Analysis Overview
SHA256
a0ab8a0977fe2eed8ac1c329cf8dacddf4680b7922f359c8b5f88fe470f6951d
Threat Level: Known bad
The file 6e1712c3c51d69007da3414c47af15bd_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
SocGholish
System Location Discovery: System Language Discovery
Browser Information Discovery
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-23 09:10
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-23 09:10
Reported
2024-10-23 09:12
Platform
win7-20240903-en
Max time kernel
134s
Max time network
148s
Command Line
Signatures
SocGholish
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 404ca3a72b25db01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A01BA761-911E-11EF-A528-527E38F5B48B} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "435836487" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000045c0dde48c11474f81d9a2c02be4ea22000000000200000000001066000000010000200000008687d51ea9521d4d4c9c36268af547bc548e9a5c15bc7b11b42d3c40332ccc48000000000e80000000020000200000005ddccfb7e23b2cae173987bc4a8b411763a05590bf5f85b04e642ee0035f8ade200000006ef73a67e74b5238f27813761bc30867473dc33ff7f16bf3d2f3b0f49944e41f400000001fb3205be4e03296c8798e68ad62a346eb5788f69e34d1b674884ee44382f4017ca60fbf7889bd76add860b764b54bc14bd476f16044d4ff60f64ec95939cfe9 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000045c0dde48c11474f81d9a2c02be4ea220000000002000000000010660000000100002000000000418e7b0dc0b26078db62062546ec6311d14000979f1da5101b14b22307ec6b000000000e8000000002000020000000feb81cc4931c330908e7488e1a75c382b16cbdcdd9017bef80d65e0e1ded5517900000002e9067c0418133e46a09c328e019c25b6760572942b9550c81e9b9324af8e9fe1dc1d3081d10abd72d0b23a3a42c4e03634d65951e82d911f361a03f726bc3f0ea1b4c5c380094e682c2ed5baf30c9942316b037ab05e9fa551573f5721cb14ea856d78549a3cf65cf4d0fb46147eda9e352e09c3d19faef50972e39e34679c5c3cfc0f5dd999a8b3a3ae0f0ff488a44400000006b6cd585faaee61985702ef6f3d03f624e4e1a612eef4e36b155089f912d662f830a26b7ff44c34727fda46ff0b091e907153c78d336e369e281504a985e9ec4 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2096 wrote to memory of 3028 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2096 wrote to memory of 3028 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2096 wrote to memory of 3028 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2096 wrote to memory of 3028 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\6e1712c3c51d69007da3414c47af15bd_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2096 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | w.sharethis.com | udp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| US | 8.8.8.8:53 | geckoandfly.geckoandfly.netdna-cdn.com | udp |
| US | 8.8.8.8:53 | feeds.feedburner.com | udp |
| US | 8.8.8.8:53 | twitter-badges.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | www.statcounter.com | udp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| NL | 18.239.83.50:80 | w.sharethis.com | tcp |
| US | 52.217.197.129:80 | twitter-badges.s3.amazonaws.com | tcp |
| US | 52.217.197.129:80 | twitter-badges.s3.amazonaws.com | tcp |
| GB | 142.250.180.2:80 | pagead2.googlesyndication.com | tcp |
| GB | 142.250.180.2:80 | pagead2.googlesyndication.com | tcp |
| NL | 18.239.83.50:80 | w.sharethis.com | tcp |
| US | 104.20.95.138:80 | www.statcounter.com | tcp |
| US | 104.20.95.138:80 | www.statcounter.com | tcp |
| GB | 172.217.16.238:80 | feeds.feedburner.com | tcp |
| GB | 172.217.16.238:80 | feeds.feedburner.com | tcp |
