Analysis Overview
SHA256
b41c2a0a8a08630b3f028bf888180377ab6f2e2eea8806b989ecf3f77c162c2e
Threat Level: Known bad
The file JaffaCakes118_4832dddaac75cfc4054fa0b47034c330 was found to be: Known bad.
Malicious Activity Summary
SocGholish
Socgholish family
Browser Information Discovery
System Location Discovery: System Language Discovery
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2025-01-01 05:06
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2025-01-01 05:06
Reported
2025-01-01 05:08
Platform
win7-20240903-en
Max time kernel
143s
Max time network
145s
Command Line
Signatures
SocGholish
Socgholish family
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d06e41f00a5cdb01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1A90E211-C7FE-11EF-969B-D60C98DC526F} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003a2fd8b30780c646a42601bc331d51ab0000000002000000000010660000000100002000000023860948d07c03a7fad2139658ce6098ca6564d29b3004414454266646f72f07000000000e8000000002000020000000f9651dcffd8fefe0ed0e975bf944b82ea6cf8771a7f8c0c31ea5e15e0bece84220000000b7289627e37edadee911ff010777b4720b854db8e6b2f616eae104be751a5faf4000000025426aa085e65404288eb2e01d2e60490c9eaa2dc6f2eba1a8810d1f4203abb0e8d3dbe00d9e3188396ce3440949c8c98ba424ab559d75c836d0827879544caf | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003a2fd8b30780c646a42601bc331d51ab00000000020000000000106600000001000020000000a2a90a48823722fe7e7509508dbfe33a4eb37454f93666051b358e27c412ed53000000000e80000000020000200000005a00971ac140beb9d4c5ade66484ad10484da7f18106f821d7ed60558d289d5a90000000eba38fdebe91708e1b347d5a7436574e7039e24a781ce3374860e755b9b7a1dd9d8ee959ea459eed4b0653eacc54841e8e96f09d929d545834a3d782f2bb2e928b7e44a5eae958af52b247b1aa04bff5176d63a97c0994231b822f84d6cf4f982bd1b8ee7d8429ac3cc64026b5bf392d38cf387b181adcd8cd79ed0a86cf20e1ca8baf26bbbf6c12649a5f8627c5eb1340000000c80018124fa11604d9273709f28649173d7f408193fca8e134e4df48490c24a66cdac37c0e7fca0b86e36b00936796e00fb9c0b40ab474a63c7d83d6979fc40b | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "441869833" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2420 wrote to memory of 2796 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2420 wrote to memory of 2796 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2420 wrote to memory of 2796 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2420 wrote to memory of 2796 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4832dddaac75cfc4054fa0b47034c330.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2420 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | w.sharethis.com | udp |
| US | 8.8.8.8:53 | yourjavascript.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | img1.blogblog.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | scr.kliksaya.com | udp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| US | 76.223.54.146:80 | yourjavascript.com | tcp |
| US | 76.223.54.146:80 | yourjavascript.com | tcp |
| FR | 18.164.52.90:80 | w.sharethis.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| FR | 18.164.52.90:80 | w.sharethis.com | tcp |
| FR | 142.250.179.78:443 | apis.google.com | tcp |
| FR | 142.250.179.78:443 | apis.google.com | tcp |
| FR | 216.58.214.169:80 | img1.blogblog.com | tcp |
| FR | 216.58.215.33:80 | 2.bp.blogspot.com | tcp |
