Analysis Overview
SHA256
64c656e3cf54fdeea70886986566a075a8b606f1847100e124923bd9523fc81e
Threat Level: Known bad
The file 6e05250bc7aace279d2cdfb0f61b7f27_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
SocGholish
Browser Information Discovery
System Location Discovery: System Language Discovery
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
Enumerates system info in registry
Modifies Internet Explorer settings
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-23 08:53
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-23 08:53
Reported
2024-10-23 08:56
Platform
win7-20240903-en
Max time kernel
133s
Max time network
141s
Command Line
Signatures
SocGholish
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d793ad506ece624c80bd99362738d9070000000002000000000010660000000100002000000086818b3f633d43cffc4f36423cfea695e2b6f8d1eae364b51fec3ca864125cf2000000000e8000000002000020000000df62ff87ba7e8d705d6923f8cb71d2281ca31becc80826bf9e3f998282b528a290000000b393eec29c876100b930368043f69222d98c7b8d88e6dd1c0fe62b25b0067602d4685aa2f2051962fdb3115c43bab59bd565b082b109b8470a1d18b697d9f1f91f3f0bebcf7fba6bbab0b67fcf35bfc5b6292863c308f1a1a723c9e50d2a003d3f12d596b4b5df63af9a6d234209798dcd0a3a7a20399276ee5dba33204c667f1847a34a93626c27f1be731cd6d59f1240000000003b1baa807631a03e5f96c9a2455054c91a1d3ca2560a6ac2551701811a575664e65c23bc00fb0a2057730239329104a950a95c2e0c623abc77bb501680b55f | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d793ad506ece624c80bd99362738d9070000000002000000000010660000000100002000000083fed1bdbf4d292ee39aab4626295022ae67b07eb7ca20922c90a151891d6917000000000e8000000002000020000000aec874b32b975e3f8b9adbbbe43aaf0ab21d8f4ac664e1851ed1bd94f331371c20000000af61e8f3ab65158272ae2a4fbe63311355a8d4a6009dc31905e3682346e88ad5400000001f108e28f38b1c6c670d79793df222063a52fa3637533c4e34b634a027a5c7bd1aecc8fef58cee6157d250943cf2b9bdee62a68f190df6e154967c710d589146 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4FA41D51-911C-11EF-9F30-7694D31B45CA} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30ce4f272925db01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "435835493" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2084 wrote to memory of 2272 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2084 wrote to memory of 2272 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2084 wrote to memory of 2272 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2084 wrote to memory of 2272 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\6e05250bc7aace279d2cdfb0f61b7f27_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2084 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| US | 8.8.8.8:53 | flowviolento.com | udp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| US | 8.8.8.8:53 | m1.webstats.motigo.com | udp |
| GB | 146.75.72.157:443 | platform.twitter.com | tcp |
| GB | 146.75.72.157:443 | platform.twitter.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| GB | 172.217.16.226:80 | pagead2.googlesyndication.com | tcp |
| GB | 172.217.16.226:80 | pagead2.googlesyndication.com | tcp |
| GB | 146.75.72.157:443 | platform.twitter.com | tcp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 142.250.179.238:443 | apis.google.com | tcp |
| GB | 142.250.179.238:443 | apis.google.com | tcp |
| GB | 163.70.147.35:80 | www.facebook.com | tcp |
