Analysis Overview
SHA256
a5b6186415fc19274d86eb03f809f3621ac66d67a2993c728105310cd0245424
Threat Level: Known bad
The file 6e853e37292cc240b0e2d56d40789eb9_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
SocGholish
System Location Discovery: System Language Discovery
Browser Information Discovery
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: GetForegroundWindowSpam
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-23 10:54
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-23 10:54
Reported
2024-10-23 10:57
Platform
win7-20240903-en
Max time kernel
144s
Max time network
146s
Command Line
Signatures
SocGholish
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0cfa8143a25db01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "435842762" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3C4A2A41-912D-11EF-AD2E-6E295C7D81A3} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000303eef0e2cd1a9499efdd285a56ddc5000000000020000000000106600000001000020000000ebb2ccd815b0a28456a86cca5350f04f65d0813d4cbc556c22428bf56fd17527000000000e800000000200002000000082957c29cd47a49467e2f1c031e6ef654ec44ec6ce426a14717216ad7f1fd1772000000009abb5a52d4c445385c90a2c68a5913f5b543adc12ba316fc4d3ba604009d5e840000000a334a8516c93ef4bfe5f478a491162b2cad5b154d986774feb01b4878b4454fc57f71c0e3a47e44447efed94ed684bae239be22134ce36aeb43e39b74eeaf487 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000303eef0e2cd1a9499efdd285a56ddc5000000000020000000000106600000001000020000000411f0c296196509a10dec1214517a4f60f69b9986701480c4cc924fe35ca5393000000000e80000000020000200000008e2460270fc5b91456f53f214fecb170e3f745deb1cc1c8e5bea09bf4078ffe2900000004cd8df60837fc1e10309f748af2defecd09673a12dbe507d46c6173a50e72129da5165569c0f5a30dc7d2584739d898441263a7a8beded2090388615b182b07a0edb9ddd4c349a81368956a6fb93415c2b8ce2b23b2d7f15075b6b1e7d3cfda735374c3f4c32a1a75fa15d61702281bd3e4fadf8a14fce6149bac6a90b1584821fd4e5741f9c8332d93c452d100870bb40000000b6f01ee1a5e6d18832d1fd2d7e4c97b65ebf0b885067fa419ac872f4e9319e750af6c38762e30df6e8278c3e91c3e83fd6a2f752518125ba80c2666de02ff620 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2076 wrote to memory of 3024 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2076 wrote to memory of 3024 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2076 wrote to memory of 3024 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2076 wrote to memory of 3024 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\6e853e37292cc240b0e2d56d40789eb9_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2076 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| GB | 172.217.169.73:443 | www.blogger.com | tcp |
| GB | 172.217.169.73:443 | www.blogger.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.180.10:80 | ajax.googleapis.com | tcp |
| GB | 142.250.180.10:80 | ajax.googleapis.com | tcp |
| GB | 142.250.179.238:443 | apis.google.com | tcp |
| GB | 142.250.179.238:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | bdv.bidvertiser.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| GB | 142.250.178.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.178.1:80 | 2.bp.blogspot.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 54.241.51.109:80 | bdv.bidvertiser.com | tcp |
| US | 54.241.51.109:80 | bdv.bidvertiser.com | tcp |
| GB | 142.250.178.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.178.1:80 | 2.bp.blogspot.com | tcp |
| GB | 172.217.169.73:443 | resources.blogblog.com | tcp |
| GB | 172.217.169.73:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.1:80 | 2.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | ws-na.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | yourjavascript.com | udp |
| GB | 142.250.178.1:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.178.1:80 | 1.bp.blogspot.com | tcp |
