Analysis Overview
SHA256
d3417792ada07cf45d5e697ea0a965d083b246de8fe9e15df5efc17d1eea7d79
Threat Level: Known bad
The file f1847a1453550d933c1b50929db84c3e_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
SocGholish
Socgholish family
Browser Information Discovery
System Location Discovery: System Language Discovery
Modifies Internet Explorer settings
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-12-15 00:50
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-12-15 00:50
Reported
2024-12-15 00:53
Platform
win7-20240708-en
Max time kernel
144s
Max time network
146s
Command Line
Signatures
SocGholish
Socgholish family
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 3065208e8b4edb01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9EB21FB1-BA7E-11EF-9D58-7EBFE1D0DDB4} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "440385714" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003c74cbf113fd1e4ebed91f61de7f394a00000000020000000000106600000001000020000000ac587c1aada105cd71f8085e3a286f249e96d842affdecc96741395e36c96300000000000e800000000200002000000023acbe6aa7f7e0b6681d66762ffc61df41308f54e6ff675331761915fe8d87112000000043b15af640360576b21e5527fe3b70779d1118b8f0b63b25f7b94a418571e3c7400000007ff935586988f2c5e3d98b4fe47c3beea3cbaf7dad181b598c35567b88985050b187a310d68128734197638eb07d0462abec2733437e19f8a8613ce4459d3a11 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003c74cbf113fd1e4ebed91f61de7f394a00000000020000000000106600000001000020000000ba453949aedf6e75f0a815b5922449c885ea7e06c46125162b63938f529b4a66000000000e8000000002000020000000500ce65924e1516459a6ea3722b5267fbba767a1e027256eb0916ced177805d2900000007b27dad9d0f0fa770fc8f3e1a3b47b98f53d7cfd4fdfd27646f4d4b493e534ef4c47e756463964451aed7a818e36c7722fc619f6936267c98966065aaf706949ae3417d8baa102405004335e6e97f2b167e8902b3f125103cb804c75265a8dc6fe3b8be6c58471125631db5b9ff75f5db0323b5444b2e6f89d6095de6efd6402535fc074fd07275f8304a0dfc2c0116f400000000e9b9f8eeb673a9531ef077be7cb09d492c291f1e75cf2e64f97ddd8e4a0b61606912f025e28e7df47754c6f61f6508c6532175d5fa55aed47ccc93ce3132ed2 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1732 wrote to memory of 2376 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1732 wrote to memory of 2376 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1732 wrote to memory of 2376 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1732 wrote to memory of 2376 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\f1847a1453550d933c1b50929db84c3e_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1732 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| US | 8.8.8.8:53 | www.instantonlinecounter.com | udp |
| US | 8.8.8.8:53 | feedjit.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| FR | 216.58.214.169:443 | resources.blogblog.com | tcp |
| FR | 216.58.214.169:443 | resources.blogblog.com | tcp |
| FR | 216.58.214.169:443 | resources.blogblog.com | tcp |
| FR | 216.58.214.169:443 | resources.blogblog.com | tcp |
| FR | 142.250.179.78:443 | apis.google.com | tcp |
| FR | 216.58.215.33:80 | 3.bp.blogspot.com | tcp |
| FR | 142.250.179.65:443 | lh3.googleusercontent.com | tcp |
| FR | 216.58.215.33:80 | 3.bp.blogspot.com | tcp |
