Analysis Overview
SHA256
7946e14c7302fae0a9538f2033a6995170400c43d1798c7233f87697590f5f2b
Threat Level: Known bad
The file e01e56eafbd16b78ba05cf5b7fc13235_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
Socgholish family
SocGholish
System Location Discovery: System Language Discovery
Browser Information Discovery
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-12-11 05:44
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-12-11 05:44
Reported
2024-12-11 05:47
Platform
win7-20240903-en
Max time kernel
140s
Max time network
144s
Command Line
Signatures
SocGholish
Socgholish family
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a10e87f39f27234b8337d367a516b5e1000000000200000000001066000000010000200000002ad7b2ca50c897a06d6482a202f25329f3fecac110f056c49c836e7bb4fc5a6d000000000e80000000020000200000001eea3f954fa9fe0a77bdb0ccac702f9d1fa82e67fe08cf9124f9ec3d9b80e29520000000eed8d2d288e6685072a5c00fa9d748a538b77a17194251148dd28796a16e215040000000fda9ba832a2e82690e2f4ee2b105a5c8d29eab24eabed9963f49ea7eb8a02236c9b25640503d2013f4edc7b0d35d4847dbb46d78b14d4bfa21f58bd491a9b4c9 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 9076d5f78f4bdb01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "440057755" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a10e87f39f27234b8337d367a516b5e100000000020000000000106600000001000020000000433d2aca8755c7b542386392ee84d691dea90d9cad3e90f7797c58a61952d258000000000e800000000200002000000081346032f2f5afe13f724b7cdbbc3ef7c42240b55d91a2cb6049a977e6ef5d82900000003e80c37e4933aa2722743266efb14550dca3fdd43d6034b70e0295fecfd04a0edf86c16c6c59378a71d305730bc62e2e797f1aeceef953baf066c9b2f02bbd02375da2dbd1134708adbac63d8c9258584287166ff1be92cacbfcc97602f5de642c909f2f7ea9ca1baa3b243e18a2f69b310274dd1f3e28c39c0154a21ced927733bb4d43ff72f031565921957e0aef484000000095fb834ba0bc58348f66dbb1d83f3947d6263e654e4de4ed260e540b3296744298e557aa19ea353f68e4915de92ce5adb038a87541c6eca4f0ca3868b2329d61 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{08838AE1-B783-11EF-A160-4A174794FC88} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2380 wrote to memory of 2540 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2380 wrote to memory of 2540 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2380 wrote to memory of 2540 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2380 wrote to memory of 2540 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\e01e56eafbd16b78ba05cf5b7fc13235_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2380 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | www.instantonlinecounter.com | udp |
| US | 8.8.8.8:53 | feedjit.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| FR | 216.58.214.169:443 | resources.blogblog.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| FR | 216.58.214.169:443 | resources.blogblog.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| FR | 216.58.214.169:443 | resources.blogblog.com | tcp |
| FR | 216.58.214.169:443 | resources.blogblog.com | tcp |
| GB | 172.217.16.225:80 | 3.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.200.33:443 | lh3.googleusercontent.com | tcp |
| GB | 142.250.200.33:443 | lh3.googleusercontent.com | tcp |
| FR | 142.250.179.78:443 | apis.google.com | tcp |
| FR | 142.250.179.78:443 | apis.google.com | tcp |
| FR | 216.58.214.169:443 | resources.blogblog.com | tcp |
| FR | 216.58.214.169:443 | resources.blogblog.com | tcp |
