Analysis Overview
SHA256
1de2ea7dd3ded633a139f0d6831de2d7ab7349c3f2714955e73949de9f585cb8
Threat Level: Known bad
The file 2f3bd68fca59a105c7532240223579ab_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
SocGholish
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-10 13:00
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-10 13:00
Reported
2024-05-10 13:03
Platform
win7-20240419-en
Max time kernel
140s
Max time network
144s
Command Line
Signatures
SocGholish
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "115" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d100000000020000000000106600000001000020000000f7f5ec8978df9202e06f37dfcda90b98a7951ec299e753d0ed37cc135a73b5f9000000000e8000000002000020000000b7c3d2377b0295f882e624d42bfa738e17f471ac643c041d8d7468e99b36b1fc900000002d15d9f8ba82c6688a2ba8effe4b6589e4acb7a8810ac149b9d92a522bc33366ce343e89b92dd2770c7e1fe6ef8c3c7b14617434f206deabbe1d9eeed6719a5d0df42c640f25838ffb9588556a89b8a75bfc80516ef0c59bdcc564852aba044c3b2617fb607736e935b1b73c8673eb4a7ecad113606f126915308e11eb7ba1211a77eeae87e0e4f1def215170f4451674000000087cf60f1e4dfd7136ff7d17ecf4777b2f8aaea5005fc37e792276f8a41ae3d905002378484c616da5ffcb535153f7c21bda552fd9d36a2b0136f9db573176809 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "6" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "121" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 000d794ddaa2da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "121" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "121" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421507943" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "115" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "6" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\NumberOfSubdomains = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "6" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "115" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{62FC9661-0ECD-11EF-BDA8-6EB0E89E4FD1} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d100000000020000000000106600000001000020000000265c806f7f796bb498fa29620949657057281649652baeb05a2c90deb2aabf5d000000000e8000000002000020000000f359a26fb6d4664a20e2c7b17eceee68878b5016a15267daf05c6fd5e655b94020000000dcb15be26defc257d894334eb05dada24b339b922ec13e91880ed49bde7ca51b400000000cc92983296026252c2bc3b2795fee1e0a165f273662139644f6f24352c72840839f7b9878f004994103373b5c676cadfdbe8bcdf1588ae482ab3466ff5dcc53 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1964 wrote to memory of 2980 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1964 wrote to memory of 2980 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1964 wrote to memory of 2980 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1964 wrote to memory of 2980 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\2f3bd68fca59a105c7532240223579ab_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | www.ashadee.com | udp |
| US | 8.8.8.8:53 | static.ak.fbcdn.net | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | kungfufbads.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.gilerkentang.com | udp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| US | 8.8.8.8:53 | s11.flagcounter.com | udp |
| US | 8.8.8.8:53 | busuk.org | udp |
| US | 8.8.8.8:53 | img2.blogblog.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | img1.blogblog.com | udp |
| US | 8.8.8.8:53 | feedjit.com | udp |
| GB | 142.250.200.9:443 | img1.blogblog.com | tcp |
| GB | 142.250.200.9:80 | img1.blogblog.com | tcp |
| GB | 142.250.200.9:443 | img1.blogblog.com | tcp |
| GB | 142.250.200.9:443 | img1.blogblog.com | tcp |
| GB | 172.217.16.234:80 | ajax.googleapis.com | tcp |
| GB | 142.250.200.9:443 | img1.blogblog.com | tcp |
| GB | 142.250.200.9:443 | img1.blogblog.com | tcp |
| GB | 172.217.16.234:80 | ajax.googleapis.com | tcp |
| US | 45.58.124.226:80 | s11.flagcounter.com | tcp |
| US | 45.58.124.226:80 | s11.flagcounter.com | tcp |
| GB | 216.58.201.110:443 | apis.google.com | tcp |
| GB | 216.58.201.110:443 | apis.google.com | tcp |
