Analysis Overview
SHA256
dab1c6dd65c14c8c890a7a9e6baf3d540864eec70d4c96934c878511f63e0b5a
Threat Level: Known bad
The file 7b7c3e5e782e24d942715c9ce407057d_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
SocGholish
Socgholish family
Browser Information Discovery
System Location Discovery: System Language Discovery
Suspicious behavior: EnumeratesProcesses
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-29 02:19
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-29 02:19
Reported
2024-10-29 02:22
Platform
win7-20240903-en
Max time kernel
141s
Max time network
143s
Command Line
Signatures
SocGholish
Socgholish family
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000045c0dde48c11474f81d9a2c02be4ea2200000000020000000000106600000001000020000000a02b1cf9253db15ecfb9c8dd896438cfd8c87cbe0e67395361795bd93c8a67c6000000000e80000000020000200000007dda2cce3ed6c9338cc16d7169523a49c5cd5e95ce985cb1fea84da325873c6a20000000660c250734aeeaf3601c0c791b5141e100b2409f29a9d057a76d05caa86d386340000000e57111f36a7744da73ede305fdfa4e1580804b8780a4b8ee819f4057dc8f7f6148dff3d5df57ea75617438d0e0fd17ac0f1cbdb85118164931dc860edb26050b | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60aba913a929db01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3A0B0421-959C-11EF-BA16-7E918DD97D05} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000045c0dde48c11474f81d9a2c02be4ea2200000000020000000000106600000001000020000000ccc9bcdaf6c5dfd5d6bd77700c0d29c2cba9cd0f77132f2d1fd91d3ecc9d8119000000000e800000000200002000000067f58528b58ca58b53f7d0f297bb177878dbbfc2daf892f94bdcf1a1c09b60889000000040db3e1a73c54d481c82cf8ffb9c417b9d825eef43dac866e5f87feb405e331780ab30c5dc1f8331249de1e2d20b71b8cd6abc80dc97a48f01a0e07f7b25db4e8f63c7d3d11f94a8a057a5753ad488e2aa3d73d22798462ac3959454a0064b7897d1978b5003d637952783c12a759b914b5bc4deebf2d42aec54bcdacf52e2370ef6354a608b819fe9f9e1b06c95629f400000009b7beb6973c2570926545b45964894e29de7f0f1a1a50d6fc0409d697143909bfde0d9205c574fcf342dc49c7007c39e8f104dcd3dee90e8ce24007c66d74b2d | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "436330237" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2612 wrote to memory of 2084 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2612 wrote to memory of 2084 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2612 wrote to memory of 2084 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2612 wrote to memory of 2084 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7b7c3e5e782e24d942715c9ce407057d_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2612 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| GB | 142.250.178.9:443 | www.blogger.com | tcp |
| GB | 142.250.178.9:443 | www.blogger.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.180.3:80 | c.pki.goog | tcp |
| GB | 142.250.180.3:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| GB | 142.250.180.3:80 | o.pki.goog | tcp |
| GB | 142.250.180.3:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.200.46:443 | apis.google.com | tcp |
| GB | 142.250.200.46:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | w.sharethis.com | udp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| NL | 18.239.83.44:80 | w.sharethis.com | tcp |
| NL | 18.239.83.44:80 | w.sharethis.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| NL | 18.239.83.44:443 | w.sharethis.com | tcp |
| NL | 18.239.83.44:443 | w.sharethis.com | tcp |
| NL | 18.239.83.44:443 | w.sharethis.com | tcp |
