Analysis Overview
SHA256
c2871c94a54231837659e4a383d0d1b538058676c6791bb8b2db6dab9fe8f1c8
Threat Level: Known bad
The file e4b887466aeeb4ac3f00e2f6451f95ad_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
SocGholish
Socgholish family
Browser Information Discovery
System Location Discovery: System Language Discovery
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-12-12 04:37
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-12-12 04:37
Reported
2024-12-12 14:22
Platform
win7-20241010-en
Max time kernel
144s
Max time network
146s
Command Line
Signatures
SocGholish
Socgholish family
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2E529791-B894-11EF-ACA4-66AD3A2062CD} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "440175073" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2252 wrote to memory of 2944 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2252 wrote to memory of 2944 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2252 wrote to memory of 2944 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2252 wrote to memory of 2944 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\e4b887466aeeb4ac3f00e2f6451f95ad_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2252 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | dl.dropbox.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | lh5.googleusercontent.com | udp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| US | 8.8.8.8:53 | lh4.googleusercontent.com | udp |
| US | 8.8.8.8:53 | rimuito.com | udp |
| US | 8.8.8.8:53 | s7.addthis.com | udp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | img580.imageshack.us | udp |
| US | 8.8.8.8:53 | ri-man.com | udp |
| US | 8.8.8.8:53 | www.mundodomanolo.com.br | udp |
| US | 8.8.8.8:53 | static.minilua.com | udp |
| US | 8.8.8.8:53 | tadezuera.com | udp |
| US | 8.8.8.8:53 | www.arreganho.com | udp |
| US | 8.8.8.8:53 | www.eutesalvo.com | udp |
| US | 8.8.8.8:53 | i.imgur.com | udp |
| US | 8.8.8.8:53 | img5.imageshack.us | udp |
| US | 8.8.8.8:53 | img526.imageshack.us | udp |
| US | 8.8.8.8:53 | www.geralinks.com | udp |
| US | 8.8.8.8:53 | www.fake-true.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| FR | 142.250.201.170:80 | fonts.googleapis.com | tcp |
| FR | 142.250.201.170:80 | fonts.googleapis.com | tcp |
| FR | 142.250.201.170:80 | fonts.googleapis.com | tcp |
| FR | 142.250.201.162:80 | pagead2.googlesyndication.com | tcp |
| FR | 142.250.201.170:80 | fonts.googleapis.com | tcp |
| FR | 142.250.178.138:443 | ajax.googleapis.com | tcp |
| FR | 142.250.201.170:80 | fonts.googleapis.com | tcp |
| FR | 142.250.178.138:443 | ajax.googleapis.com | tcp |
| FR | 142.250.201.170:80 | fonts.googleapis.com | tcp |
| FR | 142.250.201.162:80 | pagead2.googlesyndication.com | tcp |
| FR | 142.250.179.97:443 | lh4.googleusercontent.com | tcp |
| FR | 142.250.179.97:443 | lh4.googleusercontent.com | tcp |
| FR | 216.58.215.33:80 | 4.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 4.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 4.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 4.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 4.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 4.bp.blogspot.com | tcp |
| GB | 162.125.64.15:80 | dl.dropbox.com | tcp |
| GB | 162.125.64.15:80 | dl.dropbox.com | tcp |
| FR | 142.250.179.97:443 | lh4.googleusercontent.com | tcp |
| FR | 142.250.179.97:443 | lh4.googleusercontent.com | tcp |
| FR | 216.58.215.33:80 | 4.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 4.bp.blogspot.com | tcp |
