Analysis Overview
SHA256
66bb3e6aa47f333025f100565d524a3692d6d33b55d1bed2d0ca5a7896ecc857
Threat Level: Known bad
The file fc7cc2af2d147765c4d96d10147cf979_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
SocGholish
Socgholish family
System Location Discovery: System Language Discovery
Browser Information Discovery
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-12-18 17:35
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-12-18 17:35
Reported
2024-12-18 17:38
Platform
win7-20241010-en
Max time kernel
145s
Max time network
150s
Command Line
Signatures
SocGholish
Socgholish family
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 201208567351db01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "440705200" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004ecf3e4259aa05419b9c0951a15b131900000000020000000000106600000001000020000000ec3ec1fcd8148b457a62608c73b8e9097b9744cbf08d3664fae6ae4a72249f0d000000000e800000000200002000000017ea4c4771c1f481b84135cc0a357fa6edba5025f0474f1cb75a64513b5699be20000000898a9058318dfda2a866cff490cd31e1fe7d7b36a432173866d0e79cfb4f749d40000000eab796a6140a71b464997e4dbcf3b89d7bda9addc43f1f4b11cf2b34a9b6fba2f4786cb73cf7b505d29b83c177d2fd0e257ea2c624cc5852c55f2fc5666b69d7 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{79EAFD61-BD66-11EF-BE2D-CA3CF52169FD} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004ecf3e4259aa05419b9c0951a15b131900000000020000000000106600000001000020000000ae04beead88002de60303ed7fcd1339eee6b647dded5e8cc09cdc749dff1c209000000000e800000000200002000000088dc0534deccaa11de34ccfa947c89269e611e5fe074b7360509d1a6939147ed90000000dd0d689caaef3be836c95a7007a08f74e890bc073ab3570a621fd9277488b2cbb40c749d767bb3caef3e69deac81a962d68172f5282edb753d3d105c0b53f01a53d873345f50897e34ec3a6fa92ada0062438b9b626b76092af586f0e6b738a11f5be8149ac039182c6ba7115d5f6d6926291172371009407e90f034834ed7a8e84dad35dd752e30fbd47483fac7af9040000000ed010116fc2648eb29207369d827aab3a7223c3ef31aa508a0c531efc88f12a7db72497a3a735f74161cc7ba68b7aefbb02f6944a1a92449fb05248e993eae48 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 844 wrote to memory of 2784 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 844 wrote to memory of 2784 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 844 wrote to memory of 2784 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 844 wrote to memory of 2784 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\fc7cc2af2d147765c4d96d10147cf979_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:844 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | stats.topofblogs.com | udp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| US | 8.8.8.8:53 | vintagegent.com | udp |
| US | 8.8.8.8:53 | d5pfnesb3enry.cloudfront.net | udp |
| US | 8.8.8.8:53 | izearanks.com | udp |
| US | 8.8.8.8:53 | twitbuttons.com | udp |
| FR | 18.245.173.191:443 | d5pfnesb3enry.cloudfront.net | tcp |
| FR | 18.245.173.191:443 | d5pfnesb3enry.cloudfront.net | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| DE | 159.69.42.212:80 | stats.topofblogs.com | tcp |
| DE | 159.69.42.212:80 | stats.topofblogs.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 34.205.242.146:80 | vintagegent.com | tcp |
| US | 34.205.242.146:80 | vintagegent.com | tcp |
| US | 34.205.242.146:80 | vintagegent.com | tcp |
| US | 8.8.8.8:53 | www.hugedomains.com | udp |
| US | 104.26.7.37:443 | www.hugedomains.com | tcp |
| US | 104.26.7.37:443 | www.hugedomains.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| FR | 142.250.179.67:80 | c.pki.goog | tcp |
| FR | 142.250.179.67:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | cafelum.ru | udp |
| FR | 142.250.179.110:80 | www.google-analytics.com | tcp |
