Analysis Overview
SHA256
b6ef6672165cbe0d2b1ff9f276a169f27b6d16a31063945bd6746edd1c6eeeb8
Threat Level: Known bad
The file 6d70f982e62712d63a68163a90e57690_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
SocGholish
Legitimate hosting services abused for malware hosting/C2
Browser Information Discovery
System Location Discovery: System Language Discovery
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-23 06:12
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-23 06:12
Reported
2024-10-23 06:14
Platform
win7-20240708-en
Max time kernel
142s
Max time network
149s
Command Line
Signatures
SocGholish
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | sites.google.com | N/A | N/A |
| N/A | sites.google.com | N/A | N/A |
| N/A | sites.google.com | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C25A98E1-9105-11EF-A207-6A2ECC9B5790} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "435825808" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2360 wrote to memory of 2536 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2360 wrote to memory of 2536 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2360 wrote to memory of 2536 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2360 wrote to memory of 2536 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\6d70f982e62712d63a68163a90e57690_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2360 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | img2.blogblog.com | udp |
| US | 8.8.8.8:53 | t2.gstatic.com | udp |
| US | 8.8.8.8:53 | i561.photobucket.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn3.gstatic.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| US | 8.8.8.8:53 | badge.facebook.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | sites.google.com | udp |
| US | 8.8.8.8:53 | dfrf.daisypath.com | udp |
| US | 8.8.8.8:53 | img529.imageshack.us | udp |
| US | 8.8.8.8:53 | dhbf.daisypath.com | udp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| GB | 172.217.169.73:443 | img2.blogblog.com | tcp |
| GB | 172.217.169.73:443 | img2.blogblog.com | tcp |
| GB | 13.224.81.90:80 | i561.photobucket.com | tcp |
| GB | 142.250.179.238:443 | apis.google.com | tcp |
| GB | 13.224.81.90:80 | i561.photobucket.com | tcp |
| GB | 142.250.179.238:443 | apis.google.com | tcp |
| GB | 172.217.169.73:443 | img2.blogblog.com | tcp |
| GB | 172.217.169.73:80 | img2.blogblog.com | tcp |
| GB | 172.217.169.73:80 | img2.blogblog.com | tcp |
| GB | 142.250.200.46:443 | encrypted-tbn3.gstatic.com | tcp |
| GB | 142.250.200.14:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.200.14:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.200.46:443 | encrypted-tbn3.gstatic.com | tcp |
| GB | 142.250.178.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.178.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.178.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.178.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.179.228:80 | t2.gstatic.com | tcp |
| GB | 142.250.178.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.179.228:80 | t2.gstatic.com | tcp |
| US | 38.99.77.16:80 | img529.imageshack.us | tcp |
| US | 38.99.77.16:80 | img529.imageshack.us | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| GB | 163.70.151.23:443 | badge.facebook.com | tcp |
| GB | 163.70.151.23:443 | badge.facebook.com | tcp |
| GB | 142.250.187.238:443 | sites.google.com | tcp |
| GB | 142.250.187.238:443 | sites.google.com | tcp |
| GB | 142.250.200.10:80 | ajax.googleapis.com | tcp |
| GB | 142.250.200.10:80 | ajax.googleapis.com | tcp |
| GB | 13.224.81.90:443 | i561.photobucket.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | m.facebook.com | udp |
| GB | 163.70.151.35:443 | m.facebook.com | tcp |
| GB | 163.70.151.35:443 | m.facebook.com | tcp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| GB | 142.250.178.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.178.1:80 | 3.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.147.35:80 | www.facebook.com | tcp |