| NL | 18.239.83.44:443 | w.sharethis.com | tcp |
| US | 8.8.8.8:53 | themes.googleusercontent.com | udp |
| US | 8.8.8.8:53 | www.blogblog.com | udp |
| GB | 142.250.200.1:80 | themes.googleusercontent.com | tcp |
| GB | 142.250.200.1:80 | themes.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | feedjit.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| GB | 142.250.178.9:80 | www.blogblog.com | tcp |
| US | 8.8.8.8:53 | s47.sitemeter.com | udp |
| GB | 142.250.178.9:80 | www.blogblog.com | tcp |
| US | 8.8.8.8:53 | greenlava-code.googlecode.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| GB | 142.250.187.202:80 | ajax.googleapis.com | tcp |
| GB | 142.250.187.202:80 | ajax.googleapis.com | tcp |
| GB | 142.250.180.1:443 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:443 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.200.1:443 | themes.googleusercontent.com | tcp |
| NL | 172.217.218.82:80 | greenlava-code.googlecode.com | tcp |
| NL | 172.217.218.82:80 | greenlava-code.googlecode.com | tcp |
| GB | 142.250.180.3:80 | o.pki.goog | tcp |
| NL | 18.239.83.44:443 | w.sharethis.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| NL | 18.239.83.44:443 | w.sharethis.com | tcp |
| NL | 18.239.83.44:443 | w.sharethis.com | tcp |
| NL | 18.239.83.44:443 | w.sharethis.com | tcp |
| US | 8.8.8.8:53 | crl.microsoft.com | udp |
| GB | 2.18.190.80:80 | crl.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\CabDE7E.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarDE81.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 06f67a651fce9d8a2d54cdc5a97c619b |
| SHA1 | ff748f84851da67ad926d4b7fc661b6f9f17dfea |
| SHA256 | f738516dc2ccfb896fc4455a932c84fabb1d5bd1d0feedd6f291a0e9ff00adb0 |
| SHA512 | 31419651ab24aa137b137ea3aa4ee3ea2acb7af82867be04f4def1367bd5a680a183140a42d61b8b65f3dae24f7796f20979116d2a140202fa048ef6a4403f0d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e18670062294a51d4ed165c154488623 |
| SHA1 | e33549f6e45c659a81c0a217add19cc0829f8b88 |
| SHA256 | 09f406346900d3863596befa131c542f7f6b5bba39bfacf3487081330dfd3f40 |
| SHA512 | f09be1f31a8666b8f53d9eb71065b4254bcf6ae311c14dd3b478f34619dcbdc1b1f128b0e8fcdeb76b4fc55ab1dd847f541b821b481d08563a6e8da78084b8f5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f78405698d162a1ab72bce1394085b84 |
| SHA1 | c1d8572a7600a1859af9635f2ce419657ab9dbd2 |
| SHA256 | 6985fb62aed0cf16d7e6d955fc38cf4cffc599dfc44d3bc11445fdba30e82f1c |
| SHA512 | 77496370344f178a6352d520a9122b32c2682becad69a8f4966b26dd497deda7d9f654fad872c9240a4914611211c08e7e520952c13814acc5e09c2489deef71 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6291f76eef3f6fe955a460eb2e45ca6d |
| SHA1 | c890d707aa576d35ecedfa8d98fe5c66cbabcce0 |
| SHA256 | 0e039e22c912b9158af96723410b6cdb0592be3d4857afaefc83ace9e0e497a7 |
| SHA512 | 62fdcb1a6bcb9c5330603a5d86a093da6019176585c9f4b98b4f406421f7f97b0bfbd3728ae72f89933f30e0a4b91316569580ddade497697238989a339ea94f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 079c7ac98d63a28394b6aafa3e2ea326 |
| SHA1 | ac257f0d62b09652959af7ad4b1ace5b7140a434 |
| SHA256 | a7c9777d1725135b3cb7d2f611b0005c17d50c002c13772c1b11cd990bfb4982 |
| SHA512 | f76958414531319b4d4fa3357a518dcefede6e552ec659b364b395b8795bba2cbb0d4c45b986048ea05b639bd15937afa72f3b12f5899bdf660f09c0e403bfde |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a6286a8fdf50a62fbec8035edd0837eb |
| SHA1 | f50ba1cee32a0c0873367a00442cc35de79caadc |