| FR | 142.250.179.65:443 | lh3.googleusercontent.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| FR | 216.58.214.169:443 | resources.blogblog.com | tcp |
| FR | 216.58.215.33:80 | 3.bp.blogspot.com | tcp |
| FR | 216.58.214.169:443 | resources.blogblog.com | tcp |
| FR | 216.58.215.33:80 | 3.bp.blogspot.com | tcp |
| FR | 142.250.179.78:443 | apis.google.com | tcp |
| FR | 216.58.215.33:80 | 3.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 3.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 3.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 3.bp.blogspot.com | tcp |
| US | 104.164.25.193:80 | www.instantonlinecounter.com | tcp |
| US | 104.164.25.193:80 | www.instantonlinecounter.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| FR | 142.250.179.67:80 | c.pki.goog | tcp |
| FR | 142.250.179.67:80 | c.pki.goog | tcp |
| FR | 142.250.179.67:80 | c.pki.goog | tcp |
| FR | 142.250.179.67:80 | c.pki.goog | tcp |
| FR | 142.250.179.67:80 | c.pki.goog | tcp |
| FR | 142.250.179.67:80 | c.pki.goog | tcp |
| FR | 142.250.179.67:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| FR | 142.250.179.67:80 | o.pki.goog | tcp |
| FR | 142.250.179.67:80 | o.pki.goog | tcp |
| FR | 142.250.179.67:80 | o.pki.goog | tcp |
| FR | 142.250.179.67:80 | o.pki.goog | tcp |
| FR | 142.250.179.67:80 | o.pki.goog | tcp |
| FR | 142.250.179.67:80 | o.pki.goog | tcp |
| FR | 142.250.179.67:80 | o.pki.goog | tcp |
| FR | 142.250.179.67:80 | o.pki.goog | tcp |
| FR | 142.250.179.67:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.147.35:80 | www.facebook.com | tcp |
| GB | 163.70.147.35:80 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| GB | 163.70.147.35:443 | www.facebook.com | tcp |
| GB | 163.70.147.35:443 | www.facebook.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| US | 104.164.25.193:80 | www.instantonlinecounter.com | tcp |
| US | 8.8.8.8:53 | crl.microsoft.com | udp |
| GB | 2.19.252.157:80 | crl.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 95.100.245.144:80 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| FR | 142.250.178.142:80 | developers.google.com | tcp |
| FR | 142.250.178.142:80 | developers.google.com | tcp |
| FR | 142.250.178.142:443 | developers.google.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | ed17ad45b06c8ffde373fcc87d5a60c0 |
| SHA1 | 97b9d186946c44f5e088be2428b3a8c2e8f0c57f |
| SHA256 | 10027c9062ce2e693aae2aa0fa5a00812f2d7ae000875a6386b6c1ea0c50a104 |
| SHA512 | e92db1dd463b3e96d1e35f8230bf89fd05f56773dcf7ebc7c7034c777bbc0667980eb03888d7dd8e9dc171dce64904388609d4048ee714f5e66756503356a6ea |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 1280181ba6222829121362574c143fa6 |
| SHA1 | f121bf603f8f0d3c1a3bc1f6a3760b648384d1d8 |
| SHA256 | b00cb26e0a594605248b0afbb56428dba48029b3a605ce3a790c7380d6360f29 |
| SHA512 | 6911e8d2589cd18abcc86e1d3ef992a2322022fd7ebaebe980e637ff6e8cf4acc37bf0f0d436c5c1207e2dda7d87fc02ffa364d8be7fb0f1e3191ea7bd324a3f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199
| MD5 | efa0a50437c79f311c54bc6ca3f00789 |
| SHA1 | f942473e55ed0ce2c32fdb37aed4b9199f9ff9a4 |
| SHA256 | 0b34f6a50ab8743a29999a9276c6e41ca96e09347c4bc5342a8cef3acaad023e |
