Analysis Overview
SHA256
18a305d168beda36d383c9178249579b3e1cf21e23d51fe9ae9c9579341bb16a
Threat Level: Known bad
The file c1f6b9a0ba910ca283808017b91a6787_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
SocGholish
Legitimate hosting services abused for malware hosting/C2
Browser Information Discovery
System Location Discovery: System Language Discovery
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of WriteProcessMemory
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-26 00:59
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-26 00:59
Reported
2024-08-26 01:02
Platform
win7-20240704-en
Max time kernel
144s
Max time network
147s
Command Line
Signatures
SocGholish
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | sites.google.com | N/A | N/A |
| N/A | sites.google.com | N/A | N/A |
| N/A | sites.google.com | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430795868" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7C1DB931-6346-11EF-B44F-526249468C57} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2520 wrote to memory of 2556 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2520 wrote to memory of 2556 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2520 wrote to memory of 2556 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2520 wrote to memory of 2556 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c1f6b9a0ba910ca283808017b91a6787_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2520 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | yourjavascript.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | script-bamz-us.googlecode.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | www.stumbleupon.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | m.iklanbariskita.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | obatkuat-herbal.web.id | udp |
| US | 8.8.8.8:53 | shampononi.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | widgets.twimg.com | udp |
| US | 8.8.8.8:53 | feeds.feedburner.com | udp |
| US | 8.8.8.8:53 | sites.google.com | udp |
| US | 8.8.8.8:53 | xslt.alexa.com | udp |
| US | 8.8.8.8:53 | track.bloglog.com | udp |
| US | 8.8.8.8:53 | arenapromo.com | udp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| US | 8.8.8.8:53 | rumbiadalam.googlecode.com | udp |
| FR | 142.250.179.97:80 | 1.bp.blogspot.com | tcp |
| US | 52.200.99.215:80 | www.stumbleupon.com | tcp |
| US | 52.200.99.215:80 | www.stumbleupon.com | tcp |
| FR | 142.250.179.97:80 | 1.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 1.bp.blogspot.com | tcp |
| DE | 157.240.27.27:80 | connect.facebook.net | tcp |
| DE | 157.240.27.27:80 | connect.facebook.net | tcp |
| FR | 142.250.179.97:80 | 1.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 1.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 1.bp.blogspot.com | tcp |
| FR | 142.250.179.105:443 | resources.blogblog.com | tcp |
| FR | 142.250.179.97:80 | 1.bp.blogspot.com | tcp |
| FR | 142.250.179.105:443 | resources.blogblog.com | tcp |
| IE | 172.253.116.82:80 | rumbiadalam.googlecode.com | tcp |
| FR | 142.250.178.142:80 | apis.google.com | tcp |
| FR | 142.250.179.105:443 | resources.blogblog.com | tcp |
| FR | 142.250.179.97:80 | 1.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 1.bp.blogspot.com | tcp |