| FR | 142.250.179.110:80 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | twitbuttons.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 23.192.22.93:80 | www.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab3247.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar328A.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 303f08992e25ab5999158c9ef600fdeb |
| SHA1 | 52bdc53f9877753810d254cdf9516ddcb45b211d |
| SHA256 | a2a02aa3f9ca40360b8d4b601905f3775b821bb2d27fe5be271ac794079fc1b0 |
| SHA512 | 6c11d70bf1103031e057c46375c4f720e03fa28921b6b16ebed37e3407008369a40db7bb1fa69e75187c1a42fe5f6114128e38e79aea1fa06eaa1c0e447fd66c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
| MD5 | 6d428d80606aae10cacd866dd96aa0e3 |
| SHA1 | 7984839066948f0f8f88d664f9c26d189b2da192 |
| SHA256 | 26583311b8f65a82358c6f8906806400d038e11fd5d03299587de1e7fe75e590 |
| SHA512 | 963b5c338eaea037e0c51a44006ca7c94839f40af9e338647b43342ca6de339d46c6f8cef18a53805b636a1e230e88a2dd8eb65d1be7345c7915685c04f3cba7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
| MD5 | 55540a230bdab55187a841cfe1aa1545 |
| SHA1 | 363e4734f757bdeb89868efe94907774a327695e |
| SHA256 | d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb |
| SHA512 | c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bcb2ba9c9dd7964ab4b4d14b578b214e |
| SHA1 | d28f9292d4e13e96980aa166828b47d06ad34c37 |
| SHA256 | 3135b2177ccac8691620b5dbfeb64d2f3a50e2e62960f54c518fbb4569acabed |
| SHA512 | 6416135b803c9d6d32b0b6f5e6dccc872baf7fa4895aaa7b596fb36f6dd60b2573a6fe9f8800d14bc163a23efa0d9a174fb6ad286de4afa0bbab7aa0c4a5dbe1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 56dfb4df1f2d8c0b23d474a8ef0b0821 |
| SHA1 | 7e88fe9584d6b786ed1f8071d98b980bfaa23e06 |
| SHA256 | 53cfe54fabdc8e03a6809b1098b63da58c3423937233c3e6010dd00a6caef288 |
| SHA512 | ca5d228a19a6883427da81f23c78d18225877aa9d5426fb5d8d14ff422f3c99a01a08e26693a5f8d826e45fd388ad64c8f580d1b32561a6bcee5d3e672332aa6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 22ed0dd0edbbbe91f315507dbdb1bf20 |
| SHA1 | 51d79d6e1587235ae1f62a6e23a407d48bfad4b5 |
| SHA256 | 22195f069f2edefbbbe3a13e89a5fbd1de5e856c1498a43014299e5250b3cadd |
| SHA512 | 08b771e5175c1e6ce309fa4190f400bb9c171891c82aad705daba9502914d746483007c637303da0fbdd6632be6984658980a940f79e8d51e7ae07c904052490 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f7390702682f110a098ed739d516d3dd |
| SHA1 | b82a89c33c70265fd695de321bc00f1dd6c8353a |
| SHA256 | 26fc02e65b4ab0a2dfc744a0df98a896cf71b7e1ced121fdfc8031c59823043e |
| SHA512 | 4912bd42fcf6a48823e6152fe61d161449f7cc2732812be4f15f7c53c3f35b9584b71ef9ec687cd3d4fa1189eb6e46ccc1890891788f9f5530ae099a6f7b9f61 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 90aa957039400aeb72b34476f6862223 |
| SHA1 | 6bf6b09f6a399f92dd3bed17b8a3cb8172e9024f |
| SHA256 | 406121e6351cce25a0e6bbc2972a62213d40aaee6a7bcc29451877ae285f8d97 |
| SHA512 | 8bd46481065a8834bde6d8fdb8e42b925329ccb5e5ff31ed07787896c34cb08f24690d8724b0a4bb0b8ebe37c0b33099aee9544f7ea6a80d4cfd1c54d12c379e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f787eb86feca04e2df81ae1acf2726de |
| SHA1 | 3e17db7305cd16b76436ee78861f556915aa590f |
| SHA256 | 217342583bacafa51fdeca6b67154adc95a129cd9b713e6839f5bb788ff32796 |
| SHA512 | 271645da5f241b97363a37120349a5bb61f869e60d5860b5c2aac46ccc504d7ba3846860526a07259000f7b43fa1f4460549d55ab284f80391ba5a5b9fd6fd21 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 362d114c0cc5ae43428a2f9a2c9200f0 |
| SHA1 | 65e8530fdaa77957b6e6c6eda9b80a3bd4b8c163 |
| SHA256 | c6a6ac29e983db56c7712ca0bd532ed3eed2bf1f618308ec419f7bd46a12f8e0 |
| SHA512 | 23dc046387ac8fa1442435c40888b888495954136dfe6523232eab897e4baf3c24010e7eef43f53419445dd6fbc6bc42363e69927dd0b3ad41dfa50ae0775b53 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f2576c189501f767177a33e36bf4014d |
| SHA1 | 47ef35028036ae77af5a70b9f27800395dea2a60 |
| SHA256 | c769b964a059575ed382adaa83257268192517ad16162cedae2a7615c2cf5992 |
