Analysis Overview
SHA256
1200dba66acda67c0610e10be639fb62693ef032a0f22151fd39ec0b01429e02
Threat Level: Known bad
The file 77482df200eff494d08ac8ed6ed52a21_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
SocGholish
Socgholish family
System Location Discovery: System Language Discovery
Browser Information Discovery
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-28 02:47
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-28 02:47
Reported
2024-10-28 02:49
Platform
win7-20241023-en
Max time kernel
145s
Max time network
149s
Command Line
Signatures
SocGholish
Socgholish family
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a907cc1344750743988d8bab481dbfbf00000000020000000000106600000001000020000000d93caccba0546cb5351201aa46e97447c044940dbf9ee4e29bd8c37245761343000000000e800000000200002000000009014e6ed8528e516db54ab49844cb96d79be0f31b98e4ff4065e1140067cd73900000007086c5d588b2e3eafca4f7dd428cb8d3f60e6c20e9e8a9bc03b89c20ba6b05d00f1aa54d4f296de497142bb1ef5f85a0eab7d5e5e216f6d8b627c24f8a4521388c9d8cee5a1291298558143b29e55722c002e49b68750e867c5bb6b56ee1afe674b4960457c8534d7d534304f272e5e6ad3865ee30bca94d4ea998280e556c4bc32d7115cf160f06bbb345f914cdb8ea40000000ea38933d350d47202e08c402318946f8779a5424bf97ff4175c722033cb58541cd5f192c63d55e6ee122d517e53a92887fc6f08c79cfceed0d15f4cdabb8f8f2 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "436245511" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c07eabcce328db01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a907cc1344750743988d8bab481dbfbf0000000002000000000010660000000100002000000074afe9de435070b1c90d1b9b9c50201165f031f88e1ae5ac04e955be66abbd21000000000e800000000200002000000061ec3dfa9b48b4c34013dcf4743becbf64aa8cf9ec56f33eff1dca660b7518e820000000932930085b28cc434c5c41a277119ae0d1cfddc0017ce5bbbd009b5d98db79034000000091cfbe554f027c4bc8b309618add7ca0461a2eddcc8745501883fbaacdfaa1556ce271c9bddf795d3a5e1aaa14ba4a8797347bbcbb08f73f19aa1ed61725b6eb | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F56C7A31-94D6-11EF-B387-F234DE72CD42} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2644 wrote to memory of 2056 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2644 wrote to memory of 2056 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2644 wrote to memory of 2056 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2644 wrote to memory of 2056 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\77482df200eff494d08ac8ed6ed52a21_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2644 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ads.egrana.com.br | udp |
| US | 8.8.8.8:53 | w.sharethis.com | udp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| US | 8.8.8.8:53 | img1.blogblog.com | udp |
| US | 8.8.8.8:53 | community.secondlife.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | www.pictureshack.us | udp |
| US | 8.8.8.8:53 | img2.blogblog.com | udp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| US | 8.8.8.8:53 | action.metaffiliation.com | udp |
| US | 8.8.8.8:53 | pr.prchecker.info | udp |
| US | 8.8.8.8:53 | recent-post-techkgp.googlecode.com | udp |
| US | 8.8.8.8:53 | www.mlkbolado.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.187.226:80 | pagead2.googlesyndication.com | tcp |
| GB | 142.250.187.226:80 | pagead2.googlesyndication.com | tcp |
| GB | 172.217.169.42:80 | fonts.googleapis.com | tcp |
| GB | 172.217.169.42:80 | fonts.googleapis.com | tcp |
| GB | 172.217.169.42:80 | fonts.googleapis.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 151.101.130.137:80 | code.jquery.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 151.101.130.137:80 | code.jquery.com | tcp |
| GB | 172.217.169.42:80 | fonts.googleapis.com | tcp |