| NL | 18.239.83.50:443 | w.sharethis.com | tcp |
| NL | 18.239.83.50:443 | w.sharethis.com | tcp |
| NL | 18.239.83.50:443 | w.sharethis.com | tcp |
| NL | 18.239.83.50:443 | w.sharethis.com | tcp |
| US | 8.8.8.8:53 | geckoandfly.geckoandfly.netdna-cdn.com | udp |
| US | 8.8.8.8:53 | geckoandfly.geckoandfly.netdna-cdn.com | udp |
| US | 8.8.8.8:53 | geckoandfly.geckoandfly.netdna-cdn.com | udp |
| US | 8.8.8.8:53 | geckoandfly.geckoandfly.netdna-cdn.com | udp |
| US | 8.8.8.8:53 | geckoandfly.geckoandfly.netdna-cdn.com | udp |
| US | 8.8.8.8:53 | geckoandfly.geckoandfly.netdna-cdn.com | udp |
| US | 8.8.8.8:53 | geckoandfly.geckoandfly.netdna-cdn.com | udp |
| US | 8.8.8.8:53 | geckoandfly.geckoandfly.netdna-cdn.com | udp |
| US | 8.8.8.8:53 | geckoandfly.geckoandfly.netdna-cdn.com | udp |
| US | 8.8.8.8:53 | geckoandfly.geckoandfly.netdna-cdn.com | udp |
| US | 8.8.8.8:53 | geckoandfly.geckoandfly.netdna-cdn.com | udp |
| US | 8.8.8.8:53 | geckoandfly.geckoandfly.netdna-cdn.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | geckoandfly.geckoandfly.netdna-cdn.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | geckoandfly.geckoandfly.netdna-cdn.com | udp |
| US | 8.8.8.8:53 | geckoandfly.geckoandfly.netdna-cdn.com | udp |
| US | 8.8.8.8:53 | geckoandfly.geckoandfly.netdna-cdn.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 157.240.214.35:80 | www.facebook.com | tcp |
| GB | 157.240.214.35:80 | www.facebook.com | tcp |
| GB | 157.240.214.35:443 | www.facebook.com | tcp |
| GB | 142.250.178.14:80 | www.google-analytics.com | tcp |
| GB | 142.250.178.14:80 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | c.statcounter.com | udp |
| US | 104.20.94.138:443 | c.statcounter.com | tcp |
| US | 104.20.94.138:443 | c.statcounter.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| US | 104.20.94.138:443 | c.statcounter.com | tcp |
| US | 8.8.8.8:53 | crl.microsoft.com | udp |
| GB | 2.18.190.80:80 | crl.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab74D4.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar7573.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b8b028e7ab30eed88dee155a0beb9419 |
| SHA1 | 129c2d9f0f4fdafd805f469e4ce06e42b532fb20 |
| SHA256 | c799e118b9f7e7951aae7afaf7b6ec48ac4a9c00a1c54a60ed59b50396211c1a |
| SHA512 | 8c06cd924000034d4d628d5adf45c297ba763e5d1cf2b6c970fd7b3aac39fea830b13ebdae765df702442316eca77db02326315bae0f7700419269382c837f9d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 15930d469b2951429c9bf8ea32b29367 |
| SHA1 | 62ead730c21cf93f4a150ce8fd29e1f61cb3369c |
| SHA256 | dc968540306476d5d1bb8734288eb233b2950e001b03034c5a148be26c193394 |
| SHA512 | b9fc2142661c83d97fb540aae32c8ef8651c0241b1ab024dfe71fd18271d6289e46e8847fd981096832a93d3a26452b394db5c414995df3d70c94008d818be22 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d4040e38592ebdcae2100e425a473e4a |
| SHA1 | 40e71af06dc4e5fcbc89d70b30415c5b17454d36 |
| SHA256 | 7b33deaf24755bb168eed21971cb210066d31d60a2635977a31c44ec1d59d977 |
| SHA512 | b6ad07e75cde26f872646fb0dfa7a3b9c6405a2cbcdc607818e194f814cd73198750f306b47bcf8ff624f6dd1966e4c00bb28f46c358e0cfd16db7db0092a768 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1fe03e4531f4629a9d148b127173a2e1 |
| SHA1 | 773cb604141bb5650598d8316a204dc78a785cde |
| SHA256 | 9c2ff53c540e3d308e33d7c4acc528d4e6f2d129a2026fc90a0e395cf71472c5 |
| SHA512 | 6a1f62273930c98d3c49bc2f0450e277b5f0868598ecf26fcb0a840fdcb3b8b40bfbccb72db65ed7396299e2fe3878b70f4b66970c27677945f66176038b5c60 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 48b18057883738dad3c82c570a8d77da |
