc-amazon.com | tcp |
| GB | 18.172.153.222:80 | ecx.images-amazon.com | tcp |
| FR | 142.250.179.105:443 | resources.blogblog.com | tcp |
| FR | 142.250.179.105:443 | resources.blogblog.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 52.94.240.125:80 | www.assoc-amazon.com | tcp |
| KR | 175.126.123.219:80 | buyplasmatv.co.cc | tcp |
| KR | 175.126.123.219:80 | buyplasmatv.co.cc | tcp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | 22.242.123.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.140.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 222.153.172.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.179.250.142.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 219.123.126.175.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.160.77.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 847d47008dbea51cb1732d54861ba9c9 |
| SHA1 | f2099242027dccb88d6f05760b57f7c89d926c0d |
| SHA256 | 10292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1 |
| SHA512 | bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f |
\??\pipe\LOCAL\crashpad_512_BQOJTUHSXNRFLIHB
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f9664c896e19205022c094d725f820b6 |
| SHA1 | f8f1baf648df755ba64b412d512446baf88c0184 |
| SHA256 | 7121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e |
| SHA512 | 3fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d764d18bc32691bd40547bbcd7f74045 |
| SHA1 | 5b1db3e128a5a56a3592ba269fa536e46a014d75 |
| SHA256 | 23f657abc75c51843989bca6e4b841a9a8c6a83763595844c58ce06dd5c6b2af |
| SHA512 | 1956a40884598942eca63f1aa95bb0a6510b2ef60ed4453052ea8ccdfe1054a67a122258099729ce6900e432ebb39b73dfde98862bf7f27d6ee6a59bcc7838fe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 214b8f5e70145c6a8cc9226ba66bf606 |
| SHA1 | 84c146f33b6efda9e50fcfbaf63aa961606bb54a |
| SHA256 | 88d38e8a89c5eb4618f0ba0c5320eb22031a4fdf7c69700c08980e8bbcd5c9ee |
| SHA512 | 96690132d8624997e9ddbca84e15935b7e8854c8b38d6b20c706dea5bd1680eed6e57fe3c0c8bf3eacae929eb5af6995de5b02b97476be055de08aafbb6795ec |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ed42b4749c981076b7599b01eea5bf33 |
| SHA1 | 1a982e83e264085086c40c6760a59ea7e1f8cb55 |
| SHA256 | 8d18642beb28fbd8b5a2a78f9942a843aac70849338c73e62992735184c7601e |
| SHA512 | 8557e4a4849c1f2f43248fcf3fb4b271e6ffb1c9b4f29fc51ec92a7e0eca65c762a0af82511a93c2e11e8daf3eabfc8c1802c6f5b8cb7b335af2b45e174bd11b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | b58b4042d7fdebbc1742c4bc3e667c55 |
| SHA1 | 65652c69127e83c810479af332c36d4b180d4aca |
| SHA256 | 307ced8d1a57fbc85c028f3db6cd0960a5a450e2d805459bc450add4a39a602a |
| SHA512 | a3c6aed501e8a96d78e4f97f740d540e96589d3a1c579cbcd1bed1f0307372429a849a29f2d357b4af3d8246ff1ee9418dfe20d3ca26bbd3d6c714c37f195f83 |