Analysis Overview
SHA256
36ac9e3ecac2f2806dc0b95ffadad6a2c51d820ed66c4b5a517303d2cedafaa3
Threat Level: Known bad
The file 6a69317029cf7cafbf0d1620ac5cade4_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
SocGholish
System Location Discovery: System Language Discovery
Browser Information Discovery
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-22 12:08
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-22 12:08
Reported
2024-10-22 12:11
Platform
win7-20241010-en
Max time kernel
141s
Max time network
148s
Command Line
Signatures
SocGholish
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004ecf3e4259aa05419b9c0951a15b131900000000020000000000106600000001000020000000f712b7fd88ed06d0f424d3747b5544cc817e9df7f7bc980b783538d98c33a818000000000e800000000200002000000092518700c6081ccf38aa77376becd30c76be30bcaba9dfe8942a6ff9f501dbf490000000473cb19e386d8b191d4561556ca456710d21699fffbede5c8a6de172a8da5694f016c407ec959cb3a6688929cef330a58ec61f8fb3465d741a292baca17a377ec089dc72bafe5990efda0139d3ddf0371ae1096ae39c92ab3e8ac33df73110c405b6b99237644d6bf650e3a19d720f9ab2828cd290533e07e6e548c34c266c01cb4a9f4bcfe314a961a6cf8292c34eca40000000e724d484a427f6bbf5a5cca870edf109b381697c429ce4b3e24c317f421f91f2f2de04935832a1abc44b4dfc162a40f6146737f4311619293899c26983c5b9f3 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "435760783" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004ecf3e4259aa05419b9c0951a15b131900000000020000000000106600000001000020000000de6cb139c6e8040db15e28bc956d5ad72ab26e3ee84714932e93ff2385358df7000000000e800000000200002000000018dd2f1ef04a3d3440fc458922331b1755c81aaa353cdf525bc6b6424440fbd02000000000ff43bc9fba7018d693d64bc2090111754cc82ad0139686310be6788824d5404000000018f110082e6d37bfe6a5dc7787f629fdbee7bbf6655ea8e375a9ef8636236599cf7d8fa4cf0402904deb9304d920b6af4dadaee21ea172c6b693419c0d36e223 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{5BEC2661-906E-11EF-A276-7E6174361434} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f0abbf367b24db01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2380 wrote to memory of 2912 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2380 wrote to memory of 2912 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2380 wrote to memory of 2912 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2380 wrote to memory of 2912 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\6a69317029cf7cafbf0d1620ac5cade4_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2380 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | segitsuti.hu | udp |
| US | 8.8.8.8:53 | widgets.amung.us | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | img1.blogblog.com | udp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| US | 8.8.8.8:53 | static.networkedblogs.com | udp |
| US | 8.8.8.8:53 | nwidget.networkedblogs.com | udp |
| US | 8.8.8.8:53 | feedjit.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | s46.sitemeter.com | udp |
| US | 8.8.8.8:53 | stat.mystat.hu | udp |
| US | 8.8.8.8:53 | blogcounter.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | img2.blogblog.com | udp |
| US | 8.8.8.8:53 | tcr.tynt.com | udp |
| GB | 172.217.169.73:80 | img2.blogblog.com | tcp |
| GB | 142.250.178.1:80 | 3.bp.blogspot.com | tcp |
| GB | 172.217.169.73:80 | img2.blogblog.com | tcp |
| GB | 142.250.178.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.178.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.179.238:443 | apis.google.com | tcp |