| FR | 216.58.214.169:80 | img1.blogblog.com | tcp |
| FR | 216.58.215.33:80 | 2.bp.blogspot.com | tcp |
| FR | 142.250.179.110:80 | www.google-analytics.com | tcp |
| FR | 142.250.179.110:80 | www.google-analytics.com | tcp |
| FR | 134.119.176.26:80 | scr.kliksaya.com | tcp |
| FR | 134.119.176.26:80 | scr.kliksaya.com | tcp |
| FR | 134.119.176.26:80 | scr.kliksaya.com | tcp |
| FR | 134.119.176.26:80 | scr.kliksaya.com | tcp |
| FR | 134.119.176.26:80 | scr.kliksaya.com | tcp |
| FR | 134.119.176.26:80 | scr.kliksaya.com | tcp |
| FR | 18.164.52.90:443 | w.sharethis.com | tcp |
| FR | 18.164.52.90:443 | w.sharethis.com | tcp |
| FR | 18.164.52.90:443 | w.sharethis.com | tcp |
| FR | 18.164.52.90:443 | w.sharethis.com | tcp |
| US | 8.8.8.8:53 | ww1.kliksaya.com | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| FR | 142.250.179.67:80 | c.pki.goog | tcp |
| FR | 142.250.179.67:80 | c.pki.goog | tcp |
| DE | 64.190.63.136:80 | ww1.kliksaya.com | tcp |
| DE | 64.190.63.136:80 | ww1.kliksaya.com | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| FR | 142.250.179.67:80 | o.pki.goog | tcp |
| FR | 142.250.179.67:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | s10.histats.com | udp |
| US | 104.20.2.69:80 | s10.histats.com | tcp |
| US | 104.20.2.69:80 | s10.histats.com | tcp |
| US | 8.8.8.8:53 | s4.histats.com | udp |
| CA | 149.56.240.127:443 | s4.histats.com | tcp |
| CA | 149.56.240.127:443 | s4.histats.com | tcp |
| US | 8.8.8.8:53 | r11.o.lencr.org | udp |
| US | 8.8.8.8:53 | r11.o.lencr.org | udp |
| GB | 88.221.134.89:80 | r11.o.lencr.org | tcp |
| GB | 88.221.135.105:80 | r11.o.lencr.org | tcp |
| US | 104.20.2.69:443 | s10.histats.com | tcp |
| US | 8.8.8.8:53 | www.iniloh.net | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| FR | 216.58.215.33:80 | 1.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 1.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | crl.microsoft.com | udp |
| GB | 2.18.190.80:80 | crl.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 95.100.245.144:80 | www.microsoft.com | tcp |
| CA | 149.56.240.127:443 | s4.histats.com | tcp |
| CA | 149.56.240.127:443 | s4.histats.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WCATT3E5\plusone[1].js
| MD5 | 3c91ec4a05ec32f698b60dc011298dd8 |
| SHA1 | f10f0516a67aaf4590d49159cf9d36312653a55e |
| SHA256 | 96b335b41362fd966c7e5e547db375ef0be7dcb2aec66bf3646782eeaed4b2cf |
| SHA512 | 05345e754b39e9f83514bc3e14b52f3cbf321738fd7d973da55db99035b11b4152fedce2c203eb34376cc9e18571db514ff9fbcb4174a2dd7cca7e439cd25944 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 033c6a8b59152898920c37c4422f3350 |
| SHA1 | 72abf91d4f0faca1f3d88373b62f338f8a626124 |
| SHA256 | e47756f7654ccaaf1745300c65374c9825fc17b455c14633e5d52e12c6e5f84d |
| SHA512 | a8c258d35e087a64ed56faa49f937c1e3d4556b71160465db9f3aca1d3efe3e206e918a94edd6e144fbadf2830d57444d9185d07e725ee6f6142e1cedd14505d |
C:\Users\Admin\AppData\Local\Temp\TarC73.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\Local\Temp\CabC71.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f146a505f26af7ca801db5f15e0124de |
| SHA1 | 93f244c1b575ce569909143798cbb19237a3ff22 |
| SHA256 | c485fb7cfa7d0727319ad3323a9cbf7c018d8c38cb69280d5a0cfc4a2a93f306 |