| SHA512 | 28902d8191e17f4041938912700d0dda26ad58828245066286763e373119295d3f3648d13ddf419d1c526b1fbd28bf4e7d022f9edb64401f8d54ee32e0984c37 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4e881522ba5bed84755025d76faafc10 |
| SHA1 | 304ff40bd6609f8bd63c57870e504ce7222e71fb |
| SHA256 | a3d24d21185b50b9bdb8249938c2e40d0ec8d45e6963a5fede51f3a9a720b37e |
| SHA512 | 630685e49a5cdbb6da8fa072ce98f9a5a317ca055983a0741773001e78a9dbfa57844ffba2a5e225c850f98dfd9af8bc05bbb7e98e789b943f082406e6673801 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 731d9079545cb697694f04139cc2194c |
| SHA1 | ec8144938ed638391a1011e0460fde53504a191e |
| SHA256 | 43de7ca3fc48c0877fad4f7ac050c717956664877fdddc03efd0611a83d2cef3 |
| SHA512 | 5b746150056357d06b8c5a6a460bfb00e5aa8ddc4c4e0415edea6166f28dc8b2bcc30817e87d8e781e45acaacf816a7c2b730cabb07fe7fb8f14764fbbd11872 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ed9ed62a67af96a0e3d2d906a29c110d |
| SHA1 | 18b8694540d9cbfd1cb296f24bc148fce87678fd |
| SHA256 | 751c22fc725b3dec32e147099be4a8fc39bacc15e75831fe4a02249ba197118a |
| SHA512 | 9285a84af8d9a7727a2a87c0efbf85a23506fd3312e6ad6ae880c3c80d4d23a39dfad705d93856e6748a6b96abfb01cb82de011c1106ee58d9ec0a591ebd7282 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fb63345c0af273b507670a4b55dd5d53 |
| SHA1 | f2741374cecbbce4fedc1fb820c8b032232ec0d7 |
| SHA256 | 68e3b51869a5847ac6ddd466ffe35d015440aa30a104c96396b11c6f4ea91120 |
| SHA512 | 9d6485b99615df0d2074899bde0a3419280ba8f2661df9617ce92ad60958379b9923c07dd9e07fc2d77bc8fa42446aa881b69734a0ce120689d431516770b09c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 90a12cf4e108a177630f930229cac4d3 |
| SHA1 | 21e8d818bd988d56894bfad66f35e7f79555dde9 |
| SHA256 | 899d0acf7e7e870dbdcb3c0c01fb6abbcff0809ad24f8b13f3298a8ff1cae137 |
| SHA512 | b4ca320af200756ce4fc84a72edd93c1cdcae5ff89e1e1b996db41ab63581077adbc590c5a939c8f50f98bfb9763b374bca90dde87584995f566035a47fa9273 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a469a2251b60061b7d72a7566564cfaf |
| SHA1 | 3360f130d6369acafd09ec79ce0a2cf109811432 |
| SHA256 | 3230d587e24f5de8a2be1d233217107198afb6ea06e2b24f87c8cc6deb0b68db |
| SHA512 | 05860853d97e56d1e7b5885169c72547667f64742640cc4ee9c67d66c57c150dfa9a58c1b60c8796b455714dc5ad2041f4f8a33de142456254aca582cfb5c503 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a5bbff76d05088549644d7fc468108ee |
| SHA1 | c634944e38b3fdf2b1ec602b279aee51d8211433 |
| SHA256 | c25a017b31a0dbf89ed76c3678135cc52ab1c727524007bdbb851d2a3f81f617 |
| SHA512 | 95210a2e85229a846e506af17179b2cf053892e896c6261073f6a0dbe7141778eb5998f96d9b1eca5f800ee279d79a2de492d7d419793fdeef78aa6e17784725 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 0d9d78c4c78f8328e1b47e7722506d2b |
| SHA1 | 931375f2139466a8768916a608e2067eb45c5ad9 |
| SHA256 | 0fa6f738da0156f48cda445a9ed6e399718b60ed72da693a9490f7f0d9273dd4 |
| SHA512 | e7f93f92ab0b3b1ccdbd4a978e4c4d61db5d02f11dfe5dc54803121ca3d1e498a9585427dd2c4bbf7520b381b01af7d253f2ad9156c1d2f77a63bf6589e931ac |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c8ddb903951d2edfebdd4940935e6323 |
| SHA1 | fc85522acd719e3d9ee3d47aff29884a295eea81 |
| SHA256 | c79a5c6b1da949ca14ffba73b880907ac7cc6d36b68f3e14cc639fa859bb386d |
| SHA512 | ad3913637ed23042999960f15145f7640a859a5462d3f039b8a92e011026b01a69e8eda0dcc8b80ba226ec234aa33bde8dcb937db5105fb9e7b6a052a21dc037 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c7896d55755270130ee7b6c5b8724b75 |
| SHA1 | db5f61779f51240040b5c476d0310e872d91b811 |
| SHA256 | f7ddeef071320af37d2fe81a907fcaf577d7686cf98c07eb305f3ac652fdf065 |
| SHA512 | e7e058202202eb99af1f44165f8110d9a79cb02ffdbc5459e9dc9d63572f52da364b0f869cf54e112d734e02418a28c4aab52c6757ab9286940047ca26b730c3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b0ed088f1f095889a20f3a1dd2f8bbdd |
| SHA1 | 326893d515f853302775947e68f2ebbaa1ebff7c |
| SHA256 | 9b7c47e47240f0454b42fa46f9b547d0af44070d4ee1fa4131ba61a164da0db1 |
