Analysis Overview
SHA256
37b5129da51a0b8bc1136ad94a3866d19b0e49f17d4a0e0c1217fac71ee2df54
Threat Level: Known bad
The file dcf0ef79e950cc6279f7cdccdb336395_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
SocGholish
Socgholish family
System Location Discovery: System Language Discovery
Browser Information Discovery
Modifies Internet Explorer settings
Suspicious use of WriteProcessMemory
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-12-10 04:09
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-12-10 04:09
Reported
2024-12-10 04:12
Platform
win7-20240708-en
Max time kernel
141s
Max time network
145s
Command Line
Signatures
SocGholish
Socgholish family
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "439965645" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b09cea69b94adb01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9219A8C1-B6AC-11EF-85B7-D6CBE06212A9} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000053aba0255ebc5d49836d3611b4a651d4000000000200000000001066000000010000200000002aee4327d2238a579f87fa48bdaaf888c17bf441d1dd7a0032809eefff363df0000000000e8000000002000020000000017f2276a680f04e299afc1bf76e31ea32a7451e37f8a38740103d1d25b73ae89000000020b188834a2978d9f7824a6edfda43abf4f335833b4488555926909282a46842f3d9b978c3b454e6ef23e6dc7e038540d6116504ca39bfafc6b920ce4a8285d6415a3374e0de0131e60393b465ad3f5c2bd6bc33533c0d73e409b57673089d5ac93a074971847b8af9da2b7585fbb0148af3ff424593cfdb69f6d7cbab2ee64be8660ec734e4f2e9398a0f0e1336f82a400000000f683d7f8a935294b41f68fae3e8f5db1ae0bf1761cdc92e6db5df1c4ab40cd157a28b0d48d3575d10580a99bd4b6dd0f4091a2648004e5cd5df91865f7dec7f | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000053aba0255ebc5d49836d3611b4a651d4000000000200000000001066000000010000200000009d1d05f752383635ad371640519eee83f35957ae7fca5dd664013f8b3265d280000000000e800000000200002000000063ce77799c8a913190e604b7ce0d078602d9d9fc10a88f49d22dd355b359b5dd20000000a81a1ce3b9a374552e3acbbf59c4d12dfbc43888d83908b0bd9dc4bd613f7b1940000000537bfd1858b457a4fc15c725af3a17a2cf10246c7846ed913a3dd78dc75ad3022c7eda41578227a529ba90842bf693545576833706cc8ab312313c75dcc4cf58 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3032 wrote to memory of 2024 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3032 wrote to memory of 2024 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3032 wrote to memory of 2024 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3032 wrote to memory of 2024 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\dcf0ef79e950cc6279f7cdccdb336395_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3032 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| GB | 142.250.179.233:443 | www.blogger.com | tcp |
| GB | 142.250.179.233:443 | www.blogger.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | bit.ly | udp |
| US | 8.8.8.8:53 | blogger-plugins.googlecode.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| US | 8.8.8.8:53 | img2.blogblog.com | udp |
| US | 8.8.8.8:53 | img1.blogblog.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 67.199.248.11:80 | bit.ly | tcp |
| US | 67.199.248.11:80 | bit.ly | tcp |
| GB | 142.250.178.14:443 | apis.google.com | tcp |
| GB | 142.250.178.14:443 | apis.google.com | tcp |
| GB | 216.58.212.234:80 | ajax.googleapis.com | tcp |
| GB | 216.58.212.234:80 | ajax.googleapis.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| GB | 142.250.179.233:443 | img1.blogblog.com | tcp |
| GB | 142.250.179.233:443 | img1.blogblog.com | tcp |
