Analysis Overview
SHA256
0edf06bf7121774f0cd0c835bfe7be1915797b7fd7235be97f332501666a6c91
Threat Level: Known bad
The file 7c33ebeabbec9081f245d83ab438edc4_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
SocGholish
Socgholish family
Browser Information Discovery
System Location Discovery: System Language Discovery
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-29 16:47
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-29 16:47
Reported
2024-10-29 16:50
Platform
win7-20240708-en
Max time kernel
142s
Max time network
149s
Command Line
Signatures
SocGholish
Socgholish family
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009c72d58b0999ab4c8d69c48fface94ab00000000020000000000106600000001000020000000920f7c67be878a9fae086a3a904c656bdcb125f1f2a2c6470d36a8794f9f5552000000000e8000000002000020000000b7482ab625a487aefb1b1394037b5852b2133e068da5f58662cd11a473eae74d200000008050805bc766fe7e86f1c737c1efbc099f40cd15c3737019c6c194f6abe627de400000004fd6bd929ce3bebf2eff6093d408e626fcac9aca54bd7a3b036e657db1b29ddc01e73f6987a837b57d71d2a689e64c3e26683a4c2f08e8ee591621adff89b97e | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{88C99A81-9615-11EF-80BD-DAEE53C76889} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c0a76360222adb01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009c72d58b0999ab4c8d69c48fface94ab00000000020000000000106600000001000020000000b9be57a67f4375f96edcbab51352292395416d59c83b25397fb609231250e7fa000000000e8000000002000020000000ccb45fd9076c7a9b12f6706823902f226c0b54e46b50b7165794e314b4d3aadc90000000fd6662e880afc9e611ce6ff78bac78de83b5b44f6262a49ca0cf7c079edce67a8ecaddf5dbbb1a46891e7c981abe37634bac3925b62e723a937ada850bebfc734e090fd73ecb6f0d3b69fe7b20ce9cd200b2ece69eea8644eb0f8360d67c88ac7a900cb277fe3f2d11d0bbb4d23abd30f25641aa93946c03d7b162d3049d4bc7e164c4a3c117ea77a1532ad3a16bcaa2400000009d4838f8aa5a25098774a6baaa908ab7c3cecd316a30788ebad4ffaa97bc755e1606cef5bd536545d051a2ca04e5c373b4269afe33e086439831da4197c4fdeb | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "436382338" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2184 wrote to memory of 2080 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2184 wrote to memory of 2080 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2184 wrote to memory of 2080 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2184 wrote to memory of 2080 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7c33ebeabbec9081f245d83ab438edc4_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2184 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| GB | 142.250.178.9:443 | www.blogger.com | tcp |
| GB | 142.250.178.9:443 | www.blogger.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.180.3:80 | c.pki.goog | tcp |
| GB | 142.250.187.195:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| GB | 142.250.180.3:80 | o.pki.goog | tcp |
| GB | 142.250.180.3:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | bit.ly | udp |
| US | 8.8.8.8:53 | blogger-plugins.googlecode.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| US | 8.8.8.8:53 | img2.blogblog.com | udp |
| US | 8.8.8.8:53 | img1.blogblog.com | udp |
| GB | 142.250.200.46:443 | apis.google.com | tcp |
| GB | 142.250.200.42:80 | ajax.googleapis.com | tcp |
| GB | 142.250.200.42:80 | ajax.googleapis.com | tcp |
| GB | 142.250.200.46:443 | apis.google.com | tcp |
| US | 67.199.248.11:80 | bit.ly | tcp |