| GB | 163.70.147.35:80 | www.facebook.com | tcp |
| GB | 163.70.147.35:443 | www.facebook.com | tcp |
| GB | 163.70.147.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | www6.cbox.ws | udp |
| US | 108.181.41.161:80 | www6.cbox.ws | tcp |
| US | 108.181.41.161:80 | www6.cbox.ws | tcp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| GB | 142.250.200.46:80 | developers.google.com | tcp |
| GB | 142.250.200.46:80 | developers.google.com | tcp |
| GB | 142.250.200.46:443 | developers.google.com | tcp |
| US | 8.8.8.8:53 | crl.microsoft.com | udp |
| GB | 2.18.190.80:80 | crl.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 184.25.193.234:80 | www.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\CabC785.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarC863.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 93b313a3dbe245aaa6eece73edbf1491 |
| SHA1 | cf5dbc63b0ee48ba289bec88033500d85ae3929a |
| SHA256 | 1154d656a700f00a58b656940f3f4e4045ec64205590f166f35374a7e6e025db |
| SHA512 | 7f0f7fe78902c2948ed1c25d0e916fc8ec5b19d98b245ef4a4ca993fe6f483ea0872169f5b96714f131fe0fb1185baab36538350c5a247930e7b0ab5640e0bbf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 76b2de4276a82861ed2fc9622aca4532 |
| SHA1 | 121d53d4ccd29ff917c424c703a718f4ce811172 |
| SHA256 | a5d281814ab7745a410c2de4e66244f253662f3c78fdc0d2a280632afab807e4 |
| SHA512 | de2758ac45fd6d48008c9ad0f58e71d064e6284f8665cd09794f9d1a6d6c2747ed7c9be6f6a784c530b72290c0de015849e9a650e2ddd7172dda1dba79562605 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 144fe8227ac7d428def846c9346c78b5 |
| SHA1 | 11db274c3cfb168a972184e6b7be485a58c96ca4 |
| SHA256 | 1dfb06c8155eb481704b730f6fb83437fa467c1514e921271c51a2b850afa89c |
| SHA512 | 18d5611e4a8c50e85094889ba8ddcf46c03075b470c8bd9ee4780baaf4e522aacb947294564b86c51d168581e3b19e5876afb20c1408fed271b1c4b1fe7cbc4f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2135ff48d69e164ced0c87a143fd84fd |
| SHA1 | 5cf5801b3ec6977d8b522e93882c7e05063261cb |
| SHA256 | fc67815c658f832b4d7b7cd29be55fa271f1a1ef06e34f5f226ea0eef85c41d5 |
| SHA512 | de62edc0bc51887f18987b10fc363398cd5f9def462d3260a4853ddb464b9d2577754879b096d76a423231ce850ed3120d64b90a215a779e131601312734c60d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199
| MD5 | e935bc5762068caf3e24a2683b1b8a88 |
| SHA1 | 82b70eb774c0756837fe8d7acbfeec05ecbf5463 |
| SHA256 | a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d |
| SHA512 | bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199
| MD5 | 8f0044f3181872f2695729d2f1736404 |
| SHA1 | cdaa34e042f55d6380ae3ef89adf42bdecc62744 |
| SHA256 | dd1a176c963916874b32dfaea64ac20aa27d41ed8823f4a2637e047f4bc315ad |
| SHA512 | 34632aa56e8405f1edd0b1029ea05b1e0d76a86adb3ac7dbd35b0c137d952dfa6cea23a5aad840e732aadb4af885672c10d57f9e687fd5dad78251d3c533e3d4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 449bc560ad2c85206fb75ec73c8acdfe |
| SHA1 | 48491126baec7615cd09a93cc2c0651173959a8f |
| SHA256 | 517ad41943400d3e252a4432aae2a55417727bc54291a14daeb7847d4ad142c5 |
| SHA512 | f30c313cb87c920f7ddd9660cd6cea463e7ebe0c0f89bf516c7c215f5ba1216ff686ee280532763efc26b02874f2a0171ea44db7fc78c3cd3d71be87bd4ee463 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199
| MD5 | e804492facbd757a141a57f0e18589e9 |
| SHA1 | 2748bd3d27c868a4a3b1ed11a1a74bb0e90c557e |
| SHA256 | 004729c63cab673ea117f582563e06840b339b1061902ee6f22e6bcd9868a899 |
| SHA512 | ada18b71d0851c9477ddeb11e5d98323a10cddee4a6faf6e615dc3495c1092307672191485f316cab1dbcd52b9341630ca3653934577451b1d05500587d4b839 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B3513D73A177A2707D910183759B389B_3247EAD763AFDAC8D547ACA55BB3C63C
| MD5 | ee628e76bc3204e901fbc20a48ccc28d |
| SHA1 | 9543fd7dcbf35400d48fafc10dd705102bbd1b60 |
| SHA256 | b931f9bb226dbfc52bf0c8735b74f26a30bdb0889caa84479d115fd3e1adc656 |