| GB | 142.250.178.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.178.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.179.238:443 | apis.google.com | tcp |
| GB | 142.250.178.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.178.1:80 | 3.bp.blogspot.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 172.67.8.141:80 | widgets.amung.us | tcp |
| US | 172.67.8.141:80 | widgets.amung.us | tcp |
| GB | 172.217.169.73:80 | img2.blogblog.com | tcp |
| GB | 172.217.169.73:80 | img2.blogblog.com | tcp |
| GB | 142.250.178.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.178.1:80 | 3.bp.blogspot.com | tcp |
| HU | 193.39.14.205:80 | stat.mystat.hu | tcp |
| US | 172.67.131.123:80 | blogcounter.com | tcp |
| HU | 193.39.14.205:80 | stat.mystat.hu | tcp |
| US | 172.67.131.123:80 | blogcounter.com | tcp |
| US | 172.64.153.173:80 | tcr.tynt.com | tcp |
| US | 172.64.153.173:80 | tcr.tynt.com | tcp |
| US | 104.21.87.190:80 | segitsuti.hu | tcp |
| GB | 172.217.169.73:80 | img2.blogblog.com | tcp |
| GB | 142.250.178.1:80 | 3.bp.blogspot.com | tcp |
| US | 104.21.87.190:80 | segitsuti.hu | tcp |
| GB | 142.250.178.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.178.1:80 | 3.bp.blogspot.com | tcp |
| GB | 172.217.169.73:80 | img2.blogblog.com | tcp |
| GB | 142.250.178.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.178.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.178.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.178.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.178.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.178.1:80 | 3.bp.blogspot.com | tcp |
| US | 104.21.87.190:443 | segitsuti.hu | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | www.segitsuti.hu | udp |
| US | 172.67.145.159:443 | www.segitsuti.hu | tcp |
| US | 172.67.145.159:443 | www.segitsuti.hu | tcp |
| US | 8.8.8.8:53 | img132.imageshack.us | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.200.36:80 | www.google.com | tcp |
| GB | 142.250.200.36:80 | www.google.com | tcp |
| US | 38.99.77.17:80 | img132.imageshack.us | tcp |
| US | 38.99.77.17:80 | img132.imageshack.us | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | ic.tynt.com | udp |
| US | 8.8.8.8:53 | sc.tynt.com | udp |
| US | 67.202.105.33:443 | ic.tynt.com | tcp |
| US | 67.202.105.33:443 | ic.tynt.com | tcp |
| US | 172.64.153.173:443 | sc.tynt.com | tcp |
| US | 172.64.153.173:443 | sc.tynt.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| GB | 142.250.200.14:80 | www.google-analytics.com | tcp |
| GB | 142.250.200.14:80 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | de.tynt.com | udp |
| US | 67.202.105.32:443 | de.tynt.com | tcp |
| US | 67.202.105.32:443 | de.tynt.com | tcp |
| US | 172.64.153.173:443 | sc.tynt.com | tcp |
| US | 67.202.105.32:443 | de.tynt.com | tcp |
| US | 67.202.105.32:443 | de.tynt.com | tcp |
| US | 67.202.105.32:443 | de.tynt.com | tcp |
| US | 67.202.105.32:443 | de.tynt.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | udp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 394eef45545b0a1508eebe7dc5a5916d |
| SHA1 | 8cd6bbb2b109020037f0bad4efeffc2b2a240fe0 |
| SHA256 | 1fbef3df268f562bdffa35c6341f346ddbc9163d989bf0207e1f1fb0e57f3397 |
| SHA512 | da0670c9e75312754eb2b184ca441f3b454d2482b502db633f14e63925bbd37430741a881da359c77703bfbfe2e898c1f8668b8e8ee63000d5e9d885ad2439fb |