| US | 13.248.169.48:80 | yourjavascript.com | tcp |
| FR | 142.250.178.142:443 | apis.google.com | tcp |
| FR | 142.250.178.142:80 | apis.google.com | tcp |
| US | 13.248.169.48:80 | yourjavascript.com | tcp |
| IE | 172.253.116.82:80 | rumbiadalam.googlecode.com | tcp |
| FR | 142.250.179.105:443 | resources.blogblog.com | tcp |
| FR | 142.250.179.105:443 | resources.blogblog.com | tcp |
| FR | 142.250.179.97:80 | 1.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 1.bp.blogspot.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| FR | 142.250.179.78:443 | sites.google.com | tcp |
| FR | 172.217.18.206:80 | feeds.feedburner.com | tcp |
| FR | 172.217.18.206:80 | feeds.feedburner.com | tcp |
| FR | 142.250.179.78:443 | sites.google.com | tcp |
| IE | 172.253.116.82:80 | rumbiadalam.googlecode.com | tcp |
| IE | 172.253.116.82:80 | rumbiadalam.googlecode.com | tcp |
| US | 34.205.242.146:80 | shampononi.com | tcp |
| US | 34.205.242.146:80 | shampononi.com | tcp |
| DE | 157.240.27.27:443 | connect.facebook.net | tcp |
| US | 52.200.99.215:443 | www.stumbleupon.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| IE | 74.125.193.84:443 | accounts.google.com | tcp |
| IE | 74.125.193.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | ocsp.r2m02.amazontrust.com | udp |
| GB | 143.204.67.183:80 | ocsp.r2m02.amazontrust.com | tcp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | crl.microsoft.com | udp |
| GB | 2.18.190.80:80 | crl.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab84BC.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 36c28093e15de662f68d1625fa5b6d8e |
| SHA1 | 0f8ebfce30e800b697dd2f7f1fbfacb0c1569303 |
| SHA256 | 0d0095b8f059db90c99cb23ab6dc6fe897ad7ed04f5e5cc8488971fe151fe89a |
| SHA512 | cfa24a1f4b615cacf7d8782a51c4528967f5ec4c73f0d7a5d74620d5b42118e31321b862a178a090ef16a869a6b5c1dfbc3503cba8b16d1d0fcb4f4c1746c2c8 |
C:\Users\Admin\AppData\Local\Temp\Tar84DE.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 79e0d63e0f8a51d7e15de8598d22c6b1 |
| SHA1 | dfd3e6db98eb270cf46f0bd493862231c2a0ecf2 |
| SHA256 | aa807d35ab7acb72331cdb04d082f06936afea722e156900e8bcf572b139c2be |
| SHA512 | ec898f5464a1ca04546b97dea39d31aad38f4d0f72ca9900ae47249ee8300c8978838d9eadfdfc4e847ec117cd8ad9f77a5b7a0104ab61e156b7f21bd734ec45 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5d47b7e8a109efbba136680f863d5d11 |
| SHA1 | ec9a6d7c3e9fc67dece238a30288c420561e3eb2 |
| SHA256 | 84dede6fefd834cd635ddef97c21da210d99c457573304ce7932182ca74d7f00 |
| SHA512 | f5fbc01a8e49142e107c9fbb18a0566b9b45c0d3adda2068cd6a8f7f12772a30da2b9eb5fb6363a326d9b240f19be671084a7dc7e8269053463d650fe4fa25eb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 729c29c038988079541056ad8f484417 |
| SHA1 | b47e3c6546e70b03078a57e1d7ce6f7e76f705d8 |
| SHA256 | 88245dc2c0c4f98c9f834e500e11c785866f3451b6ec76730753e32b9163ece0 |
| SHA512 | c5a1da994a128180ecf40aa064792d4421941b337c50d2729a12d40f80b5217dcf0166230a4f5bb45e3aad0ff3e90bece9ca89640d5a75d5363d85eac4524110 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d42cbb3c68639934627e41c305119e23 |
| SHA1 | 442060bacb81234db9238e4f114c9c834acef7b1 |
| SHA256 | b9bea03181d1840b60c10d3e5b996dc0de0fc9f71f49809fcdc59b3d698e1f6e |
