Analysis Overview
SHA256
3eaf4fcc9faf90df6b137de1bdcfadcce493a425afe70d0709aa5b00b96f4a83
Threat Level: Known bad
The file f3dc84796d7c0ff49d8d6064e897ecab_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
Socgholish family
SocGholish
System Location Discovery: System Language Discovery
Browser Information Discovery
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of SendNotifyMessage
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-12-15 11:50
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-12-15 11:50
Reported
2024-12-15 11:52
Platform
win7-20240903-en
Max time kernel
141s
Max time network
143s
Command Line
Signatures
SocGholish
Socgholish family
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50312794e74edb01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B8807D41-BADA-11EF-ABB3-E67A421F41DB} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "440425271" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003f457ec85315d14187eb8151d9f795c1000000000200000000001066000000010000200000009b57a6e5ade9cc8b4d3783c48969aae3758531d979744d396702510e8128c772000000000e8000000002000020000000f501437ba8697b2ad0b72b41dab4ee6b7f545ef3355c2cbb10e37fe4e08229ba20000000d919bd96ec800b6953aa55b911ec1eaf05820b64aa161848608af3c095fb06a540000000c151fdd7dcb44989b9474bb3994d91d2b5ff7dda511569fe3a89a2692e96a197d0ae58dbd479c178f17db76834cf72f5ca20c46f93ea41f1a3eb0e2cc900ad58 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\International\CpMRU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003f457ec85315d14187eb8151d9f795c1000000000200000000001066000000010000200000004099e5118973a4d731ce81251099d7d20c23dd01fbcd89a9535d35ec2bca6c5b000000000e8000000002000020000000e1695fe611063a8f8373464c0e91a99e0bb7c128a6bc5581d65dcd7825fd5883900000002abf79a98edd71eb95b017b97b481868aff89f44c4e077ab62315e4941bb71fab48f582db4875ed4dd2a12295e6e347abf0bdcff1b3650a71e90c369a545acda6332e1cdbeae30014002ba5d9e6f4bbdc90dda14e67e3d40e418c9c79277e7d781ea833c76ab703b244d765bbf3a7baac0aad344dccd0c84d287d5644ca448891437802bdee65bbd3415b4841c50355e40000000dc8134631ba6267c26571084d283f2fdc7157b95534c4655ec66e9738eeaa528dad988c98448c5d04f87ade1b74d1af34eb769c414383e1cab6ea7ab84739e52 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1992 wrote to memory of 2120 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1992 wrote to memory of 2120 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1992 wrote to memory of 2120 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1992 wrote to memory of 2120 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\f3dc84796d7c0ff49d8d6064e897ecab_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1992 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| FR | 142.250.201.170:80 | ajax.googleapis.com | tcp |
| FR | 142.250.201.170:80 | ajax.googleapis.com | tcp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | img1.blogblog.com | udp |
| US | 8.8.8.8:53 | img2.blogblog.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| FR | 142.250.179.110:80 | www.google-analytics.com | tcp |
| FR | 142.250.179.78:443 | apis.google.com | tcp |
| FR | 142.250.179.78:443 | apis.google.com | tcp |
| FR | 216.58.214.169:80 | img2.blogblog.com | tcp |
| FR | 216.58.214.169:80 | img2.blogblog.com | tcp |
| FR | 216.58.214.169:80 | img2.blogblog.com | tcp |
| FR | 216.58.214.169:80 | img2.blogblog.com | tcp |
| FR | 142.250.179.110:80 | www.google-analytics.com | tcp |
| FR | 216.58.215.34:80 | pagead2.googlesyndication.com | tcp |
| FR | 216.58.215.34:80 | pagead2.googlesyndication.com | tcp |