| SHA1 | cec101ad97749499f93da31ca2dc884ff570ecfe |
| SHA256 | f21e77a65326870cd09a2bf4e6029fac311feabf436acde5f0568853ec341723 |
| SHA512 | aa8cf3d367a236c15571ba35a360bc1dd9ad17b9240c99e50f481dd5cc92326ce6d7164a4a715d72a6db3c605b7bd2c35c718b7de0eb5cdd0b490be87f4e6aae |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b24c7bbeb12def52562a64be8ab0312a |
| SHA1 | d688957ddc65ee56c1607cda959acaf99c3cd9ff |
| SHA256 | 7536b83d5c7fa9d6e75f066da8927a2582fa4d609f849b1a27dc9fc922b050ac |
| SHA512 | d0a40f562b281010eb50e38cd00f7c3f1e222e1918de1dc3910f2e22ea92ec191c59598035233eaccf2b2d81b503e023fc333f65336c9c9f598eb4cf3c10eb5d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cdecea7193c50573321fba9513968d5e |
| SHA1 | 7d982f7bba152f7fb1776ac74aa59f65de4feaee |
| SHA256 | 8925fc8bc8bb3158382ee7dce9fa4e5218d4f62c7ed1e5b931bbff479b9437d4 |
| SHA512 | a0f37d8f4e2c1f7904f59f65bd791f286ee230595aa0acb87f4b8bc93cbb7972736e38bb31dad74057ea3da55a5c9fe71b12800c3c5a1e110defd0d64d908960 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 580323448a4e77e592fb36069c99dfdf |
| SHA1 | b601d86ce665c9437d5555e054862663c4b2c786 |
| SHA256 | c21e665385b9cafb97ddc61803052e656bba09353dbf2864631428efe62b34bd |
| SHA512 | a4f5ee7afcb4ac54f1c70f1a11b15b67b92b5c8a85d393f6750f19f8b74dcc66336f546e4f50f35a60bb482e6de9e2a52b17379921d41c502db784ea4bfe4f94 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bf90a67876cee839d0eb2828535ed0bc |
| SHA1 | f46b864ce9baeeab4bff69412e9409ff765c79ee |
| SHA256 | b340767f67e1a079a76d2a8f571b2744b6afd280adbfaa33493c81702f14d6c2 |
| SHA512 | 7798750f7a95225c6e4c414dbf2cc1a887cae66915937373ae88d7d96fdffa629a991638756cba384a194c4a618013e05194e497688e4b37c501fc315849b937 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DJB1KT77\f[1].txt
| MD5 | 19c7c43e0a1378d2b13ac65c718b5084 |
| SHA1 | 61ccaacf6638abb2cd8bf2f973abed31ae8cdbd7 |
| SHA256 | e79846b9cf2617f274c1db5fffdf880a569685b3ffaa51e442b31c767abdda6c |
| SHA512 | 985bd7d09fe584da1fd091887fb29a5ff164fc033b1ff3b88ae9317aad4aff0dd3ca60a58315bdb9e3e9f8f2392b44951f29527ac3d59647e887061ba51313ed |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4f7223500bec50c646efbefa229becce |
| SHA1 | 25c8c74effc7c58b2675e3482b7d14e9cba31a99 |
| SHA256 | be55027d132d0ade5c274278b19915b66ef2fc5cc54ce58462d66114a0b3cf13 |
| SHA512 | 0dd15d784c94701d3e9ff3349809006926ac8d834726cfeefe6e9b0ba37148a1510e39bacb70fe0895274ed52f64910dfd99801fa498cf464da5e078713afe5f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9297e7bab27655b20f9544e75b4b9bad |
| SHA1 | 4938d571b2a15722961417b60785733c7a0235be |
| SHA256 | d461ecc2585b5582a10658287a74c435c33f5670c797ce7c0821ea83af44786e |
| SHA512 | 3bed6e14e7cd8120f542df4e169b6e195a101506513e6811db14a4ebfe44f504cda90f36810750e52ebd091ebe174b4b2f6d234c766af46cd01ebf98de23cee5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 514fcea5aa922cd6a776895e7c3c3456 |
| SHA1 | 6a64bc9ea625a3e64f421c4a10e8db065e7c5d28 |
| SHA256 | 7285df5c5fee37fb1c01df215667acf34af1323fe52636e8932ddd40e133daf0 |
| SHA512 | 0b33f40f6aea57018884ae35d3d86ea7693d20730f1682424256980545c908dc4b591d3a15ce1c40cde6746818809ff049b767358cd62c0fb150d25bc384fc97 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5b00b20a0b61c4c366330f7fc43e7fd0 |
| SHA1 | 0e73c1567153c56a0fa7a04ff3e6b85d2a84e91e |
| SHA256 | ed4b08a5f3d3ef696fb8c1af5a99c5c70aebfcedac504f47114e1db5e292e36c |