| GB | 142.250.187.225:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 3.bp.blogspot.com | tcp |
| US | 172.67.139.115:80 | busuk.org | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| GB | 142.250.187.225:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 3.bp.blogspot.com | tcp |
| US | 172.67.139.115:80 | busuk.org | tcp |
| GB | 142.250.200.9:443 | img1.blogblog.com | tcp |
| GB | 142.250.200.9:443 | img1.blogblog.com | tcp |
| GB | 142.250.200.9:443 | img1.blogblog.com | tcp |
| GB | 142.250.200.9:443 | img1.blogblog.com | tcp |
| GB | 142.250.200.9:443 | img1.blogblog.com | tcp |
| US | 69.10.62.26:80 | www.gilerkentang.com | tcp |
| US | 69.10.62.26:80 | www.gilerkentang.com | tcp |
| GB | 142.250.187.225:80 | 3.bp.blogspot.com | tcp |
| US | 172.67.139.115:443 | busuk.org | tcp |
| US | 8.8.8.8:53 | gilerkentang.com | udp |
| US | 69.10.62.26:80 | gilerkentang.com | tcp |
| US | 69.10.62.26:80 | gilerkentang.com | tcp |
| GB | 142.250.187.225:443 | 3.bp.blogspot.com | tcp |
| GB | 142.250.187.225:443 | 3.bp.blogspot.com | tcp |
| GB | 142.250.187.225:443 | 3.bp.blogspot.com | tcp |
| GB | 142.250.187.225:443 | 3.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 3.bp.blogspot.com | tcp |
| US | 104.16.114.74:80 | www.mediafire.com | tcp |
| US | 104.16.114.74:80 | www.mediafire.com | tcp |
| GB | 142.250.187.225:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.187.225:443 | 3.bp.blogspot.com | tcp |
| GB | 142.250.187.225:443 | 3.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 3.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 13.248.169.48:80 | www.ashadee.com | tcp |
| US | 13.248.169.48:80 | www.ashadee.com | tcp |
| GB | 142.250.178.14:443 | www.youtube.com | tcp |
| GB | 142.250.178.14:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | widgets.amung.us | udp |
| US | 8.8.8.8:53 | synad2.nuffnang.com.my | udp |
| GB | 216.58.201.110:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | s10.histats.com | udp |
| GB | 142.250.178.14:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| IE | 209.85.203.84:443 | accounts.google.com | tcp |
| IE | 209.85.203.84:443 | accounts.google.com | tcp |
| US | 172.67.8.141:80 | widgets.amung.us | tcp |
| US | 172.67.8.141:80 | widgets.amung.us | tcp |
| US | 104.20.66.115:80 | s10.histats.com | tcp |
| US | 104.20.66.115:80 | s10.histats.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| GB | 216.58.212.226:443 | googleads.g.doubleclick.net | tcp |
| GB | 216.58.212.226:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.179.230:443 | static.doubleclick.net | tcp |
| GB | 142.250.179.230:443 | static.doubleclick.net | tcp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | s4.histats.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| CA | 54.39.128.162:443 | s4.histats.com | tcp |
| CA | 54.39.128.162:443 | s4.histats.com | tcp |
| GB | 216.58.212.206:80 | developers.google.com | tcp |
| GB | 216.58.212.206:80 | developers.google.com | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 142.250.179.227:443 | ssl.gstatic.com | tcp |
| GB | 142.250.179.227:443 | ssl.gstatic.com | tcp |
| GB | 142.250.187.225:443 | 3.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| GB | 142.250.200.33:443 | lh3.googleusercontent.com | tcp |
| GB | 142.250.200.33:443 | lh3.googleusercontent.com | tcp |
| GB | 142.250.200.33:443 | lh3.googleusercontent.com | tcp |
| GB | 142.250.200.33:443 | lh3.googleusercontent.com | tcp |
| GB | 142.250.200.33:443 | lh3.googleusercontent.com | tcp |
| GB | 142.250.200.33:443 | lh3.googleusercontent.com | tcp |
| GB | 142.250.200.33:443 | lh3.googleusercontent.com | tcp |
| GB | 142.250.200.33:443 | lh3.googleusercontent.com | tcp |
| GB | 142.250.200.33:443 | lh3.googleusercontent.com | tcp |
| GB | 142.250.200.33:443 | lh3.googleusercontent.com | tcp |
| GB | 142.250.200.33:443 | lh3.googleusercontent.com | tcp |