C:\Users\Admin\AppData\Local\Temp\CabAD90.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarADA4.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aa71e668ba13a90ab44688fb9ee7f71c |
| SHA1 | f965bee3dea8b71bf9c03cea14ed34c84d9798cd |
| SHA256 | 7c86c239dce064c7b4776e1b21c89c9ac680b29ee3c0852bca02dd094195788e |
| SHA512 | f0dadeda56e73cce90ac9d0f54e69b85429e62da6d47c873e4237fe78ef7297f96c1ddc8ef1051378dac58be7dba5004761cc49b06db8b450d44ce715295956e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fe00891caf21df377c5eb77f65a3363c |
| SHA1 | 5829d1bb4444857fdad96c5ca8bce8d2710873f0 |
| SHA256 | b3b5134cc34c12f832ebae7ff1697f149d06fda7e847c365b364435b4ae7ea49 |
| SHA512 | 386c40ada6dc128115472f5e12e310e437d8720d8c131e4f32dd1b05a1d7d787676939c123432debabacdadefe30b0b57d32c9554894eb0e69eed525031639a5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cb7d908d52c97103c9b62353791430fc |
| SHA1 | 5a2e2d0f63c6384e4a0fdde8842f4b55ef594f7f |
| SHA256 | d6c4140ff4ab12b02ccf3621dccc46a7b4865c300b4eac4912e85262c636795f |
| SHA512 | 75a94781a892bc008320674f961537cd1d95dab74b5ad3fd6fa922d5655bb787009e81523b9b6f9de79d7d771170b26e37e6418af4a5c1ec373d8b02dde4071c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ad458e077f5cac6c6abc54e4c2b7196d |
| SHA1 | 5a1cadfb2c5b876fd26e6180e9dedc5569f178da |
| SHA256 | 658c588ecff732aa03768b354d545e86cabf1e68dc5c8d7bf1d8d07faf40ccd6 |
| SHA512 | c1dc420d82d54b70c0df891d18125dbb9dd19943de09e10d5c3ca7fdd8b157c706375a9757fcb2475c2d23f672992032aad73f67c8c15fef4d0633839aadfa1e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c2034c3c1bfe40a8571a70c08bdf2a7c |
| SHA1 | f2db314013112442fa3c9932772c469bb82db5b5 |
| SHA256 | 3c8429c75ca7453f0e4c38e4d946771264365209694ddb30a811b05541c38317 |
| SHA512 | 3ef15fac37ab21d079adb6f2bd711833f7bdcd15b46defd715764f4626da5b1c37d50c4fc497ea1c3a97c4312be2493fe12e195a218e8f799c65d76194cafcac |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d8bb147bfd6334a3de67df006e3076bd |
| SHA1 | 26724d1aefc6eb310d3e5b5e39daa5597e223e13 |
| SHA256 | 8e2401e04ebda72d1d42c8cb767f0d9826d2b37ca93ada9f0c518278aed80731 |
| SHA512 | cea472b07e39e8308efd0a43e83b9bbbfad577230ee1704215e8f1273dea9a968f5504866e9801a25afc258a9eb1b9dce97072b519e54f8b72598ef90c5c6102 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 548df7ab54c36991ec6fc93fea7e7e4f |
| SHA1 | 0fd117cbdd26cc7c5427f125a71f6ad791b07c65 |
| SHA256 | 291cbf2374becb8bbbc59ab8074806bf615db1dd993fcee0c4840e19d6dc9bfa |
| SHA512 | 1348c5506e1ab74e52e86ad7a2f27dc45fa07139c8fe00f3309e834c17f3b4ef5a3616142a3d8fb06178ff428404545f4936bd6d6fc4c00fbd1d337784c2ffb1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 03400599156327be84a204dadc6db998 |
| SHA1 | 09170ccfd8cf072f6be3162da2beb8c5cb709f99 |
| SHA256 | 882a0e308fa3391e1b666d1a0f1c3019103bc24080738f11faf9066f2e57b5ad |
| SHA512 | 01af0efd4de15ca66c153344ec5ec06f8414c249fcf38ce8df149a11a89e6147fc126a2cbb461df81b73934396868abef6c2e21599a68add450ab860c2bbee61 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 83963c0f39d50146cb7aaca615f00163 |
| SHA1 | c662d08a99d402fd39637102bb2b7668aa4f2e96 |
| SHA256 | bcc68a08e970ecd3bdfcc698da2ea1649299131a186e629f48ebb89309ef5c18 |
| SHA512 | 884e40d4cd262da9d8256c94c8b20e40769cac112078f8fb0cc2758cb6e2c339c056d1cba8166a279941de82ff339ee89ec3e5e6126b095eea145204d6a7e9a7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1cfb1b305676ca5c12141d4171bb9dc4 |
| SHA1 | 82d3c74583be1c2147b4451092b3aa7e59645298 |
| SHA256 | c1c9a7a8b69ba1e4621893947270dd88b82c97b2c07c6452510177c8fefae5a3 |