| SHA256 | 931b945c8b3fa9276a4b3425a8d754affca99e893d237825b5564837898b10c4 |
| SHA512 | dca7a3145fd244af0e26accb543161525acb7656e789b56d5e4bf42a3ab4e6860588a26f8ce7092bb1aacd06d5243994926cb8d3dcd1110b4d7d4663a093eef1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 18d17397306b33013e321113c9be0456 |
| SHA1 | 7266e1749287bb5555466c5aa82a5bb39bbbe81c |
| SHA256 | 8ffeec7d27c44e2c09e96afb6fb6dfd1e35e9dd16c8ae57c875823fc8263d6cc |
| SHA512 | 11ee2a72288d37db6b5ca7e656468e765ad4b75b0bd422acd73f5d87c91c75befad6d1b4a829b1ba9c1ee2561ba70058e1c034fea7e1589d5cafede338626a29 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e85e3da270c88136aaca124109c668bc |
| SHA1 | d703cb09d9bf21d5f819eb85e62d79e74fb5c776 |
| SHA256 | c8a2a04ab0ff6285a1b7ebf0dbf6c68698956ba7c31c87f8e3fdb9d1ab4c04f5 |
| SHA512 | 526ca162d1aa0d8abdae35c3946a40e6aa8c33b0095ccb608baca655649df2fa73897479bd815b880ca614870af09d4ff0c8fcd4ec9c65cfddc652be65a72f18 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cc1c9308fdaee75879456462c107dc67 |
| SHA1 | b6a08146d97845a6f7d9b70f488494966364fc04 |
| SHA256 | b5b19b848ef6af2f4ace5b027629c890fdf83bda79e0bd0c49b6a2db6023d37e |
| SHA512 | 30e4aea08c169216eea22a7fd31e1d487960fdb2a062170332020dc31dc9b6ee41cb853ff322bd4932b29b1b5eea70046b1ab67e575a6d5438a2e82e6f6c0896 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c72161e5260d6ae7a1f7529c05150bb0 |
| SHA1 | df5ebbd4b54e51aadebaf250a06f59cced304d27 |
| SHA256 | 6e551929af0d8cfda2aab959f41a9066b6395e9795907d85793b59df72874fe3 |
| SHA512 | 884e4d755a379b78b63444bafec89cd9a1af066ce4d7d2e579f1fa3d7c3317dc0047cecf3ec710ab91a26f3a203bccf45068e186bccec512a23cb9c0144be047 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6e6f5927c1baaac9047b02c1b7d38e99 |
| SHA1 | 3ac6c49ff923ef177619ebe6bcdf53cbd1cfdb6d |
| SHA256 | 7e2096975f0bbc85fa841089db0476426e0462fbe57a96067cf9b8bb3ddf584f |
| SHA512 | f492f5c2335299d28eccb966c9e0a61dd6ca161ad2c00ab41664c8c233b3ab2fe5bc925d9f27e98f08c56a3331acbbecaa429093157d53e9bf37698f5ce193a4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 9083079132c8f82239f314dbeedda1f9 |
| SHA1 | 3db7ae6139a4f7372e416c85a8762a34024d87d6 |
| SHA256 | 95faa0e575fa8413b691a0dfc7ea218ea0e47e369ee81f873ba458538bbe9626 |
| SHA512 | de8b87d00c26dd735f6bcdc1d1b6c0d3488910d3bc7aacf119c77d81434f294216c8e6785839aea3a157afc83b730c1524c5c02151df5ba23650a1fa8b210f94 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7aae37ade2de69cee5f264decf3e63ec |
| SHA1 | bd352246c16bacaf501037bfbe116d1cd447150d |
| SHA256 | 2f25f6ce922178134afc591037b59ace1b251d65201ae879b429f46b3cde05b4 |
| SHA512 | 3e5f4b28e8df5760de25f2adcccfd98ea1f4e0b239706aa3d124c8fcbf4b941ae30829d09048277e7d098ab42d177d52532f7b89a25743747384e4f3c1bd6b63 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9cc01c1738676b78c4171205a892be5d |
| SHA1 | 210a02e371a193cc1d75019c702b0e2281212faa |
| SHA256 | a272905422f34d84d4974d4e9b339920a344e7328c8d572c1c04afa4ab23e8b7 |
| SHA512 | 0c7a005e573a331a5cb3a8ae2b1a3b90bb528f93780dfb85bb3c9b2ede08640f68c9240ac611abddec461638110bc144d6659b8a95bbfdaba6bf3b9e334ec1be |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3f7bc88db5f8869c8658a14394a8814a |
| SHA1 | d5878287c13f0d9b9b2a80f99f9baa0dea343766 |
| SHA256 | 29d2a064f22fb130b3cff6184ce4f0c9fa06df6a92f74e1404363c6dcac3f38d |
| SHA512 | b5ea5a4df37e6cf85c448339544900b268c7056cfb0bb20d66f4e7900d01f117c417201f7b463eb5e51d03a0c2d5c9340d17d436cee9e1368ac6e0d3f99cf979 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0d206fcefba93d4dabb3da0a255c3cf7 |
