Analysis Overview
SHA256
a9c4bfde477aef9ee1ebfb8ddf27d7c8af49f075db470ba884a661f1e55433d7
Threat Level: Known bad
The file 6cc9b60b94a612a63b1e83d9416690c5_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
SocGholish
Browser Information Discovery
System Location Discovery: System Language Discovery
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-23 02:18
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-23 02:18
Reported
2024-10-23 02:20
Platform
win7-20240903-en
Max time kernel
132s
Max time network
148s
Command Line
Signatures
SocGholish
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000303eef0e2cd1a9499efdd285a56ddc50000000000200000000001066000000010000200000003aee9463f9712f9b645f3f9bfe3a59efefbe0ea784ab740bf4a3faf0c98063b2000000000e80000000020000200000007d0fffa032da03ec158c3dc4318d817e91957581cdfc4d97b5288a726764cabb900000003659cb7b9ef86c661e7c8a59ba42bca818af75ba0394e0eea0979a9f4dcedf83096e8758b7d89c33cdc5350b8bf96b330bd345da0f0a23e2af1ed4d5604eab8b9cca4fc1711df90e561c22bef76a61d4a20d7c5bf9756a573b109ace052d31bf6947ba937cf9d825fdba4b51c39985b0e5668f0a03ef057caafa55f1096dace97631f7dbaae75d2396dd7375922bb16840000000bb23bf1c90639fca46fc41123ecfaacfc49c9840a474acdcdd36f6665f67f9c9ed68897bb61d5c7a2a88f7e3524177d280f1d056788c8a60237b19d4317fb0f6 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0E3EC541-90E5-11EF-9C49-4E0B11BE40FD} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "435811761" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000303eef0e2cd1a9499efdd285a56ddc50000000000200000000001066000000010000200000003ecc3a8ede664821f2260fded45188d08bfa05ee61f806032c418ea9f6dd8d5d000000000e800000000200002000000025744add326ea198d02a3e6e444d39bb1d1266a2703c15c80df33c629f7ecf89200000004feab9f94fea0ffda6a34b833e1c9dc0f31fb1a17094545bed3579ba546859e8400000004055461c3546f570ed17ea510ae43ffb69ba17fe8c5da1ebfe08d2e0eab92ffb03bc165e79a8f9b158ac9fa0336ae04e3d370636a31a48aed7fa678e385ed878 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 80ca5417f224db01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1704 wrote to memory of 1280 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1704 wrote to memory of 1280 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1704 wrote to memory of 1280 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1704 wrote to memory of 1280 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\6cc9b60b94a612a63b1e83d9416690c5_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1704 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | feeds.feedburner.com | udp |
| US | 8.8.8.8:53 | w.sharethis.com | udp |
| US | 8.8.8.8:53 | twitter-badges.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | www.statcounter.com | udp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| US | 8.8.8.8:53 | geckoandfly.geckoandfly.netdna-cdn.com | udp |
| US | 52.217.0.83:80 | twitter-badges.s3.amazonaws.com | tcp |
| US | 104.20.94.138:80 | www.statcounter.com | tcp |
| US | 52.217.0.83:80 | twitter-badges.s3.amazonaws.com | tcp |
| US | 104.20.94.138:80 | www.statcounter.com | tcp |
| GB | 172.217.16.238:80 | feeds.feedburner.com | tcp |
| GB | 172.217.16.238:80 | feeds.feedburner.com | tcp |
| GB | 18.172.88.108:80 | w.sharethis.com | tcp |
| GB | 18.172.88.108:80 | w.sharethis.com | tcp |
| GB | 18.172.88.108:443 | w.sharethis.com | tcp |
| GB | 18.172.88.108:443 | w.sharethis.com | tcp |
| GB | 18.172.88.108:443 | w.sharethis.com | tcp |
| GB | 18.172.88.108:443 | w.sharethis.com | tcp |