| GB | 172.217.16.225:80 | 3.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 3.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 4.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 4.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 3.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 3.bp.blogspot.com | tcp |
| US | 104.164.25.193:80 | www.instantonlinecounter.com | tcp |
| US | 104.164.25.193:80 | www.instantonlinecounter.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.200.35:80 | c.pki.goog | tcp |
| GB | 142.250.200.35:80 | c.pki.goog | tcp |
| FR | 142.250.179.67:80 | c.pki.goog | tcp |
| FR | 142.250.179.67:80 | c.pki.goog | tcp |
| GB | 142.250.200.35:80 | c.pki.goog | tcp |
| GB | 142.250.200.35:80 | c.pki.goog | tcp |
| GB | 142.250.200.35:80 | c.pki.goog | tcp |
| GB | 142.250.200.35:80 | c.pki.goog | tcp |
| GB | 142.250.200.35:80 | c.pki.goog | tcp |
| GB | 142.250.200.35:80 | c.pki.goog | tcp |
| GB | 142.250.200.35:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| FR | 142.250.179.67:80 | o.pki.goog | tcp |
| GB | 142.250.200.35:80 | o.pki.goog | tcp |
| FR | 142.250.179.67:80 | o.pki.goog | tcp |
| FR | 142.250.179.67:80 | o.pki.goog | tcp |
| FR | 142.250.179.67:80 | o.pki.goog | tcp |
| FR | 142.250.179.67:80 | o.pki.goog | tcp |
| FR | 142.250.179.67:80 | o.pki.goog | tcp |
| FR | 142.250.179.67:80 | o.pki.goog | tcp |
| FR | 142.250.179.67:80 | o.pki.goog | tcp |
| GB | 142.250.200.35:80 | o.pki.goog | tcp |
| FR | 142.250.179.67:80 | o.pki.goog | tcp |
| FR | 142.250.179.67:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| NL | 173.194.69.84:443 | accounts.google.com | tcp |
| NL | 173.194.69.84:443 | accounts.google.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| US | 104.164.25.193:80 | www.instantonlinecounter.com | tcp |
| US | 8.8.8.8:53 | crl.microsoft.com | udp |
| GB | 88.221.134.146:80 | crl.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 23.46.73.244:80 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| FR | 142.250.178.142:80 | developers.google.com | tcp |
| FR | 142.250.178.142:80 | developers.google.com | tcp |
| FR | 142.250.178.142:443 | developers.google.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 08995aa55af1af983a12918df36c2068 |
| SHA1 | f4f2db17c56fbbf54974e5590e1be5cd7490050b |
| SHA256 | 592c0a432787f1ea03675a28495607a2ee006780466afe1c016836ec59fa46df |
| SHA512 | 96386cd1bb1e9512c15bf27e990e07337523c7cc5bfc9b4f97f288a829d9337b9efac8842e96ec24e51a3a0ccde481a9c9cd6c7df868ce6860ff6077385f623d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | c222a44bdf6ee65ec24505e7d5330065 |
| SHA1 | ada38094aced27603949f33504be1714b0957b6a |
| SHA256 | f555aa76d903ce970056b4f5d93448dae439ef5dee6f998907c42101509d37f3 |
| SHA512 | b4c1631ce07e34d5a9f36365cfa2031bcbb32ffadb640d33909a549680434b4ad9a3f850fb22465f664522c07bc78a07650fe9fe631433545292f27cbfd40044 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199
| MD5 | e935bc5762068caf3e24a2683b1b8a88 |
| SHA1 | 82b70eb774c0756837fe8d7acbfeec05ecbf5463 |
| SHA256 | a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d |
| SHA512 | bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199
| MD5 | 7088d1298bd31ca1f14f36a0e35afe95 |
| SHA1 | e56ec7bd0f0a4f72861dfba990d434604541d928 |
| SHA256 | faf8884e6e1e237b45eda083e6d675f2c75a91274eca4903b1d953dfb3527572 |
