Analysis Overview
SHA256
e91ccda039692ae875d78a4c77d10c4efbdf3f56c684ddab9bd3b2b0e3bc5089
Threat Level: Known bad
The file debf9eee0a49acad9d989314a32c05b4_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
SocGholish
Socgholish family
System Location Discovery: System Language Discovery
Browser Information Discovery
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Modifies Internet Explorer settings
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-12-10 22:27
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-12-10 22:27
Reported
2024-12-10 22:29
Platform
win7-20240903-en
Max time kernel
144s
Max time network
145s
Command Line
Signatures
SocGholish
Socgholish family
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "440031508" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{EA4AE511-B745-11EF-A444-523A95B0E536} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2528 wrote to memory of 2412 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2528 wrote to memory of 2412 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2528 wrote to memory of 2412 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2528 wrote to memory of 2412 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\debf9eee0a49acad9d989314a32c05b4_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2528 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | bloggerblogwidgets.googlecode.com | udp |
| US | 8.8.8.8:53 | netoopscodes.googlecode.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | ankiitpatel.blogspot.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | kona.kontera.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | img1.blogblog.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | www.feedburner.com | udp |
| US | 8.8.8.8:53 | nwidget.networkedblogs.com | udp |
| US | 8.8.8.8:53 | cdn.printfriendly.com | udp |
| US | 8.8.8.8:53 | s7.addthis.com | udp |
| US | 8.8.8.8:53 | feedjit.com | udp |
| US | 8.8.8.8:53 | static.networkedblogs.com | udp |
| US | 8.8.8.8:53 | w.sharethis.com | udp |
| US | 8.8.8.8:53 | passets-cdn.pinterest.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | code.helperblogger.com | udp |
| US | 8.8.8.8:53 | widgets.outbrain.com | udp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| US | 8.8.8.8:53 | scriptabufarhan.googlecode.com | udp |
| US | 8.8.8.8:53 | www.dmca.com | udp |
| US | 8.8.8.8:53 | ads.lzjl.com | udp |
| US | 8.8.8.8:53 | feeds.feedburner.com | udp |
| US | 8.8.8.8:53 | www.blogrollcenter.com | udp |
| US | 8.8.8.8:53 | s21.sitemeter.com | udp |
| US | 8.8.8.8:53 | www.getrank.org | udp |
| US | 8.8.8.8:53 | track.bloglog.com | udp |
| US | 8.8.8.8:53 | cdn.wibiya.com | udp |
| US | 8.8.8.8:53 | adf.ly | udp |
| US | 8.8.8.8:53 | ads.clicksor.com | udp |
| US | 8.8.8.8:53 | resources.infolinks.com | udp |
| US | 8.8.8.8:53 | shuttle.sharexy.com | udp |
| US | 8.8.8.8:53 | www.luminate.com | udp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| GB | 216.58.204.74:80 | fonts.googleapis.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| GB | 142.250.178.14:443 | www.feedburner.com | tcp |
| GB | 142.250.179.233:443 | img1.blogblog.com | tcp |
| GB | 172.217.16.225:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.179.233:443 | img1.blogblog.com | tcp |
| GB | 172.217.16.225:80 | 4.bp.blogspot.com | tcp |
| GB | 216.58.204.74:80 | fonts.googleapis.com | tcp |
| GB | 172.217.16.225:80 | 4.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.179.233:443 | img1.blogblog.com | tcp |
| GB | 216.58.204.74:80 | fonts.googleapis.com | tcp |
| GB | 142.250.179.233:443 | img1.blogblog.com | tcp |
| GB | 142.250.179.226:80 | pagead2.googlesyndication.com | tcp |
| GB | 142.250.179.226:80 | pagead2.googlesyndication.com | tcp |