| GB | 142.250.200.33:443 | lh3.googleusercontent.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| US | 104.20.66.115:443 | s10.histats.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 2.18.190.80:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| BE | 2.21.17.29:80 | x2.c.lencr.org | tcp |
| GB | 172.217.16.238:443 | www.youtube.com | tcp |
| GB | 216.58.212.206:443 | developers.google.com | tcp |
| GB | 216.58.212.206:443 | developers.google.com | tcp |
| GB | 142.250.200.33:443 | lh3.googleusercontent.com | tcp |
| CA | 54.39.128.162:443 | s4.histats.com | tcp |
| CA | 54.39.128.162:443 | s4.histats.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| GB | 216.58.212.226:443 | googleads.g.doubleclick.net | tcp |
| GB | 216.58.212.226:443 | googleads.g.doubleclick.net | tcp |
| IE | 209.85.203.84:443 | accounts.google.com | tcp |
| IE | 209.85.203.84:443 | accounts.google.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_AC420C38BB74EA210EB13D87E9370DA6
| MD5 | a188d9a0dc9a64b056405e50e594e394 |
| SHA1 | 644fd44a386bd7c9572855920cb9763376ae19c9 |
| SHA256 | 133c839c2ab96fda00a7bf965b365b8f2776a812a9287bfc62553338dc350842 |
| SHA512 | ed412427c435cd384145eb4d9f83cdc625eb6e74ab77efb051c4aeff49aff6f9ec942090c98c23a813f7f8aa92bd9e85c7d231c4df8b1bc00703b6b9325efb77 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\528EVS6A\dnserrordiagoff[2]
| MD5 | 47f581b112d58eda23ea8b2e08cf0ff0 |
| SHA1 | 6ec1df5eaec1439573aef0fb96dabfc953305e5b |
| SHA256 | b1c947d00db5fce43314c56c663dbeae0ffa13407c9c16225c17ccefc3afa928 |
| SHA512 | 187383eef3d646091e9f68eff680a11c7947b3d9b54a78cc6de4a04629d7037e9c97673ac054a6f1cf591235c110ca181a6b69ecba0e5032168f56f4486fff92 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\528EVS6A\errorPageStrings[2]
| MD5 | e3e4a98353f119b80b323302f26b78fa |
| SHA1 | 20ee35a370cdd3a8a7d04b506410300fd0a6a864 |
| SHA256 | 9466d620dc57835a2475f8f71e304f54aee7160e134ba160baae0f19e5e71e66 |
| SHA512 | d8e4d73c76804a5abebd5dbc3a86dcdb6e73107b873175a8de67332c113fb7c4899890bf7972e467866fa4cd100a7e2a10a770e5a9c41cbf23b54351b771dcee |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\528EVS6A\httpErrorPagesScripts[2]
| MD5 | 3f57b781cb3ef114dd0b665151571b7b |
| SHA1 | ce6a63f996df3a1cccb81720e21204b825e0238c |
| SHA256 | 46e019fa34465f4ed096a9665d1827b54553931ad82e98be01edb1ddbc94d3ad |
| SHA512 | 8cbf4ef582332ae7ea605f910ad6f8a4bc28513482409fa84f08943a72cac2cf0fa32b6af4c20c697e1fac2c5ba16b5a64a23af0c11eefbf69625b8f9f90c8fa |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9M8KXGMM\www.youtube[1].xml
| MD5 | c1ddea3ef6bbef3e7060a1a9ad89e4c5 |
| SHA1 | 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966 |
| SHA256 | b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db |
| SHA512 | 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9M8KXGMM\www.youtube[1].xml
| MD5 | 687a3691f977a9f54d16eba83c7b8852 |
| SHA1 | a5ff1812da872faf7e13762e9188cb6e79f0e261 |
| SHA256 | cd5e99d4553b49aa9ad335f4c06a361d3f3a20a05c5d79a931102acc1126b591 |
| SHA512 | 757c7e1c2c3abe64b23b5a0284044b2e40627b1f49e89de8c5814e1599bb036489a784dcbbd3496a7158a0cd41e0b2286c46896180751886284c60d409e70e1e |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\528EVS6A\platform[1].js
| MD5 | e66acfdb2f1dfcff8c6dba736dd4ab6d |
| SHA1 | 36026360b6c8d750488ef2c739e04969f8c5bcd7 |
| SHA256 | 742841b3cf614dd55ce486a7335018bd1992c4d05ef74b45a0781318075a99f3 |
| SHA512 | 113b6e50ded2703cb7a484a66250a38d74833ab9a994dc54042abc95500fe7405f9e5f384186c15bf392c613420a19108482d279776f6e2fd00245b8bd892fbc |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PH7CXNA3\cb=gapi[2].js
| MD5 | 4d1bd282f5a3799d4e2880cf69af9269 |
| SHA1 | 2ede61be138a7beaa7d6214aa278479dce258adb |
| SHA256 | 5e075152b65966c0c6fcd3ee7d9f62550981a7bb4ed47611f4286c16e0d79693 |
| SHA512 | 615556b06959aae4229b228cd023f15526256311b5e06dc3c1b122dcbe1ff2f01863e09f5b86f600bcee885f180b5148e7813fde76d877b3e4a114a73169c349 |
C:\Users\Admin\AppData\Local\Temp\Cab6422.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\Tar64C1.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d54a89b939fbf67942fb4af5a291a0ff |
| SHA1 | f9bc0f0e8000c961a19af0c4e891a26bc845affc |