| BE | 18.239.208.72:80 | community.secondlife.com | tcp |
| BE | 18.239.208.72:80 | community.secondlife.com | tcp |
| GB | 142.250.200.46:443 | apis.google.com | tcp |
| GB | 142.250.200.46:443 | apis.google.com | tcp |
| GB | 142.250.178.9:80 | img2.blogblog.com | tcp |
| GB | 142.250.178.9:80 | img2.blogblog.com | tcp |
| NL | 18.239.83.50:80 | w.sharethis.com | tcp |
| NL | 18.239.83.50:80 | w.sharethis.com | tcp |
| GB | 142.250.180.1:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.178.9:80 | img2.blogblog.com | tcp |
| GB | 142.250.178.9:80 | img2.blogblog.com | tcp |
| NL | 172.217.218.82:80 | recent-post-techkgp.googlecode.com | tcp |
| NL | 172.217.218.82:80 | recent-post-techkgp.googlecode.com | tcp |
| US | 67.227.215.171:80 | pr.prchecker.info | tcp |
| US | 67.227.215.171:80 | pr.prchecker.info | tcp |
| FR | 95.131.136.1:80 | action.metaffiliation.com | tcp |
| FR | 95.131.136.1:80 | action.metaffiliation.com | tcp |
| NL | 18.239.83.50:443 | w.sharethis.com | tcp |
| BE | 18.239.208.72:443 | community.secondlife.com | tcp |
| RU | 62.152.54.35:80 | www.pictureshack.us | tcp |
| RU | 62.152.54.35:80 | www.pictureshack.us | tcp |
| US | 172.67.183.15:80 | ads.egrana.com.br | tcp |
| US | 172.67.183.15:80 | ads.egrana.com.br | tcp |
| NL | 18.239.83.50:443 | w.sharethis.com | tcp |
| BE | 18.239.208.72:443 | community.secondlife.com | tcp |
| NL | 18.239.83.50:443 | w.sharethis.com | tcp |
| US | 67.227.215.171:443 | pr.prchecker.info | tcp |
| BE | 18.239.208.72:443 | community.secondlife.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| NL | 18.239.83.50:443 | w.sharethis.com | tcp |
| GB | 142.250.180.3:80 | c.pki.goog | tcp |
| GB | 142.250.180.3:80 | c.pki.goog | tcp |
| BE | 18.239.208.72:443 | community.secondlife.com | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| GB | 142.250.180.3:80 | o.pki.goog | tcp |
| GB | 142.250.180.3:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | widgets.amung.us | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| GB | 142.250.187.227:80 | fonts.gstatic.com | tcp |
| GB | 142.250.187.227:80 | fonts.gstatic.com | tcp |
| US | 104.22.75.171:80 | widgets.amung.us | tcp |
| US | 104.22.75.171:80 | widgets.amung.us | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 157.240.214.35:80 | www.facebook.com | tcp |
| GB | 157.240.214.35:80 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | r11.o.lencr.org | udp |
| GB | 2.18.190.80:80 | r11.o.lencr.org | tcp |
| GB | 157.240.214.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | ep1.adtrafficquality.google | udp |
| GB | 142.250.187.194:443 | ep1.adtrafficquality.google | tcp |
| GB | 142.250.187.194:443 | ep1.adtrafficquality.google | tcp |
| US | 8.8.8.8:53 | ep2.adtrafficquality.google | udp |
| GB | 216.58.213.1:443 | ep2.adtrafficquality.google | tcp |
| GB | 216.58.213.1:443 | ep2.adtrafficquality.google | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\CabBAF8.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarBBA6.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ff0afaba66fcc792e14677595e0be1a5 |
| SHA1 | bb27dc1847461c6757feac63c27d09908f2e7fcd |
| SHA256 | ceef0777fb1179a446de234b4eb581924091d59e28d5ffbaa079c6dab2e53731 |
| SHA512 | 0029c9a3ee5ead2b8625e87deaa02e7408e2462cf19669e7c621fd7738c4fc223fd7b89595f3bea46c030b5297d5e6de180f51a59119e576438ee50264fbc796 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1fada2c8b4ce6563f218440374718710 |
| SHA1 | 6bbf2b11041298935b812737c1fff88d6e4b67e7 |
| SHA256 | 4b7d539b78f6bfbb2205311b512b6263afadf2d28f2d303e4a490f08d9f89bc6 |
| SHA512 | 901f5df2a38cd277f599354fdd271005681f711a12147f7bc4337c0d04063d38dc6d7108f21ad7fc8d7389e14c18797ee5cfcad98fa0706a380266eaf971e79b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c821c10c372dae9ae1f2cad7f587ca98 |