| SHA512 | a629e32698cfdce3002c9f1c154100c919bc004fc41041de874cd9d5f35385f782447421ec2259ea1670897992986b980723b8c0da3121ece8714b9cffcaf00e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6b81c79154a46efba820fcd556575ff1 |
| SHA1 | 1f0867367e4352f6cbaa4cefea70285e6bd8e468 |
| SHA256 | 872014ea1addddb5ec0c16d9e60f6e6cdf2ac5dc4168cb0f0522b15a702c4a88 |
| SHA512 | 0eb848db66b75967328143e0dc909b62fbe6bc08891186b9ab267e73d7346972eddf2d951ae644d25a6727cc506a1e692468df9bd72c5d90379543fb82e0594b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 256ba209ac40b57d42ce3bb9e527772b |
| SHA1 | f8818042c7470475932d93ddfc23cd8845d7d69c |
| SHA256 | d42be35753cc98a02a1ac479d02159b994ff09099f13e474c2e879d2d4602d0e |
| SHA512 | 527be73503a091628dcbafcae9953da6faf63de0236a4559d1ae18033e7836252c959f43d9788ff8b1708c0cc22758d9a8fefeb5aabe75d81e1d271c72710702 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d203e5fd84c6ad35af6f7859d362a055 |
| SHA1 | 05a392ed1717624bd1b002d784bb2a7172613be0 |
| SHA256 | efc0b27c79be2076d8af9db5ab5cbde1d2e1b42add8e7f08ddfbb2aa55cdb330 |
| SHA512 | b76ac21c94af7c8755ad0b5f7bcbdb2c83c6db5cd7b473aa09ae9a4a049d5ed617791c3411653d9e3f3b7d08d36b1e83f06fc37322deaccc71b9c0f7e3af997a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | da02dec9ec858afce89aa933d74cf422 |
| SHA1 | dd227fd64ce1c1c234f7e75293b21cba12d8e27e |
| SHA256 | 7831c3f7f07ee1b35464b4b510c0a8262591ec90314edbcf64c51731fe604143 |
| SHA512 | 26fa2f062d9830922759059866e8e7b0cdafa6cdff11c3b2b3d52f4cb013510697f56fde6e3e3fa93f852b548155c0946e45b4d9acc94a561067f8a9696e8189 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a21c2583e9bdcc2010edb599f0bb3cbb |
| SHA1 | 61b66b1ac5fefacf622e316f23f4ac4688649456 |
| SHA256 | 0aa8620d71beb36c52c6d4bf88f5c8c516620651cbf4ea68054276eb7d4b2976 |
| SHA512 | 5beac1e632355e00175a3dfa0cb547e60fd628298650e151cc9a05d3e36ff33b9ce2261f91d548c742b60b173335ae243c050ba052290acd7e9ff8d7a97120bb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a14b2e639ab4730464ead1ee29aabe4b |
| SHA1 | 8cb199378a4e97134d08d77a59bfe2784c761c68 |
| SHA256 | 0a2ba4815fd516fc9ed2edec4ea3d22f9e023b10409edeac296db53033d7e0e0 |
| SHA512 | f6e567a4ead9271db58d253fe4e8517d393cda13f01ecbb294be2951a91213262f82a0399db38cb7a3ed93517ddea3723a1efc34887b423a6d84aad4a521d436 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bd3e1667b6fb7d73a0402daa03b46401 |
| SHA1 | d2a123a10ff2e2b0af4e2f6c1bcd8e6003d07418 |
| SHA256 | cd01546db7f6b8f4c08a09a3877703c61c6fbca509784aecd4b7bc3617593059 |
| SHA512 | 2ea61c8aa3c4214f2aee3a44ae8f9e87e965e3739dcaed7bd850221b875aa3081aef4f2c60b71277eec733084f9c79679d269f3d17d5640845df3d81f3cab950 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cbe974de7cf342ea4752f7e5f2ae7521 |
| SHA1 | f0c9dbbd5ee1f059f0fbe42f78efe8600edf1604 |
| SHA256 | 1eb093466a83040add6af61a5ffd5bbe8817d9e9d3b3907371a0705d87b56290 |
| SHA512 | ef6d9179a2758d5a78e670ea24a48d0547d3665d28d43743eaea10793c1db5c848a57fcdc9837f095e4adacf27f3f9f0e716d66a085d1e9dc5e275d9850a00ab |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | da36d04b2a2dfe1c2c5739c504726c5a |
| SHA1 | 79375a2cfe63186f9d2a464dbc03b33c0de69fac |
| SHA256 | 576c0d716820fa759caf91eaea1edd3280d82babdf5b7644d19e040a84acb915 |
| SHA512 | 05cc5e6a2e52cc63034a143eb68e87a41abbf5c93290af3ca2759794c762a64cd5a30f07699b5f4b4e0bb93dc91b5adc3c2c91c78aee91bf968998d60736ffbd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0bd16ad43585fc0692ba4a6dbe63991d |
| SHA1 | ca62ae65e432d3fba5e1867ed0faa6e94434388e |