| GB | 216.58.212.226:80 | pagead2.googlesyndication.com | tcp |
| GB | 216.58.212.226:80 | pagead2.googlesyndication.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 8.8.8.8:53 | geckoandfly.geckoandfly.netdna-cdn.com | udp |
| US | 8.8.8.8:53 | geckoandfly.geckoandfly.netdna-cdn.com | udp |
| US | 8.8.8.8:53 | geckoandfly.geckoandfly.netdna-cdn.com | udp |
| US | 8.8.8.8:53 | geckoandfly.geckoandfly.netdna-cdn.com | udp |
| US | 8.8.8.8:53 | geckoandfly.geckoandfly.netdna-cdn.com | udp |
| US | 8.8.8.8:53 | geckoandfly.geckoandfly.netdna-cdn.com | udp |
| US | 8.8.8.8:53 | geckoandfly.geckoandfly.netdna-cdn.com | udp |
| US | 8.8.8.8:53 | geckoandfly.geckoandfly.netdna-cdn.com | udp |
| US | 8.8.8.8:53 | geckoandfly.geckoandfly.netdna-cdn.com | udp |
| US | 8.8.8.8:53 | geckoandfly.geckoandfly.netdna-cdn.com | udp |
| US | 8.8.8.8:53 | geckoandfly.geckoandfly.netdna-cdn.com | udp |
| US | 8.8.8.8:53 | geckoandfly.geckoandfly.netdna-cdn.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | geckoandfly.geckoandfly.netdna-cdn.com | udp |
| US | 8.8.8.8:53 | geckoandfly.geckoandfly.netdna-cdn.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| GB | 142.250.178.14:80 | www.google-analytics.com | tcp |
| GB | 142.250.178.14:80 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | c.statcounter.com | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 104.20.94.138:443 | c.statcounter.com | tcp |
| US | 104.20.94.138:443 | c.statcounter.com | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| US | 104.20.94.138:443 | c.statcounter.com | tcp |
| US | 8.8.8.8:53 | geckoandfly.geckoandfly.netdna-cdn.com | udp |
| US | 8.8.8.8:53 | geckoandfly.geckoandfly.netdna-cdn.com | udp |
| US | 8.8.8.8:53 | crl.microsoft.com | udp |
| GB | 2.18.190.72:80 | crl.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\CabB971.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarBA11.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 54f071f451beb70442578bca9bec282c |
| SHA1 | d042c1d319ba34829f8ea311d506928f3d6a2c16 |
| SHA256 | ccd8eb8eb1ed794b0643d0e21efac449fecff36e136d70a49751063f7ecac9bb |
| SHA512 | 1f43fbf378d254349c573d771f39847d29c1fa0a2321bbc5924e1fa2526f3d92b137ef8774eb488492382143eace5f7b3256849854f3d0ac944306772d6af385 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e719c12d222799af2a8b3fc1eb607169 |
| SHA1 | 1c079414a1790de304ad7f3681b1392bfa86bb3a |
| SHA256 | f628009876e60c5f7b7800d6dd8d0631f12bfaf834d3f54351f8b03b84537aed |
| SHA512 | 64fbd8136ecb400bcf003b2fe109d730fa1895918852243b2432948ce2a7f1bf379894d189e0df0e93e4cef3e0ebf581422adc3a3e67cc063e32b8b62dcf6aac |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7e544cab25d0b32c8cb9908880002938 |
| SHA1 | a3c445636d887cdf9092dbff13518c9dd25e91f7 |
| SHA256 | 49f7521d94eabc3f061d370411d86d1fecd4f3501185f812a680eddac9c13a32 |
| SHA512 | afcdc391e05b07900653be0107aa8ff87ff5868ffd5673b515c6bd0f99c7227b7189eb0167bb3c8e0d9e664805b73b8bb64e7cc18843e0fa02dc460db22a5015 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f072b878fc68a148c6bbff932c5ed7ca |
| SHA1 | aadc973652ce00ed5f795e1af72a36ec8f9b9f7b |
| SHA256 | 04e2c0a8a11b8b634c78708d738c25662756fd22a3ccebd4f070cfcf489c09cd |
| SHA512 | 56093d16c9123ab631564deec1521c2647d53004019143d0d53a80b8a7f5aa3a3c6847a100f286fe55b9372223f576ac6ddd98c9a7d65b57e93a0eac1469d116 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b4fde9f13135e8a31090b7f6a400dc46 |
| SHA1 | 26eb0286e1f98c8c4323df72eee72f6de9c5698a |