| SHA512 | 8323ac563aee2b130f05e42082d833e933ea9d820077fe26d7415ebaf31af697ad4749c701c9fd3e06cdf6d6334fbccbfe16c2abc8a82f81e45f49f281d8d3fa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199
| MD5 | e935bc5762068caf3e24a2683b1b8a88 |
| SHA1 | 82b70eb774c0756837fe8d7acbfeec05ecbf5463 |
| SHA256 | a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d |
| SHA512 | bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e |
C:\Users\Admin\AppData\Local\Temp\TarC4BA.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\Local\Temp\CabC4A6.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f269693f4ff84d97794d79f2c5776b11 |
| SHA1 | a83bb19fff3ef694c8d6558b2824dc92f7a5d3a5 |
| SHA256 | 38e40def9157814ffa14b39ddccaf1347c701cc8c0421832da4ddc240a740819 |
| SHA512 | 7903a72e926558b115a0aa7271e6069fc399406b92dcfbec3db8e7fc70da3039ef6978fee08e5d9982a492e5848ed69febf55996ba6a80af9085fe77011de8f7 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\39GEHZPO\2621646369-cmtfp[1].css
| MD5 | 9f212334462c2e699353dc8988690a19 |
| SHA1 | 2e25d1abe33ec5ebf10e0a6b055e38c9671802a2 |
| SHA256 | 2529a8451bea93302e41dc0fad03f7550094f4ef5ec4f3800f28c2639d5e2789 |
| SHA512 | 58e906a50f8b654e79b242f1323dcb08773937f723d01caca4f675ce2091eb20caf2fce23a7a15443fa4a6643716662304d83b95ac7b7b64d588168b47ce9407 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\39GEHZPO\4092144848-cmt[1].js
| MD5 | b4330d83fcbc1cb29ed8fe1c33c38a70 |
| SHA1 | c3eaafaf9d8d3a07976978962c5dd935221733c2 |
| SHA256 | 9d81ac7c599785a3a0d7050725b40b1ee027becd1bf95cca6100ec491484429e |
| SHA512 | 91c043bbd80b402774a909b15c47f144b2c850e30f897985bcb2882bba1f3ad112736563ceb9adf51759f0388deba1701183189b581a743c211c750537c1085e |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HHT5LGG0\dRfVX65B9Eiw5EGDlFkeUTqdmLwq8j-S5sw-s71-cfs[1].js
| MD5 | 966af57c14d17f7652dde316f768f897 |
| SHA1 | 349750a426a74b1527345ed9bd6a1c6cec6be70b |
| SHA256 | 7517d55fae41f448b0e4418394591e513a9d98bc2af23f92e6cc3eb3bd7e71fb |
| SHA512 | 9a22fe4f2b12d53237ad77e097292d621f1de9e3aea1207d63709716f46baba7405ee985bf5e898f63db5a8da25daa2687ca2bd01c02e46e0a02183b4f8b9619 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | de161812c265e8144a6d72d48f8474e0 |
| SHA1 | d007d6f09f41d2968ff8ff3c1a724cc9a6e63534 |
| SHA256 | 92dc0e096b3448012267890d7a53cef311d522293da359453e7b6795ea40bf50 |
| SHA512 | 6b0812a5eadb29e0a9a447f07840511cebff88c729b367bc14ec455aa64b81cb69c372d15835ef5566f15bcd846b6897e4081213b470e6a0429f6077ca320ab7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c55705c195f013da66fb440b79aadcda |
| SHA1 | f9a6d95d49a0de369bafc48e42ccc0c169728509 |
| SHA256 | bdc7f5c351f04c690d7f9a0060dac220e90a2be6fa174a7189dc86b843819dda |
| SHA512 | d2f2bb2384276fe095ee9351df550c52ff9be240e0788b0f0c7448633b80b996c5cb9d806823cbf16642a4890ca617c4b53dfcd728ea5f61925eca625bc80fc9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | f9ec9cb8aa9ef785e7e5a637b5b110e9 |
| SHA1 | fcaff1876c91ccc24cd518f88924d7801e92b79e |
| SHA256 | 67335efe3d2d18ae6e69a1e6a81e34f604b1ad2acece9faa6110ab7e43e5f37f |
| SHA512 | 94f40895a5cfb33743bd45708c7fdbec40c46ac2d9f7dbc7cdd9fb55641216875a722fac63cda81766f63035c4f3dc1275346888c765f51d5d85b921cca49e00 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a3f3c95398a9b76859365dc68f11353a |