| SHA1 | 98b5910341a5cb3c17d2bc5c4560a740098e1ef4 |
| SHA256 | af91e1066ec6c26a14d5d11976c889e00197d7c9260ef9042d91c26b51cb2d41 |
| SHA512 | 742729bfa50603b90acd6d78dcf4993b479c2e7f8470748863ef59f15a9d7dd243e7b27c49ceb5739c46d892d1c17cffe6e02a4d25c9ea0057759a8d3d7193e6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dcd0c3e513ef5e1c4347798f2ae0440b |
| SHA1 | 23e63ec805363d71f01af23b1b6e02f483e86829 |
| SHA256 | e284e1aae1219141cbc7436a6332ad721ef4b349f3195dc7c6658dd325e93faa |
| SHA512 | 8c5be58a3c0bb71d15c0990d510de69fc10a6efb1b3bd4baf32d6089580e5d184ab8cd85d4f75a52e25fd22d46a4288e6519f52921aea31d321d6105d5af75aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 13c50999489c93f318d793ce87581ed8 |
| SHA1 | 93d0dc6b1c58d01a9734ab6b8c419ee57fe6eba9 |
| SHA256 | bb832c168a0feabd7fc244fd72b0f508b559c6f3ce76646fd0cd97aba789b6d7 |
| SHA512 | 3fbab28912b5f3e38c365fdf5a9248805f0a1ab5ae2d0440725e5b1b156a9b924bf0f2c5431b547eefbebb1200cfb35b1bde51241693b8a9832c5ebbe0ea9586 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ff0cdfc838097ae9a6938b2e75f02f2b |
| SHA1 | 9e4f80532a9fc064e7435a13e5f4c47c48f830f8 |
| SHA256 | f82f035afd04fcafddba63e802958888dd19e54e0e02bb1ba7ea1d3b1dc17c20 |
| SHA512 | 16c9e07b819e28e27c6c8923a8d1ae64d7e00363e960be0c91bb09f31c01141ec6e4615c1a8f825ac92b2ade85f6c785c9827542877ce06c01e4cf837607fb4e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c7fc1e76c8b4f25d37d799ddfcfe666f |
| SHA1 | 6495ebc52120ff00820c5698dd5823cce5f534f8 |
| SHA256 | da49882d2c952cfeb8df5db8f98c4450b5450fdd11e2f3b61f92d9ff0ea2cc8c |
| SHA512 | 3d47db8cbbb3f4ef5e82b1234d0857a8a5392289398b8281dc3b8e3a6c018494e4cd406802a4d19242946fc5a109bf928f0706b9e37496464fcb38472aafb2d7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9d1bad908e6d893977997ea0a3f8b786 |
| SHA1 | 922715b0a2a2e5e3a755ead83f0bcd6a04489944 |
| SHA256 | 807dcc60df009c9a01396e853cb3c8b33cee392fff84a41f228d452be8e3b7be |
| SHA512 | 2fc8fd9b6bffaaee939ee0913e5f06bb6792d0c07ec5c1e463412e4592e2ade48d60c0b66f9933f509f8483ea276f0395682c33e8d0b8517ead7f92b788c2617 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | be4aefc1f61c2d09a8a27f42e44a565f |
| SHA1 | 585a2cf5a49f53c2e0bc6c193e1cd21ac8199367 |
| SHA256 | b8c0acf1425cb8113a3329acc4865352c965dd0238bb9617e9a69090840f9c23 |
| SHA512 | e3ea8023d866b2719056a8b8121c7305fd572a299efaab636a9dfded91a9e83d8cce95fd5374d274aebfbd53c9bfdad3842184ec0695f2c961e75aa4ca4fddc2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 07d0bfffb1b4ba725cc3e35d84d2bcf7 |
| SHA1 | 51ae1f4f6412a1d6d6850f712a18f230612b3bfc |
| SHA256 | ebd3d0a9fa33949004efd62b04da85b359f2f5d91bbc0557f67ccf95aa99818b |
| SHA512 | e0499449729a75a64b79bf773a961399de772b45d6e5cba6f65805be6e038e00b8f043c5ce93fa1c94c6de8d404c578bc8b8805b7b270542cd8618ca415888b7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c0c81e574ed970157bd1dd0e52294279 |
| SHA1 | d360ca8eb9dbc1894be1ed96071f48454c5948f8 |
| SHA256 | 870adc7c0d1fa920f7ae5ddeee022d7ed2171116d940ddaecb79683c83a9e800 |
| SHA512 | 4cb8d59a1c8dc287207d75cd1d6e70b581e08853f063312b52ce65bda8ff5b0a4b02153ce844a1853a811a2e558640b42df02f4a72b9e07d515e7aab3ea75289 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 863c8db416f25240b239dc420cb747bb |
| SHA1 | c9da1c3cdbf96006b244b4e016c781e74ead16c2 |
| SHA256 | 714bafd1ee1de405a9e7ed04423f7b9ed18d05b2f992e1f402ebce17c0952f9f |
| SHA512 | c91d152d902047bcbc9484affbcef8fef3ee1b43ad2520a2081444cd919bb1d59bfd93df071abea4b390bd7ac3a444391b077b72b3f77e8d02c1505b9fd7fb74 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9000814526bf6cce7bf5f9ea6d2b384d |
| SHA1 | 6b49e66e4e85c10f313782c5c130b2f146e061b0 |