| SHA256 | 9fcca7cfd0cf9a208a9c63db4be344b2bddba997bb562481a7b96d1178843646 |
| SHA512 | 9b95dd53a234b1abab392637427f07a0a2c2f5505d11d904a86eb7e750632af88525bb0d630df70ccfa33206fdc4ec5d0fbcd8720c300fbe64e2c1fa22df770f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6d10f3bdd157dc20cef94b60576eb65f |
| SHA1 | e2567d0ae36743ab42d40e0d10d8ca996fd84a47 |
| SHA256 | 5597dca346299711c3820a9576c08e2c57a5bc05437acb67cf5923dcd944c963 |
| SHA512 | f2e4f91fb07dc9573ae2841113a39633335906244c6b051b5ee3e8b947ad1431af00251bd4f9ede4fa60e677b469d9e26ad80c02298a85859c4a617aec6bd4f0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0969266b439f18bb5bb5ffa537f06c1f |
| SHA1 | e96b098f67a5a0855b56bfdd3786c34637ed7ec2 |
| SHA256 | 0e859036eabb7c678456b46f46f26889d036fd67ae81e1de5c5da779ab41c794 |
| SHA512 | f0185539423f54b3c8e49eb8338e190c4b3bd04f4d31884bf4b3b94f5494ac24c3575ae0f5236347ce526526a0765a04cced23179949afe99dda6cb6d51a9d00 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ee9fae1c506272a3eded78874ea9efa2 |
| SHA1 | 6180f6e972f94a6e62a87e44c6feaa52efdf8d1f |
| SHA256 | b00e9e31e071fb54dfafdbafafa4988ac9051ea419d8170c7c5782084779fb16 |
| SHA512 | 9737c38a37117030c03d726b83a65652bca6dc905f558a79c51deaab1f38247a3f1dd3fb281bcd76aeaaf761634cf333ea2e37a2c7191622bd5fcd20cf042371 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3135b401cf4542cb648d0ad4ecdc4a0a |
| SHA1 | 3ea3cdedb5b687f507ce6ddd696b66257cbed3e8 |
| SHA256 | dbe94defe7161c1e66532583bb23c492fad054e07aea80e3f6b623ffb9272cf5 |
| SHA512 | 0200ac67a8b051f9ba733813564be63becfecd47899ed05deace5e538791dc380b1ca45f0b95589337097305c3d890f2178cdb2981c64668a93790eaf0463a5a |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D6V88JEY\f[1].txt
| MD5 | 19c7c43e0a1378d2b13ac65c718b5084 |
| SHA1 | 61ccaacf6638abb2cd8bf2f973abed31ae8cdbd7 |
| SHA256 | e79846b9cf2617f274c1db5fffdf880a569685b3ffaa51e442b31c767abdda6c |
| SHA512 | 985bd7d09fe584da1fd091887fb29a5ff164fc033b1ff3b88ae9317aad4aff0dd3ca60a58315bdb9e3e9f8f2392b44951f29527ac3d59647e887061ba51313ed |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 27d2f70ee7050f92375bafc90c4cc1bd |
| SHA1 | 347123c6d9a3595baab2bbaac9357976dc0c5263 |
| SHA256 | 4eccb9faf3e34a0a23909980b753e90c8dfb3a9b6d2f63616520a51d7894f147 |
| SHA512 | 11bd036d5775c757c8d7a7276aa6f9d8a056c4743be50875a83d9ab6e580e3bc23013f3cb4f9e784ca9c910fd2b615d660feab591600a108393a1089ed5d2b1a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6db12404a07c3f90dabbd998ed254a26 |
| SHA1 | 08378d12309db3af1e70319e29a2f53846c9e65b |
| SHA256 | 0f55b8b208e275a1cc88b844d632ee8e32af0177d5d91da045530436760646ef |
| SHA512 | ba0648f51171c04a0469dd234869b1d48bdd4d4256120523e5ed818f7b4d1f798014593ebb14d0b61655886e109059fa534528ec046d280a47a89056a4a332d3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b2f5184b76a6e9f94dce3e6d909107b7 |
| SHA1 | 60564c3c7fa0b096e034b8f653417ec8cbcf0b41 |
| SHA256 | 4fc1dd236d5abdcbf61a56d35299a885f536614f7bc680ef48db4c5d2337a50b |
| SHA512 | 9b4bf8d09e8392d66b3a19b643cb71714ccdb7eab47cd03ae6466ddffd4ba6a2e4510b9dd5011b5fdd011a7fde5659b9b1422a784606c44dbe82f9a8cb5948bf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 79181b7a94107ff9133b2cf2f4607d35 |
| SHA1 | 02029790bf0bedc7e8c5248773390b4e39f8ca64 |
| SHA256 | 045c4ae05c47545fdff23c389ee37e0c721fe47aec1e5b9e9d4818c441c5beea |
| SHA512 | 0e2ca15b0ea7d9a5ff631328c116e0db8aa23b590ef25ba74c3c3ff2b064d8ee57d64c6f0128611a6f09c9e070746d7db80b6e7c802c0382d0f7f86895c89743 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1b6a0553ce9529861d55a4ccf4fb1ff7 |