| GB | 163.70.147.35:80 | www.facebook.com | tcp |
| GB | 163.70.147.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | widgets.amung.us | udp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| US | 104.22.75.171:80 | widgets.amung.us | tcp |
| US | 104.22.75.171:80 | widgets.amung.us | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| BE | 64.233.184.84:443 | accounts.google.com | tcp |
| BE | 64.233.184.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 216.58.204.67:443 | ssl.gstatic.com | tcp |
| GB | 216.58.204.67:443 | ssl.gstatic.com | tcp |
| US | 8.8.8.8:53 | crl.microsoft.com | udp |
| GB | 2.18.190.80:80 | crl.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| BE | 64.233.184.84:443 | accounts.google.com | tcp |
| BE | 64.233.184.84:443 | accounts.google.com | tcp |
| BE | 64.233.184.84:443 | accounts.google.com | tcp |
| BE | 64.233.184.84:443 | accounts.google.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\CabB9C0.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarBA30.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0a61a44e17ecbbab4f1476b0c436c8cc |
| SHA1 | 105ebfe119e1fe499546aa97e28dfa9e92a9da74 |
| SHA256 | d15e76be1614d2b75361366b5d4d581d2a76db5bcf4a1e1f4cb754f4aad271af |
| SHA512 | 619477d706d87b0e65d72f03477a8bb967361700ec001bcce6b5482a47e4ae4f249e236b1bef605703d733c30b07fd838939033ce6ebe7d6f6c0e855f7684a89 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5a97b2087820d84880683c2aabffe775 |
| SHA1 | e22e4137e9e97d002d205321fa3d4928fc451ca9 |
| SHA256 | e15435f279f9a97640fe53d4fbd7fd10227cf43710b55096faf15d056530a251 |
| SHA512 | 9be05f39a7d2853835acc31c7fe91f209a687d2badac11c6d6a3a70b0b1bc449fcb410cb3579fe2847137a6da31e42b84fd1b8a382164fdd291bf96804246508 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e99b754276c35903288f585de6fcf791 |
| SHA1 | 3b9572a6e945488c1d9c16b981a015454d422f12 |
| SHA256 | 1061ad12bff1e2424414bdd6e1d57eade615b0b95f49c7148a208726a5b00766 |
| SHA512 | 262e4b0c21bb1de11a315b6b2c8a73796df2dd94f5c8f6e445fe8a8386fc4dbc2d1517951edc9738a86e51d2dcb1854e49ab225c34dab784c6b579b0fe0e61d7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 524d2f19fed470a62e61077f841c032d |
| SHA1 | 4125f3e1e1257a8477be49645bd247b5de063b9c |
| SHA256 | a430f39cef33c5fbd2df4ea185e75cc658f9830f428a8b9384b36d177f22a1ce |
| SHA512 | 55839d01c32946db2a4b1b7469b24afbfd31b1c2370e79d4d925093297259baace7e4118348efe2a3afccfd1d90b0373512e8c87d14af7387c9002edbfea62a1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0c6f42e4841e887845b1d30d7023177f |
| SHA1 | c35a46501b16600b446c2aaf02f93b7a18d05e96 |
| SHA256 | 835d478d8abef8fd5f59348ddd948b2be5fc30d13297f7d9d47801064d99a3a8 |
| SHA512 | 6e8816862539b5d5ccb258b705e0d0533a8c0560e57e966c14615b7e3a33413b9b672a2d72035abe885c322b5c9b0584222ea27660765fbb4865982617535321 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9fa929b10f325bd94f8c4b0251b443ca |
| SHA1 | 11ebc14ea678f93a83ddf0105e40d41b1b6b5e3c |
| SHA256 | ab1fdb1a4ef099a65f0bf2c7894abd4b3902177b55dbb1ffb7a5323042bac006 |
| SHA512 | 95f002a894a6e27b9b36b67c3fd15aca6b90cbf9a680d3fc98b80239ee2d69e0b04ed99f1418eb8d0e70962a5b135cae1f89fbce8edf265386c17ff2600c3b4a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4e000b1f4565a1fd79deb2130d92454c |
| SHA1 | 5e1126c3938b71b76d362b6daff1590049204d08 |