| SHA512 | 99dcc5505a25e550d5514e6ec9a499b63a6cecfa1ce61f0a0235dffe08e1fd413d6fc658afd9adc1361d4e6830784e425e2b9e0375e7c0251c63c2a1a51be073 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RXRX1VH\fb[2].htm
| MD5 | e89f75f918dbdcee28604d4e09dd71d7 |
| SHA1 | f9d9055e9878723a12063b47d4a1a5f58c3eb1e9 |
| SHA256 | 6dc9c7fc93bb488bb0520a6c780a8d3c0fb5486a4711aca49b4c53fac7393023 |
| SHA512 | 8df0ab2e3679b64a6174deff4259ae5680f88e3ae307e0ea2dfff88ec4ba14f3477c9fe3a5aa5da3a8e857601170a5108ed75f6d6975958ac7a314e4a336aed0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199
| MD5 | e935bc5762068caf3e24a2683b1b8a88 |
| SHA1 | 82b70eb774c0756837fe8d7acbfeec05ecbf5463 |
| SHA256 | a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d |
| SHA512 | bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 374bdf7457c69d049b74bd24acfb2018 |
| SHA1 | 8d8ae9f0f7e26820d56f1548d4bb9e4cb71914df |
| SHA256 | 8b5163b64a55aacd9b023727b846c2fd51a2bd671d1a2a027715623132fcf1e5 |
| SHA512 | e57ee1449cca678eaecf6b9131c7b4c860ee1de28217515f8cee0c7995185fb38c18e3cceb56ebe53990a676bcc2fe1f7b9d024dedb180491b5a7d64f803415b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fa05c08a519f1224477b24ea7bf16971 |
| SHA1 | 2d7526e43e07de628d9ac7a7537dcc31108bd6fa |
| SHA256 | 6d258aebf43c36b755ad879d5314478056f14226d6041e369d92c8a599eab578 |
| SHA512 | 2b53b4c64f24608f9a92710c7baa4485ef013d235846f8f3ce7bcaadc0c122a1a6bdb102e23ccee6dd32d9051017264d00132a396895b4dbc5a7fc45237e43bf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7b508f2e7cdece455199e7ce0f295e52 |
| SHA1 | b6986d18b1d075968fbf3b2b1ecc2642e83720a8 |
| SHA256 | 2d5e9829f2e9f019d7267457e1b322ca8aef7812f275f626c22a9c7d2d83ca09 |
| SHA512 | 885475dabb2fd10f98b4a0a38d07f1522e3e6b6c8bb3ead201928d2dd72d49c65df61fadbd898aa7195a21a90805e719dbf70eea7274bf455e4eaab1439cdf08 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ead9a5182e95e9842e1c665406e18064 |
| SHA1 | 0bf45a1fcbedf7576374e850cc45ddf530e21e3f |
| SHA256 | c791006f838b8f5d85c9f34a87907a068c403567d895386d0d2c423e8d40d12a |
| SHA512 | 0ac87dcc91e575250eb2ee21c53f1d51c710d20b9bebb6f6d383bd1523e571c0ceed730db2e64bfece2e56c3f4dfbad026fcf5ad37a3e57f6c66083e27d2391f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 932cf1054b3ffa305fd04cf630426db6 |
| SHA1 | af4c9c3c3866b2543e6e523dc4f3d85c83239e48 |
| SHA256 | bd6a674f59091e0165a19a568134e4864424f087ccf105f6b6706eda30c75de3 |
| SHA512 | a6bb3f952e0b0105fca50fa978e5489a6a8a570df6f1c4f84fec08c697dea7edfb265175edb17c7e3854d7b30c40584dc16a98ae9bde2d04b4559cf3200b8fff |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2f307b2531d8648522357b04ff63c47d |
| SHA1 | a0bc9d7c8d021181b5281902058f460d99384285 |
| SHA256 | 7ff25d373f482b49fb8423b9ce436d3c96357c049ddcb2355b2ea8e657ce8628 |
| SHA512 | 586ca99f9b54a8a25607f5c9284b84aeb892189cfce326a8900c12a586807441bc473283a50486fc5e0fe77d621e8ef21f1e309bfcd9cce68450c6d67f2650d7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4e5b750ba21f9fa0623c99715264af6d |
| SHA1 | 4c38c4bfc8366fa4a996d626de5be8229b199976 |
| SHA256 | 4400854391d71ef783c6ec4c03e00a566a200751eba31c54965c9a0841effc14 |
| SHA512 | 8a21d52ebbe3db8c287c0a51b09635aa594fb07871e14c243b6c452a19aeb845471f39a81c9c8ced81b3fecf308ae7999b60862e8532f17b268d704dbe57fac7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 64945f6395f78ef046514ca9c29c4a43 |
| SHA1 | 2373c4b224c798b1dbc71fd27bacc47ff88119f2 |