| SHA1 | e93fe29914163573efd6b289ff5c662aa6b3b8a7 |
| SHA256 | 075d039756ac0b1c6d730dfc9e0b72f2d1ed6b086194bd8bf4275132b701be67 |
| SHA512 | f9296110c0eecfc683671de29078b67989c864556da2c8944a33e420d75a3a30b3344cbf79478bdc1700d7a844fcc0f54bd739585ec2c0ea7d0848525cafa2d1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e56eb8b2830474630e89ec85692b7681 |
| SHA1 | a7db54449656d41137f02d844e27945a01defcc1 |
| SHA256 | 727c2bc654e987cc51a8fadb22b01b35f9b83e2f816e572839a7ff36d796f134 |
| SHA512 | a7c51a42cc9851be45534bef5975b97bbcbf7531919dc2e1b7899af73594ab248b581ddb9d72e0c26f5feccb2a1d05c341dfa0f56530eb6ea444a08fb1b04638 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 312f5dc459615318df65655a9e37875f |
| SHA1 | d134281898c4cd4720b3fb19e70ad0fc9383e4cb |
| SHA256 | 7bd70e4c5b911b36d3781b582ee2cdfc99ddbf3d9ec82606d6b934fa0f10dbe1 |
| SHA512 | 283e7a83eb7de66a0095f81885177adf348d6a95804427bf9f0e1bd6f4985f20c0c17d59deacb31ad9599033ae7e5a17c5573d4a96c432652b5c3b83784edb7d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5a3b91e6cfcfaa2c1bcc8f1a74552a23 |
| SHA1 | f55e4e3021355015982952d78584388ddf199542 |
| SHA256 | 152ae98ee6223df49d9a07f3a652f47bd6609fe1f16144da309d38aa9be883d9 |
| SHA512 | e1da4c96b15403ab7c657def5c7d3fa73e53cc7a440825b771eacd414f1e50d1082be9fb716d3d1948aeecfde678034acb4d3b332f688dabedb355bd46983df8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 35dd688596c0a991c08d4b531ef8654f |
| SHA1 | f5e8aadfb7dd0443130f193d9db2a1053dc8f435 |
| SHA256 | 9b9e63c74d1c39422863dd6346947a18797105c101dd8fc935202d05c3fc1106 |
| SHA512 | 8f21224183a7a248b0afc2b32dc6f5672ac0fe2837208e2b5f6b8b3cd9e862b14a71891121613096f4c9f3d8fb0e67ef6b48eb615c7b5f3365e17be968fe6799 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cb38da89fde614b66a6155f894940d54 |
| SHA1 | d388d8f68e9983ffe30efa854659436344c7e2a9 |
| SHA256 | dde2f60b75944dec12f1cb24921b19262d893036ee2394120cf4b946a8d314df |
| SHA512 | 4fdcc83e639c7b9a6b435f88a8a7ded9dc97520e42815a909190ef0e012644bd609f84fd63da713d0bd9592cfde1b5177e2ffc9d7f6e1349a6e069f0556b0d8f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8d4e013d28c5de2d4549e01ed40fafe9 |
| SHA1 | 7113d7d8ca449e5b83cb623ff077e116b8a5a67c |
| SHA256 | 3df9b0ebe269480819b2e8615b0de5f9696413ce9db971f04dc60e44d8b32eca |
| SHA512 | 71ea4ddd994632f4d264f4f64fbfbd247f75f22b5d83ec07a4cae1e8cfe3f2dee05d5466f0b75ad87ec747e7845ce75b2776260ec3738af7e0ca91f045b2d65d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 30b2c518552d426021665ab6955e41a0 |
| SHA1 | af075d2f8c1de33eed2ff0dcf36cde0c265ba7bd |
| SHA256 | d0889b97e1f1524ca09dfbdd388913d09b0eff4acd26f16c3753e792442388c4 |
| SHA512 | 0115da698c408342b1439e87f09b920353482c3225e4995fa894b1ec9ed5cfc56245829ff4598c33457d1cbb2fcf1fc481cbc5c119d2e2d1fe359b68621fefbf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e7803bc58c82aff98e60a2ba58e1246a |
| SHA1 | 33eecaf65b37af8829943d0f8bc041037a6e20fc |
| SHA256 | 03c42870585f6b09bad37c59779645738fd8c5828246f7fe7e76cb1d69d0b4ea |
| SHA512 | 1eed090eb8a6c7cefecfde1329e7598a766f2b49391ac938fb5f10504a55a1c6bdac6dc7179d8b53622afeaf1535d3d7cd9f9384a9a74e0085ebe413d2652a85 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 879f9efe5c23270c965784341cf76f60 |
| SHA1 | 153e005fce58c9982853c412e4dbcbee045088c8 |
| SHA256 | 1877b8b211c1c7e7e8f8953394ccd7fe21f7afaceb367a82b7be9a11a621b9b3 |