| FR | 216.58.215.33:80 | 4.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 4.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 4.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 4.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 4.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 4.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| FR | 142.250.179.67:80 | c.pki.goog | tcp |
| FR | 142.250.179.67:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| FR | 142.250.179.67:80 | o.pki.goog | tcp |
| FR | 142.250.179.67:80 | o.pki.goog | tcp |
| FR | 216.58.215.33:80 | 4.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 4.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 4.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 4.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 4.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | s7.addthis.com | udp |
| FR | 216.58.215.33:80 | 4.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | farm4.static.flickr.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | www.blogblog.com | udp |
| FR | 52.84.172.83:80 | farm4.static.flickr.com | tcp |
| FR | 52.84.172.83:80 | farm4.static.flickr.com | tcp |
| FR | 216.58.215.33:80 | 3.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 3.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 3.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 3.bp.blogspot.com | tcp |
| FR | 216.58.214.169:80 | www.blogblog.com | tcp |
| FR | 216.58.214.169:80 | www.blogblog.com | tcp |
| FR | 52.84.172.83:443 | farm4.static.flickr.com | tcp |
| US | 8.8.8.8:53 | crt.rootg2.amazontrust.com | udp |
| FR | 3.164.163.90:80 | crt.rootg2.amazontrust.com | tcp |
| US | 8.8.8.8:53 | bumerang.hurriyet.com.tr | udp |
| FR | 216.58.215.33:80 | 3.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 3.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | www.oktayustam.com | udp |
| TR | 83.66.162.14:80 | bumerang.hurriyet.com.tr | tcp |
| TR | 83.66.162.14:80 | bumerang.hurriyet.com.tr | tcp |
| US | 8.8.8.8:53 | bumerangeski.boomads.com | udp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| TR | 213.243.16.160:80 | bumerangeski.boomads.com | tcp |
| TR | 213.243.16.160:80 | bumerangeski.boomads.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| IT | 157.240.203.35:80 | www.facebook.com | tcp |
| IT | 157.240.203.35:80 | www.facebook.com | tcp |
| IT | 157.240.203.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | www.oktayustam.com | udp |
| US | 8.8.8.8:53 | crl.microsoft.com | udp |
| GB | 2.19.252.157:80 | crl.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 104.72.73.219:80 | www.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\CabB50F.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarB57F.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d5fd5aed031b945b26a02bbe0f59c0d9 |
| SHA1 | 32b75dafadd1c143595551638b0fadf39b98be5b |
| SHA256 | 50cfb34cd88384fb8fd2be97bbb8a5486eb803af088433d143803cd1e6979ea1 |
| SHA512 | 59d749c6081746931092aaf9bb9ba29e1ca392059a4b2cf89a4a31fffe56518bb36646a5d03f010304c6d45fffbc27727ea4eabb1714dfa109d131f539137b6b |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WUBCGJ0A\ga[1].js
| MD5 | e9372f0ebbcf71f851e3d321ef2a8e5a |
| SHA1 | 2c7d19d1af7d97085c977d1b69dcb8b84483d87c |
| SHA256 | 1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f |
| SHA512 | c3a1c74ac968fc2fa366d9c25442162773db9af1289adfb165fc71e7750a7e62bd22f424f241730f3c2427afff8a540c214b3b97219a360a231d4875e6ddee6f |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EB0KZ1Y4\f[1].txt
| MD5 | fe1b77737082c636ec1a252bd04ebb5c |
| SHA1 | 33fd71824dd24e228df5240fa198ed1c65d6c510 |
| SHA256 | d9a661b515bc07fea0f12683e5a9eafbbf38398ed4767c9f2c4ed3a155fa1bf5 |
| SHA512 | 5da8275401ffc0a6a4eee020940961deb10453b884149bc83afb33ec2a7697f2840ef56be08d6998e336cd7639942e27047f59097092668b5470d80aafde64b3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | add7757c6173a5fcdfde288d24c66d70 |