| SHA256 | 96295f95eb32a68ef8c9f16f22a8f1136b9135f9ca561a8b069aff73bce7da03 |
| SHA512 | 0b2603ec18bb27c9e62326ee04e4d8ec3b49747ad1c53c0c2711d10a9a015d8274c9439c6624c0553008dc1403dd10d6bbea1a68ec6fe5bdc4bed5a6386760ad |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ab97480076bff099dafcaa36314c8b8c |
| SHA1 | a96dac403f7f86fc1723f6c85ed2a4a3524c20eb |
| SHA256 | b67fd73560fe8c0b86b33b78cc8103508608fed9cf14fb6c4e72de178d34f143 |
| SHA512 | 85e4fd5d12372e01d788d3d951e2c4cf5318d3cfba1b4f70786fd995935955839e228bee02c4c664edeeb176d0f5fe13e6c43c507fc5b8d4f1092981acf3c56c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 677aef94683a6a5c7002c81afa322339 |
| SHA1 | 8bc69e295962a3eccb82a5d1161732879ba1e9ab |
| SHA256 | fbc6f9f9c412be23f7e06a880ef25f4e404a569f3e86c77431bc220f48b6ac66 |
| SHA512 | 454b73879a3d398a8f5ff2eda1f17223aeca43fc3b5b6940a6c6e4ae6bea8f0cba6b8627977cf041491f13e5071e91cb993fd5ef67fd9a80b27c535c28a77093 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2d1a87d1253b2b033ccdb5a48b2c0f71 |
| SHA1 | c284565b74970b8680aca2e5a48c7c6fdf64884f |
| SHA256 | 285064df88e601bb5072392217147a36c229be1b78220b016239aaf012dfa398 |
| SHA512 | 85e30cc9e654ad70db5a56ed2728bad0bfeb19f05d672581279da8c54ac9b08b42112ca70fe720862fb26842d31a25c0d95f9b80854d263e3942fe887b85574a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 58edca89a95d43bcf07bbe1c0b7ae6ca |
| SHA1 | 91ec3c68f2a734347236daf2d103e19db9751d6f |
| SHA256 | 287c1c09c27b3590996aa0ba75d6b296498ddf7048d21e54a26cf1c79a785170 |
| SHA512 | 8ddbdf4d324495ef078c16434902c0830ca0a913751b6f95da9e323b6747de8eed1d9c1f9766a44441a812e8c5ce99fc095189eef89b7a225a2356411ae565d5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a37545f399b4ebdfd8bee0b5ae378f28 |
| SHA1 | d89085a51ca85c0084c3690698ffc30403e72325 |
| SHA256 | 44024e83f2665bc81216f06e54e9c66cdc5b6f6e8ed0079a9aa4504b4804ae1c |
| SHA512 | a468d12ca72ff5a57ea5bedf9b78b0df39a1f8125d7207cab2b4b7900a63e2bfb1bb661932057af059e1fc50a8d19bb1d591f5d454924fa0d1baf53af6539a61 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ab647050bf4aa538deb0c1a4c1f07a08 |
| SHA1 | e3626bcea417a7aaacaa6eb6505950b11d4f7095 |
| SHA256 | 6901902df57998a9bb35e686884a034a44eae0559b4a43e953b037735f76c25d |
| SHA512 | 8840a8548cfcb2d838da4491c99c3426587bcc3898572c547f4a56f87ea640d39d2a12af045e334dc948ba2820fd9ab1b67d8a42d4f8ae26ca8422e30727daab |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0f8b2d797a622b285c1322a4bb2b3284 |
| SHA1 | d4f11366bd9ee099a357ebbdb0c5e52b7bda3db6 |
| SHA256 | 918b960088fb7e950a2336df82227c55fd3083c28a3bdca40b6a26f02e9e3aca |
| SHA512 | e0773510b709bd01e68b67e7030808c65d95090940ac4ce6e1e10e747d7f6081971afedba7fed75c3d131d0184aa4b8d377aa6fe1b396852e44d418d5e2d6df9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 287691655903f8736324be4852f449dd |
| SHA1 | a8a3b7010f8d75ca00eccb367df51ea4fe824637 |
| SHA256 | 0bc11bd78b6c0393cc421075710d3eda5b7a061cf8572c38f219ffa7a71b137e |
| SHA512 | 0173180aa750ca6ed2c22110cb861e8b3459ccdc23e9e3edb92ab5b796bd669bc409905956b282a7ed4635b2ae5d6c47b4ef94c955a1c30d66f4f1404a3066a2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7496888061f832874a51ac2029112f2a |
| SHA1 | 6cc64c5af9ec15eba90d6e1692aa581f6f1ef4c8 |
| SHA256 | 8788ee6bbcb85c9a75ebed7df3fbbe9b0eaf61797780ab4fdbc7469a87a23043 |
| SHA512 | cea6bc4afbdb5f45ced4e2c0a9e6b9b5a9f5d9abb4fefc27ce0abf2a14ba6d7dee9f20fb299b7b0648cadb677e5a7fcc9b78595eb68918ca2e4af2f00498e1d2 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-23 09:10
Reported
2024-10-23 09:12
