Analysis Overview
SHA256
a4f37598054aa0f247c7e41d59c3d65206cc5769161aadf1fe3b8dd79debef15
Threat Level: Known bad
The file 6aeb56a58e4dc997259662595606e542_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
SocGholish
Browser Information Discovery
System Location Discovery: System Language Discovery
Suspicious use of WriteProcessMemory
Suspicious use of SendNotifyMessage
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-22 14:49
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-22 14:49
Reported
2024-10-22 14:54
Platform
win7-20241010-en
Max time kernel
142s
Max time network
155s
Command Line
Signatures
SocGholish
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004ecf3e4259aa05419b9c0951a15b1319000000000200000000001066000000010000200000003ab9f07dc7d1979ac946da267773691d69bb72361131e794b8970f210b4a9aac000000000e80000000020000200000005133e908c5a0a5bf4002352c0fa9f757cf09606c05bd57f3d78cbf611520e505200000000ec552a0e240c53ebeccc6255b79c36a1836859e6d467103e0d983b8646bef57400000000dac60d0e3b5fa32c092153cd204c1d6b945ad1158c980515be1efafe5b12b286a114f016b19eb1515433ce55c7b6b455d58f2f3a08eeb6184a7f9306a9d2b23 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 6026c9449224db01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004ecf3e4259aa05419b9c0951a15b1319000000000200000000001066000000010000200000008d36d0833caf036da6820dbac283fc8fd5e133fa528f01ca17f7033e9aca586f000000000e8000000002000020000000e2789c7314c6b3e72d596d399ff4b15521e470ba65ec5d519c5ba1ea83139153900000005b349f4626e3f66ed67d5fdb3964541b56d69f2607357c335de981ebe4c95c35b33778a957daf2719cbe903fef0c717963e11597c521e14fcb9066f312d97eef8daf40c3c2d39da1bed782642af91dce801d15de2404f7a42931e146dac0eaa3ece8c8b42863c914ccdfa5f670392db6256f935016ea566bf7891ef109d167fed6029988f9ab6747f4eadaf890a42a1840000000e38f7508b66e358d44e732061a601f01d4c096d73f555b431dd08c7f5747aa28527673c1dd4d2883602bda5d95bdbc1353f4fff506c981ea4e47d4218383ebe0 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3A24E001-9085-11EF-AEBA-4E1013F8E3B1} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "435770605" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3052 wrote to memory of 2200 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3052 wrote to memory of 2200 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3052 wrote to memory of 2200 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3052 wrote to memory of 2200 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\6aeb56a58e4dc997259662595606e542_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3052 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | w.sharethis.com | udp |
| US | 8.8.8.8:53 | feeds.feedburner.com | udp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| US | 8.8.8.8:53 | geckoandfly.geckoandfly.netdna-cdn.com | udp |
| US | 8.8.8.8:53 | twitter-badges.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | www.statcounter.com | udp |
| GB | 216.58.212.226:80 | pagead2.googlesyndication.com | tcp |
| GB | 216.58.212.226:80 | pagead2.googlesyndication.com | tcp |
| US | 52.217.113.41:80 | twitter-badges.s3.amazonaws.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 52.217.113.41:80 | twitter-badges.s3.amazonaws.com | tcp |
| GB | 142.250.200.14:80 | feeds.feedburner.com | tcp |
| GB | 142.250.200.14:80 | feeds.feedburner.com | tcp |