| GB | 172.217.16.225:80 | 2.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.179.233:443 | img1.blogblog.com | tcp |
| GB | 172.217.16.225:80 | 2.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.179.233:443 | img1.blogblog.com | tcp |
| GB | 142.250.179.233:443 | img1.blogblog.com | tcp |
| GB | 142.250.179.233:443 | img1.blogblog.com | tcp |
| GB | 142.250.179.233:443 | img1.blogblog.com | tcp |
| NL | 108.177.96.82:80 | blogger-plugins.googlecode.com | tcp |
| NL | 108.177.96.82:80 | blogger-plugins.googlecode.com | tcp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| GB | 172.217.16.225:80 | 1.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 1.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | crl.microsoft.com | udp |
| GB | 88.221.134.83:80 | crl.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 95.100.245.144:80 | www.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\CabC1BB.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarC2A8.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2d9f6f0aa007a4dde764298af1d99dbd |
| SHA1 | a3ba068e039fa82f5a4bd49287ecce85222f5082 |
| SHA256 | 9f99f706f9b1f777df8355cd4189f61db902b06e3df46e22147541b870cd4d99 |
| SHA512 | 9ef7a25cb71c91b6be71838627e12daad16a3721a73951cb95cf5a406ddae2b6550f97388f6e72b8a4d9db38c5a89a457352b626f78a4873ac2b2b86680b126a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 28f233a1720a0acd3f472e8866986e6f |
| SHA1 | a678b238c81405c697e2c25f44643498c4ddee25 |
| SHA256 | c0a36077e98862df1817b56014d32cbd2f29e6464e339304568116cf5c14f890 |
| SHA512 | 21c5731a36d2796a1ecbb9d1d967c2d22bbc058cb01dac2409ddd46e1db6e67bc5ee2a81c38bb6f0992e4670e3dbee07cdba2e068e474aaa108b0b13337101a0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7935032dc9bde49e573f51e4503631b3 |
| SHA1 | d24f2476da2849cb17ead6180f5dadd97aa84488 |
| SHA256 | c033c77c9aa0b2ef56adc3636154f8ccdfff2b32e15ba595e0627dffcb1635d0 |
| SHA512 | 5859759e7d06f3567e670c3a82560734571fe33f2eb1b4c47c62cc83ac8af3149a00e1251506eedb9093a0316a49e1e8283ef0a07061770e86a339e925c16ad8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c3f1c96514c4571cb2d1e9771399132f |
| SHA1 | 1ff82a1dcccde8e2b0e9e020f34c473df8a18e29 |
| SHA256 | 996e2172fcc6f5751493c6fdcc81240c36e38c58a3b3fe61be1242f5149a412e |
| SHA512 | ee1d806e8896dfaa50b05354c6c3e75a93bde135e8e6aef344321a6870d605ee1cfa9e44dc6b4ab29cb7cfd19d8d150cd05b1ac22d2c2e7ba67dddbc0376ea92 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 53755c5aed3400706d8e36ba48f1f1ae |
| SHA1 | 40b15edc3fcf3d47c7fbb2b7bf8143f584e86f27 |
| SHA256 | d93a6fac26d442fd7fc404c4e496c9fb2ac33f2a58c4bfc5d8d8fe2c380126b6 |
| SHA512 | 2074c1bd9e2ffbdb5e7949a8e4f26603d4f0f329b7ab44d65712213d7cf841dcc9bf37b2da14ec31ae3d6feea5afd27b973b5540e6dd01e7a6c7b77d05028323 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 250b41dce2be4e53d07ca765b32ea9d7 |
| SHA1 | 883ad3e9ee529ea10c285213abb1c72209214fc5 |
| SHA256 | 87f750a4add231c54cb56aa47987f6fb44474d65b5dd4334be8945adf0c01cee |
| SHA512 | 34092452af13b1f61d9369cb4da0e3d667d4dae491351ad5b1b74aa00eec4d2c5debffcf855a5a44ff19047646c77162a1559f029e2da5749e4a0c9914895978 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5fc9d3563387e5f1e8f6d95802892d95 |
| SHA1 | 51a1b6d302716ca71e0b916d706dab8ebcbfe481 |
| SHA256 | 822e4610298f0e630cac5cbebdcf4e3b17911c347e753c769987b9b3bba8251b |
| SHA512 | c3985a48de3d724aa91e87fc436aa3553c3fe3356ef4ac68d46084217840ebfc271bc7beeabe4327f940cf203588b7b794ec3bcdc1677bfbd665fc3b513d244b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | afa3c4138ecd554b0b0bef9e1767220d |