| SHA256 | fcd0ff057c0ece439fc77e8f429dcb52ddb4396c8d30baff1fcacc52d8f81237 |
| SHA512 | 59c7e8f65231d50f7ca9c88b6f14521a9d0c7166f1b4b99a28f3d89b34fa474b74d8f66abe341b534844391d1c9ebde086d79a671b8c23c27bff14961abebe25 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f4c06770d5e989b2cc1747812ecc309d |
| SHA1 | c7d22edc6ba9127d99ef080210902bf3eead59c2 |
| SHA256 | 057af388d9aeeb0e917b25f663930d48a929824f19e4a24d34daf1af3ccbf66d |
| SHA512 | 6c86b4624264d582688d6991ef33e402262acaa3a3a70f487bc6e50baaed8591d1f36719a50830651d8ed39428e85b5cab258230b4c3c3ca4a28e48a1f17077b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4faf2165cb6c6acaffa6ded0f9a7bcb3 |
| SHA1 | 2b62088f62958d0d368133d9a0f7c3990e812262 |
| SHA256 | 03e291f35784bdf448bab44835df83630177a1e456c4012aa6d4c96497888fb4 |
| SHA512 | 3f168a1dbb1275c0ccbdc30ae93d23534d324eefdfe2c11093b462e8b4c1a51569d9c41ba5c7aba27f17ab14f3bbad6fc3d567cdf90244dad8068965471366a8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199
| MD5 | 3907c1a10970b192b5f70cf7e1193ce8 |
| SHA1 | 0e923c101ae19a0bbeee48c8790061a07c64188f |
| SHA256 | 440c87a9e0ff998ea0d9fdf90c4bc338d98798cc8d57ade04048938c2cb24362 |
| SHA512 | ec327e841032949a53a3cf4fcecfd796654cb3ebef7052c7213b0276fc066616a8d468d544531a1b0d100161f7f48ccdc45fe433e3279e52183427baddb10782 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q0WBLVJY\f[1].txt
| MD5 | 19c7c43e0a1378d2b13ac65c718b5084 |
| SHA1 | 61ccaacf6638abb2cd8bf2f973abed31ae8cdbd7 |
| SHA256 | e79846b9cf2617f274c1db5fffdf880a569685b3ffaa51e442b31c767abdda6c |
| SHA512 | 985bd7d09fe584da1fd091887fb29a5ff164fc033b1ff3b88ae9317aad4aff0dd3ca60a58315bdb9e3e9f8f2392b44951f29527ac3d59647e887061ba51313ed |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0I0VVMWQ\cb=gapi[1].js
| MD5 | 1d4cb29476060a1b3681fdb681200b11 |
| SHA1 | d541f88bf8d4fd98b9e0e723e050c47d4d32c18a |
| SHA256 | 5930e64b0cbf1dc5922f65060422fcf822870ac69439450ee3cb134365a51a82 |
| SHA512 | 85575c3656c8e0d70cbcdf76194e37dbe3f7bd4535221a8f51fb6b51266fd682809fa86bc556c27d127f713a6ff75290ae1fbdcd8e589211e1685f82b99d93cd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 79112fd0d5243be79349a71958be29da |
| SHA1 | b97d452dccc22832db11ba713048ef1dbcf2eb2a |
| SHA256 | 8f4d994002332a0605288b6b6981dab07a7c8bca73a0706d33250011f4d02961 |
| SHA512 | 12b8e993663a0477788c79ea82b785910658c3261687ae4b1e4a06455fc1e0d3c7fa940a4ef42a38e919d1583db89e1981a5415e1ca8b102a88a9ec303ffbd5a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 95f6b7fcf413f3145257bd9743c778ec |
| SHA1 | 34de33151ce83fb3cc30ff48cb2e394b971652b9 |
| SHA256 | 2cae01702b11c157e85b6aee5151f283e1d46c01ce8620188324c3609e766c26 |
| SHA512 | 655fe28c25ad5019a7a234064a4e36a3c18079c72d6c7e303a44e96b50bafa5a97007329933cbf288e570aa7240bdc18b56f6ad4f58db0c5c5265aafab91154b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 33e125c8ff3cc92f0af798030da88d6a |
| SHA1 | 06520705acaaf35ecc7abd2709c78471b432caa4 |
| SHA256 | cc98ae142f4a894721a0b654c99de6c07d3c785261b407d761c738d5371dd4a2 |
| SHA512 | 2551c3f6327c9f05fdb64d6750cfaae5d7a95553f3ffd8d4a523c2e18893053a0c13d2d58f42a62940f745d911ce6248ce7e757044738b48da4ffaf98c8a7000 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 39ed514be35953c17d799edee8cfafef |
| SHA1 | a1596ee7dbea1c24e4862ee5a9fc6d98ac431fad |
| SHA256 | cd998029fb262434b5552021a59dbc48bb1207972718fe3d6ccec355a63424e9 |
