Analysis Overview
SHA256
062bf094865566c71201fd0e9ad5533af69209b51e356f837f5a3fc63b2fd5d7
Threat Level: Known bad
The file eed7a454e530b4a01e858baeec510732_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
Socgholish family
SocGholish
Browser Information Discovery
System Location Discovery: System Language Discovery
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-12-14 12:51
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-12-14 12:51
Reported
2024-12-14 12:53
Platform
win7-20241023-en
Max time kernel
140s
Max time network
148s
Command Line
Signatures
SocGholish
Socgholish family
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "440342532" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{14393C11-BA1A-11EF-AEB0-FA90541FC8D6} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a907cc1344750743988d8bab481dbfbf00000000020000000000106600000001000020000000d437f640d5253945e2edf3f7442c22bcdd690ee72a750f24241f9b28d7fc9f02000000000e80000000020000200000001e59db91a2d619f69739c82492e7eeb017da821af8558ab36a6967ff7313568690000000c2c63347163984827c5d6d8674d095253db388581986793aebbd63f60a9ccaccea1789c9641b1f20b1fe09b20c6250f108ac655c7baec22f023580e6a52188ee568570785f0ac8075475cb93025672eb632116cf133b4943eb400e5d5e1c7e205ea79411e617acd43ff0bd21e78ad248a77b673c38953917f99a51bf9d4a8f184877eb990c0aff0b02f98d77b7a20f5140000000f36af67f18bf0576c1613c41f3322aaa3af7214ae2e5c8450c5d1812603f004763a03715e0afed2d69d1cd1f7b0eafd3c009020ae8434d94a46d6230cf22b741 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0611cef264edb01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a907cc1344750743988d8bab481dbfbf00000000020000000000106600000001000020000000f64bd435cd7dbb3773f5b4c46ee23646b0e157373c930869c6140164ae5a6c30000000000e8000000002000020000000d015b7e794a76f87943f624677e469e6ae054f50c6602e185066f2d083d3d5d820000000de0c9c6ac0076ed9cd542e8faf803fafc006fb5013a7f821252a22d018c0b1724000000066ed2e4508f6eadebf54907b7c6cbce592393d265f382dce35b9dd66a6d17c9f2d8dbcb35022b9c5ab18e77d721bbb97c95b82d1316b5d7fab0f4d44ed6d4477 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2404 wrote to memory of 2636 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2404 wrote to memory of 2636 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2404 wrote to memory of 2636 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2404 wrote to memory of 2636 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\eed7a454e530b4a01e858baeec510732_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2404 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | bit.ly | udp |
| US | 8.8.8.8:53 | scripts.chitika.net | udp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| US | 8.8.8.8:53 | lh5.googleusercontent.com | udp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| US | 8.8.8.8:53 | lh6.googleusercontent.com | udp |
| US | 8.8.8.8:53 | lh4.googleusercontent.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| FR | 216.58.214.169:443 | www.blogger.com | tcp |
| US | 67.199.248.11:80 | bit.ly | tcp |
| FR | 142.250.179.65:443 | lh4.googleusercontent.com | tcp |
| FR | 142.250.179.65:443 | lh4.googleusercontent.com | tcp |
| FR | 142.250.179.78:443 | apis.google.com | tcp |
| FR | 216.58.214.169:443 | www.blogger.com | tcp |
| FR | 142.250.179.65:443 | lh4.googleusercontent.com | tcp |