| FR | 142.250.179.97:443 | lh4.googleusercontent.com | tcp |
| FR | 142.250.179.97:443 | lh4.googleusercontent.com | tcp |
| FR | 216.58.214.169:443 | www.blogger.com | tcp |
| FR | 216.58.214.169:443 | www.blogger.com | tcp |
| FR | 216.58.214.169:443 | www.blogger.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| FR | 216.58.215.33:80 | 4.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 4.bp.blogspot.com | tcp |
| US | 162.0.233.181:80 | rimuito.com | tcp |
| US | 162.0.233.181:80 | rimuito.com | tcp |
| US | 38.99.77.17:80 | img526.imageshack.us | tcp |
| US | 38.99.77.17:80 | img526.imageshack.us | tcp |
| US | 199.232.196.193:80 | i.imgur.com | tcp |
| US | 199.232.196.193:80 | i.imgur.com | tcp |
| US | 38.99.77.16:80 | img526.imageshack.us | tcp |
| US | 38.99.77.16:80 | img526.imageshack.us | tcp |
| US | 104.21.80.39:80 | www.eutesalvo.com | tcp |
| US | 104.21.80.39:80 | www.eutesalvo.com | tcp |
| FR | 142.250.179.78:443 | apis.google.com | tcp |
| US | 38.99.77.17:80 | img526.imageshack.us | tcp |
| US | 38.99.77.17:80 | img526.imageshack.us | tcp |
| FR | 142.250.179.78:443 | apis.google.com | tcp |
| US | 104.21.51.101:80 | static.minilua.com | tcp |
| US | 104.21.51.101:80 | static.minilua.com | tcp |
| US | 172.67.166.126:80 | www.geralinks.com | tcp |
| US | 172.67.166.126:80 | www.geralinks.com | tcp |
| US | 172.67.182.236:80 | www.fake-true.com | tcp |
| US | 172.67.182.236:80 | www.fake-true.com | tcp |
| GB | 162.125.64.15:443 | dl.dropbox.com | tcp |
| GB | 162.125.64.15:443 | dl.dropbox.com | tcp |
| US | 199.232.196.193:443 | i.imgur.com | tcp |
| US | 104.21.80.39:443 | www.eutesalvo.com | tcp |
| US | 172.67.166.126:443 | www.geralinks.com | tcp |
| US | 172.67.182.236:443 | www.fake-true.com | tcp |
| US | 8.8.8.8:53 | minilua.net | udp |
| US | 104.21.24.195:80 | www.mundodomanolo.com.br | tcp |
| US | 104.21.24.195:80 | www.mundodomanolo.com.br | tcp |
| JP | 202.254.234.69:80 | ri-man.com | tcp |
| JP | 202.254.234.69:80 | ri-man.com | tcp |
| US | 104.18.22.114:443 | minilua.net | tcp |
| US | 104.18.22.114:443 | minilua.net | tcp |
| US | 104.21.24.195:443 | www.mundodomanolo.com.br | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| FR | 142.250.179.67:80 | c.pki.goog | tcp |
| FR | 142.250.179.67:80 | c.pki.goog | tcp |
| FR | 142.250.179.67:80 | c.pki.goog | tcp |
| FR | 142.250.179.67:80 | c.pki.goog | tcp |
| FR | 142.250.179.67:80 | c.pki.goog | tcp |
| FR | 142.250.179.67:80 | c.pki.goog | tcp |
| FR | 142.250.179.67:80 | c.pki.goog | tcp |
| FR | 142.250.179.67:80 | c.pki.goog | tcp |
| FR | 142.250.179.67:80 | c.pki.goog | tcp |
| FR | 142.250.179.67:80 | c.pki.goog | tcp |
| FR | 142.250.179.67:80 | c.pki.goog | tcp |
| FR | 142.250.179.67:80 | c.pki.goog | tcp |
| FR | 142.250.179.67:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| FR | 142.250.179.67:80 | c.pki.goog | tcp |
| FR | 142.250.179.67:80 | c.pki.goog | tcp |
| FR | 142.250.179.67:80 | c.pki.goog | tcp |
| FR | 142.250.179.67:80 | c.pki.goog | tcp |
| FR | 142.250.179.67:80 | c.pki.goog | tcp |
| FR | 142.250.179.67:80 | c.pki.goog | tcp |
| FR | 142.250.179.67:80 | c.pki.goog | tcp |
| FR | 142.250.179.67:80 | c.pki.goog | tcp |
| FR | 142.250.179.67:80 | c.pki.goog | tcp |
| FR | 142.250.179.67:80 | c.pki.goog | tcp |
| FR | 142.250.179.67:80 | c.pki.goog | tcp |
| FR | 142.250.179.67:80 | c.pki.goog | tcp |
| FR | 142.250.179.67:80 | c.pki.goog | tcp |
| FR | 142.250.179.67:80 | c.pki.goog | tcp |
| FR | 142.250.179.67:80 | c.pki.goog | tcp |