| GB | 18.172.88.92:80 | w.sharethis.com | tcp |
| US | 104.20.94.138:80 | www.statcounter.com | tcp |
| US | 104.20.94.138:80 | www.statcounter.com | tcp |
| GB | 18.172.88.92:80 | w.sharethis.com | tcp |
| GB | 18.172.88.92:443 | w.sharethis.com | tcp |
| GB | 18.172.88.92:443 | w.sharethis.com | tcp |
| GB | 18.172.88.92:443 | w.sharethis.com | tcp |
| GB | 18.172.88.92:443 | w.sharethis.com | tcp |
| US | 8.8.8.8:53 | geckoandfly.geckoandfly.netdna-cdn.com | udp |
| US | 8.8.8.8:53 | geckoandfly.geckoandfly.netdna-cdn.com | udp |
| US | 8.8.8.8:53 | geckoandfly.geckoandfly.netdna-cdn.com | udp |
| US | 8.8.8.8:53 | geckoandfly.geckoandfly.netdna-cdn.com | udp |
| US | 8.8.8.8:53 | geckoandfly.geckoandfly.netdna-cdn.com | udp |
| US | 8.8.8.8:53 | geckoandfly.geckoandfly.netdna-cdn.com | udp |
| US | 8.8.8.8:53 | geckoandfly.geckoandfly.netdna-cdn.com | udp |
| US | 8.8.8.8:53 | geckoandfly.geckoandfly.netdna-cdn.com | udp |
| US | 8.8.8.8:53 | geckoandfly.geckoandfly.netdna-cdn.com | udp |
| US | 8.8.8.8:53 | geckoandfly.geckoandfly.netdna-cdn.com | udp |
| US | 8.8.8.8:53 | geckoandfly.geckoandfly.netdna-cdn.com | udp |
| US | 8.8.8.8:53 | geckoandfly.geckoandfly.netdna-cdn.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | geckoandfly.geckoandfly.netdna-cdn.com | udp |
| US | 8.8.8.8:53 | geckoandfly.geckoandfly.netdna-cdn.com | udp |
| US | 8.8.8.8:53 | geckoandfly.geckoandfly.netdna-cdn.com | udp |
| US | 8.8.8.8:53 | geckoandfly.geckoandfly.netdna-cdn.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| GB | 172.217.169.14:80 | www.google-analytics.com | tcp |
| GB | 172.217.169.14:80 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | c.statcounter.com | udp |
| US | 104.20.94.138:443 | c.statcounter.com | tcp |
| US | 104.20.94.138:443 | c.statcounter.com | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| US | 104.20.94.138:443 | c.statcounter.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab253D.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar260C.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0e2a3fa6a6bc77bb1bdcf323e808f9f8 |
| SHA1 | 635a5815d80c44e42d57933bb950e3316b613985 |
| SHA256 | 7693a62c1684d270769b8ac49cdfb7e48611ecf1e3decf158398f21ee9dcf5bd |
| SHA512 | ac939c5a8c06fc5d434ac5dfa5586423c7272249e18f3f40bffab477ddc9718c072d16f328bfea4f3c292eac374b876d0cb9de6858c9f83c4cc50f27ab1009e5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 57e04c95749f4a54d78cb3e07b818c05 |
| SHA1 | d0abad20dc522e4515c062e35540ed3a17f9fd3d |
| SHA256 | 797115063666babdb577a77fcbd1a7ad818c87ef994d6de1558706a8861b1121 |
| SHA512 | 0ff0e432b4ea304dde107a28745df1340afb26149dd935a2b6946c30140f219390618e003c25d972b987fb215a78b1734075225e626edf00c9183e091e060540 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 52d270ba33f350810cb6547122fdd799 |
| SHA1 | b0db2f4037dcf33a6c7f06ea7b1673c11b84e3ee |
| SHA256 | a52f9b9f4092e5e8a8511d77e5566967b51596c7acb7fedf576790716d99f3c2 |
| SHA512 | 9afc38b72ced3c0a55fddc5bb75a889ed7719db9de5653627b47e5eebc3cb809c48e1bef5a0f366d455f2cc234410d10c8e9d882cb693234aaab3c52858163be |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0bbc8e3f3915a50af023372e8024a7a3 |
| SHA1 | 5537a999ff98d87ca0150f830fe07fb59afcf8b7 |
| SHA256 | 09069f029570e84917f363512a77e16aebe8b3901e2e455d65b4d9745410fa17 |