| SHA1 | ae51fc70443cd3f8812f8a8e176429a7cf8fdea7 |
| SHA256 | fabd77a0cfcd2ec62e3ea1f73cc06a3c5efa85f0ff7145175f42dd5b22a09982 |
| SHA512 | 2298c301c8b4f1e4bef41634d5576f784f61537bf5b3082819443e28325d3ae2f4496609535f1773a065e5c8982eac520d5774bf9a8b1a4366925a828745b8ab |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 417b753d68fe147ca1d0cf88f97ce48d |
| SHA1 | 2640c1c80995a0ba0d229d9db1174597ef612eaf |
| SHA256 | 8f207963be8cc4daa34a64c8a7b50edd1f2934f5862b561118e2a465516e074b |
| SHA512 | 3cd0af55c94a1f2edc0517bca3f660bf435375e685fa4981233df03a88597617bf813636f67e05f95a77565e22ab42ed9a8fbefe5773302f7ab65fbe30a1f634 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 76373ae66f7d366dfce4fe3b00420bce |
| SHA1 | ea5b9b405386fb139ad48806b3f31e364639b1c1 |
| SHA256 | 1f95fb1ac02b80a745fd833422217d0be7cba38d4f75991c7bd5f7cab685de62 |
| SHA512 | 79ce9773088a0d858b03665b401f87758d60c4a8985660d9ff8064f04e6a3b97081f9fe4f8a2e726789352b028d61c006c3496de44a1825dec84947a9fc921cb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7ee3976f92c70554c5fbbd7292c2d541 |
| SHA1 | eead09e82498c93d2895eb02753f3da9fc30f2b8 |
| SHA256 | 7e1328b7ed62644b62634484cde0795be2b5b3bd1ce555c32e726e5959241109 |
| SHA512 | b9da402c2d9750feec7fa2ff93ffcc575284cd93279a5c020517fc13f1c9487b4a40c01886ff7682741d0a9df43041b40e90a4c3fe84e58d21da1d03f4ff0a5e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 319d2281882f5e10140b51eeee337592 |
| SHA1 | cc48b02efcf92e83e996dd4491e4127443ff6861 |
| SHA256 | 6b5ec5794a7da6fbbfc75ce99a185734df17f6da4c8bf8f66e6cd7da9f19c142 |
| SHA512 | 63afc9416279595d45cd59a5a82e44451b803221c80769626c29ce3b147291d5b35a11282346c953d756a8fb7ad043dbc5518514aa9913059369c8e09e8b42cf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 75bce3d3d8d4499b153d19f19cceeb4e |
| SHA1 | d6906554712ccde66951d30c11e4fb0ade8d36b6 |
| SHA256 | 2d2f5536bf4d3ac8dd9547f768be829dfca78cc94ba86f835002a22e3505c85d |
| SHA512 | b5f7e0878eceb3bdd046bf9b52262ec9210a0a812f18d692b5f61d078741831d840c484d6172d8a653645cc36fff356196ded42689a897f3657d61fc472a07d5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 784759bcd576e89c887e444f1f58e321 |
| SHA1 | 3f5b421c5b02df161b9123fa1ca4c7ee3676df5d |
| SHA256 | 8823728eccca74ec7f9efe71ff054cbe69fb1bf34e9d0ece85b246508407b454 |
| SHA512 | b4093f0ed955ea08e37e28621be54043e43066aa23d9372767388306e9f3ba92582614ce9f150632d86314efc4c6d6b05e80dff684a13baccb4a86f803d0d417 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1e8da1dc4f0e380f688e4524dcfd80ec |
| SHA1 | 61356081338f7935b749a76bea6b05342b4195e2 |
| SHA256 | 2e576403b0d3e4aef59cdff70aa39979722e93eaa5b10b2b17e6988fb413ddb3 |
| SHA512 | afe83b36385375ee3b2e65bbe712cf232b273c3cb2663841e8d8a8aa626e5b31976d07e1774f9d8e8c3c304d5860d386df649c83017e15a2cbf2e3c55fb88f76 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aa33c5a38d33808d8b3ff162de2e8a4e |
| SHA1 | ed0c3365c41483eb48bd5702ab7e52dbf5b7b69d |
| SHA256 | 3b8e996b9d0ca7dce9f3e0b9dacfee86ed1c22df3dd0bf609e8d4eef43852ca8 |
| SHA512 | 58293e935c5cedaf12afe02c617a8dbfeabf4a96212e67b831c8e060e38676ddeb8fe67c9fada4df9c5728c18b9bbe9be1ae34cd9ca7f0000d61912ba9a0584c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 58c4ab8145c2e31a653211ff3acc546d |
| SHA1 | 6910468e3a515b95eba65457637f447bc11c4408 |