| FR | 142.250.179.65:443 | lh4.googleusercontent.com | tcp |
| FR | 216.58.214.169:443 | www.blogger.com | tcp |
| FR | 216.58.214.169:443 | www.blogger.com | tcp |
| FR | 142.250.179.65:443 | lh4.googleusercontent.com | tcp |
| US | 67.199.248.11:80 | bit.ly | tcp |
| FR | 142.250.179.78:443 | apis.google.com | tcp |
| FR | 142.250.179.65:443 | lh4.googleusercontent.com | tcp |
| FR | 142.250.179.65:443 | lh4.googleusercontent.com | tcp |
| FR | 142.250.179.65:443 | lh4.googleusercontent.com | tcp |
| FR | 142.250.179.65:443 | lh4.googleusercontent.com | tcp |
| FR | 142.250.179.65:443 | lh4.googleusercontent.com | tcp |
| FR | 142.250.179.65:443 | lh4.googleusercontent.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| FR | 3.162.38.122:80 | scripts.chitika.net | tcp |
| FR | 3.162.38.122:80 | scripts.chitika.net | tcp |
| US | 8.8.8.8:53 | data3.whicdn.com | udp |
| US | 8.8.8.8:53 | data3.whicdn.com | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| FR | 142.250.179.67:80 | c.pki.goog | tcp |
| FR | 142.250.179.67:80 | c.pki.goog | tcp |
| FR | 142.250.179.67:80 | c.pki.goog | tcp |
| FR | 142.250.179.67:80 | c.pki.goog | tcp |
| FR | 142.250.179.67:80 | c.pki.goog | tcp |
| FR | 142.250.179.67:80 | c.pki.goog | tcp |
| FR | 142.250.179.67:80 | c.pki.goog | tcp |
| FR | 142.250.179.67:80 | c.pki.goog | tcp |
| FR | 142.250.179.67:80 | c.pki.goog | tcp |
| FR | 142.250.179.67:80 | c.pki.goog | tcp |
| FR | 142.250.179.67:80 | c.pki.goog | tcp |
| FR | 142.250.179.67:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| FR | 142.250.179.67:80 | o.pki.goog | tcp |
| FR | 142.250.179.67:80 | o.pki.goog | tcp |
| FR | 142.250.179.67:80 | o.pki.goog | tcp |
| FR | 142.250.179.67:80 | o.pki.goog | tcp |
| FR | 142.250.179.67:80 | o.pki.goog | tcp |
| FR | 142.250.179.67:80 | o.pki.goog | tcp |
| FR | 142.250.179.67:80 | o.pki.goog | tcp |
| FR | 142.250.179.67:80 | o.pki.goog | tcp |
| FR | 142.250.179.67:80 | o.pki.goog | tcp |
| FR | 142.250.179.67:80 | o.pki.goog | tcp |
| FR | 142.250.179.67:80 | o.pki.goog | tcp |
| FR | 142.250.179.67:80 | o.pki.goog | tcp |
| FR | 142.250.179.67:80 | o.pki.goog | tcp |
| FR | 142.250.179.67:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | themes.googleusercontent.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| FR | 142.250.179.65:80 | themes.googleusercontent.com | tcp |
| FR | 142.250.179.65:80 | themes.googleusercontent.com | tcp |
| FR | 142.250.179.65:80 | themes.googleusercontent.com | tcp |
| FR | 142.250.179.65:80 | themes.googleusercontent.com | tcp |
| FR | 142.250.179.65:80 | themes.googleusercontent.com | tcp |
| FR | 216.58.215.33:80 | 4.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 4.bp.blogspot.com | tcp |
| FR | 142.250.179.67:80 | o.pki.goog | tcp |
| FR | 3.162.38.122:443 | scripts.chitika.net | tcp |
| FR | 3.162.38.122:443 | scripts.chitika.net | tcp |
| FR | 3.162.38.122:443 | scripts.chitika.net | tcp |
| FR | 3.162.38.122:443 | scripts.chitika.net | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 157.240.221.35:80 | www.facebook.com | tcp |
| GB | 157.240.221.35:80 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| GB | 157.240.221.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 216.58.214.169:443 | resources.blogblog.com | tcp |
