Analysis Overview
SHA256
8836f7fe582bbeecd66f3bb10d077e9cf1674cfd17fcc3c678b95c11f1b14259
Threat Level: Known bad
The file c1748706b569ecd0ef9982fee5a194d4_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
SocGholish
System Location Discovery: System Language Discovery
Browser Information Discovery
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of WriteProcessMemory
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-25 19:55
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2024-08-25 19:55
Reported
2024-08-25 19:58
Platform
win10v2004-20240802-en
Max time kernel
148s
Max time network
154s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c1748706b569ecd0ef9982fee5a194d4_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa928946f8,0x7ffa92894708,0x7ffa92894718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,10807545420382404690,8419673847176444986,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,10807545420382404690,8419673847176444986,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,10807545420382404690,8419673847176444986,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2660 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10807545420382404690,8419673847176444986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10807545420382404690,8419673847176444986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10807545420382404690,8419673847176444986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10807545420382404690,8419673847176444986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10807545420382404690,8419673847176444986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10807545420382404690,8419673847176444986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,10807545420382404690,8419673847176444986,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6996 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,10807545420382404690,8419673847176444986,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6996 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10807545420382404690,8419673847176444986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10807545420382404690,8419673847176444986,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3496 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10807545420382404690,8419673847176444986,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10807545420382404690,8419673847176444986,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,10807545420382404690,8419673847176444986,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5628 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nusacode.googlecode.com | udp |
| US | 8.8.8.8:53 | javascript-share.googlecode.com | udp |
| US | 8.8.8.8:53 | drooid-today-script.googlecode.com | udp |
| US | 8.8.8.8:53 | domassistant.googlecode.com | udp |
| US | 8.8.8.8:53 | bdv.bidvertiser.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| IE | 172.253.116.82:80 | domassistant.googlecode.com | tcp |
| IE | 172.253.116.82:80 | domassistant.googlecode.com | tcp |
| IE | 172.253.116.82:80 | domassistant.googlecode.com | tcp |
| IE | 172.253.116.82:80 | domassistant.googlecode.com | tcp |
| US | 54.241.51.109:80 | bdv.bidvertiser.com | tcp |
| IE | 172.253.116.82:80 | domassistant.googlecode.com | tcp |
| FR | 142.250.179.105:443 | www.blogger.com | tcp |
| FR | 142.250.178.129:445 | lh3.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.116.253.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 109.51.241.54.in-addr.arpa | udp |
| IE | 172.253.116.82:80 | domassistant.googlecode.com | tcp |
| IE | 172.253.116.82:80 | domassistant.googlecode.com | tcp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| FR | 142.250.179.105:443 | www.blogger.com | udp |
| IE | 172.253.116.82:80 | domassistant.googlecode.com | tcp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| IE | 172.253.116.82:80 | domassistant.googlecode.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 142.250.179.68:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | 134.32.126.40.in-addr.arpa | udp |
| IE | 172.253.116.82:80 | domassistant.googlecode.com | tcp |
| IE | 172.253.116.82:80 | domassistant.googlecode.com | tcp |
| US | 8.8.8.8:53 | 68.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.179.139.118.in-addr.arpa | udp |