| SHA512 | 67ede1c7979316066747337bae0424db991c03b8a32f95f1ef0e8d708c066a3b637490087163891415ad5799648ad3795ea4f53dc65afd4f6c2e5697ae60a08a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bc96295f314a661f1057a8b881dcebc4 |
| SHA1 | 8b401ea8eedd551ef884e535f5460a8d82176950 |
| SHA256 | 8fdef4bd33a9ee38056f153684025b8368826a0ad1668268f9a23ff60b5963c1 |
| SHA512 | 266ba65c146f331b2a2b9dc5504a6d8b5c6d25324de88ddd297fed58aad11b3c6fe88a9840a911cbc33924b8a5a1c8eeb47c58902b0a1079ed8792ec62bcc1e8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f32e0f1f65554c6d847e21b681f6a8fe |
| SHA1 | 7f92d50ff6dcac54f82efe7ad9dc9e3b86341c4f |
| SHA256 | 086d7c63f37bb74cf3cfb7c6c0ec3e6e302c784b3f4ef4bf77f4cf477f24b4bd |
| SHA512 | e0b87e292db28e17be6d5a9d3f4177c6e46796165f68a50575e80b6e6d508e135c96ded24f795e25e074f96f96cc00dd7317604c753be28f79eac0da5e64217a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 47ed6ece3b21327435a2105a768fe6e5 |
| SHA1 | bfe6645d5319fbc1c543b796192e4f0308ec93be |
| SHA256 | 69a366cee2ab38dd32082b0b807a543e85109ca97b92e3c2ebf72c2eb57fa0de |
| SHA512 | 18b0e488c9a3e6ff6ad4395933973ecb4ef3593bba6f0d3b6fb5d615d2fbd63bb3a9471e12cc8e7fb4ae350d2903c15fa997d94612ed14063ef6d41b7665daa7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | caac500d3d3439be4ca97b7def0eab98 |
| SHA1 | a48bd693b2457356d2982bd2c74136f478f43466 |
| SHA256 | 361e1b310dc4f059199366b35186a0964a8163228d049c4bebf97bcb450fe6c5 |
| SHA512 | bf1a84ec7b41308a0d3342a9fce1beb4c865a4660e1f1feb6a928b9c31dbd1ca7084dca19621c4fc3615d03f4c109038dc30724676a9ac55aea11e6257379717 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ffb445f739c2a8a1da8d138a5a9c6125 |
| SHA1 | 5b457b96680cd52b87a45eff34f7a98dff3af1b4 |
| SHA256 | 641aabdd546fea420128d829f8f26428a40f4a00559ec5f6e93c4ee4daf4bfb5 |
| SHA512 | cbe49974ed5b86eb0d590f24d81360222f7ebabe00df071ffe005e68dcf487b90094f28219e21a0833eb518c779a4013870e1ddd9a89b8fb681421d820b073b2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 368f77b438da5e53226582d73f5f3ab9 |
| SHA1 | 57383dbeba9e9be38c795566638e63f7260a0c3c |
| SHA256 | d6dfe6674cf97d046d4aeb9c1f48b27325dcffa1004363d3a4f595385a8adbd2 |
| SHA512 | 4f32cc69b51c1689d5fc6e9e16f479055141c4f0ad3c60afd298261fec3f15e9a3922d944bf8ef2aa21284241de118c0209bc78a3b84576581f05fc5b36979bb |
Analysis: behavioral2
Detonation Overview
Submitted
2024-12-18 17:35
Reported
2024-12-18 17:38
Platform
win10v2004-20241007-en
Max time kernel
150s
Max time network
142s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\fc7cc2af2d147765c4d96d10147cf979_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcd55e46f8,0x7ffcd55e4708,0x7ffcd55e4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,9124435051493493500,14473350465236062380,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,9124435051493493500,14473350465236062380,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,9124435051493493500,14473350465236062380,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2672 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,9124435051493493500,14473350465236062380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,9124435051493493500,14473350465236062380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,9124435051493493500,14473350465236062380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,9124435051493493500,14473350465236062380,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5864 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,9124435051493493500,14473350465236062380,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5864 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,9124435051493493500,14473350465236062380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,9124435051493493500,14473350465236062380,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,9124435051493493500,14473350465236062380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4056 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,9124435051493493500,14473350465236062380,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4136 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,9124435051493493500,14473350465236062380,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2232 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | vintagegent.com | udp |
