Analysis Overview
SHA256
59b20a7c55fcb98ffb6901a5c17336871fed27de2daf7b87804ac3d72d5a6ba1
Threat Level: Known bad
The file 6ed1f78cf5ee1dcb34ef86f44951286d_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
SocGholish
System Location Discovery: System Language Discovery
Browser Information Discovery
Modifies Internet Explorer settings
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-23 12:04
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-23 12:04
Reported
2024-10-23 12:07
Platform
win7-20240903-en
Max time kernel
150s
Max time network
143s
Command Line
Signatures
SocGholish
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F8618991-9136-11EF-B30A-EAF82BEC9AF0} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000045c0dde48c11474f81d9a2c02be4ea2200000000020000000000106600000001000020000000bb5ee8fed289870822fbbdee9067a6171f344929e576fc00ba55beb59aba7dad000000000e8000000002000020000000a850caa371020d6456803179eeb3120c9f4080aceb6b240f8cee404626a1076b2000000043d19e4a69884b53a9f07ccc40c47cd7b6c1e5399e296658390bc09038c2ab5e40000000eee29fd834d9a6a16e0e6bebf9592510fa5f58da44cb267d3aa5099f5880ff27b3172a50b16f621bf5514a0702825010facd827f3322b6ac4eac4ec88bbd1d11 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "435846944" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000045c0dde48c11474f81d9a2c02be4ea22000000000200000000001066000000010000200000006c51e1e3c99a9110ccda11df3febddc45fade12ce07c4a7858056cd60c31c601000000000e80000000020000200000008fccd54946142789c0a95181a1eb989e4d09b01fa01a051d890a3e042489af64900000006fcc1846005b186d05728a86c699285b7a8a1c1495309e862b334e02f4c59bea481e4bc402f3b1841dc41914d2b42c17520b73ebab77ccb2c8b8c915669b9f8c3021fe4e5ae7e889c6193c2104fd6e823437f28c2306d278bb188a9e29f3c8800e86d6d75e7885f5233a8118dcd2d551efca13bf721f114c49861d0e0c2c5bcd9f2819886df6503b799accf573df34f140000000ec221e71ac51d03d0a8c384e728360ca399e6a10a6bccc281cb6ae3ce7adbd643b1c883228dec811f3b19721a5b21bdb0fd96def9088e4f3e660120d6a30cb10 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 20feb7cf4325db01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2792 wrote to memory of 2088 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2792 wrote to memory of 2088 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2792 wrote to memory of 2088 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2792 wrote to memory of 2088 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\6ed1f78cf5ee1dcb34ef86f44951286d_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2792 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | i1128.photobucket.com | udp |
| US | 8.8.8.8:53 | adsensecamp.com | udp |
| US | 8.8.8.8:53 | upload.wikimedia.org | udp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | g2.gumgum.com | udp |
| US | 8.8.8.8:53 | xslt.alexa.com | udp |
| US | 8.8.8.8:53 | twitter-badges.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | widgets.twimg.com | udp |
| US | 8.8.8.8:53 | bloggerpeer.googlecode.com | udp |
| GB | 172.217.169.73:443 | www.blogger.com | tcp |
| GB | 216.58.201.106:443 | ajax.googleapis.com | tcp |
| GB | 172.217.169.73:443 | www.blogger.com | tcp |
| GB | 172.217.169.73:443 | www.blogger.com | tcp |
| GB | 142.250.179.238:443 | apis.google.com | tcp |
| GB | 142.250.179.238:443 | apis.google.com | tcp |
| GB | 216.58.201.106:443 | ajax.googleapis.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| GB | 142.250.200.36:80 | www.google.com | tcp |