| FR | 142.250.179.67:80 | c.pki.goog | tcp |
| FR | 142.250.179.67:80 | c.pki.goog | tcp |
| FR | 142.250.179.67:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| FR | 142.250.179.67:80 | o.pki.goog | tcp |
| FR | 142.250.179.67:80 | o.pki.goog | tcp |
| FR | 142.250.179.67:80 | o.pki.goog | tcp |
| FR | 142.250.179.67:80 | o.pki.goog | tcp |
| FR | 142.250.179.67:80 | o.pki.goog | tcp |
| FR | 142.250.179.67:80 | o.pki.goog | tcp |
| FR | 142.250.179.67:80 | o.pki.goog | tcp |
| FR | 142.250.179.67:80 | o.pki.goog | tcp |
| FR | 142.250.179.67:80 | o.pki.goog | tcp |
| FR | 142.250.179.67:80 | o.pki.goog | tcp |
| FR | 142.250.179.67:80 | o.pki.goog | tcp |
| FR | 142.250.179.67:80 | o.pki.goog | tcp |
| FR | 142.250.179.67:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | fake-true.com | udp |
| US | 172.67.182.236:443 | fake-true.com | tcp |
| US | 172.67.182.236:443 | fake-true.com | tcp |
| US | 8.8.8.8:53 | images.paraorkut.com | udp |
| US | 8.8.8.8:53 | download.ultradownloads.com.br | udp |
| DE | 185.53.177.53:80 | images.paraorkut.com | tcp |
| DE | 185.53.177.53:80 | images.paraorkut.com | tcp |
| US | 8.8.8.8:53 | www.arreganho.com | udp |
| US | 104.21.64.111:80 | fake-true.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 23.192.22.93:80 | www.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RLHRIIGD\mundodomanolo200x50[1].htm
| MD5 | 0104c301c5e02bd6148b8703d19b3a73 |
| SHA1 | 7436e0b4b1f8c222c38069890b75fa2baf9ca620 |
| SHA256 | 446a6087825fa73eadb045e5a2e9e2adf7df241b571228187728191d961dda1f |
| SHA512 | 84427b656a6234a651a6d8285c103645b861a18a6c5af4abb5cb4f3beb5a4f0df4a74603a0896c7608790fbb886dc40508e92d5709f44dca05dd46c8316d15bf |
C:\Users\Admin\AppData\Local\Temp\CabEF60.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 84525ac2c52cedf67aa38131b3f41efb |
| SHA1 | 080afd23b33aabd0285594d580d21acde7229173 |
| SHA256 | ae524d9d757bed48d552b059f951ffd25a7d963ae44a554cb1f3a9641e524080 |
| SHA512 | d898b0913b4005bbbf22a5457ad1e86345860868bc2e53187ad8267c07824d592160a27d850978ebfe78392db784fffb80b73e27418d3a71708383d738ea1d57 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 45a68b581f8619baf8153bb3d0278d1a |
| SHA1 | 1e136146f56cdd6d831aa3fdf75399b0cbb1622a |
| SHA256 | 2a5db664e077bb6c8623540a765cdb1f63a823d3154758eb4a5913ac8c2eb468 |
| SHA512 | 75679dece7bc3a8ca96ba9103360c08f2d8ca801e7f47da25c142a93d443a1dc9ca28f4d954cf3fe85e70fe277dbdee80682c10bbc14dc6541e84e3d5724e69c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 8251befb003a912432b94bcb509f0b35 |
| SHA1 | 86cdd4ac89adc6faf575d850d1593e8fc005960a |
| SHA256 | bf9e79638a8c4097bebaf8045b4d17fc45364fd4a219375af80d44bdc4d01adc |
| SHA512 | a18af807d433b43543fa2aea53bef3836dd334815b9195da57d6725ca11c06037e2381a1d66e352b3caf7808d0e466a8c490cace2d9c5d138930d6ffee2b2b10 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8B2B9A00839EED1DFDCCC3BFC2F5DF12
| MD5 | 14df3c82b90bd26f179b6c957ea151e1 |
| SHA1 | bd7aa94511d7471c2513602817cd8ed1b69ad1d5 |
| SHA256 | 5820202752bbbce9f739d097040b9dde0513d529ff63542753aa3377f5973844 |
| SHA512 | 98d388d7ac28bd4e3237aabf371795fdbf829bc561a611b630d2622fd719918c0db5158d77bf43364ef43d951dd12bfb5fdf2e4c83d563857503269fe3cb4bb7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8B2B9A00839EED1DFDCCC3BFC2F5DF12
| MD5 | 67e486b2f148a3fca863728242b6273e |
| SHA1 | 452a84c183d7ea5b7c015b597e94af8eef66d44a |
| SHA256 | facaf1c3a4bf232abce19a2d534e495b0d3adc7dbe3797d336249aa6f70adcfb |
| SHA512 | d3a37da3bb10a9736dc03e8b2b49baceef5d73c026e2077b8ebc1b786f2c9b2f807e0aa13a5866cf3b3cafd2bc506242ef139c423eaffb050bbb87773e53881e |