| SHA1 | 60c3f8dc5596152456770ddb593b4ed13cf448e9 |
| SHA256 | 66dfc7793bbaa530d7e7a65069b8064a16a08b1e14f4e0ded35aa0d3a9ac8c2e |
| SHA512 | a03f67cc4eea2b3a912721c2de48317a69cd40231b13c868e0a0604ee64d7fce649698290d3d3fcd13f672b597f4b9d027ed8039cfd29c0a51be1e34717b35e7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | de3a1c4816d733ca3dc1650ce5343488 |
| SHA1 | f23c5094a9c2b0d604c5e266076b4e730de58dcb |
| SHA256 | e6e31ff2ea04339f7c32b09a3dc2ef1de297ccfc29af60204d0f994c2470ee32 |
| SHA512 | 78814cfe72155bf6b4ceae8d0b2e34e8155b2e90afaf658ba2ba0e6c3836aa1a287e79068cf11b19bc12eb476bed8bf163585ee266340d767c4beb5fcf03d3cc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b907777cc6594493c2e3d9e56697d057 |
| SHA1 | 9cfd1d3deae20697082d4eb6a7491ed3eb9492ef |
| SHA256 | 49deac61ec128524ff7ca6c603203c72fd3cc0475943f966a5aa248e935e4cb9 |
| SHA512 | 84588c66a47fcb9ec3dfaad06d157be6e4633de274674355253393cbd00befc635633ec9698a283fc605aa02779205775901c26f8aca5650e80a8ac6cd9aba77 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 09e63502c8e59bb8c6941fb7d270ffe3 |
| SHA1 | 220d57b720306a726a65c28a76076c49b969d722 |
| SHA256 | f4a5b1043c5a080d5b7404a8378168ae7ad80ecd4dba4c4f1a0a95dde2f5f0b0 |
| SHA512 | 3dc68c9ba57d784ed333f10236a3d82fb17ca1f96645a146d400b0d9e64396b0bf2ad3dda9aae08ca5db8697b0f95d3200cdc7353dddeba86109ed98951f6ede |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d5578a0cdad7fa0e06104c007de7628d |
| SHA1 | 40895e3a508195049789c48bd7b12d868762192a |
| SHA256 | d396858b38e7e5f0a073a078bef7d85dcb4443f2299b39b8f2d869b543e1828d |
| SHA512 | 76f8bfc632921b5067fad91e74066994bbbc9b85f525a4e0850814cedb5b162b6c70faf28bc647ba45ba9935d1ed82704a553107a0ed9a26709fbfc634785bfc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 35a363f8f327c54d8a80968ec5058957 |
| SHA1 | 6c9ff7b4ed2d4c534be06067e45fa0b1f3d0a24d |
| SHA256 | 737b0340f51d7166235e68d2f70eb6f13d2a150f67d34441f6b63ab9b8adfd37 |
| SHA512 | 77a3af67ed2e9fad2a9dba45b54171c9bc080770e0d34fb3412131b042ae7deac4f7e126bae87b5d619617150b4358c7d2ce5666a92a6993663674cfc5ade086 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5915e2a2f017098c5172cee53dba579c |
| SHA1 | 2c6633eef1d757f186a2c315263a67423321c855 |
| SHA256 | adcec9d142de48ed91e4d549dc8a0f3f5c19d2d8b69b742ac07003f329809cef |
| SHA512 | 3dbd019103920d4c7cb203dc5ea7045f6341e6685f3ff388d3896d12ea0fd94223551a865a12713778a0ddc17d40c98c47ef1f1dc2bdc7ff5c5a9ef0d649b257 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 37d6279853213e8b23558786dc378608 |
| SHA1 | d12fd95c2bd076e4fbf3956336bb7db09958ef50 |
| SHA256 | 091f49d38cfd11d2e438baec24ae01f85a31aadb5422b563f834c645c907db86 |
| SHA512 | 03f652817b710bfad66b62218cc5b3b10302bdc8671c23408ab3130ee3a563e2f6887bf4f943a92a5f8a7264b26d8609560ce24507b4bdd9d8bf628d3655ed00 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 19bc8933c92867b6d1ccd6fa9e9c01e4 |
| SHA1 | 6754ccaeaefb3235f53af249dc0f3c8f92e34754 |
| SHA256 | 7b12995cf1a529f87966e334c5367cfb30df5c24b6c84545fa2b4d40216711dd |
| SHA512 | cbeb6cd5677b0739b9a4475c112e9565b002241f6bae2bb5b4491874f4816a12ee18c5fdac303ce815ff7b5c5236ead4a337b37c26111107c3313719f8e1a659 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8b0bdf0e5b8bae57262fb7a41457ae07 |
| SHA1 | f486277153da72f6d6d23e1b22d38bf333ad7de8 |
| SHA256 | 5e73e83804d8b06c0d733ee3066c4a858b9a83f56ba9fe877250ef379a381156 |
| SHA512 | 2042254caefcf2c29242b886fb8ed0074632086c8f547c809fe6fc2c101532d7edbe3b2de07b326c05e8c139fc69ed4ae9d8115915aad4928c8c167d5def9b5e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 96f78bd9425d138a7587b86985b7bd46 |
| SHA1 | 08e8758b4de1c5d4db14c9dd359f3cd2ebdbe64b |