| SHA256 | a393a93f7d476c8e99adb0ba5b00ea5804ef275107aaf6386cae0b232a2ae6c0 |
| SHA512 | a96c518a823fe5065caac6513defbecb9c301620a47cc0631577a41627e2a449f419df0bb6407895ea95b748ae57ce55c5f2947429ee0b5b564e7910c61379d2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 21593ad350275039706f4e16bfc74bce |
| SHA1 | c8c42bee753c48143da79511b566a6c59ffd01eb |
| SHA256 | 2bafff571c21ec2dee8021e88381f4a3d521998bdd7f7c0a1301749af3118d20 |
| SHA512 | 424223c7512a910740d10475767287bc412bb7950685bc52be397c8c7078bdd3ad0cbf2bd6e7b5c893a86d80bce1c4565396261a64f7db555ef7b0c328ba957e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ad3cffd2b0cb1f2636699c7a57a418e9 |
| SHA1 | eb29992ffae03cde07f05c2d959e53925d59a13c |
| SHA256 | b045e9dedef08aa5168a254fc6cbe5afd66a8007cd256b2b2dc1ca397c329946 |
| SHA512 | 2343d789a41e86676e2eb0d70759e541de909108d60cb4748bff9790b0c72aa78d081ebd9ac0e9a71ea3c8817f039ed317650f0bb5d423112864aacdae0aaef4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 370a2891e47c83e107ba83332fa20602 |
| SHA1 | 5dc3c060abcc2f7ee0af002fc890fdf790aa70ae |
| SHA256 | 2945905c7fc825da520ee3a1e2ff289337a697f9d9b5cec5f8b293fe5df76be1 |
| SHA512 | 1539f39313d09bfa889374d3c83c0ba2de1124c233d3a89701aff79557fabab3340378aeff2656dcb804070ee5fb4465034d607f0ab6249fdf94b25ef5f4a7e4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | af5a12291d3b3138f9efcdeb7005ab17 |
| SHA1 | 549d349054121aee795749abe7f556da30e78add |
| SHA256 | 07cfd9047ca19ec4b0aaaf6dc1a194a70aa65c2569baa8eaf66c526d2203b3fc |
| SHA512 | e7d13827dd864c87c4f34fb9af0f9fcd324c5947e99364c1c34d8936ca183026045e8d3e394d9bb3a2c6905c76b9298a322c688d4921ee3f5fec91f9e45f6cbe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 425b92d5c53b84fbd6d1758ffa349aa4 |
| SHA1 | 6fbb84893d3c210c4f01f8de2a8fdef5ba64edbd |
| SHA256 | a8b36a5f6f0ed3d579bcef013eb10d7cc61a13ba93043ba4f7f64c11add9b56b |
| SHA512 | 7c2de3ecbbc33dbc0708d6dbcffb253045d3c5b4f16adc67908757f31cbe3c7fd8195ec8b203099be0e02072fd425c477fce5938c1d18d68e9fe465e3db032d9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5360a30c11fb2186e86420ab8e73dba1 |
| SHA1 | 6f805de52498306d3792613860af7340d2c44954 |
| SHA256 | 6498fd15d87e626918b52536028ee9a7d990a0f620ee0c84aea9ee4d01cd3012 |
| SHA512 | 0f92aabe1067641e011c07034a3d9abcf2b470e543faacf3822e74fca8620839683475fdeaa564d7a8a52ca5186c6d4b06cd1569e0560507665367a8dd5a15bc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ff0e03ef21ef234158f32e6aa19eb43d |
| SHA1 | 87dab0d9acd0fabe4b754322d36df00f77e1d2a4 |
| SHA256 | 7d59ce2c29bf91ce45c01f18c65b00917bc748c6a3943f3c630f2a855b764b63 |
| SHA512 | e434220a67b6cbb15764952131d52713a07a27d72c1570d1666eddc11d8a910f85a04d60dcc8fb1b62cac8acfa87891e3b773c8e8170c6f3005a9e8bebeab396 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 049f0915a989d93b737f3e8468e9406c |
| SHA1 | 95558fa361039cb1affa45474acd08643ed74be0 |
| SHA256 | 58615e5f39820ae074b4e051ce29be001c1c93c73b9c802ca26ddcc75ca103ff |
| SHA512 | 5150b1db5e020ed02f400d1239ef3b554324ffb2ba9c002d39f53f8618367d2df6c54ef4fe377c2b2cef869ceb59f4dd9f6f36c217755fa56691893440147b4b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e87e74d2fee3a524a76f0fd297b7dc4c |
| SHA1 | 21ca3dacbc2130cb31b96350e52ed1e9c3a12c9b |
| SHA256 | dbcf44e5be6c4633e4124972ddbae1354a72c45f65f7a14f0053848acf7b019f |
| SHA512 | 817bc1f932df1dde4cb8678634bb9f0621e56b9903411dad86385cba77de10f287efe13acdc829f48b570d0f24f8269e6135e0f1b08496a9115148bd126e7c36 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 22a9ff16dd00e3aa0ea671482a79d215 |
| SHA1 | 8f9050db5d7ee965542b0d7d4d5d264570196266 |
| SHA256 | 3f8f2d4c75b094ac01501184d78223b49dd8db1b84fe2799e5f406ad00a52bae |
| SHA512 | 9b91ab7125be3971fb82acf468bf682188dd6841e9316b70760f3be015b725147eb8688a478626b137ddaced4419adcd8294d41d128904f9c8ae04bca20f9c3c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 03115de5351b9821b0d104d2183d671f |
| SHA1 | ef24c5b2281f39deb42243b83321560615643d55 |
| SHA256 | fa492156791b435ada57bc27a04fa70d92c3c44e21bbc493a0cdbc187b9870b4 |