| SHA512 | fa2b4e7035df9a4072e73695418b6e5e7f9d61d2902ecd562df1e5505564b5a1181ab6bca01d14ee3a6239bfb75838adcf16c46064333217b4c3bc5a39c13b05 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7f3be4b6521d340c01185bc963aa3db5 |
| SHA1 | 49d7754a69e131ed65ae6f54e5aa9a59280215e5 |
| SHA256 | a87e20c5c85532cd25671f44321c0b0659d24962e710f705e5b45de7e97f9dbf |
| SHA512 | c786cc362b0a5f3d98504e6148ecaaa969ac86782fd2bf848cd77a0bd875d5ed26065c16f9f372a218e200b523ce72ab103c6f6a5d4edae75f8874374437c6e1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2c86382be38028cdc14bee02128af851 |
| SHA1 | 98b3e39ba99cc7b854524c4b84e58e6418d12cdb |
| SHA256 | bc0e6c2926267196281ce665cf849d08ac0778137dc74e0555cbb45134e19da6 |
| SHA512 | 73e7cc8dbf426a124f1252ab7f3a57b4352a32d5070ba2f106f531c34fa4d7685b9ca6301d7ab3c89e8f8ac325d3d8e49d2b286d58cfd5acc00a0cc95cd1bffb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b6fd16fb2db7a172afdad8bbadd29e39 |
| SHA1 | f48ce8e9810bdbbbc9d06f05a26993276fa02b59 |
| SHA256 | f9f913e8cc273e6f5771def6d93b2c6288c8cd3d52726376e263db2956f020c8 |
| SHA512 | 95d75778ee9bba2a01aacede431f98e5832bd479a8548eded1df840bb15167063d19b105dea615d82e503d0586da90dd3061a860c4e899c3745ab6a121c94df1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ba0b40e9019f260dccc90d0b7a77c36f |
| SHA1 | 98be668a3989623cec51db52f077b5d62fc5389f |
| SHA256 | 7611dd848b83adbb19d1286638f6410f7d07e4de384c2e22bae121846830a1d0 |
| SHA512 | 194d58424e80067c26e655a6af1a4468f2932a38690a0454f25aaea45b29deefb87195b3a9fa4957f66e72276886906262765ab3d349a79341ae03ee9cf43e94 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c448f24d5acb99ac93361f22f3e6295a |
| SHA1 | 9d48da73078a6631174dd74f10374dbda8bc88f0 |
| SHA256 | d675f97c2e906b204d8ed459efbdcf72fa235dc471bdc792067221efa78820d8 |
| SHA512 | a202a6d45b672368c8fc42c640d40525f58122acb32f77a2159a3da8a0856245fb632b0e241822e4cff7428fadafcde78cf05d2c55c1d8dd9c8db5d51bf7df30 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2c0d163165f9848076017583045e8f7f |
| SHA1 | 8a611ecfdc079fcca7d109a924421b185f4c25d7 |
| SHA256 | bb94087f58cf63be90f62a1ab97545aa99d7c464b22dcfe0ced88d3c2008c6ab |
| SHA512 | 28216bfb15158de50568bf330f09afc9c3a06199fa089a6b52919020e69fd6daccc7e8e885ac7b53e0941cefc47615398ad80fccf6a5c1a6e9a48be3191634d1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1a4aaee0ce42fba76e4b77369208b566 |
| SHA1 | 5b82c6b15f1fe39acccc363fde70e50f2ec93b45 |
| SHA256 | 322aeb51d75370df49b40c33b3fe48c96dbfce44fe08367c787c9754b1cb23c9 |
| SHA512 | b2d542531eaa3a342ed2e881af153632dbe28916ff7613eaa8a6fd4c7301c80dba42f00ab83b74480e3802b52c84b7092410be2d89c289d95bfa5f66f8e6198e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cd9db6b1dba7c1d546b36f502bead1e4 |
| SHA1 | 7b1001fa719d82412a1cb3717b79b36bc5c57113 |
| SHA256 | 5f59d2117e679fd9277b211687001317e9c4425c3f828236382b72e68984e62d |
| SHA512 | ed24e648b532c1b38db6cb667e383d263c5f109a9df16aa08f6600bdae2e8a77d16573e13860fb6e3da9a001af6b8cc0e37dd57534a3de13da5e7f0831cb2ddd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | afc67a553d1cf071a33cf2b6a1d13a12 |
| SHA1 | 64a673f6d99504b4d7abd812236adf543015fc36 |
| SHA256 | 130355ccc696ed5af880e98a0c8aa88c7936d99310c90da6fad402aa2ec4f418 |