| SHA1 | d81130ae0d504149f4b529916436f98ca769e89e |
| SHA256 | 337e4a4f9345cfda9a5539016e30fdd59f98250db72974039c0b6497215e2b7d |
| SHA512 | 2c67bffb8e06803c4fc8948a1d24d2e83622c873abab6ab199dbaac8ddf4c0666ebad1b889053e9fc200b0de1400774521dae76577a8550a2f94491e811dc443 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ca0ed28860e3e11d16c0f64a11b847f0 |
| SHA1 | 8bf5ef9cb38beef768b1e308b497a4f3c84b7053 |
| SHA256 | 364ff241c6f6f2449156bb1139cfb9891b189886079244d6f1cf5e98b9041de8 |
| SHA512 | 3e94956355e4e38ca8756d50b5ecd1d085c342048c540b6aefba2bdac375f7e88946b5af6049812999537c375834c4a8481b0a15ba027abb26eaf02b853203e8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9c426fd3a9d389553d94115aaf2d9021 |
| SHA1 | 0043ffb418af9795497dda680ee16e692d617662 |
| SHA256 | 7582bace7d0eec317645006d1bd50b36c1d745e0108b837ecf2d94a35c8fd45b |
| SHA512 | dfe5867dfb33823273e085d13df929e4937602d098daca27c91c6d0c9beed686f495d1ca6c290cc3e4f44c3d3b5d1e7856683cf63fc9559a51c496672e87f93e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 91c26113ad3aa8a9ab438769dcfd3402 |
| SHA1 | e8575a227887ff3b8b27b2e2192f278b96dbbda5 |
| SHA256 | 88748c8b94f9ee7d06e70d3cb449c691fc8706c42490c34f7f1f69993daca7f5 |
| SHA512 | 9e6b86d3df1684ab174bdd7cfae5006373f5acec3795ef65857749c2c6014f4dd2daeabfb9719626acfc3b59faa61bc2aef9bbd8e10728f9ca9a1ec5bea16804 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 681972365a3ede68da0dd6051b849761 |
| SHA1 | b8b8bbd61120f7f47c202d990f33a632704cf85a |
| SHA256 | 674c26324b0691fa1d12d2d879f65e9c0d7455385e9152305a6d59a8c2910ab8 |
| SHA512 | da3beb8a07c945eac099eaf706adcd75416dc53fac6333d6847c6091fe5616af9d6832076caaabff541b67197157d6c90935c90d481bdd0d96130a07895ae2f7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 78753acf07e7a68684aabeced0726406 |
| SHA1 | 59f58354a5efaaadebbb9b57fa17267f3bb66254 |
| SHA256 | e02ad20d52a99f176ac9969c50a7f8e8b43433d8487d1cc24b79de38e1d80ae3 |
| SHA512 | 7d5a28a072c90225f8c855d4bd6972597afccc3aeb08ec40e03ce996e8b0f2311450092e398f158c6a662dc2d7a0611585e544c75df4d30c8cf4ce327fd009eb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 436fdc59b3c825dca192c8cb8107935e |
| SHA1 | ab73bad8f9cde1a00f7de93ae25bfbf7f0805139 |
| SHA256 | 330c7423ba838e35729dedecd650ffcb528afcc7b27856303f50cd78fbd0d36c |
| SHA512 | 6a4434f54cc7582042151b7dd7ea033810c4ff99190924db2462a89151340796fb296fc25c349165d492c314cc10962bb720a79434837b06ec4ce5f9df10ff92 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c6a4b6d46c83eda5d2a4a9226de3edf3 |
| SHA1 | 2c190084934e68bd317809a3dd41e5fd869a55e6 |
| SHA256 | 7d73bb6c2369db0d30b4dec9b5e5d660a689caf82642417cc9ade11642ee8ab9 |
| SHA512 | 86a0bc79db27d8101c362443b419ef232401011b83f6c9fb5517b5771ee35bdd026e04e5e4ea60beed251974525432f6b91f9a5a0ca0a7ca7ae11dcb81c11536 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 76ce95793ce87c103cc502110c051ed8 |
| SHA1 | 905235a1526a1e0154c41b69f023832b3e47e1f9 |
| SHA256 | 4bc0d5f03b292674072381b7d851c7f122b5857091dd4c37f8447821b4ab95ef |
| SHA512 | ba64cf9652cc66245ef1c419a38a4f58274540b3a397068bcf975aa74a62c09bbf1f6e7760fce5653878c03910c78464702f61d4579ea604d4d92a51b1e1396d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3007aba33679a459176973100eb93077 |
| SHA1 | bbe8a4557719db4dee79064355bf9b54e9dd46c9 |
| SHA256 | 24833f7d71610f1342a5f8f7b68ca9cc2555e4b257c21f90c65547aa3cd1b4a2 |
| SHA512 | deb2d4e0a43ec1c1dd442109a14a436656ca4b0e413179f2dc5547d87bc85656284655e3495c6adc8f7880ff0af3fea037b67b03997014b994abfbece5217898 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 486b59adb398128ecb8ed5442ace3aac |