| SHA256 | 4f77f636dcd84f0968c293e91d0320044ea5d0636f93fd9cd7be6d7c9627c094 |
| SHA512 | 3c0347942ec8a337a791ef3df51937dee475c6ef3c2dd2f94123a62b66c702f0afdc1dce3e7d103d4db7340a1df4f956f0b794ac6bb1e1ace7c40337217bbbe7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4c5e1c54e154a746d0b238875721cc64 |
| SHA1 | 58bb7a2be2c1a060e72058dd859024a5bcee01af |
| SHA256 | bb9c0f92fe4a14c359dc043d2e5c0728b1631086e5c500718fa234555548109a |
| SHA512 | 9d95aa4aa6f96db2c5758410bf8ccbc94735dfe87e455fe0d6d44d2c7a1ea1d22de5042cf65507196df361782797a04c141be543ad2efe6b484de85046ced8b0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 508313cfcd1a17a7ace23d9fbabd9516 |
| SHA1 | 7d485189ed47c0681f30140e645a88cc2af653fa |
| SHA256 | 3ff10fa6b709191f02a89101a7670a56466dd2f6883ec8c3062ef833b2ccf02d |
| SHA512 | 5ad1effd77e7a85f6e39bc36eb6eb1a22a6c3fbe73cf07c2d04e612f6e8ce75cff10b32fd2fe21115e07d737fea50ffd95c207cda24dabcbcbd2157aa7d924e1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8cb3f2f09b24e0b1fa1e79d4d8cf1ba5 |
| SHA1 | 5aa2ae955a51298b96fb8cb895769137b0573e24 |
| SHA256 | 2bbe0fcd80300928ab9a0c087acd0887b7a05c1bb62c640f42f1077395c6d60f |
| SHA512 | e8e8a9ffd415fe977b840205e8795cf95cc12a31b7a98354857afd14fdbd0b56028c6d9eb67236e4a0402a65413ab4526f163e55d3ac804a84287d8683047fa2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2ea9bbbe67e3b7e896895cd709845c28 |
| SHA1 | 51edbaff4cecf28dc2c34f0331efab3affd8dea1 |
| SHA256 | 6a059f897176a0b5f830c6a7581224fd4d30244b4c5a08e4ce5f860f7cb50a7b |
| SHA512 | af9cde5b51e021366710ddd770a2524a746817c2f44cde9cdc7292abb73ce57509c3749c5de2ffdc70d44faeef8a56e374ffcb9cf920ef4a05fa9acf913fd580 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3533da97415648b0dc189ce7bc1585aa |
| SHA1 | 4dd7374b17fef71d302ec69cb583f0ac9ef39c49 |
| SHA256 | a25b286bc1887c6ab620fe350dbaff7dafdb017038eba1097b2ff5508ed75b3e |
| SHA512 | 5929b8157191850c5ce1d4a927d5178cbe2527c29165c9fdcd4658623f1a31f2956c034d1eb4da0d4dedaaf8a5576d3bfd60e8e1300fef5873a863114b9ce93c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c443860474506154b8257a28346ec6a2 |
| SHA1 | 7acace3da901c0ae685f464822814c2c1258a4f3 |
| SHA256 | cef4d5e90e4fda199d9030927098989b58ee08ccf4e1550dfb83e148c3844f96 |
| SHA512 | 6bdb526e55e377b116f7baff61c8ae5191a0f144f84b370d0430cbd868cc2f9c60674aa70ae9e00d189d72f61d674d03c49e7aee9ba85e74ffe54dc916f672c8 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-28 02:47
Reported
2024-10-28 02:49
Platform
win10v2004-20241007-en
Max time kernel
145s
Max time network
146s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\77482df200eff494d08ac8ed6ed52a21_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8129e46f8,0x7ff8129e4708,0x7ff8129e4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2004,18178065191773415290,4725062881727414123,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2032 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2004,18178065191773415290,4725062881727414123,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2516 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2004,18178065191773415290,4725062881727414123,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,18178065191773415290,4725062881727414123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,18178065191773415290,4725062881727414123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,18178065191773415290,4725062881727414123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,18178065191773415290,4725062881727414123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,18178065191773415290,4725062881727414123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,18178065191773415290,4725062881727414123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,18178065191773415290,4725062881727414123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,18178065191773415290,4725062881727414123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2004,18178065191773415290,4725062881727414123,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7188 