| SHA1 | 53a0efe85ab0709dff4bd49d66cdc045f958dc93 |
| SHA256 | fe9cc15c5c3c5b757352aacae49ed601a218129419397ba643350153374f4a98 |
| SHA512 | 0ecbe7f0d4616196fa9b9a3e00144a40a6a3562a00c2c12d03ab0fc716034fcd440a4276ca273bbb769ab75419b23ac15b56af206ed429834a6a6c7f802f66f2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 31a5983c4fbb100c6f6ffc32ae630f7b |
| SHA1 | 52e7c9e32fa4aa87280d5631a17e1303385f80d2 |
| SHA256 | c5cae06fd279aa6788f66b11f72bf84512e4470361a6228d6eed443fe00c0bdb |
| SHA512 | b802d710df3006928e22ad975bf69a6b8627ab80483c4dd55d268ceed58079203e39d39f765d5c6f9f3e57d0ed2c6157e8ac426b1f8516afa852625c1c5c6c89 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | b37710edda014aaeddb2827a3baf0947 |
| SHA1 | e795862afe7fed2b013bb4303fafad15a7b421c7 |
| SHA256 | 53369dccd9ff673d544d3cbec93ac0ed978eb03649cada0d127125b04b19a51d |
| SHA512 | f555d6ccfc2ae97d24bd10eb47cf1affe975c08ef2c1169d45b5499131145d07b19d50825389b5aa2568ff03c29e264e345070c5c6fe175600b96deb2f00ce88 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cccc7ff87847bef83955940e960493ed |
| SHA1 | 3289596a61e8780b156cce4be7ab0256e0df4126 |
| SHA256 | 72a2a89f63344d1b8ba78bcde6c77daee1359f2eadf9681204a80bb2219cf3f7 |
| SHA512 | bea61bf7f3a3c0167de900ae9bc4513cc3cc8a972e2cff680f7228fb29155a564a63f87907dc00393329e04a48534e6307ecd8c0ec6c80e589a2206d7083785a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9fdae6bdd418332303a51580f3ce2503 |
| SHA1 | 90d1d6a39363b20cac063829b281721edec728d7 |
| SHA256 | 4f683a79cdedcb652af59bee1f4bc839bb4c080e17980d58a52624490a25e42a |
| SHA512 | cb8c9ab9c129e937f973eb32b0b942cb46db520b5dd8c49ef846e9f99339185661466ac0023c8308c58d2c13c632246f1d78e5afe450e48b8a3a21ce3ad6c3b6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 56856856502d895dfcb9790adc0182c5 |
| SHA1 | 01d90fb8fee20e82f26915b71a225e490fc90edd |
| SHA256 | 86687b3ea4c615f131e067cb0d88681356f487d9622f86256a748fed138e263c |
| SHA512 | 0086a173c8b9ffbe3dc541e40f1ce18fa97fe317885568b7c210be1bf94d70fff4f12fe48ce4baf4920aeeb45a1fa48c3e95dfac994aaac648ef5f7b68ca95d0 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-29 02:19
Reported
2024-10-29 02:22
Platform
win10v2004-20241007-en
Max time kernel
146s
Max time network
146s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\7b7c3e5e782e24d942715c9ce407057d_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffe9e246f8,0x7fffe9e24708,0x7fffe9e24718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,15595913393763932341,16285563790804835377,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,15595913393763932341,16285563790804835377,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2176,15595913393763932341,16285563790804835377,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2644 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,15595913393763932341,16285563790804835377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,15595913393763932341,16285563790804835377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,15595913393763932341,16285563790804835377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,15595913393763932341,16285563790804835377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3864 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,15595913393763932341,16285563790804835377,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6000 