| SHA256 | 8528e196f55edb28fa847d47d4232b501da9f2bc20fcf172a2d08aa4d17d3697 |
| SHA512 | 8ce3913512f0e94ec9ad810fe20bed8bd3d63ed8cab210c041251d13859c1b7874ce736abf94ef6bb06b2f67602341632d979caf8d3bed6d5244aa4b5cbf702c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 225b807c33979d9ba47620363d693ec5 |
| SHA1 | 3f46aeb433f124737b7a7fc94389c3c6aa156d92 |
| SHA256 | de4e6fa4a37e777610d9476c2762196ca217d361225a974c3f63a5e6d94f5d3d |
| SHA512 | 3d391e679752cb339ef2d6275bce64a1c4557638aa0548d55a9175c01f445cbca16ec2c4098119c9c42ba2e521a9b38d8b97b74b4c02cd11155dba23db1be102 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c30864c7a201ecf7310784a897af7e79 |
| SHA1 | b0f27ed913b08223c6a5b055d0a6f8ee5e3454d5 |
| SHA256 | 63e2338c5421024f51baf458dec1cf261fb62465d78f34ada84c00514ae4bd21 |
| SHA512 | 52d6d9b8b5c23841492c6c53b6b8a5de9f687802bbbd299a755a41de3c18dbbd21c0bdba299abdf31df173acedb9d5c3b82323c1bb4f7cde35597a78ab043a5d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bc295cdf1ed3ee8197f89cf25c56cdca |
| SHA1 | b970d91ab53c94a3596b482d12d93404d1591194 |
| SHA256 | 0c130f799c43e585c9ea1a88e9ed938fff7825f111c0d5d4cb1388fada05fe2b |
| SHA512 | b2cc1d163c8f2d1d77ec52b425703366eabaf70f0b03965b410cec3d83edde1f1b5a9bcb71cf5fe2b388057c7ad69e9144c42f750030610a2658e57a5e7bbdec |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 6a4b23a08ebaa0b5d325385ba8bbf38e |
| SHA1 | 5ee2938f35e7ad97c328f283b20dcf41049960aa |
| SHA256 | 1d29793dc95523c8df119897650b9450ad56b6c2262c1b1d516a1ae1bf8a7f22 |
| SHA512 | ba39382ce09799f70d28c9b323292ab40588c7f0481c673c9131d2406fff1cc84f01b281870c72b2977ea3449b51f94bc4c40279378786b54f63cb50accf2292 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0b04ce4e16f95118dfee9c9e578ed0c9 |
| SHA1 | a4067de72ff9c6c04ce395b7ec35fbc9093d4009 |
| SHA256 | 30667bb3819b480bf12feef4dfc02dfdb2d37f756e1e969455e722a683fffebf |
| SHA512 | 5ee81abd55dbf4d85608ba9c9b28d55570dc375dc824221418092682423963586b1a30aa82734c042ef56fad6096c52395468583ba0b6d7f8109fc0e2850e6a2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b81e3f146ad8cb884722f96ff8e1bb37 |
| SHA1 | 9483fc4103f543a45b7a1594543dfcd9666edc7e |
| SHA256 | 0b122a7ab770b73434b035616ea97b3eae37204da437051c8b89fc4d7510fa96 |
| SHA512 | 3b07a276e2bf47b0f5e217d06cf45e6add1855abfc8e5724790197bbbc672aa1bb5b9fff3d5ebf1859c935419266ff62a861f8a1661d75942cbe189966b98cd8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0972be75648eb76f6c5d31e1c24c4ed6 |
| SHA1 | 7552351ab7f3c9b857f5ca42527bf360f54d93ca |
| SHA256 | 68e3ace903a9dd9d7bf707520dcbb05f714ce1f70d9723ac437b1a2a343c84ca |
| SHA512 | 9f88ee44ba089ea6a048aa6302cb5b86ce19d52b516cf692deb146ee2d9351fb7f0c559f3e1c0dd12516ea82c4ccc0dd86b6ed9e9b5ca674b2d0b28a9d4dcac2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bdf99284cd4f46ffdcb430cf411eea1f |
| SHA1 | ce35f37c0818c77502390dbc89bc25ef9ddc4214 |
| SHA256 | 65aeaf28911d73fb98e805539d175c69e87eb20b0098557f516da20cfce9987a |
| SHA512 | a212f9ccde4959db1081f12ed28bd0b2e747e8d9572fda319ee4f273549a1b80e9886971f0dfd94a4a6606608de26ecf1b16a3c37477ffeaf3ffda6214870c94 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 6522df65c3bdd1d914867a419f96a8e5 |
| SHA1 | 84370cbe4a98523c9d6a44d1fd00e9581f93f59a |
| SHA256 | d886c12534dd1b657a755f3288c663d13e963852723264c14c06d1b7e4b263b3 |