| SHA512 | 2bf9496585ea22f306ca3b363bd2947124ee05e4e0f96c7d8de7fbb331cb1fbd51581f977a7d130817a86dfe547cc14c6e8b7c79e43f7a7dd7c0f0a4db144b97 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bcedc58efa3f3ee0d7e4e7a14c13addc |
| SHA1 | 0a7d2cca9cedb959037c5c10c71a4d507c37baab |
| SHA256 | 4b9812711a5c440efbf95ef74d9b41e2014e95af65db7809ac78826cb3975f9c |
| SHA512 | b1d545dca28cc8f78a0d540f6b36655601a160d34414c7d135c67bc607c79bf9331966a3cb13085b79d300c61eba7fbf388bd71694b99496da6e44bade77664d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 5bbd9c63551e5c4acf7054403e629042 |
| SHA1 | a9c05919dca2abc4838842aacc61d9f6c30ea3b4 |
| SHA256 | 86557f91a54629a3bfa839f777bcaa8918800d424cbdf3f51ba1b2e002fcf9f2 |
| SHA512 | e8443ba0a01c6dd35afda1171905617b19fbc7f5cdd01aa486a39babeef47ba7e509de7ddd52ab439375984540840aa3b1a8e3cf0e8ce5ffd03417d6fdcbb0e6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 845348bde3c4811a6b5dd4a4b5943b98 |
| SHA1 | 749fd157d8d3d847768761cf76e1db5393dc69c1 |
| SHA256 | 1df669637f7799dbe34fa9312c15159d1a5b881537f4ce1bfebe72fdbe46b1ee |
| SHA512 | f7a9ffe60e53e10525b1077ad95b77b59280357ef46f178dc02d4ec6a8743b8e9f861bb5ff963f414988e7486144578a2adb5d98cbf88e04f5f55f763fe3841e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 73215570438a16636a141ded5d05d763 |
| SHA1 | ffe8868692d9c01c4faf0c64b6871704639b79c8 |
| SHA256 | 0ed76933102bffb73a3fed3b7fc28c06f168b8b3a9e2f8c4f2eff25c3e96ce8e |
| SHA512 | 3738b16debea495b2d2ef6015d4e54f6360ba03bea99a5ad54c73ac2b6f338d4081538bfd8eb27ceada51a24c09b6fc95331853d01c53d5c5137553790cb7ded |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | be24e8e288ba32622be8037d73fe4b2d |
| SHA1 | 0f00eb8e604f202d9ef64bdbeadd7d6bf9900705 |
| SHA256 | c98da2fbec675d5912cb595d4657397b7036150afeb42405abc67f07608f43b1 |
| SHA512 | ac146162f6c708cd0840d65b598e24fe04dc9ebb48e6cf88e0025420ae8ef5ae4e024a726e3a5d8d196eab38072b591bf77118f428e61de77317e52fab129176 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d5b28e108bd9f4f4eff7d159ae6df27b |
| SHA1 | 59090f07fdf91435fd9e605991755de2f70f0946 |
| SHA256 | fc5fa4ad989a4771f7fef55f19b7f1e621ac5c2c24384d20532778d4d75dde14 |
| SHA512 | 535eb0582d5b451e9070dc065e828c6a12d531954da8c4bb92f2336100272ec72a8dc11cf108fa204467a4f06f62fba821e96e96e95aa834cacf70de16aa3203 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 0a48286d1a2fd876bac96bf281f29b05 |
| SHA1 | 4eeaa962a31eb3ffdfa18c08989d36a0b9c2f9a2 |
| SHA256 | e392163dd9075d6bed52287370da7fa6e2d62d23a927ed2f1b98c536490dd951 |
| SHA512 | 2cd17b90f350cb956299dbde4f00d9af3ec25e62f190a7a037c28b9e234884a7e6d0b8a61b033fa3685da46514bddc36d5ba5cbff9bc6d72d465ed5a8d630259 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ae2ac91b8d27189b6b84a9c177a44852 |
| SHA1 | 043ac1ffbae4f4df187a49aa20e0e662d0924c92 |
| SHA256 | cc00469c51290ef1aec7b0045d47a67268288673bf3d38f1eda4bdd8ce2c63c4 |
| SHA512 | fae6dc89088d8cd9d7d80b1b2afee8feaa21db87485851beeb8621982c37378df701f943f3e588107ae5dd67071362a96b1e40b7df8b0c8ab6d6a39c8bcabb03 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8f9775015b6b240b5f7aaee728297e8d |
| SHA1 | 22aef2b0a0adb9f862f8ec93749598bda38780da |
| SHA256 | a6afbc5958a8832e7d81131d1f70c9b872c3f129e57468429db290ae57841e77 |
| SHA512 | d3c22f67464ea89dfd2ee4aa1f70e713502619f98a064cdd230dc67b2cdce4ea7f9c7d9dd412e8530a85543fc8bcb0cd9abbdfac328800fe03a69dc794da1ffd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 226336c9e42f422391e47115efb71480 |