| GB | 142.250.200.36:80 | www.google.com | tcp |
| ID | 103.30.145.12:80 | adsensecamp.com | tcp |
| ID | 103.30.145.12:80 | adsensecamp.com | tcp |
| IE | 34.252.59.230:80 | g2.gumgum.com | tcp |
| IE | 34.252.59.230:80 | g2.gumgum.com | tcp |
| US | 3.5.21.203:80 | twitter-badges.s3.amazonaws.com | tcp |
| US | 3.5.21.203:80 | twitter-badges.s3.amazonaws.com | tcp |
| GB | 142.250.178.1:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.178.1:80 | 1.bp.blogspot.com | tcp |
| GB | 13.224.81.93:80 | i1128.photobucket.com | tcp |
| GB | 13.224.81.93:80 | i1128.photobucket.com | tcp |
| NL | 185.15.59.240:80 | upload.wikimedia.org | tcp |
| NL | 185.15.59.240:80 | upload.wikimedia.org | tcp |
| BE | 108.177.15.82:80 | bloggerpeer.googlecode.com | tcp |
| BE | 108.177.15.82:80 | bloggerpeer.googlecode.com | tcp |
| GB | 13.224.81.93:443 | i1128.photobucket.com | tcp |
| NL | 185.15.59.240:443 | upload.wikimedia.org | tcp |
| GB | 13.224.81.93:443 | i1128.photobucket.com | tcp |
| US | 8.8.8.8:53 | js.gumgum.com | udp |
| US | 3.165.148.85:443 | js.gumgum.com | tcp |
| US | 3.165.148.85:443 | js.gumgum.com | tcp |
| US | 3.165.148.85:443 | js.gumgum.com | tcp |
| US | 3.165.148.85:443 | js.gumgum.com | tcp |
| US | 3.165.148.85:443 | js.gumgum.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| ID | 103.30.145.12:443 | adsensecamp.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| US | 3.165.148.85:443 | js.gumgum.com | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | r11.o.lencr.org | udp |
| GB | 2.18.190.80:80 | r11.o.lencr.org | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 13.224.81.93:443 | i1128.photobucket.com | tcp |
| US | 8.8.8.8:53 | www.blogblog.com | udp |
| US | 8.8.8.8:53 | www.linksalpha.com | udp |
| GB | 172.217.169.73:80 | www.blogblog.com | tcp |
| GB | 172.217.169.73:80 | www.blogblog.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.147.35:80 | www.facebook.com | tcp |
| GB | 163.70.147.35:80 | www.facebook.com | tcp |
| GB | 163.70.147.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | m.facebook.com | udp |
| GB | 163.70.151.35:443 | m.facebook.com | tcp |
| GB | 163.70.151.35:443 | m.facebook.com | tcp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| GB | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| US | 3.165.148.85:443 | js.gumgum.com | tcp |
| US | 3.165.148.85:443 | js.gumgum.com | tcp |
| US | 8.8.8.8:53 | widgets.amung.us | udp |
| GB | 163.70.147.35:80 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 104.22.75.171:80 | widgets.amung.us | tcp |
| US | 104.22.75.171:80 | widgets.amung.us | tcp |
| GB | 163.70.147.35:443 | www.facebook.com | tcp |
| GB | 142.250.178.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.178.1:80 | 3.bp.blogspot.com | tcp |
| GB | 163.70.147.35:443 | www.facebook.com | tcp |
| GB | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| US | 8.8.8.8:53 | crl.microsoft.com | udp |
| GB | 2.18.190.73:80 | crl.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | f5c9938a2fa3fc7c84debe9b5699bd85 |
| SHA1 | 698dde95fa540adaedf8c6c475730896609a8fd0 |
| SHA256 | 2d21778bc0d4f0798a5c652a62f2971db17dcf2462b0c13d89bd02de1d6df3f3 |
| SHA512 | 4dfee6086310236069239716570f6d0c63946a01b62e644447d9f6c5c3231e50b9041cc6a4d1378d58a6f694520a825e7abf98fc501c519750602ccfebd3479b |
C:\Users\Admin\AppData\Local\Temp\Cab586E.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar5891.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6278f8319b00ee9f2bfdb9b209f65de0 |