| SHA512 | f7b75bded89db0632bd1ce07dac1362f84500ccb4b0265d5b02d624d6c32d603ef26b64d1dde58d8a8845aeb16b585b1a60f82027dd5b951ca38dd0d177a4a57 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 79f5440d4e0ff0798e3c27dd7a85b08b |
| SHA1 | 5a3e1d97f862b7cbba12de5fe1403d2b8f523374 |
| SHA256 | ee49f45ac551e5b4933c55b8e7fa028c7970f6b9de083851b0fd682856492cdf |
| SHA512 | 30c95a567efa3ca1ceb645c258bb5c3a2feef06f7c484ad1109666fa233c442347d518cff8f848b8e1dab1a5b940f535dc86982ee658992c10a7aa01c2b78341 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 28cc6b4a84e6b4d818537eeb0f435931 |
| SHA1 | c3bb063a5ea900d88b3df0dd34fb7003c17c487b |
| SHA256 | 0a21fdad224cd867de2374ae87688fb19c7ab87c92ba21671dc914c4cd461312 |
| SHA512 | 5d8e173e4b92547e13c80d6e5af9b4c3f1b69836407825797433ce5cc36b7f80c38a41f4d6e5cc190791636de67e8328eadc14739165f001a7bfbe2e72a145f8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 739af2c16b8bf218287bf2cb148e20fe |
| SHA1 | fef90c2bae18a8dc571295a9acd091463de50868 |
| SHA256 | 8520b99b71bd8792bf2c424896cc8b6371ba74e52b15a18bc2d5397c02e71db1 |
| SHA512 | ccc09d46a506f8192580dd840f46bb688a76f8b03bcf2ca7eb93b4520fc263889aef2937c43c491fc30d2b7fa6c21b998ae366a1f3d3a7882e2566bb1fbdc4e0 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-08-26 00:59
Reported
2024-08-26 01:02
Platform
win10v2004-20240802-en
Max time kernel
145s
Max time network
150s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c1f6b9a0ba910ca283808017b91a6787_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff904ef46f8,0x7ff904ef4708,0x7ff904ef4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2264,1945198923308063656,6840974272809163111,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2236 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2264,1945198923308063656,6840974272809163111,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2264,1945198923308063656,6840974272809163111,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,1945198923308063656,6840974272809163111,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,1945198923308063656,6840974272809163111,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,1945198923308063656,6840974272809163111,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4144 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2264,1945198923308063656,6840974272809163111,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5320 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2264,1945198923308063656,6840974272809163111,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5320 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,1945198923308063656,6840974272809163111,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,1945198923308063656,6840974272809163111,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,1945198923308063656,6840974272809163111,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2264,1945198923308063656,6840974272809163111,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1888 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | yourjavascript.com | udp |
| US | 8.8.8.8:53 | script-bamz-us.googlecode.com | udp |
| US | 8.8.8.8:53 | s7.addthis.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| FR | 142.250.178.142:80 | apis.google.com | tcp |
