Analysis Overview
SHA256
6215feaa02b7aa75e7a549fa634720369a011ed8e2083836a538413f22fe462d
Threat Level: Known bad
The file 2f456680be64ed75be386dcac3112d0b_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
SocGholish
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-10 13:11
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-10 13:11
Reported
2024-05-10 13:16
Platform
win7-20240508-en
Max time kernel
141s
Max time network
144s
Command Line
Signatures
SocGholish
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0249bfadba2da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421508699" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a2300000000020000000000106600000001000020000000c113af5b2477f44cd6450618580679bea31f1e40751f3fd8c135cf6b8bdce3d8000000000e8000000002000020000000176f3105c11d61325ee457c7eca010f237ad018ce5847066b30208188a49e4ea20000000bc3caeb4d15862c02c2ea43ff2b52f8518a2b1a377de05d97f642b2e65d8b324400000004ff5cd65aaeef588817d21cd59ae301e4ce8aecf35eabbb8f4b50f267dde2a0c30e1e716aedf123d9fe5c7187458b26407e7a650a93bb93aaa3f4fbbf4637930 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a230000000002000000000010660000000100002000000060ed4ae1cf5699fa4da18433ac9735b618b78f6aa63b2c919c58017f3498faa4000000000e800000000200002000000074bf3aa8ee13c6257117d415473bdd72ebde4372a9026c8eda48b0a328b4460990000000d162924e02f72587e3ce5cf76676cebf2c9b768462d2ffe6cdf5cbb3c5a5453cef112312f660b384d7d94292d8bd24495cd1cdc90414076ed043ab91ddb858d91705404cc9f287ef4c806b709af492108057454f0be448a9ab8510ddace5dd2050f2f2b825e2de5e4bf0bf739c4e8eeb0a073e2d26af0b1db6a82531d5c129a2aa34d53e39291603d46c86aff5d1d12c40000000b32072221c805d3e661b26adab987fcd71de22d79652da039684a4379149499e5d79d38db28975f8da92deb11e686c9fbaa115b0030901bc88c27109d172f99d | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{25003B31-0ECF-11EF-B97B-5630532AF2EE} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1716 wrote to memory of 2196 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1716 wrote to memory of 2196 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1716 wrote to memory of 2196 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1716 wrote to memory of 2196 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\2f456680be64ed75be386dcac3112d0b_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1716 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| GB | 142.250.200.9:443 | www.blogger.com | tcp |
| GB | 142.250.200.9:443 | www.blogger.com | tcp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| GB | 216.58.201.110:443 | apis.google.com | tcp |
| GB | 216.58.201.110:443 | apis.google.com | tcp |
| GB | 142.250.200.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.200.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.187.225:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 3.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | blogger-related-posts.googlecode.com | udp |
| US | 8.8.8.8:53 | s7.addthis.com | udp |
| GB | 142.250.187.225:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 1.bp.blogspot.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| GB | 142.250.187.225:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 1.bp.blogspot.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| GB | 142.250.187.225:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.187.234:80 | ajax.googleapis.com | tcp |
| GB | 142.250.187.225:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.187.234:80 | ajax.googleapis.com | tcp |
| GB | 142.250.187.225:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.187.234:443 | ajax.googleapis.com | tcp |
| GB | 142.250.187.225:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 1.bp.blogspot.com | tcp |
| BE | 104.68.81.91:80 | s7.addthis.com | tcp |
| BE | 104.68.81.91:80 | s7.addthis.com | tcp |
| GB | 142.250.187.225:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 1.bp.blogspot.com | tcp |
| IE | 172.253.116.82:80 | blogger-related-posts.googlecode.com | tcp |
| IE | 172.253.116.82:80 | blogger-related-posts.googlecode.com | tcp |
| GB | 142.250.180.3:80 | www.gstatic.com | tcp |
| US | 8.8.8.8:53 | www.monex.com | udp |
| US | 104.18.15.250:80 | www.monex.com | tcp |
| US | 104.18.15.250:80 | www.monex.com | tcp |
| US | 104.18.15.250:443 | www.monex.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 2.18.190.80:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | api.htmlobfuscator.com | udp |
| US | 8.8.8.8:53 | dl.dropbox.com | udp |
| GB | 162.125.64.15:443 | dl.dropbox.com | tcp |
| GB | 162.125.64.15:443 | dl.dropbox.com | tcp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| US | 8.8.8.8:53 | www.poweringnews.com | udp |
| NL | 190.2.139.23:80 | www.poweringnews.com | tcp |
| NL | 190.2.139.23:80 | www.poweringnews.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab30C3.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\Tar30E5.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | da5f1347902d9bf0828089e4147dab19 |
| SHA1 | a0ef159c407404fc21890e3b7e6af237fdfe1258 |
| SHA256 | 3301463f86398c07f496a4954cabfcb7c1889e18d2a41b9dcf3140103e54bcf6 |
| SHA512 | 08de97e46412c1148454fa406a0826f0e4d8c37b2a947cd67a36f4ad1c2f38cf8a1d5082382cc3d35fa24cf8e3c6d7c684e93f307690637aa125399da436fdc2 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2XHJXO3H\plusone[1].js
| MD5 | fb86282646c76d835cd2e6c49b8625f7 |
| SHA1 | d1b33142b0ce10c3e883e4799dcb0a2f9ddaa3d0 |
| SHA256 | 638374c6c6251af66fe3f5018eb3ff62b47df830a0137afb51e36ac3279d8109 |
| SHA512 | 07dff3229f08df2d213f24f62a4610f2736b3d1092599b8fc27602330aafbb5bd1cd9039ffee7f76958f4b75796bb75dd7cd483eaa278c9902e712c256a9b7b9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b2197df44bc0ce9ac39068878bba5f41 |
| SHA1 | 05abb1765b5a65ab2f4356ee420b27db2e0a8a02 |
| SHA256 | 1f12dd4413d64ccd73bf540d3268105f5839577e13ee964238d61a19d72fa968 |
| SHA512 | 371004ac568b110f3aa9dc78def894c8a8ef4a2fc2b0258e14cb5dc5c31e602b82cc5e686a7218f4dcdabdb30611f473d55b9f2ad06fc795748b9a9657801da2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4825662e5404a6817941ebd0cc36232b |
| SHA1 | 991a8c3b0d54ec73506530dab1d0486efc94b3fd |
| SHA256 | b7b7badbe570fc57e56a8ee2b171d1ef530b0658b5de496221c5b98e4317d214 |
| SHA512 | a8c7b01b2b503e8ff38cca9ed820dea0797cfcbe5dbbfca04dc90189bf330e744f587ce97bf53f466eca2b05581f7b29ae7616f0efd8c83894dbd5b069352337 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 01a4cf9b2e872bb235abb221e0030434 |
| SHA1 | 4fc486d74567afc7efbefae0cf843a94cad1dff0 |
| SHA256 | 252576f01e3a28ef7c9d51f8622f053ca90edcbbe414f7dcc058298225cf0d4d |
| SHA512 | 300dd2497a21e090cde48d7a625de283d0e8a19fd07fba39634b597cfd40ba6fe8d8b8f7bb7eb49edbb8694980d5a9d70c9a26b6491ee8219b1bf88fe782e2a3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aee101fe32d0cdc9211c79083d92d513 |
| SHA1 | 8f5581003f56b6dc392ab8e5402ab0c498d14b74 |
| SHA256 | c213e237f6d13eeb7d833b7dd3016d8b2579bd9cfa75f810b65ebaaa4fb4e6f7 |
| SHA512 | d94b4890d911a6910492a5ba8ae9a326368a0f6a54d74b0961690d411c8e150dc0a4cbed1025742f1bf7800c9be99a302769c3d1a1f0b56e736cd1be19fafbc3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5efa3bd2056775225b5a1cf33372d540 |
| SHA1 | 281d0b17262662e1cc12c432a663dd44ce0873c6 |
| SHA256 | 514e35ba0a5a049f9c8ce4cf5ab83476a7a8fcb931aec04725d14785ac7df4ce |
| SHA512 | ee87f29045169277b7b4bb71fb68fb535be2164d3e81c6ada075fadc3c2b8c47fa07c3e43cd9ad85b39d8656f4e563a03b81700c2faa6e1f2d9f57d9f3e6f488 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 65be215ee7b35cb2b3a9193f7f9e9ed0 |
| SHA1 | 42fd7c2e68b061921fdcd0ba2fa6df61c07c06ad |
| SHA256 | 9d007c1a4783eec5b763d96c71c510185735494892e39f32921b623ccde28fc2 |
| SHA512 | 68b87da28f3be01fae6b2343a230271172fe02354086657ed40ad12c978506fef5b7a5cbd6547d1d3fda14a0b96393332b52f09deb93154423150b23a48fb8e1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 522e40617aef35c605b80027df1fdce0 |
| SHA1 | 11c649661e5847297789551c90bf32daa24d5443 |
| SHA256 | f907fa32f1940bc5d7ac39a5f983f807f79150f35f46510fa0ce18ea89e0a8d2 |
| SHA512 | df1e12d5f3066bfcb9f1fe04b10aa49647b0d7827465c6f2e1e1d7bde049674bf3670457324ea749cd1f5df40408ecd5bcbf8816031e19e836f409c72e90b181 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6c40c52cd9ed4323a7cd6b12c641fd86 |
| SHA1 | ed9e2342b72034bc5b798123e6b6c19db032b1cf |
| SHA256 | 005b73c6025925b70a2a533519cff535c710a54ae0cfa5d07cd830ce27349684 |
| SHA512 | 02bb170df41c195f919c061424df2192c450a57f460316055dfa75c1c1f1fcc74843f8b2b9d9f0378579955dda607bb2b89239185ba010f5a7625ae15768fcc0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6af5abab6b6faac48e001ee025ba887d |
| SHA1 | 0e0428e44fa88f735022238f74c4a5030571df96 |
| SHA256 | 32ac452aa8b70451a5c3663654d058338f21d70af6f378363cb575a31fa73277 |
| SHA512 | c028f935d99cd6bdaba5c09b053986686ca022ac67bb86fea0d5d5e9bbce15468f7a9619f538d11d509ea4a71226a24178333fceab402032025dc10028aeefb1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2241e78bd76197014f2fa2cd87f01e1c |
| SHA1 | c2d5e2483c9e1a70323f0017526c7cdd686a2cea |
| SHA256 | d50596d7e5738b5636a947f6a94a2b48c6bd5a62d0b37e0b88daaf6db311b0b3 |
| SHA512 | 53c488fe5dbc244415438c24413ba183ce7089859590c6e0e823f3a72a2a8275764ef3e23d22f977943c9fb5d941514324995713c874ef70659360f719a156cc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 50ff55c5d6bc96d56f296e2703456606 |
| SHA1 | 9a11027b6d754d510e8aaeacd17e32761a3981dc |
| SHA256 | b3244e363d749e179107a2852d35d2c52d734c5778da5def3be042ff705185bd |
| SHA512 | aee5f36a1cb1f0a74bdbf5fec31e33f2c6880d9aabcd24af32324f0f478baae727a94f589138b5ef83ac92dd5efd9698780a6e5a1a8e826c8f865666a7bdf89e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 38f3635ad49f41111d7b1c0298a33979 |
| SHA1 | afe09a613a3d9c94254fe37acec93021fee64144 |
| SHA256 | 895d7217617851c2fefb931ec0bb8908f5345321f553c60a607c1f821a41558b |
| SHA512 | 3729415cbf78cc784d5d4256ef8f2cd9ae996df30fff93655bb886865b0dfa6c48afcba1bc8bab55260f3c7341f01b093a7d688da995df1cecb4571d381c9208 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | df986dd5b5999304c542908939854859 |
| SHA1 | 69df6092ee71789548255c0286f677f9bff14cd9 |
| SHA256 | 21df60b45032ce553fd07cea660f8373f1e13aabcf45ce5fac4af3fa79343649 |
| SHA512 | 64a5e09de04da4f57b938f01bab2646d0a7cf8332a574790bdf9f9ccac6c9d1fe3fe18558ef52be318930f0fcf5c2664d0b34691c89accfa17cd31ca05e087e2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b5ff52e78e22a87467843c5cb0e32d46 |
| SHA1 | b5276db6ee6c0eb0a660b347fd2c0a43e7caca87 |
| SHA256 | 59711e5de251f6266d627681b4a02ea753d9d3bab0acb3cf1164b2d5db3cd37f |
| SHA512 | 05eb88ea1b4412e285f9f5bc8bbf3b3d2e8a3e7b19eb0fb110bce358084ac25c2544aee0aae0c063350d1dc63f05e05aa59aca7e5d64fe1f074027492f9b35a0 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-10 13:11
Reported
2024-05-10 13:16
Platform
win10v2004-20240508-en
Max time kernel
135s
Max time network
148s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2f456680be64ed75be386dcac3112d0b_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcca3d46f8,0x7ffcca3d4708,0x7ffcca3d4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,10922464245526700424,777482348955412016,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,10922464245526700424,777482348955412016,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,10922464245526700424,777482348955412016,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10922464245526700424,777482348955412016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10922464245526700424,777482348955412016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10922464245526700424,777482348955412016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,10922464245526700424,777482348955412016,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5552 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,10922464245526700424,777482348955412016,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5552 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10922464245526700424,777482348955412016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10922464245526700424,777482348955412016,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10922464245526700424,777482348955412016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4604 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10922464245526700424,777482348955412016,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,10922464245526700424,777482348955412016,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5952 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| GB | 216.58.201.110:443 | apis.google.com | tcp |
| GB | 142.250.200.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.200.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.200.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.200.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.187.225:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.200.9:443 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| GB | 216.58.201.110:443 | apis.google.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| GB | 172.217.16.234:80 | ajax.googleapis.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 8.8.8.8:53 | www.blogblog.com | udp |
| US | 8.8.8.8:53 | blogger-related-posts.googlecode.com | udp |
| GB | 142.250.200.9:445 | www.blogblog.com | tcp |
| IE | 172.253.116.82:80 | blogger-related-posts.googlecode.com | tcp |
| GB | 172.217.16.234:443 | ajax.googleapis.com | tcp |
| US | 8.8.8.8:53 | s7.addthis.com | udp |
| BE | 104.68.81.91:80 | s7.addthis.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 8.8.8.8:53 | dl.dropbox.com | udp |
| GB | 142.250.187.225:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 2.bp.blogspot.com | tcp |
| GB | 162.125.64.15:443 | dl.dropbox.com | tcp |
| US | 8.8.8.8:53 | 76.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.116.253.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.81.68.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.179.139.118.in-addr.arpa | udp |
| BE | 104.68.81.91:443 | s7.addthis.com | tcp |
| US | 8.8.8.8:53 | 3.180.250.142.in-addr.arpa | udp |
| GB | 142.250.187.225:80 | 2.bp.blogspot.com | tcp |
| IE | 172.253.116.82:80 | blogger-related-posts.googlecode.com | tcp |
| GB | 142.250.187.225:80 | 2.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | api.htmlobfuscator.com | udp |
| GB | 142.250.200.9:443 | www.blogblog.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| IE | 209.85.203.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | www.poweringnews.com | udp |
| US | 8.8.8.8:53 | 15.64.125.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.203.85.209.in-addr.arpa | udp |
| NL | 190.2.139.23:80 | www.poweringnews.com | tcp |
| US | 8.8.8.8:53 | statinside.com | udp |
| US | 104.21.57.149:443 | statinside.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| US | 2.18.190.81:80 | apps.identrust.com | tcp |
| GB | 142.250.187.225:443 | 2.bp.blogspot.com | tcp |
| GB | 142.250.200.33:443 | lh3.googleusercontent.com | tcp |
| GB | 142.250.200.33:443 | lh3.googleusercontent.com | tcp |
| GB | 142.250.200.33:443 | lh3.googleusercontent.com | tcp |
| GB | 142.250.200.33:443 | lh3.googleusercontent.com | tcp |
| GB | 142.250.200.33:443 | lh3.googleusercontent.com | tcp |
| GB | 142.250.200.33:443 | lh3.googleusercontent.com | tcp |
| US | 104.21.57.149:443 | statinside.com | tcp |
| GB | 142.250.200.33:443 | lh3.googleusercontent.com | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 23.139.2.190.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.57.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| BE | 2.17.107.99:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 99.107.17.2.in-addr.arpa | udp |
| BE | 2.17.107.99:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | www.blogblog.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 216.58.204.66:445 | pagead2.googlesyndication.com | tcp |
| GB | 142.250.200.2:139 | pagead2.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.53.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| GB | 142.250.200.9:445 | www.blogger.com | tcp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| PL | 93.184.220.66:445 | platform.twitter.com | tcp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| NL | 192.229.233.25:139 | platform.twitter.com | tcp |
| GB | 142.250.200.9:445 | www.blogger.com | tcp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| GB | 142.250.200.9:443 | www.blogger.com | udp |
| US | 8.8.8.8:53 | top-20-in-india.blogspot.com | udp |
| GB | 216.58.201.97:80 | top-20-in-india.blogspot.com | tcp |
| US | 8.8.8.8:53 | 97.201.58.216.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | eaa3db555ab5bc0cb364826204aad3f0 |
| SHA1 | a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca |
| SHA256 | ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b |
| SHA512 | e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4 |
\??\pipe\LOCAL\crashpad_1008_VGASUGISJFXBJROL
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4b4f91fa1b362ba5341ecb2836438dea |
| SHA1 | 9561f5aabed742404d455da735259a2c6781fa07 |
| SHA256 | d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c |
| SHA512 | fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3715a5af9481295b18a9ab7c3e4fb9b5 |
| SHA1 | 5316f4c569f73aeb54658f2482247fb53b0688af |
| SHA256 | 53f943a5e3d43ac9d7fa6bb8919605cac66b9bfe9406b79f6a1793507f85f941 |
| SHA512 | c42d1e613a17e3dc86fe9764eee88952c87c54d7cfd8fce98adfc3d362aa2f2f7ead478c3f98f69a0db9966e5f8d1b2174956f7be08575904278b2af3a6d5190 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012
| MD5 | b6c8122025aff891940d1d5e1ab95fce |
| SHA1 | a0c7ca41d0922d085c358f5dde81ae3e85a8c9c4 |
| SHA256 | 9954c64c68000f615e5066bc255eced1195d1f8b7dbc715f9062ddf9f147e87e |
| SHA512 | e62a37b55b6b8d95c24fb624105ff6ff72f118e31760d0da1e8df8e8acf627ec6327c26dfa26df8535585877604c7948d2f621ccabc39beec49787e22c302c10 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013
| MD5 | 88477d32f888c2b8a3f3d98deb460b3d |
| SHA1 | 1fae9ac6c1082fc0426aebe4e683eea9b4ba898c |
| SHA256 | 1b1f0b5ef5f21d5742d84f331def7116323365c3dd4aec096a55763e310879d8 |
| SHA512 | e0c0588ff27a989cac47797e5a8044983d0b3c75c44416c5f977e0e93e9d3a9321b9283ea077e6dcad0619ac960ee45fe8570f1d5cc7d5d4117fee4f2f0c96b3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 9feff8659e8440db3329dc185ab00e43 |
| SHA1 | 6b29208c43bfe66d1c7fa366e888f0acdec97444 |
| SHA256 | 6f981fe820655b225182e00e1242a9e83ff44dfb8d05bf2fe93a1838680ef34e |
| SHA512 | 8fb1c3550fb82aa99742425e790a8f0ddfa1cd3397d8b8ef7b8f8c66b7149815f19e9193e18cdd20809f3466b917e00b6e0909222ce0a715ad97067cd01b574c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8026039b6d8bf9df227aeb13b5fd51fd |
| SHA1 | 1c4e1fbcab74c52f4d9f2d9eaf3638e8ea34f99b |
| SHA256 | 7c834d0bd72776ffcb3f5388d56f811c5a2ae26ba6060c2ec8026a9f497f6872 |
| SHA512 | bf3fbb0613a74d57785c0022d2b92ddeed14ca363c32f5f04fca9ac1175091fdda228ea2e26ccc5c912cf33292d1b8771ec0607403b1af35c788a0fcce235e10 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | b2a885339f124e63944eb015458c4866 |
| SHA1 | 0e30b69fa67fb1a26c29ce75431750bf024ef320 |
| SHA256 | d7bb8d01e6619c7769f7b45c52044114696bfa1698f752426894e7c07c7e56f3 |
| SHA512 | ff8f02add5e3f264d26cb7f9042e2e6d28378a081e0daf46a094ecbc6f6bc1b9f723e9c441f52aab804ae7851f50867f8cbed50fb19459ca7b7adc728964200a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | eba4659be6ff0464eb260cdf2d6e2b67 |
| SHA1 | 851fdae3418ccb03ed10a2730c9a20dfd27176f8 |
| SHA256 | 0f6426473be469078661925b8041512a77549fbbb79c55d006e6e2f302aeb0b1 |
| SHA512 | 3b2aba68e249b6a2e49a59a78362f57a5bfbe40a212c22f5ec5ac65c3b61f1451031cadd7d573ce775f7e4497f11fa6c153f5a36d5927ec66f055ee727be392f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a39ff3dea54dbd3471f39b47a974e8dc |
| SHA1 | 78f79e6d271ed17f55734b8e856545a65f6447af |
| SHA256 | 0a7844a0f4dd056c892ebd8d8783ba44e80ea24ba0d906ac99c1717b90ffc9e2 |
| SHA512 | b9d2683a63ed5bf82fa3f358c37bc777425d45435911111987c9c4f15cc5f1c6510353fde48fb722587d166f4273ee8c6698cd3c3356e1614fc4273d08896174 |