| US | 8.8.8.8:53 | d5pfnesb3enry.cloudfront.net | udp |
| US | 8.8.8.8:53 | izearanks.com | udp |
| US | 8.8.8.8:53 | assets.pinterest.com | udp |
| FR | 18.245.173.128:443 | d5pfnesb3enry.cloudfront.net | tcp |
| GB | 184.26.132.239:445 | assets.pinterest.com | tcp |
| US | 3.140.13.188:80 | vintagegent.com | tcp |
| US | 8.8.8.8:53 | www.hugedomains.com | udp |
| US | 104.26.7.37:443 | www.hugedomains.com | tcp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | cafelum.ru | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 3.140.13.188:80 | vintagegent.com | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 128.173.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.201.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 188.13.140.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.7.26.104.in-addr.arpa | udp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 8.8.8.8:53 | twitbuttons.com | udp |
| US | 8.8.8.8:53 | stats.topofblogs.com | udp |
| DE | 168.119.245.137:80 | stats.topofblogs.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| FR | 142.250.179.110:80 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | assets.pinterest.com | udp |
| GB | 2.18.108.188:139 | assets.pinterest.com | tcp |
| US | 8.8.8.8:53 | 30.179.139.118.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.245.119.168.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.179.250.142.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.204.76.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 36988ca14952e1848e81a959880ea217 |
| SHA1 | a0482ef725657760502c2d1a5abe0bb37aebaadb |
| SHA256 | d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6 |
| SHA512 | d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173 |
\??\pipe\LOCAL\crashpad_4972_SKIBTFKBABANIFSA
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | fab8d8d865e33fe195732aa7dcb91c30 |
| SHA1 | 2637e832f38acc70af3e511f5eba80fbd7461f2c |
| SHA256 | 1b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea |
| SHA512 | 39a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f714c34bf78463fea627f8e18b640f1b |
| SHA1 | 1652ef226f4e856d70bd28456c0c40f0e2ceb73e |
| SHA256 | 354481660bdf6a6d01ad0c58df58776267a6c23f724b872a78fdd9bf6bba57a9 |
| SHA512 | d01e1792b55668371986a068a260ec9870eb82b81be1fe47ad303a4c71570d9d4733fc2d0246b88ca6aa07400022aa2d46cdd233c708c41d5d3d55c51571e72a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | e9a5f79d5cfb9d20211fb657f215b1d6 |
| SHA1 | edb731e64985dd53b2e159ea71f5a0c7000297c9 |
| SHA256 | 446a004b96d92f9d9ae25a9578f5ec2d10c7a652398baa0a922ef10e1637f7e6 |
| SHA512 | 97bd9b0172f8bd978049df6a1cf7bde637f0e51cc6699934020b23964bd840c2d33ab64d0b8974a7762604db78560398d3888bd2e31c0bec427c779b9ad80859 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 722925da32bd7ef00a002fa1b83c2757 |
| SHA1 | d1012b5d1fe7308bbe337e3b0046052f2fe32c47 |
| SHA256 | 70c9221ac5db937a7cdf6d8a1034d350b19ca11c21b6ad06910f6acba1272b25 |
| SHA512 | cd0691af46720f49b4fb78f9a129369dd7a674a178c77216240833067533b0428fac3e8b5d25768d89796a413504c5da439f49813eefe2777aae0b8bbd6f6373 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 11456d322e261516459e32c025430320 |
| SHA1 | 2c56279a4d699339066d05cd9ee04e9b2439b6d1 |
| SHA256 | 31abcca8bbb2bd99e03d2a290b6b47ad49de633c97f2a71231db68c346b113cf |
| SHA512 | 076e884941168f1fa487c9493ae3bc691b94786fc3d365d88637c6f7c579e4c96ab95be503a76622fb73963d05aa6f004f420dedd25e0ebe738f5f06f902f647 |