| FR | 216.58.214.169:443 | resources.blogblog.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 95.100.245.144:80 | www.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | abdb730a06104969b7a660d11721e01f |
| SHA1 | 2332d561c62d52593e593a909e5dd30ea41686a2 |
| SHA256 | b7ab30778840a1088f6805c42b3950cd980f0b50a6f87a5f9cc9ca0946c8697e |
| SHA512 | f2ee053cbb05f25e9a3cb2252d9e2ba891111bc39a132fbb891dd945bd25c27e5b1f255dc8a11f65273ba65c80e07e27c87ffcc5e1e30289406b8f279542fb03 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199
| MD5 | e2c6c3189b65830e461f1df2480de2d3 |
| SHA1 | f4d759a2431f92e61b53beeab4403d54d56954b2 |
| SHA256 | 62ece4dfbc5d5c905f46ab8fc77722b3624c8d3c8d9c25e6bf136541bf87fa60 |
| SHA512 | e3be67235e94db8928f3237ecac458aa1748f125865d73f17de6c3bbe694e5bceb352284c0e53c6c0b787c680bc9971f56a4f6af3e12cc6ea6e36b86d1ed15fb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199
| MD5 | e935bc5762068caf3e24a2683b1b8a88 |
| SHA1 | 82b70eb774c0756837fe8d7acbfeec05ecbf5463 |
| SHA256 | a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d |
| SHA512 | bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C02877841121CC45139CB51404116B25_1866E19A9EA470E8F26D259D51C89BDC
| MD5 | 309825480198111ff53be041837e2b1e |
| SHA1 | 6ab37f6840a7fab0dc4b126e6c1a5d5f2ca0b028 |
| SHA256 | 65df77ab4de13e3c62a153e9d105878fcb5faef619194a4bea127a55000d8c52 |
| SHA512 | 22051aff8da4af08c2f746c925a4457119835a538a8a6b5bfeb52dd61143bdbdeb47a671a3ae68a53f28ce4b4a1abd69f7b9eb32a9f6f2c20f50f619e142c40e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C02877841121CC45139CB51404116B25_1866E19A9EA470E8F26D259D51C89BDC
| MD5 | a0684de3cd4bde4104e2578a51bacb62 |
| SHA1 | f5e4750948be6c18ae32acdff5fab91b0c04566d |
| SHA256 | fae3201a994589425f7858bde12e0eac3bac0dba57b0b4f3fe1da48c0c45180c |
| SHA512 | 2bc0012a8304e9771ceee29e0334bdad5ea732f54306cfe5ea1bfcbbc1955105b01bd3520ea7e557bfa326f800d2cb9ceb31994bed444b6cb019435710d4f7d4 |
C:\Users\Admin\AppData\Local\Temp\CabC0C2.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarC170.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c535abd7704a48ce7379f13893444f5b |
| SHA1 | dc8b4c5710a419882594ea505a3536ed48cbceae |
| SHA256 | 96ea929b68b0a222007a522f6e3b3c9c7e1ceb91c28a5f52f529cb272a3ce11b |
| SHA512 | 7678bded595d58542f53789673c8644eff58efa9baa67f62b0b660e11933a333974ed2471185751d503d824dc51f3835367c862d504c042563edd5b9af4ef38f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 70e1980c32ed28b90886b038ccbb6fa8 |
| SHA1 | 7a5e958fab30b902be25a4d1a3a057fde2831ab4 |
| SHA256 | 3598c556ba336e4cda7936c8dcd3cd4c65647e9e8cc1f14680dd0c568dcc9c92 |
| SHA512 | 46968d265dc3efcee14980bf337da75cc28f2620cfea2e54008218d7f228f176759b9c7b6ff3a3b1206cd9d2141ecdec4c5810f98a5cb159334321754b7f4f79 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ebd1a14fffa349b62fca3087a0b4fe21 |
| SHA1 | 9772992febcdbdc670c4a2c03658be2dc8657263 |
| SHA256 | 4913c7b4a7d285f707e9e2c4066abe0b2da5b9d6f203d27c5ce73d42976108bb |
| SHA512 | 00cd587f20d0395678cff7fc8eadf63203cd447c0bdd275e01c298a12cdb290dc3f14e75537bb76873ffabe6289a22a96532aff3c8eee02927bbe6e0877faa00 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ff03bac6ab2034bcfecd9fc3b01b0a6f |
| SHA1 | fa01b6b6308ae5cdbaa449a87c6fdaa010101828 |
| SHA256 | 10fe2dbbc1336c9a4a6d2dcc0a1bfe2eb8881a375e2e44cabcbd73604973ea3e |