| SHA1 | 17bd1526ad856c71b7bfcb6f77341914802b732f |
| SHA256 | b85bbbe88d35b821769ae51bccb02c98c9c6302d654c3dd1bee32c6d25fb6ad1 |
| SHA512 | 5136a9c027fa2380b613ae19100e11e342b922d3548e0af3b3d90d690cfdc8e159188c8610a91004694270e3af2d35f0ff274423b58b31eecf669b4e5fb46702 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bf826c6e11e8210331e15acb61aa535d |
| SHA1 | a785a740b6f9dca84733e4399ab5ce84f9792fab |
| SHA256 | b077509f3e7b221b5164dacd1f595af48d21916457d1551d3d9980793b09ab07 |
| SHA512 | 6a4d7d3ffbfa060407ef2f0a55d0d43976700dab10d47c24a37bad52df240e58011ec231ddc11bee5f7a09b98e2db2928e8bcf0efca6da309348bd855d3fb560 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 1607f5cc3d11a6229c5e5bc251b4245f |
| SHA1 | 8d4b41c9d1ac1b0039ca887c2757e0f714e20e76 |
| SHA256 | 3819849a9010c50c880e351a6dbaea95a6dd15f9dba6bc2fde8d049c24156486 |
| SHA512 | bb0b9d245ffc7d4c349450e198d1f620e2daf0bfca1713bebe1dd0b377eea99b6d922f9809e7e91048012fb87adbf3be2b699b4ec90f3d87b3f8fc4094ad4a5a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 08ceea71d9bb5921f7e60deee5b2b97e |
| SHA1 | c66add23f424f49f016b9f15b799f3d8ed9a6750 |
| SHA256 | f1e5848e7521b663200e91daf77fc414e0415740afd4b140dbae621c4a806f05 |
| SHA512 | 9e4f1f1eaa4910f76777ad1368d4c87318411e3b9dd93237c53664499c361f08549aa06d1033581975662b4aa7b1daae14bacd969da880ce14a12ab99614b705 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bd99b41df488aba5bca3349aa2b08688 |
| SHA1 | 7012ad91ae17587942280c002aae4d4dc5806af9 |
| SHA256 | f5b51a0d771ca7f4f93d3a9a1e98ec6a39a89a8daac406ebc3ed348781b5ee32 |
| SHA512 | e46f4404bf985039ade083eb2f175e5d9a11eee6070d75d1859db6b3f19fb9252d8f06e0d37bb1b3bd9901896219a8d18fea631087cc68c48bc4da9db764f273 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1e520007f24b79fe2b39c741aaf033f7 |
| SHA1 | 5dbb3a8b94c70b73bf731b257eda1cf4a66a1383 |
| SHA256 | e889e4525c894180b6a01c6532403ae4fd38070daf84c4ac50faf7daed3908e2 |
| SHA512 | 3c5798bb98053080b349468d2a47f7c6151e3626f3e6bcb661b9a8b7d0ba60c4b5eb7579d1499bde544e49a3e790c77e23bb4ac5b3eb40146797af213e5056b9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 038444f5901c63c2e47a3085db2d9929 |
| SHA1 | 40e77fb8c5b1a0920d4137a46de4269f760e53a3 |
| SHA256 | 73e5b1729da344df1767a14630d9e6ad925fdbedd4d864b686e3e4d8b33ce596 |
| SHA512 | 0c8761951fc4be27bf47e4c45500f86d066d299661a7631ca8647bb826ceb656179f02886b6b5104943195cff71d4ca3c877371611467504283d0f46e5b2bed9 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-12-10 04:09
Reported
2024-12-10 04:12
Platform
win10v2004-20241007-en
Max time kernel
145s
Max time network
142s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\dcf0ef79e950cc6279f7cdccdb336395_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc0c8446f8,0x7ffc0c844708,0x7ffc0c844718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,6701125404099200203,4332912267230886066,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,6701125404099200203,4332912267230886066,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,6701125404099200203,4332912267230886066,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,6701125404099200203,4332912267230886066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,6701125404099200203,4332912267230886066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,6701125404099200203,4332912267230886066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,6701125404099200203,4332912267230886066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4200 