| SHA512 | 4fd2e5fcf36c30e4c59ee5505eac0a50a0d13fb26d9409413a3703b57efdd85d787807bb59f034bf1af3f83720129b002c16bcf6a2a3547b5685efadddd31b8a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DDE8B1B7E253A9758EC380BD648952AF_86F2A83F54EA52E2D59C5D2EE00149B8
| MD5 | 75de656defd632840ee6280b13d5ed66 |
| SHA1 | 7d5df0a1f158fbdf43a19e767707acc86466b367 |
| SHA256 | 05984f0b5fc82e4ae6ec1f40cc3085d7258959abd51f707b1ff340086dd7d6ce |
| SHA512 | bc2aba609ac0a4a774bdb071fa3814a0ebfa364399fbabb352c26e09b40c05782c769f01c46ab354a6db11960d7137bbb5e69d100401b0e6668ee237e6812f1b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DDE8B1B7E253A9758EC380BD648952AF_86F2A83F54EA52E2D59C5D2EE00149B8
| MD5 | c9686dca939d7c9e3408b5c609fa06b7 |
| SHA1 | ad4006926ce5d6c73c160771f5e58893dab17fe0 |
| SHA256 | 3b219152a5b0942895013b120da1db8a34a32bd645805f5d3c51f4563c077dc5 |
| SHA512 | 698e69e14ff9d6941d1a16df3bc1ea6b1de00aefc70bd1dda149aa71063d6a4400444f8b2c698ec3ed882a31e35c067cca18e752ecb0f198cd318173ae6c0e6c |
C:\Users\Admin\AppData\Local\Temp\CabA788.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarA78A.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ef605e1da95f576de1bbd3efe58bb31e |
| SHA1 | d870c7194b6e53fbd7ea2e63d9c4e8715dd9d55e |
| SHA256 | 03f0dc94836196f297d1210f8f7bd27cb4bd59da138b602e11581de31bee86d4 |
| SHA512 | 8f5e4954c26b5059bbd48e5ab1250f49f88463b1ef60dd2b0d9195555b2e1715c9cddbeb32441f8e9cd18e7f7983d9da71687fc0a84ad221295505d39da8e49a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 663f372de09f08d6c68ceca4f3aa2ea5 |
| SHA1 | 10ecbb1bc4f23a5700e89f78b5f9909d4866e52f |
| SHA256 | eaa6e8dc6a003a2eff95ff3c5aebd3d2a82104cf911d50628fc6a8fa80ce6ac5 |
| SHA512 | 585cd7d4f6b6f4a577e396a431d54f3e7bee4867d0c59c90902c4c78e3f3a41d5f299929f6d05796d458233e76c259d411085235d9f8bf876a0e7738950b3969 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 25b0b75fe81982bb837100c8105ac851 |
| SHA1 | 1320ada036f6f800d0724560f71e9e21351af42e |
| SHA256 | 266e02542ed12aa047cff1ee07e5459edf58f13413a460e1045123bfeb4136da |
| SHA512 | 8d70a4165753fa614015120664f2530321c7cbf429b80974ea935ff870f4a27532ae1a56fb109d74a8a205991928248c7c65f5ce0474b1f289e186a410104ca1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a550e89cbd4c7b758992c3d4feb122d7 |
| SHA1 | db5e2d1eca54de4b670d84176cb6fc849383aa91 |
| SHA256 | 7b3e3151f6f742cd0c233f0cb1be362978eccc48e0be1b9823dba63a6d152ea6 |
| SHA512 | 80b58a65dce73024eaa4d94ae3e6a588541962bea8ba9e6b15edef4190748dda62df450254ceae133c633f74823f0249984e2b6ee8f1deaa9e0bdc0acfeba41a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3341a109757edc72d1cb74d2a60fdde8 |
| SHA1 | 1d189c0b43710a1d4e5a346cdf24ca7021e61069 |
| SHA256 | c6da71e387cc34923fd89efb3c943b997efcc81ecab086b4fb32ac19670a845a |
| SHA512 | 5d9e1609f02369dd1ff5adfe39ddb5d0224fd94c7a949c4eb91ea75b5b27bbb98ee1083c40c920d412d505b160c70971f0a7e50405518e1e48ad4f42b02e9930 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e09ed22aa289bf75c80cb2641a65028e |
| SHA1 | c8926cb935cab097bfe35b09985eeb9db85a30f1 |
| SHA256 | 53eff7ac42b1f15c0772bd8378bc3f2bbcb0efd716711ad67a9bce793c7a4aa5 |
| SHA512 | 068e18cea37d92b78dbd0af13179a6c0d4208a8f2ec26280c976520dcceb37429c200a73239cbff06333760f1361b857fe864f5e08f113339314924c93655900 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | de3d0cc3f518d1873345ab971d75e2b2 |
| SHA1 | ebcc7a830fcf62df8eb3ee95b40deff3760fb956 |
| SHA256 | 95026e3fb577ee854cd2f0185c8fe336d4377c53c3fb881b5eb419a29132227e |