| NL | 108.177.96.82:80 | scriptabufarhan.googlecode.com | tcp |
| NL | 108.177.96.82:80 | scriptabufarhan.googlecode.com | tcp |
| GB | 142.250.179.233:443 | img1.blogblog.com | tcp |
| GB | 142.250.178.14:443 | www.feedburner.com | tcp |
| NL | 108.177.96.82:80 | scriptabufarhan.googlecode.com | tcp |
| GB | 143.244.38.136:80 | cdn.printfriendly.com | tcp |
| GB | 143.244.38.136:80 | cdn.printfriendly.com | tcp |
| GB | 172.217.16.225:80 | 4.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 4.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 4.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 4.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 4.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 4.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 4.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 4.bp.blogspot.com | tcp |
| GB | 2.18.109.60:80 | widgets.outbrain.com | tcp |
| GB | 2.18.109.60:80 | widgets.outbrain.com | tcp |
| GB | 142.250.179.233:80 | img1.blogblog.com | tcp |
| GB | 142.250.179.233:80 | img1.blogblog.com | tcp |
| GB | 142.250.179.233:80 | img1.blogblog.com | tcp |
| GB | 172.217.16.225:80 | 4.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 4.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 4.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 4.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 4.bp.blogspot.com | tcp |
| NL | 108.177.96.82:80 | scriptabufarhan.googlecode.com | tcp |
| NL | 108.177.96.82:80 | scriptabufarhan.googlecode.com | tcp |
| GB | 172.217.16.225:80 | 4.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 4.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 4.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 4.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 4.bp.blogspot.com | tcp |
| US | 172.66.42.247:80 | resources.infolinks.com | tcp |
| US | 172.66.42.247:80 | resources.infolinks.com | tcp |
| SE | 3.164.230.50:80 | w.sharethis.com | tcp |
| SE | 3.164.230.50:80 | w.sharethis.com | tcp |
| US | 172.66.43.117:80 | adf.ly | tcp |
| US | 172.66.43.117:80 | adf.ly | tcp |
| US | 13.107.246.64:80 | www.dmca.com | tcp |
| US | 13.107.246.64:80 | www.dmca.com | tcp |
| NL | 108.177.96.82:80 | scriptabufarhan.googlecode.com | tcp |
| NL | 108.177.96.82:80 | scriptabufarhan.googlecode.com | tcp |
| US | 151.101.128.84:80 | passets-cdn.pinterest.com | tcp |
| US | 151.101.128.84:80 | passets-cdn.pinterest.com | tcp |
| GB | 216.58.212.206:80 | feeds.feedburner.com | tcp |
| GB | 216.58.212.206:80 | feeds.feedburner.com | tcp |
| GB | 142.250.178.14:80 | www.feedburner.com | tcp |
| GB | 142.250.178.14:80 | www.feedburner.com | tcp |
| US | 3.226.99.248:80 | www.luminate.com | tcp |
| US | 3.226.99.248:80 | www.luminate.com | tcp |
| US | 104.21.16.1:80 | cdn.wibiya.com | tcp |
| US | 104.21.16.1:80 | cdn.wibiya.com | tcp |
| US | 3.140.13.188:80 | code.helperblogger.com | tcp |
| US | 3.140.13.188:80 | code.helperblogger.com | tcp |
| US | 54.205.192.227:80 | www.getrank.org | tcp |
| US | 54.205.192.227:80 | www.getrank.org | tcp |
| CA | 199.21.148.89:80 | ads.lzjl.com | tcp |
| CA | 199.21.148.89:80 | ads.lzjl.com | tcp |
| US | 13.107.246.64:443 | www.dmca.com | tcp |
| US | 8.8.8.8:53 | publisher.linkvertise.com | udp |
| SE | 3.164.230.50:443 | w.sharethis.com | tcp |
| US | 104.18.1.75:443 | publisher.linkvertise.com | tcp |
| US | 104.18.1.75:443 | publisher.linkvertise.com | tcp |
| GB | 172.217.16.225:443 | 4.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | www.tealdit.com | udp |
| US | 8.8.8.8:53 | www.turbify.com | udp |
| US | 172.67.174.110:80 | www.tealdit.com | tcp |
| US | 172.67.174.110:80 | www.tealdit.com | tcp |
| US | 18.209.96.19:443 | www.turbify.com | tcp |