| SHA1 | fef898b90cb1d64858427c9a874e031f9222d932 |
| SHA256 | 8e29a78c1a1a75b50ae9d1a1073fecc89baee58c4bf380e2c692e634f3c6304d |
| SHA512 | 1506e8594c75526ec5bc0e845b5d75c61fd7fd22237689b3d7ea078181ae85ab2cd6b630c7f98dcff532bf3c70e1b198961f57dd9ae7fa7d34a1f958e16621f3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c56da502c3e53377a60434f65987718a |
| SHA1 | 276f7b7bfc0b41cbd5cc310f3ebd357c267d9342 |
| SHA256 | c97c9dddc3fdd7e19497ecc97afc78b6e424a152aeaa3926d6f61df930ad7a4d |
| SHA512 | 4c57233fd550561f83e5912b243ef0b56d45bd8d8a697372bbfcfd91d2eacf52be92daf26918471fff39e74e3ae372d9dbbf900a87d76745deb50d23543764c0 |
Analysis: behavioral2
Detonation Overview
Submitted
2025-01-01 05:06
Reported
2025-01-01 05:08
Platform
win10v2004-20241007-en
Max time kernel
149s
Max time network
150s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4832dddaac75cfc4054fa0b47034c330.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9189546f8,0x7ff918954708,0x7ff918954718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2240,3406269292463081498,15019270075237543116,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2244 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2240,3406269292463081498,15019270075237543116,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2240,3406269292463081498,15019270075237543116,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,3406269292463081498,15019270075237543116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,3406269292463081498,15019270075237543116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,3406269292463081498,15019270075237543116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2240,3406269292463081498,15019270075237543116,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5756 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2240,3406269292463081498,15019270075237543116,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5756 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,3406269292463081498,15019270075237543116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3608 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,3406269292463081498,15019270075237543116,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,3406269292463081498,15019270075237543116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2092 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,3406269292463081498,15019270075237543116,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2240,3406269292463081498,15019270075237543116,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5048 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | w.sharethis.com | udp |
| US | 8.8.8.8:53 | yourjavascript.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 76.223.54.146:80 | yourjavascript.com | tcp |
| FR | 142.250.179.78:443 | apis.google.com | tcp |
| FR | 18.164.52.115:80 | w.sharethis.com | tcp |
| FR | 216.58.214.169:445 | www.blogger.com | tcp |
| FR | 18.164.52.115:443 | w.sharethis.com | tcp |
| US | 8.8.8.8:53 | scr.kliksaya.com | udp |
| FR | 134.119.176.26:80 | scr.kliksaya.com | tcp |
| FR | 134.119.176.26:80 | scr.kliksaya.com | tcp |
| FR | 134.119.176.26:80 | scr.kliksaya.com | tcp |