| SHA512 | 16c0be72aab6290650c5ccd7e57429c5c39d6bd485d88399b44a2f72ea70b9be02be153927f34531bf0eae1823f6f9caf039d4d7bc19665cb964113664e0c7b8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d8030f9c2b1bd8d05b81e3643b361efd |
| SHA1 | 81dc76f4da789ab6499e79bc2cef0a62080fbf75 |
| SHA256 | 0f9b2586340f592e0e8a8e8355da5692d74b052271ca57492b80bbfd8486d892 |
| SHA512 | 442a54d3ef6571e049f005b81932d3fb733c995305caba41b00c7b083c91342ff3a483dbfa246879a5dc21126e3733b38fe3f99eaf87e30b708079ad4266c4bf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c1513597df540416bb8f8bda265e21e9 |
| SHA1 | 0381f978938a8ee0207806cbcfd3179d9c651704 |
| SHA256 | 71df06f3b4ea4cf67206c52267b602a93e73aad534ff8e30fc5eed9cec432e71 |
| SHA512 | 39e05c50862b256580d2106f2f5b9911f7fa547ae1346fd38874015eae9231369860fc03466ebd3d0eea41d9c94464edac040da7e36b40c0833cc6526de0bfd4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
| MD5 | 3c35fb0db4eb50607ceaf62ef370128b |
| SHA1 | 495ce950b06e66c0a3980346e222cf99ca4c10b4 |
| SHA256 | a4e195f9152b2a9a88e7d9e0dfe85c9b6bb4c1552f514b92e186f1f5b3b5fe2f |
| SHA512 | 7d1b3a70a5f35eb75cbddd99dc326ed97200b6aaf0485c1712b3a723f0d1e2cbda0f75ac89b73f17eb30187b06c209f146d767083c1a66c7448e9d2062a866ba |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
| MD5 | 55540a230bdab55187a841cfe1aa1545 |
| SHA1 | 363e4734f757bdeb89868efe94907774a327695e |
| SHA256 | d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb |
| SHA512 | c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4714d8928f43af767b17f271a1253fd0 |
| SHA1 | 73b6c4489d3f7cf144be5a7d9ba037e2b044b36e |
| SHA256 | 304e1ef29133e9235dd327f10bf84280c27d172b9bd733788cc56fafe0e9a513 |
| SHA512 | 2953405670bfafe71bfed563bddd821637c083ca84e520dbf3cb26015bafd41f54ad3d5981dfa9810dd9653409396877348d4e9bddb841e98c885b224e0caade |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2bd9025d67871d354e59a3ea6d63ce25 |
| SHA1 | 44b0ea1f984a7a92feab5fb56212279f123b70f9 |
| SHA256 | fae5d35dd684f3a309d8e567826708a72c38cab5f299f0576f3ae318f895fe4c |
| SHA512 | 4cf80d1cf4544ae60176f0794d5f5b490974916830e6659d0937b7afa049494754530ac15a43da78d780fcf93d65b9ee1460a487bfa44694aceff070f4d673ff |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 0e539be1fc2cc121900d7dbb6282bad4 |
| SHA1 | bb255ca8c664b0d16bcc6c04afd6e9f8e4b9091e |
| SHA256 | d4a82b0d19651c757ad5ad53675809d99d86d6c5d039b06fe7eac4ad22a56a9f |
| SHA512 | 1d8542960d976161e070d7f41cd5baa3c43d180360d498083406407ddf5d64c079cf6d5dad9e62bee71e26a49aac05f45bfe90a9eb28027cf7cbcf931a2fb991 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 090c6a80126abb2467eed1e4a23366c4 |
| SHA1 | d8a08a0a1da0f3b08c00117c06686d19139e708d |
| SHA256 | d168b8ca370af9ad92b8ff10ef2874c7c65882f2f2df59752d94bd6707308180 |
| SHA512 | 4bd84a44d3908d6efdc6300c5d53167f28da20886dba1b68cd920ccc89ba1ded3c02e273c16928f22879355d65b0d5fa607f2a0896493a824993343406eaf6aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a7a7eb50af51bcd79d645bf8a0848b0c |
| SHA1 | 9262245128dd4e97dd9e40e546b18e4b773da368 |
| SHA256 | 7955e3bad6147f456108d65dab25cf277b4125fc635b44167b914143f27bda44 |
| SHA512 | bcd68dea8b6f89487227657b511534622b5f8a30322652340d0e216c15b59ad7c58401183d06d0b69daa3146c9e41454a07ed6af5f9e58cc0efa9be274682394 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fe93cae5ae055adfaef210a7a468e908 |
| SHA1 | 3632cd6647a7bfa74fdbb6c2cacb62d89c0979bd |
| SHA256 | 94bf2862947f4d11dea36dc5f32e873e5172055cf7fe9c2de3c4284e41f6d0a7 |
| SHA512 | 99713299d86f87677f4f9a0616eaefb6184fe390a753e31289d833452406820fde475b38b4448ceece8811fe3e03d576c753e3b0a061bd28db8c64f001094e58 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 14c0504a3f3b18d9e3ae2e02cbc952aa |
| SHA1 | 4cf1995a4211e965f63f20d113ea0ca84955166f |
| SHA256 | 7d58e3acfdfdb5f562608452816db5205619dfeae2c8adc5438d1eb619a6f543 |
| SHA512 | e603df78c06ed6f019fa1a20037ab5d4beee7aa813991a45831eaa084a009389178bbc341b033958bb6ffd172396f1e8e839c6d2e6741fe74452847d0fc53ee5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 54946ce7dd1b0b087bd3868cad6e45de |