C:\Users\Admin\AppData\Local\Temp\TarEFE0.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199
| MD5 | c56d187c4c6b7a0be6d3edea4b3cff8d |
| SHA1 | f02fa625e5de997cb5a8f717ea246d64d98164f0 |
| SHA256 | 374ca81020ca6709ed05dd84820894b9bf1cadd709ff60d5bfaca05be80010b6 |
| SHA512 | 5f3cdb033ef0645d9d1fa6283de0543c02eabbb148999d9bf20a9180727b8e46472fd936289871e27c2c7ee05a485a7fc5fdd830e608915fc173428e40e3499d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199
| MD5 | 4ee011fd7bdbba65352272f6ee9b2d2c |
| SHA1 | 4def834feaefb4d429c3f3d845df4b916cfdb490 |
| SHA256 | 6050a9a9833770163472d9051639ab69d8e01d1358e152b5b0cfa72441fac022 |
| SHA512 | 9301552ee69cd0dcec061281ee85713febb890ede519fdca6e53e03b72ee580179c5f36fcb0b42b53d5dd95054258925049d72cf36414b3652493ff5c0d82bbf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199
| MD5 | e935bc5762068caf3e24a2683b1b8a88 |
| SHA1 | 82b70eb774c0756837fe8d7acbfeec05ecbf5463 |
| SHA256 | a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d |
| SHA512 | bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B46811C17859FFB409CF0E904A4AA8F8
| MD5 | 971c514f84bba0785f80aa1c23edfd79 |
| SHA1 | 732acea710a87530c6b08ecdf32a110d254a54c8 |
| SHA256 | f157ed17fcaf8837fa82f8b69973848c9b10a02636848f995698212a08f31895 |
| SHA512 | 43dc1425d80e170c645a3e3bb56da8c3acd31bd637329e9e37094ac346ac85434df4edcdbefc05ae00aea33a80a88e2af695997a495611217fe6706075a63c58 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199
| MD5 | 6b57a63489d90ec35afd4b177b61cfc4 |
| SHA1 | e9a68bd4fe22cd70ba58da9a91e32f14f5b80315 |
| SHA256 | b48ec8bf5a4cfc00afe1917f9d7902486ea8b64674678ae601cb4ad071b52b7f |
| SHA512 | a33d2dbd29dbd7ea6e0696892d9c9264ea8a887953299f5583be720d66126c860ef1579869e3e5daeb0fea41970539836e0a5c4ab32b6852f9e3d9815d3b6633 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C02877841121CC45139CB51404116B25_1866E19A9EA470E8F26D259D51C89BDC
| MD5 | 68f1dd7fef931519440b33f9821783ce |
| SHA1 | 4586473ba92c8aeff0542ba35572ba781db711a9 |
| SHA256 | f25478c23cc6e499c73656099450436f97956324274f395bb04c3824128a96e4 |
| SHA512 | e6ba2e8878872df774d8d9f95d8a9e07f23e1aac37c96ad06e7c581f02c1ba2c33847104f19a453407aaf438ecab80601d7f00b0e6a53b694eb225ae091ba943 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C02877841121CC45139CB51404116B25_1866E19A9EA470E8F26D259D51C89BDC
| MD5 | ca361bfd955bea9fe3130efcd826c004 |
| SHA1 | ab709d7c6b0448c9aa866ac84b16ea58a47b17e6 |
| SHA256 | 3bd99c7720f460fd14398ed5a4d3a015aa8f1ed8eeaf049a8696277ba1003611 |
| SHA512 | 62372ba153d07acfcb6a78222460cf691ee39a10d0f72f8765f519c2f997f2ed252a1c24da88eb015ac249e40f390be1ca93ef31c47a992f56a73cd39e42d14e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 304c3265f8e4df9f39b615241de06094 |
| SHA1 | b5edeaa18fc1122124bda088bbfe9a61c40b5d19 |
| SHA256 | b2b250b0e17ec655e27657b802062b2edd10484fabaf812d14b4caef3d3f057e |
| SHA512 | 5f48513065974cb859512b7ee4611b5f3e0e90cda91ded5be52abdb2ccb284b8466601d698962547a17f2605033a0c8f07d129257ab87c33c6dbfbc72118d6b6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | f0fd97a972b84ca9165bb2e1aa17dc99 |
| SHA1 | af5535c1b42a9ceda8435e72d9d65905686dde54 |
| SHA256 | 05b017225f51b7f2f2dbd511039c30a650cf44a6cf01af2a2f095d847e4c6157 |
| SHA512 | 49a1b299b288477bb27f85df9804e784c42b56e35094b8b09e0dffe7f892ae749dcc04a1b9ed701ee7b618e2aaf11173562195e5f5d5f80c21182ec193aaf4ce |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e23a73163ca01be5898b2bec7afa93c3 |
| SHA1 | f557afa0cb4376ebd4e01936bec7cc0cb55089fd |