| SHA512 | 35c4cf6ede691ebd5d44dc6846b7a59e14a7f69cd8d38171190943398e7f5129303bc27541755bc73bb34d6fac3fcc0b5ff7bd495f9143f643369b19c99bd58d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f4d8c9d36a66d7f9ba1b116faf19af85 |
| SHA1 | 2e68db61e195c53a12ea6237d6ac3483a058a0b0 |
| SHA256 | ac2067c50f63a9ade4463b20f0e2a06a75daf49493c379a191a934aa8a6fb7cc |
| SHA512 | f8bb7cda78105cf53b7403a8ab604329b0434c24931cbc33fbbd0b498b99eecf063dba09d32e8e11bdc177a0c9ba222818c0e7ae9a780568b5b554780639d9b3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d4b4ef5a68b244fd3c0f9060d4f4cb35 |
| SHA1 | a205192220ca3b068e14008f68d376126159790c |
| SHA256 | 5c0eeeb49e8a7e44f43b6353870e0a895b1227b3a9d764b1af0aa71bbb0f3dc4 |
| SHA512 | 50dd26121fc3ea98235f9bdafcdd37ec121387d33c9231411625465bd3d2b60d1f55d375b04cbf95d24e4b243e0e723c066567126c40e09ce94f17f72e2b0e0b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 522b0b229ae018ec9c9906f4205852fb |
| SHA1 | 111497304a0b57b29b4a0ffb5c39ff2fe19ca2ea |
| SHA256 | 031d82cda48b53bf5e226bcb391c317e8edad70ff03dbe722f0a30710ff2b4a9 |
| SHA512 | 705d2bb70e0ae707b77d5c90bd3e934eff4fb86316c9311dc134fc4ab29dca56c8eca455a1a793de23c341d0cc0ad1132645a4df2d55e679db321d71d4eddfd2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 88b384acfb1954803a8ee8e3e80d034d |
| SHA1 | d1356650bbae47b029bc40e81ede04fa8f408756 |
| SHA256 | 834c6464793ce9ac6d8d297b3cd51f0d4b222c18b5f3dce8a57aa4392d520e4e |
| SHA512 | 3e4f30dc5a78aafa17c5df1b8aed804222de0fbb1514456ded0fa9fd5ea4a4ecadb81fd4f0f5e9525dafd10285c35126275636856863c0cd5b655f1d1c9e6e93 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 79363ac0150c12fbb7df9f917dc0c812 |
| SHA1 | c533501cb80e75bfd84eebb0dce65edec14a7bbf |
| SHA256 | 9d6ca91a14c5b97997efd39649bbb8657c0e78c8e9b24d6d219df895dae54f56 |
| SHA512 | de6b777e7f379cdf33358e326185de16d694e07f122365c4aea3a68159467811c3e3287df79a524729fe29ab0bbf0483f3dc23ce2844a5883111c17b08e20cac |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dc5d725f5278d74cc8377cf26b08752a |
| SHA1 | c93db74f05f00913f13e599ea04e2684e545695d |
| SHA256 | 91ad1eae7aa9778ad30883d6857f33dc014d8f486474b1a17f6d2c876c39d43d |
| SHA512 | f553cb51337c7f25bb3db58cefeeef13b9b3b05b8679dbd3f09859aa2e03e6eb33644213398513c371a53baaed257672024fe5137efab0519965943529f8ab9b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8c9400480c46da5f4381ee327024af82 |
| SHA1 | 8e39717a5aafbea63c50d26cd2996ade19307c38 |
| SHA256 | 8b9b0dd62b15262411fc88a2c399cb7e624e5828dde365cac0d1fd9550a0aa10 |
| SHA512 | 6c891d0c8878e012b73bb21cdef2b7a1085048e7d21b5473fe2151f925f58ff3c7b50b0131597543679f38689fa862b802704cdc2efca5fcf10e8a35b74b436e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bdb7e320c29f930b124f0722c5f48e59 |
| SHA1 | 74c4f8a81c0e2889a70ac998888be7f8e6cc9ee9 |
| SHA256 | 1d20a1691d6198b4fd14b672f264c4d08bd25733abfb7132e6a0e1f551a2d20d |
| SHA512 | 9858759106d34f4d2685eda5a0af67a4ee18c1667fcdb0ae0dc2d2f9f9aea653ed092ecafad45150818a478e50e6bfa1b3e3680fd8b4a1a87bf8453876f4f26a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b4560f249f53541da8a059364671eaf8 |
| SHA1 | 92c7f85f4b6178a3695ba7d578d6b435d7c52c7d |
| SHA256 | 33397697ae9b439af8b0e7d1593b95a1c6348f95ea91e4bec581112e094c2151 |
| SHA512 | ce0ca0cee55221f34a0140b15780a0e9636e3b95cf3803e76738fe4b50c72ac81baafd35aa70242a1ae3d674b6ad6c3ed8b6115f56af4a7048dae67643a32e3d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 94fba81bbc5de46a4270004b23aef380 |