| SHA256 | dcb526442bee7100a9b12adfca9fe2232dbcfa12656c06acc2a29180c37a338a |
| SHA512 | 0ee545004317c6062a733df54c03a4d67f8ee22d14e66995bd32656889ad38ffb16881a26ef242c2f5e526c783bc0cc7d2189ec626af43dcc270fc268e85d33b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 99c1bffe171f4d78abf4e9e6bba19c20 |
| SHA1 | b1e926530ed46c89fd5e0c2b1de0cd0edb84945e |
| SHA256 | 25db4c2e3aa35bb3e442012a210d1bc671c90f4096be83fe3c99a408eea4cc2d |
| SHA512 | a1bb8e6f69c8781d0096e95711ebcd29f4de1ec1cd75b7dfee65c7abe8ba37908e34722fab964649d33c0ef82cae16a97401f4488f41221e46e9b19db2e145ce |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b44b0ffd624e194b6b3e9787c74a31ad |
| SHA1 | 3458361724081199845ee815ea2b4538cf540639 |
| SHA256 | f35aec2a457cd0c2acfd9bf14b76c4d0f85a1cf693b1e3779ec6158840176b2e |
| SHA512 | 5ee5fa09850c868599874307852285f476f5ac1e514cb8a75eb8479068f627e044ca228a4ef18bb1ca0058c9d1ef91c08626924031468657661a6d4e1dca1ff3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4d0e1630a1e8b69cd0219c2c7cb97eeb |
| SHA1 | 72c9a352410cbc56fa3a015ce874ecb6a8364fc5 |
| SHA256 | a81c4427660bf316d203e874932e73e0e13308959f20357073943fe4c50a7856 |
| SHA512 | 70998c3435eed94de78b30a64cee6e2c792a0ececb8bd5d65a9b9d838060e684be807ff33a98e80197140f6482448d508f023d0d8b9220eae6cbc213fc101e94 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 411da04ee8c3de73906e1f92b4412787 |
| SHA1 | bc6cc92efeb1128050e9c6059453ae723c78a2f6 |
| SHA256 | c9bb4518a00371adfac67632e4ffdfc2728dbe9ce152e934e230c5d02883fac0 |
| SHA512 | f33b5774dc020fb18d0e8fd6d0d34235853e599e2a2ce675302eb95f688cf903f6640171978f2b609b0ec1e983a22c969a4d6c2c53f52b84435e33606a6722c3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ea5c3a92bca7e26a1ee8374184f69d69 |
| SHA1 | b712ad205256e10982a2f81d28a06b46b46c92ed |
| SHA256 | 4d7a47b00167a2de174c60a30ca9d5909f58e187cdc7116e4e57e48c899aaa81 |
| SHA512 | c8ee93a1705d5e97696bcc5ebcc8594fe5dd80de74222056121a6373d70e68c6739b9bac2878fe5482ee43e1435ca8c204010517c5cef4a1cbd53209dc5120b1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e64d486bf88b265cd572d269f3d7aa90 |
| SHA1 | a62003ea4f1d75ce9de082a13a3b525263fdf03d |
| SHA256 | a0f75218cde488c7cdc18fc2cb63981663b10539f54c1b589614c2f198e4e2fc |
| SHA512 | df87db80e94e35813758adc984ffd3011d69a4ccae3de2160fcfdfcb17b4b2101858895fa2788f95a76a9c7c38b0bd19becb48506a6e4455c1714befd4ed8886 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c16582d4602091e7242b88c28fedde22 |
| SHA1 | 35a1cfa76ea5e375d5780a1a0d2a3367a0387b6b |
| SHA256 | e8da40f704310953cd4e8287f5a989f5788abda1bf3bfeb12f705023324f59b2 |
| SHA512 | 9777adc256401e66ebc32a4ee69069cd120289629d5508f8977f195f2bdbf3fee085065968e4648ba10c9c6ae5ff3671086b3003a299b3f133256a286697672b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4c57b06bab378648f6ebd40fbfb58694 |
| SHA1 | fe98f1db76bba58f0d097c87103609fd9ee8ef95 |
| SHA256 | 6f4d44e439b34a8cfad7c2aa4620b9d5b23466c4c8cf1f065da4a50085a6bfda |
| SHA512 | 05f2460ce2e70cf9c08b0d795074b6d3186452eee0150aecbd1580b2207d14cc3c3f0196ae505067c72137085bfdd2ad0118d394df532a0e29f6e6b40e506d6c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cdaa2f6871def7009882472c21d54e22 |
| SHA1 | eda079cd44cb7be9dddfeb7225e41571c5205f3f |