| SHA512 | ab1c0ae7d6a38525f65075c99fecb3bc61a629c9aa07e453276743b45dfae9f3aab9b51572c3fecef7dcc3d8268cea54468eb105d6b1db75a7c9c8acef876503 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c0c3289c1d67c597d5bc691683c3673f |
| SHA1 | 62842e20da5df5e2c00690f72c3868a4e96a07c1 |
| SHA256 | 840a88d281ff7c5fdc712de8562459c870bcb29139d44c07da6a0aad6dbca592 |
| SHA512 | 99c53fda8d43c454219cc64bea70425268f8f575223e0d34c730557fbbd8369159295ae7cf7793ce2d062b2ebb353987cc2c6a35778a5079a9742eaf61f7b80d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4a5046ae9e0e4cdf9a8632703e78f44e |
| SHA1 | 59e8168d15b9d04bb728ca3f34b318bc21ca43b3 |
| SHA256 | 8dbf1bafc98858180cc881c6111ed1941a0e04d19aa28d156ac8fa628aaedb48 |
| SHA512 | c44feec214608f84a24a90ab40e3a25eb94eef476a4150463ba5314ae502f8f5ae136b317182a8d426542fbcd370c47870bd21e58864c1c4cfd903722a4e3da7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fd13f96177f53a8625a57bdd59447c93 |
| SHA1 | 1602346386a5673b138de4f519032f3b08a50282 |
| SHA256 | 4a3c379fe2af07273f93f45d02aafff37dd553472b481b91f8ccb648a7e80443 |
| SHA512 | fd9c807c1268c7c504a1e7af1600dac294263518d30f597b1bbde2d16c4b08832ed69109691433d3f4a64e201a31b766038040fcad711806221234cfcd9297f1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b81632ffc25dcef7d69b4de5088cb0c0 |
| SHA1 | 09828e2c7c014a33b053da97da5ee36e0d666cd9 |
| SHA256 | 44145984e83b4552a179eba1fc628adcca378096df7d1df428da720f10d0985f |
| SHA512 | af1e44c2be7e04069cf9606a852abbf7517b6392959631702690a438f440659e514855dc86780cb88b7fb8cf1131deb3a2580f543dbc3dc4684587e883ce16ed |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 912a9fcc0fc364e959f6ce78e96f6ade |
| SHA1 | 93d42ab9636825bf0dee06c28f4d9a0d18be3336 |
| SHA256 | f0678293c8f20d04e155ff0d5cbb9c2ad8780e12f925e6ec5fe1fcfc7aed1155 |
| SHA512 | fb19e125e0a0efe23418effe23e78a72322670c99c773004bd75f8b5a42bf7e1068e37c3e3a3b4cd4575e045a72deddf440997b69675f0516ebb4bb6dd88318b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 101d06ce151fbda93f052201b6d74145 |
| SHA1 | 84514e04fef323e9e3de714a7907a9761391f8ab |
| SHA256 | d0e8d6e24d4153de86f0d57eebfa41f69d7a267e27b63509d3f382b8ad192992 |
| SHA512 | c9cc10e85e0db40616c0c2d43f48418dcf8d203d0f504f8cbfa6513bdb2de5e143e98702c73af3ee5b16ad45073c46bf27d591ee6030bac9e6aa5233ffbf422c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 047f7484a3b83062311b0ad11731a62c |
| SHA1 | dfc66fc6b050ed9c4d0ff590519183faed4c171c |
| SHA256 | 89fa8555a1d4437d1706aa09bc571dda35a21493ec04b07b649920756053ba05 |
| SHA512 | 2f4bf4efd4573dfaaf21d4d471cd598400dc73591289a53292044f4e639805d215443900f178691a06a7926a921da755bd3e80b28250628cb8b25b439ccdf370 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1ea076f443cd30c6a5b26e4e8f2fbf8b |
| SHA1 | a8985e26108cd483dc7cd033a86d9315d1f457f7 |
| SHA256 | 6ee3c29b8839fc18985de1f881b86492b8c66b6d7c1ac80c35ce9bc204c2f6e5 |
| SHA512 | 9d902cbef6e160ba8cc946ae6057b9e509e23f67b19d95f221a822727f11ba80b788203e4a174030ad656f617588e4e21a06195d7a272b77842205f8c745fb4c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | b2881e7308d3127f1222da26fc69dde5 |
| SHA1 | a84426df37e38f9dd58bc5a03b076d9fbc37a49b |
| SHA256 | d14bbc1f8356a84c674fd65320d3a903dc64f051637f5b31e1068f3216ce1974 |