| SHA1 | e17769d229f10a1e4940220795b96ca0d8c67084 |
| SHA256 | ccc10aac64f05aa5abf2ab072d71a39c84e5e010eb5552930b13ba34213466af |
| SHA512 | da627c3ef3592b47ad306d4e8f87a636aa1646ee63f50035a510681632a24f22f26b47ad6a8665d9c042d48b68aafa18bb9a6508ff03ec7dfe1d714a1a234e21 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9db01449c31d91e8b63f486cf3a0fef0 |
| SHA1 | 8b7b710cd84ba77afc3795c189921e8ad0859b88 |
| SHA256 | e4ae0aa56fdc924c9034a96256daece5d247673ba1e95b193c65c6e21b67eb20 |
| SHA512 | b2b294715db2efe9831bfac59848697a79fda1c448b3684731bd7e8795da250529e407a6f755f7fad16ce7917bce06a38e9ef40b294073ff5b9eaa6e46a16845 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0700ad84b87f26670e9ba6f5e868c4a8 |
| SHA1 | 381ae8980f5c734f0dde28e486da4a981104a291 |
| SHA256 | ce49a2ecb6ed248ed61bbd70518c32ba27dd680f83ab02a11ec4752f970e349b |
| SHA512 | f1dff2c5b83e919644031aff2ad93ee6de02725f4441db6b5c09bf804baea5ac34ebd799a997e85d6029bf2aeaf2afecc648c342db604509a33f6892cb3aded6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 506af44cdb4ec80a7cdf774269b04c9e |
| SHA1 | fe8fe5bd8e358e460ea426a78b2a6183cfdc2fdb |
| SHA256 | d083190e0477f1f9b66a81ba176bfe85c6accc89ce3bc3b274d7de49cd6430d7 |
| SHA512 | 37b9c076cca951202efd34488ab2b3922c7790ed3133031c8a6fb0cdf068a406698bdb478bf4b2a724f2dd2e19f817c6770e3bc79f00acd3f3152385448da938 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0945112b362dc9ed43deb1405f4a5019 |
| SHA1 | 2d1ef22d78d9579275d1ebc4ce1ba8f5db9f9a8f |
| SHA256 | 01d55ba643163d1107fa8bd1e28002ac795c95215785a73741b95697b82e1e3c |
| SHA512 | 28f45f883eb3c4d78e7a7c4e635b2d25f68be0abc4adf6d007e874c1ef54d12dbe457d9e90f89559a8aaaffe98c7515332b3e97a06b2448d0bb1e9d57bba6949 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c610f5b7bc4a56a8a44cec8a01a58f59 |
| SHA1 | 648659d38daf4833660dbd5c1a386a48a2980e80 |
| SHA256 | 31691feb2e3a4bebaadf53707b22acdabdd8f8c96e9a81e4488473151877c397 |
| SHA512 | 1bae3a9928238020da764f6ab24001707b677f6a614833d5c2d48b9adc6f5ee680fce4c5ffa96689aa066e89262a43bdf26d429b2d51bfbc76e9c2d6a57cc816 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fa33cfb47fac08cf7ed8084c5971f528 |
| SHA1 | e34cf1346a72a9eaddfde301dcf5a5bba7799399 |
| SHA256 | 71f02aab3e0c8e83ff7ab26e51e941b77fc5822ce10c5f04fd6aa118d1d7f854 |
| SHA512 | e77ed8ebb78bcc7c7cded157f36472ab17ed54c83db2a15ea3297dc0f0d12a26b2ca34169c10890978e0e8ff8f62f044af778c2ec2c6ba256adbb5bc63bd97cd |
Analysis: behavioral2
Detonation Overview
Submitted
2024-12-11 05:44
Reported
2024-12-11 05:47
Platform
win10v2004-20241007-en
Max time kernel
150s
Max time network
144s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\e01e56eafbd16b78ba05cf5b7fc13235_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8895a46f8,0x7ff8895a4708,0x7ff8895a4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,2672516064828093031,1903375982692673177,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,2672516064828093031,1903375982692673177,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,2672516064828093031,1903375982692673177,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2672516064828093031,1903375982692673177,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2672516064828093031,1903375982692673177,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2672516064828093031,1903375982692673177,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2672516064828093031,1903375982692673177,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2672516064828093031,1903375982692673177,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2672516064828093031,1903375982692673177,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4192 