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,15595913393763932341,16285563790804835377,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6000 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,15595913393763932341,16285563790804835377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,15595913393763932341,16285563790804835377,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,15595913393763932341,16285563790804835377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,15595913393763932341,16285563790804835377,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,15595913393763932341,16285563790804835377,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4896 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | w.sharethis.com | udp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| NL | 18.239.83.50:80 | w.sharethis.com | tcp |
| GB | 142.250.200.46:443 | apis.google.com | tcp |
| GB | 142.250.180.1:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.180.1:443 | 1.bp.blogspot.com | tcp |
| GB | 142.250.180.1:443 | 1.bp.blogspot.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.180.1:80 | 1.bp.blogspot.com | tcp |
| NL | 18.239.83.50:443 | w.sharethis.com | tcp |
| US | 8.8.8.8:53 | feedjit.com | udp |
| US | 8.8.8.8:53 | s47.sitemeter.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | greenlava-code.googlecode.com | udp |
| GB | 142.250.178.9:443 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.178.10:80 | ajax.googleapis.com | tcp |
| US | 8.8.8.8:53 | themes.googleusercontent.com | udp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| GB | 142.250.200.46:443 | apis.google.com | udp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| NL | 172.217.218.82:80 | greenlava-code.googlecode.com | tcp |
| GB | 142.250.200.1:80 | themes.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | www.blogblog.com | udp |
| GB | 142.250.200.34:445 | pagead2.googlesyndication.com | tcp |
| GB | 142.250.200.1:443 | themes.googleusercontent.com | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.178.9:80 | www.blogblog.com | tcp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.83.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.179.139.118.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.218.217.172.in-addr.arpa | udp |
| GB | 142.250.178.9:443 | www.blogblog.com | udp |
| US | 8.8.8.8:53 | l.sharethis.com | udp |
| US | 8.8.8.8:53 | ws.sharethis.com | udp |
| IE | 54.217.38.107:443 | l.sharethis.com | tcp |
| NL | 172.217.218.82:80 | greenlava-code.googlecode.com | tcp |
| US | 8.8.8.8:53 | 15.39.65.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.38.217.54.in-addr.arpa | udp |
| GB | 142.250.200.34:139 | pagead2.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.28.10:443 | g.bing.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| GB | 142.250.187.227:445 | fonts.gstatic.com | tcp |
| GB | 142.250.180.3:139 | fonts.gstatic.com | tcp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.42.69.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | lh4.googleusercontent.com | udp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| US | 8.8.8.8:53 | lh6.googleusercontent.com | udp |
| US | 8.8.8.8:53 | lh5.googleusercontent.com | udp |
| US | 8.8.8.8:53 | thankq4commonsense.blogspot.com | udp |
| GB | 142.250.200.1:443 | lh5.googleusercontent.com | udp |
| GB | 142.250.200.1:443 | lh5.googleusercontent.com | udp |
| GB | 142.250.200.1:443 | lh5.googleusercontent.com | udp |