| SHA512 | d004095df7c14acf1d1313f302821243f3bca8c1a33c0626093662c7025284699baa37ee132558ddc8261f0c2b0502c7564faa1730e6d9f6037f09c4fbe80849 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c70d5fe56b72ede090c8b1d61bc80c51 |
| SHA1 | 0682effaa5c97929cb03037518d9052d043f2743 |
| SHA256 | cc6488bda61f5eb6aa1471febec203cc034bbcdda70345808bd1979fc32a053b |
| SHA512 | b97135b210196d28e0c1a860ad95d8568701a3bb30677a489c9444111714b67cf3f2758a775efe820c1b57608ef266d3772bb4eed38152f3e9d6f8e0bef41f27 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | da0aea1db46e5c6f9c9b4fc19c15be7f |
| SHA1 | 77f12f75eb1c360139029fa5774d060d0600d81c |
| SHA256 | db5f0f277ea895c3b3146308842f673111c8577bdb706368961433c787d55ae8 |
| SHA512 | 67071fb0038b31ddca4c9499cb69565a8a9f99af6b18c74c4c2452b12187d9ab2e2710d877255637095d1f103d5b14f88dea4889dc55a9ec0e84134045d50b18 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f82fa02fa413dbdcd82b8fe1a3e2f8d2 |
| SHA1 | 733bc9eeb8c348964b3919b5f33541a4ef1babad |
| SHA256 | bdca12ee5858a547fe41098a0f1203b0b530f832fda9e40f5a58ef5a3abc32d6 |
| SHA512 | 5c973e6fecd79fff4c2cc7a80904e8308e7616574b1ab21421c8691b8e3223628e84acb47653e5ed919eda6aa42949fe85bef61f40e0cf6c9320033be9e3ea4e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5418efefe43a6e3b251e2bc8655c6152 |
| SHA1 | 0c30fdad1bb45903276d736596c8bf01e655719c |
| SHA256 | 521b54f07d0ff7b6a89fbcfad08b6a476f4f4794b7b187501d8ec558006267ef |
| SHA512 | cb3a35c6f9fe1f95e983b6dc9f9c4ce8b8f404066c4b20bb367e4b6719ca46fdaf734121c81a85e9bba58682295a3cc80b38f72281d8ce2303233303ed6940f5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f2c0c06a24fc3401c8940c486bfa414f |
| SHA1 | d3e126363837b9c8e3b42597cd3aa06de30c656b |
| SHA256 | d6460d36554ea4e3449fe4c61a5a926b78411552504be2569a47df5e5251cbbb |
| SHA512 | e07ffaf4f7b7fca7ff1ebcf482422b88eb5c6239faf5811aee782a05de0b62cb66e78f22dfdca8a8b0146a6d9b132758eb48fcdf9618eca94595b3999b715465 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e5c79d122bc35e1c0e20b5dfa3747982 |
| SHA1 | f7851026ce348bd615ea773b1a33e5db25c22fd2 |
| SHA256 | 7db393f60d7c04c1acf1fcce82741bc13f9a650ab36f4fa0673f17bd156e8917 |
| SHA512 | f061c6b4e01049ce40af5e9f1956aaf81413d485ad5b6550c8591e7005be9e558f62bde0209aac648f99452182dbd17a5070045365dab397a74f22b29d3d713c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 899d6d35095f0ee2e928613334f5e789 |
| SHA1 | 224bac85a7d6c0b70be20fdd6bc301bf0a2353cd |
| SHA256 | d394fba3aafe40beaffca933ba6738afc4dbeb3c792849ed5a4a826e7f07123f |
| SHA512 | e726cb0670dfdd69507247f9376ee518d79975c211de0593f5f4e512849f83e421321bf60dfd1a7faee9609325193fc73f939f47d1f13022e80970f831cf06ec |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b428f3a616f44ed1baac19c33d3ee1fd |
| SHA1 | d3092f9508b00c33e430f67a0674ed3f521c445e |
| SHA256 | c840107dc0a7f24c2e1014b5525b591588a34c658c72c5c4d95a00a466e76c08 |
| SHA512 | 3a9a85961a5acbfb9f5d583eba9a9e899d4ff26fb93ab0e99a7d9d49296f0acd727957e3f29653c4dcb70ebb71880f20bed5bdfa534cf779edaf07f85e159203 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-23 02:18
Reported
2024-10-23 02:20
Platform
win10v2004-20241007-en
Max time kernel
145s
Max time network