| SHA256 | 2f0ef819f7883287eeef137a3977410f96b5d8a3cf33a5eefe279a5e1e67c4ce |
| SHA512 | 809f080a3ac417213795d7f1fa8d20e0adc7aff621ed5539d6332ca102e8ab937798be33875e90dae8e01fee2220fb2af66f46d80c6173cef0ecfc7cb0f1b298 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0189f1421804410d924b2cb90d6b1460 |
| SHA1 | ff5ae041169523a2fd4691eff3a17bb542a31a7a |
| SHA256 | ebdea1cff5c5b5f7919469e60895422fdf6e1b8fd45be81813323404221a649e |
| SHA512 | 7240e92f58966a13e99102e3c924cf98f092d13485b93cb9024a57765cf4b8e29e869b7d35e33829f7d7efae081d4bc51c8a48a4e3b5c9b0e0e16db309752b61 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 55d2893abd6c23a49e69d2e9a60d230b |
| SHA1 | 6eee34f37074a869cade9a4f11ce905984161709 |
| SHA256 | 70bb4bf64f948d17f36119c0a34718ec69fef547bdc28f7e32863cc0a1182ae6 |
| SHA512 | d36aecfb39fec4fa0ea53aa1c64d2911c194bc44f073e42fa56437eef9dd73e433faed80582897669c0dd7f2c7c0cb4af49d398f2b15046219c877c054cff9ab |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | da0a0afa720ecf970c54a3d08c64580c |
| SHA1 | 4b83100773f25f7b0e836714b18db97afd94747c |
| SHA256 | 91067e1f5a3af741c0992986bdadb16fe27265ceed92420985b3fb3f5728e624 |
| SHA512 | 261a37dfe56e28ad28743c3ff2c1a05aff19d8672a1ec881d9e71a30a2ca25399339311df0c51860c459e9456e7b73e564807112a51962e29137cdbff7451923 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 75ab9d371ed8d11644ec7a8099bcd317 |
| SHA1 | f120c9006cc246c4bd65b906ee9b483a2560295a |
| SHA256 | 3aff6a40d344f3dfa36d2a8c00769d624fdfc6b44e6f6358b50426b41f14dacc |
| SHA512 | 3aeadcd95d87475756ad723532d199d0cb3cd516a2647ec7e7887177968af6bb8d970e8ead7bdf364269055b03141c91b6ebc5a3ffb3ba275f1b29e18a3d892a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | f269890148a7cc048ee3dd4a6d65b10a |
| SHA1 | dafd874116ad815964a58fe7d9e609d0694f01a7 |
| SHA256 | a0fd47e0a2ee7a9f51a3043f04f477bb36c18e24dbfac561f51cadd8b5a60f90 |
| SHA512 | 36f69d314609bff25e8eee0d12b265d044d12221908a2d5ddba01a0cbea23e288c6191137eca4073018ca5d8cc82eaaf745d7c404429c9d0fc14c3475a1a4098 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 74887bc73600028a7d7a3737db42738e |
| SHA1 | f480d1fd8d3e561412a3c07598fccddc53ee2003 |
| SHA256 | d6052e86843dd60aa4c95f12a935cfd2202f6b844cf451be95d374e0099db454 |
| SHA512 | 910acedc78aafc946a24d222feb1567f5227cb5b54ad488636415ce7cfed725b5fd1f30a0387bfb9183e9cf78425e4d679fe12fe702b4b4fdb5d6ea88ab81535 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 42e05ce5d7216d9a39e4cf5c32ee02f5 |
| SHA1 | 7931b2d1e0cb9a1bac49f39c68d1f50d16c81ff6 |
| SHA256 | 34a03f5f673f2895a2aae3f5b53d0093e9e92064b10b8354a7371778953ebc18 |
| SHA512 | e2c1e4c5f6f93795ff02e46889201b45c3300a91f5c3fcabe340eb3ef23692ebfd3ee360dc5cdd2e3edae03e5c0d1607f322d60980e43e6c3d44e50a2b368e68 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a54c9a9b151de7fd61590ae78e481342 |
| SHA1 | a0275260d58a38cf6547b13923c2c9aba990d32e |
| SHA256 | 4b15fc418f165f1b7654f9de08e430f4e39301e2060e174653db89c4968d64f9 |
| SHA512 | c375c1622e3792ef6cc2e39c84aeb11f83c116549d99140a6b62d40b83f1ec33f83a13e1f17b4531969ad926d431f98a48bc06c18962e516f011eb09b6cbc818 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | df3f0a07023ef47cda7939e1d028e4c3 |
| SHA1 | e89cb55ca69296ff6676c832bbde246db33b4f58 |
| SHA256 | 303b2b38ccfbbf084cc389fbc4a03b472403e5604cd11553c8bce640896e1da8 |
| SHA512 | 2a16369c272285d35f87055ce5e2c52f1b03fcac10177050af057796f01c92dcf690e40c89fd6afdcd30a81ab41b4bf341b53dd03473259eb2aec3737f5864c8 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-12-12 04:37
Reported
2024-12-12 14:22
Platform
win10v2004-20241007-en