| GB | 172.217.16.225:80 | thankq4commonsense.blogspot.com | tcp |
| GB | 142.250.200.1:443 | lh5.googleusercontent.com | udp |
| US | 8.8.8.8:53 | 225.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 37f660dd4b6ddf23bc37f5c823d1c33a |
| SHA1 | 1c35538aa307a3e09d15519df6ace99674ae428b |
| SHA256 | 4e2510a1d5a50a94fe4ce0f74932ab780758a8cbdc6d176a9ce8ab92309f26f8 |
| SHA512 | 807b8b8dc9109b6f78fc63655450bf12b9a006ff63e8f29ade8899d45fdf4a6c068c5c46a3efbc4232b9e1e35d6494f00ded5cdb3e235c8a25023bfbd823992d |
\??\pipe\LOCAL\crashpad_4008_CZVOHANARSWIWNCO
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | d7cb450b1315c63b1d5d89d98ba22da5 |
| SHA1 | 694005cd9e1a4c54e0b83d0598a8a0c089df1556 |
| SHA256 | 38355fd694faf1223518e40bac1996bdceaf44191214b0a23c4334d5fb07d031 |
| SHA512 | df04d4f4b77bae447a940b28aeac345b21b299d8d26e28ecbb3c1c9e9a0e07c551e412d545c7dbb147a92c12bad7ae49ac35af021c34b88e2c6c5f7a0b65f6a8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e372234f6fe6f9437f298119f048fa6b |
| SHA1 | b691b6966aa7a53bf96cbdaabc1b919f14b5735f |
| SHA256 | 5f1c60f3526fc066a849cd08a3cd72216914ef12e45fe3dcde4c3eb946e3c917 |
| SHA512 | b56a4c3de12117871f52dfafbe33d946c71cd4f557a18000dd93a0ee2a967dafcb75950d257de7f94c3d24c0429a27af39d4354bd8d04e950f69ed24ed903409 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | d7b3362435ded96959da8358aec94a55 |
| SHA1 | b4b37790158b29162f97bfe86651df103a56db7a |
| SHA256 | 2d3cb9e9182de40d63e2260d1186f85d10dd187969afe7863ad6925e07685bcd |
| SHA512 | 0b18e1b92cca5f7c978e9117bef021e09a2a4f8b42515ab0017e857cb0d0a86ff6146e87cd38a2f83850526d39791bcaaa56c3c2012210f3d6e771d3fe10679f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2b3199681bd53b68df299506b77c946a |
| SHA1 | 44a9980023c8809a81a2543274b43f2340057b70 |
| SHA256 | 3bb9847cd35d406024847a74b625ee658410de2d66066aff1bd22cfd61379b8b |
| SHA512 | c753416b12902bbd33c8de425465db6bd065dff4753dfadf6b7795b10378ae0fecdc509f2a1576c8f709d86e569a7e919d6b0382348de8fb4602a3ffe25453b5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 8d88d1d673026b2ef70f13bee1b4fa8b |
| SHA1 | fa6a487b2f9cb7b2cd6071ff852c90f336bd2b9b |
| SHA256 | fc666f17280fc1db352120d4fcbbddbba2bcf2224fa96ff1867e991023673d9a |
| SHA512 | 212be2da91f03b220da6e3d69d5b85349b11ed4c4f757f609a43d41a733abe090ba52ead187731dc101d78a7aefcfeba0afd3161c2cdb766610bfd27ec9c8fae |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e80699ea19ebfa8bd4c8de0808a67678 |
| SHA1 | ce6a2f7f9560fc7794cd7d6b81dbb558423f3d10 |
| SHA256 | cf9c9d9eade175713aa15d74c5a4617968dfbbc7311925cf6510d541fb63b02c |
| SHA512 | 7b17e67cf76ecbd078c9768823a462fe46677189c4ed16cd5a3523f867cf50ee84bad683859b8606e3f0fd3b2f5e09d38df8a79b1533697bcc3c8c46db06f56e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 98edd2b6c0c4ebf14f4bcb4933af6020 |
| SHA1 | 3d511b8122cbb4ff283240b63ffa02a123866102 |
| SHA256 | 22db913ccc8c99a063360dbf715a27551038dc44dc45a1b0c2c72ed189db8af5 |
| SHA512 | 6bf3d42d4bc9f1ccc1be015a134247ae0aa38924323c3878cfd9dfc84594fe2d8533aad99d2facda56a73b0239930eefea122c109873de43b45c0bae0dc11b3c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 81105c23455ed86982ff027685e7123b |
| SHA1 | 7ba655852ecc263734694a9437210237b5aa4482 |
| SHA256 | fb2d03f7485b8407a040a97268e9cd5adb7042fa536961a2c0fe08fab10ece70 |
| SHA512 | bc821f62f177136ca035915673a52383e47e5bcc2ce80e0a28a4982b2bcac7d9081249282768d0e54b782235b2b173733e50e103de7a5e61e232c28a8f956b43 |