| FR | 142.250.178.129:139 | lh3.googleusercontent.com | tcp |
| IE | 172.253.116.82:80 | domassistant.googlecode.com | tcp |
| US | 8.8.8.8:53 | xslt.alexa.com | udp |
| IE | 172.253.116.82:80 | domassistant.googlecode.com | tcp |
| US | 8.8.8.8:53 | 163.214.58.216.in-addr.arpa | udp |
| FR | 142.250.179.105:80 | www.blogger.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | bdv.bidvertiser.com | udp |
| GB | 163.70.147.35:80 | www.facebook.com | tcp |
| FR | 142.250.179.105:443 | resources.blogblog.com | tcp |
| US | 8.8.8.8:53 | lh6.googleusercontent.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| FR | 142.250.179.105:443 | resources.blogblog.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 8.8.8.8:53 | www.blogtoplist.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | images.dmca.com | udp |
| US | 8.8.8.8:53 | i1259.photobucket.com | udp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| FR | 142.250.179.105:443 | resources.blogblog.com | tcp |
| US | 150.171.27.10:443 | g.bing.com | tcp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.147.70.163.in-addr.arpa | udp |
| GB | 163.70.147.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| IE | 74.125.193.84:443 | accounts.google.com | tcp |
| IE | 74.125.193.84:443 | accounts.google.com | tcp |
| FR | 142.250.178.129:443 | lh6.googleusercontent.com | tcp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| GB | 216.137.44.119:80 | i1259.photobucket.com | tcp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| GB | 143.244.38.136:80 | images.dmca.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 97.179.250.142.in-addr.arpa | udp |
| FR | 142.250.178.129:443 | lh6.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | stats.topofblogs.com | udp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| GB | 143.244.38.136:80 | images.dmca.com | tcp |
| GB | 216.137.44.119:80 | i1259.photobucket.com | tcp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| FR | 142.250.179.97:80 | 2.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 2.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 2.bp.blogspot.com | tcp |
| US | 54.241.51.109:445 | bdv.bidvertiser.com | tcp |
| FR | 142.250.179.97:80 | 2.bp.blogspot.com | tcp |
| GB | 216.137.44.119:443 | i1259.photobucket.com | tcp |
| US | 8.8.8.8:53 | img846.imageshack.us | udp |
| US | 8.8.8.8:53 | 129.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.38.244.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.44.137.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.193.125.74.in-addr.arpa | udp |
| FR | 172.217.20.174:80 | www.google-analytics.com | tcp |
| GB | 216.137.44.119:443 | i1259.photobucket.com | tcp |
| FR | 142.250.179.68:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 174.20.217.172.in-addr.arpa | udp |
| FR | 142.250.179.105:443 | resources.blogblog.com | udp |
| US | 38.99.77.16:80 | img846.imageshack.us | tcp |
| US | 8.8.8.8:53 | i50.tinypic.com | udp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| US | 8.8.8.8:53 | s10.histats.com | udp |
| US | 8.8.8.8:53 | 16.77.99.38.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 54.241.51.109:139 | bdv.bidvertiser.com | tcp |
| US | 8.8.8.8:53 | 43.39.156.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 172.66.132.118:80 | s10.histats.com | tcp |
| US | 8.8.8.8:53 | world.popadscdn.net | udp |
| US | 8.8.8.8:53 | s4.histats.com | udp |
| CA | 149.56.240.31:443 | s4.histats.com | tcp |
| NL | 190.2.139.23:80 | world.popadscdn.net | tcp |
| CA | 149.56.240.31:443 | s4.histats.com | tcp |
| NL | 190.2.139.23:80 | world.popadscdn.net | tcp |
| US | 8.8.8.8:53 | 118.132.66.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | statinside.com | udp |
| US | 104.21.57.149:443 | statinside.com | tcp |
| US | 8.8.8.8:53 | 23.139.2.190.in-addr.arpa | udp |
| FI | 65.21.240.245:80 | stats.topofblogs.com | tcp |
| FI | 65.21.240.245:80 | stats.topofblogs.com | tcp |
| US | 104.21.57.149:443 | statinside.com | tcp |
| US | 8.8.8.8:53 | 149.57.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 245.240.21.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.240.56.149.in-addr.arpa | udp |
| US | 172.66.132.118:443 | s10.histats.com | tcp |
| US | 172.66.132.118:443 | s10.histats.com | tcp |