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,2672516064828093031,1903375982692673177,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4796 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,2672516064828093031,1903375982692673177,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4796 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2672516064828093031,1903375982692673177,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2672516064828093031,1903375982692673177,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2672516064828093031,1903375982692673177,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6016 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2672516064828093031,1903375982692673177,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5992 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,2672516064828093031,1903375982692673177,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3124 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| US | 8.8.8.8:53 | www.instantonlinecounter.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | feedjit.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| GB | 142.250.178.14:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| FR | 216.58.215.33:80 | 4.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.180.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.180.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.180.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.180.9:443 | resources.blogblog.com | tcp |
| FR | 216.58.215.33:80 | 4.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| US | 104.164.25.193:80 | www.instantonlinecounter.com | tcp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 104.164.25.193:80 | www.instantonlinecounter.com | tcp |
| FR | 216.58.215.33:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.178.14:443 | apis.google.com | udp |
| GB | 142.250.200.33:443 | lh3.googleusercontent.com | tcp |
| GB | 142.250.180.9:443 | resources.blogblog.com | udp |
| GB | 172.217.16.225:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.9:443 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| GB | 142.250.200.34:445 | pagead2.googlesyndication.com | tcp |
| FR | 216.58.215.33:80 | 3.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.147.35:80 | www.facebook.com | tcp |
| GB | 163.70.147.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 173.194.69.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | 134.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.215.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.179.139.118.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.147.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.200.34:139 | pagead2.googlesyndication.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 84.69.194.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.20.217.172.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| NL | 173.194.69.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | drleemind.blogspot.com | udp |
| FR | 216.58.213.65:80 | drleemind.blogspot.com | tcp |
| US | 8.8.8.8:53 | 65.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.42.69.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f426165d1e5f7df1b7a3758c306cd4ae |
