Analysis Overview
SHA256
b82d29ee10181209c5e02e6fe11ca4ed4bef4a35120ab64d2fee20aac6616595
Threat Level: Known bad
The file e7509e4e327215dbe8de7b22039a639e_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
SocGholish
Socgholish family
Detected phishing page
System Location Discovery: System Language Discovery
Browser Information Discovery
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-12-12 16:41
Signatures
Detected phishing page
Analysis: behavioral1
Detonation Overview
Submitted
2024-12-12 16:41
Reported
2024-12-12 16:44
Platform
win7-20241010-en
Max time kernel
142s
Max time network
150s
Command Line
Signatures
SocGholish
Socgholish family
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{033E9401-B8A8-11EF-80AB-7A300BFEC721} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "440183595" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2368 wrote to memory of 1936 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2368 wrote to memory of 1936 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2368 wrote to memory of 1936 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2368 wrote to memory of 1936 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\e7509e4e327215dbe8de7b22039a639e_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2368 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | farm5.static.flickr.com | udp |
| US | 8.8.8.8:53 | farm4.static.flickr.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | img1.blogblog.com | udp |
| US | 8.8.8.8:53 | synad2.nuffnang.com.my | udp |
| US | 8.8.8.8:53 | i844.photobucket.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| US | 8.8.8.8:53 | referer.org | udp |
| US | 8.8.8.8:53 | twitter.com | udp |
| US | 8.8.8.8:53 | pipes.yahoo.com | udp |
| US | 8.8.8.8:53 | kunoichi.info | udp |
| US | 8.8.8.8:53 | www.kuizikel.com | udp |
| US | 8.8.8.8:53 | pr.prchecker.info | udp |
| US | 8.8.8.8:53 | s10.histats.com | udp |
| US | 8.8.8.8:53 | feedjit.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 52.84.172.83:80 | farm4.static.flickr.com | tcp |
| FR | 52.84.172.83:80 | farm4.static.flickr.com | tcp |
| FR | 52.84.172.83:80 | farm4.static.flickr.com | tcp |
| FR | 216.58.214.169:80 | img1.blogblog.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| FR | 216.58.214.169:80 | img1.blogblog.com | tcp |
| FR | 216.58.214.169:80 | img1.blogblog.com | tcp |
| FR | 52.84.172.83:80 | farm4.static.flickr.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| FR | 216.58.214.169:80 | img1.blogblog.com | tcp |
| FR | 216.58.214.169:80 | img1.blogblog.com | tcp |
| FR | 52.84.172.83:80 | farm4.static.flickr.com | tcp |
| FR | 216.58.214.169:80 | img1.blogblog.com | tcp |
| FR | 52.84.172.83:80 | farm4.static.flickr.com | tcp |
| FR | 216.58.215.33:80 | 2.bp.blogspot.com | tcp |
| FR | 52.84.172.83:80 | farm4.static.flickr.com | tcp |
| FR | 216.58.215.33:80 | 2.bp.blogspot.com | tcp |
| FR | 52.84.172.83:80 | farm4.static.flickr.com | tcp |
| US | 104.244.42.65:80 | twitter.com | tcp |
| US | 104.244.42.65:80 | twitter.com | tcp |
| FR | 142.250.201.162:80 | pagead2.googlesyndication.com | tcp |
| FR | 142.250.201.162:80 | pagead2.googlesyndication.com | tcp |
| GB | 13.224.81.90:80 | i844.photobucket.com | tcp |
| GB | 13.224.81.90:80 | i844.photobucket.com | tcp |
| FR | 216.58.214.169:80 | img1.blogblog.com | tcp |
| US | 67.227.215.171:80 | pr.prchecker.info | tcp |
| US | 67.227.215.171:80 | pr.prchecker.info | tcp |
| US | 104.20.2.69:80 | s10.histats.com | tcp |