| US | 67.199.248.11:80 | bit.ly | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.178.9:443 | img1.blogblog.com | tcp |
| GB | 142.250.178.9:443 | img1.blogblog.com | tcp |
| NL | 172.217.218.82:80 | blogger-plugins.googlecode.com | tcp |
| NL | 172.217.218.82:80 | blogger-plugins.googlecode.com | tcp |
| GB | 142.250.178.9:443 | img1.blogblog.com | tcp |
| GB | 142.250.178.9:443 | img1.blogblog.com | tcp |
| GB | 142.250.178.9:443 | img1.blogblog.com | tcp |
| GB | 142.250.178.9:443 | img1.blogblog.com | tcp |
| GB | 142.250.178.9:443 | img1.blogblog.com | tcp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 157.240.221.35:80 | www.facebook.com | tcp |
| GB | 157.240.221.35:80 | www.facebook.com | tcp |
| GB | 157.240.221.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | crl.microsoft.com | udp |
| GB | 2.18.190.80:80 | crl.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 184.25.193.234:80 | www.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\CabAD03.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarADA2.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0fd64e39d0bb714589457025244c7e1c |
| SHA1 | c2d926a8c0c7ace83d870c29b5440b4225a0c9ad |
| SHA256 | b8b81031b246cbf4e724a33a89428a74bf2e245a5e870946f2b675d6192d7413 |
| SHA512 | 326879e1f72221369859c253c16ecf0c5ca0f7017021c10e82f17be492c99fa08d8a3063629ba62605726668471ce63a6f8447ea00a6394246a7a7c628d7c797 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e524828d4d6c11f7c4187741715597a6 |
| SHA1 | e972a87179ba0e6640c4ed6fb922bbb26280effa |
| SHA256 | 12e41319bcc145bac03a1844f63ae6fd3e417b73e6c349c7e8a91c3972cdfae4 |
| SHA512 | b827800089df56fc1d6a612cbae5bcbad8b9c09dbabe0ca17ccba0a47ac03c061170780b5ccced94cd2c4f77f23cf63b22a3242d885b3c0a36d9ca127b1a8ab6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 727c45ff9e40a301ecc01c85b44826ef |
| SHA1 | e91c85342d1b2dec13f97952d7a2edd379caf0ab |
| SHA256 | 3474636d4631a99ba92fd22f37f2e8aef949c0e1d6ca0f69d7df7d2ac26e2bfb |
| SHA512 | f9a444f07c4ef4865ed4108165f16adc1ff77d6e099d76170d8ce9ac963d90875319a60e0237890efad8e59a5f72cbd0b4409fc4ddfb8a91165f8dc346016685 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bb7f4f640fdcdfe1261a6ee4373e3857 |
| SHA1 | 1d7f1100424ee2ec5c33708dfc53d457745573a5 |
| SHA256 | 8613b409d682b1e0f007b51daadf5f7897aae1148a01eae0599b7011ed68bb73 |
| SHA512 | ebf441ba72fa51517036739fffc4ee22b7b183f7c2b840a9d1e9fa5c537073ef14e5f4d1a809559186ff507dbc6ad9b87a884406f176f56c1a503a75152eaecc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1f94fb40de678eb957c18ff62d9f0f25 |
| SHA1 | 23801116eddedcebef365330335b3ab78bd09675 |
| SHA256 | 43c9c659e695781af71768156d373d9fcbfcd21aaacc2074d489361e3c6f677a |
| SHA512 | 4f278cdc2536c2ba166c8187c73f68f7ebdf9053aa6e92514dfc7d06a1b133ef070626ad2bf181dbc68435e0b793c779c738479286a5a613658587c47e12a260 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 99c8d81f1d81f2d21373ed4692324596 |
| SHA1 | 42a2b40a7c0b64eda828608d943640174f1b3a3d |
| SHA256 | e808560e65afb7cbe625481505161563e1833dee7c2749bc1f11c5eaafccbd27 |
| SHA512 | c08d4fb8dab73835603dee128698978f2e0da4171072cd7deadbc9a051beab7ad56e5956a16f80bbc16cd1c75d9380bcb4475f1c6598f6d1a517897f21e3b604 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5a63af406ef4140d1327e238e212e4e6 |
| SHA1 | eaae50fdbdb1864ed02b2e9e2911b45790947d32 |
| SHA256 | f2a8c677de7391c01cc0b9fb60920a412c947545c9c8365029de923c601fade5 |