| US | 76.223.54.146:80 | yourjavascript.com | tcp |
| US | 76.223.54.146:80 | yourjavascript.com | tcp |
| US | 8.8.8.8:53 | ws-na.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | rcm-na.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | rcm-na.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | crl.microsoft.com | udp |
| GB | 2.18.190.73:80 | crl.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EOYL2MRI\plusone[1].js
| MD5 | 1106da066ce809fb5afe9c6c1b4185b2 |
| SHA1 | 3b64d3a7f52b4c07047fa8727db4207137733bf8 |
| SHA256 | d0f3af1e716ce7846e7c252ace160c12480d41eecd5a7e7917ee5b2ccde62b51 |
| SHA512 | 3f0205b89d5293f14d863e344680a9d8518e5d4ee3b981dc5981106534bd597ed6b388eecab1385320f77c8d5a46a4ce5b64f03f4377b8ea13ecf9b569878fd9 |
C:\Users\Admin\AppData\Local\Temp\CabDD75.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarDE15.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1cdc68b817fba79f82e5dcfbc0a1490e |
| SHA1 | b089fe1e3cdffe64bde9f912383f8e51249caebb |
| SHA256 | 9c4ef9f66da8ae5eb26b4ff38858d817a608deedf1467d8177ec3f402c69b1d6 |
| SHA512 | da28050837f423f84ed1474a62d584aa37d54d786792702dae2d5e1501246b44dea4be371fda3086dcc13f495bf91994f83f9f6739c3b85cd303034911c3c7b6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a1ea0682b2cd49c1748532d9e4f469cb |
| SHA1 | 22a0945ed0f0df40775761c2e6e186fd6e4272af |
| SHA256 | e705133b9daee60eea8f8c371cf2501a47c2271d68ce5e6df6635fc12327b860 |
| SHA512 | 268a4bf6b97e95edb963e0c7d1ce7a9f44380b019ff6e6713b63e13740aae3ef640c3a4297596b1351ecf87a8b7c059daa7d9fd8949514b7659978339a0a309d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3b7c66d0071b2c36e02ec02b3196327a |
| SHA1 | 2531143783578426eb81dbcffef8c5f5e5fdbd29 |
| SHA256 | 0aa3ccc5b32158ee808cb2a96cb71be6b3768716ada85c12249866383e4c3d22 |
| SHA512 | c5a18b03e9d57a335970e194f77eaf3d1dd2c93f05a5aacfdfbf9d75c9142561d16aa95aac68cf4152302ec6b43bbcad98102129ba08469175f7b30ea0e99069 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a377c8afbf98050c8ecc1aaa88a22f3a |
| SHA1 | 12419cce8ccdec24b64ba07ad2bc1b7c4e97d733 |
| SHA256 | b48d80d8437987b6f7911e884373a243ff9d4606a7fb80865d995edfd4d2800f |
| SHA512 | 4521b39aa9e424f8bc499cd278041f7111ca18ca6b0a8b0d49ee9201d643bc5a3d1fbfc9ec5770c4afc687e0c4b2f3278efd9e775621300ff2a3f6a0335fdc5c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7c4bb32517dc7df4dc69b213a5519985 |
| SHA1 | ea1940e3fc48978f7b5faf369194685826e0e000 |
| SHA256 | 63af0e9a5f621a2aac879a5a81776ba56df8e1c97cbbadca59151a6bf16d5714 |
| SHA512 | ad7bbb5113edafe4fdb7fb08fd7de7693e391438b3771fa502e31f8e133d9d85eece5e6e7e55fbac55f15acd752765c29cfb0444f3f30c94541326b81986c553 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 31ab03b199964daff7afc9aabd06aab6 |
| SHA1 | a46f6a4cdff5594e0af3982196401f2aa72348c6 |
| SHA256 | fef3d34cf089dd8c408d8585f0330db2b354e1d17e01b215cb6943a464cd1562 |
| SHA512 | 8ae88e6dc0d51de6ae4619a5cf8205467c94b54aaa106d7e8f971496a6b87608e9f9ce97fe6f68b5a2050c5978fb2c3edac6071e0e0af138e99899ef0f03c46a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9a2c41406d7e950de6f0eee1ff7af4e7 |
| SHA1 | cc0c0e18d524776b523a6575ed7349c4354ebd5e |
| SHA256 | 4efe845acb10e1ac4abffabfb82f14d6f7d5139d21f3c6bc253b0d76b3d0db8a |
| SHA512 | 707e39bb4577231ac760b9320737979dc61d3f1ee8ed52a242ab05351200809a68bf7b71064177eee7fb1a6eca051c0aa938e503757552d39510d4d65ce76dcc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 99af075223cb2aedad078393cbb5e5ee |
| SHA1 | b05fed7385980dbcc22714bca293ea1acfeabce3 |
| SHA256 | d09c7f184489ba8416b997237f3cae71f78d759a78305a35d150d4225d4b30ad |
| SHA512 | ad4aed8f65772ee0c191145f53802fd67e7a65b14ef016f8ebbb6c70cd81830cbfc79b255eea77cbb0f47f922aad5c728f8c8da2b61fb766a8d7f4af493318cc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5ed628780bb2fb5b80caaadf98acf9af |