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2004,18178065191773415290,4725062881727414123,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7188 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,18178065191773415290,4725062881727414123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,18178065191773415290,4725062881727414123,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,18178065191773415290,4725062881727414123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2976 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,18178065191773415290,4725062881727414123,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2004,18178065191773415290,4725062881727414123,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1256 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | w.sharethis.com | udp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | ads.egrana.com.br | udp |
| GB | 172.217.169.42:80 | fonts.googleapis.com | tcp |
| GB | 172.217.169.42:80 | fonts.googleapis.com | tcp |
| GB | 172.217.169.42:80 | fonts.googleapis.com | tcp |
| GB | 172.217.169.42:80 | fonts.googleapis.com | tcp |
| US | 151.101.130.137:80 | code.jquery.com | tcp |
| GB | 142.250.178.9:445 | www.blogger.com | tcp |
| NL | 18.239.83.106:80 | w.sharethis.com | tcp |
| NL | 18.239.83.106:443 | w.sharethis.com | tcp |
| GB | 142.250.187.227:80 | fonts.gstatic.com | tcp |
| US | 104.21.36.14:80 | ads.egrana.com.br | tcp |
| GB | 142.250.178.2:80 | pagead2.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.130.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.83.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.39.65.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.36.21.104.in-addr.arpa | udp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 8.8.8.8:53 | recent-post-techkgp.googlecode.com | udp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| NL | 172.217.218.82:80 | recent-post-techkgp.googlecode.com | tcp |
| US | 8.8.8.8:53 | www.mlkbolado.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.200.46:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | img1.blogblog.com | udp |
| GB | 142.250.178.9:80 | img1.blogblog.com | tcp |
| US | 8.8.8.8:53 | 2.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.218.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.179.139.118.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | community.secondlife.com | udp |
| BE | 18.239.208.116:80 | community.secondlife.com | tcp |
| BE | 18.239.208.116:443 | community.secondlife.com | tcp |
| US | 8.8.8.8:53 | crt.rootg2.amazontrust.com | udp |
| NL | 18.239.36.123:80 | crt.rootg2.amazontrust.com | tcp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| GB | 142.250.180.1:80 | 1.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | img2.blogblog.com | udp |
| GB | 142.250.178.9:80 | img2.blogblog.com | tcp |
| US | 8.8.8.8:53 | action.metaffiliation.com | udp |
| FR | 95.131.136.1:80 | action.metaffiliation.com | tcp |
| FR | 95.131.136.1:80 | action.metaffiliation.com | tcp |
| US | 8.8.8.8:53 | pr.prchecker.info | udp |
| US | 67.227.215.171:80 | pr.prchecker.info | tcp |
| US | 8.8.8.8:53 | 9.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.208.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.36.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.136.131.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 67.227.215.171:443 | pr.prchecker.info | tcp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | 171.215.227.67.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 104.21.36.14:80 | ads.egrana.com.br | tcp |