| SHA512 | aa218a931633aed256b6b742d817ecbe8e97d7aa1db1b85ece496c8b3f5f1f04da1af5c2893472182386482ed03bb048f9c65b540ea3f991008aebff4837753f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 64e9e4ce8cc3715c48b8f96a8cf40f1e |
| SHA1 | b5ad790c445f09925d8ee07829845a87d64dd010 |
| SHA256 | ee37e0c0d56c5a6ad22ae5cbc776a0dc2caf275ac4551b7f2aeccb854e3476f0 |
| SHA512 | bcf1b864e7ab21a22e46a4f12f23a22568d2e4a2cbdf7f13df3a11863b73bd2316fd52fe8439e438f7017cbac9ad405ea9520c911a1693bffa7c6fea7a9bfe0a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0dde823e367173d40be35026c88b82a9 |
| SHA1 | bdc5394821a0f384c3c5f5e6c387de6a01c39e04 |
| SHA256 | a41e06e07b5a5184067bf8104d33cc908173ddf6f1d95be46bbfa0680e0fb302 |
| SHA512 | 38bb9128af0b89cb8ccf96fc1f24e560d249c3999401577e2f0a57d841598943b0eaacdc5ec10728eba0e35f68827b9f55453b5ad5855c1a87f8187b81e0cb51 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1c6afa89d69618893812e5cb1f8a78fa |
| SHA1 | 5a0ef971932f708c405ed14a632cccec5a82d2ba |
| SHA256 | 4e8a9522bf428f40b30baf15281918d6481c274722bee3931715895b3db73a26 |
| SHA512 | 1ffb28fa6292a05203d1f44fb33a544193b7451f057e5cbb5cf84922cf3db23b6529020bfdd39afcf9dac6f122de24d64ce14ea18f7589b742f582533f5f73f3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1eba34c52fc4adc125b2e3b052e2c210 |
| SHA1 | 6613a334563f0af2634102c65e65f7e8613318c1 |
| SHA256 | 77fecd28042222c741ed98c13446c332d4423b512bb286fa2656b84140960ea7 |
| SHA512 | 156cb502f32493d4905d426b65538d917eb2ada5b503e66c348c48117c0952ff8cd79e69df025391cfa374f703e4e17d11aa859daed11df2182615d27e2cf91b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c9456c424b15df528bb89eb99116d0b1 |
| SHA1 | 9c910431a286a52e99d81be5ea1dea8ca4e792c1 |
| SHA256 | eb8961e05716980c9e302433b3c02f4e9e605e65eac5eb8af9f803da3cb0fc44 |
| SHA512 | 14641b9735f3441c3710ac3f9e5bf49797dfbe4209a917d5abe717772b7904cef50030bdb48d5fae0f756b812b22b30d0780d9e09a751e52b1ff6d78c36e9c9d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b63ade8a260a67b62a0d2bde170a9bef |
| SHA1 | 26bd19be016f8ed73367a4b935e5deb6934bce51 |
| SHA256 | d99b92204703d69876336b0deb507dd47b5f85ca97d21644b4e0b0f8dc86103f |
| SHA512 | 4a2b288d966eb18b6769fa410a6a05f0ba9bd4264009c44ea3c24cc0b6051b2103cb71a8c0314f7a7d270e49067aa489caf28c67e726b261627a06ad51cb5dd1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 103887cc9e0a141f839629c43a7fb038 |
| SHA1 | 7d76edb901ff3c6aef2b3e35cd28c1f65a3cc247 |
| SHA256 | abb032875b658f92660ce7beee20aefcfa5ad3cab87a226e9290a98e6f098efc |
| SHA512 | ce7ce9209b1b6663a155fcc7957f6c8594c380a3b51863bcf1402b9d34c1a10fbe7da402916639be6abc3c6b04c1d72518fed4b7198b6269d17ca5f403ee9e26 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 050de8e9ce5fecc0bf42b7568418ef4b |
| SHA1 | 41135194dd3988daff0179395ebd8593042f02ff |
| SHA256 | b296b09205f91422bf0a6951edd0f4a20ff86713e6d4adae123ff10fbfed9e03 |
| SHA512 | fad90f4741d94940bcbef5266a440e1fdc6e18d6bc3a70bbffedd6619a7ec5f48fbd73289a7f2e986a387e06a7412cae6f8bd8a5cb2a80193ae4faad629bed07 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | d3c0b1e3d4376344af54266a1f195943 |
| SHA1 | 0329670922dbd0783b7cc5d551ebecaa8786d86e |
| SHA256 | e360cd05761d45fe9a4218f39d70b7e6871248b45297f9785da34ee013582cfd |
| SHA512 | 74281736d75ac868d0ec152b3439bbbc7fa7d7f055dba6808f562ff22b0e22a40a2349ee76619a228ef71cf06124226313d131a2fe657703e81c503485dd1412 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0190c41150a509fa86a16041dce6853c |