| US | 18.209.96.19:443 | www.turbify.com | tcp |
| SE | 3.164.230.50:443 | w.sharethis.com | tcp |
| US | 8.8.8.8:53 | www.hugedomains.com | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 172.67.70.191:443 | www.hugedomains.com | tcp |
| US | 172.67.70.191:443 | www.hugedomains.com | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| US | 172.67.174.110:443 | www.tealdit.com | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| SE | 3.164.230.50:443 | w.sharethis.com | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| SE | 3.164.230.50:443 | w.sharethis.com | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | nirav07.110mb.com | udp |
| GB | 142.250.200.14:80 | www.google-analytics.com | tcp |
| GB | 142.250.200.14:80 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | books.google.co.in | udp |
| US | 8.8.8.8:53 | www.blogblog.com | udp |
| GB | 172.217.16.238:80 | books.google.co.in | tcp |
| GB | 172.217.16.238:80 | books.google.co.in | tcp |
| GB | 142.250.179.233:80 | www.blogblog.com | tcp |
| GB | 142.250.179.233:80 | www.blogblog.com | tcp |
| US | 8.8.8.8:53 | www.printfriendly.com | udp |
| US | 172.67.73.115:443 | www.printfriendly.com | tcp |
| US | 172.67.73.115:443 | www.printfriendly.com | tcp |
| GB | 172.217.16.238:443 | books.google.co.in | tcp |
| GB | 172.217.16.238:443 | books.google.co.in | tcp |
| US | 8.8.8.8:53 | ocsp.r2m02.amazontrust.com | udp |
| US | 8.8.8.8:53 | ocsp.r2m02.amazontrust.com | udp |
| NL | 18.238.246.206:80 | ocsp.r2m02.amazontrust.com | tcp |
| NL | 18.238.246.206:80 | ocsp.r2m02.amazontrust.com | tcp |
| CA | 199.21.148.89:80 | ads.lzjl.com | tcp |
| US | 8.8.8.8:53 | crl.microsoft.com | udp |
| GB | 2.19.252.143:80 | crl.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 95.100.245.144:80 | www.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 4749d0b2a517aafefa04526340706ba3 |
| SHA1 | 8579b207f71b2d3b586552a1dd5df5c2b650adac |
| SHA256 | 3ef7a479f0b495fc70640902cad90a387aff9a7c52b2c8f570814be9be25302c |
| SHA512 | 48fcdfec945063e1ba9a99f16c1bc8b4eec5c5208bfa7032e39bbddbaad78f0cd5db172e0ee21641f5aa6933f80fa2a9c2bf286e93c8c4ce63c905eea668205c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 58a16cf511e309ce5dd1eb21e31fe798 |
| SHA1 | b221e46f9179ad5d7c8896299affc104d79b1fbd |
| SHA256 | b5388f304f72f49a83fae081d0dc701dfff9db743cce0d2af1471d70b5476e1d |
| SHA512 | df0f8c4b1e8a87566ca94714c375c0ff6a6e1d6adf6844fe54f01d257ca88bafa66a9241a22f57ef2376e3be085663f3a76ae7b5352bda9e5ac34769e20c005e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199
| MD5 | 627c5cbe29b4f8dbfe8065c79027d980 |
| SHA1 | b36f622d10dac6faef05400f77bdb45997c9b050 |
| SHA256 | 3955a852acbd2e1e25ce3f8325ac7f819a48b59410882fbf8e2ad04e41809028 |
| SHA512 | d53f3182aed583185bce3f30a97f550724f7394316881abbbed4e6eac9013844b634330521ab73b88fe3c6602c24bd19f98fbe07182f7e629170eb8dba23b1b4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199
| MD5 | e935bc5762068caf3e24a2683b1b8a88 |
| SHA1 | 82b70eb774c0756837fe8d7acbfeec05ecbf5463 |
| SHA256 | a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d |
| SHA512 | bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DDE8B1B7E253A9758EC380BD648952AF_86F2A83F54EA52E2D59C5D2EE00149B8
| MD5 | 712ed3bbe0f67a8a9458a6066aeda522 |
| SHA1 | 701d16ce47affb7b269d50a081df5d42bda19fc7 |
| SHA256 | 3d6d90987e164931f7a6ca178434a4d13f48f852096ba8ea6f62ded09f5b0556 |
| SHA512 | 936f9ddb20db5ce4d5dd12a55ebb2948dddfb4e2a6ca4b20c12d7cefbd638c0710f4e01ca339192bd7313563ac032dfb7bed8bb498fc08396904aae560b2a70b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DDE8B1B7E253A9758EC380BD648952AF_86F2A83F54EA52E2D59C5D2EE00149B8
| MD5 | 75de656defd632840ee6280b13d5ed66 |
| SHA1 | 7d5df0a1f158fbdf43a19e767707acc86466b367 |