Platform
win10v2004-20241007-en
Max time kernel
148s
Max time network
150s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6e1712c3c51d69007da3414c47af15bd_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa3a5946f8,0x7ffa3a594708,0x7ffa3a594718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,8172730296892295714,15246252187098346705,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,8172730296892295714,15246252187098346705,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,8172730296892295714,15246252187098346705,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,8172730296892295714,15246252187098346705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,8172730296892295714,15246252187098346705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,8172730296892295714,15246252187098346705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4844 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,8172730296892295714,15246252187098346705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,8172730296892295714,15246252187098346705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,8172730296892295714,15246252187098346705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4148 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,8172730296892295714,15246252187098346705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,8172730296892295714,15246252187098346705,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3300 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,8172730296892295714,15246252187098346705,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3300 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,8172730296892295714,15246252187098346705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,8172730296892295714,15246252187098346705,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,8172730296892295714,15246252187098346705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,8172730296892295714,15246252187098346705,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,8172730296892295714,15246252187098346705,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2876 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | w.sharethis.com | udp |
| US | 8.8.8.8:53 | geckoandfly.geckoandfly.netdna-cdn.com | udp |
| GB | 216.58.204.66:80 | pagead2.googlesyndication.com | tcp |
| NL | 18.239.83.77:80 | w.sharethis.com | tcp |
| NL | 18.239.83.77:443 | w.sharethis.com | tcp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.83.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.39.65.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 157.240.214.35:80 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 8.8.8.8:53 | www.statcounter.com | udp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 8.8.8.8:53 | feeds.feedburner.com | udp |
| US | 8.8.8.8:53 | twitter-badges.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | ws.sharethis.com | udp |
| US | 8.8.8.8:53 | l.sharethis.com | udp |
| US | 104.20.94.138:80 | www.statcounter.com | tcp |
| GB | 157.240.214.35:443 | www.facebook.com | tcp |
| GB | 172.217.16.238:80 | feeds.feedburner.com | tcp |
| US | 52.217.136.9:80 | twitter-badges.s3.amazonaws.com | tcp |
| IE | 34.254.85.150:443 | l.sharethis.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| GB | 216.58.201.98:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 35.214.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.94.20.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.85.254.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.136.217.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.179.139.118.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | count-server.sharethis.com | udp |