| SHA1 | 84d61041ef7ac1a8184ff5e3bf52c0cff4780848 |
| SHA256 | b570faafe787ec1f1cf2202b46c6f390c89f63473de0f4f611bd50ff74df9c5b |
| SHA512 | 952f12cfff7e8df0b4fad25bc784b860a8ad2929952130444e222f807e07f17de5f38a39bd180f61325d7b41f125cae575e7f81bebc32c73f4a762860f9d2cd1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e0a1da9d7c08480c257f2206b9774f05 |
| SHA1 | d236bf52befdfdded963eb51d7c9990bf754a490 |
| SHA256 | 3ee319439bbefafa8ce51c4a1d31c2e74a6a4b28e3255f169534bbad05695c61 |
| SHA512 | 2837025c62e00b5aae753ccca8b69327e4a2a82b77c450c6d5d266bfdba809d3d8dfefc178ecf85e960d287c79c9f2fe6046b40e08ff6bbd1fde7f0dee92c317 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 37180b6c98eb78e6e41828553ad08c38 |
| SHA1 | 524cfa358c707f07b743e1c0c285cfdc36e8b39f |
| SHA256 | 2408d56f1fad9cf1584e58f380ca6c5064188cc4276224351d6b2a5d27b02964 |
| SHA512 | 5fa3acef02352f59fa61a73e9b7af27d0ec233df8d5fba0469a453e61e620972af5218e9fce01e4b322d7202a54fe9a3449fc4f9622e3b1c1f74059724423928 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b6fb50cab64cc19bec52a93a0bda6002 |
| SHA1 | 5d3ce3a036f1ef86d7d222119a47c8606fbe77b0 |
| SHA256 | ea47a4b258d0137e51fbed91d0cbfa42c18229d46661f1860b384da7ba7eb9bc |
| SHA512 | 8049d10c0c2f391c9de78bcb29a32fc70ae1547d3cc6771378e80d6ce7aab0e68471bdf61a553b604e7abb365dc9b7b63bedca41a43743aaa862218f9276f000 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 07486a02f2bf4718398bdd1198d9a697 |
| SHA1 | ec2eeb98c7f3c5c57afc1bbdc8602fd747ba8332 |
| SHA256 | 2a7f9fbfb456e9a20579f8af95b496ceb87632d13e5485cbe178b8ebd6b187e2 |
| SHA512 | 84a0e8841e30eb2fd49d354b2b9905a0e2e6a5dfd8af38b9f3052d93984ac2fb9e709816944472e59029c7c8929da74795a378f9aebf1d66839db7241a59e131 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e0170470a0d8f38f83db8a6e0f2cb6ea |
| SHA1 | 3bd85fb44e49393823d8e40cfb7f6b5236e6f266 |
| SHA256 | 13a902f89d837e0c732e5c83c84bab1dd7ae3e6a3de279f6d7133647528a1076 |
| SHA512 | 6bd13dee2a1f98382a90f5499744bec16a0172eed5d021b79d13711adb1b8d02fb002745e06d79d03fa4f80969186f7e9851b9e2468b6fe3c247c6c298920d05 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 521f6bde4a18b670121be0aee0a47ee8 |
| SHA1 | aa47c67b124cbe85fe1273720db83ef67aef6f06 |
| SHA256 | c8f1c48124011bc7c04066db33259ea8bbea2925dce37f145736e200551e32fb |
| SHA512 | 9091f56d7eaef750f4fd5d6c0de5ab144a29f354b4fd973a8203375327811719bdf3882ccb01a16f376262bc9571f45767840e5f28d2df483db6711cef799ac5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2df267371360074076f2e299e61a697e |
| SHA1 | a343bef08a5343767ac13557754bdf5fe95298b3 |
| SHA256 | c893c6496cf1057fdddbfd5948fef3e6682a101d8005fa835767c7c9128ee350 |
| SHA512 | c153c4f15eaf2d49ef571c402969cc65deed4caae3e106d8cf19adb4015e4641a538fd2018ddfb0cc9acd9978df728721aba202b47b629681e628f1d64c01c54 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ea998490d4f75621b8b912961345eb1a |
| SHA1 | bd491f19138133d067cbc0de376b642a88c91dec |
| SHA256 | 7cf9f1317b7d813ece320fb43397cf7b9cdb62403bfc0567ba6014cb65f0ac48 |
| SHA512 | 27e857158d2bc47beb9ca2d78671bf327763d8142883a00e99d6165318b9ac756de88a3f8b4de6bbf62f59d0e35b6780b2f65e80c8cc74d7cba7adf39b1a7fb2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 24c1e0248480d16d892a46563c254def |
| SHA1 | 79a3cd29e4170677389182f5e2f83586b2f356dd |
| SHA256 | 71b2fdf26009bc7c5c045134dc330df19f7cd1e0b111204fab28bae9610696b0 |
| SHA512 | 51afac21b6c51a09a2d68c912746c944cd1b51f88db216dfb9dc7278cb092303a65dd63f56671cbfe6655b4f975dd4fb5bb08bae9ef53cca720a6287bb5f780e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 156bd53a6a47ff7342017a39984bc1af |
| SHA1 | 57b8d66843d0542a643879b05ddd27c125edbb65 |
| SHA256 | 716a7c64804b6e21848a93ce4c625d0fd1877ff5ed7b657e75117b684b82433c |