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,6701125404099200203,4332912267230886066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1708 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,6701125404099200203,4332912267230886066,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5652 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,6701125404099200203,4332912267230886066,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5652 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,6701125404099200203,4332912267230886066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,6701125404099200203,4332912267230886066,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,6701125404099200203,4332912267230886066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,6701125404099200203,4332912267230886066,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4144 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,6701125404099200203,4332912267230886066,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5728 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | ads.lfstmedia.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | blogger-plugins.googlecode.com | udp |
| US | 8.8.8.8:53 | bit.ly | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| NL | 108.177.96.82:80 | blogger-plugins.googlecode.com | tcp |
| GB | 216.58.212.234:80 | ajax.googleapis.com | tcp |
| US | 67.199.248.10:80 | bit.ly | tcp |
| GB | 142.250.178.14:443 | apis.google.com | tcp |
| GB | 142.250.179.233:443 | www.blogger.com | tcp |
| DE | 116.202.166.13:445 | ads.lfstmedia.com | tcp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| GB | 142.250.179.233:443 | www.blogger.com | udp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| GB | 142.250.178.14:443 | apis.google.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | img2.blogblog.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | img1.blogblog.com | udp |
| GB | 142.250.179.233:443 | img1.blogblog.com | tcp |
| GB | 172.217.16.225:80 | 2.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 2.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.179.233:443 | img1.blogblog.com | tcp |
| GB | 142.250.179.233:443 | img1.blogblog.com | tcp |
| GB | 142.250.179.233:443 | img1.blogblog.com | tcp |
| GB | 142.250.179.233:443 | img1.blogblog.com | tcp |
| GB | 172.217.16.225:80 | 2.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 2.bp.blogspot.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 8.8.8.8:53 | 0.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.248.199.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.96.177.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.179.139.118.in-addr.arpa | udp |
| GB | 142.250.179.233:443 | img1.blogblog.com | udp |
| US | 8.8.8.8:53 | ads.lfstmedia.com | udp |
| DE | 23.88.74.40:445 | ads.lfstmedia.com | tcp |
| DE | 116.202.166.16:445 | ads.lfstmedia.com | tcp |
| DE | 116.202.166.18:445 | ads.lfstmedia.com | tcp |
| DE | 116.202.166.13:139 | ads.lfstmedia.com | tcp |
| GB | 142.250.200.2:445 | pagead2.googlesyndication.com | tcp |
| GB | 142.250.200.2:139 | pagead2.googlesyndication.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | themes.googleusercontent.com | udp |
| GB | 142.250.200.33:445 | themes.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | themes.googleusercontent.com | udp |
| GB | 142.250.200.33:139 | themes.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| IE | 31.13.73.22:445 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| IE | 31.13.73.22:139 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.blogblog.com | udp |