| SHA512 | 4282e040e44bae6c27dd875b38d8c0570edc4a0cc198f49dc5f6f2140c768bec2f6806e7b27887d0be6dfc43efffc51d61c3f6849dac27f6698495227d99075b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 20205efae8b064449a2dc00382229312 |
| SHA1 | 7c0ec058e3da6f37cb38a9e783d129b726f63389 |
| SHA256 | ccd79fa5af8667a3671cf1fc1eb695e6dea33e9473bcd354d7221f275d8b7ffa |
| SHA512 | fd68e00a52a258717d9e35cb6bcce660431ef5c573a1d7a945cac37d80180e9f177643cec6b5d2d16c050abff157cbdd471f20c3fbb11120fc7edd47d57d219a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fe7a15ccfc3f4a51d41acbeff0a3860c |
| SHA1 | 87a2bd87d08a7943162ec3b007533903dd77e388 |
| SHA256 | aa8b3c3bc81e88ea34e9bf3edc17f327b33d87f8d0d421354d1ca96686548b1a |
| SHA512 | a5f1960a78942245057e1e81c155c0675a2c2824f28e7619028ca13f1ce989884f2e2f4fd954e629402cd8e24d13eed6b06303901597b22119d4bffa2de66fea |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c347d1dda05ec5860f4316dd469be7a5 |
| SHA1 | 9cdfe78db73d6036c095c3ff551d81b634991604 |
| SHA256 | 1dafdcd734ff05c2ae504ca2cb649e0777eeb239530c8313656b2a01837bdeba |
| SHA512 | c6139b398fb4e657e202bb9ac2b1fd233080b73e3b3d678d554aa42c295132d54f4a97907af7bbdc17e2a2ea636ab30685e26ec4ff189a9ea3f5eb483dadfcec |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dd2017e5d3518b5432fc425c12f4a07b |
| SHA1 | 8c40b250fdfa8692aa8bcb598a97145bf3607f01 |
| SHA256 | 883142d97f6d865339e8928b4f4d1a7baee4cb83ca2190d1c834e0643e9a78ce |
| SHA512 | 9c9cf1edda33c3f50e3c4ae10342d6cc02db1f23c2804c94ded9bee5ba26de2c71c1795c1f6531e473a8750161cbc08bf26a96ff63d1c6f012d1d0164dea6548 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 045aa2d9648c48923d655da299b731fc |
| SHA1 | 7c56d82716a19633612f8a9b38668ec4cc00edaf |
| SHA256 | e5cbb3c1832969f72252a00a376b3031538a6029916d0a3de5be4d221da24da8 |
| SHA512 | 4140917a887e035521b436d6aae171b924b2ae53e330ab6922c91fbc231ea322a760cb17ed80af5734ad89e7c56b797c5a6fdd5c9cced7b40fbacab37aa4016e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f6aecffdf4b0eb791c65da7249d53b18 |
| SHA1 | 1755ffd67da6a243c6d39b13e8bd93efd4e0a15a |
| SHA256 | a3b9670bce7a21c88ae2c13fd4ae6dacea2de8ce49b7940c17a31ecf6d249e9f |
| SHA512 | 7e7700212777ed9a161ba3558800d5774a62d470d85b0834f0cab042d087cba557d76e22bab1f1a66c9f5cf5ea7918c8f3f18aa49f07140647b9d1b9761473a1 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DUME8XYE\f[1].txt
| MD5 | 0e633cf18b142381761dceb929ef9ebb |
| SHA1 | 249d57515f99399e7c4b7fb9accd04f4af36ebf6 |
| SHA256 | 3aabfeed7c337476409184376984f89b61337f4c510db0df16c78456a3f0a43a |
| SHA512 | 0d6278f5cd10d3fb05348b950c8ed6e4e204667bc4b2a085ad0d550778e572fc9722af5c05cad1f44f88444d66ede75200d47e1d55801da4265d034491550bff |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | baee9603fe0722f2335eef8bf2af0244 |
| SHA1 | a693f9c12410b2940187f78e8024d26ba691d7f9 |
| SHA256 | f473f5bbbd1fa6832e91f23cd1ff719880879618bc0e581cc2ce316675bf9100 |
| SHA512 | 6d1d3b550e43c4c51065b5ebd05d4c075f52d9e2d8003065ffbc5609c8af4aa146b799e66cf158b023d1713837b0b0144a944c1b27844791f49cec61a17c5e91 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bfcdc25efe1a0a9325a4eeeae12fd355 |
| SHA1 | 03c62b2a9b8cbfcf9422f4c3fb6018fb6639ea90 |
| SHA256 | 811564a2f9ec8956a5cd36659fadaa2066ac70b418ca80feaa0efde783f7424f |