145s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6cc9b60b94a612a63b1e83d9416690c5_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa202f46f8,0x7ffa202f4708,0x7ffa202f4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1464,18122170237728523698,15958881095996196812,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1464,18122170237728523698,15958881095996196812,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1464,18122170237728523698,15958881095996196812,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2760 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1464,18122170237728523698,15958881095996196812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1464,18122170237728523698,15958881095996196812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1464,18122170237728523698,15958881095996196812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3940 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1464,18122170237728523698,15958881095996196812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1464,18122170237728523698,15958881095996196812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1464,18122170237728523698,15958881095996196812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1464,18122170237728523698,15958881095996196812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6280 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1464,18122170237728523698,15958881095996196812,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5804 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1464,18122170237728523698,15958881095996196812,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5804 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1464,18122170237728523698,15958881095996196812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1464,18122170237728523698,15958881095996196812,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1464,18122170237728523698,15958881095996196812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1464,18122170237728523698,15958881095996196812,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6760 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1464,18122170237728523698,15958881095996196812,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4888 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | geckoandfly.geckoandfly.netdna-cdn.com | udp |
| US | 8.8.8.8:53 | w.sharethis.com | udp |
| GB | 216.58.212.226:80 | pagead2.googlesyndication.com | tcp |
| GB | 18.172.88.79:80 | w.sharethis.com | tcp |
| GB | 18.172.88.79:443 | w.sharethis.com | tcp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.88.172.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.10.230.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.27.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 157.240.221.35:80 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 8.8.8.8:53 | www.statcounter.com | udp |
| US | 8.8.8.8:53 | feeds.feedburner.com | udp |
| US | 8.8.8.8:53 | twitter-badges.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | ws.sharethis.com | udp |
| GB | 157.240.221.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | l.sharethis.com | udp |
| US | 16.182.69.57:80 | twitter-badges.s3.amazonaws.com | tcp |
| US | 104.20.94.138:80 | www.statcounter.com | tcp |
| GB | 172.217.16.238:80 | feeds.feedburner.com | tcp |
| IE | 34.241.118.49:443 | l.sharethis.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.187.194:443 | googleads.g.doubleclick.net | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 8.8.8.8:53 | 35.221.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.94.20.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.118.241.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.69.182.16.in-addr.arpa | udp |
| US | 8.8.8.8:53 | count-server.sharethis.com | udp |
| GB | 3.162.20.50:443 | count-server.sharethis.com | tcp |