| US | 104.20.2.69:80 | s10.histats.com | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| NL | 190.2.139.23:80 | kunoichi.info | tcp |
| NL | 190.2.139.23:80 | kunoichi.info | tcp |
| GB | 13.224.81.90:443 | i844.photobucket.com | tcp |
| FR | 52.84.172.83:443 | farm4.static.flickr.com | tcp |
| FR | 52.84.172.83:443 | farm4.static.flickr.com | tcp |
| FR | 52.84.172.83:443 | farm4.static.flickr.com | tcp |
| DE | 64.190.63.222:80 | referer.org | tcp |
| DE | 64.190.63.222:80 | referer.org | tcp |
| FR | 52.84.172.83:443 | farm4.static.flickr.com | tcp |
| FR | 52.84.172.83:443 | farm4.static.flickr.com | tcp |
| FR | 52.84.172.83:443 | farm4.static.flickr.com | tcp |
| FR | 52.84.172.83:443 | farm4.static.flickr.com | tcp |
| FR | 216.58.214.169:443 | img1.blogblog.com | tcp |
| US | 104.244.42.65:443 | twitter.com | tcp |
| US | 104.244.42.65:443 | twitter.com | tcp |
| US | 104.244.42.65:443 | twitter.com | tcp |
| US | 104.244.42.65:443 | twitter.com | tcp |
| US | 8.8.8.8:53 | crt.rootg2.amazontrust.com | udp |
| US | 104.244.42.65:443 | twitter.com | tcp |
| US | 8.8.8.8:53 | crt.rootg2.amazontrust.com | udp |
| FR | 3.164.163.87:80 | crt.rootg2.amazontrust.com | tcp |
| US | 104.244.42.65:443 | twitter.com | tcp |
| FR | 3.164.163.87:80 | crt.rootg2.amazontrust.com | tcp |
| US | 67.227.215.171:443 | pr.prchecker.info | tcp |
| FR | 3.164.163.90:80 | crt.rootg2.amazontrust.com | tcp |
| FR | 52.84.172.83:443 | farm4.static.flickr.com | tcp |
| US | 104.244.42.65:443 | twitter.com | tcp |
| US | 104.244.42.65:443 | twitter.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| FR | 142.250.179.67:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| FR | 142.250.179.67:80 | o.pki.goog | tcp |
| FR | 142.250.179.67:80 | o.pki.goog | tcp |
| FR | 142.250.179.67:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | r10.o.lencr.org | udp |
| GB | 23.56.238.90:80 | r10.o.lencr.org | tcp |
| US | 8.8.8.8:53 | blog.kuizikel.com | udp |
| US | 8.8.8.8:53 | www4.shoutmix.com | udp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 216.58.214.169:443 | img1.blogblog.com | tcp |
| FR | 216.58.214.169:443 | img1.blogblog.com | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| FR | 142.250.179.99:443 | ssl.gstatic.com | tcp |
| FR | 142.250.179.99:443 | ssl.gstatic.com | tcp |
| FR | 142.250.179.67:80 | o.pki.goog | tcp |
| FR | 142.250.179.67:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 23.46.73.244:80 | www.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NT668XG4\4570062032_112786f013[1].htm
| MD5 | f5d40b7259645010f9a248858ad14178 |
| SHA1 | b3051d17a6ec8c9e166bf09a62b48261ab86957b |
| SHA256 | 7f5007068d2b56ea9735e2490d60cff2e72cae312024ac1f6c91158eba47d05d |
| SHA512 | 1e82bc2d067f726670b3e6054d73e57868f6e7c50eb979696bf927daeef699f2d8f8de201e8252b86b0e9f86dc69e5037fc9fa08ef6c271b033f29d4f0f4c1aa |
C:\Users\Admin\AppData\Local\Temp\TarCF82.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\Local\Temp\CabCF83.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DABA17F5E36CBE65640DD2FE24F104E7
| MD5 | c6150925cfea5941ddc7ff2a0a506692 |
| SHA1 | 9e99a48a9960b14926bb7f3b02e22da2b0ab7280 |
| SHA256 | 28689b30e4c306aab53b027b29e36ad6dd1dcf4b953994482ca84bdc1ecac996 |
| SHA512 | b3bd41385d72148e03f453e76a45fcd2111a22eff3c7f1e78e41f6744735444e058144ed68af88654ee62b0f117949f35739daad6ad765b8cde1cff92ed2d00c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
| MD5 | eec96a36b08884f49ba34f6ef60d76ff |
| SHA1 | 8438e4d695a9a27feb1dc1b69ff30278499e33c0 |
| SHA256 | 06f1d0acc2e9874d96a3df20f17dcdd20256e90169ece876b942100a965bd906 |