| SHA512 | af2814b9752ca7ada6f82b12119f1a8c1a12ead6d2f51d48535201b272f8190bd18c16d821264f96e81511757813d21fe8605b7d93a5352f80fd1541213dd9af |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 934c8b7e3858f5c8785ad318d8904593 |
| SHA1 | 36d1ca607213a32f136f1111c09f836dc9b2b966 |
| SHA256 | bc68963eb357952bc9c4ed6aec9288835026b5163414af94f5f490512acb056e |
| SHA512 | d4380f591d709ebd14afdebc8957f09a2a4c1d69afe47eadf2ac6d23661e61b44f3c036f84d10b0c3d4df5a1ce2ae1799f7e9cda0dc12afb950489efccbcbb28 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 30c510bdb8a3a375c885864d1e1d9b48 |
| SHA1 | 24d859eb1f4af751771fa16e3f715da83d6ff415 |
| SHA256 | 30ea0dfb99ab7303ea249bbbc31eca63b64567eb22b398b59db17e8809e89e0c |
| SHA512 | 44f1ee46e1dc7eff12a78a879c6893872f19ac96450f053a316fea018b94f71496806f4d67cf78d9f3749e1fae82bc4121427db5d1631437a5a38d494f3a01d7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a51bfe853687b8d53c171785a905735c |
| SHA1 | a0be3fccf6a717e5e16f1cd2c04ff32bf12c833a |
| SHA256 | 67c3ecd001ff5090ec8961fb75ecf567d496eac9ec7bb99ced747a14c8d94be6 |
| SHA512 | 867f27a23df28daf1cad1cac2c1f0329e947a70c1c87d85981fbff0e94d9a202c4073d5b0169c12b4112fa5e97b3702605b650faca5409dc674930a099eb45b7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 91ae1bf038d3548ae6ce3235777713e9 |
| SHA1 | cf13c4449120231184a6c75a412522c694378494 |
| SHA256 | a0842947c2991bd7b05cc182ebd026900b4be93f8871cc0547b1e580ee75e355 |
| SHA512 | b3a284fc0ba33f00758c1a70ca12dd352a6f2a8eb6bc315146c325270e133e195f861da6c01b3c8fa67da7416e6fee6f57647eb2ca1f0e3241552b92697261d9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 349c77cead3faf4914f778d79bd1ba09 |
| SHA1 | a2e2bae935313ec88a87a712506f19a17bf14129 |
| SHA256 | 620ea24ab3f0d0443c0adf3b287bd3d5c788c7d122792ceb06510ee1ae1c3805 |
| SHA512 | 547729d27a3ba301474cda88be94204670409da46c5c502b4a1b42518947a9d72bc9b281f310bda9dab357899e70e7731a6cdfa5531b22a73ea990c799be2f22 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2b768744aaafc9ac3fa16691c074ba47 |
| SHA1 | 35b61755510d4ccd5b8637071fcf423cf0c8cd33 |
| SHA256 | 5da37811c779fce6a578b18646e22b4beb10c9a24ed873d6b779e5e147e8adaa |
| SHA512 | efa4be401a68fd8e5bd1e95265cdd5ebb8234518cd02bab6479046cfefd296e94992bece68a30e0ddd717056d6c0ed4cb30dd0d015a2952303434523d3738581 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 11d22f1f26f1e0e26e364f40afec7854 |
| SHA1 | 8e2ab6d5c4422e372a0c7fc91a6b6b16cccdd5d4 |
| SHA256 | 31237708c1a8adce9ad30ea2572cbd238db5236e40d405719a8f10d3b6d4e38f |
| SHA512 | ae9f5939f266d80bdd2f7824abdd69a5bb3f8fbc5f1d87cb22074d5f7851d7b47227e9edca1b9a5f33275cb9798eaa5d7f1eead845e96183f4a7a4e7e3c7619c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9c69a6b9cdfd88038b491db43738fd35 |
| SHA1 | 5e9bbe0f72be44dcfe49fbb39a0f578d6ef7a1ae |
| SHA256 | 82be83909e9da209ccec22515041df34278fccb44dff725e7c58606720020fab |
| SHA512 | 502d441c02d493a821793f75bda33be123105d8b9d38bd8c22b718aac398b887fe6b05a7aca73d261c5ab9f0fbc9da933d1594e5e6f6dbd3062ef90510d0c293 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 087768e290a2522ac4b76122488c76f7 |
| SHA1 | 0b8a73d43aed9513237e80bff5929012efed283d |
| SHA256 | 2b02ab294ee5f483a75bb6955cf3d0b3b88785c10daa7062c1ef1962a494b5eb |
| SHA512 | 122982fbd03312399123eb2127d3eb789dad40794d41e5ad92ea9009861c0f9772c334497b4968cfd1f2483421d85db948c8da9563514400faeeb3d56eea9205 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c36de15db153b5ecce6cb1e0a611b1d4 |