| SHA512 | 283e357acbd085546eebb4422b03b1559d8bb1d0b617b10e766c2ea547a06503ed69cb1b8419251e563e8f51f58403f4fcf56d6b9198e9c71f588e4cd8c4be42 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 976fbe08d55b271504b6298bd798e5ce |
| SHA1 | 0e23f40c9e60386d8e32d6dea2a3989e89a4420b |
| SHA256 | 727f1ea64f5f0c1c05ce5e8fa89e8fea0498c5936660920d52c53ca675714f07 |
| SHA512 | e53fa6ddcec6d8b60578872dd6ed658fb1621a35e4f63e9e109a2953f5a1de132aa3406f26270cdad3074650fbbe25aff758d2909e151b0d65d375746ac4d821 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OV51DDG5\3604799710-postmessagerelay[1].js
| MD5 | 40aaadf2a7451d276b940cddefb2d0ed |
| SHA1 | b2fc8129a4f5e5a0c8cb631218f40a4230444d9e |
| SHA256 | 4b515a19e688085b55f51f1eda7bc3e51404e8f59b64652e094994baf7be28f2 |
| SHA512 | 6f66544481257ff36cda85da81960a848ebcf86c2eb7bbe685c9b6a0e91bca9fc9879c4844315c90afd9158f1d54398f0f1d650d50204e77692e48b39a038d50 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OV51DDG5\rpc_shindig_random[1].js
| MD5 | 23a7ab8d8ba33d255e61be9fc36b1d16 |
| SHA1 | 042d8431d552c81f4e504644ac88adce7bf2b76f |
| SHA256 | 127ffe5850ed564a98f7ac65c81f0d71c163ea45df74f130841f78d4ac5afad5 |
| SHA512 | e7c5314731e0b8a54ab1459d7199b36fc25cd0367bc146f5287d3850bd9fe67ba60017d79c97ea8d9a91cd639f2bc2253096ce826277e7088f8abfe6f0534b63 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-10 13:00
Reported
2024-05-10 13:04
Platform
win10v2004-20240426-en
Max time kernel
149s
Max time network
154s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2f3bd68fca59a105c7532240223579ab_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc7a7146f8,0x7ffc7a714708,0x7ffc7a714718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,15693693392717042178,2395413265030097815,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2020 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2008,15693693392717042178,2395413265030097815,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2008,15693693392717042178,2395413265030097815,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,15693693392717042178,2395413265030097815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,15693693392717042178,2395413265030097815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,15693693392717042178,2395413265030097815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,15693693392717042178,2395413265030097815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2308 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,15693693392717042178,2395413265030097815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,15693693392717042178,2395413265030097815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,15693693392717042178,2395413265030097815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2008,15693693392717042178,2395413265030097815,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6840 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2008,15693693392717042178,2395413265030097815,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6840 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,15693693392717042178,2395413265030097815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6500 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,15693693392717042178,2395413265030097815,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6448 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,15693693392717042178,2395413265030097815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4192 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,15693693392717042178,2395413265030097815,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,15693693392717042178,2395413265030097815,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5076 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| GB | 142.250.200.9:443 | www.blogger.com | tcp |
| GB | 216.58.204.74:80 | ajax.googleapis.com | tcp |
| US | 8.8.8.8:53 | static.ak.fbcdn.net | udp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| GB | 142.250.200.9:443 | www.blogger.com | udp |