| SHA256 | 05984f0b5fc82e4ae6ec1f40cc3085d7258959abd51f707b1ff340086dd7d6ce |
| SHA512 | bc2aba609ac0a4a774bdb071fa3814a0ebfa364399fbabb352c26e09b40c05782c769f01c46ab354a6db11960d7137bbb5e69d100401b0e6668ee237e6812f1b |
C:\Users\Admin\AppData\Local\Temp\TarAE2E.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\Local\Temp\CabAE2D.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 34159356aa5d078b3a194935695505fe |
| SHA1 | 53bc2edaaa6d60bc472616c3675f56fd0a3e2609 |
| SHA256 | 16bf10aae095196a6fc6e43bb92dfbd091c3962338648080f0fb974fcf6f92c7 |
| SHA512 | 89c55a0aea002cdf3b01e65d43e087f58507fc98644cee96ceda5ce22eeb36c99e94917b74e77a41f0e3c7887f030b4083a07f26e4dbbc8b28d78037baec0522 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c892af121b93332cc4f49df95b313580 |
| SHA1 | 97e0445e8b9b7b8fb5b21486b74d2d359c481d98 |
| SHA256 | 901a993ae588bc92274c27f3cd7c0c0148fd95de274673c1df1489ee8dba4469 |
| SHA512 | abf2d35410f893aa0ecbb5a19edc59668d76d26e4946609c485fbefbe097b89c2576cffc5c6fb6a6b1941a99c441c83c211459fc2a0fbbfb10f248fc54fa09e6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
| MD5 | 55540a230bdab55187a841cfe1aa1545 |
| SHA1 | 363e4734f757bdeb89868efe94907774a327695e |
| SHA256 | d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb |
| SHA512 | c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
| MD5 | df729746065a64bfb9b6adf2608a5f61 |
| SHA1 | 68167d1d08d77eb8fbff7f3640317a9a4eecfb9d |
| SHA256 | 1654b40dc232a5fdb28be776b7cb5ab2e56b636962826ac79d5f7eb3850d3412 |
| SHA512 | 9dcda72c7103bac9c0a63cec282552de6a765395febac080d642b24748e44d424047b08557927035a1eb594154c48c72d19325cbfb6ea9240b5214f3f61aa3f2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 40252c21a90591c5c679ab728ab0c0c5 |
| SHA1 | 81fc5548e6c8bb6ef1c810bbe66b2f961d379519 |
| SHA256 | 8fc0805e7b5be54bde1fa2cf635dc3bcef1b5ae350236205045fe0dcafc93f29 |
| SHA512 | e6343ecade91671ae3326d548d17c972cca1395e33a607fceb480f4a89abcb1dd34506ac6af3c10c4d695215e3090b796ad2f3f846f8c22f348481b060249467 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e474cb3d6778972620d285edb92a8f56 |
| SHA1 | b877dbfee5df25cf4f520cb19c2dbdfd50ab63ab |
| SHA256 | 0349bea696a354bc921b31080562ced62f06a1400cc7e1d8bdb174bfc61543f1 |
| SHA512 | 9b491d2d59af330cfdbcded5a269560970b03c0d06ffc39f617bf95b95fbf316c0a8cdfa8ace74ba667dee6c331f534ad0c6bf833a3b0d4c259940c6101183ca |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8591c17ceec8c95f9dde6316a77a6d30 |
| SHA1 | d1f0b57c42e0a4c81d1c0c9b1ea3e2596268700f |
| SHA256 | f6a75b51158fd9c9dc6d334d8739b0c22fd3043adc1e796ac80e5a612d62394a |
| SHA512 | 0ace95814bb0971cd148f2ac7846fdaded57c488249864fc02482b98e582dcc4bf55303fd99b33fda7eddfdccd19f8d39ad2d4c62ebea9b235450215c1777e21 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9689df5518b38b98b92d3808e5cb287e |
| SHA1 | 41805ff7bdd6117586a4419224f5e2c13b95dd2a |
| SHA256 | 325a10b4893f9c0fcd3363f00ab507f51c9a98dbc687752c48b142e595efb954 |
| SHA512 | a74ef1969202c03f930709c5437a7733a15eb3e4a0071f366268bce4d1aea882099138fce418995d96530721e14ba5a857bbb390a131d1086b87e45a81be258b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 0b3b3a8d9f7e1c71a24960d5fae4763c |
| SHA1 | 5d9a615294d43f6ea92686a28d357c3332bd77d6 |
| SHA256 | 9eb7af792fbad1168d9f5f34389be441680111b4f9f17652f18af7d115ecc224 |
| SHA512 | 7232cdf2f44bd8cf53448a1d39ed1bc2c4ea7e94e03730c02813c6da67fddf2374ffcecee55f5a6c0d82f0cf7c3b280132a135e5c60a563487cec856e4f06ec8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 884078edda49867673898bbb0feb565f |
| SHA1 | fc54e01aed8fa461fa27afdf859e7c6c64ff75a2 |
| SHA256 | 4cd677eb685074f7cf38b1fec7b75a682423e0616c68a09c5bb7a35008021f79 |