| SHA1 | 5784f160940360e8f45a7defcd7cabb055fe0b56 |
| SHA256 | 81a2f0ee4bbc5ae0d7aed0de3c67914ed58df67b46c21042720c08b20593c69f |
| SHA512 | 7da2e9346e06caa5155f32e8add754525f4b13bdcab4be29969bb1b9cc0692cf6cfb7e980319662a8412b1204f4e147cf8e52c456beb09a18ca805daf1ef28d0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 71cf2bc8c1cfeb4c03625d44740deb10 |
| SHA1 | fde2dd60b5b406bbf36ab9921a184e5fccb01057 |
| SHA256 | 4f6851b11e82ab5f6dfd7f2bcc9817c2ea0e1b61ffdbf668195cce0e4c6edcaf |
| SHA512 | 8eeda40fe7105e9b191e232bef3248d565b986a6d1948bba9d945583a37a0bfcf49520bfe9e9895c66e2709a4e90b2814c221fb3338ac26fc5f05939a40b7f05 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f3517d7f0ee2f21e46d59aecdc66b035 |
| SHA1 | e6fe702eb1e673ac974f7f08479862f1808c8fc7 |
| SHA256 | dcfee9b32a04ef8a1a0605282e882c97a32fc2a1f3bd46b74fec00770cb30a97 |
| SHA512 | 3580c154144d322052daf6aa717620d7e77168b604c0c87e68a329bb739683d776ae48703087f5f13141273a5b50b8e5f307fafbf959601fb5ba6ddddc856de5 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7BCOPU31\v2[1].js
| MD5 | 350fd6ef6446635f7a8f608434a405ec |
| SHA1 | a4b6c275ac2c80ec925b5c0c5c6abb79ba897356 |
| SHA256 | d21021784cda31eeae5c8295e047a14bda6ed5a9b5963fca9e7ceb398a9c9179 |
| SHA512 | c80ee0076d4ed85badaca8443b52e2c2820bcaf7dcb87a92888de21fa312441d7723db2de5538396ae706099b859fccec8a7c246d24b39fc6538c4bcd7d2ce29 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d506890e337826d551c2de99d8da1431 |
| SHA1 | f58c85b4d32bd291707d1d95060477730c77d1db |
| SHA256 | 86d5df661700085e993576fef5b7cabdb5c7f5a72d458c2a4168bf7bf829c142 |
| SHA512 | 1ae8b3de8633fb70db4bf0446bf1e1282a97358e3086c0f0df7689b14e1695ec2192b8da68e069f67b217c31baedbcbaaf304d1bed45d8ce4058385bb12af5a0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 696d568bcb532e8fcab21e3b403d06db |
| SHA1 | 3c543de62733f78e6a3287f3194f3e2d504b5d80 |
| SHA256 | 89436274c762feacc14cbdc0a8e8f803066374a6e2a126413ece381708ffb58b |
| SHA512 | ba8d6ab01248566448ae8124a1b9ade9425a111a22825777b13e50a6bc97308b0e8df8ce0af4bd5484da93fb7d8938d8674b938839c1a507d5b1972fdf3c80b5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 44a063d741b864a10904683a9f77699f |
| SHA1 | d1c841520d9fe4f56c06574bca7bd7c27737c24f |
| SHA256 | 38e5349ac75470e5745649b4802791f0dd9065895005017ed0fbd68a41eccc45 |
| SHA512 | 06eca7c9909060dd34295ab5c1299fa5b661c4e06f4c81290263b341eaa18aa48fa6b3ca3ac1a4c570d0b53b963a37eabcb7124f4945f27cebfb6d7e080cfd99 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ee470af94e386f2fa516f6b2cda014cd |
| SHA1 | 71a7a16961aeedb184d19016679f4ebb536ea0ca |
| SHA256 | 1de16a905aa9a6369ee469aa7e8f1da436c240565449372453f051bb0b72a4e4 |
| SHA512 | 5ebd34b6394941992308254acdee374ab10a0fa06fc194bfe4cb73e04fa639d04a44410aefdc70957514ad1fff512beeaf11a517b6009a1c84d808c1d3b769f2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7502f2bc07725ee0fe360f08c0e9225f |
| SHA1 | 356df0cccbf044a8a4bc652bf89e01363b2a9987 |
| SHA256 | b84b8c7c9f8db38285e5c7a13f51434a84fb41f4d6ffac8decb3d32752170946 |
| SHA512 | 859d4adc5a91d86d5c9706593bd4325e83bc5f8a6885554f77c23802a165cd9ee84d4748d6cdfd7d38a59df8711a5d3a1ef168e5c3d23cbfcc69d99ea06d14fd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6fa98547fc87d1bf1611b60153f84d3a |
| SHA1 | bd7a4ac41ca81b6e9a707f9b8afb270cfd9b702c |
| SHA256 | 09e020822379df71a553b393a9789951dc4e55c42571c06a9690478c5a06aae6 |