| US | 8.8.8.8:53 | ws.sharethis.com | udp |
| GB | 142.250.180.14:445 | www.google-analytics.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 8.8.8.8:53 | www.pictureshack.us | udp |
| US | 8.8.8.8:53 | l.sharethis.com | udp |
| RU | 62.152.54.35:80 | www.pictureshack.us | tcp |
| RU | 62.152.54.35:80 | www.pictureshack.us | tcp |
| RU | 62.152.54.35:80 | www.pictureshack.us | tcp |
| IE | 52.51.59.118:443 | l.sharethis.com | tcp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | count-server.sharethis.com | udp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.200.46:443 | apis.google.com | udp |
| GB | 142.250.187.194:443 | googleads.g.doubleclick.net | tcp |
| NL | 18.239.36.75:443 | count-server.sharethis.com | tcp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| GB | 216.58.212.238:80 | developers.google.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 173.194.69.84:443 | accounts.google.com | tcp |
| GB | 216.58.212.238:443 | developers.google.com | tcp |
| NL | 172.217.218.82:80 | recent-post-techkgp.googlecode.com | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 142.250.187.195:443 | ssl.gstatic.com | tcp |
| US | 8.8.8.8:53 | 35.54.152.62.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.59.51.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.36.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.69.194.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | widgets.amung.us | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 104.22.74.171:80 | widgets.amung.us | tcp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | t.dtscout.com | udp |
| US | 141.101.120.10:443 | t.dtscout.com | tcp |
| GB | 142.250.180.14:139 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | 195.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.120.101.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.74.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.163.245.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| GB | 163.70.151.21:445 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| GB | 163.70.151.21:139 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | whos.amung.us | udp |
| US | 104.22.74.171:445 | whos.amung.us | tcp |
| US | 104.22.75.171:445 | whos.amung.us | tcp |
| US | 172.67.8.141:445 | whos.amung.us | tcp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | whos.amung.us | udp |
| NL | 173.194.69.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | ep1.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | oi40.tinypic.com | udp |
| GB | 216.58.213.2:443 | ep1.adtrafficquality.google | tcp |
| US | 8.8.8.8:53 | www.mlkbolado.com | udp |
| US | 8.8.8.8:53 | ep2.adtrafficquality.google | udp |
| GB | 216.58.213.1:443 | ep2.adtrafficquality.google | tcp |
| GB | 216.58.213.1:443 | ep2.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | 2.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.187.250.142.in-addr.arpa | udp |
| GB | 216.58.213.2:443 | ep1.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
| NL | 173.194.69.84:443 | accounts.google.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 36988ca14952e1848e81a959880ea217 |
| SHA1 | a0482ef725657760502c2d1a5abe0bb37aebaadb |
| SHA256 | d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6 |
| SHA512 | d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173 |
\??\pipe\LOCAL\crashpad_4668_KLWMNDLSRXARZZUY
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | fab8d8d865e33fe195732aa7dcb91c30 |
| SHA1 | 2637e832f38acc70af3e511f5eba80fbd7461f2c |