| SHA512 | b1bf1ec8afc834c4e02553a2e1e0a7610d6ca38833a11189c36a949d5ab5bb649dd0723b0fcd475c80c53e3b82a1c38273a68a900ce0704499fb4bf1c27ed80f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 4a5c46c8ae36f04b2cfae3e74717afb2 |
| SHA1 | cdb663a66fedbf9c67909417d2723930358dbe55 |
| SHA256 | 5f10fff0991d115905b0e21ad1b73e1080d6d10f02540346d044da5c1f24250b |
| SHA512 | 83c1bcc7fde8d140aeb1517d663a46e3ad8be0f5d6260f4f6bb0a314b0457b83fc7bf703f52837479b7c09785fb5bc37079125b31fad8f74ecc072fa00512161 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1a81d09b9cdad1af4d4a2a15e8fb4e03 |
| SHA1 | e9e7c20b0f063d2bcb75724ad7a36494fcf41c23 |
| SHA256 | 11f3743f510cf869caeb74b7c5e0d4c6441e8d803fd9bb7134d821f10988e290 |
| SHA512 | e5dddb821e5e220e76bb6b8bf4225872ac04f60f98d78f6c01ecbd6118453f7cc4c622cf7ff50462004db6c2d9df4d8baa0bfff092dc3bddc09d9818ee36df84 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 65e1dffb7a6b39932cffb36224abf062 |
| SHA1 | bfdc9d64d59f866f6e48f8f7c329eca52d8ef2ac |
| SHA256 | 48d60aed39fa0b4ff3d6d3b72ef79c5e51cf345025c34df7167ea55b1901539b |
| SHA512 | 9f9173d4ee6532df191907eeea069b3ad06b4c211484b07ca593475ea848dd6f6949ed39b1f373ff8519d818cd01f5bd25e28478ce5424dde12d4564a7ea839e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 64bbcbf7511b62a1e33b16dc488556e8 |
| SHA1 | 77ca7cfb9ca7ede46346105a210b2d9885e52ef0 |
| SHA256 | d8217bda57d598a0aab645e1b216ceb0d8de6d4c40111840a4b84f6edf58fc85 |
| SHA512 | 6593adc4af8c0b17ee334f1ac30557182157fac69e44656d4abc2a2dcb47f21e636b3194087a18973d356dad3146ff243188f7c1577c297a031b124b2f2a5e8f |
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-23 10:54
Reported
2024-10-23 10:57
Platform
win10v2004-20241007-en
Max time kernel
147s
Max time network
142s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6e853e37292cc240b0e2d56d40789eb9_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffba3c646f8,0x7ffba3c64708,0x7ffba3c64718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,13973236620877042102,4431496114650393845,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1996,13973236620877042102,4431496114650393845,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2404 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1996,13973236620877042102,4431496114650393845,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,13973236620877042102,4431496114650393845,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,13973236620877042102,4431496114650393845,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,13973236620877042102,4431496114650393845,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,13973236620877042102,4431496114650393845,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,13973236620877042102,4431496114650393845,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,13973236620877042102,4431496114650393845,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,13973236620877042102,4431496114650393845,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,13973236620877042102,4431496114650393845,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1996,13973236620877042102,4431496114650393845,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1756 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1996,13973236620877042102,4431496114650393845,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1756 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,13973236620877042102,4431496114650393845,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1256 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,13973236620877042102,4431496114650393845,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6168 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,13973236620877042102,4431496114650393845,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4148 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,13973236620877042102,4431496114650393845,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.180.10:80 | ajax.googleapis.com | tcp |