| SHA256 | c818b89eddb3c6758b475b4169547fb5620a1157cce21ec2f8f60e981bff185f |
| SHA512 | 32277931c11bfcd554a94e45423881d31955f7fa22464dec40056424f0869f532b5d26db667d0a47d55f5139e35aba3bb39bb9a185a007028636db55c5cc4623 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 173e39e88043658a9b5e891459bc54c3 |
| SHA1 | 144b208c52697e9fb13304d81d13dcce2e8b4270 |
| SHA256 | 0a4b9b3b84a7907bce14d1398ce59935dd04c80fbea52152ec5adaf8cbb0d560 |
| SHA512 | 7c42953229f0a637c80d2dc99d8801bff65d0f6bf11f3c1748bb783514c03fb77bca5ca8bd42bfa3ef737d5cd517b4df2ccb90911a1a8529da1f64776a55bdd1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0480b9964d0c33a76e649e9bb61b180a |
| SHA1 | dee846c97ec45680aeada1c5444d5276bea55882 |
| SHA256 | 221a7670064dbf65e797e90694929645ee7f3b748dbeb9cf36c4be9efe80d42b |
| SHA512 | 1f530917251988f65002c5722c5cfbcc71c83c629869928e284486fb993d6ab28e5243f1cb17e5db609e044a0206b8d2bdc6a06fddec945a5232c2fe83d52b85 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 6d2d5cf49e54b020f791ba45ea9f80a5 |
| SHA1 | 9bebb9d14edb842b7212cca4ac80df3ca997c5ac |
| SHA256 | f9ed1141896e79721fa346f40853a8d8494b689526a070862c453a42ecea53ac |
| SHA512 | 7bd64a6a4da9f79ccff8091952f3a4aa62d4987802cc49a72e9827a5f7208a86685c04da35d877938e74b4d2cd12c96763182507873ed02fb65b2d36c6d3b688 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 735bf038c6e4586d54f1dfe34d3d2d2b |
| SHA1 | 078feded4acd1ca683d60f8778430c5aa89c50e6 |
| SHA256 | ec3ca0fb6eec9bdcae83f99a900765abf341a9771205a123032c27b989f4a512 |
| SHA512 | b92b2b0e99eb945c5651c435ed344b386909539e002d6d9c8d2b0d7096963addad95a1b17dc804de09842129cc3b128f9bec9ada24489cad00428168d30879ab |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7786e400f0cf5dd1b34dec7365ca2e13 |
| SHA1 | b235c5c0d227ba5c44e1f4ea18d380357faa36db |
| SHA256 | 00b6e4ea7cce67e963a87ac2a715c98d085465a943d2982f7ecd3dd5db4ef01d |
| SHA512 | fe167519c5d21b8d98b07f3d8764ae20543720835830a0e7c8748c979150af6523080c8eb05def52320319bac317e453ad1b93158be7aa9e38e76d2181bfdb1f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bb951bd190023bb68669b0257bdec8ee |
| SHA1 | 3ee0a0a41469d7d5abe2a97cb2889a8b40cb4b32 |
| SHA256 | dc9af7fc03e4bda91024329950ae453fbe466d401977d538a72839a80d203454 |
| SHA512 | d0e5697130dcf721f134a6a71bb392c647c5c44350fdeb8c425b6b733c33984b98f33a97b80f209815e8ba00196fdd16bee9f6ec2d3b4518fb78c5696e775be0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9dd571ac8be43477540ab08f984b7636 |
| SHA1 | 6a80f4e7065572b5fcffe969f305532fbdeed883 |
| SHA256 | 71aa263576fa2bb480970060f14769b10783c57dba3086a62dec95f4614bcf93 |
| SHA512 | 22e0ad8a0af35d831b367a42f0b0e6d9701e405fd1a12951eb1e2989f92f45c6b58bfcb3f8eed65f5272323e6c2dd9fc4a46d04c17d57f8b455809634310322d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d1312faa856d14bd0d9204aa62328b50 |
| SHA1 | 20fea287daf92349f89c85286150d1159ccc2e12 |
| SHA256 | 5500508ebdb8dd8a71c37c2a70eb66fb114b579059ade3365c9bebf70c950f6b |
| SHA512 | 0b6ddea1e0d5c408886158bddf24d57fe7cba67847637a31179d6ab4b4b009fe1638e313a01e8ce9f7f6710798c0bef4984fa65f7f9c76176f50758681f04cce |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 3abcbfbd395f5dd0fd79197ce210dc0b |
| SHA1 | e42086ed3c589944e45ecd493162a2c5e6042f7b |
| SHA256 | 4058e3e7178b95f9f4e8032c91872c362ecf9d5b17fb36e6b25265d2a31b4d56 |
| SHA512 | c144db087ce010bb99656347256f59641b0f128370d3d1008ef8bb57a4563d11fa25eb660a859d17f2bc0549ca105d9442586eef6e11f86a8ad6413efbc57653 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ea4a476529d9b34efebf7b4c9863852e |
| SHA1 | bc6e602f321997f614e3d9af6ac1e272ab60f091 |
| SHA256 | 0efa28ee4d74e887c843ed18e3a76aa9a4ae1026195be13c4cd6b8a0a0cf9a96 |