| SHA512 | 51f3be95a1cee0503af0baf3128d7eab22cdac3e29c438dac0b6055b668176fe85381c8ef5b65e0d86de301cbef1a97d8e15f3cfd3341b4a3cbaf9defc9ef1bf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
| MD5 | 55540a230bdab55187a841cfe1aa1545 |
| SHA1 | 363e4734f757bdeb89868efe94907774a327695e |
| SHA256 | d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb |
| SHA512 | c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DABA17F5E36CBE65640DD2FE24F104E7
| MD5 | 845bd33695fe02874147271da12d276b |
| SHA1 | cefa7278dff1d833483609cee39b3531a5d282d6 |
| SHA256 | 752b2a860cae1aa599f2acaa6c9ede2e8b37094e5dce61a647dd916840347200 |
| SHA512 | 1fb0f87046c896977c3b7ae96e2ba3a1a56e1679aa8a1740a8295967d7371f385005d8d241b7ca3f5fb9d175e6ed7cca33098a601cc343271daf221e11b49278 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4836e91eb60799b8e18cae0e0d42aaac |
| SHA1 | 4f94bad854df84a9a055d90c4dd9cc923a17a474 |
| SHA256 | 7121ab8ec5d01bba3e57b5c3c738ef6fc31f0b5a99931e709cdfed8377e3c888 |
| SHA512 | 2c19234f80966f9fad7a9a215011e20e3f58531a91f2bf2c948d3cd3ff6fb9ff8208c9a53cd9418e4a66ce8bac45819149ffe4eaac36a49dc4d1b045e6dcfef8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7d1a011644ac836a1cd6e3391dafa507 |
| SHA1 | 52ac3b1a3e9f622bea1a581cb598be27e9af8461 |
| SHA256 | c81644308248c6740013c022691dc656584bf56f76c31b0bac9fd0bb0703bd88 |
| SHA512 | a0de053d0ce7b1dc2c57db747507503102f33168082f923b7ad98c403c6f853f32f19d6a321b6554bf6a77a63e2de7ae03c82ec95f537332adb1ab38b91ee9b7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 87a6b093f399e25a842f844e5e9d8710 |
| SHA1 | 7f604b01afc678a54fd26a74d936b16e32551ba9 |
| SHA256 | dbe55e8630a0e09dd5650316e6aa2cbc1f34d4e04c18c28a5323ca8de61ac213 |
| SHA512 | 68907b0b5b31ba34a32107c531b22029f4d5e10fd5c4df6feaff2b52dec1c0e6701284608ae4a40b6a58c23e6e5561810da93e12ac52cee3f2575bb7a1af21e9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dbea452272df1aa94625b19c66985019 |
| SHA1 | c03f821d43dbef51c51ec1f0c288bd7d261857bf |
| SHA256 | 711332940d53715982fa69e32a136c8923868c6e2fbbefda08b6069af33e828d |
| SHA512 | 3b3770ee6389e186f98869e36b63d5e7182c185919f63af4a2d2f53cb0ba41cd81ffda4b1ec27e4b7ed38b5d410c59f7433757eb4a25626063ea4b445cd54869 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 76472bacfd7bad3bb9e1402a66bbd9da |
| SHA1 | ba61bcb80203a630f206706cdc42725c0893350f |
| SHA256 | 3fe31274c11f134d9a96386aa97e0787fc47cbbb5a91c31ea1e664632dc4c69c |
| SHA512 | e72a670b27319698af90192f41194cedaa6144e7c00c7e19de16c912649c2ef0cfc33b9107af2e00327524be0b6629bf6c0019c9f3ef828f30951b13688d872a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | baaa21ff4bbd4640fc2a61dd8a63a444 |
| SHA1 | 97369044fceb56f8795714e3faad3692d20b85d5 |
| SHA256 | 8958a17d1ca6094dff2959621f368296f1b924f5b2939698ae0477fa67d07096 |
| SHA512 | f6ee92c0b37bc8c57301e0261fd6a67294d8d6269e9444efe5f1e0a0923f7420b823289580fdb12efcfe430da51c0ca35ccc831de143ee9c3d6f9363524f99ff |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7217923c4c1a488fa25335cde883430e |
| SHA1 | 0dd1cd4c491072ca6472457868020b45f3001f2c |
| SHA256 | 2b03ba4523d4b5815138dfe1b82e8ad3401745dd119fc37a74f090ddcf05a8c4 |
| SHA512 | 1e8b85f63f75af2ffcfe00e0b2ce078ae45fdd77647945e6e3482184d941dad9c4fdfb9a5b2836ca1c766a6ae7a73bc17049953a756f8937329a0587e68ba67e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | abc03e59f77e977918ebd149298987a7 |
| SHA1 | 84cb6c00d08a45e5fb55d26b7c86a96984e54fa1 |
| SHA256 | e51bbf52c77bee21589295f613212c58231ff76253feb60f741153436d4ba7b4 |