| FR | 142.250.178.142:443 | apis.google.com | tcp |
| FR | 142.250.179.105:443 | www.blogger.com | tcp |
| IE | 172.253.116.82:80 | script-bamz-us.googlecode.com | tcp |
| GB | 104.96.173.184:445 | s7.addthis.com | tcp |
| US | 8.8.8.8:53 | www.stumbleupon.com | udp |
| US | 3.221.43.243:80 | www.stumbleupon.com | tcp |
| US | 3.221.43.243:80 | www.stumbleupon.com | tcp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.116.253.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.179.250.142.in-addr.arpa | udp |
| US | 3.221.43.243:443 | www.stumbleupon.com | tcp |
| US | 76.223.54.146:80 | yourjavascript.com | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | widgets.twimg.com | udp |
| DE | 157.240.27.27:80 | connect.facebook.net | tcp |
| US | 76.223.54.146:80 | yourjavascript.com | tcp |
| US | 8.8.8.8:53 | 243.43.221.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.54.223.76.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.39.156.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.27.240.157.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | s7.addthis.com | udp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| FR | 172.217.20.206:445 | translate.google.com | tcp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| FR | 172.217.20.206:139 | translate.google.com | tcp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | e765f3d75e6b0e4a7119c8b14d47d8da |
| SHA1 | cc9f7c7826c2e1a129e7d98884926076c3714fc0 |
| SHA256 | 986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89 |
| SHA512 | a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079 |
\??\pipe\LOCAL\crashpad_2852_XZRHVKRXKVLUGWDR
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 53bc70ecb115bdbabe67620c416fe9b3 |
| SHA1 | af66ec51a13a59639eaf54d62ff3b4f092bb2fc1 |
| SHA256 | b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771 |
| SHA512 | cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 39e5e346e0e9b37c7d68f632a3c26c20 |
| SHA1 | 36a1976f548d043ab3d37f9ceeaac191cfbd0a49 |
| SHA256 | 5fc9770ff9dde6102b1ba995e3477f24bdff583b04d4e0b61dba90ad2be87250 |
| SHA512 | 7d3a13d4c00e58fcdc2507a486619156cc76ea3f01cca67ff40fcaaddb831a0d1074968f5d62a36bf6417f2bbae2c708ac1d8c04133b2b91b518a311120d7143 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 90fda903001fdcd41bc9f39559fb6730 |
| SHA1 | a96fb90ce2460db036b01a74438621b0bc477ae8 |
| SHA256 | 375782541aa2e3d84b38927ab16453bf765108da62a686d52b0e9f38a8f11feb |
| SHA512 | 2e88184e98dbbc803c4496c8fcd7808ba6634e08b0ad7a7b1b0d8d661ed13bb006c3ade07b870fd3bab01423b7e5d0a89b00c6c174f0dc788cd18aee7134b429 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ee406cb4c1de5f298492e96c8afa94c9 |
| SHA1 | 9893905a9733e69571b6a36bdaf7ec8d898c8823 |
| SHA256 | aa449d3ad398c602e8987461698f4417bc9fed88a96f1cac86fc4de3fbdf9b88 |
| SHA512 | c4e096930ec6466a8a6ffa33fa5b8a6d969dfc64431b3eec0c2d4d952642af516445fe4b00e1a18228f0bcf26299c500932ec6a509733e971678b6bf72693bc8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 681c3b0da76e06a54ec68a0ac9d1f25c |
| SHA1 | c4423febf05535aaf20c6d87e4e8bbd47198409b |
| SHA256 | 0ea39fa6cfd5e30ff06f50810bcd7fce537d061988075f0cee2b1e4037698d2c |
| SHA512 | fb77035255ec52a0ebdc4872be652ba941c9b5b497c5ff58ff75be01cc4b3ece485cc107a4fb9bdf4d1c4d61880e951938145b9b8a4ceb2e9e6e300408ad191d |