| SHA512 | 3db1f2a5f6d942092ea34e0c95e2b0ce17d5ae335c754228580af8825bcbd3b1e1d31e4cf9822b76cde743c26745571463a2da1f549af94d4919c46fb3a8db03 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | caf1a906ceb2545b4bf8d440b16855b3 |
| SHA1 | 7f5a25f0de2c0a75e09d01d48dc3cfc646080f44 |
| SHA256 | 9cd3b9fd062b679e756d170e2659e96fda85a94cc18c27da46b5c1c18c3f25f5 |
| SHA512 | 3cde47756b352e2359d93b138e4e40ed08320c4b5d360d3a99dd64c8d0895ef3b5f428fdf881357658a4f1d27bfb3833a7540b400fee7a3fa37376307bc66479 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7c3954909789baef050e1285d1b07669 |
| SHA1 | c41da26818f0ce48b61d0203e7de525c9c3ff0b8 |
| SHA256 | f661d27bc692ca91afce3b406febc0851ef4ec42c23fc3e2a55b88f060d8aa8f |
| SHA512 | 10773bd2e80ac59462876a931726ac82ee94b21193e5c5982e3007095626e87331c818d920e150b72782ce0013f8415bec62f4eab489703c550c3ad544b1ad7d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 56867820bbb9f6138651b1999dc66c2d |
| SHA1 | 764cbb2cdd9d90cdaf7869f9a25b9d15d0b136dd |
| SHA256 | 7910b5cc4ce3cdf396f8474af3b1c626b992efcc8da540a5617dfb45cb3c4008 |
| SHA512 | 8dfab8f52f8372e93a199b619a13d5474f97b89177c2b8670e2e51ef7ac3f4e34810a50ac455e018bc6f301c5d28bf16da8a3e9cee27088dbc38bda3e9421c32 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d4a83b0cac01845bebdace9e96c9be20 |
| SHA1 | 6a5b6cccd3cc9e33b1d426310861cfe4f67e1ec4 |
| SHA256 | 1f9ddd2e7398b957e03e95c78863b4c69aeb352540f12390aca4061b74c293b7 |
| SHA512 | 556ee2d803b6ada252d0f13c3dcce57d0335b01c42995315c0ae1bc8ac2a7c4e7e3cef8f08ddc5fd02c87b16387598a0b1d8f2e120f1553e7c8827367d768256 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 21d620f944c8fcd17640e6d5c1022cae |
| SHA1 | a3e77c0bb51db6fb2d0044c03780af2f3fc0ee5a |
| SHA256 | bb99d2b146fd65db0c964382661cca83ce5254de71b7c06b78d894ff08fae88a |
| SHA512 | b03b93a1cb61e32dc9bcdb25ee3dda33849767c1b7a023477724516c5306218282c145c99c6fb69cc87ddef8c082393b82c34753931bbdf403df5774b1227bff |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 57a522dcad32e99b9da016561b0abe81 |
| SHA1 | 17d4112671bb0398abaa91fefcd6793d2bb7ed98 |
| SHA256 | d6956d91ecd5977d39db53f7ee35757180fda22064c37ddc5d42804ac76faba5 |
| SHA512 | ad6fb5971edba7818d4b0328ce5ed62b191e318d4978367a29ff287a3db48592ed717dd63505a557e79afe097ffbae58eaddedb05df5c31d11833c075cf6be0d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 4b93d78034113cd04884a8a2513f6941 |
| SHA1 | 86cdcfda55ef4e0eeafa7b186aac054b3d4d7471 |
| SHA256 | 9fa94bf4ae65abbedffbd992a36c25a580a31e3d08bc90247fbc6204d8a0ab8b |
| SHA512 | 271ef539fc710a64418f2b64964f0ea3e46a1a755d91fd6bd6ed499e51082ff812f08f402f6575f76c80380f9775554cbaca7fdb9496d582877eaee9d355a545 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e1ca5d19139aa6994f7febf81b383471 |
| SHA1 | dfedb5bb4e4548c72a2c9472a5172defee5f9f2a |
| SHA256 | ff5983fd145b50f6d62efc79c25cef455dd7c1d261b9b4f65a1630a1d08b4d0b |
| SHA512 | c3f31c0b0eedf331580630e4613508b9dff29c716c510977cf1a8f23266c1e5c52734a67f50ad2d739e7c50a6693a498822f8eacbdf60b8d2f96f3eec59e9946 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c55298a0de9734c566313bd99a3f27ac |
| SHA1 | aed4182f49f6dbb031703dcea5ad9b998ed67cfc |
| SHA256 | af3199cae5c57c93b6676920bebdf3e0970ce2b1ec3eedd86af967790cc8c7ad |
| SHA512 | 9d431e942ce94d88fd6a312717e81deb34f2c77a451633f9bf5d10c5a4e8e21a4c2c7d54d489bc82da5b43d8ce4b0583d395a40833ae3bf0c294a91cbf37569b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | db4a40ae4717cb831828d033238a274a |
| SHA1 | 256b0f6a366ec0997898b28b6f472bd74d1a30d0 |