| SHA512 | d8ee71afadc471424102c014a120df4e30372097cd938fae8a6c386cbf733f748456914cf73295229e9daade3407ea45a16ff6beff934ce3313fe5f4829f5266 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1debb91f1bda83e9ea4c3c89d4929c9f |
| SHA1 | a9c59c677acaeca40d11a2a7e7ccc9a0813ca0ef |
| SHA256 | 14bb6694e5324ddd77c6eb0e3f77b814647649691e254b299ce09acdb8193d22 |
| SHA512 | 75c1bceff547b8e44a1d52274d085ba2f018ed06326b71a83b4e345bc85d240072d9312ac68b1a8e1b3aef04cdf021e9123509438aa445f1ab198a5e0feff8ee |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8b875bf5196af06df45e916b45f74674 |
| SHA1 | 14d4c9b9faed083ac0cd2d403d9fc1ac1063c7f6 |
| SHA256 | 1825935b9ae2b24d5f03a515ded8e316c5c2abf543503d1784cf8d0f6ea142d0 |
| SHA512 | b5ddb7472884e9452e882399f6a53e8535db93d86a761d5e010120c2833ecd24de6bedcc636f442ff396616c39a70144ec5a2548475d21df25d92a55acc0f890 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | af31ed941c9e8f6aa20a78dfe3d3b581 |
| SHA1 | c630454fa85463c6ab546fe0cab27d7ea002aed4 |
| SHA256 | 587f71663d4370177e1602f958273ad85ec32c4334a3d899d8fb70c47d3f6109 |
| SHA512 | 83b6448ae395913c8b85d4f27f0f931cb626e737b04c2209d1a51f26166d728c4aaeb240da720ce62ad725988ec7182d8bfd7a1999e3735ac6f5bdb5c259c4ef |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62
| MD5 | ca22b24925d629641254dd8c30dacaa3 |
| SHA1 | 3194cbce708f46d509d04cc2d4dbc7c47ca518f2 |
| SHA256 | 6f9d4f78c423ae6e7aae08ae7c49f12713f9bd203d796f7ad759017a35010981 |
| SHA512 | 737a25d724b0de590ed386337a4a82443cce6adcab40b85645ab6f7f245f8966307591e79cf5a7d0c4ea8516abd365b5b7678e38b8e2f382b5ce8874ce88c13f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62
| MD5 | 460367e478a0cccff982d1d7679a0946 |
| SHA1 | 9626c92018ba4e6b93eecca53adae55c317200c6 |
| SHA256 | 7490ee52cc557cae42876ab5d0937f9ebfabfd7398daeb9ca4161d152756a6aa |
| SHA512 | 1d42ef9ecc078a55e8178028b24bb5ecc0a0e14425de685643317476daf0dc1c6031b597acf4242bbb7cd7ec6f802b1432a3554f917a08ffee2c06940c79ebc7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62
| MD5 | a03b4690b38140060d96d11c78591bd7 |
| SHA1 | ace420c78689d58cc5d0045d5bd5bc3126e3290f |
| SHA256 | 5ea5962a68b94ebe3377dc7e4ab92e5e3ae944a0922421de03469f13c6637283 |
| SHA512 | 724ffda4649a57f1b6a3277a6e2ac9716a82791bd6f86aa741e4084351ba514b4982295abb11db7f04da90f2a3dabe0bd7a3952b3c0edce89b6498effa494b03 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894
| MD5 | 834e643f0ce22de4691f7f5c445a4f43 |
| SHA1 | 1a00aac9e17ec843a9324facabb6885fde814121 |
| SHA256 | 0909894dcfed2da6916d1cded6a3c5e9d6dec97ce39c00b39746d64a85774f27 |
| SHA512 | d602c64e642a087dfea38b9baf953c2d48528c1e5b0a36a867327d08198ffbf04bd1510d254d163ebb2a48073b14a22f7cc3700c906e7ffcf7360697c029475c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894
| MD5 | 6454f7766eeebd15bbd16033249aae39 |
| SHA1 | 7709b9bbc8a300fe05399408eee78fe763d86a23 |
| SHA256 | 3535dc5f8d3f7b097f23546b9355a7890d8168499e83d32806c486159a5123e5 |
| SHA512 | 083e21237585df21bb0af45d3e45a50b6f2fa36073383d125247fcafdfa1bf223d8e0038784d34d5e97971f946c0895eebd1fcc7fca1f6cbb11e9edb333df4f6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894
| MD5 | 58ae4c1eaf1a69ec4dd45b0b8be06325 |
| SHA1 | 7a3435be3bf8dd60bd000f635cbf1ca5858083d2 |
| SHA256 | 107917d484659c6f50827aa89fe9823fe5bbcb1813606ee8425f27a01b33c988 |
| SHA512 | 4166ee7d5c01ecf8dce6b5b653036e661b6782d65b670902272f6d33af5e8b90b162b108a67408294c34e15c7b69fd4dc78403f90baf89b1279e8b5fcee90b71 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_056B48C93C4964C2E64C0A8958238656
| MD5 | 0f04ae9131693f3a11dab97997b140aa |