| SHA1 | 3256b640c44cabf0171b40793ae4192afb2bca63 |
| SHA256 | 49d946af3e9830480415b15ab96db48472a219fef489c596d5e0ff05e684d33c |
| SHA512 | 55b1aeeec79b57c755b25ce6a0681b1e20df74c3821414ff430be39e32301e4dfdc8ca6b337659ef15f92438b21f518832107a4181ef3b2d7a20e69060a0a3cf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199
| MD5 | e935bc5762068caf3e24a2683b1b8a88 |
| SHA1 | 82b70eb774c0756837fe8d7acbfeec05ecbf5463 |
| SHA256 | a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d |
| SHA512 | bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | db5c5c2f21580cde653f7c52aeee680c |
| SHA1 | a7cbf114ca56562b573bea76c52969437094e1e7 |
| SHA256 | d830dc9e434f00f850ff71b4db3956108673dadf2bfff9acfdea464fe1fe5e4e |
| SHA512 | e173acb57ac6fad0e0de7624de4cf5602656ddb37c50bc81679768b4d084af8b261d07e38c717c22a8e71745e26e47ccc5f7fc586a992e164786777877410267 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a0154365cb4a94ba47e9f05acb84f6e6 |
| SHA1 | 08e2c7f57285b55b8cf10b1ccde8b194969f73c4 |
| SHA256 | 42d57cab530cceb86d327498905841a0d41922846f4bf7ee667294701399242a |
| SHA512 | 8b130cbb6e1bde75dac0b083e7bd2e9b7a8d8b7ff42ea528f8956772e1f426dc2dca4abc17a374da6f2ccfd63f940b8a924fe9b0383cce63b9b4e072684ee6e5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
| MD5 | 55540a230bdab55187a841cfe1aa1545 |
| SHA1 | 363e4734f757bdeb89868efe94907774a327695e |
| SHA256 | d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb |
| SHA512 | c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
| MD5 | cc5f37d7818a55c4a0f467a83e974147 |
| SHA1 | 6a4494e9b1a4a61c619218b382a95c7b9102476d |
| SHA256 | 78919af8a680819170991b7107ecf78bb24fdec7c9fe0e4f81b6d9eca0f9aaeb |
| SHA512 | 9762d59f0e717980e2d5aab34ee45d903bbf7f7c385412107b333819c61fb259af7677e4d1de68105dc9f0ebae0a9f6e742e6b176323ed5d201f93b72cb24e43 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c4aca90224d951ac9dfc4ea0fb43d6a3 |
| SHA1 | ac1d7ef35bc91d2dbccd82749a9b9b674bfe2498 |
| SHA256 | 3da63ae69ad1d9c35ea1eb183b33e3bfc523bbe818c3ebb1ce6c9206861b034a |
| SHA512 | 494bbc1b5ecdf9f2d601acc2f4d5b86b6b0c6de2a51013a9e233f66395ba9f842a8cf4f7f71a9e22039f1cec8b3efc484ec15b0fdc17664d69a2c54d3431ca4d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 49e4accb5bff4e9a4fbdb332ac4fd35b |
| SHA1 | d99bd88e2a36025aa9a6db5c08b05d3110bba119 |
| SHA256 | b5edf7fba79333dcaa9690131b4cfa5426c53a5976956a3b447b1a9d447d8aa6 |
| SHA512 | 5c25afd93c04cbfbcdee4721cbfb48b2446ac75b2a1f6c5c225fe1c8329cdbc283d1b70ba1951b9f99b2c08d93c76f1631c3abbbf8d54fb74af633b2741a88e0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0bcf1447b46a673ea68b50e17d4ddd87 |
| SHA1 | 2be52f4a60883200aae46729651bf0c978ad3653 |
| SHA256 | 1f8793ad9337feab86e123a8f39b06f5fa141bb313d0cb1b0988ec4b3845e75c |
| SHA512 | 231f7a791b6d08f42413e98563546eac6699119674702f7a974ac6b40f3393f45426702b6ef7826652d8305032595f8356ee4b99756c307449db60eb51a898b3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6999f02b20b27708afd059704ed1386e |
| SHA1 | 2dd5fb88b2935a36d88f785b54077ebac4e4101d |
| SHA256 | 855a72246d7b5182e7a5acd217fdd26b2fb2e296518b6939e9ce186a93dc4d34 |
| SHA512 | 03ce391a1986113777ea414879bfd7214055acb5e272fc8adfa603e3cedef60d3d26ac04a021978c77cc565a53eebd57b08f4bca2829586fea7872f3e35ed9aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b2c6eaaf87cef0aaddd38cf14b26896b |
| SHA1 | a278287fe53985b56a76f3c39a62fe4769ee1ea0 |
| SHA256 | d7d849896b5ca9920449335d3a19c919729641099162b3d5b6efe3df2f454ef0 |