| SHA512 | 6d7e2d1b593ad62f4a5c465aadda2439f6d7d2ae8d967096188fe7462abaa406a4648e2190ecbbdb5eb098a6a55947ae4d085f48b8c00fd877cb495ecf975d1f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6c1e612d3b41b72622e3e3ed98ac4548 |
| SHA1 | b0c49b9962780bc4ba689990c13d0811c353babe |
| SHA256 | f9f2905e6dee98ce5788dbdd91e144c0743bfc23fcbe60fe1a23943d3606b378 |
| SHA512 | e1d2f27df1467582f834284e805348289fe8079129e10000c4564f5e2974d09acb056b038e8921beb5cee4792445fe4402217d38b76c7b1adfa3d400fb3c88e1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | c313dcf9b565ddaa3a4605b63fd9a730 |
| SHA1 | da2cc7b2b32f57a6df2ee23d3b89e92e58fd8826 |
| SHA256 | f0ab18ed4e81dffdd313268800ca7e256bbe84a4adb43c7ce28fa547f1b3d334 |
| SHA512 | a2bcc08acb7fd1f11e8cda584e3b22f1cf6adfb9d15e7de3c6e2c3eba27927db3dfd6081dd081c783997a6d62eed2b82a17ec47d7264da2829ca97e5addb201c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3ad1e9ee489dc44e95621051c4e09ef7 |
| SHA1 | 92dd8291ae858fe73ab30b81deb394c5efa06d01 |
| SHA256 | 25326c50981297ab2d2ce0c2dbba9feaf550ffa39d19b35a620ec1d165d8ad6f |
| SHA512 | fffc2dbc87fecbf0ea419463ad7792d97f779bc4980ca11ae00fe7e2f9f592707421582d936381c073d18dffa98507243a7aba289708e6ad4a03119648117d49 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1a21e050b0248d17278b599712e7984b |
| SHA1 | 5d9f97b051188a1ffd373edc9d7a5c46bd2b436e |
| SHA256 | 6fe9a26840c5369f9a8c1be8fe85e989fdb90f312b3b6b5651425b9bafbe6942 |
| SHA512 | 5b8e1c22d0e207943e28e799eeae999931aacb9036c95c5ccb781bb8f2a0f16ca96968fb2653a047512ba071ee902734519acd092573303757fb86fe507278e4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 96c4a8db3a9d8323f256a781e58ab21d |
| SHA1 | 5ffde550ff1bd3db14c6eae79382d0a655290288 |
| SHA256 | d6259f567eaaa13b1ab7472b3f3ed55a77a8cee4848bc732fba33aa67fb5d841 |
| SHA512 | d6c19b21ef2bcc10e82bb8eed2b3b0813e994c3c425bff47a27aa9cac9d0ae6193b77947013a27f344c56dc412acc1ef69dd321ed9166b0876cbb7d6846a99eb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7f5b04299dad470a0dd58334df86a8e6 |
| SHA1 | 643b91ad03a5d37c3cc151844e29bb81d7c7147d |
| SHA256 | 8ef38b07ede0b5844f49ac55f60402680d907198b0a58c6a28adec86dc91fc0a |
| SHA512 | 05db9ca33105e81f4c141326fdf4e5b9fdcde9016cb2108e47154a1d563899c236806cec9cd1247f242edb47ffa02d41b358add429a23286450e52787f5b57a5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 15de5a159e1b926ce1eabe2d1739e37e |
| SHA1 | c5d57060ec445587f768fdf6ef2ced28c91df821 |
| SHA256 | 5fa41db81243ac6040c6a13867e4f404a1d2c9e4aa1a18f54dcac340dd96e66e |
| SHA512 | 15e1aff6888966e78f7503596e16c01054fd82cb8aba34703210689dc9c9f90d190269b640fb48bf175fdef48c4d87e0d196725e737c2b4829d872f679be6ce1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7b6dc12f24b32c74d70cc0ec09ae82a9 |
| SHA1 | 93f4436dd7c591e3822553be86acd34da6660410 |
| SHA256 | ea03a9d1a57adf417d1a3a05a24be16620353c23f93375d58e9ab5b055ea779c |
| SHA512 | ec91711c6fe13bcd901436c6772db2d97f38647fae37a7794d2af648c146b24edc2cd2cc51b707f91ee9bf97882daf35585a9be79045c4e64102e168f38df0ac |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1ac478a6ae8ed4251b93019bf51ef0f0 |
| SHA1 | 0a1792395b9bf08af4c87ff9782dbc113217133d |
| SHA256 | a9106dfd30e3acff20b96d63155c6b0a6049ad77f4c7522f0c38e4a756448c89 |
| SHA512 | 10c23cd9cdfba1c731a76fea4849feaf4ed36d075c46abb26b7af05f833a8a680a5a4851e4ecf2a30a2005effd678b68fb8a83b46596442d95665816d55f2e92 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5bd0f4a279d05f1214029aaaedb0cbfe |
| SHA1 | 6f1504b3b80ab8eeac4ec48e080a3ea8085b1986 |
| SHA256 | e5a3b9908d447533da9898c14266ed680cabf4765319f1221da997feba78f8d2 |
| SHA512 | 8300994d2315791e1a6efc417eaeef4cf634fc8bea1f56baa99ae7ea70f9fb901f7401be1a26597dc0c799b4c48c0450cfebebbe1b31b75f5c73434356129507 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-12-10 22:27
Reported
2024-12-10 22:29
Platform
win10v2004-20241007-en
Max time kernel