Max time kernel
145s
Max time network
143s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\e4b887466aeeb4ac3f00e2f6451f95ad_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffabf6646f8,0x7ffabf664708,0x7ffabf664718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,8931445185380776302,13484089225643304932,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,8931445185380776302,13484089225643304932,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,8931445185380776302,13484089225643304932,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2712 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,8931445185380776302,13484089225643304932,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,8931445185380776302,13484089225643304932,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,8931445185380776302,13484089225643304932,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,8931445185380776302,13484089225643304932,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,8931445185380776302,13484089225643304932,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,8931445185380776302,13484089225643304932,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,8931445185380776302,13484089225643304932,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1324 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | lh3.ggpht.com | udp |
| US | 8.8.8.8:53 | dl.dropbox.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| FR | 142.250.201.170:80 | ajax.googleapis.com | tcp |
| FR | 142.250.201.170:80 | ajax.googleapis.com | tcp |
| FR | 142.250.201.170:80 | ajax.googleapis.com | tcp |
| FR | 142.250.201.170:80 | ajax.googleapis.com | tcp |
| FR | 142.250.201.170:80 | ajax.googleapis.com | tcp |
| FR | 142.250.201.170:80 | ajax.googleapis.com | tcp |
| FR | 142.250.201.170:443 | ajax.googleapis.com | tcp |
| GB | 162.125.64.15:80 | dl.dropbox.com | tcp |
| GB | 162.125.64.15:80 | dl.dropbox.com | tcp |
| FR | 216.58.215.33:445 | lh3.ggpht.com | tcp |
| FR | 216.58.214.169:443 | www.blogger.com | tcp |
| GB | 162.125.64.15:443 | dl.dropbox.com | tcp |
| GB | 162.125.64.15:443 | dl.dropbox.com | tcp |
| FR | 172.217.20.163:80 | fonts.gstatic.com | tcp |
| FR | 216.58.214.169:443 | www.blogger.com | udp |
| US | 8.8.8.8:53 | s7.addthis.com | udp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | rimuito.com | udp |
| US | 8.8.8.8:53 | lh5.googleusercontent.com | udp |
| US | 8.8.8.8:53 | lh4.googleusercontent.com | udp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | www.mundodomanolo.com.br | udp |
| US | 8.8.8.8:53 | images.paraorkut.com | udp |
| US | 8.8.8.8:53 | ri-man.com | udp |
| US | 8.8.8.8:53 | download.ultradownloads.com.br | udp |
| US | 8.8.8.8:53 | img580.imageshack.us | udp |
| FR | 142.250.179.98:80 | pagead2.googlesyndication.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| FR | 142.250.179.78:443 | apis.google.com | tcp |
| FR | 216.58.215.33:80 | 4.bp.blogspot.com | tcp |
| FR | 142.250.179.97:443 | lh3.googleusercontent.com | tcp |
| FR | 142.250.179.97:443 | lh3.googleusercontent.com | tcp |
| FR | 142.250.179.97:443 | lh3.googleusercontent.com | tcp |
| FR | 142.250.179.97:443 | lh3.googleusercontent.com | tcp |
| US | 38.99.77.16:80 | img580.imageshack.us | tcp |
| FR | 216.58.215.33:80 | 4.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 4.bp.blogspot.com | tcp |
| FR | 142.250.179.97:443 | lh3.googleusercontent.com | tcp |
| FR | 216.58.215.33:80 | 4.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 4.bp.blogspot.com | tcp |