| SHA512 | fb06bcd8d406f4933b0e1c8cdb8a2a5caf1f81a300112b0ff3b5fb4341acd7e3caf45447be4a9482a14e5510ead0cfb9f4fda5fb91ffaf1ca5499adbc45454f2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 817daed2de1f650024eb089748b4e67c |
| SHA1 | 2384fda0065090c11c2d4ea531a03f59bc433b0f |
| SHA256 | 57127b0c675bcf79f2e0777cf864eb9c8f42b6e1044709bbdf13ad810f4b9a8a |
| SHA512 | afd81999b0d119b70d781992c2cb20b8fda5d81861b32a0394d131a4d0167b806bef21582441b575da4fcf270540cebc8d79a2bf2505a991fc762ea8c14bd230 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 92b5de43d4b4e9cb2fcd9db09265a0b7 |
| SHA1 | d70c143610b168c8c40befd091d368bc613efa3b |
| SHA256 | b1c572593e9885222c59f508d2afd01c965d126d827a566c37184d41414c16de |
| SHA512 | 422dc4816cc4c2e5f843e16cd8e5ed27d37c88399c48eb314a41aa2868fc92e3667c9f537f44533d54339664c11758e4ce7c3ac11e8e991dd515be7cff4140ec |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8e3952cef1c6781e90d3aedb69a1705c |
| SHA1 | 6f75fc67fd4cfc5bfcf82b49e79af7fed20b3fc9 |
| SHA256 | 9d26b7656215826ec8945679f544c274e372e92b1990dfcb95ad9bc71d753452 |
| SHA512 | c682ccad8299bd28bb38e513210c5f488f04567e3648e90ee1944c5c162acccaaaa229fb9b2d594dab3ec265e9ecebd4e025b8646f816d49a96ccd077c019858 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 02319863792d5fc4ec667d49255d6eaf |
| SHA1 | 5ae98b3e8ed7e63810abc3d2d05f518f42ccf87e |
| SHA256 | d432b2acdde7fa89eb745c903afdd4f6efafc80112828001d9b60dd183bfb5e2 |
| SHA512 | 3771bf4af9aa3ec931acd7b3e4eea2d41f2f1496682f9692262b23528ae5ef046bd8f868eed0d1d2ed69e8a247c6f0effe4d639ae75a154ca6df3156d7177749 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6ed4d6c108c1ea6ade00926719ce1d23 |
| SHA1 | 2252a17ea4b20d61a419f9acf0a0a35bfa947d9c |
| SHA256 | 5dff6ae25d1ad8998a4ecffafa5ef09f7f60ab6b7b18e2aa7445527b3d35da90 |
| SHA512 | c96db5d48c9df7404440628140b839741c8cbafe79836a6ee61378b2950802ee59986f0ea832a9449749f95b12c6edcb661631c7264decedb455db1023dcf4ae |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 00f0228a499076621b6b88ced7b4a27c |
| SHA1 | 1eb4c8567b109211b4b1f31a9b81e2ff173f2331 |
| SHA256 | 42978123aab197668efc8426812fff0c35b2a8b6d4097552a61a407525b7f79a |
| SHA512 | 03166c64cfabd0a689c972e010921d0ceef70a5830dd1031ef0e2192526d158822581ea65234c6a741da49fca21c1f0d2b21eca63b3376356d6a7c9f72e53283 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 34590e0daf4a18624fe159a5dd6b5fa2 |
| SHA1 | a4f89c8daf80ffb162a451955595c64ed9363469 |
| SHA256 | 1eae78e75ad6746def7b03e61e3e129d3d1f56b13828b6032214c88dfc864890 |
| SHA512 | ec8ecc8a39c24e21b3eabff12af8141e5c4b38fe63328b122d630a5044a35647bc67b01149f9df7dc68d7d3010dd27c6019b896b23003c9917d324aacf533a5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fe6b3dac28679657eab22d2f5929f77b |
| SHA1 | 0b9498003da720802b96416791d7977580576f11 |
| SHA256 | 754064c85c7bd9657ad4ab8e920e0ba018f61e4c9b31f2f54b53ccbb8e9e89b4 |
| SHA512 | 03f53c4f8a4a6376237b2fc19ea3097716a904452abd17e26d532f5477a72733f47d8c5e6b048cfb88be233efca470204745797783c47bd1c6087adae69b259a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 29bf1cf3962df9753b0a6e0c80260821 |
| SHA1 | 6517ebff9906adbc47578009e3299addcfe2bf64 |
| SHA256 | f0b8eae44c7f9f5d724ebc42ad74b05b152d0c8b78aedf6938a367e887fd5ef4 |
| SHA512 | cea7eda9948c86311eadc78da19b62dd044248eec337805774d53b23568bb8483d885f8fae3b40c973b447c3ccc0f8eb9d44c4fb0cdd25a48e31ad002eebe1f0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 35f507fc9b6e3499987097b54abad1f2 |