| NL | 18.239.36.17:443 | count-server.sharethis.com | tcp |
| GB | 142.250.178.14:80 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | c.statcounter.com | udp |
| US | 104.20.94.138:443 | c.statcounter.com | tcp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 8.8.8.8:53 | ep1.adtrafficquality.google | udp |
| GB | 216.58.201.98:443 | ep1.adtrafficquality.google | tcp |
| US | 8.8.8.8:53 | 17.36.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | ep2.adtrafficquality.google | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| GB | 142.250.200.1:443 | ep2.adtrafficquality.google | tcp |
| GB | 142.250.200.1:443 | ep2.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | csi.gstatic.com | udp |
| US | 172.253.122.120:443 | csi.gstatic.com | tcp |
| US | 8.8.8.8:53 | 1.200.250.142.in-addr.arpa | udp |
| GB | 216.58.201.98:443 | ep1.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | 120.122.253.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f426165d1e5f7df1b7a3758c306cd4ae |
| SHA1 | 59ef728fbbb5c4197600f61daec48556fec651c1 |
| SHA256 | b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841 |
| SHA512 | 8d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6 |
\??\pipe\LOCAL\crashpad_2568_ORESCFLXHTQQVMPB
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6960857d16aadfa79d36df8ebbf0e423 |
| SHA1 | e1db43bd478274366621a8c6497e270d46c6ed4f |
| SHA256 | f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32 |
| SHA512 | 6deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 14c6cca89e65440d8486e1f24ecbea59 |
| SHA1 | 2c9a619f46c293880a2a7ecdc183a385d5133c82 |
| SHA256 | 778a54b53471fcb570e76a03242394a4b42e42b16c421fd6ac3bb83778b1d309 |
| SHA512 | 78d940b870c4a81c86bac8b42e9665515856d180ea0ea56212016913beb6f852ea25ad78308d53acf8fcb82a88140462697211a2bc0765755350697875a037d1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c0fb41122a07ca0fd336d89df0cc445b |
| SHA1 | 28ffe10965f4b48e62898b9cad7df677f99321f5 |
| SHA256 | fa40be115ceb4e014dc2360835bfea6ae74e55bc3aa0504567e5e3d2bb6255c3 |
| SHA512 | 5e500aadaf88fb0bb8d45d4c81ed78b8fb34955011fd38c721b0ff223d5d26a72c45cf5f4ccb665641c8b7cc41414747ae6690ddbe4d169e165c7884e46a36c8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 988556b5be54d017c168825fa19ad9de |
| SHA1 | 5ce91a2ace7396fdcfa72e4f8a47bcb5be7d809a |
| SHA256 | a2345832efb4eb5f9d3e9d6cb71f54871e1192555fa0387b54557251e53bda24 |
| SHA512 | 957144dfea4df54fe6c57fdb416014fb645298e515f635f51fb6b74da4251300a40078be7a7a0fbbc7d55ff1c84f61ab4fd95827cf79c837b312a9044c83350a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 0157887249b3ebe87257635e8fd35a41 |
| SHA1 | 3bcb1bc109b53bd12e7b657affe72a65a06c02c4 |
| SHA256 | 120c813d00f914472bcfec52eafed049faea2beb681170696536505669a1d90e |
| SHA512 | f91ea6983b9a11f9a56efd838dbea40d0842b4cbf9b25fe50db9d3b3e04cc92f99384f3004b967ca93970d07d6747942ab45c3f2083c72a4110d3b8822f2126f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 6aeed412bbca14251a5a54dc2056c18d |
| SHA1 | 54eee66fa377d2c189f88d9b14ab8137f31df02a |
| SHA256 | 3ca84869a9861c0ddd234a946702dcfb4d2c71553e7baecef2f8cd09c86d8b97 |
| SHA512 | 4a71554edaab7cd8326ff56310e44494d1fd50adfbc515eb8a7e4eaa9110191cfed32f32ea603609a10b5300c05d0601d3cb0777c84505027d51665e184f1557 |