| SHA1 | 006ebc56314afe484fb14e2cdc1e70e794a3d0c6 |
| SHA256 | b79131adc1193a163411a3edc8872d2a3743a6eecafba9706a39e8c00480c195 |
| SHA512 | ce180e4b16ae955f188f642fad198107abbd10ce76facde57eea243c67f3365898659710b223968e5aeb7b30b0b2d60cf862a4b35d272889f9406f0badf5ace2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8ed03ac8d276662bc5d546641af9e32e |
| SHA1 | 292c0255c54a44d29b94271eef50bff8f248db32 |
| SHA256 | 4b0d9e0434a7b60b4d1e87426b784f380f2af66eefb7e092e3827fde2023829a |
| SHA512 | 723c6fe3aa5eecda73d882c5d5c39f4124b7e48c0e75a3483a3fd54c7b3c9b34ad4c0a8a7d4239d3f48788b65f8e3e056c3f41cd7da8a9ef4e18bbbed6997aef |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5f5429bd01aa39c6e02db6368c7f7109 |
| SHA1 | 953aa04adea8bd24b84624ddbf7a641fbda3b282 |
| SHA256 | 7b30db0713db52c7d41895957319d85b711732d3979881510f6336211de5722b |
| SHA512 | e757c23fb5465d361e9380082492e72a406ff5c45d5826b6da321884c57262fcff1715bb54d6b9645c8a5e6b9e2c22ab777bea381d248933e3e395b9b8fc2427 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1b24d661d3cc9754ec0b490c9a094cfd |
| SHA1 | 482b4c06f118ba7a585a20886bfd13a96e0d25a7 |
| SHA256 | e1bb037aaede00d8cc78dbe5eae58d202175a415c9590214c6e03d141e8e206b |
| SHA512 | 4bb68f388b83410b66cf208ac0d25ab73e4e2b04491760f6faca89cc0b97b3d6ad700be499f5e1fb2da720e1343ff2cd3e5f8281278b55b97d5d95bf06a102a9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 55282be91768f00f0b2e03d592cccef2 |
| SHA1 | e7b82959d402f9cb0228d9fd0414749526bd14e7 |
| SHA256 | 325c17575f138035be36e73b1fe87c844a0b428ac66a7eb519ab18e4587291a5 |
| SHA512 | 4a381e0e79e89d72eb81b3f47291b4c28046bf1e5c471436afe73fbc30fa4100d846c9e41d014052edc2487d7048a696bc5d8f308e2228cc7955c8bc0ab80600 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4dcb8219c8ae054ee1efa8ed076e1e35 |
| SHA1 | 310248e39ea53edeb9380ffa84568296a5a2dd41 |
| SHA256 | d3b4f8b0fe2534a24f77b93c44562994918250d95c667ec2e14231bf3fd8b30f |
| SHA512 | 7f17ffbd57094d001a64fedb2c58ed8a9d6c4d9ef03b2fb8117f8de7ccfaa140638a4791835175e180f97eaff0f30a3b40a1022e067f826b8f607e14b69e9d7d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a3852eab78a07ac0adb1a976c50e1975 |
| SHA1 | ffdcd699bbdf545b97bce7f0df500a5bd2830f28 |
| SHA256 | 0b67b59aeab911f02e71a47f3f441ddc27a98d8962839ce1d218baeaa50e3296 |
| SHA512 | 03d6cddfff88bd8a251ecc9a0839caccffdb0c82d93b23fd3f6c053e5a2815fa48e70cc26b3bc61f41669edb5e41c3010f82152cd7e59c71be0399a65c80c78b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1f9e4afe105b42b819faf914d6edf036 |
| SHA1 | 46458015e633e1641f6566e34a27cc3193b4ce22 |
| SHA256 | e3befc4a97d0752ed0c267facec5377af84282c1b0fe0de18686048d5dd8e22d |
| SHA512 | 2ec30042ee5ded85b4e7182802333e03e7acefb1445457f67e727a1440c92964ff1cc11c9922896497692287a3854b70ba388867eef33d6a5c113525aa41efa4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b156df2e077275ba49a6de7a6be82cbf |
| SHA1 | 3255a505ce3e100f0f6c84a3fad55d33768d3e71 |
| SHA256 | 56b7adabaafe309c3606c19991ab450a4ff6f92c4ef4d05e008172105a11c87a |
| SHA512 | 44f8b85c7216befe6fd5133e54d5a46173eb3b6c49677d0ac5a20469e1410e2c178e81879eebeb3135951466bffe07f65e93112f0613e6d3d84f6f724bc949f9 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-12-14 12:51
Reported
2024-12-14 12:53
Platform
win10v2004-20241007-en
Max time kernel
147s
Max time network