| SHA1 | b4f0252b26a0ffad728771a22b18fff4a6f9a0f8 |
| SHA256 | 7632e4c9a86e513f42b3685f84be9459942b4a4fd005272a33f083568ef93aa5 |
| SHA512 | 65b883a7bd619bf8c88c7a601686b4292c1ae59ebd0df34107bdd42b35048ebbaee4abc6c95dcaa90e328320d7b93fec396b331d79f822319300aaaa1d7f065f |
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-23 12:04
Reported
2024-10-23 12:07
Platform
win10v2004-20241007-en
Max time kernel
150s
Max time network
150s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6ed1f78cf5ee1dcb34ef86f44951286d_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff409346f8,0x7fff40934708,0x7fff40934718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,241870391966898628,14372402038200953426,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,241870391966898628,14372402038200953426,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,241870391966898628,14372402038200953426,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,241870391966898628,14372402038200953426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,241870391966898628,14372402038200953426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,241870391966898628,14372402038200953426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,241870391966898628,14372402038200953426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,241870391966898628,14372402038200953426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,241870391966898628,14372402038200953426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,241870391966898628,14372402038200953426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,241870391966898628,14372402038200953426,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1844 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,241870391966898628,14372402038200953426,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1844 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,241870391966898628,14372402038200953426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6160 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,241870391966898628,14372402038200953426,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6244 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,241870391966898628,14372402038200953426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,241870391966898628,14372402038200953426,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,241870391966898628,14372402038200953426,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4920 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 172.217.169.73:443 | www.blogger.com | tcp |
| GB | 142.250.179.238:443 | apis.google.com | tcp |
| GB | 142.250.200.42:443 | ajax.googleapis.com | tcp |
| US | 8.8.8.8:53 | adsensecamp.com | udp |
| ID | 103.30.145.12:80 | adsensecamp.com | tcp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| GB | 172.217.169.73:443 | www.blogger.com | udp |
| GB | 142.250.179.238:443 | apis.google.com | udp |
| US | 8.8.8.8:53 | 73.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| US | 8.8.8.8:53 | g2.gumgum.com | udp |
| US | 8.8.8.8:53 | xslt.alexa.com | udp |
| US | 8.8.8.8:53 | widgets.twimg.com | udp |
| ID | 103.30.145.12:80 | adsensecamp.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| IE | 34.250.15.22:80 | g2.gumgum.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | bloggerpeer.googlecode.com | udp |
| GB | 142.250.179.226:445 | pagead2.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | upload.wikimedia.org | udp |