| SHA512 | fb1b85556c23c5207756c61614c006b1affbc154bc52d81adcaaba143219ff31ba241c254533fba6f6d9fcdaab6fb016bbbf272f0bb9d35138a1724e091ee0af |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a48e2f842fadaa119f878a86a880e59a |
| SHA1 | beb4c0d256f466617550a03202734ebc706e83bd |
| SHA256 | 7fcdb48a26be4e1207ad623716234951f7afc038aaa34ba01dac7f1148f85819 |
| SHA512 | 8991f76b67ddf0c9a3955679ed3af3c31377710285fea34e8aace3e3d7e26041e86d55d12d700653ce94b5cb2e015a729a597c7d66d0fd40e9d66285c0b39987 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 59c8605d64f4c15a5cf42ec7faa64d45 |
| SHA1 | 0fbc8c46a69810d52ce7e8c63d547912b1c2f42d |
| SHA256 | 8119a8732361c82b87306e3c547932ab35e0d7f29aa5efe2bc98f1a1026231ce |
| SHA512 | 11a0f173bb9349ff82b48e3e0ad296d1d9b3872a93cfbb0419e24358440d003d33f4795004a0a8e40b7765948b37b71634d9e977c72d3b7bdc28de32ebf95dfc |
Analysis: behavioral2
Detonation Overview
Submitted
2024-12-15 11:50
Reported
2024-12-15 11:52
Platform
win10v2004-20241007-en
Max time kernel
145s
Max time network
145s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\f3dc84796d7c0ff49d8d6064e897ecab_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff764a46f8,0x7fff764a4708,0x7fff764a4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,10818535152769892322,11148081221844201765,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,10818535152769892322,11148081221844201765,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,10818535152769892322,11148081221844201765,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10818535152769892322,11148081221844201765,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3164 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10818535152769892322,11148081221844201765,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10818535152769892322,11148081221844201765,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10818535152769892322,11148081221844201765,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,10818535152769892322,11148081221844201765,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| FR | 172.217.20.202:80 | ajax.googleapis.com | tcp |
| FR | 172.217.20.202:80 | ajax.googleapis.com | tcp |
| FR | 142.250.179.78:443 | apis.google.com | tcp |
| FR | 216.58.214.169:445 | www.blogger.com | tcp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | s7.addthis.com | udp |
| FR | 142.250.74.226:80 | pagead2.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | 114.238.56.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bumerang.hurriyet.com.tr | udp |
| TR | 83.66.162.14:80 | bumerang.hurriyet.com.tr | tcp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.74.250.142.in-addr.arpa | udp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| FR | 216.58.215.33:80 | 1.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | img1.blogblog.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| FR | 216.58.214.169:80 | img1.blogblog.com | tcp |
| FR | 216.58.215.33:80 | 2.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | img2.blogblog.com | udp |
| FR | 216.58.214.169:80 | img2.blogblog.com | tcp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| FR | 216.58.215.33:80 | 4.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | 14.162.66.83.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.179.139.118.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.215.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| FR | 216.58.215.33:80 | 3.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | farm4.static.flickr.com | udp |
| FR | 52.84.172.83:80 | farm4.static.flickr.com | tcp |
| FR | 52.84.172.83:443 | farm4.static.flickr.com | tcp |
| US | 8.8.8.8:53 | crt.rootg2.amazontrust.com | udp |
| FR | 3.164.163.90:80 | crt.rootg2.amazontrust.com | tcp |