| GB | 142.250.179.233:445 | www.blogblog.com | tcp |
| US | 8.8.8.8:53 | www.blogblog.com | udp |
| US | 8.8.8.8:53 | ads.lfstmedia.com | udp |
| DE | 23.88.74.40:445 | ads.lfstmedia.com | tcp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ads.lfstmedia.com | udp |
| DE | 116.202.166.13:445 | ads.lfstmedia.com | tcp |
| DE | 116.202.166.16:445 | ads.lfstmedia.com | tcp |
| DE | 116.202.166.18:445 | ads.lfstmedia.com | tcp |
| DE | 116.202.166.16:139 | ads.lfstmedia.com | tcp |
| GB | 142.250.179.233:443 | www.blogblog.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 157.240.221.35:80 | www.facebook.com | tcp |
| GB | 157.240.221.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | trollites.blogspot.com | udp |
| GB | 172.217.16.225:80 | trollites.blogspot.com | tcp |
| US | 8.8.8.8:53 | 35.221.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 36988ca14952e1848e81a959880ea217 |
| SHA1 | a0482ef725657760502c2d1a5abe0bb37aebaadb |
| SHA256 | d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6 |
| SHA512 | d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | fab8d8d865e33fe195732aa7dcb91c30 |
| SHA1 | 2637e832f38acc70af3e511f5eba80fbd7461f2c |
| SHA256 | 1b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea |
| SHA512 | 39a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43 |
\??\pipe\LOCAL\crashpad_3252_QZGCDTWQUYQJUFUA
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f6fddf1b83d90a1117e4ec0c43857298 |
| SHA1 | b35a6b16b20ae10e2c292a86d26ced07a2322bde |
| SHA256 | 0c26a9928881bfd00bd6fd7fc939f01f6f93d24197c0343e38b0bb53178454eb |
| SHA512 | aa0463ba13f54a71b2101b2ef07fc9706bea57fadf7a8b0892df074b26b15c18469e88ad80c99209d31a5d9883ac24f12039e5ccf6c2bb2f9252cc824a6641ff |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 84508c2308e3dfff78e9e1d434509656 |
| SHA1 | 63a04b4510c414db58a1b142bd6040eed857b013 |
| SHA256 | 8ac1df98d4205759b950b6b0ef863ce90b70493c8d96d83d8452969d141d1460 |
| SHA512 | 4da2672cdab3dcfcbb92c2daad05524553c73b686ec266fbca5a6c2dad0f1863f166e211efcd33cddd903dc59b3bdc07ec44c4cd00f4ca606f48e498bb71a03d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 528b2d86a5f37775cc983adeff8f35af |
| SHA1 | d867fd2e991ead7bf4cf16581b2f6a817d114bc2 |
| SHA256 | 0b7ad3bc66c29f3b4de947e8e94bba35d5f2da8ff1865e02f2540ae1db47eaa9 |
| SHA512 | 55ebd048b26cb16d3d24e7f1462a727b6c7ec261dbdac1f94c07a73624e2e10214d42b97fe43002f7b9ca871011a6f7eaa4e241a1de5384dce85988378cfac3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | ffe5bef5172b07b881f9a83d3a5789d7 |
| SHA1 | 0e79f135854aac9c375a5961ad97bf68ea17d8a2 |
| SHA256 | 9cec892fc805e4aea6108175826f37067d438d985b9eaf5433ba568867e5c0ec |
| SHA512 | 08c30b96c8360bab394bbb5ad59b25cea5cc67713dd7282b7af53c97d5fcda384a6abd0b8cc88063415fc41257e6570ec8fb9f8970fe7daa71aac57a9ee1aaba |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 167489f20f2eb5873230d3f346f97d9f |
| SHA1 | b0820f1783ac90dbb1404ef8b232d63f237b1a69 |
| SHA256 | a244142b50508375606cb47f03a0cbddbe82cd37d2a24aa1d833d14e90846ff4 |
| SHA512 | 7e5b3a085e8d047db806d33d018c13a143c56cc07c89f5b4b9e764dbf71a09318fd03d8d1f352856595f4d66fe420f7a71debbb7d4c72dcc81b2f6b04b2bfbac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 19e1e126e332b5cf60d5f46caffad274 |
| SHA1 | 96afefad4e9e0fe8e62d1b9781f6ceea2fc0e8ef |
| SHA256 | c5097841790839af63c28d4d9e30afa475e6df2b6aa0f0a6b48c626ac024995a |
| SHA512 | ee5e2b05882cf9482eaeb74293144bd7fa055f0836640ff069d1bd17c32ae04d214cf276f819c4aa8c359a81b9436d982a85c85e88272d31014719644fb7b668 |