| US | 162.0.233.181:80 | rimuito.com | tcp |
| FR | 216.58.215.33:80 | 4.bp.blogspot.com | tcp |
| DE | 185.53.177.53:80 | images.paraorkut.com | tcp |
| US | 8.8.8.8:53 | static.minilua.com | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.201.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.64.125.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.215.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.177.53.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 104.21.51.101:80 | static.minilua.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| JP | 202.254.234.69:80 | ri-man.com | tcp |
| US | 8.8.8.8:53 | minilua.net | udp |
| US | 104.18.23.114:443 | minilua.net | tcp |
| US | 8.8.8.8:53 | tadezuera.com | udp |
| US | 8.8.8.8:53 | www.arreganho.com | udp |
| FR | 216.58.215.33:80 | 4.bp.blogspot.com | tcp |
| US | 172.67.220.32:80 | www.mundodomanolo.com.br | tcp |
| JP | 202.254.234.69:80 | ri-man.com | tcp |
| US | 172.67.220.32:443 | www.mundodomanolo.com.br | tcp |
| FR | 216.58.215.33:80 | 4.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | www.eutesalvo.com | udp |
| US | 8.8.8.8:53 | i.imgur.com | udp |
| US | 8.8.8.8:53 | search-blogger.com | udp |
| FR | 216.58.215.33:80 | 4.bp.blogspot.com | tcp |
| US | 104.21.80.39:80 | www.eutesalvo.com | tcp |
| FR | 142.250.179.78:443 | apis.google.com | udp |
| US | 199.232.192.193:80 | i.imgur.com | tcp |
| US | 199.232.192.193:443 | i.imgur.com | tcp |
| US | 104.21.80.39:443 | www.eutesalvo.com | tcp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| FR | 142.250.178.142:80 | developers.google.com | tcp |
| US | 216.239.32.21:80 | search-blogger.com | tcp |
| US | 8.8.8.8:53 | img5.imageshack.us | udp |
| US | 38.99.77.16:80 | img5.imageshack.us | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| GB | 74.125.71.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | www.search-blogger.com | udp |
| US | 8.8.8.8:53 | img526.imageshack.us | udp |
| FR | 142.250.178.142:443 | developers.google.com | tcp |
| US | 8.8.8.8:53 | www.fake-true.com | udp |
| US | 8.8.8.8:53 | www.geralinks.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 104.21.58.245:80 | www.geralinks.com | tcp |
| US | 38.99.77.16:80 | img526.imageshack.us | tcp |
| US | 104.21.64.111:80 | www.fake-true.com | tcp |
| US | 104.21.58.245:443 | www.geralinks.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | widgets.amung.us | udp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| FR | 142.250.201.162:443 | googleads.g.doubleclick.net | tcp |
| FR | 142.250.179.99:443 | ssl.gstatic.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 104.22.75.171:80 | widgets.amung.us | tcp |
| US | 8.8.8.8:53 | 16.77.99.38.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.233.0.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.51.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.179.139.118.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.23.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.220.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.234.254.202.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.80.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.192.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.71.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 245.58.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 111.64.21.104.in-addr.arpa | udp |
| FR | 172.217.20.179:80 | www.search-blogger.com | tcp |
| FR | 172.217.20.179:443 | www.search-blogger.com | tcp |
| US | 8.8.8.8:53 | whos.amung.us | udp |