| US | 8.8.8.8:53 | i1128.photobucket.com | udp |
| US | 8.8.8.8:53 | www.blogblog.com | udp |
| US | 8.8.8.8:53 | twitter-badges.s3.amazonaws.com | udp |
| GB | 142.250.200.36:80 | www.google.com | tcp |
| GB | 142.250.200.36:80 | www.google.com | tcp |
| GB | 142.250.178.1:80 | 1.bp.blogspot.com | tcp |
| NL | 185.15.59.240:80 | upload.wikimedia.org | tcp |
| GB | 13.224.81.73:80 | i1128.photobucket.com | tcp |
| GB | 13.224.81.73:80 | i1128.photobucket.com | tcp |
| GB | 13.224.81.73:80 | i1128.photobucket.com | tcp |
| GB | 172.217.169.73:80 | www.blogblog.com | tcp |
| US | 3.5.28.59:80 | twitter-badges.s3.amazonaws.com | tcp |
| BE | 108.177.15.82:80 | bloggerpeer.googlecode.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 8.8.8.8:53 | js.gumgum.com | udp |
| GB | 13.224.81.73:443 | i1128.photobucket.com | tcp |
| US | 3.165.148.30:443 | js.gumgum.com | tcp |
| NL | 185.15.59.240:443 | upload.wikimedia.org | tcp |
| GB | 13.224.81.73:443 | i1128.photobucket.com | tcp |
| GB | 13.224.81.73:443 | i1128.photobucket.com | tcp |
| ID | 103.30.145.12:443 | adsensecamp.com | tcp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| GB | 172.217.169.73:443 | resources.blogblog.com | tcp |
| GB | 172.217.169.73:443 | resources.blogblog.com | tcp |
| US | 8.8.8.8:53 | 12.145.30.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.15.250.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.81.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.59.15.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.15.177.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.179.139.118.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.28.5.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.148.165.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.10.230.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.linksalpha.com | udp |
| GB | 216.58.204.66:139 | pagead2.googlesyndication.com | tcp |
| IE | 34.250.15.22:443 | g2.gumgum.com | tcp |
| US | 3.165.148.30:443 | js.gumgum.com | tcp |
| US | 8.8.8.8:53 | c.gumgum.com | udp |
| US | 8.8.8.8:53 | aba.gumgum.com | udp |
| US | 8.8.8.8:53 | gumgum.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 3.165.148.68:443 | c.gumgum.com | tcp |
| GB | 3.162.20.3:443 | gumgum.com | tcp |
| US | 3.165.148.23:443 | aba.gumgum.com | tcp |
| GB | 142.250.200.36:80 | www.google.com | tcp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | widgets.amung.us | udp |
| US | 104.22.74.171:80 | widgets.amung.us | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| BE | 108.177.15.82:80 | bloggerpeer.googlecode.com | tcp |
| US | 8.8.8.8:53 | t.dtscout.com | udp |
| US | 141.101.120.10:443 | t.dtscout.com | tcp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| GB | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| GB | 142.250.178.1:80 | 3.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | dtsedge.com | udp |
| US | 172.67.157.200:443 | dtsedge.com | tcp |
| US | 8.8.8.8:53 | 35.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.148.165.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.148.165.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.20.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.74.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.120.101.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.157.67.172.in-addr.arpa | udp |