145s
Max time network
149s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\debf9eee0a49acad9d989314a32c05b4_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe772746f8,0x7ffe77274708,0x7ffe77274718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,11815272723026618934,15156788872477842753,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,11815272723026618934,15156788872477842753,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,11815272723026618934,15156788872477842753,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2920 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11815272723026618934,15156788872477842753,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11815272723026618934,15156788872477842753,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11815272723026618934,15156788872477842753,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,11815272723026618934,15156788872477842753,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1852 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | netoopscodes.googlecode.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | bloggerblogwidgets.googlecode.com | udp |
| US | 8.8.8.8:53 | ankiitpatel.blogspot.com | udp |
| GB | 216.58.204.74:80 | fonts.googleapis.com | tcp |
| GB | 216.58.204.74:80 | fonts.googleapis.com | tcp |
| NL | 108.177.96.82:80 | bloggerblogwidgets.googlecode.com | tcp |
| GB | 142.250.178.14:443 | apis.google.com | tcp |
| GB | 142.250.179.233:445 | www.blogger.com | tcp |
| GB | 142.250.179.233:443 | www.blogger.com | tcp |
| GB | 142.250.179.233:443 | www.blogger.com | tcp |
| GB | 172.217.16.225:80 | ankiitpatel.blogspot.com | tcp |
| GB | 142.250.178.2:80 | pagead2.googlesyndication.com | tcp |
| NL | 108.177.96.82:80 | bloggerblogwidgets.googlecode.com | tcp |
| GB | 172.217.16.225:443 | ankiitpatel.blogspot.com | tcp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.96.177.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | kona.kontera.com | udp |
| US | 8.8.8.8:53 | nwidget.networkedblogs.com | udp |
| US | 8.8.8.8:53 | cdn.printfriendly.com | udp |
| US | 8.8.8.8:53 | s7.addthis.com | udp |
| GB | 143.244.38.136:80 | cdn.printfriendly.com | tcp |
| US | 8.8.8.8:53 | feedjit.com | udp |
| NL | 108.177.96.82:80 | bloggerblogwidgets.googlecode.com | tcp |
| US | 8.8.8.8:53 | w.sharethis.com | udp |
| SE | 3.164.230.50:80 | w.sharethis.com | tcp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | code.helperblogger.com | udp |
| SE | 3.164.230.50:443 | w.sharethis.com | tcp |
| GB | 142.250.179.233:139 | resources.blogblog.com | tcp |
| US | 3.18.7.81:80 | code.helperblogger.com | tcp |
| US | 8.8.8.8:53 | 50.230.164.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.38.244.143.in-addr.arpa | udp |
| US | 3.18.7.81:80 | code.helperblogger.com | tcp |
| US | 8.8.8.8:53 | www.hugedomains.com | udp |
| US | 172.67.70.191:443 | www.hugedomains.com | tcp |
| US | 8.8.8.8:53 | widgets.outbrain.com | udp |
| GB | 2.18.109.60:80 | widgets.outbrain.com | tcp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| GB | 2.18.109.60:80 | widgets.outbrain.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| US | 8.8.8.8:53 | scriptabufarhan.googlecode.com | udp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| NL | 108.177.96.82:80 | scriptabufarhan.googlecode.com | tcp |
| US | 8.8.8.8:53 | 81.7.18.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.230.164.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 191.70.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.109.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| NL | 108.177.96.82:80 | scriptabufarhan.googlecode.com | tcp |
| US | 8.8.8.8:53 | ads.lzjl.com | udp |
| CA | 199.21.148.89:80 | ads.lzjl.com | tcp |