| SHA1 | f91680e327b11042a54db1da2b21e7893586a271 |
| SHA256 | 4664f2b2fe0bcca24674a0b505b1cab23161f3c84786fd8a6ae9b1356c59c613 |
| SHA512 | a61d8a188e4d759036e04f1e087e48cda5abd808c1b328056b76f26c748cd5b37db1c7ba727e6c69413c14f0199417dba34c2822f84acd1f8ccba9c5978d7428 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_056B48C93C4964C2E64C0A8958238656
| MD5 | 47d6e73eb1d45597a8d7db6e4217963c |
| SHA1 | 3b4c34fc54d76f009c459289158c142a6c67aca9 |
| SHA256 | 94d494cd55c14400b878de9ade92f26d60b0db2b79cfb5ab3244cffd7aa2b8db |
| SHA512 | 389efe575614256393436f347da6d116b423ecf700614a50b37aabcf406e7eb32e6015b245099d66facee42557c67f15a448f6f9d92d8f492e064eb2498a5b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_056B48C93C4964C2E64C0A8958238656
| MD5 | b9f184967d31b3fff5176b8654ed9706 |
| SHA1 | 234f6c5f2a5c2484abe9712a7d1d2ac958b6bcdf |
| SHA256 | c2b318279c3af68d53729a6e800a7b652e8177703c68179ca3284c526449367a |
| SHA512 | a701fba57cf804a260a044add801b020b7c353661b9610b2dea826a2c0360eae9dc4542f6d853227886688955e875b1ffcfcfb8783bab6fab83f79c84f4fbfa0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3d2ff6e35e36e8a83e52554c23255a2d |
| SHA1 | b270fde7a4187c9a9fb140a51fbb419968af4b49 |
| SHA256 | 13b20dbdbcd198e31f05a3fb4897a9e6eafd6b711220f550e2581ab073dffdf3 |
| SHA512 | cb0f37920dc1b8f88f0534499c96942e4b32d55d772d1dfdbf6317b83555b3960e31034a82b129afec23de6576c5670bea01df16ec09c0a71bf04c833c2863a8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 17fb52384872099e06cb325f61fdd097 |
| SHA1 | 913dcfdbeee907ce1a4a34159801d5cde36b0d4d |
| SHA256 | 558e9e419f47125b70db7a021461146f77e75c6b126e58833c6a629f93c49c35 |
| SHA512 | fb46186ebb4ff832d8509abc2d18a08384cca790671ca344b53ee4f30cede6ecc1043a92e192885666473ab25fd86c01e0a662d1f86dff409d1dac3e4789b0ba |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8111ca6de70e8dd1650979fc0d624e03 |
| SHA1 | 7ce15b1f1961dd01adb9dace0645aafd6006177c |
| SHA256 | eed58005d5e0ec7cd8ffa30824175c4af6ae2a8696fb9b1f631249975ddd209d |
| SHA512 | 39eab7a0d280c27735956f254aa9f7f940c203d804ea65dbe779a1c9787695df2f85ca886c519c8b2111adeac786b30ee555c56f5152528a931749d7afebefe0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8cb0357eaf63dc7f006d1bb1553282b8 |
| SHA1 | f026522807fca52364213fd670724ac68719858a |
| SHA256 | 05e3daf4fe7bb837ca1d82800a0adf20c7fc77ae3d87a45a48dcdfa633299a3f |
| SHA512 | ad32ec30177b7ee08a94e3e039b198571ccd3aaadc69abded645d43ec2542f3bf79adb57f25a9ba185b7af5c8c1432e024833b0d5638d378a933d7b01af69a38 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9b41b298c397946ee00737d989ca9b94 |
| SHA1 | be24e462916d8fa8bb6abdc64eec096fec109cb6 |
| SHA256 | ff8a7383c6b305655e1272741a0a2488d5d64bcfec007c60962a3f46b9de5df2 |
| SHA512 | cd3836c77f835ec9c8ff49852cfe3e9fba470713c2e08f334b9f396cd307d64852590bbcceb0f12e93dcc40149079cb46d1b5c46f6cab69a821cd38bf4900d5f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7663382716f41768a25586a6ebd9c02d |
| SHA1 | 78ea567ebe15cc840e8a28b73490a61cdc373f76 |
| SHA256 | cc3179f06ed27cffebeef437a0828d16601c7fd30ad4f4d88d5b78eba6df7412 |
| SHA512 | 1de780ce8385f1c6b790e0efc7124b114980469264ab9c7704850a6a72ae2a53e24a43957c07b9fe028c8bbb76f01d3139bcf4a454642a962593f1bd48cf5b61 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cea804cda9851f273bc26973acd1060b |
| SHA1 | 118d0b54138ad028b819e84856df88fa8adc923e |
| SHA256 | 046e2d1cc162390b7d51c867d15862990120ec660a4bab84d245e1df2adca5b8 |
| SHA512 | 3b1968062166862239696c141af9c4131b1c87f4ca232544efbbb97c43be36d99570301e198b66efa04b5d454fe5342e7b5234cd35e11f95ed6a9cf6ce2681f4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b6d08b22c96e0a9a20e1021fd12d3769 |