| SHA512 | d0e4f2129442832bffe041743442c88666ac37302aeec6f81f6bbda1db6ee2323ddc2d95c55068abaa46d7d3f256305510b8edefff550258369ff2bce21a3500 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3a0769d38ea895ef212c166f61415e09 |
| SHA1 | ec11632ec406c7e79da3bc2faa1251df3ec2828f |
| SHA256 | 08c8046003f37b0a0157ff7112b3a0594238f7c69e9c2abc2cf4438c80388aae |
| SHA512 | bf593a8e120ad9c0a7059ee3a96bcf55007d82f39d3671891205ea182ecf9c74a6c49953724b4d0975934eaa4724840ba68cbabcc49fe685db94b807cf0a782c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5f6440943303b2ed312fd31bad1306bf |
| SHA1 | 6dab7a015e1bc7a0d89ad87bc6259b3c823dd027 |
| SHA256 | e25229365e9e9ef201c27cb990dd7f255c3849f5ac35d3e85863327ddc65aebf |
| SHA512 | 5bf53e6fdea5e73916d29f5ec833bf4678727575716e7ea7b5367f95e9468e1ca3ab87413de5d0dad7cba2061a880d49b6e74cd9642b0460ad69ddd76935df52 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a787182ea4a06ec4ddb2de4cd7b45a56 |
| SHA1 | f49001c76990fff6ac1186365c74d728b83e21f8 |
| SHA256 | 9b26655fe49009da52ad202587c04e4703e0c7865c2d35785d909c76829f39da |
| SHA512 | 2f44878edc9ccb86fac4546a5bfe1ca6cf03da676880ce3f2388e04147d11abab0d0c105372ec0369912690270d04402578a084a71f8d49ebb1beda91a1ce6b5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1c7662493fcb5c9efdf14543aeac1acd |
| SHA1 | 8cf9e112d0aea4e1972e1251c71ddb418067eb7d |
| SHA256 | 3fd49de4ab817c15284331fc1aa9432bc6bcf6bd4bf4236b53e6d33daf8f9690 |
| SHA512 | eda8de394933f14786466589b380a47d6f17f5727fb2d6a564f231ccf0c16c91d32e3fdaf3a8a46fa71a76a0030d9531b2b04eece3b0d85ef9343019edf8e887 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6d125a89e767d81d2096254d9eb8ec4c |
| SHA1 | 521565873843c136b0c9a587feda0a0a78157335 |
| SHA256 | 1663913fc5c4be5ed093cdf98866a060bbb245ebc16152d3d733269161658507 |
| SHA512 | 2b5ac0a5e0af3507f39861b4a15c24a35d34867dd0568d8d6cbe24f7c1a1d8c4ee4946320faeac2e1a4e39b18431a6e7f7682f67c90803124b63a45d088fe234 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d2834a806d1cae7d68152b3f81149402 |
| SHA1 | 144fc54c9ee66e5519d83c8b41fb291675bf3c10 |
| SHA256 | d732660ca6c63522e974e91597cde4fde66b8da2757df86789095b8ed85d474e |
| SHA512 | c7488d69ee24f97992821ff65308d1c18c1a3b7760561753216107055aa658d95b5350745d414e930fa85ba7ccb037e00c84bc925cd1abc04c17d254e7444333 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c7a975bdcbab78f941670ef2bd9283f2 |
| SHA1 | 5d85fdc5d144b7b6290ccdeca5f08c3dd61f145a |
| SHA256 | 4157ca19a7d7ee765ec58ef000d16ebb2d97925e44d669970f7ff707cef060d1 |
| SHA512 | bc514bbab257a6497014663ca4a1d37f29a2fe11140c1566fe3523d8602155d969bf6a93bd3bb7bbccd7a8f8940cf54d0ab66383095cb0255f8d6304ba781cf5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d848e5ce665987579c88a8dadfb39ed4 |
| SHA1 | e29207d5c9f9e2dda27ed3daeb4c8d02e11b7f91 |
| SHA256 | 84eab17c3c817979c07953bc74c9e3b627467b67632bdb4bb0adccac34bb630d |
| SHA512 | bbce55693b96c22330cc2c3f8146bb541a68d66c80b2cc399be444c1375c12ef62fa0a39bd4dba8964a16c655dff10c31a29899b398ea82bdfd7ec94c505e6e8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c2b7c60a24407d0c862f8070f1cfd00e |
| SHA1 | c54d3593c8c354c312211c14e8d14f1dc81e81e6 |
| SHA256 | 9dbb2ac8ea27276923cf10b8026d2c48a8717b6bbb8fc51ad7f9a8f41122c921 |
| SHA512 | cd741b1ae6a3fac875c5c9b95d8611106666220c82fb35c30b9ea3725e8a5d9860b33d4dee9948f477174ff23119a30a50b3a26f0f98f12fc2f8a146518672c7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f90b34a38e0dc046fe7a261cfc2e8cb9 |