| SHA256 | 1b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea |
| SHA512 | 39a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0f77a9d0666b5305f831ea6a0bd2d3ac |
| SHA1 | 3f9d9ea459be0dd01f29c22adfbde05ca4d56d5a |
| SHA256 | 33b42875f1e91e21ba6f764a797f38ea0e7f148b232acb31e32926aaacadc07f |
| SHA512 | 1274c8f1627974b60e24e022a3734155585eb4beb741896085884a58e8e369835ca54f1333888c0b18d61d0a5d95127586b460d1adabcbb3bfec3d64e960a1bc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | e11ae33ab222fbaffbbfc73ddd3f37fb |
| SHA1 | bddc10e0df0f1bca69639bc6224395088f6eafeb |
| SHA256 | 6427f669c7242eb2c070ecbc3b6445d0fbd333f238578b2f7d6dc75fe2223657 |
| SHA512 | 5070cbb2a00464494308bd338d07237c90b19676a6e5d7a673989ce7c686b0c60fa2280d8cd9a7b0680b7f4ab1d5d152f55872dde94b02940d3164f66ac7e1ca |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6925c4d294d5a2ab2fcfb4dc0cd1dd00 |
| SHA1 | d2789707986b8d1a846fce1c9b61b9e933560c85 |
| SHA256 | cdaa86a9125616b4b036c807beab8c674eac7b8d0318682d54d6de72f0241b99 |
| SHA512 | fe402c859cf349e634751da026879eb020bdd079a3deaa6fd01d6e6c38b4d1d7e867ef3ca9dc16b4419dafcc89a559ef29b7dd9cebfae30371c3c2c4acc2aaf4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e95ef2ff95a657f3f0e2adcae8834281 |
| SHA1 | ae1ff6ecabf7f5b378099119074dde9837d94149 |
| SHA256 | ebaf51a4c620c8c5c8219e50aadb74448b1cd9223c8c5780916a73329345bfe9 |
| SHA512 | e5fc77d56630dda849868f454456561ca0e910b8b1d86b3cd93156a7f4c5f2c33eab85b9357c92624ceb7c7ae12351bd5ae26715d6dbdd8295bf574cb5b0ac9a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 239d2dbbc9b6b9e212d64e891534ad23 |
| SHA1 | 8b465923e82722831b9868593b336f01f1ffdd0b |
| SHA256 | b247fb72d3a13c2e1bcf1844f8dcc1ed7c55d98da0e699505bba0510cdcef953 |
| SHA512 | b72ab94ff58b1ed42c246c64795950da7e0842809ca19422ab6e6d8a0dfbe84b25d1dbfaa9887bc914128370c920ac013507459e21a51c67d94f647c06016d80 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581cba.TMP
| MD5 | 977d3deafaef834a93071c9a86c57276 |
| SHA1 | afddeea2d9cf02cf9c0e175af0e05510fe7b2e10 |
| SHA256 | 7a0a0099c955e7e19f2ef8bfbc2459b5873585d47cc8c293da8d487d8a607315 |
| SHA512 | d57d54bcd7eb08376d4abf56fd7ca8b43b261a19c0cbc872cf30d014997eaf6528516b8b52db0c9fe35225613daad9be920b2d58e708ced82ccae673bc657a64 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 787c8032252a614a325a542c79125c07 |
| SHA1 | b3c98dee17a8c36f990f36813bf76189b3cfb5db |
| SHA256 | dd870f24710095304b7f5e8354544c53cc347df39dfc00026ab55bd7c12f61f7 |
| SHA512 | b05108f9184bfbe1aed93896560915503c909c683b878825a14c41bcd948fff6a03931c2ea03a80d89d3ff32bb8da8ceb37c6c9a044eb8c617f8af55a231dca3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | b6b5041e8880489d8f6ee23a67880793 |
| SHA1 | a946307af099257797655b58b1cb5a8b42a1d922 |
| SHA256 | e0a4d4fc918a8be9e3e9c75e36c083f1a98f24c47e5a7b20adbc66cd5f350585 |
| SHA512 | 6ddc53ba045576e37a76a14df8f41599477a63ac3a52cf2fd8f5f41e484565fbf52003a83447413ac9d46e4a12513488645f10450338750c83c73f74c54ddd23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b
| MD5 | 05197e9427acea2ac4dc812f97a8f078 |
| SHA1 | 3d2a38b79da52e57783360f195ac3e7c85edefd8 |
| SHA256 | 7bdfd36b4f017340dbc84a310014381bfd3028416ff21c54f7ce0a35cfd38191 |
| SHA512 | 084d4febc28358d3ba6b0bef400f637b7f350381b8b592b1e412dd860d5aaf034c03ecfa87a064cb19dd8a42faade23c260e35a8660791011b7e51b726418ead |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 4e3b13224ac8a7164f70164da17b2f0f |
| SHA1 | e2e4b655da106e4558520060df878a0c04df20d6 |
| SHA256 | c3aaf2f1f082ee7a8f86723ebe5d6fa1aa1e5ad894664b3bced60abf2f9c5f64 |
| SHA512 | f13ab121f0e6fc552884ba6263ee6d9d967ddd69e9ddddf66d1139b61d85e765b90aaf85d1ab17261b4c4188416fdde42ffcd8a435b780c0af0259f294bc4524 |