| SHA512 | c2a13e0d74c46c02072a5cb55356f7379897e6c1f0ec8a550dfe747f67927262953531455b32e909a339402ccbdd31c0d0156534af5e5605ac46b8f573502956 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2252265822118995ff6f6b0dc3f8361f |
| SHA1 | bd030f630c4dd00b7b660b924c19dc6088b9f725 |
| SHA256 | 54ddeb44127d48e74129163183e8c056d99ff55f637c4304ccee97c9633c10ad |
| SHA512 | 4e42df81033d57c38768a9c8ace47340a6945f3f7b44115992ba54057a1cbd12977545aec675e551da24a33ec22e226ce14e5e63f9ad1fc12544c844fa24a9fa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7767f19f21510047c81dfa65caba903a |
| SHA1 | 9da8a6459c4e1b512e3ad235a51afa48f32b3751 |
| SHA256 | 54aa9aca261a358abab6c7721c1ff3d405c63d7e88d6debca7135390b20e5432 |
| SHA512 | 5f8313db09c38ef4979ba31d87dd3df87d45be789979d77e5a913b48ea842d2acab8f121005fb86719a3751bb28d2ecf1c6c8999ea248e3854bea4b096310c44 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fff51265578285f8c471d29767cfa4b3 |
| SHA1 | ef57050d6b18f9e81bf24a443cfbfb4388880dcf |
| SHA256 | eb0875074abd6ecb54a78c8a75301870f4c1d1352aa5e5e45a0f64b71de7037a |
| SHA512 | f77183e2ab10907b8031057a4b3e30895ac40049286ff5efd1f4c97fb703b6178b423a2bf176d58e46bc682f6ddba60f10923284c727c3fd4537ae1b96a5ab9e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e03e0d2efe27f69c58d5db1c87607ab6 |
| SHA1 | fd9cf97c8cb7667fbd2d757aba2b2d8b9644bea8 |
| SHA256 | 15ea3f6386bf6c75589787d589043465ad73dbea6605aa91b9b6b03f72f93ee4 |
| SHA512 | 0a157ed34ffab6136d293b086b6c082f15b8de60d8310a0295051a6c99d34770fb8663c70c808c7dc9e496c0b07febe2c171495b2aeeb5dd2fc0fdac36fc6868 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-22 12:08
Reported
2024-10-22 12:11
Platform
win10v2004-20241007-en
Max time kernel
145s
Max time network
146s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6a69317029cf7cafbf0d1620ac5cade4_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc02b446f8,0x7ffc02b44708,0x7ffc02b44718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,5843857376721763444,10007644370051430902,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,5843857376721763444,10007644370051430902,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2460 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,5843857376721763444,10007644370051430902,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,5843857376721763444,10007644370051430902,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,5843857376721763444,10007644370051430902,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,5843857376721763444,10007644370051430902,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2148 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,5843857376721763444,10007644370051430902,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,5843857376721763444,10007644370051430902,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5808 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | img1.blogblog.com | udp |
| GB | 142.250.179.238:443 | apis.google.com | tcp |
| GB | 172.217.169.73:445 | img1.blogblog.com | tcp |
| GB | 172.217.169.73:80 | img1.blogblog.com | tcp |
| US | 8.8.8.8:53 | widgets.amung.us | udp |
| US | 104.22.75.171:80 | widgets.amung.us | tcp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 8.8.8.8:53 | nwidget.networkedblogs.com | udp |
| US | 8.8.8.8:53 | feedjit.com | udp |
| US | 8.8.8.8:53 | s46.sitemeter.com | udp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 8.8.8.8:53 | stat.mystat.hu | udp |
| HU | 193.39.14.205:80 | stat.mystat.hu | tcp |
| US | 8.8.8.8:53 | blogcounter.com | udp |