| FR | 142.250.179.105:443 | resources.blogblog.com | tcp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| FR | 142.250.179.97:445 | 4.bp.blogspot.com | tcp |
| FR | 142.250.179.97:139 | 4.bp.blogspot.com | tcp |
| FR | 142.250.179.105:443 | resources.blogblog.com | udp |
| IE | 74.125.193.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 73.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 27304926d60324abe74d7a4b571c35ea |
| SHA1 | 78b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1 |
| SHA256 | 7039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de |
| SHA512 | f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd |
\??\pipe\LOCAL\crashpad_1232_XPABXRIFXFGVRBCW
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 9e3fc58a8fb86c93d19e1500b873ef6f |
| SHA1 | c6aae5f4e26f5570db5e14bba8d5061867a33b56 |
| SHA256 | 828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4 |
| SHA512 | e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5add84239bf937243b0d09ef419cb9a7 |
| SHA1 | 1d284baeaa7fe73aa4a849ba845a44f13a3cf6a7 |
| SHA256 | 221385c30720a88694a365596ce82d45b8eaa6c1c3bd4ffed892f12a2fe7f844 |
| SHA512 | 725257d4d18f8cf2721a005885c65e607fa157a982e1c9cf8649fe50baafbd548c907436ce65ad8938fbc790632555c3c891d8c6009a0628d40799734ad8be5f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 4619794c8b1f2df9f34124c3aed1f3ed |
| SHA1 | a14e3fd9ec33f6c89445122fb07f4803f8566f27 |
| SHA256 | 15d5cddc5fb80df6c928c8f2c973e55f00551172d5c69c14d80b540a0bb54d36 |
| SHA512 | 331fd0d9272a34a3c47ac9f028692b90664b5a0da785820fde505f20d39a11ce6b2cbb37c551eb6ebc438dd87ef74bf0d5c5b4f4033db4291ae754fc17f7b7c8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b5dea9e6d0e2e553d4e1a0c461c361fe |
| SHA1 | 5952e42a6501b6588e1902c26a13e7863582d33c |
| SHA256 | 04e40fc5bf138c35f79c895dc287cbfae3c87c5a7c1eff12d3c34493e298712f |
| SHA512 | ba00569f967d43dfcc087f83d214eefdaf99d595aec6d0bce3ce177dd0c60fcdbe9e83cef8a1022e7dc64ff0adf38058144480b5c99bf08a4ecb772791acfb8f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8cdb3071c8100f270cad7ad3ceeb5de9 |
| SHA1 | 06884208dc3600718872ab67c61b5bae5e50e35b |
| SHA256 | 2795620be7bc5567333128da4252e5d3d5862e75a1c701b6badcb79ba0d84d50 |
| SHA512 | 74b32fb632d02ea242ecf3b9ad02564d8725fd7200246dd0e3a4da2734691440450b444c46a092013de4b1560ff09caf4fe5e0b95ed722c99b50574e26987ec8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | e561888e9b1ee81a587c6df90234c109 |
| SHA1 | f1e47b24a2ece8123defe621cd06468183e68833 |
| SHA256 | bce030cb71c042ff8672ddec325757cf6716a279598aaab02767ca81d4f2f87c |
| SHA512 | cd394b423e9bd02d73f79cb2a3673cf5ea2a952318344eb4aaac3b69ca6e72555a94580d7b3009063c65623fa21bdc4ed98ec1c766759b67b33d9961e9e75040 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe588b82.TMP
| MD5 | 0b83aa1697673c72598303ac96137d21 |
| SHA1 | 3ef7f2b07829d804662e48f4bc16d4bfab597c5e |
| SHA256 | 3f67cae062f7afcf194971a388b1023e1bf89844b816330c089cfa38be312c47 |
| SHA512 | 8b43256f15ff530211e026eaf77488f6d2c6fbc6ca99f2f3fdecbd07e386ad7a26700c36b8457cf7cc88434795757987808bace926d85358da3db39405e24e18 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\6e92ad0d-9dbf-4234-8e8d-1393751410d9.tmp
| MD5 | fcc6e09d755ddb548585cccf1576d4bc |
| SHA1 | 83c3004d34361f273596938605de73523d474440 |
| SHA256 | 6daddd9671702a7bc60247302d83633d970b2875af103fc6dc2dcfeffb8aecc1 |
| SHA512 | 9098b77265b595a710b71e30c8f3f4a9142731443012395a082ad5c48a5294aa09cd5052db9e385142e2b0bb869cf0d216ec787be6eb3eb9dc28dd27c621092b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 0ba5acc1c99b36f53f7e355ca8944266 |
| SHA1 | fc66175f4ed8e851dc67aa37f896bfd92bdbfe5a |
| SHA256 | 1c39637fee156d4a4f7808106b799e9119fca7bdf2d6da09e59ea3f09763373b |
| SHA512 | 3706eb5cd907fc067a714ff9727f953d5bd11c9dfc4c1b91a733b6909e60f143e4ebfe50e3bd9e3308710ba83833e2d21434abd511fd89e0be8bd1da95f02bfe |
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-25 19:55
Reported
2024-08-25 19:58
Platform
win7-20240704-en
Max time kernel
144s
Max time network
152s
Command Line
Signatures
SocGholish