| SHA512 | 7a777717fbe94a29efc1358a5cbb91de3fdd4715a27039e6b9eb7e431ca7aa884c3529aef4011b2b56f565c4b4d19131990f260947fa7cd839ea428ea855a817 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f05bbc23c3435a4442a6448f291b0093 |
| SHA1 | 51e809354946c65a0767592a57e3164e09698802 |
| SHA256 | 660359ee44d76f1812fc3e9e337f103146fa713ac98145b30054071070a7a716 |
| SHA512 | 14f77de2a97488cda9ec71d0f8473af4121af6b7e0fd7cb0a115c1ad9840c17544b8d3860a647625ca3685a3242c0ffc5141b6bd08ef25e8304f82423b4bcf36 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 42a2a862ac74ffd5979c368fa5a426ba |
| SHA1 | c23e630787f04255de88702bc172a25d696e2a8a |
| SHA256 | f6521459a934fe9702f9642a48f78340d52ff6fa3499138fad2c78978502fcb6 |
| SHA512 | 2e75954f14d6bc9dc091f7978bbbbfcc2d04aa5dedfc3ef6df6b41a5196cac158f059dd043b6ff5a97c56e9ed8cee6453f376b04376bdafabe26b78a2d05f873 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7cbd56e8a6ca1ef4e67369c02913e364 |
| SHA1 | b8c2ef176457ff0c00a138934b49a95d39120158 |
| SHA256 | 8fa9e3c381c0f5598312c4887140e587bf81631c1920aed3179561945f3c29b1 |
| SHA512 | 9361785a9c784fb1cee117e33bb346484cde47ae15676d8550efc5317edc028307544574da4ba5c02c0926f127fa767a1491b2791fa4d37d323377bd45303800 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 36f5f81836de814e0541757c43c8ee2c |
| SHA1 | 73257259beefaafcda6bb849664406a2cc89a911 |
| SHA256 | dc713b6a76bc0cb7f643e38f72354dec32f74ac99a3d25fc06e52f759f97559a |
| SHA512 | 802ab961db70b45629d0611382b1cf0d1bd4d0376d800c2f5e93717d33417875ad0c0dacb8e10918dd101ec546b4dd9387bb764eb2904ed3764a0631548953af |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 61a77da4587d749cc1059e13e6933d3a |
| SHA1 | 203e47b80f1f8c0a84ccae2de83b69c11e20bbb9 |
| SHA256 | 2d8b5668e898a43652839b522b549dc5952d9b0b4299894cb2b63f373b771d24 |
| SHA512 | af9073ef26d17327bf31d761bf2f6eb67442ae03d6ef7145d55efc3cf195cf5ffb481c7a2ea64accf273856d78791e9127d71e7723d0b61b9b88a43221bc91a0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 7afdf0b3875fbcd7fcd5963bebae162c |
| SHA1 | 0e16d0ee8f9930e039ff39b25e640f55b4a07b0b |
| SHA256 | a5c097dbc98bd33a91e43e035d72c35baabdd94d332718a588dc60889696fdb5 |
| SHA512 | 1a27396caf3bcb225948bdfa40aad7718a85fff5f9533a47f26bb7f0c82974d60081bec885ffdcb3046ce80789a7234cef022a52e552602cdc14faf7d20868ef |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f572f2f133cdc4788ed2140a23b9c346 |
| SHA1 | 9c02066f93646972dc0d1beb4d4f8dd0d2e6cf1f |
| SHA256 | bee9f0f894a3f4d9c18705be910f53d150a748c6ab7be5f850f237dfe8b8190f |
| SHA512 | 89fdcf56dc8785c6cf0f393fdfd8c7c187f4865ec51ad5499a3043a9142b837aed34f6f01683808fdb2edd2bd484a698125f6f14db129f8d7cb827411a2348aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7ca52dfced264b4cc82f1e0298453861 |
| SHA1 | f02499a7993c094ab89d7779386fac75aae09324 |
| SHA256 | 805b6d8b5dcfa686cdd550014f3cbc9e22a141938de5581794b38113fb96ad0a |
| SHA512 | 0ab3137932a62dbc001b2c33e49369e9bf907b34f4a0944c1cf95d58ecf4d7877f063e4ea517a1459d5196dac9d8c29f1201549829ae5890018dadd6da015a73 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | db31e8ed3be6b9ed982d70c4db352fe8 |
| SHA1 | 2012bd23dc6979c6d2999c8cb0b67c7a2b7c3173 |
| SHA256 | 4faafc33ef35653858439167ef80f73716fee7e565f880b532620de4c60ecee5 |
| SHA512 | e472a1cf5eca61ccc84735c9dbc70e8f42489516d0e634d45f39918ea541cbccac00c8d58b1bbc70fd5e59b7d65aaa288310e3b61470d60aee3ab748aabbc5a9 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CXRG2YQS\2254111616-postmessagerelay[1].js