151s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\eed7a454e530b4a01e858baeec510732_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffec00246f8,0x7ffec0024708,0x7ffec0024718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,4581601687180007076,17751054098378084635,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2184,4581601687180007076,17751054098378084635,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2184,4581601687180007076,17751054098378084635,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,4581601687180007076,17751054098378084635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,4581601687180007076,17751054098378084635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,4581601687180007076,17751054098378084635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1808 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,4581601687180007076,17751054098378084635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1856 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,4581601687180007076,17751054098378084635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,4581601687180007076,17751054098378084635,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4844 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,4581601687180007076,17751054098378084635,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5988 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,4581601687180007076,17751054098378084635,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5988 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,4581601687180007076,17751054098378084635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4640 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,4581601687180007076,17751054098378084635,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,4581601687180007076,17751054098378084635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5940 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,4581601687180007076,17751054098378084635,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | netdna.bootstrapcdn.com | udp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| US | 8.8.8.8:53 | scripts.chitika.net | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 104.18.10.207:445 | netdna.bootstrapcdn.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| FR | 216.58.214.169:443 | www.blogger.com | tcp |
| FR | 3.162.38.66:80 | scripts.chitika.net | tcp |
| FR | 3.162.38.66:443 | scripts.chitika.net | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 8.8.8.8:53 | crt.rootg2.amazontrust.com | udp |
| FR | 3.164.163.90:80 | crt.rootg2.amazontrust.com | tcp |
| US | 8.8.8.8:53 | 68.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.38.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.179.139.118.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.163.164.3.in-addr.arpa | udp |
| FR | 216.58.214.169:443 | www.blogger.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| FR | 142.250.179.78:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | bit.ly | udp |
| US | 67.199.248.10:80 | bit.ly | tcp |
| US | 104.18.11.207:445 | netdna.bootstrapcdn.com | tcp |
| US | 8.8.8.8:53 | netdna.bootstrapcdn.com | udp |
| US | 104.18.11.207:139 | netdna.bootstrapcdn.com | tcp |
| US | 8.8.8.8:53 | data3.whicdn.com | udp |