| US | 8.8.8.8:53 | 71.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.52.164.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.54.223.76.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.176.119.134.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.201.222.52.in-addr.arpa | udp |
| FR | 134.119.176.26:80 | scr.kliksaya.com | tcp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| FR | 134.119.176.26:80 | scr.kliksaya.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| FR | 134.119.176.26:80 | scr.kliksaya.com | tcp |
| FR | 134.119.176.26:80 | scr.kliksaya.com | tcp |
| US | 8.8.8.8:53 | 134.130.81.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.179.139.118.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| FR | 216.58.215.33:80 | 2.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | img1.blogblog.com | udp |
| FR | 216.58.214.169:80 | img1.blogblog.com | tcp |
| US | 8.8.8.8:53 | 33.215.58.216.in-addr.arpa | udp |
| FR | 142.250.179.110:80 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | 169.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 172.217.20.164:445 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| FR | 142.250.179.78:443 | apis.google.com | udp |
| US | 8.8.8.8:53 | ws.sharethis.com | udp |
| US | 8.8.8.8:53 | l.sharethis.com | udp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| IE | 52.213.94.99:443 | l.sharethis.com | tcp |
| US | 8.8.8.8:53 | count-server.sharethis.com | udp |
| FR | 13.249.9.11:443 | count-server.sharethis.com | tcp |
| US | 8.8.8.8:53 | 99.94.213.52.in-addr.arpa | udp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 8.8.8.8:53 | crt.rootg2.amazontrust.com | udp |
| FR | 3.164.163.87:80 | crt.rootg2.amazontrust.com | tcp |
| US | 8.8.8.8:53 | s10.histats.com | udp |
| FR | 142.250.179.98:445 | pagead2.googlesyndication.com | tcp |
| US | 104.20.3.69:80 | s10.histats.com | tcp |
| US | 8.8.8.8:53 | s4.histats.com | udp |
| CA | 149.56.240.31:443 | s4.histats.com | tcp |
| US | 8.8.8.8:53 | 11.9.249.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.163.164.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.3.20.104.in-addr.arpa | udp |
| FR | 142.250.201.162:139 | pagead2.googlesyndication.com | tcp |
| US | 104.20.3.69:443 | s10.histats.com | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| DE | 185.60.217.28:445 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| DE | 185.60.217.28:139 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | e.dtscout.com | udp |
| US | 141.101.120.10:445 | e.dtscout.com | tcp |
| US | 141.101.120.11:445 | e.dtscout.com | tcp |
| US | 8.8.8.8:53 | e.dtscout.com | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.iniloh.net | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| FR | 216.58.215.33:80 | 1.bp.blogspot.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | d22073dea53e79d9b824f27ac5e9813e |
| SHA1 | 6d8a7281241248431a1571e6ddc55798b01fa961 |
| SHA256 | 86713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6 |
| SHA512 | 97152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413 |
\??\pipe\LOCAL\crashpad_1216_PGBQAUFAVYIVEASK
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | bffcefacce25cd03f3d5c9446ddb903d |
| SHA1 | 8923f84aa86db316d2f5c122fe3874bbe26f3bab |
| SHA256 | 23e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405 |