| MD5 | c264799bac4a96a4cd63eb09f0476a74 |
| SHA1 | d8a1077bf625dac9611a37bfb4e6c0cd07978f4c |
| SHA256 | 17dce4003e6a3d958bb8307bffa9c195694881f549943a7bdb2769b082f9326d |
| SHA512 | 6acd83dfd3db93f1f999d524b8828b64c8c0731567c3c0b8a77c6ddcf03d0e74ee20d23171e6ceac0c9f099dce03f8e5d68e78c374da2c055973f6ac2db4e4f9 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0I0VVMWQ\rpc_shindig_random[1].js
| MD5 | 70116351ebc507731f11cfb8653f69bf |
| SHA1 | 667d48cd3c244c41a84302056e5b14140045acd3 |
| SHA256 | e3fff060584ca9c8eb12a6925252c8c6333622f4e6aeae8417449bf0ae355020 |
| SHA512 | a69875a52b635e7a561cfe2c7f4639bc122be434989dd39b37ab8dda08b49aa4bfd681c572628e9dc056c69808d0a03e2c6b4fef88db20a59ca73f097870aee9 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-23 08:53
Reported
2024-10-23 08:56
Platform
win10v2004-20241007-en
Max time kernel
146s
Max time network
144s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6e05250bc7aace279d2cdfb0f61b7f27_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe57b046f8,0x7ffe57b04708,0x7ffe57b04718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,93213902545015974,6405654343116456069,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,93213902545015974,6405654343116456069,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2344 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,93213902545015974,6405654343116456069,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2604 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,93213902545015974,6405654343116456069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,93213902545015974,6405654343116456069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,93213902545015974,6405654343116456069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4632 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,93213902545015974,6405654343116456069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,93213902545015974,6405654343116456069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4820 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,93213902545015974,6405654343116456069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,93213902545015974,6405654343116456069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,93213902545015974,6405654343116456069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1320 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,93213902545015974,6405654343116456069,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5696 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,93213902545015974,6405654343116456069,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5696 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,93213902545015974,6405654343116456069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,93213902545015974,6405654343116456069,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6196 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,93213902545015974,6405654343116456069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7108 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,93213902545015974,6405654343116456069,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7072 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,93213902545015974,6405654343116456069,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5096 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | flowviolento.com | udp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| GB | 151.101.188.157:443 | platform.twitter.com | tcp |