| SHA1 | 57066638a3ad98e33247350f8d563757b50cdcf7 |
| SHA256 | a7917a93e15be942bc14c02c90cf085bcb3ef2463ce93a745e582f85e6934395 |
| SHA512 | a2f7dfcf07fda42872f8b0839d8afc804b00603594f3e93fe9e6574884ea0480ac68e48c3042c2dc2815b9adf335327f0f9fbfe1846744014768de3893463bc3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | f07c7416361047458bdfd0dc0763fe54 |
| SHA1 | eb096086b0ca8d99132e5feeaa17fc29b990c35f |
| SHA256 | 4f22754be666bf770b1b422b1373bff29cbc3076c7d2fac66bff2dcf4c263200 |
| SHA512 | ef6584c7b39a1d1d8e5cff2165f6c5a87cbef721907667b8fa3285c7dc4b7c75521ed36b69566afbd6c7ed7a84b884586808c5f191d52ada14d975a8da30e6a4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 16c60fe270c7cf65cf5de8ebcfba8687 |
| SHA1 | f235b03dc547f52eccc81052689c205b72212e9d |
| SHA256 | 5fe1b795dd0242b35e84324d4099721ce095c124fe958c350c502622ad1ce13a |
| SHA512 | 38bc1324438c4b3a3418de2c52a6a511c72906d31da4b585e84660905ada8e7034fe37ab2577e901c11f8975150e3de49abddc870d5b9c87d5924df7f1095a3a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 37a8c54c01182734e973a6a168be6077 |
| SHA1 | 927ddcafd9ceb70befc268aa96426cf2024f2868 |
| SHA256 | 518894267906c0cabf1065156baa9851bde12656e80e4fde0562b75e4a8dbe8a |
| SHA512 | 06a2961e0b7d7e52dcb66f6f986b72537aac382bc6c64dde5a05b0cc6c2e1835cdeb107401de5b5f27e71ac75616f8d05fcb72ac40d070d91d98ec21242d48f6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3208b072138fc2c6b66d4c33d98adae0 |
| SHA1 | 170e791c9ae2dc9bd9fdeefe41c7aa178041d811 |
| SHA256 | 0f9be75482bd4fac243a4a7a7f1ca6ea82f7bed3363a608733c4e9ff1d023389 |
| SHA512 | 329d9c5fa6d04c921d906041271eeff0aebdc4c310d0590455915f712069c3d46bdad365923d0725fe41df2b937905805dd9bbc4789d612fb57d366dc977c7f3 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-12-12 16:41
Reported
2024-12-12 16:44
Platform
win10v2004-20241007-en
Max time kernel
145s
Max time network
150s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\e7509e4e327215dbe8de7b22039a639e_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8b7e846f8,0x7ff8b7e84708,0x7ff8b7e84718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,8701766977310043271,17778158214730447297,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,8701766977310043271,17778158214730447297,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,8701766977310043271,17778158214730447297,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1384 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,8701766977310043271,17778158214730447297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,8701766977310043271,17778158214730447297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,8701766977310043271,17778158214730447297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,8701766977310043271,17778158214730447297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,8701766977310043271,17778158214730447297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,8701766977310043271,17778158214730447297,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5612 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| FR | 216.58.214.169:80 | www.blogger.com | tcp |
| FR | 216.58.214.169:80 | www.blogger.com | tcp |
| US | 8.8.8.8:53 | synad2.nuffnang.com.my | udp |
| US | 8.8.8.8:53 | referer.org | udp |
| FR | 216.58.214.169:443 | www.blogger.com | tcp |
| DE | 64.190.63.222:80 | referer.org | tcp |
| DE | 64.190.63.222:80 | referer.org | tcp |
| US | 8.8.8.8:53 | twitter.com | udp |