| IE | 34.250.15.22:443 | g2.gumgum.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| GB | 163.70.151.21:445 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| GB | 163.70.151.21:139 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | whos.amung.us | udp |
| US | 172.67.8.141:445 | whos.amung.us | tcp |
| US | 104.22.74.171:445 | whos.amung.us | tcp |
| US | 104.22.75.171:445 | whos.amung.us | tcp |
| US | 8.8.8.8:53 | whos.amung.us | udp |
| US | 8.8.8.8:53 | kencew-unix.blogspot.com | udp |
| GB | 216.58.212.193:80 | kencew-unix.blogspot.com | tcp |
| US | 8.8.8.8:53 | 193.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 443a627d539ca4eab732bad0cbe7332b |
| SHA1 | 86b18b906a1acd2a22f4b2c78ac3564c394a9569 |
| SHA256 | 1e1ad9dce141f5f17ea07c7e9c2a65e707c9943f172b9134b0daf9eef25f0dc9 |
| SHA512 | 923b86d75a565c91250110162ce13dd3ef3f6bdde1a83f7af235ed302d4a96b8c9ed722e2152781e699dfcb26bb98afc73f5adb298f8fd673f14c9f28b5f764d |
\??\pipe\LOCAL\crashpad_752_FNZLKYIUXMBMHHEH
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 99afa4934d1e3c56bbce114b356e8a99 |
| SHA1 | 3f0e7a1a28d9d9c06b6663df5d83a65c84d52581 |
| SHA256 | 08e098bb97fd91d815469cdfd5568607a3feca61f18b6b5b9c11b531fde206c8 |
| SHA512 | 76686f30ed68144cf943b80ac10b52c74eee84f197cee3c24ef7845ef44bdb5586b6e530824543deeed59417205ac0e2559808bcb46450504106ac8f4c95b9da |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 936135eadbae9407479fa827b2f83322 |
| SHA1 | 0025c18c4302325c804b4c28248fb6bc27a848bf |
| SHA256 | 2d2f52de5f4b8e310a09f6dc4cf4c7708649630985f6cb30b6ff8f75df4ae304 |
| SHA512 | aa0a65d60ebc8ff0539395c248fc54624643bd56aeed3a390423d08bef2bee0aacf9526c59d012a1b2691684fe3f25b2424f4075dccd067a8efd72cfba1c7b0e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 65fc4f79023bb1dce5796afc026b4140 |
| SHA1 | a5bb201a1e26069f98bc5c431a38133a0f7d1ed8 |
| SHA256 | e491fddb3dc057402e74fa18164616b5fce2a7ac55736ad970e3604d542e31f3 |
| SHA512 | 3c876103f4fc77626742f0a636e440c9d8339b854a5558e3a21da2bd6f4de314fe093fb5e12d5f13ba3217e3c91632d58fe4c3c3c33f5753f5c25be7bf315b14 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | fc3185c2d0abfc13be8e6198efd2da82 |
| SHA1 | f9a2053c1c2c8691cf2e65e5cb2b3214076ef970 |
| SHA256 | 3ccf71335091695f2d6efd307e3ec063d8ac9a050387a3e2675091ff8bd829a0 |
| SHA512 | 28529d9e581a3ec3cb027198eccf048386bd21fc19d78bc26e048e456dd270f26177a26ed4e65997cc1dcef8a39f5bc0d756cfe4804ed88a1ce483e0faa642d2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 55e54a0c8f95593efa6a286440f569d4 |
| SHA1 | 7be79ef1487fdc7e8b745e1c9dcec6fb89b25c6d |
| SHA256 | 52bc19d75dee729da4b3977115130c1abc1d66f6f8cc35f568f2f2221024386d |
| SHA512 | 2ebdafdf416385040b5d65b2c84cf11d49493d058c1e1df436254e70bb58c88816ebd78b04214644c1178361c64a80c1388db81e59a6926d85e07602c149740b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9a39366f8bd9cb4327d30dd12f977c52 |
| SHA1 | 91a60a5a1104734c7b4b3200d947467203d4844f |
| SHA256 | 18fbfb1ae782761fe78775d042371121c60781f20949207bbb8b74c1494d575b |
| SHA512 | 8476946eb4a49f202f22d41abcf09c52df0ff73c4090a836e04e49bd8e079001e0dd729396401577d94719f301a76ae8572a43ee569acfbbc9b003f795531d0f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 6dbdb085712397f6690e2ca3a7aeaad1 |
| SHA1 | 7817035c11025e543822989a2cbfccb301af50f7 |
| SHA256 | 8fa63d8cf200e14b89277fb7056ba6771101ee53dcf54c65dba376d6c656ad37 |
| SHA512 | c5386babe7474baa46d9712d16f65c786e0beb9d2f3e4cb1eb76b05b452d6d76f1d06389775817686bc4a0e4b144f72e9ddd21b09289bb1e4b2916dd6009ac74 |