| GB | 142.250.187.194:80 | pagead2.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| US | 8.8.8.8:53 | m1.webstats.motigo.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 163.70.147.35:80 | www.facebook.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| GB | 142.250.179.238:443 | apis.google.com | tcp |
| GB | 163.70.147.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 146.75.72.157:445 | platform.twitter.com | tcp |
| GB | 163.70.147.35:445 | www.facebook.com | tcp |
| GB | 142.250.179.238:443 | apis.google.com | udp |
| US | 8.8.8.8:53 | 16.43.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.188.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.147.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| GB | 142.250.200.46:80 | developers.google.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| BE | 64.233.184.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 216.58.204.67:443 | ssl.gstatic.com | tcp |
| US | 8.8.8.8:53 | widgets.amung.us | udp |
| GB | 142.250.200.46:443 | developers.google.com | tcp |
| US | 104.22.74.171:80 | widgets.amung.us | tcp |
| US | 8.8.8.8:53 | syndication.twitter.com | udp |
| US | 104.244.42.200:443 | syndication.twitter.com | tcp |
| US | 8.8.8.8:53 | 30.179.139.118.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.184.233.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.74.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | t.dtscout.com | udp |
| US | 141.101.120.11:443 | t.dtscout.com | tcp |
| GB | 151.101.188.157:139 | platform.twitter.com | tcp |
| US | 8.8.8.8:53 | twitter.com | udp |
| US | 8.8.8.8:53 | 11.120.101.141.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | whos.amung.us | udp |
| US | 172.67.8.141:445 | whos.amung.us | tcp |
| US | 104.22.75.171:445 | whos.amung.us | tcp |
| US | 104.22.74.171:445 | whos.amung.us | tcp |
| US | 8.8.8.8:53 | whos.amung.us | udp |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ep1.adtrafficquality.google | udp |
| GB | 172.217.169.34:443 | ep1.adtrafficquality.google | tcp |
| US | 8.8.8.8:53 | ep2.adtrafficquality.google | udp |
| GB | 142.250.200.1:443 | ep2.adtrafficquality.google | tcp |
| GB | 142.250.200.1:443 | ep2.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | 34.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.200.250.142.in-addr.arpa | udp |
| GB | 172.217.169.34:443 | ep1.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| BE | 64.233.184.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
| BE | 64.233.184.84:443 | accounts.google.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 36988ca14952e1848e81a959880ea217 |
| SHA1 | a0482ef725657760502c2d1a5abe0bb37aebaadb |
| SHA256 | d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6 |
| SHA512 | d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173 |
\??\pipe\LOCAL\crashpad_4128_GCPBVQKVNLILSYKO
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | fab8d8d865e33fe195732aa7dcb91c30 |
| SHA1 | 2637e832f38acc70af3e511f5eba80fbd7461f2c |
| SHA256 | 1b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea |
| SHA512 | 39a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\58624f23-ab1a-44e6-a71c-89d9c276e166.tmp
| MD5 | b736f5cd8f950b09e586502beff994f8 |
| SHA1 | 581c21c24453f516f4df2ead28b77470a0a54b5c |
| SHA256 | b11d5a6b32aa3c0a4430fe8c3a02f3f403e5482f9ad0d0ca70b8c77f87390a03 |
| SHA512 | cb5e9a01d2c68c49d9710700f30f987cf58008b13ab31052fb2f04383147d4b571824f6eb0303a6aa575a3182e6cd6ff0588dbf80befe69ccf674b92f5e1aefb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | a2a667be31dd9a2c98875919259e666b |
| SHA1 | 35429a2725c69bae62586427ad9612f84f2c7d84 |
| SHA256 | 976d36fd43ccf32ff4369ed98945798aa1549608b5d15d8c194a09c45d11fb58 |
| SHA512 | 12c9d679be906a1b490790832c687e9467553142c0fa37f29649f8cdb998d7ea7954819f744d443160a7b1daf5c8a9483ab974b2928d41f2ebf4c88c191967d4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7c1ded62bad23269b34c5f0e783aec57 |
| SHA1 | 11bcf7e213890521b88735e4464796e9da9139e5 |
| SHA256 | 9bebe0a2932f8bc598d744abd527e04b0404c2cc83e3269090207e8260532503 |
| SHA512 | 934a2a75d10b4b1786ff539445f63a6e1751b2670504e2b45ee14378d0865964e60d4b3118d91bd4d33e0119cec5fe9aee3b4f2b5e5053299b14d7c19fc78e80 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 8b2b62b02f5b033912e26cfeb693b7f6 |
| SHA1 | 4751ee3221d318cdd77b8803a2164df127ba4f8b |
| SHA256 | 54bab1ea3a69ad0d14304bec4952f01fbb51c1cb7d3430ad577d52a7730efb2e |
| SHA512 | 3a1cd3f4114a17f699a9b1c1c1f6a24f22319add1c4f741ddc842bc77d29fe10b77eba3b3f91c49471852d630d3d3b136cf65c975561db99f55d983bf51ca818 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007
| MD5 | 05197e9427acea2ac4dc812f97a8f078 |
| SHA1 | 3d2a38b79da52e57783360f195ac3e7c85edefd8 |
| SHA256 | 7bdfd36b4f017340dbc84a310014381bfd3028416ff21c54f7ce0a35cfd38191 |
| SHA512 | 084d4febc28358d3ba6b0bef400f637b7f350381b8b592b1e412dd860d5aaf034c03ecfa87a064cb19dd8a42faade23c260e35a8660791011b7e51b726418ead |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 11d5f76c2af4fbade29610c9ee13b0a0 |
| SHA1 | 175aedb4a58f072f614b5a5ba947944b338451a6 |
| SHA256 | 4289079b145c3610f95651b5469ea56ff760cf3be42b2b5bf5f0977e4e16fba1 |
| SHA512 | 1a03a6ae157cdcdce789efef7a0cb037ed21a8d15b5195ffd29101e1fe49e801321ca9cba85ab486f6c224b82af8f6cf9eea37e51b46a78a491cd59d39fc7036 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 490844676f004c0d3c8c7aeabcb75df2 |
| SHA1 | 88c0b1d7a20bdced9316da1a9e7bebf2f8cb3d3f |
| SHA256 | fa99ca3d4b177f807b97e5e42ce6028d3bd91f40e6c13cc824da01cc186b9470 |
| SHA512 | 924d448fe2618ea49c3d13a76d6b7ea9d295e4d5de83d5c586ff4246e456b0254d0fd9134e6261f51a6de00fac7018f5ff8c28de29bb7558fe67b05f8d11bc7f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 0e1c2aabd05872bac91abd33d4503fb5 |
| SHA1 | d1c6c4cb29dc5c92ea2bdde6b79c9f6a90986c80 |
| SHA256 | 338166b7cd7544004d91e02e3af826e8444da124b17b90352a29ac358e34ab32 |
| SHA512 | f4b682262311bf3a51ff3ab93b8cfa0097fb88c64ee2e0e8c63561970df1ce65af2f129a0adec605827b061e26529f7df1b5cd3f7972d6a0a9db5d641831be0b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 8b85e768fc9bebe216b771765c48d12c |
| SHA1 | 34cce5f27809d5e9c63248da2225b80cb268e81d |
| SHA256 | 87d987e9c0597a2e2efd257e91d215a97e22d58a9d69a5d7b949fdc73a39d54a |
| SHA512 | ba4d1ff445ab248ee69606fbb9ed4b535e7c5c8fd624cb4cd2a30bdf5c135c25f684b1ba0a49984186a883846e49c972f4d95d1fac58df8cae256acede3ba628 |