| US | 8.8.8.8:53 | 69.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.75.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.179.139.118.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.14.39.193.in-addr.arpa | udp |
| US | 172.67.131.123:80 | blogcounter.com | tcp |
| US | 8.8.8.8:53 | tcr.tynt.com | udp |
| US | 104.18.34.83:80 | tcr.tynt.com | tcp |
| US | 8.8.8.8:53 | segitsuti.hu | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 104.21.87.190:80 | segitsuti.hu | tcp |
| GB | 142.250.178.1:80 | 2.bp.blogspot.com | tcp |
| US | 104.21.87.190:443 | segitsuti.hu | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.29.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 123.131.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.34.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 190.87.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.networkedblogs.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| GB | 142.250.178.1:80 | 1.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | www.segitsuti.hu | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| GB | 142.250.178.1:80 | 4.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | 10.29.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| GB | 142.250.178.1:80 | 4.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| GB | 142.250.178.1:80 | 3.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| GB | 142.250.178.1:80 | 3.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| GB | 172.217.169.73:80 | www.blogger.com | tcp |
| US | 8.8.8.8:53 | img2.blogblog.com | udp |
| GB | 172.217.169.73:80 | img2.blogblog.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.200.36:445 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| GB | 142.250.179.238:443 | apis.google.com | udp |
| GB | 172.217.16.226:445 | pagead2.googlesyndication.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 8.8.8.8:53 | img132.imageshack.us | udp |
| US | 38.99.77.17:80 | img132.imageshack.us | tcp |
| US | 8.8.8.8:53 | t.dtscout.com | udp |
| US | 141.101.120.11:443 | t.dtscout.com | tcp |
| GB | 142.250.200.36:80 | www.google.com | tcp |
| GB | 142.250.200.36:80 | www.google.com | tcp |
| US | 172.67.131.123:80 | blogcounter.com | tcp |
| US | 8.8.8.8:53 | 11.120.101.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.77.99.38.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.200.250.142.in-addr.arpa | udp |
| GB | 216.58.201.98:139 | pagead2.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | sc.tynt.com | udp |
| US | 8.8.8.8:53 | ic.tynt.com | udp |
| GB | 142.250.200.14:80 | www.google-analytics.com | tcp |
| US | 172.64.153.173:443 | sc.tynt.com | tcp |
| US | 67.202.105.31:443 | ic.tynt.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | de.tynt.com | udp |
| US | 67.202.105.32:443 | de.tynt.com | tcp |
| US | 8.8.8.8:53 | 35.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.153.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.105.202.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.208.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.105.202.67.in-addr.arpa | udp |
| US | 67.202.105.32:443 | de.tynt.com | tcp |
| US | 8.8.8.8:53 | whos.amung.us | udp |
| US | 104.22.74.171:445 | whos.amung.us | tcp |
| US | 104.22.75.171:445 | whos.amung.us | tcp |
| US | 172.67.8.141:445 | whos.amung.us | tcp |
| US | 8.8.8.8:53 | whos.amung.us | udp |
| US | 67.202.105.32:443 | de.tynt.com | tcp |