| GB | 142.250.178.14:80 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | c.statcounter.com | udp |
| US | 104.20.94.138:443 | c.statcounter.com | tcp |
| US | 8.8.8.8:53 | ep1.adtrafficquality.google | udp |
| GB | 142.250.178.2:443 | ep1.adtrafficquality.google | tcp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | ep2.adtrafficquality.google | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| GB | 142.250.200.1:443 | ep2.adtrafficquality.google | tcp |
| US | 8.8.8.8:53 | 30.179.139.118.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.20.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.178.250.142.in-addr.arpa | udp |
| GB | 142.250.200.1:443 | ep2.adtrafficquality.google | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.178.2:443 | ep1.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.163.245.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.99.105.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | e443ee4336fcf13c698b8ab5f3c173d0 |
| SHA1 | 9bf70b16f03820cbe3158e1f1396b07b8ac9d75a |
| SHA256 | 79e277da2074f9467e0518f0f26ca2ba74914bee82553f935a0ccf64a0119e8b |
| SHA512 | cbf6f6aa0ea69b47f51592296da2b7be1180e7b483c61b4d17ba9ee1a2d3345cbe0987b96f4e25de1438b553db358f330aad8a26e8522601f055c3d5a8313cdd |
\??\pipe\LOCAL\crashpad_3380_QEDOLYDURLRUGORE
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 56a4f78e21616a6e19da57228569489b |
| SHA1 | 21bfabbfc294d5f2aa1da825c5590d760483bc76 |
| SHA256 | d036661e765ee8fd18978a2b5501e8df6b220e4bca531d9860407555294c96fb |
| SHA512 | c2c3cd1152bb486028fe75ab3ce0d0bc9d64c4ca7eb8860ddd934b2f6e0140d2c913af4fa082b88e92a6a6d20fd483a1cb9813209f371a0f56374bc97d7f863b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\422397f8-2ef9-4931-b539-dfc70dcc2d44.tmp
| MD5 | d2319d2b550ce1a916c64a9eb46e72be |
| SHA1 | f3a945d5e32df4895a4aa6035e648079faca9c08 |
| SHA256 | a56cd335aebb446385c44f9fb15a6a47d8fa4fa1643881a2ff4301c7062822cd |
| SHA512 | 86324432c820ef5d3ec96a29c1827ba72dafafc247fce51902b70f1f3844da5e904f806cdb85ce77328bc638462dbca378e3599747b716a63bc4fc01ce25982b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 5b34717f2ad966318f6ea04fd37c706b |
| SHA1 | 63f57196bc95871339d904f474a620e8286e5926 |
| SHA256 | 13ffe0fba62d2d4236afc29a50ecc2f4f4f7fe2639016d457b0335e5c1677b78 |
| SHA512 | d1e4f9ec4a2a563844fb438062777a52903e89f7a3b34a52839b9b6bb82c04f1fbef4b85f8d5624ec59d7d4427ec6ac5801073b95daa348c9d486aebd3165bc4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 856fe374c8ee72a6e330b7200125c9f0 |
| SHA1 | 264e0510e0004fd90dd84579fec24fddb148f635 |
| SHA256 | 74a0feaa277177d23157833f835600e25f5076ba6ac2121dd984fdd8d1f310e6 |
| SHA512 | 1f44dc5f05f01528b5f3d7b55f21cb020eea2e7d728dc3d8c9bd835169d6ea327d6ca7513d6c726f13c40f6225bde34d25aa901f1af15c941baf9cbb6f2ef7a1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | b3cbf0a39d1d8360775d76fc31377513 |
| SHA1 | a56816aaf7edbddfd6b81a37380a8f24659c810a |
| SHA256 | f16ba6a0bd48f7c4558c6d70812e919fe83432813e7e5cb1c2cf7a50648bd47e |
| SHA512 | 2decd68a7e30e45b29a82a4d136f222f1aca97ce6a68fdea0d34474c5808ced7819b5e25e27e5a6a9df5cc067bc8e3d489a9c26baf623ea96add2572266d3600 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | ecc89ff9a2efd00efb51ea8385ac3621 |
| SHA1 | 98978ccc306503d0d5ae7a5b3b68fa2c427f8a61 |
| SHA256 | d59273f9503d1a5efe755489b9dd178d65f921e4564ebba24be3c9f2e4eaec49 |
| SHA512 | fbedb8fd00862a8fc40c5a658e4d70bfb4ad9febed207a34020266034e48908bb7685ef3a4bd908e0b5468fa5b3bac753eded2c88cd635e513d6f27544e97204 |