| GB | 142.250.200.9:80 | www.blogger.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 8.8.8.8:53 | feedjit.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | www.ashadee.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | kungfufbads.com | udp |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| GB | 142.250.187.225:443 | 3.bp.blogspot.com | tcp |
| GB | 142.250.187.225:443 | 3.bp.blogspot.com | tcp |
| US | 13.248.169.48:80 | www.ashadee.com | tcp |
| GB | 142.250.200.9:443 | resources.blogblog.com | tcp |
| GB | 216.58.201.110:443 | apis.google.com | tcp |
| GB | 142.250.187.225:80 | 3.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 142.250.187.225:443 | 3.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 3.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 104.16.114.74:80 | www.mediafire.com | tcp |
| GB | 142.250.178.14:443 | www.youtube.com | tcp |
| GB | 142.250.187.225:443 | 3.bp.blogspot.com | tcp |
| GB | 142.250.187.225:443 | 3.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 3.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 142.250.178.14:443 | www.youtube.com | udp |
| GB | 142.250.187.225:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 3.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | www.gilerkentang.com | udp |
| GB | 216.58.204.86:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 142.250.187.225:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 3.bp.blogspot.com | tcp |
| US | 69.10.62.26:80 | www.gilerkentang.com | tcp |
| US | 69.10.62.26:80 | www.gilerkentang.com | tcp |
| US | 69.10.62.26:80 | www.gilerkentang.com | tcp |
| GB | 142.250.178.14:445 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | 225.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.179.139.118.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.169.248.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.114.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.62.10.69.in-addr.arpa | udp |
| US | 13.248.169.48:80 | www.ashadee.com | tcp |
| GB | 142.250.187.225:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 3.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 216.58.213.2:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | s11.flagcounter.com | udp |
| US | 8.8.8.8:53 | busuk.org | udp |
| US | 8.8.8.8:53 | img2.blogblog.com | udp |
| US | 8.8.8.8:53 | seductivex.com | udp |
| US | 8.8.8.8:53 | img1.blogblog.com | udp |
| US | 45.58.124.226:80 | s11.flagcounter.com | tcp |
| US | 8.8.8.8:53 | gilerkentang.com | udp |
| US | 8.8.8.8:53 | widgets.amung.us | udp |
| US | 8.8.8.8:53 | synad2.nuffnang.com.my | udp |
| US | 3.94.41.167:80 | seductivex.com | tcp |
| US | 188.114.96.2:80 | busuk.org | tcp |
| US | 104.22.75.171:80 | widgets.amung.us | tcp |
| US | 69.10.62.26:80 | gilerkentang.com | tcp |
| US | 69.10.62.26:80 | gilerkentang.com | tcp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| GB | 216.58.213.2:443 | googleads.g.doubleclick.net | udp |
| GB | 142.250.200.42:443 | jnn-pa.googleapis.com | tcp |
| US | 188.114.96.2:443 | busuk.org | tcp |
| GB | 142.250.179.230:443 | static.doubleclick.net | tcp |
| US | 8.8.8.8:53 | t.dtscout.com | udp |
| US | 69.10.62.26:80 | gilerkentang.com | tcp |
| DE | 141.101.120.11:443 | t.dtscout.com | tcp |
| GB | 142.250.200.42:443 | jnn-pa.googleapis.com | udp |
| GB | 172.217.16.238:445 | www.youtube.com | tcp |
| GB | 142.250.200.14:445 | www.youtube.com | tcp |
| GB | 142.250.200.46:445 | www.youtube.com | tcp |
| GB | 216.58.201.110:445 | www.youtube.com | tcp |
| GB | 216.58.204.78:445 | www.youtube.com | tcp |
| GB | 216.58.212.206:445 | www.youtube.com | tcp |
| GB | 216.58.212.238:445 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | 2.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.96.114.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.124.58.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.75.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.41.94.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.120.101.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.hugedomains.com | udp |