| SHA256 | 9366b54dbed751577358c118468c585342106ca709d91c59fa27e290138829bd |
| SHA512 | 54e17501fa78e3d9a5e0b2087b1042b652f16012b230d43fa72fcfb5ecd9faa163129b62a7e2071998c3412921f766bd77c0d030c1afc86d62ee1f993fed79f5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 453a854ef6bda886be1bd0ba867c9e0b |
| SHA1 | 51bdcd7d3837db4fb1bc3f0756138f11a6f1f2e6 |
| SHA256 | 019f29babe7f695d295f4cd04752a7cd5bbcc94a5525004b9521dc88fc1802d2 |
| SHA512 | 429185f033cd91c0d966519b2777b6b5980c7445bd8da8bb1b2ed3ab770658814d194f537284924cb81b15026b2e1d6cbfa18e5f23a8e58aa3725073d0aee5a0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | a4d7c82360d7e9a4dad37d208ad5cd9a |
| SHA1 | a75d609a8abfbfd1c52bd3397349193de81b657c |
| SHA256 | fb66479633c854acaaab77f5f2957028c990bf5ac8e70e64a46e243d8d34b0c9 |
| SHA512 | 7b6b3cf49f42c6a7b112fcb26d1070915f169f67c6d37e7ba35b57c302438b3c81e3e4fe1711fd0351be7a2e140227615e68133b16985b5a34b746df63cc9c2e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 021faca7f3619a4f57675d47c46c701f |
| SHA1 | 36294786e33c4b8fb62e4278a8682c145c91b31b |
| SHA256 | f4da9e0849bc31bc9548eb40df58fc03cdbf8c202d93096dcdbd64ad5276d322 |
| SHA512 | 4bd47ed6040fd98f4f920a6f581b1bea342eff1abe857042768d02845235198f763013afd7afc0d868e038fb1ce259594cc33fc66167fe4e59a8f9945dc35875 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d2ca25a2b27e9cc82a3f3a6c9ff8315a |
| SHA1 | 3b4197182f9d05916b8420cada12af630464faf3 |
| SHA256 | a8ff5d28cc80fdc098f8de516718756b7d86d554bec8c26a72338eed194f9955 |
| SHA512 | 65afab10d407b192e7fe4a66b093f0c85404bba47c2d4af36210d45d360adab726294c2fd331339a13640b9f5b86dc590411bfa787a15fba3f110129178d5cdb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 63a764232342b7e087e68488f2735106 |
| SHA1 | 185c36e7d60fd9dd2501992d59d79788473fb217 |
| SHA256 | 71e0a85f43fcf7d965398e6c2278ff91c503371c90a63c6ae0c8d8449b4b23a4 |
| SHA512 | 806138c4a8b5f6a8cb14722ef252368a8eda38b90adb09784e6fd6fb87f6dfd40e029ae6c57cb044d54be8da58f81ff17895e7b477e3515ffbcb57f843b060cd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c801004d60c2500a6889957639e00af7 |
| SHA1 | eb85876c4b07ef76c056b816bebda682328ffe44 |
| SHA256 | 29946533205f652bebc190087cccb05d44c08bee68faaa4ada12e2f52e8b1552 |
| SHA512 | 52563172da06f713ca008f09b327208485007cb19dcacc2055cd9152b0a59c9044e787997557dd4cc4b32616cb36e63fb21393ce8a4d41ae89fe66ff774cf524 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-29 16:47
Reported
2024-10-29 16:50
Platform
win10v2004-20241007-en
Max time kernel
149s
Max time network
158s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\7c33ebeabbec9081f245d83ab438edc4_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff911c046f8,0x7ff911c04708,0x7ff911c04718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2352,4868026705192349818,9060483300295702555,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2328 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2352,4868026705192349818,9060483300295702555,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2408 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2352,4868026705192349818,9060483300295702555,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2352,4868026705192349818,9060483300295702555,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2352,4868026705192349818,9060483300295702555,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2352,4868026705192349818,9060483300295702555,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2352,4868026705192349818,9060483300295702555,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1820 