| US | 8.8.8.8:53 | 83.172.84.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.163.164.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.201.222.52.in-addr.arpa | udp |
| FR | 216.58.215.33:80 | 3.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| FR | 216.58.215.33:80 | 3.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 3.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 3.bp.blogspot.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| FR | 142.250.179.78:443 | apis.google.com | udp |
| FR | 142.250.179.110:80 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | www.oktayustam.com | udp |
| US | 8.8.8.8:53 | bumerangeski.boomads.com | udp |
| US | 8.8.8.8:53 | www.blogblog.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| FR | 216.58.214.169:80 | www.blogblog.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| TR | 213.243.16.160:80 | bumerangeski.boomads.com | tcp |
| TR | 213.243.16.160:80 | bumerangeski.boomads.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 142.250.75.226:443 | googleads.g.doubleclick.net | tcp |
| TR | 213.243.16.160:80 | bumerangeski.boomads.com | tcp |
| FR | 142.250.179.65:445 | lh3.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | 110.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 160.16.243.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.75.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| GB | 163.70.151.35:445 | www.facebook.com | tcp |
| FR | 142.250.179.65:139 | lh3.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | 197.87.175.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.42.69.40.in-addr.arpa | udp |
| FR | 216.58.215.34:445 | pagead2.googlesyndication.com | tcp |
| FR | 142.250.178.130:139 | pagead2.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 172.217.20.164:445 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f426165d1e5f7df1b7a3758c306cd4ae |
| SHA1 | 59ef728fbbb5c4197600f61daec48556fec651c1 |
| SHA256 | b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841 |
| SHA512 | 8d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6960857d16aadfa79d36df8ebbf0e423 |
| SHA1 | e1db43bd478274366621a8c6497e270d46c6ed4f |
| SHA256 | f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32 |
| SHA512 | 6deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe |
\??\pipe\LOCAL\crashpad_2396_WGDFHDUUJFHRKJCR
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c050e1de1d34e67b4ce6eb98e12093df |
| SHA1 | f26a388515d5d06576ad44b3a9aa20a10a288183 |
| SHA256 | 4a397ab6fa525ca73a3f6328e419855b73209f3547543de95a1408b674caa4e8 |
| SHA512 | c84878be5424a41962dee6b6df4568d0edf11d28ffa396581a928d1b3ee05a3da3246a56576c45c7055476b57c750e10ded3b43590f01cf5f32d4c9e8844834d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 74f0aed906693d75a85369616d99bfa2 |
| SHA1 | 1449beaf2667967967d10a98735e4b4d3e5c441b |
| SHA256 | 07fdc2a0048ffc5eb99a4f6351209a97d4df2c0fb355475c89c933d3cc16f523 |
| SHA512 | 205b106f4d3ab63e871c6f1a41a5fce7f4bade0de46cd95977274cd72f64da334139e3bf6620b272d43b38be5092c1996a735618ded0b5027b60f553e06fb710 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6f5e586182931d1001899cabf13a3276 |
| SHA1 | 4ae4d226959bba2e6e8669415ae6d7fc5473947b |
| SHA256 | eacdf5b71bb41609a4a977f1ef2ea1fe4f786a0d57af9147ae3a71f648ae0501 |
| SHA512 | 78f75680a662430d1e4151c3f877c5520d08a0485bb2f95d14e51ba9ea6c9e508e9f3ff7d9ce2d5450f31348c319d1f58f31dabfa8b04ab9b81d435d7c9b5936 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | c92da858157a074b915548338f83f345 |
| SHA1 | 0a9f2e744259150bd404e6301ee8fd1af4f6c527 |
| SHA256 | 52051c31e7b0f5c31674142cd9d5e6a7ba50de17c4732b37ca114641094fa46e |
| SHA512 | cdf00dad8360ddcc80cb888a0159c846fe7de0d5cd949da2380559e1f9838de1bed4e2c424d6a98688767df43a11c83e02d86777f9406c01c7679fad703365ab |