| SHA1 | 59ef728fbbb5c4197600f61daec48556fec651c1 |
| SHA256 | b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841 |
| SHA512 | 8d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6 |
\??\pipe\LOCAL\crashpad_2152_TGNKZXKLEJORJMAE
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6960857d16aadfa79d36df8ebbf0e423 |
| SHA1 | e1db43bd478274366621a8c6497e270d46c6ed4f |
| SHA256 | f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32 |
| SHA512 | 6deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 472f3feb2aed93a69772cc09c7d57cc3 |
| SHA1 | a7a146ce085f6b7d294162e461589d0fd049169e |
| SHA256 | eaf2b54c1086805ae25f67346ee927b75b681a0561a473b22bcafcb5b289dea7 |
| SHA512 | 712d749a2ffcd15d8c697b1158fdf397798b751905833dc418130db6cf7bd4fbdb1cc25a5a342cdbcd746d6a21b5c2fcef040fd408cff2a841f8180d549ee10a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | d2e1a68a8d49db7de03667b879fbd825 |
| SHA1 | b4c43087b65022db8084ea52aee6eee64705ca7e |
| SHA256 | a5edbe6b911c21d7cfde49cb8f7b3987e441254b4b2272772fd8fbf5dc6b5f3a |
| SHA512 | 8e1502523ffd5d9d102550a231c0cc8a72352febca41bc5226d88ae26bc26801da157a129927af7fb6d84445583adcb6a1fc7e55beff76d9904da01b69e72d54 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 612b462cfaa4f0a766b620819357ac5e |
| SHA1 | 0c504e84ebe7ca2daff75ccdf2f640459285f2a7 |
| SHA256 | f02907ca55937db9965f49f0aad9de2add126ede1816e4bc7fb5fba03b8331be |
| SHA512 | 16fd686ab9c5a2438dbecdadc416f29221aad1ff06ab59f925cf9ec5ffffdbcb1afe1c2dc3546e4d9fcec5444e1680bc019e1bf85322eea2fa5fc1572b9c5ba3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | e50a680b9ebbae5afcf9ac888d101c8f |
| SHA1 | e5a32daa600204a1908687bce06d080082e54675 |
| SHA256 | e4d5cb020a320082c5fa6bd43076884bce261befa1fc4e783744a163a5764cea |
| SHA512 | cf466fc4a5a40fac04b67f8a67dfab218ad34ba8073ab48f5a04257319270b8c038ce93a0f89f031a718f7dd15025db3b2d44399f1745581ac83a02624d2e484 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | deaf57a563f10a8812975ee344526a02 |
| SHA1 | 3f8e6784b89c0c807c32d80f0632d40ca177c3f7 |
| SHA256 | 75733b21f96ffa16ba9abf0f94b1113fc9727f50c86d85c95bd2aafc3dd16356 |
| SHA512 | 22701cf42eacc0ea7e9d7c2ccb6f0af5f9bf66ac4ce26a87d6a5f285f3314487a50bee52797527c9c5716f546ec8b020c12a7c935a359e0009f9896baf97691d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe583311.TMP
| MD5 | d2bc792962b58d1d41ab5b04089f8118 |
| SHA1 | c6a99c509ef82cb93df4844ddc0c199a68e3468a |
| SHA256 | c0f6642afd8cd19ce3576135ff1b462fca450c1c86be720f73c4d10cb846100e |
| SHA512 | fc6ed85293abab14d0032ca1eeb4daf84c0b5cc72b4002d8dda36b23c11ca054472a58ee5c818857255d5061b7f17222553dfc422b31e38cfe0194d65ecc74c3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ffd38e1e934b4395828204f070dfd029 |
| SHA1 | 405069e2adf0f6fa59cd005b09ed59869eb8c1a7 |
| SHA256 | aef7209b6583d723f78dd10738e9c74fcb09210a8ff0ebbb7560260973c65778 |
| SHA512 | fdc0606a84eff58bd093fc6f436eaf646cad42f53971ac7a7cb434da5221d52093f24374ddb9746740df94f3383e1f1a639210e7d770b15c9558e33c67ae7ff4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 6f9731cbf621e101fb4b529308900062 |
| SHA1 | f2ef1b52debab5670ec7423a60e1e579ff8838f9 |
| SHA256 | 51ab93667c3603b39b4367c2b4ecc668785b193f621bef53cc1eeb8316201b7d |
| SHA512 | abd8cf3110140b85a387a1d68106356349b4616f3dd2800f5380999958c23cafcad331488ae4879b895e80bb58cf8f0248177057580a15d9449fa0b0d86385f7 |