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430777615" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bb7c5835718279428690b074aa627b7000000000020000000000106600000001000020000000b760117c6d27a1317c3ae57ff10f8c0cb8d9b6889ba910698e7e969f97d6174d000000000e8000000002000020000000969ee93cd0edfdb02dc5adea36d641d04d7626b3f226c75217c4f798039483e220000000e5cfbb8684b556c54aa3f350e0e2278f03f9fe4d1913dc26b3813df797c315cf400000001f758a80ac98d3c4f7982f81d48f34849a6abf57f53ca68aca4f159e94996cadccdf55478fe25a2632637a15b250bb4bb1cea0ca794154fa0753f244c0ed15db | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 10de1aeb28f7da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{027F9AF1-631C-11EF-B29C-DA2B18D38280} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bb7c5835718279428690b074aa627b7000000000020000000000106600000001000020000000d4f768744082ea5664e0cadddb24c0b05b2cf1b3fe5d07c1a995d44632b08546000000000e8000000002000020000000ac11ab1198e27fd463e729495ddb7149a46f513b49103fde8248ab433529f5d89000000024d54dbcb8685100f80bdd53e49e9ac11cd40fc128536a242e6a9230ea2c99dd8d579d12bb8ef7a1b6240e4ae44d83506b522c26a869ba502f327783f5b38f037df6c6c7d45bba1aefcfb15a9c771bb744a6e6dd2214e2c4d32010275ee39b383208f94d46db82f0eb6647fde9428b0d11df4d3cb447678733471bd4053fcd6afa0565935c4f69ad56409877d5fc20db40000000ef22273da227e40f08ee0f7f3d69e6d6aa1b33af488c0d8058f5fef9ce64fd1bf7e6811ed12ddd32b6b19d485d622c3bfa694f02ed5d1f7db496115b71760ed5 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2388 wrote to memory of 2744 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2388 wrote to memory of 2744 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2388 wrote to memory of 2744 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2388 wrote to memory of 2744 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c1748706b569ecd0ef9982fee5a194d4_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2388 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | nusacode.googlecode.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | domassistant.googlecode.com | udp |
| US | 8.8.8.8:53 | javascript-share.googlecode.com | udp |
| US | 8.8.8.8:53 | drooid-today-script.googlecode.com | udp |
| US | 8.8.8.8:53 | bdv.bidvertiser.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | lh6.googleusercontent.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | images.dmca.com | udp |
| US | 8.8.8.8:53 | xslt.alexa.com | udp |
| US | 8.8.8.8:53 | www.blogtoplist.com | udp |
| US | 8.8.8.8:53 | stats.topofblogs.com | udp |
| FR | 142.250.179.68:80 | www.google.com | tcp |
| FR | 142.250.179.97:80 | 1.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 1.bp.blogspot.com | tcp |
| FR | 142.250.179.68:80 | www.google.com | tcp |
| FR | 142.250.179.97:80 | 1.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 1.bp.blogspot.com | tcp |
| GB | 143.244.38.136:80 | images.dmca.com | tcp |
| GB | 143.244.38.136:80 | images.dmca.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 54.241.51.109:80 | bdv.bidvertiser.com | tcp |
| US | 54.241.51.109:80 | bdv.bidvertiser.com | tcp |
| IE | 172.253.116.82:80 | drooid-today-script.googlecode.com | tcp |
| FR | 142.250.179.105:443 | www.blogger.com | tcp |
| IE | 172.253.116.82:80 | drooid-today-script.googlecode.com | tcp |
| IE | 172.253.116.82:80 | drooid-today-script.googlecode.com | tcp |
| FR | 142.250.179.105:80 | www.blogger.com | tcp |
| FR | 142.250.179.105:443 | www.blogger.com | tcp |
| FR | 142.250.179.105:443 | www.blogger.com | tcp |
| FR | 142.250.179.105:443 | www.blogger.com | tcp |
| IE | 172.253.116.82:80 | drooid-today-script.googlecode.com | tcp |
| IE | 172.253.116.82:80 | drooid-today-script.googlecode.com | tcp |
| IE | 172.253.116.82:80 | drooid-today-script.googlecode.com | tcp |
| IE | 172.253.116.82:80 | drooid-today-script.googlecode.com | tcp |
| IE | 172.253.116.82:80 | drooid-today-script.googlecode.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| FR | 142.250.179.97:80 | 1.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 1.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 1.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 1.bp.blogspot.com | tcp |
| FR | 142.250.178.129:443 | lh6.googleusercontent.com | tcp |
| FR | 142.250.178.129:443 | lh6.googleusercontent.com | tcp |
| DE | 162.55.172.212:80 | stats.topofblogs.com | tcp |
| DE | 162.55.172.212:80 | stats.topofblogs.com | tcp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| FR | 216.58.214.163:80 | www.gstatic.com | tcp |
| FR | 216.58.214.163:80 | www.gstatic.com | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | www.blogtoplist.com | udp |
| FR | 142.250.179.105:443 | resources.blogblog.com | tcp |