| SHA1 | 3aff5af7990e6142c3c17a7482b8e626019f40bd |
| SHA256 | 19ea87d0eb6bc6ab3dd485ceaf83d0c9d1466e101d8c73848af5e1b1c4432047 |
| SHA512 | 049fd7483b158ec0c68245c0d23ee8352a5fee196e0b2d23f3a135b57de8b94644b29e29011a2ff75a2c93484ee05c41ed0a48f650d6ff89ca7419b7850cb78a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 011a4dbdd45d9e37d9dba02e0b8783d7 |
| SHA1 | 6dce0e47fbce32d6c884f011dcc8df38e3a00185 |
| SHA256 | 603ca5779ecc3125882da7012759a99e2be1f797d14fc1a0966630c18ac792b1 |
| SHA512 | e9b2d2206417257817a5b40f7fb6aba841f8f5b579a0332f55c153c426351d7fc4cd53820320bd8f0ea212952a6a615e8597cd6ba9acda31ab19d5d96c9cf9d5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 07b4e5ff6f34c8defa8ef8e8e1e2b1fa |
| SHA1 | 95c8d27b39edf546a998db5822113d72f2602131 |
| SHA256 | 3c8a9d8dcc7020008854c6caa02fcf32f705895519489884633f5c77f960b421 |
| SHA512 | 501161bb01328239ff091061fc5cdb8d0fade46b15efa1a0c0b57968a7b18e8d8fc465986897a2eb13566081affb8fec16a94a338d930f4f1a0d504d9073cd73 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 188ff8c2a7851469d26121a49fe63bef |
| SHA1 | 6e5af7a7727558ac484bc0294f9c610ec484a8c1 |
| SHA256 | 83d429de9f3510ed1ecfdab40a87cc2af3d4e6be94192e09fe8a7fdd1409ae05 |
| SHA512 | ed509be21fc34ef5960dd5ed8811065787e565ea8746c6f49ee8628c692a282443b29dc27de2cd442fa0d6e68128a1f6d535661ac2c76bf2a545633afccb97a3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9d2ce3640d811babc5471cff13adbfc8 |
| SHA1 | 7080c3a630f96eb8fc88757f4f88ee96676092c3 |
| SHA256 | 3a7f95763c9827388a5e6260d8375321558ead52454c64ee78bda94459698766 |
| SHA512 | cb272d8d6e842aee8fba440e26b911e02c229ab38257dcbc4f0ce166c04398e13693e352ac71a01f6420efb5cce2dec6fe0c8d164fc1af92f0f83cbee049971b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 80cf3e4b23554a60a499f83deea3d29b |
| SHA1 | aa58dfd5a1763f0eb2c0bbb30eb4a20b9a94a2c4 |
| SHA256 | 44e9db6b3ca2ffa7a0cd879e6818e09134c9f0460d786c4ff626c33e6959458d |
| SHA512 | e9fce84162e3e95e93b5d157ab4a41c677c82f209ded23ec45afddc45773ac0fba53de9670da312957750bf92e198e7e76e28bbe1174d82989e9b6a9eb70cce4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7ddab07d4f36a5d9a5230cbf0b230868 |
| SHA1 | cd2712126924077da68e5d3db95115f2f6573d8a |
| SHA256 | 6d8a83e12c2e486564defa8fef524dc880f833e73a129991c2cadcb4f63fe11e |
| SHA512 | 1cd2c5d5c1ac1041cfc12427d01a395236196ad98b293caa09d2b440cebf512e539319461a6a8af780541e845ff20ccc200f40f9859989ae2e054e37f362a83a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 20623fffbfc5fa2879fa14db9a15cafa |
| SHA1 | cf5a3e7f8b35151b193f12ed34b1eee0618feffe |
| SHA256 | 274c5263ef1d50d378d0ca9ed50749764edc67b87d906a0fc8c4472ca82556c9 |
| SHA512 | 1d0486d1c9bd519ea6628d1490cafeff82430f838ed7c8702dfbbe0b95b975560ceae24e7a75f26f0b8b6d89276e09b5f3b5febf0aae02fc6c7431e5be04e23b |
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-22 14:49
Reported
2024-10-22 14:55
Platform
win10v2004-20241007-en
Max time kernel
145s
Max time network