| US | 104.22.74.171:443 | whos.amung.us | tcp |
| US | 8.8.8.8:53 | 99.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.75.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 179.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.74.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | lh3.ggpht.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| DE | 185.60.217.28:445 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| DE | 185.60.217.28:139 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| FR | 172.217.20.194:445 | pagead2.googlesyndication.com | tcp |
| FR | 142.250.179.98:139 | pagead2.googlesyndication.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 61cef8e38cd95bf003f5fdd1dc37dae1 |
| SHA1 | 11f2f79ecb349344c143eea9a0fed41891a3467f |
| SHA256 | ae671613623b4477fbd5daf1fd2d148ae2a09ddcc3804b2b6d4ffcb60b317e3e |
| SHA512 | 6fb9b333fe0e8fde19fdd0bd01a1990a4e60a87c0a02bc8297da1206e42f8690d06b030308e58c862e9e77714a585eed7cc1627590d99a10aeb77fc0dd3d864d |
\??\pipe\LOCAL\crashpad_1956_XBMRYVPVBIKNSKEP
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 0a9dc42e4013fc47438e96d24beb8eff |
| SHA1 | 806ab26d7eae031a58484188a7eb1adab06457fc |
| SHA256 | 58d66151799526b3fa372552cd99b385415d9e9a119302b99aadc34dd51dd151 |
| SHA512 | 868d6b421ae2501a519595d0c34ddef25b2a98b082c5203da8349035f1f6764ddf183197f1054e7e86a752c71eccbc0649e515b63c55bc18cf5f0592397e258f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a860ad6ba40575d47cc64a38e0a014a9 |
| SHA1 | 585b70cfb85b63363fe0d5ba5efb6ac516443eb8 |
| SHA256 | c0cf7ff876afd837fe690421a62604c736a65583105b90c1d7730d3fce4b700b |
| SHA512 | 5930b212018b1e8b6684087439e9e3235762af498faed7327b64bd5ffea37aa68b8f9a8c67c80f545a4ba59febc3152cea8e8d8a63c844f2c78f0054a37dc277 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012
| MD5 | 9631c594f55c395f07b12046cb8fbf9d |
| SHA1 | cd6532d1689166c19477923c73083eaaf8cd21e3 |
| SHA256 | a56a5d0f5f612bd39fb02fa1ff7a721a33fcb841f40c48757381b3b7c4a25726 |
| SHA512 | 5d3bada46dbc583755c279b5ff3c155e15f16d51b6522752ab289bdb62b71abe1d91def5733ef7e77fc01d127508d07e2c67e731bde26a478c4780c8918ba105 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | d92d7fe1255329456113f6f67b2ebc03 |
| SHA1 | 703f079b43e81d81b2c92fd8e1b7c143f756842e |
| SHA256 | 09cb1963f65ea976807f28ecde64905f3cfc4ccc05adf8c70c7bb6380a0ec375 |
| SHA512 | 312a1e57e69a6018734a394fa279c41c2097e027487b3863710926c8abb2faf8753696c5e2b9c3ae5b6d5364961f238eee13e5ae8103583fec97fa705fabffee |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7f04cc9dbd408287718e6e8e2ea1735d |
| SHA1 | 7f7fedf0a74c2dc4a425ed129817c18d417b332c |
| SHA256 | 69411a53e6138c7a5232016deee711955ae59e7cd05e8ed12d0c0cd2b100cb8a |
| SHA512 | 61270dcd979d5f805f1130bdf659512bca8aec568eeb22b2119c011101b222e073c864d94acae0950963f340f7d44e2cf6e75dfb7465f62325eb8b57ad4f44be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 3def770f03876918d8a143d925aa91e4 |
| SHA1 | 02f6f0b02545d1cfde8172446acbe7ba21a07f53 |
| SHA256 | d878c5c170e8c077d75dbdc9f7f30bb18750f4955f9028770fa50f6e295399e6 |
| SHA512 | 6297e4c34fef23464bc86462185932e2852118d9c40865d97ceb36769f16fa6459ec92e08f4e365079842b4188ff8d78f317ddff8c3a6e2801316081213698cd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 4c9008c5c823d31c502e81cae7f499bb |
| SHA1 | f1727f6b437750b803a03d4521592524a2c68752 |
| SHA256 | b41e8a97b8b338c0403576cea267a7f7090898b96a3b1fa18b9c4cbbb34ec7b2 |
| SHA512 | 95c41bb173d57cc9a1d816eb0dd42f2185c8243f3f0f362cb54008436332e118bcda5bc2f8b3fdcc0806005c12809324f862d2e5972b4793bf8863ec6c1d5bf5 |