| GB | 172.217.169.73:443 | www.blogger.com | tcp |
| GB | 142.250.179.238:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | bdv.bidvertiser.com | udp |
| GB | 172.217.169.73:443 | www.blogger.com | udp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| US | 8.8.8.8:53 | themes.googleusercontent.com | udp |
| US | 8.8.8.8:53 | ws-na.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | yourjavascript.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| GB | 142.250.179.238:443 | apis.google.com | udp |
| US | 54.241.51.109:80 | bdv.bidvertiser.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 13.248.169.48:80 | yourjavascript.com | tcp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| GB | 142.250.178.1:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.178.1:80 | 1.bp.blogspot.com | tcp |
| GB | 163.70.147.35:445 | www.facebook.com | tcp |
| GB | 142.250.178.1:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.178.1:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.178.1:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.180.1:445 | lh3.googleusercontent.com | tcp |
| GB | 172.217.169.73:443 | resources.blogblog.com | tcp |
| GB | 172.217.169.73:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.1:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.178.1:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.178.1:80 | 1.bp.blogspot.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| GB | 172.217.169.73:443 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bdv.bidvertiser.com | udp |
| US | 8.8.8.8:53 | 72.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 109.51.241.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.169.248.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.179.139.118.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rcm-na.amazon-adsystem.com | udp |
| US | 54.241.51.109:80 | bdv.bidvertiser.com | tcp |
| US | 54.241.51.109:445 | bdv.bidvertiser.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| BE | 64.233.184.84:443 | accounts.google.com | tcp |
| GB | 142.250.200.46:80 | developers.google.com | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 216.58.204.67:443 | ssl.gstatic.com | tcp |
| GB | 142.250.200.46:443 | developers.google.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.147.35:80 | www.facebook.com | tcp |
| BE | 64.233.184.84:443 | accounts.google.com | udp |
| GB | 163.70.147.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | themes.googleusercontent.com | udp |
| GB | 142.250.180.1:139 | themes.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | 84.184.233.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.147.70.163.in-addr.arpa | udp |
| GB | 142.250.200.46:443 | developers.google.com | udp |
| GB | 142.250.179.238:443 | apis.google.com | udp |
| GB | 216.58.204.67:443 | ssl.gstatic.com | udp |
| GB | 142.250.180.1:443 | themes.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.200.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 3.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.29.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 10.29.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 54.241.51.109:139 | bdv.bidvertiser.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| GB | 142.250.187.194:445 | pagead2.googlesyndication.com | tcp |
| GB | 142.250.187.194:139 | pagead2.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.blogblog.com | udp |
| GB | 172.217.169.73:445 | www.blogblog.com | tcp |
| US | 8.8.8.8:53 | www.blogblog.com | udp |
| BE | 64.233.184.84:443 | accounts.google.com | udp |
| GB | 216.58.204.67:445 | fonts.gstatic.com | tcp |