| SHA1 | d312b48a22971a65a933efc70151a2af7212fdcd |
| SHA256 | 146682ad82e965429b3335b616cd7a7509486c7f0a3a713d8eabe8defb9dd58a |
| SHA512 | 7816e0d306c1aefa69e52b068641203d0aba8c0212600786b6689ea40f1fb034ce5efc01af77674bff456ce7fc68e3ecf34d5c3dd3eb8a28efb1b4f629c31b35 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 70c744138a0d1e7df8fe1617a6a1e40a |
| SHA1 | 7d0cfb0d8c11c8a8e0a99e4cc50c4a2301cfd239 |
| SHA256 | 3c27abf8aea3ddf275ff8a5bec1236e9f41b073e381c1fcd4263e1d9ca64e51c |
| SHA512 | 196b46dd74928022c6ca8a2505ac0212585cc36f293512715691ae7fa94d7673d7110a7465a202d9a4e21bfd522aa238391be5f5841ae90738e866ac308a212e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7d9695b66e1b001654793b777a404c58 |
| SHA1 | 73ad3c19c1d3ce02b9fc9ad1708b2c5cb5180c55 |
| SHA256 | 61ad9871ff4f192d688cad892a5cffe07c475dc90e5633a0a9c0ee7a687c847e |
| SHA512 | 45a08fb988b1193fd6b58ab339982fb6e67fd71f4a0aba7d5c043a4c86efb1d4a2c32e0b29673b0866ea4c901d057e0eee12b1d77ebbe0c8a2c17163bad9795b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c25c6c7c3fba2eac0b84d427ac577e07 |
| SHA1 | e2e0f1cea5536444c0a011617a97dacecef6bfb5 |
| SHA256 | 8c6fbaae65633fa91dfc5183b582c28f8388ced162e48b3527c13640223a1205 |
| SHA512 | dcd8f5b818e59479ea4230d734083a67617765d5df78f7933e072d5f1e70135b39ccf692d550f07d0ed27222d1e15aaecc4dbe9608b2c391f43b87247da505fe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fa4dd70321765c262ad0741d0e3fce36 |
| SHA1 | 13b14adf9728eb52123611106fcc2489bb1bee61 |
| SHA256 | 046a6f43c139d63d56c189ba7fe836fc176749b40babe821d57bb8e5fe25503a |
| SHA512 | 0df2930448f380e405cee59fad7485e7c604aef7ed6edb7c4f83acd1ad1b241576c7200f87fe8cd8b5016ac1e1a777be79da165216c7331b68c1ce56c6b979dc |
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-23 06:12
Reported
2024-10-23 06:14
Platform
win10v2004-20241007-en
Max time kernel
148s
Max time network
150s
Command Line
Signatures
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | sites.google.com | N/A | N/A |
| N/A | sites.google.com | N/A | N/A |
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6d70f982e62712d63a68163a90e57690_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc86bc46f8,0x7ffc86bc4708,0x7ffc86bc4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,9172423301766358680,16189712410495289220,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,9172423301766358680,16189712410495289220,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,9172423301766358680,16189712410495289220,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,9172423301766358680,16189712410495289220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,9172423301766358680,16189712410495289220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,9172423301766358680,16189712410495289220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,9172423301766358680,16189712410495289220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,9172423301766358680,16189712410495289220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2344 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,9172423301766358680,16189712410495289220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,9172423301766358680,16189712410495289220,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1976 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,9172423301766358680,16189712410495289220,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1976 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,9172423301766358680,16189712410495289220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6212 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,9172423301766358680,16189712410495289220,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,9172423301766358680,16189712410495289220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4124 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,9172423301766358680,16189712410495289220,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,9172423301766358680,16189712410495289220,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6028 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | encrypted-tbn3.gstatic.com | udp |