| SHA512 | 761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 67c653573c245437ce8b803c8baed7f3 |
| SHA1 | b74a5a878c03053ad7eb258ca8c70780df2912c0 |
| SHA256 | 2a33bb9e55565ac24b848f39e4748a527847fa4c3d82f058ce6e1abc600b4f0f |
| SHA512 | 51a6cd9db8e8ffe686b83957ce34723d6a3c483012cc27df246926216f0d7e13dbbfceca42b04c3f7ffc7e5725352f188506fceed99b9d18d328d0135c433a69 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | a4bc2ab2821ef551c2511961ed35a11a |
| SHA1 | 510edbacb976decdf48646098916f1a7075bfc76 |
| SHA256 | 65dd22b4479716c00e34b178f0f341e67950d980a16afa0c6c3ae33607df59e5 |
| SHA512 | 69d336e9b76ea457ccc9238595e99fe546f121d59fb4774b293ec8a162999dc4edfaedff1bd0b42aba4ea0060674961351d8b0121fd1e87c5c4779aa826bced5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | be46ed93b692c611b2043bd674eabeae |
| SHA1 | aa8c0b38c8760097d574a8ddc168b17a277f1735 |
| SHA256 | e6bfadfe85d17d35dd35ff29d7ac6b1a8399c1be537cb8c9605e66ae1fc8a749 |
| SHA512 | ae822b2a1ee50c95e2b6fcbbbde9bc49115e3c986941d98176ef14157378bc16883de0696fb062399b0b1991ca9cdf1dbd366b9ba80de50bc90f997de18c7a98 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | af8855a20312bc2b3b1527a289276d8b |
| SHA1 | 4fe4ccf9ccc8ca02d6566570bbf070070a5b414e |
| SHA256 | d107406ffa6017a78142bea7fe2bd045f23ace9f16d65ffbb2d76885ee9c4a24 |
| SHA512 | 48aa44a642480200950c0a1c9dcd621db49b831240d293b152a144e144b6b865312ac36d31207a7308f3309b1cb38c7c36e81deaa4dc7fbfe159160f7a02c99f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 8b6dca6f00d52584ada991d5d1592f07 |
| SHA1 | 7e659716541698138777bda2b97cc55dce72ec4c |
| SHA256 | c345f01d2b74535a3611020bfc53167136d0decf4542e5eacbaa19bc8b1dffbf |
| SHA512 | b45ef3d3470e7b216a10796e3ef8352a332d0d05608f9ec2964cebeed4f6c7550d6ccecbbb5bb69934ec75161bf7d336181ba1b53b7f17dc59410a24e6d47dcb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe587470.TMP
| MD5 | 6f1d350098982d59754cfb810fa69da0 |
| SHA1 | ffd9dc35f2c450e2d3855e35a8b2ef9184be51dc |
| SHA256 | 7fe12dceaf84a61b6c25146e7669602792f38b6c852afeadb042123778561078 |
| SHA512 | d118c91c453910d39f5978fd6f84c4dde7cccf798fe1a15df10fcc3884110661390ab4510f0029f87124dd25ff8008e5c19faa459fcb41ddf7f7a86f38ee883f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | c78bd66ac63baef42569c6dc3a71ea2a |
| SHA1 | fb6a8c1fff998b1a3a50b6cf6d6a3edc9058211b |
| SHA256 | 59c43aa91b8aeaf106fd7b8e617d63c7045a44b1a88c977dcd4603739c074ef6 |
| SHA512 | 51284ef0e7956d5cb9aacf006368600f1bc1437d851b15782001fa92c561974bb06446a9dcf0c8e45fd1aca29322cc69d78d833bf4a3fd6e37f9c210426cd8fb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | a19840548fcb35f6770b335bf29623c9 |
| SHA1 | 1aa9fadaaa37a785669ed1e5793288cb0b74315e |
| SHA256 | 7861783244b7b3196cb1f2b398a06261a45829b78ab3e349320b34ee64bd1b38 |
| SHA512 | a279e75b96bf24bd1356befeae674167a341bb89550ad7de1d6265eebf36a44e8bb33a8b2f5823c12fb3925f1b406a9504bbb26e35730b646b0851623dac24df |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 57cc6142f45dc786cf1d4a4ab02d0f1b |
| SHA1 | 6d0380bf3ccccb1fd8dc2486c0ee338ca523a9ab |
| SHA256 | e0a79177753d34582cf555342e8bb0475279cc9af9dfc2fd3daea65d638a8cd1 |
| SHA512 | 532b51f6820c4df08b51b257b7f2fdb4aff96af5f774ff01c8297612aab10c9a2b6874e1a7a8a55ab552c7956deac4635e31d0fe83bdc718221f9ab3b1183196 |