| US | 172.67.70.191:443 | www.hugedomains.com | tcp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 216.58.201.110:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | s10.histats.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| GB | 163.70.151.35:445 | www.facebook.com | tcp |
| US | 104.20.66.115:80 | s10.histats.com | tcp |
| GB | 142.250.200.9:443 | img1.blogblog.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | s4.histats.com | udp |
| CA | 54.39.128.162:443 | s4.histats.com | tcp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | whos.amung.us | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 104.22.74.171:445 | whos.amung.us | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| CA | 54.39.128.162:443 | s4.histats.com | tcp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| GB | 216.58.212.206:80 | developers.google.com | tcp |
| US | 8.8.8.8:53 | 191.70.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.66.20.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.151.70.163.in-addr.arpa | udp |
| IE | 209.85.203.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | 162.128.39.54.in-addr.arpa | udp |
| IE | 209.85.203.84:443 | accounts.google.com | tcp |
| GB | 216.58.212.206:443 | developers.google.com | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| US | 104.20.66.115:443 | s10.histats.com | tcp |
| GB | 142.250.179.227:443 | ssl.gstatic.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 2.18.190.81:80 | apps.identrust.com | tcp |
| US | 172.67.8.141:445 | whos.amung.us | tcp |
| US | 104.22.75.171:445 | whos.amung.us | tcp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| GB | 142.250.187.225:443 | 3.bp.blogspot.com | udp |
| GB | 142.250.187.225:443 | 3.bp.blogspot.com | udp |
| GB | 142.250.200.33:443 | lh3.googleusercontent.com | tcp |
| GB | 142.250.200.33:443 | lh3.googleusercontent.com | tcp |
| GB | 142.250.200.33:443 | lh3.googleusercontent.com | tcp |
| GB | 142.250.200.33:443 | lh3.googleusercontent.com | tcp |
| GB | 142.250.200.33:443 | lh3.googleusercontent.com | tcp |
| GB | 142.250.200.33:443 | lh3.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | 206.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.203.85.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.190.18.2.in-addr.arpa | udp |
| GB | 142.250.200.33:443 | lh3.googleusercontent.com | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 33.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| BE | 88.221.83.217:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 217.83.221.88.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| BE | 88.221.83.217:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | whos.amung.us | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| GB | 172.217.169.46:445 | www.youtube.com | tcp |
| GB | 142.250.179.238:445 | www.youtube.com | tcp |
| GB | 142.250.180.14:445 | www.youtube.com | tcp |
| GB | 142.250.187.206:445 | www.youtube.com | tcp |
| GB | 142.250.187.238:445 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | e.dtscout.com | udp |
| DE | 141.101.120.11:445 | e.dtscout.com | tcp |
| DE | 141.101.120.10:445 | e.dtscout.com | tcp |
| US | 8.8.8.8:53 | e.dtscout.com | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.187.206:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | 206.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| GB | 142.250.187.206:443 | play.google.com | udp |
| GB | 142.250.200.9:443 | img1.blogblog.com | udp |
| US | 8.8.8.8:53 | aminxfreedownload.blogspot.com | udp |
| GB | 216.58.201.97:80 | aminxfreedownload.blogspot.com | tcp |
| US | 8.8.8.8:53 | 97.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| IE | 209.85.203.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| GB | 216.58.213.2:443 | googleads.g.doubleclick.net | udp |
| IE | 209.85.203.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 227.162.46.104.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4dc6fc5e708279a3310fe55d9c44743d |
| SHA1 | a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2 |