| GB | 172.217.169.73:445 | img2.blogblog.com | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | stat.mystat.hu | udp |
| HU | 193.39.14.205:445 | stat.mystat.hu | tcp |
| US | 104.22.74.171:445 | whos.amung.us | tcp |
| US | 104.22.75.171:445 | whos.amung.us | tcp |
| US | 172.67.8.141:445 | whos.amung.us | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a0486d6f8406d852dd805b66ff467692 |
| SHA1 | 77ba1f63142e86b21c951b808f4bc5d8ed89b571 |
| SHA256 | c0745fd195f3a51b27e4d35a626378a62935dccebefb94db404166befd68b2be |
| SHA512 | 065a62032eb799fade5fe75f390e7ab3c9442d74cb8b520d846662d144433f39b9186b3ef3db3480cd1d1d655d8f0630855ed5d6e85cf157a40c38a19375ed8a |
\??\pipe\LOCAL\crashpad_4832_TCCBATDFZQZPWZUB
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | dc058ebc0f8181946a312f0be99ed79c |
| SHA1 | 0c6f376ed8f2d4c275336048c7c9ef9edf18bff0 |
| SHA256 | 378701e87dcff90aa092702bc299859d6ae8f7e313f773bf594f81df6f40bf6a |
| SHA512 | 36e0de64a554762b28045baebf9f71930c59d608f8d05c5faf8906d62eaf83f6d856ef1d1b38110e512fbb1a85d3e2310be11a7f679c6b5b3c62313cc7af52aa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 25f065f2a9f3439a1ec6d20b16c562ef |
| SHA1 | 2244bbf68b6ebf5bb53797d88ae89cc58a1ceb9a |
| SHA256 | 1ee8940d243b8c3ede34c1fb0a4ea8b659276d4320d76258e65a1d2c3cef5c62 |
| SHA512 | 3d4d6630bd80111170648b6a06b2bf4e286bc9cd51abfa2d92a470ed4f933112dec19b5c70e3da6fa101f4e73bd040eeae340839a6bc0833cb3591e6441883a0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | cec4f40a3ae3c221e738edbd982c14aa |
| SHA1 | 56b05e7677df3e959290fd8cddae7bf8f2de16ab |
| SHA256 | 6110eeed67e01eb19a413798c80784606e2076aa462bb48149c1446f104bb578 |
| SHA512 | 9051f2e883921830be583ed30953cd3749d97acf1512fcb6dab8f9db8217198bfb65320f67ac2a60eba1392728df3f88ab035f35464306f225c0aa2cf0445d81 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a3436b5b22b1a2ca0c3906f3ad3e69f9 |
| SHA1 | 1a06159fb38d56a0e1afeea79f55f1a74a701140 |
| SHA256 | 85083ee83f9ec761b8cf731b181bc00aad6f63c2f74e576116f67d6c068633a8 |
| SHA512 | 33279e302a58af49b3bd0037535e9a7bd79887d2ce92bf58e27b743a5b4c12ce0dbb70ddac12e40a12e788e416286b435abce39bd9bb395dbf7cfd15c751962b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\2fbff1f0-7278-4c4e-94a1-a1d5cd5bba90.tmp
| MD5 | 807419ca9a4734feaf8d8563a003b048 |
| SHA1 | a723c7d60a65886ffa068711f1e900ccc85922a6 |
| SHA256 | aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631 |
| SHA512 | f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2bfc419f916a325a7557ddb5f0bf9b75 |
| SHA1 | 2661337cf503be06d47a081d89756e9152a98be6 |
| SHA256 | b99de443ddcaa3c2f95495a0b2333a81edcb4b75a1c8a84aaa20a7ccede6931e |
| SHA512 | ac5a1710db4f4e0fb0e09387eab366d9a55804a366627c90b66f4265f24a7b753a306e1720bbb96d15ebbb7f8dd063e069f17c64da3a06d51acc10939e751b35 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | e9be4012af2a95753fe8fdec6f0e7a64 |
| SHA1 | 2ce1a918c9db1e6c6dedaebc4ba8ee583d1f5b3d |
| SHA256 | 67d2864d3b64ecddf00c219afaa93b09095d0ece0d27c6a0feb0f90e880f4087 |
| SHA512 | 32149d618fd9fd9304be288de349d359affe0e034d9dbbd3de7a9710c83878e7e2fa3f0d6b772402cfbb8a83001359e66fe0f448a1c8cdfe3c9518589f2fadc6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 7e206dafd6e336fa7d8e2cd579e462cf |
| SHA1 | b2d78972cf6506c9923fab1033987e043a3f67f3 |
| SHA256 | a32555cbd3039ef0fe0931ed164e657fbd8efd553aa7c796c92efcc478889008 |
| SHA512 | 43a2e4faf1fc62385c16b413d491395327701026eba0ca1e6f86d64870e4bfe2b4a24ba1e35b8ee3af0eac1414a6c956be0855e98f1a5d71d63a2f5aa44a0439 |