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2352,4868026705192349818,9060483300295702555,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2352,4868026705192349818,9060483300295702555,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2352,4868026705192349818,9060483300295702555,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2352,4868026705192349818,9060483300295702555,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6200 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2352,4868026705192349818,9060483300295702555,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6200 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2352,4868026705192349818,9060483300295702555,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4016 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2352,4868026705192349818,9060483300295702555,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2352,4868026705192349818,9060483300295702555,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4124 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | blogger-plugins.googlecode.com | udp |
| US | 8.8.8.8:53 | bit.ly | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | ads.lfstmedia.com | udp |
| GB | 142.250.178.9:443 | www.blogger.com | tcp |
| US | 67.199.248.10:80 | bit.ly | tcp |
| GB | 142.250.200.46:443 | apis.google.com | tcp |
| GB | 216.58.204.74:80 | ajax.googleapis.com | tcp |
| NL | 172.217.218.82:80 | blogger-plugins.googlecode.com | tcp |
| DE | 116.202.166.16:445 | ads.lfstmedia.com | tcp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| GB | 142.250.178.9:443 | www.blogger.com | udp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| GB | 142.250.200.46:443 | apis.google.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | img2.blogblog.com | udp |
| US | 8.8.8.8:53 | img1.blogblog.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| GB | 142.250.178.9:443 | img1.blogblog.com | tcp |
| GB | 142.250.180.1:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.178.9:443 | img1.blogblog.com | tcp |
| GB | 142.250.178.9:443 | img1.blogblog.com | tcp |
| GB | 142.250.178.9:443 | img1.blogblog.com | tcp |
| GB | 142.250.178.9:443 | img1.blogblog.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.178.9:443 | img1.blogblog.com | udp |
| US | 8.8.8.8:53 | 9.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.248.199.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.218.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.179.139.118.in-addr.arpa | udp |
| DE | 116.202.166.18:445 | ads.lfstmedia.com | tcp |
| DE | 116.202.166.13:445 | ads.lfstmedia.com | tcp |
| US | 8.8.8.8:53 | ads.lfstmedia.com | udp |
| DE | 116.202.166.18:139 | ads.lfstmedia.com | tcp |
| GB | 172.217.169.34:445 | pagead2.googlesyndication.com | tcp |
| GB | 142.250.178.2:139 | pagead2.googlesyndication.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | themes.googleusercontent.com | udp |
| GB | 142.250.200.1:445 | themes.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | themes.googleusercontent.com | udp |
| GB | 142.250.200.1:139 | themes.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| GB | 163.70.151.21:445 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| GB | 163.70.151.21:139 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.blogblog.com | udp |