| US | 8.8.8.8:53 | t2.gstatic.com | udp |
| US | 8.8.8.8:53 | i561.photobucket.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | sites.google.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | img2.blogblog.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| GB | 142.250.200.46:443 | encrypted-tbn3.gstatic.com | tcp |
| GB | 142.250.200.14:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 13.224.81.73:80 | i561.photobucket.com | tcp |
| GB | 142.250.179.228:80 | t2.gstatic.com | tcp |
| GB | 142.250.179.238:443 | apis.google.com | tcp |
| GB | 142.250.187.238:443 | sites.google.com | tcp |
| GB | 142.250.178.1:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.178.1:80 | 1.bp.blogspot.com | tcp |
| GB | 172.217.169.73:80 | img2.blogblog.com | tcp |
| GB | 172.217.169.73:443 | img2.blogblog.com | tcp |
| GB | 142.250.178.1:80 | 1.bp.blogspot.com | tcp |
| GB | 216.58.204.74:80 | ajax.googleapis.com | tcp |
| GB | 13.224.81.73:443 | i561.photobucket.com | tcp |
| GB | 142.250.178.1:80 | 1.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| GB | 142.250.178.1:80 | 1.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| GB | 142.250.200.34:445 | pagead2.googlesyndication.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| GB | 142.250.178.1:80 | 3.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 142.250.179.238:443 | apis.google.com | udp |
| GB | 172.217.169.73:443 | img2.blogblog.com | udp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | badge.facebook.com | udp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| GB | 163.70.151.23:443 | badge.facebook.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| GB | 142.250.187.238:443 | sites.google.com | udp |
| US | 8.8.8.8:53 | dfrf.daisypath.com | udp |
| US | 8.8.8.8:53 | dhbf.daisypath.com | udp |
| US | 8.8.8.8:53 | img529.imageshack.us | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.81.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.179.139.118.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.151.70.163.in-addr.arpa | udp |
| US | 38.99.77.17:80 | img529.imageshack.us | tcp |
| US | 38.99.77.17:80 | img529.imageshack.us | tcp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| BE | 64.233.184.84:443 | accounts.google.com | tcp |
| GB | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| GB | 172.217.169.73:443 | resources.blogblog.com | tcp |
| GB | 172.217.169.73:443 | resources.blogblog.com | tcp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| US | 8.8.8.8:53 | www6.cbox.ws | udp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| GB | 142.250.179.238:443 | apis.google.com | udp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 142.250.180.1:443 | lh3.googleusercontent.com | tcp |
| US | 108.181.41.161:80 | www6.cbox.ws | tcp |
| US | 108.181.41.161:80 | www6.cbox.ws | tcp |
| GB | 216.58.201.99:443 | ssl.gstatic.com | tcp |
| GB | 142.250.187.194:139 | pagead2.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | 83.39.65.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.184.233.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.77.99.38.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.cbox.ws | udp |
| US | 8.8.8.8:53 | 161.41.181.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.28.10:443 | g.bing.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.blogblog.com | udp |
| GB | 172.217.169.73:445 | www.blogblog.com | tcp |
| US | 8.8.8.8:53 | www.blogblog.com | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 216.58.201.110:443 | play.google.com | tcp |
| GB | 216.58.201.110:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | 73.209.201.84.in-addr.arpa | udp |