| US | 104.244.42.65:80 | twitter.com | tcp |
| US | 8.8.8.8:53 | 136.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 222.63.190.64.in-addr.arpa | udp |
| US | 104.244.42.65:80 | twitter.com | tcp |
| FR | 216.58.214.169:80 | www.blogger.com | tcp |
| FR | 216.58.214.169:80 | www.blogger.com | tcp |
| US | 8.8.8.8:53 | blog.kuizikel.com | udp |
| US | 8.8.8.8:53 | pipes.yahoo.com | udp |
| US | 8.8.8.8:53 | kunoichi.info | udp |
| US | 8.8.8.8:53 | www.kuizikel.com | udp |
| US | 8.8.8.8:53 | s10.histats.com | udp |
| US | 8.8.8.8:53 | feedjit.com | udp |
| FR | 142.250.201.162:80 | pagead2.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | farm4.static.flickr.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | i844.photobucket.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 104.20.3.69:80 | s10.histats.com | tcp |
| NL | 190.2.139.23:80 | kunoichi.info | tcp |
| US | 104.244.42.65:443 | twitter.com | tcp |
| FR | 216.58.215.33:80 | 2.bp.blogspot.com | tcp |
| GB | 13.224.81.73:80 | i844.photobucket.com | tcp |
| US | 8.8.8.8:53 | img1.blogblog.com | udp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | farm5.static.flickr.com | udp |
| FR | 52.84.172.83:80 | farm5.static.flickr.com | tcp |
| FR | 216.58.214.169:443 | img1.blogblog.com | udp |
| FR | 216.58.214.169:80 | img1.blogblog.com | tcp |
| FR | 52.84.172.83:80 | farm5.static.flickr.com | tcp |
| FR | 52.84.172.83:80 | farm5.static.flickr.com | tcp |
| FR | 52.84.172.83:80 | farm5.static.flickr.com | tcp |
| FR | 52.84.172.83:80 | farm5.static.flickr.com | tcp |
| FR | 52.84.172.83:443 | farm5.static.flickr.com | tcp |
| FR | 52.84.172.83:80 | farm5.static.flickr.com | tcp |
| US | 104.244.42.65:443 | twitter.com | tcp |
| FR | 52.84.172.83:443 | farm5.static.flickr.com | tcp |
| FR | 52.84.172.83:443 | farm5.static.flickr.com | tcp |
| FR | 52.84.172.83:443 | farm5.static.flickr.com | tcp |
| FR | 52.84.172.83:443 | farm5.static.flickr.com | tcp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| FR | 52.84.172.83:443 | farm5.static.flickr.com | tcp |
| FR | 52.84.172.83:443 | farm5.static.flickr.com | tcp |
| GB | 13.224.81.73:443 | i844.photobucket.com | tcp |
| US | 8.8.8.8:53 | crt.rootg2.amazontrust.com | udp |
| US | 8.8.8.8:53 | pr.prchecker.info | udp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| FR | 3.164.163.59:80 | crt.rootg2.amazontrust.com | tcp |
| FR | 3.164.163.59:80 | crt.rootg2.amazontrust.com | tcp |
| US | 67.227.215.171:80 | pr.prchecker.info | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | x.com | udp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 104.244.42.193:443 | x.com | tcp |
| US | 104.244.42.193:443 | x.com | tcp |
| US | 8.8.8.8:53 | 65.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.201.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.3.20.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.215.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.139.2.190.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.172.84.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.81.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.163.164.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.173.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.201.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.215.227.67.in-addr.arpa | udp |
| US | 67.227.215.171:443 | pr.prchecker.info | tcp |
| US | 8.8.8.8:53 | www4.shoutmix.com | udp |
| US | 8.8.8.8:53 | s4.histats.com | udp |
| CA | 149.56.240.127:443 | s4.histats.com | tcp |
| US | 8.8.8.8:53 | statinside.com | udp |