| US | 8.8.8.8:53 | lh5.googleusercontent.com | udp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| FR | 142.250.179.65:443 | lh3.googleusercontent.com | tcp |
| FR | 142.250.179.65:443 | lh3.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | 38.201.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.248.199.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | lh6.googleusercontent.com | udp |
| FR | 142.250.179.65:443 | lh6.googleusercontent.com | udp |
| US | 8.8.8.8:53 | lh4.googleusercontent.com | udp |
| US | 8.8.8.8:53 | 65.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| US | 151.101.130.137:445 | code.jquery.com | tcp |
| US | 151.101.66.137:445 | code.jquery.com | tcp |
| US | 151.101.194.137:445 | code.jquery.com | tcp |
| US | 151.101.2.137:445 | code.jquery.com | tcp |
| US | 8.8.8.8:53 | 110.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| US | 8.8.8.8:53 | 197.87.175.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.42.69.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| FR | 216.58.214.169:443 | www.blogger.com | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| NL | 157.240.201.15:445 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | themes.googleusercontent.com | udp |
| FR | 216.58.215.33:80 | 4.bp.blogspot.com | tcp |
| FR | 142.250.179.65:80 | themes.googleusercontent.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 8.8.8.8:53 | 33.215.58.216.in-addr.arpa | udp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| NL | 157.240.201.15:139 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| NL | 157.240.201.35:445 | www.facebook.com | tcp |
| NL | 157.240.201.35:80 | www.facebook.com | tcp |
| FR | 142.250.179.78:443 | apis.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 157.240.201.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | 35.201.240.157.in-addr.arpa | udp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 216.58.214.169:443 | resources.blogblog.com | tcp |
| US | 8.8.8.8:53 | 84.27.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | themes.googleusercontent.com | udp |
| FR | 142.250.179.65:445 | themes.googleusercontent.com | tcp |
| FR | 142.250.179.65:139 | themes.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| FR | 216.58.214.169:445 | www.blogger.com | tcp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| FR | 216.58.214.162:445 | pagead2.googlesyndication.com | tcp |
| FR | 142.250.179.66:139 | pagead2.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | mileycyrusus.blogspot.com | udp |
| FR | 216.58.215.33:80 | mileycyrusus.blogspot.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | d22073dea53e79d9b824f27ac5e9813e |
| SHA1 | 6d8a7281241248431a1571e6ddc55798b01fa961 |
| SHA256 | 86713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6 |
| SHA512 | 97152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413 |
\??\pipe\LOCAL\crashpad_5048_AQAUAHAYKNMGMDGR
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | bffcefacce25cd03f3d5c9446ddb903d |
| SHA1 | 8923f84aa86db316d2f5c122fe3874bbe26f3bab |
| SHA256 | 23e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405 |
| SHA512 | 761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d379b596cef8c0b37467318bd2a8381c |
| SHA1 | 1ddf42cb32d61511215afc56d4d71ca649a8e139 |
| SHA256 | b1ba1fb7f1839f403c3a618b33c5c5e0e525bcdc829d5d37a91864fa4196ffaf |