| SHA256 | a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8 |
| SHA512 | 5874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13 |
\??\pipe\LOCAL\crashpad_1076_APXHAKMEXPWDTUVM
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c9c4c494f8fba32d95ba2125f00586a3 |
| SHA1 | 8a600205528aef7953144f1cf6f7a5115e3611de |
| SHA256 | a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b |
| SHA512 | 9d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b0aed4ca7d42346dd161b7a97269bff2 |
| SHA1 | 06e25fca89c6135c127d7a338ff9e65fab6458ad |
| SHA256 | 2ff1eefd9bfb92e7d8d7aa841a25f18826cc3c0e931705f38b1982a62feda951 |
| SHA512 | 82dab4b1ade66cc9fc515fe3a7c881ffa501cd54134f4ff2d822fea65a0c8a157f6aee3c4c61caf6e6573cb76af4184501b90e115495fb87a1b3ff4f6e2b2413 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029
| MD5 | 88477d32f888c2b8a3f3d98deb460b3d |
| SHA1 | 1fae9ac6c1082fc0426aebe4e683eea9b4ba898c |
| SHA256 | 1b1f0b5ef5f21d5742d84f331def7116323365c3dd4aec096a55763e310879d8 |
| SHA512 | e0c0588ff27a989cac47797e5a8044983d0b3c75c44416c5f977e0e93e9d3a9321b9283ea077e6dcad0619ac960ee45fe8570f1d5cc7d5d4117fee4f2f0c96b3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 5b01a8ab5724db94a1e31284d2205b08 |
| SHA1 | 072fa7f3bfb4298eafa745b4ffb9e951236e45a0 |
| SHA256 | 5f46f743f8308063f5704fdd8e91ec0d09a0b12a02be2b6e223be3c097f39160 |
| SHA512 | 4631cb58fe9cb97399dde1b5894257e0fe8ae5ff77be2512ad4aabbb7bbb284ab09f7204e74a54c8ed1ac9e66ffbf41e151e0289a1113406596f6c15c2eef5fe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 43ed0bae42d3e857dfec80eebd602589 |
| SHA1 | 40f997ab3881edc27b388ef68776c326f96ad2ca |
| SHA256 | 6cb52c97e58fe2453ed9248de3aeeb25f1c4a9acd10c570c65831755e4927f71 |
| SHA512 | 9f33f87f432f8bb35fdbc505a63dc63611c474248b815f20daa2440fa3233ec2b69b3269c0a5e9d31f767624f77e1eaaf0187d290f57d4ea193ba88444b19877 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 14ca9d0db97306aff93214b156a450f3 |
| SHA1 | 33a794eeca244490f9b052fbef8e301fc58e0a0b |
| SHA256 | 4bce228fb90bedafd900e059bd23ad88b5295323469ad9ccdc1a6fe2607a3310 |
| SHA512 | a1e7a22ad9ecd88cf9d5c2f9467eb2412ef540648021e913c5c3dd36d53bf18f404d9515217d6e9dc34ac4cf6d19e8344bac20cb577bb2bcfba862c5c5cdc1bc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6cc72744bbe7e18fa65397dc633bce9e |
| SHA1 | 85dbd823747f9b06bf1afb649664bfb74d31a201 |
| SHA256 | fdbbe5c32e5e9c006614719b7dc52b427bb9465d3b1db20f1e5577f1d61182de |
| SHA512 | 1650b9bb5589967fac777ab42b973eb30626cfcdfe198d3611c79089b5e1549ac5106e8428bd29c72f7b7e61d5d25fd586913f63fb417277268438aed3c189b9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c1c0745f-a60e-41de-b0a7-c90343ba478e.tmp
| MD5 | 17c313a49de33ca7d6e859cdf1560695 |
| SHA1 | 6aa0ccadeae0ae324f1c66f3c542df48f22ef06f |
| SHA256 | d85a18b4549d38cd208efe84649fe084b3ce154c1bbd0718c03cbe6c8e824136 |
| SHA512 | 701b7e316023433e5a837a6f9ee9df2ce6dc3c2aadf0fd36641e0b5530664986bae8545c468f6affedb7b0f9783b447964d5e676292f589f35fe51925674f627 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | dd70497edef066478fb51bfbd3837122 |
| SHA1 | 3ec050b507e8c93ec19729c777ebe0d816d8db94 |
| SHA256 | 18a9f3dbaf97e948e76e587e21965e563906e3fadae1bf5bf885527a61b4e9fa |
| SHA512 | 54ac14e1c37afee065df2f16e963b3f343451b84a74c5c6cf9234c2f111bb1da85284e47fd1cce6f378b41681a30732680a547d6e04d739b138eeec998d050d3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 31aabf6adb520d11f7d4ec70f0ba347d |
| SHA1 | e79299007237f9a7a80328432ed776233cbeb400 |
| SHA256 | d5ee55da3345b11dae36eef796270d51bacde7b5d20770869bbb0dff6a43aa38 |
| SHA512 | 2bfcb643282fd0266e108ad89ffb05411f8dd5f051acd90084b17c4d0d38edcc5c66943e9da27d166bd01b5cf771e1f03d93fd1494f2dc831327d034507ab53b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 6fbf0e72ce4b776d92fe064009e8af75 |
| SHA1 | 965b92250170442ce35de3237a703cc4f8cecc3e |
| SHA256 | 860fc8653910ee2566b7f2cf57f06170ffdc41bcfed11b5d6aaa6b8d99e3ff5e |
| SHA512 | 787c06abea3fd937cbb17b3482be5341d2cedca7d8180d05c1cf86967db5268d2110dc18e6f751f62c8084778a6f0817f72aee7a71d8d0baa0ac029afb8e8114 |