| US | 8.8.8.8:53 | s21.sitemeter.com | udp |
| CA | 199.21.148.89:80 | ads.lzjl.com | tcp |
| US | 8.8.8.8:53 | cdn.wibiya.com | udp |
| US | 104.21.32.1:80 | cdn.wibiya.com | tcp |
| US | 8.8.8.8:53 | www.tealdit.com | udp |
| US | 172.67.174.110:80 | www.tealdit.com | tcp |
| US | 172.67.174.110:443 | www.tealdit.com | tcp |
| US | 8.8.8.8:53 | 30.179.139.118.in-addr.arpa | udp |
| US | 8.8.8.8:53 | adf.ly | udp |
| US | 172.66.40.139:80 | adf.ly | tcp |
| US | 172.66.40.139:80 | adf.ly | tcp |
| US | 8.8.8.8:53 | publisher.linkvertise.com | udp |
| US | 104.18.0.75:443 | publisher.linkvertise.com | tcp |
| US | 8.8.8.8:53 | ads.clicksor.com | udp |
| US | 8.8.8.8:53 | resources.infolinks.com | udp |
| US | 172.66.41.9:80 | resources.infolinks.com | tcp |
| US | 8.8.8.8:53 | 1.32.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.174.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.40.66.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | shuttle.sharexy.com | udp |
| US | 8.8.8.8:53 | www.luminate.com | udp |
| US | 3.226.99.248:80 | www.luminate.com | tcp |
| US | 8.8.8.8:53 | www.turbify.com | udp |
| US | 3.226.99.248:443 | www.turbify.com | tcp |
| GB | 142.250.179.233:443 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | 75.0.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.41.66.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 248.99.226.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| GB | 142.250.179.233:443 | resources.blogblog.com | tcp |
| GB | 142.250.179.233:443 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| GB | 172.217.16.225:80 | 2.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| GB | 172.217.16.225:80 | 3.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | img1.blogblog.com | udp |
| GB | 142.250.179.233:80 | img1.blogblog.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| GB | 172.217.16.225:80 | 1.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | www.feedburner.com | udp |
| GB | 142.250.178.14:80 | www.feedburner.com | tcp |
| US | 8.8.8.8:53 | static.networkedblogs.com | udp |
| US | 8.8.8.8:53 | passets-cdn.pinterest.com | udp |
| US | 151.101.192.84:80 | passets-cdn.pinterest.com | tcp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| GB | 172.217.16.225:80 | 4.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | 84.192.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.dmca.com | udp |
| US | 13.107.246.64:80 | www.dmca.com | tcp |
| US | 13.107.246.64:443 | www.dmca.com | tcp |
| US | 8.8.8.8:53 | feeds.feedburner.com | udp |
| GB | 216.58.212.206:80 | feeds.feedburner.com | tcp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.blogrollcenter.com | udp |
| GB | 216.58.212.206:80 | feeds.feedburner.com | tcp |
| US | 8.8.8.8:53 | www.getrank.org | udp |
| US | 54.82.172.55:80 | www.getrank.org | tcp |
| US | 54.82.172.55:80 | www.getrank.org | tcp |
| US | 8.8.8.8:53 | track.bloglog.com | udp |
| US | 8.8.8.8:53 | 55.172.82.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| GB | 142.250.178.14:443 | translate.google.com | udp |
| NL | 108.177.96.82:80 | scriptabufarhan.googlecode.com | tcp |
| US | 8.8.8.8:53 | www.blogblog.com | udp |
| US | 8.8.8.8:53 | nirav07.110mb.com | udp |
| GB | 142.250.200.14:80 | www.google-analytics.com | tcp |
| GB | 142.250.179.233:80 | www.blogblog.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 216.58.201.98:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.178.14:445 | translate.google.com | tcp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| GB | 142.250.178.14:139 | translate.google.com | tcp |
| US | 8.8.8.8:53 | 98.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.42.69.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| GB | 172.217.16.225:445 | 1.bp.blogspot.com | tcp |