| SHA256 | 16e12282d11903a147b26f6fd83a3e2bc5760d39d2944bfc2e631f571ae01a57 |
| SHA512 | fac78e2eafba7da917dc1d597741ac3b2b69f1f1d6ee9d9e1ca72578ce4977baaa74e1f6462cdfa94f9932fba9e87c6e6f48cd81b650d0024fc309afa7002c5c |
Analysis: behavioral2
Detonation Overview
Submitted
2024-12-15 00:50
Reported
2024-12-15 00:53
Platform
win10v2004-20241007-en
Max time kernel
145s
Max time network
147s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\f1847a1453550d933c1b50929db84c3e_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe3f6d46f8,0x7ffe3f6d4708,0x7ffe3f6d4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,11094189108897471793,15442953530609500833,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2316 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2024,11094189108897471793,15442953530609500833,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2380 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2024,11094189108897471793,15442953530609500833,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2880 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,11094189108897471793,15442953530609500833,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,11094189108897471793,15442953530609500833,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,11094189108897471793,15442953530609500833,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,11094189108897471793,15442953530609500833,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,11094189108897471793,15442953530609500833,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,11094189108897471793,15442953530609500833,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4220 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2024,11094189108897471793,15442953530609500833,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4664 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2024,11094189108897471793,15442953530609500833,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4664 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,11094189108897471793,15442953530609500833,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,11094189108897471793,15442953530609500833,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,11094189108897471793,15442953530609500833,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,11094189108897471793,15442953530609500833,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,11094189108897471793,15442953530609500833,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5084 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| FR | 216.58.214.169:445 | resources.blogblog.com | tcp |
| FR | 216.58.214.169:443 | resources.blogblog.com | tcp |
| FR | 216.58.214.169:443 | resources.blogblog.com | tcp |
| FR | 216.58.215.33:80 | 1.bp.blogspot.com | tcp |
| FR | 142.250.179.65:443 | lh3.googleusercontent.com | tcp |
| FR | 142.250.179.78:443 | apis.google.com | tcp |
| FR | 216.58.215.33:80 | 1.bp.blogspot.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| FR | 216.58.215.33:80 | 1.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 1.bp.blogspot.com | tcp |
| FR | 216.58.214.169:443 | resources.blogblog.com | tcp |
| US | 8.8.8.8:53 | www.instantonlinecounter.com | udp |