| GB | 216.58.204.67:445 | fonts.gstatic.com | tcp |
| GB | 216.58.204.67:139 | fonts.gstatic.com | tcp |
| GB | 172.217.169.73:443 | www.blogblog.com | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pon2ecah.blogspot.com | udp |
| GB | 216.58.212.193:80 | pon2ecah.blogspot.com | tcp |
| US | 8.8.8.8:53 | 193.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ba6ef346187b40694d493da98d5da979 |
| SHA1 | 643c15bec043f8673943885199bb06cd1652ee37 |
| SHA256 | d86eec91f295dfda8ed1c5fa99de426f2fe359282c7ebf67e3a40be739475d73 |
| SHA512 | 2e6cc97330be8868d4b9c53be7e12c558f6eb1ac2c4080a611ba6c43561d0c5bb4791b8a11a8c2371599f0ba73ed1d9a7a2ea6dee2ae6a080f1912e0cb1f656c |
\??\pipe\LOCAL\crashpad_2064_ROXAWZSWQLILUHVF
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b8880802fc2bb880a7a869faa01315b0 |
| SHA1 | 51d1a3fa2c272f094515675d82150bfce08ee8d3 |
| SHA256 | 467b8cd4aacac66557712f9843023dcedefcc26efc746f3e44157bc8dac73812 |
| SHA512 | e1c6dba2579357ba70de58968b167d2c529534d24bff70568144270c48ac18a48ee2af2d58d78ae741e5a36958fa78a57955bd2456f1df00b781fc1002e123d2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5c32449bbe65f694687978df50b76f88 |
| SHA1 | 93bfacc2ba809a8a122bf8dcbfd0c1f0a0298ee3 |
| SHA256 | 5013c001aad43c1eff62ab16fe893a5a1da510eab2d15e16b6e0ef9fd66473e9 |
| SHA512 | b7abefc0eb69358a0510a6c24279164ab2ec4be616184435aa43b75d6e7333e3fd90349c44ecf5430224e96fce7e845b952ac32e0137a1cfb605ee77e6a63627 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f
| MD5 | 101f2295c59a6c129b95bb68093aed06 |
| SHA1 | 12f5843daaf99bdb874dfebaf10660c54ede2120 |
| SHA256 | 9b59525954d9da17ff56cac0c0cda55bb6c4df6b7550fe68565fe0d24a963ac7 |
| SHA512 | f5e54b7609a1884253f1d05d9245def95b3721e1163ddabb6d32f5b31f824a218c60533eef25a6f91d8ae6fa314128ae258fdc341cf9a4f36bf378e874b5277f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 17ecf138223996f21a17003359b6714f |
| SHA1 | 69e368b2c8d58c6006f9e59617e8f702e423ee66 |
| SHA256 | 7fddc9958f76b294bc68bae7a88fa6bd606c77a3c6b81203964eafa01502bcd1 |
| SHA512 | 23efac1023515320f59f33109556028b683c64a0958cf2db5834d72e4f062443dbe9dda65ab2fae57ba9174e5a301fc6174a95d8b78a4f26ebafcc0ec5792de8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 57a91af0955896ca2ab37c3b33dada8c |
| SHA1 | 6c0a1c087da9c601c809ddeee587b0843c19ef04 |
| SHA256 | bc37921633b2d57146e5198985a3d3227b8c0365690ae55fbf9e437146371b9a |
| SHA512 | 31c90c9b24170096dfb4ec045c7e4d2deaab403dfd6093133fab3131c04f231968159363ec16befd1514a1a7e9ebf69b3f08c622c6a709b6e875c128af715e01 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 6984d9f37d18a16f1b7de36e54e2f6aa |
| SHA1 | add9c0ec5fe6cdd65529c89df77d7ec77aba560f |
| SHA256 | a5de7345abe7eba77fc68b52f21b2afc8323fd279ecc5372552d532fa2ecb923 |
| SHA512 | 3fa517f44630e1dde1a7fe093dc1b1e72c7e3e98d208a4c3e08eb9f68176b608deeee213cee8bdd83f7b2fc6c984d5868bc60e34797fade546f08363d188ce79 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | dbcb79f666e13c0e173a0179bc7dfcad |
| SHA1 | 8ffbee475e6bdca0eb39d7e93aeb0002ea3e1531 |
| SHA256 | f2abb95093b6d25dff1d6924376c1a394ae4b18744d0b1ba85a37d305e1fa985 |
| SHA512 | 4a9105d6921cf0bc59017667e66b1d0167e1a978f84ce002717b99414c73296136447e47284973a0146a2adb898c2b43da7ad512b1ec4da5e639d883976df466 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 6b85d318ad4d442f5eb14864bd368ffd |
| SHA1 | e2ca5a12d5ce11b70795cc0b65489d8c84799261 |
| SHA256 | ba9aa57cc559caa7547e080e84320a8a00b0b815332f37e2c9879dc288ff400d |
| SHA512 | 3017c1fa9ac685a49f5590eaaeec7f295aa1ba2b63673a36abced587d17d8ce15d2cd8740bd9b28c0352f5852128fe38cabcfc4145bf32a204d0ec3e655f2030 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 8eee0336d1adc1c4611c3436de321c77 |
| SHA1 | 2d99ddb44301cf6962d8f9be4f7a59cbf30b9f5c |
| SHA256 | 66ebdd64d086a6350e8d00fbaee8c1fcaa0eec5e9b0d8f4bcaced9d527887ccf |
| SHA512 | 6744ee772458f4d1bbff93bf469da529c3056ffc463c0435e6b62994b0250032c1a3f44aea1443d6f2246266ec8b62ce8c052f4dfd6da4585eb041a4aabc1557 |