| SHA512 | 1c5fccc1c297d5e020b8d21c3d208a5cd64bc1d69fc4030892f760b94d26ca84804062e86f0b1d514c1c88541bfd808c8d55793c6270877a31b5df641a51d687 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 936579ae02131f0dffb79b75ba9c55eb |
| SHA1 | 238168a1b52bac1bc7224c896f7d908fe7a65741 |
| SHA256 | ba96792b173df43c2bee069606476ea96672713119b6f329f697435e37dde73f |
| SHA512 | ea6cea1c9c528206bc63ca91f0b86429afaff55334ac557099c7988c0f620311f0d341f4e78158ca6b4762e46b34013810253c29a8a0125ef10cca81a541a022 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | bf9cf486f470239ed2ec8a8dd974e4a1 |
| SHA1 | 5b7d27b6072bb8acb696ab1f94afff1b67374235 |
| SHA256 | 4e79e80c2455f25791169b9f302c96f8ca72febc949eae4a6a3e395d7ce5c2aa |
| SHA512 | 75bc3a6d4b4425705c7e24724a578ec4ec98e75b32efea9e377a32346bcb8ae63d6bc373c61a8be80196f39160181171263ce7c3ec5c8ad1a7c424d4921d5e55 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 428300ff7acc9aeb3f4eba784bb7a19d |
| SHA1 | c76b46f5abe07abd7de80a5a75e54a6d177ba189 |
| SHA256 | 42c224871c187d8bf81ff60c50fd46470575b3e5746e375f58eb9817dcd1a7c1 |
| SHA512 | d6e1191f6eaab198a76cb67741cd154b58f6661253717900132cf462476646a7c1fdf2ff7c0b98078f9b658209aedee3fea0c561ebc2163f4cc548793553b0f3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 8a7b07dbcbeb582f6b2e32cbbe9f3259 |
| SHA1 | b338da9446b1fc8af7f123f0043dffb852e49a38 |
| SHA256 | dda80ec85c5d60b068dca5520bc9b72c592d0e1ac05626c97442442ba6212396 |
| SHA512 | 1e6dbc78532ffe95f4bb1260ba4b57377c2cbb3953e2ed6d8fb266a6d21f4f69cc405e18337a8277d8460971a648c505d54bc87b420b3f35b939ef43e40512cd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe586abb.TMP
| MD5 | 11c35392d9f3b17dfef409025d7b9d57 |
| SHA1 | 2bdbb69872a4b04dd8e85517b91954d9c09af05a |
| SHA256 | bf777871222d303f7be5c972d1b2d058e5a6c4973ac195f9cf006f653ffa201c |
| SHA512 | 6945eb4af16325dc9e5ad9ab8b32e174264e5c866f8688b681575a9f7983bfc3ff0961055b8ff9fd6110a9081ca7d1abdcf94620ae971e7e46206cc685734ea9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 07d7919795a891800480b7e75ea09995 |
| SHA1 | 8bdf893edcb185005e9ad08117e54f74934849df |
| SHA256 | 618e14abd15feed600c88a9cc6e2404fc71e8fd82b699c0488600abf06c5cd88 |
| SHA512 | c2284f0b725e06efe4914b8340e9d3b0971c6ac955529daf6629358f85e8ee17b92e9ff856c09857fc7a9b815039462c06961634013ba1dfcb4ab71039c85077 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 535627b7535a983c0397d9b617eebaaa |
| SHA1 | 2d8f17613ca5ba09d64e8a7a6e07477892596960 |
| SHA256 | a578475450594ffa70f906f921141ac15b3c5bf6eace43fa82216b3ce6be2bb1 |
| SHA512 | d5998d5a20ff158b0921010c0e032d6fb538b754d52da04cb22d6746dec638e7a198953682df86f10cb02e8e53abbef35cd978500a791834e00e7bf8282e5af0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 02498a3ccf688dcd5939ac6669d6e1a7 |
| SHA1 | 5ce81d7e833242ade69083c9c5d440bafed51c22 |
| SHA256 | 7ffa1082594458326490ac53ff273eb8ced299fc5f36f8c139b3d075d76e2009 |
| SHA512 | 12bb71b6c6cad5cd5ce3b9f61a316123e5a7f0fd8714afdfb4ac968402bc6959722b4403b9c4e49f22d09562b53cf7e20f483e4bcd5c2d4c2d7ad57e8024788a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 4b06da961dec9f975112d211b58c6c69 |
| SHA1 | 728e950710668cb7c2c226a0888ecd32493be375 |
| SHA256 | 31f2c7361e92b0869b038cc8f281011ffd41937f4fecd524a3182ac55ab5770e |
| SHA512 | ef81c502a39345c9f4b2f0aebd2ea37e3b29dd73985151071705ac8798c5861ff46d4cf795b9b9a0add15a833da98a2dc1c1e567c7a82175fd040a11dc840058 |