| FR | 142.250.179.78:443 | apis.google.com | udp |
| FR | 216.58.214.169:443 | resources.blogblog.com | udp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 8.8.8.8:53 | feedjit.com | udp |
| US | 104.164.25.193:80 | www.instantonlinecounter.com | tcp |
| FR | 216.58.214.169:443 | resources.blogblog.com | tcp |
| FR | 216.58.215.33:80 | 1.bp.blogspot.com | tcp |
| US | 104.164.25.193:80 | www.instantonlinecounter.com | tcp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| FR | 216.58.215.33:80 | 3.bp.blogspot.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | 74.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.129.81.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | 33.215.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.179.139.118.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.27.250.142.in-addr.arpa | udp |
| IT | 157.240.203.35:80 | www.facebook.com | tcp |
| IT | 157.240.203.35:443 | www.facebook.com | tcp |
| FR | 216.58.214.169:443 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 35.203.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.20.217.172.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| FR | 216.58.214.169:445 | resources.blogblog.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| FR | 142.250.179.65:443 | lh3.googleusercontent.com | udp |
| FR | 142.250.179.78:443 | apis.google.com | udp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| FR | 142.250.179.99:443 | ssl.gstatic.com | tcp |
| FR | 216.58.214.169:139 | resources.blogblog.com | tcp |
| US | 8.8.8.8:53 | 99.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.12.20.2.in-addr.arpa | udp |
| FR | 216.58.214.66:445 | pagead2.googlesyndication.com | tcp |
| FR | 172.217.18.194:139 | pagead2.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| FR | 216.58.214.174:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | 174.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | drleemind.blogspot.com | udp |
| FR | 216.58.213.65:80 | drleemind.blogspot.com | tcp |
| US | 8.8.8.8:53 | 65.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 61cef8e38cd95bf003f5fdd1dc37dae1 |
| SHA1 | 11f2f79ecb349344c143eea9a0fed41891a3467f |
| SHA256 | ae671613623b4477fbd5daf1fd2d148ae2a09ddcc3804b2b6d4ffcb60b317e3e |
| SHA512 | 6fb9b333fe0e8fde19fdd0bd01a1990a4e60a87c0a02bc8297da1206e42f8690d06b030308e58c862e9e77714a585eed7cc1627590d99a10aeb77fc0dd3d864d |
\??\pipe\LOCAL\crashpad_1648_EPZYDDPCUZWJTKYW
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 0a9dc42e4013fc47438e96d24beb8eff |
| SHA1 | 806ab26d7eae031a58484188a7eb1adab06457fc |
| SHA256 | 58d66151799526b3fa372552cd99b385415d9e9a119302b99aadc34dd51dd151 |
| SHA512 | 868d6b421ae2501a519595d0c34ddef25b2a98b082c5203da8349035f1f6764ddf183197f1054e7e86a752c71eccbc0649e515b63c55bc18cf5f0592397e258f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c1d968a79aaba4c901c56ee601e2445a |
| SHA1 | 776cea9e05c04e6081c90c7ec46b2a755f2812f5 |
| SHA256 | a38c81b3596e142258bd576fade2693f991cce6a0a1c203e1fde776cd7994cf3 |
| SHA512 | 345820c42acc93c0b8f3f4afa6a2fd956655aed3868e351935b167f7cf283a93ba3e384b0f0206618a4c28fee0a76d7414798f294aca6adc0fa442559945c681 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 707888f75c21b2af70dd457b0c7967ef |