| US | 104.21.57.149:443 | statinside.com | tcp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| FR | 172.217.18.202:443 | ogads-pa.googleapis.com | tcp |
| FR | 216.58.214.162:443 | googleads.g.doubleclick.net | tcp |
| FR | 142.250.179.78:443 | apis.google.com | tcp |
| FR | 172.217.18.202:443 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 193.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.179.139.118.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 127.240.56.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.57.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.18.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| FR | 216.58.214.174:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | 174.214.58.216.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 197.87.175.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | d22073dea53e79d9b824f27ac5e9813e |
| SHA1 | 6d8a7281241248431a1571e6ddc55798b01fa961 |
| SHA256 | 86713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6 |
| SHA512 | 97152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413 |
\??\pipe\LOCAL\crashpad_1488_MXLALNNZLVWVIPGJ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | bffcefacce25cd03f3d5c9446ddb903d |
| SHA1 | 8923f84aa86db316d2f5c122fe3874bbe26f3bab |
| SHA256 | 23e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405 |
| SHA512 | 761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3796b53db6e6856e69c32c10e960f15a |
| SHA1 | 0cfd07ca98326addaacb3bda7907694970691b5a |
| SHA256 | 59161ef4836cffdd5b996a455473dbdc6eff80cf5b8fbe47744c1cdbaf762b28 |
| SHA512 | 3af51f03dc4860dec2544e55680846e263ed78286282595160704496396fd1369637fc6786674449cfabd2e897e663a4942f189e0dd61000af5345dcc7d0813c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
| MD5 | a7ca906723ee3af6fe381d5f21859124 |
| SHA1 | aed328a48f0bff29c20e014316968d74cd837ec7 |
| SHA256 | bf38069d594bd6d4639adac88385f8e8d014a6506ad1c59139842e8d409317fe |
| SHA512 | 8c320d8216ffdeec20f46a701cfdf20111d840ea81004288bffbd6f8b73eb8b243c81911387e543ee74d5c2206797e73d79d01785a95b55c84258287ee9dd1a6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 10c95582c6dc6f1909e25a6f64b85f55 |
| SHA1 | b971bb82b03413aee5839ef228cc99b725345825 |
| SHA256 | 8014e3603dfb7b5d826afe36efc1618e31c3c679c9c364b09e3853402915f547 |
| SHA512 | 94e26602c687c4879a7cdad9ca8c586b932754c98e4f576e2fd87e4bafa28180b3a54181da029387c316ef121ddfe44246da2c05e0d90919dd98bf810cb994bb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d20a36e47aceab44fbddb7db221594bf |
| SHA1 | b8d96a9a0300ed4f3c2a2e0de1b5cf2a96e33f66 |
| SHA256 | 61c291373d6b5817f8b6cdca81633f909977d7148f780af931f34aff6055f81b |
| SHA512 | 8f0c0a35a2e9fda02d3bcf4f75ab03222b1fa7fbf5645230a3558988d91f777dc78e23a0b2f993e07ae72b87c405edc37c091e5ac06ca0fdba0c8b7b3afd5036 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 8562d1d4a1e27eceec5212388b26a53a |
| SHA1 | 21f70ed7ed886e82be08c73e76e39e72ae4b9a7a |
| SHA256 | 0a1b70ff2e11880f7f7c1e5cc39d4aa0b47a27aa2ed38cfca2b343c4cdf2deee |
| SHA512 | a42a1392dd3ced02bff42ce680a637b3a641f74c131e69631ac5fe507aa2a7af8bd26c2abd5c063620c9e8cd502b7f32738b52da0b3c94a1e713cc167ad60634 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 206b504e7ddfb4c17d27ee4dc397c65b |
| SHA1 | ad865c575ca891bb3d37e8e45935312bd56f693c |
| SHA256 | 50384ead382a181fbdbf185e7b25120aed6926a22b6850dfd1468501b009538a |
| SHA512 | fe6a0231f7bbaab5e6fba30b3c192a14e6e283f19a30a5afbedc49039c80d557f320df0be153e2bd4d1b372dbcf921be09b582273d113f14897c2b8d68fd780b |