| GB | 142.250.178.9:445 | www.blogblog.com | tcp |
| US | 8.8.8.8:53 | www.blogblog.com | udp |
| US | 8.8.8.8:53 | ads.lfstmedia.com | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| DE | 116.202.166.18:445 | ads.lfstmedia.com | tcp |
| DE | 116.202.166.16:445 | ads.lfstmedia.com | tcp |
| DE | 116.202.166.13:445 | ads.lfstmedia.com | tcp |
| US | 8.8.8.8:53 | ads.lfstmedia.com | udp |
| DE | 116.202.166.16:139 | ads.lfstmedia.com | tcp |
| GB | 142.250.178.9:443 | www.blogblog.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.147.35:80 | www.facebook.com | tcp |
| GB | 163.70.147.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | trollites.blogspot.com | udp |
| GB | 142.250.178.1:80 | trollites.blogspot.com | tcp |
| US | 8.8.8.8:53 | 35.147.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 36988ca14952e1848e81a959880ea217 |
| SHA1 | a0482ef725657760502c2d1a5abe0bb37aebaadb |
| SHA256 | d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6 |
| SHA512 | d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | fab8d8d865e33fe195732aa7dcb91c30 |
| SHA1 | 2637e832f38acc70af3e511f5eba80fbd7461f2c |
| SHA256 | 1b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea |
| SHA512 | 39a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1699db580ef36416a2b72c040e74b9ac |
| SHA1 | 27b9301a8e26218aa1b1e969db80b0955674a444 |
| SHA256 | dc9b3cc8ce8194d00a145bdf02cff2b6d732741677cac7c6dd74b031c3ad015d |
| SHA512 | b92d7624a71a3a586e7d2a038354262a2dcccdedff7cc825306c657cdbafb8486e772842e0bd7ce1c81b7c28d08444f7527e225179eecb7d255e55af4e58df99 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 4288de4f9d73a2a3a88e2ceb54d72790 |
| SHA1 | c5e3ab334ee51816fe3836d49d3262525151f5ee |
| SHA256 | 7fe4efc3ea94831b248f661b3768fb09c881b2c64ec03d1780c9f531c7df381f |
| SHA512 | c575de1958b61adcaf0dcf4a54976abd75d9237b64b090ec222c72d64ddd3e1b205e95e816886564de4b3eef7fa86a38e24b2c7720ee69864ce26ae82a36c45c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2c0ea831fb71f0b0bb783f23a9827900 |
| SHA1 | 11205e144ec763f21e52eceede2efa5b7932657f |
| SHA256 | 3c04e5e93ce401e980e4d1d8d91e58d23d8ffb8344001b2171580c7222bae179 |
| SHA512 | 9b75dfb026bb471dd858368a2c2bdcb4ed8b9fb16559e267c2c197d675b592f03604ab67eda85c76d82ff09a28b8710714ff2e9b25c9f322d5baa0c658db9677 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 4aed347342d9b40218616cf46cfa1ddd |
| SHA1 | bfd32938b3cbb672b30e3900edfec42f90c7b5e6 |
| SHA256 | 3c7c13c5fec7a300a83eaca5b66e002ccfee588b3d4e1ac18f064f199518b617 |
| SHA512 | 38f3c25f851db9a52c4ba92d14a71db4a4244e0222b473628b7bf3a60704d6ef9af83c20da2dfd718ab76960b9e9389b624045f40b85efa0126baa5bdd939d6c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 5b8e81534092203b804d2abc893ae716 |
| SHA1 | 2650869d6f822e0338a924317492c68050185e96 |
| SHA256 | 12f311464985ee5d35e936f6bff7b005ea911854549782f9686d585491fbceba |
| SHA512 | 7bb8dffa831512d4b6d055673275269039c04da91443d63ff890626c4df9e7470a32bf0ea518cc53973dd8b562da3066060fd14b145c0c21be54bce7e0d53918 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | eeb71c71c3ae7d7737e0b0daa3d43d4e |
| SHA1 | e50b9480f1f03f32268390a34fb80474ee8d63a5 |
| SHA256 | 101be03f0ada1bd9e6b220f89119c9080414a19d13cbc82d3b07e9ae13df8473 |
| SHA512 | d183b77d70ba836b1a9d1ea7529a2c0c3eb4d74bfb0b83cf5e0a7d750e4e537794290b97629db4dd4cda8d14c5ce8228546593f66eca8a473b87aa9819f91075 |