| SHA1 | d32ae77f900755b633f34faa88829a09fb297e64 |
| SHA256 | e56e71c8d8bfc595886b59d1b929a1b7fdbb0fa360c3c0d21d90ced017c62048 |
| SHA512 | f7c0694819c9eac07899afdfadc60269bb172573e99675c1e4f252f3325982bbcab84e8a623776ac9de0ff9abec484a069519c296d70686e36ec3aaad2285f37 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 60169b1a1b54e3ce94cf2379c993f135 |
| SHA1 | a41242f3381a917991ba3b607444b791bcad1cbf |
| SHA256 | a9f5736a0440ea4ee0fee435e260862eba0769657098ba5686b5b1ad09321e82 |
| SHA512 | 0f67e64cbd4dfa590c387771c6b67bfdac1641bc7ab325571bbbf097945959e41c3e0cff6149de15921bca70aeb40a11ed6d001371c2d5d74e74817b6c699cf8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | d067c4272c58da5836f08cfdffa80432 |
| SHA1 | 013b989b0fb598689e19c3315b6b90535bf7801b |
| SHA256 | 49f40ba80db2e1a3b4096339497ffef9f55f267e8a74a3c2f7b2c726e77ef3f5 |
| SHA512 | 3dd3b493735e011c8b75e309ab1c3895ffb723f5a5887c818eab634e105642fb97fdf6bd2d9db9804e0feed36e39473e75097eb341b90b43048a396a191dd368 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\1e549b44-48e1-42db-9e22-2a010dcb1fdc.tmp
| MD5 | 9af426d3ac1f233fe4877239fb883625 |
| SHA1 | 4d571a473d80402029a028bbbe0cf96d582e6fd1 |
| SHA256 | bc148adfcee3bf54bfa738c2578bf20de6372c10fa782a1f5be59ef4ad948eff |
| SHA512 | 8da80900a076f2e116e8b0fe8ca1a59c1ac01281be45baa440076eab900a47aea46684d45092254629269ee2c6ef5a176570f761468a26683bb810615197efcb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 78f5907527453a44ec0437b5c136c12e |
| SHA1 | 51df92b8726a1f1b964d5c0727b102fec59cf85a |
| SHA256 | edec94428847c23b273cce8fced314c6e3dbaa5c4c1f8e52b85bdb977e745af9 |
| SHA512 | dc86e1043862b7cbd1b8b5bcb4c5df32607f6a3d04ede2b28003a1b7904c537704575281b50ff3d2af1d6eb733da97540e6f2fb7ab19479bda9b4ea6d1629991 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe583023.TMP
| MD5 | 7357fb0532c30c62b1ae075dfba48da6 |
| SHA1 | 4546c9a0d70a49ca33986117dd4ab632b4b14dca |
| SHA256 | 824e54799fb839d3f15b184ed13a90129978a37dbc49b4288c6bef2577000b90 |
| SHA512 | ea174281e8a3d9d23aea563b161c0cd51eace56714674f3a8bf2a8aa7a3d263368aba92f66f4bc8204e312b40c7e95475121c0341515cc4af64a02ede30210d2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 23016ad3ac846b20b19f64a1a87fc0c5 |
| SHA1 | 0417f0703eb5e0657235ff8db71de9af8795595a |
| SHA256 | 0b7da490e06cf84ce93a88b8b1262498cfa51fca68a4af39868b2ab8c1e71421 |
| SHA512 | e87f4630866c16efa6047a68a53c521ba1e285d47b40b0e295b0231d264a213e9d5a79e61485f93fb15c1179ec3e81a03daf2611b938d4381fd1f4b176c2a6c1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | e405b6bef3406ff092f7819168c4ec1a |
| SHA1 | e6f6f34ed4b07a6191696c5fa2a2086d5bab8940 |
| SHA256 | 17d1698cd8845c662b8b0f89f6834eb23a37fa4fab7de85d1bc0cf87c896b8ad |
| SHA512 | a15201dadde4181fc263d4d84ec784a9d89971f5fb38f83500da3d03b77ebff69642e83235f573b501149fd40b5d4390bd93163fff03761f06d9ccc47a365eb4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6479bf279a39ad95215e8f30ee4384d9 |
| SHA1 | 0fdd2bc8a11b45fb29271bfd9961d22937e72a45 |
| SHA256 | 1736d0ff0132f317ae169749d04570d8ef4b344fe033c2fcb83991014382e14c |
| SHA512 | 5e4bb073cba58df76721ab0990bf44638bae09af6b4d1474233fb97737aedf1a560296098218ad72419de85cb24f0b79039614304521875cb2a730bea481ee2a |