| GB | 172.217.16.225:139 | 1.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:445 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | youtube.googleapis.com | udp |
| GB | 216.58.201.106:445 | youtube.googleapis.com | tcp |
| GB | 216.58.212.202:445 | youtube.googleapis.com | tcp |
| GB | 142.250.187.234:445 | youtube.googleapis.com | tcp |
| GB | 142.250.200.42:445 | youtube.googleapis.com | tcp |
| GB | 142.250.178.10:445 | youtube.googleapis.com | tcp |
| GB | 142.250.179.234:445 | youtube.googleapis.com | tcp |
| GB | 172.217.16.234:445 | youtube.googleapis.com | tcp |
| GB | 142.250.187.202:445 | youtube.googleapis.com | tcp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | youtube.googleapis.com | udp |
| GB | 216.58.204.74:445 | youtube.googleapis.com | tcp |
| GB | 142.250.200.10:445 | youtube.googleapis.com | tcp |
| GB | 142.250.180.10:445 | youtube.googleapis.com | tcp |
| GB | 216.58.213.10:445 | youtube.googleapis.com | tcp |
| GB | 216.58.212.202:139 | youtube.googleapis.com | tcp |
| GB | 142.250.179.226:445 | pagead2.googlesyndication.com | tcp |
| GB | 142.250.178.2:139 | pagead2.googlesyndication.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 37f660dd4b6ddf23bc37f5c823d1c33a |
| SHA1 | 1c35538aa307a3e09d15519df6ace99674ae428b |
| SHA256 | 4e2510a1d5a50a94fe4ce0f74932ab780758a8cbdc6d176a9ce8ab92309f26f8 |
| SHA512 | 807b8b8dc9109b6f78fc63655450bf12b9a006ff63e8f29ade8899d45fdf4a6c068c5c46a3efbc4232b9e1e35d6494f00ded5cdb3e235c8a25023bfbd823992d |
\??\pipe\LOCAL\crashpad_3428_HEJOUVHBQZFSSIAI
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | d7cb450b1315c63b1d5d89d98ba22da5 |
| SHA1 | 694005cd9e1a4c54e0b83d0598a8a0c089df1556 |
| SHA256 | 38355fd694faf1223518e40bac1996bdceaf44191214b0a23c4334d5fb07d031 |
| SHA512 | df04d4f4b77bae447a940b28aeac345b21b299d8d26e28ecbb3c1c9e9a0e07c551e412d545c7dbb147a92c12bad7ae49ac35af021c34b88e2c6c5f7a0b65f6a8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c6d06117f9b8601c6f654ab19ee904bc |
| SHA1 | 4318ecb893453e3fb6322b19dce500201617f618 |
| SHA256 | 94fe52d7c005736073286099b35c262ea618a3d1049db4ec2f88b30482f809e7 |
| SHA512 | 2cdc3e6076c76cb31173193c916a3ca133b1de4daba9edb7fe44016aeebf4637a3e97edf60ead1ba4ceeb90a807af885c02c3d1f492c7139376c5a72543509d6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 219d7b193c2a71adec306ea631c0705d |
| SHA1 | 36a028ccc3ae9fdf868ffc7998d1cad6c9a11701 |
| SHA256 | f00bbba536c6f3ee476d6d438cbc78359e3de98c28b1d5d46f3fc94aefc73bb8 |
| SHA512 | 63a7012bcc2e55e97a6312d570904a149b2de201f0173323d4c56ae1289c128a3e5f2cba7dde9aaa50deb83a25812d9e22352e8c311dec4902cf8073d64ccbd8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d45ccb4c7b99173be288abc90cd8d683 |
| SHA1 | 05791ddd5ceca38c2ae987a2a6545ee4d9ad65e3 |
| SHA256 | 4ebb4bcd17c315cbb22a40dbdddeab846b78e613cf4bf16fd2b39cdb63231e0d |
| SHA512 | e1fbf24dee43f829fc8a9e16f747181763835f9b05f88fff94e26e52ba0edd90a022020fa9a5a1389c90e1807e3aafef0489be896c25a4fb40d8a52ab47138e4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | d2185f286f35c40efa4f508229e51d4b |
| SHA1 | 7ea1630b46228e1c86219514828d74efbc26ed29 |
| SHA256 | 4b52295554eaa394a607bbbc6a76ada2689996746dff9ab66dbbcdf5c6826284 |
| SHA512 | 2e175672f22ff910744f05f894716333bceb24f42c491ce4e44ff06abfbcae89d0b6a16a4647fc54990a9a1f34cfc35115ac8f9aeee6144c93e4573f45f0b7bc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | f4c47e8f47a9b424bd6975cd3772c380 |
| SHA1 | 69446bdf5893ab128351e0ca71751f8b5babc920 |
| SHA256 | 5bb965c357f097674a5f37ef4309331e0f73d1cc39aea44cc991e2657c6f413e |
| SHA512 | ad9ecbffcf06f6d69ef55dc26f7a697817cd4734abbb31299815eff07c19b9a5d692b33fcea0f694618e1188e17d7f1751ee8bbae4374323ce22c26309576e1a |