145s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6aeb56a58e4dc997259662595606e542_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff952c546f8,0x7ff952c54708,0x7ff952c54718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,1262650334099798395,1570367964701383843,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,1262650334099798395,1570367964701383843,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,1262650334099798395,1570367964701383843,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1262650334099798395,1570367964701383843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1262650334099798395,1570367964701383843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1262650334099798395,1570367964701383843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3916 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1262650334099798395,1570367964701383843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3908 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1262650334099798395,1570367964701383843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1262650334099798395,1570367964701383843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5940 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,1262650334099798395,1570367964701383843,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6036 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,1262650334099798395,1570367964701383843,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6036 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1262650334099798395,1570367964701383843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1262650334099798395,1570367964701383843,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1262650334099798395,1570367964701383843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6444 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1262650334099798395,1570367964701383843,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6440 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,1262650334099798395,1570367964701383843,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1776 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | w.sharethis.com | udp |
| US | 8.8.8.8:53 | geckoandfly.geckoandfly.netdna-cdn.com | udp |
| GB | 142.250.200.34:80 | pagead2.googlesyndication.com | tcp |
| GB | 18.172.88.92:80 | w.sharethis.com | tcp |
| GB | 18.172.88.92:443 | w.sharethis.com | tcp |
| GB | 142.250.200.34:80 | pagead2.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.88.172.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.10.230.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.29.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 10.29.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 8.8.8.8:53 | www.statcounter.com | udp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 8.8.8.8:53 | feeds.feedburner.com | udp |
| US | 8.8.8.8:53 | twitter-badges.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | ws.sharethis.com | udp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| US | 104.20.95.138:80 | www.statcounter.com | tcp |
| US | 8.8.8.8:53 | l.sharethis.com | udp |
| US | 52.217.228.81:80 | twitter-badges.s3.amazonaws.com | tcp |
| GB | 142.250.200.14:80 | feeds.feedburner.com | tcp |
| IE | 34.241.118.49:443 | l.sharethis.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.200.2:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 35.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.95.20.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.118.241.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.228.217.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.179.139.118.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | count-server.sharethis.com | udp |