| GB | 216.58.204.67:139 | fonts.gstatic.com | tcp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bdv.bidvertiser.com | udp |
| US | 54.241.51.109:445 | bdv.bidvertiser.com | tcp |
| US | 8.8.8.8:53 | bdv.bidvertiser.com | udp |
| US | 54.241.51.109:139 | bdv.bidvertiser.com | tcp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
| GB | 172.217.169.73:445 | www.blogblog.com | tcp |
| BE | 64.233.184.84:443 | accounts.google.com | udp |
| GB | 172.217.169.73:443 | www.blogblog.com | udp |
| US | 8.8.8.8:53 | hafiziidrisphotography.blogspot.com | udp |
| GB | 216.58.212.193:80 | hafiziidrisphotography.blogspot.com | tcp |
| US | 8.8.8.8:53 | 193.212.58.216.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f426165d1e5f7df1b7a3758c306cd4ae |
| SHA1 | 59ef728fbbb5c4197600f61daec48556fec651c1 |
| SHA256 | b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841 |
| SHA512 | 8d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6 |
\??\pipe\LOCAL\crashpad_1368_UHVTVVEOLDLBXADH
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6960857d16aadfa79d36df8ebbf0e423 |
| SHA1 | e1db43bd478274366621a8c6497e270d46c6ed4f |
| SHA256 | f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32 |
| SHA512 | 6deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | dd24ae24ba69d3692ce1545c44e48f5d |
| SHA1 | 23abaad4af590706b5fc557dfb90eb1f5eb05d4e |
| SHA256 | dd718b4c1c63e0351e80b592b59f86dc3315cb22bac0dde4381617e5f480dab2 |
| SHA512 | 8efb4e76b0d4525a2d66bff0df06da4d84781db8dbadb1677c6a4817c766843139ac243cabcc8cb3649bb4ced691d82ec37d4a60eb3acce5c4a4c8c49f1c0ff8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008
| MD5 | 05197e9427acea2ac4dc812f97a8f078 |
| SHA1 | 3d2a38b79da52e57783360f195ac3e7c85edefd8 |
| SHA256 | 7bdfd36b4f017340dbc84a310014381bfd3028416ff21c54f7ce0a35cfd38191 |
| SHA512 | 084d4febc28358d3ba6b0bef400f637b7f350381b8b592b1e412dd860d5aaf034c03ecfa87a064cb19dd8a42faade23c260e35a8660791011b7e51b726418ead |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | a5e3b3476471e0e46e93bc10393f5637 |
| SHA1 | 9e2fcc23217705f12d1c3abd6cfcec170ec50a65 |
| SHA256 | c28e8e2eef62ac26370a4489c07e421dd569e68e5010da30add3166bd77e93a8 |
| SHA512 | 03476105b6c64dae4e8f256f1a42cf1814b4d83bb6d69fb781d995cd2a5d74ce9727c68729434cb134cc3b4f6eef9e681b7d4302cc6724e865836996d39f2bbf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 08fdf06cf4dc160bae26313494612d71 |
| SHA1 | 0e588edc2d002917a82347343b6d8196c57238ef |
| SHA256 | 644933a2fc719192b33bb30967242471316fedf9e6b0956ec147bff9460743d0 |
| SHA512 | 8889c0c91d2e2ad1362c5d311b9001a9e370ad91202e31fcdb28b217c10f7b12b252b569439d4c33f56f5fbe2f9fdcd6c9c2429f6cc409a8df4bb92e74be3df0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 1c723e52803420311cb4d2de06def2c4 |
| SHA1 | 4268ae5a8d1be612e595cc3cb45b829532d4e5c9 |
| SHA256 | 46b7e4996377b237df26ff656a11ef09c272e64fe75c740ba51a7b096689725e |
| SHA512 | 26d0f0d46e8840e030f368fadbb9b6415024e0d67ac9895b15d20fd4930ef6a507cf13461e59b31516dead518bce42b0dce8a419a85841bcdb0fcb3c9e02bb25 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 11a7afe25ae25b9fe6703d6c8efa0efa |
| SHA1 | d0a0bf019a7619120c3d93b639d405e9b3833545 |
| SHA256 | 3ed3fba3167a5b176e4c387c550d8a6cbfc4d7e161e28ada08f7e9d208f22ebf |
| SHA512 | 0911e2da2748f1ba7a988e05a87ecb7e0aa7b5a4bdd2b35059908684535f13af4e52f8e484d4560c33720b47ce886017ff480e79f72f3c6d4d9863cce4fe84a3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 9198c22e3045759c6aa1830b75d53cad |
| SHA1 | 2f88fab3ae3f88bb1a5b2add0510f1670c1bf47a |
| SHA256 | 86794bf028ebed8bd736a02acc339c7d8407ec2331b672bcc2644d62336bc153 |
| SHA512 | 53d77e266be4f474e4bd262998fc338b02802e1b282b371cb2f4df5e4a685e6c2c8180e696761c6bb3477e928a32f15faeba5ed92527e51b038f889ae7ab938f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |