Analysis Overview
SHA256
483dfb7e275ee569ca2f76af7c9e2a6eaab9dd99a556238be8d025c278d3bafe
Threat Level: Known bad
The file c1bcb09a17d4700f5b6763ab2953a4ce_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
SocGholish
Browser Information Discovery
System Location Discovery: System Language Discovery
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-25 22:40
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-25 22:40
Reported
2024-08-25 22:42
Platform
win7-20240705-en
Max time kernel
141s
Max time network
145s
Command Line
Signatures
SocGholish
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e05e2ed43ff7da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002f8e41e3384fa749ac47329e409d99090000000002000000000010660000000100002000000042a12c105d8f558bf71a57cbb82eef6f47c05cb74580c295ea890fadae46583c000000000e8000000002000020000000704f581faa15ae93b492def075f3dae3baed5e83c1864d922965480e88ffdb2290000000f515e1635419fe9b04233b41616eaca8841d97b45545b797fa575da69fc529d5003c768d77939659484ca723fcbf3ac3726081dd6de341a2ea2b0eb19892221f8d4068e020acefafbd18b63f8e0d7e979543336f0970455929ae70e6532d6fa391d9aa938e9e8738b704f0cb31428c86b98c9ad108556ffaaa6673ebf8b45bee4d6328066a66c99334c6568cc03d70e7400000001ba705d90dec7539b42243b567e1cf7607693f2eb0b5595d603e4d942d30af1f2e4e74f030b183c50d844fe01f982ffbe0b03e136295651eb29d496c81bb5628 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{FCD4F481-6332-11EF-BD75-DA960850E1DF} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430787479" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002f8e41e3384fa749ac47329e409d990900000000020000000000106600000001000020000000998e948cfb4a7e0997b131352db6dff0182f8a4614f4577de525ec75746b5e4f000000000e8000000002000020000000602476e1aba77962a3f9878a5bfb9eeb7dcc0058c53a875eced26e20d75c8691200000009ded5bd439fabedd0a702ff3ead729145c53cfd08d25beb7f83e3920189bb4b740000000ebae48a0ab8b4e71ba79d5b18312cb9d4653b6f049e1aa5c1c00648d1897da222ff44025621179beb0da6277bf22ff56068a0cd43a4bcc35655ec5a27ccacd62 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2576 wrote to memory of 2604 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2576 wrote to memory of 2604 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2576 wrote to memory of 2604 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2576 wrote to memory of 2604 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c1bcb09a17d4700f5b6763ab2953a4ce_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2576 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | s7.addthis.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | yourjavascript.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| FR | 142.250.179.105:443 | www.blogger.com | tcp |
| FR | 142.250.179.105:443 | www.blogger.com | tcp |
| GB | 104.96.173.184:80 | s7.addthis.com | tcp |
| FR | 142.250.179.105:443 | www.blogger.com | tcp |
| FR | 142.250.178.142:443 | apis.google.com | tcp |
| FR | 142.250.178.142:443 | apis.google.com | tcp |
| FR | 142.250.179.105:443 | www.blogger.com | tcp |
| FR | 142.250.178.129:80 | lh3.googleusercontent.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| FR | 142.250.178.129:80 | lh3.googleusercontent.com | tcp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| FR | 142.250.178.129:443 | lh3.googleusercontent.com | tcp |
| FR | 216.58.214.66:80 | pagead2.googlesyndication.com | tcp |
| FR | 142.250.179.105:443 | www.blogger.com | tcp |
| FR | 216.58.214.66:80 | pagead2.googlesyndication.com | tcp |
| GB | 104.96.173.184:80 | s7.addthis.com | tcp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| US | 13.248.169.48:80 | yourjavascript.com | tcp |
| FR | 142.250.179.105:443 | www.blogger.com | tcp |
| US | 13.248.169.48:80 | yourjavascript.com | tcp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | www.blogblog.com | udp |
| FR | 142.250.179.105:80 | www.blogblog.com | tcp |
| FR | 142.250.179.105:80 | www.blogblog.com | tcp |
| US | 8.8.8.8:53 | crl.microsoft.com | udp |
| GB | 92.123.143.234:80 | crl.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 79c6ed4665ca5f95ecf6419986a0655b |
| SHA1 | 754a75abd0a387483bf5716d71889f8244ed53dc |
| SHA256 | 555be7adaf0d2a9f8d56e183673ed2112563c7de5170fbe2a50bdd72d3dc04d7 |
| SHA512 | c52954a0ba4aa7cfa348aedf74b68792060c5c814dff73cfb31f8b2b23f7318f4f80b7f023c358a87efd59c5325c54254aabb74ea50bca6d9b97e6e6fcadf087 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 2a381905c63a6b1fad304d628be7d487 |
| SHA1 | 858cfc0a5cbd598280d705eb07a599469619b296 |
| SHA256 | 76c8c927d286ee2f7f93b810dcf282cedd5de4fd393c3676f6cf4f36c2a60672 |
| SHA512 | bd12dc097d549ff5ecdccf9be1e0838bdf1695a71f085fe2f6cfe4c9f7bc6716d271d9e7a18a8efbc4c5747afd194ad36c7c2eb0e5b84b93b3c8c98e05b51f42 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 33f3fce4a0e272106b01def63a6b824d |
| SHA1 | 478481551b791034484b3218446d016bc7b42be5 |
| SHA256 | b20638746ad7ebeeb5cf7ef0b642c1efac786f661b79c97dcef36c8dae99951c |
| SHA512 | 863bad780eb438e2ff6920a66cb184861bb9c90f076eacfef9ccb3c9f1c36c22ec25777ccf1f18457f64664cf5966e0cd8f9fb818fed178e8d649ba49e1bc7e2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199
| MD5 | e935bc5762068caf3e24a2683b1b8a88 |
| SHA1 | 82b70eb774c0756837fe8d7acbfeec05ecbf5463 |
| SHA256 | a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d |
| SHA512 | bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199
| MD5 | e6e06e696f1503f3944c1d1f32e944ef |
| SHA1 | dbbff07641e42fe58bdc2b77029f8580224745f1 |
| SHA256 | 8faf1b0022cadbafd85a35d4a43a97d9ae6ec26b6121dc2e7ad1080b42cfb268 |
| SHA512 | d722c414ce00bf7a25d3c264fffdcbbb285ba4c2267fedd2a077e2373f01049fc020d14baee675aa5fdd28b815b8a551a8596fe540652aafc64077f53bf18b08 |
C:\Users\Admin\AppData\Local\Temp\CabE32F.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B3513D73A177A2707D910183759B389B_147AB4536A182B9FCE88E194D59F3B22
| MD5 | c15a231282d4e73e20f85d26dd77bb0a |
| SHA1 | a03a63d98f818356896fdeac86ceba2236d77446 |
| SHA256 | 40b5362a8b4409d1dc054792abde7a103b0f6b9cfb4e94ff6a2e0dd6c84a9b49 |
| SHA512 | dcb0b3ebc0f69b641b0beafad88fa9a9058d63c3685aa9862f5e2246f018e682e678a1189a714105037cf21aef064981996ece27d631c6042562e109b3a442f6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B3513D73A177A2707D910183759B389B_147AB4536A182B9FCE88E194D59F3B22
| MD5 | 9567f5fa5f9ab437be782dd03c82992f |
| SHA1 | 1b43a7366e8048396ac77aab2f664b7f04e297f3 |
| SHA256 | 9c3b0a98bf69d02ee9a23c48ba3ec79898db6bdfdb3ea2fa9df9ae582bbfeac7 |
| SHA512 | 41865f00932057bb7d225735b1a2ed844ceda711f95dba8f630fbea78d9043ff09bbfb9614ac9cbdc2947ff8035cdeb13a9e04eb0960c54c8d1add8824a93e47 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JQ7VMQEC\cb=gapi[1].js
| MD5 | cb98a2420cd89f7b7b25807f75543061 |
| SHA1 | b9bc2a7430debbe52bce03aa3c7916bedfd12e44 |
| SHA256 | bea369fc5bdd5b9b473441583c46b9939232bf1f98c1cedf6bc2241c4f5068d4 |
| SHA512 | 49ccede4596d1e5640a9c8e8be333f9c18812d58f02b2b15adb54172df1387439e9dc5afc4ccd9d8f0f75f092318bed68d3cd577338e88ef4f9373de8a07c44e |
C:\Users\Admin\AppData\Local\Temp\TarFE5E.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9cf761d98e370441d5dce6a535ef5deb |
| SHA1 | 8c3396eae1d1784e2b8f3b76ec6b5061e4b1a859 |
| SHA256 | 33080f4c6be7d4e35d704bb61dfb78400da07471e43ff57fe7b95d93041cf33f |
| SHA512 | e9927f177ad21b6e015a333f6e32bdc0aae223a3193a19b48aeef2fbe93d455d63eb480cff8992ea3a5520d780d9cb9f2f2913cc5efa4e5f6275f3edc36780ff |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2f672ff92ed7e755ee75de48f5ef7597 |
| SHA1 | c95b1ca4dfab36ed6f912276738dd4071cb65cfc |
| SHA256 | 2151a77dd523682a5bc59006f0d820e5cc43aa0e77976eeac915a40e937ede6c |
| SHA512 | e7672bff57426633c3539d961884476b2af13b4059de2ebf13f11f20aa20d01441a40ed00882278248b3040b094e956656a8b8e2f5703a9949045a2885cb71fe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cd8c8a8cbb35b634fc18c020bebf6d4a |
| SHA1 | fdd13c39a3c57036b335c8182493ddadca38004e |
| SHA256 | 6737d7496cd1f8f7f93e346d54c72d4099fa3c66c18be8dc93e57a0c978d83f1 |
| SHA512 | 88c416cdc16e5b9ad2ea909914bc2f1e7254748080cc5a2978f8948881a4332c553f84e54abd705c6c878e5bd335aa575d3f2bbb203289f07af2eb20e5c25a96 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fa6b712fb710cda34bc4c8ab4bce08b3 |
| SHA1 | 016297bed9377573c233a6e085ceb1a870083074 |
| SHA256 | 6c01d93fac945f8f07007964d417fc636084a8ba001b2ea8ba614041dbef90ee |
| SHA512 | 2ced75a14c79f132e88a1efdfae8b80efb5f773bc3a486284a02e772fdd133f07c7f9a331eaabca2cb76777926490e9d4f09927394db0516fb4d9b3c1a3ce16c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8c18ddebf75b35041f17e70903c45784 |
| SHA1 | 404c717d151146a46c3be12c632b9950ee33a134 |
| SHA256 | 0dc37af11d252ae8c273e874169fb26633182ff26090a7182871d71243f432fc |
| SHA512 | 2c2b2fce7f03a991398b86ef8d4c68a47012a9a3ac0974791efd0a03ab1cb99e983f9c39c5f143378dd1ca5fcd039e0cd4228b9101fa360ee866a8a81b6838ae |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 01ed109f8d02f2233781b90e2b4ac233 |
| SHA1 | 8172790339065de1ecdc1184843acff2f1412ab7 |
| SHA256 | 1ee3363989ab3ead11df95bd5c16af4c72c580dde5f1425dd8f776a1801eb07f |
| SHA512 | d646c9636d4294630c94489ff00cc698dbf956ac24f7587303220fbeb890f0e4e4318d8c4e223d8e73c549dab946c1fef24b7c2c39ca84c3f9822d527b353651 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7f32be4a6864df99ce9f6d52e713b13b |
| SHA1 | bb7d6bc69ecf0f41f13b98afb9eed820bcc43997 |
| SHA256 | 2691da917de620375133f45048d8e3ebcb50f81797ec5cb2cc2b0ca953f4aa52 |
| SHA512 | 1cde56599469c4334150cb5fa224fcd932cf851ad9c14417a22fcb99d3a945261df902168bb195dcea69b5c1cb2a0a57248075d0b182cdfbc217c56c9291bf3a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bd78940581faad44d9b5ad26498b3dfe |
| SHA1 | 7b493279c2415f9b269560112cae42c61bfa5eff |
| SHA256 | ae146706fedc4d6cb01b6d2a6c4894e11a1b075cbddac991451469d9952d3c74 |
| SHA512 | 0e2d726d59ea496ef91dd0326c789c78b658a7beae8d5f01f4a4fda5d65c342aeba126d1ede1b6c69d81b2bcba163a48e9a1421c7584fc0187a33cf896b888a4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3d258f97e3a2aee95b09320954f385da |
| SHA1 | fbd2081b9d7e314cfe41bc118fef794be3a88904 |
| SHA256 | da75cec331007656ed0abf700abf6a55f4d162f9a696a6327fbfc8ff5daaf333 |
| SHA512 | 98524ebc7562e484ca3ef80f8fb85aff78f172c8e02686cfe603c41575d43ebb4bfa2ad80d6f20c9148b1ef263fe3328506a3691944876f7ce756247c65084ce |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bed0e5e6db234545f7c7c24b21288861 |
| SHA1 | d0f50e989ea87863a7b443a3d67b1d94482e4e5e |
| SHA256 | a63e0c317432fd43062bd574aeae44b02a7e49d01a3186d9f80d1fecbeed0182 |
| SHA512 | 2c362abd8b09a36944c208698f778df3896868ce72668250821b5eaca1acee6977304fdd6551fdb6c763c16fb39894004f49b25f60dc0963e339df1fcd100731 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 15d572115f1ca26469b4d88515616e70 |
| SHA1 | d4269b7aea9f420737967f8ed1b355ad7ffed5e1 |
| SHA256 | 1af03f48f58ad153ffe2f93bf44581ea0adbc93b526737ac570e914e9f5ef904 |
| SHA512 | 2fe2edb6a10f91aa99b45b9d7d5f3dcc5056903e7334dd38d7698d33dfac6f9fc4b3a73a74a4ee27691903ea868c83a4612a82edc4d0171fcbba2b50fa04e020 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0583639d1156c73b04aa3ed0a4c5efb6 |
| SHA1 | 02cf798fb6f498eacb0e770e1adc52465d2aa06c |
| SHA256 | 00cbfbeabd7b750fba39ca2d82a80f5e43b7c3cb42c7586739587b1eae18028a |
| SHA512 | 68ca375850e49b432c6fb70a1eb56b7468af0507f931b9c97cc42c2d5eafeb1992b4438f4e5117bf8ac2343b8214543612a13aec5d8a58e902966d54eb11001d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 76638d98c068feb647d65113803ec7ab |
| SHA1 | 4c841131b7eeb2c06f96b314c08b537dd135148e |
| SHA256 | 55f5ec6e9279847c4982d4384c14b00fb65e2af08ff875f11344b7b8ef844461 |
| SHA512 | a77fdfec6aef8ea379d12ab3ecec4da669bf3520fff567a8a172abedf150fe588133674b96070595ee8db8688ce0aab304caec288e8bb38e707bfb3d1543cd62 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5cececc6b5088b8f5dff6e35f7ff2e23 |
| SHA1 | 5187f101ad25fa5225eec191e993ca0142d090b0 |
| SHA256 | 294d6a63bdde1445d1d8bf9cc60ec9f633fad82727d1a686e69a7502c399040c |
| SHA512 | 2e3b9e04d614782d2fe799320a7bff61f3b58192f840041986c62a3ba4e173dc300835fb1e5f2a4f6168a483ef54133eef3dc420ae825c9a51a2415ed644babd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a4015e4d63b3124917b4c68271c3ffd3 |
| SHA1 | fa459c35a675a94e6e71766ea271eddea048474e |
| SHA256 | 5164f75b4b9a692cd3b9b5b1b4c967c17923fe9fc4f87143ca9fa19188f4ad27 |
| SHA512 | 2a93cc9adc9a765fb7cb7538192b8c3404f08508bd3efc259fe6f94b0bb97f0f9a32b26c0d6c97a1ff3f3d71dee832b10c580e155e8922faae6fd511a2056521 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 15ad1581711c43116d5d9f8881f956f8 |
| SHA1 | d7f78bca701fda0c594c9d8cca053e9f56fd5496 |
| SHA256 | 0e34cebc284f961f0caf744e3115f2d66f3bbc5c885ae664b48c674411bcf2f3 |
| SHA512 | caed4fafa06d8a80d3943cf04f9332a5eb740a8c356763179df4ecea5ae39a70b86303998351582e9b11fe37edb762c78f7f9d5fda078223441c9c04dfd34ec8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c8bf8d4657e268c12257ed9bae8a36d5 |
| SHA1 | b5ca7594db38f6df66917def474c5d7eeb717de5 |
| SHA256 | 9b40481016aa4cdad60cb86cf1a85b821e219432765f7e2a856c46e22bfbfd9e |
| SHA512 | 6d4d5f833eb5ed63b197d6ea9d840bcb6b1658afc3855e1d4cecd4016149afaf3ab59058147de04e00491760e5707bb5ff3ff65e4f7390f0878c5babc70a34c3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e23d6d92d10f2f8d36cde9ff50ca9b54 |
| SHA1 | 3bccc755a2f00862d10361d3f43ff9ecc8f077e2 |
| SHA256 | 0c4bf3f4d63aa6abdeee3f3ef01c8c7376e5ed5e601c27914a9520b04f87dd1f |
| SHA512 | 3f1707c8d965e7889b250a06b817c8e3ca14f8be5f19df0933906a26d0f69ccd8ac5e4373e5d0ec5a40eabcf7250a8e1d084f9b4bf51720f907e9de2cc77f444 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 73f97918a832078e3e0a48c44b7dac09 |
| SHA1 | e2bd3915b5f38a9c051328b390f878a8f74cead4 |
| SHA256 | 04d896f2cd58e613e359f3f0027387e5043f8bd446f11e1e43f59d3ff76cd2d5 |
| SHA512 | 13d7fb01ac5a610eb8be0dec6d834bd9c1e750f1e3a3fa1aa013c52f9d2202f0d75a7d234b82bbc86128651a0a586a79714ffd3550c60c760e112da804f48c0e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 91559a5ea126d4a517a4ce862beeab16 |
| SHA1 | 584692278ed6991f03cf101c649e11d1ea982fb7 |
| SHA256 | 7522a2b602240471f6b7432e7775e584a16255fa1eb7f01aec26fdd23bc86917 |
| SHA512 | 3ca67f52470be03744019399f6f9f1e0fc1aa43fac5affdff67005c9bd30aed238b061bac73b017bf8e3a155861534a81f27f1b8fd9b227754e6d657ad095de9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 980e6d766336601ce3beab0a8215aa33 |
| SHA1 | 6363286ffe78c27408d7e05077ed4fcdb895e4d5 |
| SHA256 | ae146684dfba6bb4e4062cccc1f31b0132f2d70f4096945abb974379c1433f64 |
| SHA512 | c0f91f60fb69f2e6aed9e59b31f213ea11b0ad23a2e19080a857c303e0a04a3c686d1d3bf20ae2d433eedb5c01ad55a4405151e5b5acb06f74a8e3ccf2513b2e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8fee182f7790738ec13835390d671be7 |
| SHA1 | af4acfcb21c1b81f0d9aa072dd1e98e49b162e12 |
| SHA256 | 77d5866d7fcff250f883eb9e8d6db4c60b304bdc8b10efbec66abfec5907d356 |
| SHA512 | 3a4087d3f0ff146fec95d0c435cb4ee69b17723cfa09a46e63834e75028778ad5e0b612fa4c7dfeb469f86670539296b95c020bb106392fea447f1d9b1c95235 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-08-25 22:40
Reported
2024-08-25 22:40
Platform
win10v2004-20240802-en
Max time kernel
31s
Max time network
39s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c1bcb09a17d4700f5b6763ab2953a4ce_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffacade46f8,0x7ffacade4708,0x7ffacade4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,7195676445692033665,7904069809298591300,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,7195676445692033665,7904069809298591300,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,7195676445692033665,7904069809298591300,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7195676445692033665,7904069809298591300,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7195676445692033665,7904069809298591300,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7195676445692033665,7904069809298591300,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| FR | 216.58.214.66:445 | pagead2.googlesyndication.com | tcp |
| FR | 142.250.178.142:443 | apis.google.com | tcp |
| FR | 142.250.179.105:443 | www.blogger.com | tcp |
| US | 8.8.8.8:53 | s7.addthis.com | udp |
| FR | 142.250.179.105:443 | www.blogger.com | udp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| US | 8.8.8.8:53 | yourjavascript.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| FR | 142.250.178.142:443 | apis.google.com | udp |
| GB | 104.96.173.184:80 | s7.addthis.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| FR | 142.250.179.97:80 | 3.bp.blogspot.com | tcp |
| FR | 142.250.178.129:80 | lh3.googleusercontent.com | tcp |
| FR | 142.250.178.129:443 | lh3.googleusercontent.com | tcp |
| FR | 142.250.179.105:443 | resources.blogblog.com | tcp |
| US | 76.223.54.146:80 | yourjavascript.com | tcp |
| FR | 142.250.178.130:80 | pagead2.googlesyndication.com | tcp |
| FR | 142.250.179.97:80 | 3.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | www.blogblog.com | udp |
| FR | 142.250.179.105:80 | www.blogblog.com | tcp |
| FR | 142.250.179.105:80 | www.blogblog.com | tcp |
| GB | 104.96.173.184:443 | s7.addthis.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 184.173.96.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.54.223.76.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.178.250.142.in-addr.arpa | udp |
| FR | 142.250.179.105:443 | www.blogblog.com | udp |
| FR | 142.250.178.130:139 | pagead2.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | 30.179.139.118.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.28.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | themes.googleusercontent.com | udp |
| FR | 142.250.178.129:445 | themes.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | themes.googleusercontent.com | udp |
| FR | 142.250.178.129:139 | themes.googleusercontent.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 2783c40400a8912a79cfd383da731086 |
| SHA1 | 001a131fe399c30973089e18358818090ca81789 |
| SHA256 | 331fa67da5f67bbb42794c3aeab8f7819f35347460ffb352ccc914e0373a22c5 |
| SHA512 | b7c7d3aa966ad39a86aae02479649d74dcbf29d9cb3a7ff8b9b2354ea60704da55f5c0df803fd0a7191170a8e72fdd5eacfa1a739d7a74e390a7b74bdced1685 |
\??\pipe\LOCAL\crashpad_2064_APTKZZCOMBAQCVOH
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ff63763eedb406987ced076e36ec9acf |
| SHA1 | 16365aa97cd1a115412f8ae436d5d4e9be5f7b5d |
| SHA256 | 8f460e8b7a67f0c65b7248961a7c71146c9e7a19772b193972b486dbf05b8e4c |
| SHA512 | ce90336169c8b2de249d4faea2519bf7c3df48ae9d77cdf471dd5dbd8e8542d47d9348080a098074aa63c255890850ee3b80ddb8eef8384919fdca3bb9371d9f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 31163faf814a71a8a1b358793b716ff2 |
| SHA1 | 20276f2fcd9396722f3cf60e0787d5d9437c21bb |
| SHA256 | ea434fef461b0cbc793a8a8a9f48956a6c6667d1041bc39bf3730b8d0a5a554b |
| SHA512 | 00a94fce54c92d984c968723a05bacdb25e81b8a6a97e532f1aa2250aee79f91f8d09dd5aecf99bcf815ccbdb15dc782e5e605e4f37cac9f4edb6a6e267b9879 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | ccd7bcd7bf270cbe9d5d5a12fd11a4d0 |
| SHA1 | 412ef20d8664987b8a3c02a7448bf1efc2451fbd |
| SHA256 | fd1181853d519d6218f92ddd9407a3722bb89d63ad7dbdedefdf15e7262cae9a |
| SHA512 | 2c378c83d52c0e18b0589670556f529749034f7ae9dda3adf17315da65af405521c0cc4b9aa728160bf5e2fb8dfa32c1ad00ba6381e5923a106bb0aebd5069ad |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b60e96761ec7dbfd90b9ec2bfe962ee4 |
| SHA1 | 60a98771cec2901f05fb9fa6e0a2653387238f4e |
| SHA256 | 6911de214e8b3ac55eb37507c4f513385674d37dbfa675418d787013e3ddb4e9 |
| SHA512 | e41812097fb39c8e2936eb5371d2cd480c13380bf6bf5378f2e38cb8ca25dd2aa332b85d086773b3c649b506295ba299ad8d328e64b4e60787798e685a674957 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 95c7549d2d32ebcaf44f8e20bf8a4546 |
| SHA1 | a1906481bcca1404c04594fc03ef539a70b3c46a |
| SHA256 | d4d1764411c300f3f38577021d2165d5849113992eff485a0476fd65ae94d072 |
| SHA512 | c42751b77add70722438af54c283b1e53f86d82deea89bcff779616252bf12fd249cd884a2c2fcfdb11c8f8d0f888891cf63adf794a529e4ee63371669994b79 |