| US | 216.239.32.178:80 | www.google-analytics.com | tcp |
| GB | 3.162.20.13:443 | count-server.sharethis.com | tcp |
| US | 8.8.8.8:53 | c.statcounter.com | udp |
| US | 104.20.95.138:443 | c.statcounter.com | tcp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| GB | 142.250.180.1:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.180.1:443 | tpc.googlesyndication.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 178.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.20.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ba6ef346187b40694d493da98d5da979 |
| SHA1 | 643c15bec043f8673943885199bb06cd1652ee37 |
| SHA256 | d86eec91f295dfda8ed1c5fa99de426f2fe359282c7ebf67e3a40be739475d73 |
| SHA512 | 2e6cc97330be8868d4b9c53be7e12c558f6eb1ac2c4080a611ba6c43561d0c5bb4791b8a11a8c2371599f0ba73ed1d9a7a2ea6dee2ae6a080f1912e0cb1f656c |
\??\pipe\LOCAL\crashpad_3584_ZORHRBSBWJGIFETN
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b8880802fc2bb880a7a869faa01315b0 |
| SHA1 | 51d1a3fa2c272f094515675d82150bfce08ee8d3 |
| SHA256 | 467b8cd4aacac66557712f9843023dcedefcc26efc746f3e44157bc8dac73812 |
| SHA512 | e1c6dba2579357ba70de58968b167d2c529534d24bff70568144270c48ac18a48ee2af2d58d78ae741e5a36958fa78a57955bd2456f1df00b781fc1002e123d2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8881e7328d3944d1a01013851fb95b61 |
| SHA1 | 955bd7fb7b6039e77b6afda8462de1549cfe5a27 |
| SHA256 | d5be536852394e9494dc38c3ab2e591fb49c755762d08cf693c9431c71718344 |
| SHA512 | 6690aab32e3f55343a15b919b0a98ff52ac5dc3dec2da3f41cd52c4cdd635830a381c8159b7c0c3b65fd4a753d314a1dfa3063ffdff6b2bf95ec7d7590194d33 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\66b76dc5-4b9d-4ec4-b5f7-6910d207f9a3.tmp
| MD5 | 137b2c3fedac20156507346509fe9422 |
| SHA1 | adb29c92e549bdbb03a5ba8cbd8c928f8a394580 |
| SHA256 | fc770d0b2e10b74865bbedb14f05f5748b9e7f8adc9277910a938ee23af1f270 |
| SHA512 | e2bdf807b02f14027e458ac7363a51bb1c16b0627a66df11e09ab589d9ec105f6c6fd5925a2774217b75fe9b03fea9dd7d275eb82a258b1e54189949a7c9948b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1c119962cd0d30f62b97c8cb51156263 |
| SHA1 | 973a20486da88aae2adad757526e7d39406d694f |
| SHA256 | 8a3b3e43b8ee76d847ee7042387b6289d78d96ee8b96f796ba64dac14ce4da73 |
| SHA512 | 7c8819e03b118ca7fd57fb7be30c223b56934d388115a2b4411829f279231f4b9ced7bbcf052be76b3a550f63b3de55b8cd06bed0295cd6047cbb359cf21e897 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 9c9e232285ad674188f65ff229a3aaa1 |
| SHA1 | 3dbda5629cb48cc8bf230fa975e4d5b38608ed3e |
| SHA256 | 67c0001f7200e8f7b9ccdb0277c41e1e20d2416909ccbb87f878d2060ef6ca50 |
| SHA512 | e29de23a31dabda0b02e309ee816c0cd2ea6c6a18279ba38026d75031bc8555ddf71044d65dbd2e6e5df5b3e16a2518346c115c25820d22dc791ed3bebabc05c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | f479b7107c80e4f3dd69e911010832f1 |
| SHA1 | 85191cadce56d5eacd4f17a016243cccfed3d764 |
| SHA256 | 4f764357033225f9b704b7416b923e982e2f7114dcd95c6f8ffe4017d4c9b7be |
| SHA512 | 56c1d985ab66cefe4af36ea621cf1ba43c2e3458087c32c9c551a1a87d2b15b8072653d81bb1d40e9fe63bd0297f6e5f5e6576df6b62d29697a0d91c716414e5 |