| FR | 172.217.20.174:80 | www.google-analytics.com | tcp |
| FR | 172.217.20.174:80 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | i1259.photobucket.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 216.137.44.125:80 | i1259.photobucket.com | tcp |
| GB | 216.137.44.125:80 | i1259.photobucket.com | tcp |
| DE | 157.240.27.35:80 | www.facebook.com | tcp |
| DE | 157.240.27.35:80 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | img846.imageshack.us | udp |
| GB | 216.137.44.125:443 | i1259.photobucket.com | tcp |
| US | 38.99.77.17:80 | img846.imageshack.us | tcp |
| US | 38.99.77.17:80 | img846.imageshack.us | tcp |
| FR | 142.250.179.97:80 | 2.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 2.bp.blogspot.com | tcp |
| DE | 157.240.27.35:443 | www.facebook.com | tcp |
| DE | 157.240.27.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | s10.histats.com | udp |
| US | 8.8.8.8:53 | i50.tinypic.com | udp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| US | 172.66.132.118:80 | s10.histats.com | tcp |
| US | 172.66.132.118:80 | s10.histats.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| IE | 74.125.193.84:443 | accounts.google.com | tcp |
| IE | 74.125.193.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | s4.histats.com | udp |
| US | 8.8.8.8:53 | world.popadscdn.net | udp |
| CA | 149.56.240.130:443 | s4.histats.com | tcp |
| CA | 149.56.240.130:443 | s4.histats.com | tcp |
| FR | 142.250.179.105:443 | resources.blogblog.com | tcp |
| FR | 142.250.179.105:443 | resources.blogblog.com | tcp |
| FR | 142.250.179.68:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | r11.o.lencr.org | udp |
| US | 8.8.8.8:53 | r11.o.lencr.org | udp |
| GB | 88.221.135.113:80 | r11.o.lencr.org | tcp |
| NL | 190.2.139.23:80 | world.popadscdn.net | tcp |
| NL | 190.2.139.23:80 | world.popadscdn.net | tcp |
| US | 172.66.132.118:443 | s10.histats.com | tcp |
| US | 8.8.8.8:53 | statinside.com | udp |
| US | 172.67.146.166:443 | statinside.com | tcp |
| US | 172.67.146.166:443 | statinside.com | tcp |
| FR | 142.250.179.97:80 | 2.bp.blogspot.com | tcp |
| GB | 88.221.135.113:80 | r11.o.lencr.org | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | crl.microsoft.com | udp |
| GB | 2.18.190.71:80 | crl.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| CA | 149.56.240.130:443 | s4.histats.com | tcp |
| CA | 149.56.240.130:443 | s4.histats.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199
| MD5 | e935bc5762068caf3e24a2683b1b8a88 |
| SHA1 | 82b70eb774c0756837fe8d7acbfeec05ecbf5463 |
| SHA256 | a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d |
| SHA512 | bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e |
C:\Users\Admin\AppData\Local\Temp\TarA8E2.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\Local\Temp\CabA8E1.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b85a1bc6c02017fa1faa0a9c64895896 |
| SHA1 | 02e9b37c6d51d4e64bfe051c230d1af5b8a5491a |
| SHA256 | 169e01dfb2829ea14878456383241e2d92000e93193063ccbdf6d20234ea1955 |
| SHA512 | 77c2cad7c055764941e52b069847f90dd1c61a051adadb36aedb4b37cbe6797ee6ed4627e9f60a74c11dcced4674e48c1b8dc126463d1ee70b6d08cf4b618dbd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1eca3d414ac13d12272b7410f923232d |
| SHA1 | 25710d3d09505729039e08e9f56586716e5d0b40 |
| SHA256 | a31ae8beed60e2a9787ecc7838ff1d426d49cccb3f43944185203d8a7ca3c88e |
| SHA512 | 19b9b201b6650c4c562e0bdfa58d80f2094bf621785ebd7a61e942ba8a4853efd8e534955c4325594e072e52f4f5620f9c7d4f1713213573a0f49e242c40589b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 25ac3a928c57961fbb98b67438a2df87 |
| SHA1 | ce0a01992987c370082299071f42afc165793def |
| SHA256 | 8031c4d7b3fa1156557b562a112a569763a265765e16241b7c5076375ee90207 |
| SHA512 | 7ae8f97d059ffacc2de7e8b7e17eb5f419e7317ff6b64e8a3c44fc134c8d31644bf4291a623e129eee1fdc46491bb01b8f409805a7bb8865dc86a7003a432a00 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 13797a7e67bc67b77c059104f1e6df0e |
| SHA1 | 62b05f3d9dabcbf0f8ab118f118196bd08d808b8 |
| SHA256 | 21ad902f1a151d6f744601466042ed4d597988d527e0e2e43e403c72916afbd5 |
| SHA512 | 4cbbab30cabdc02f2d825d46296cb79dc55cea69f87f46420e4846be8c4e63b29c0a9790b605f216d2259d7597c53995f267cd2f04762250a177a395a678bdbc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0643e95b4c65874e6d364251ce1b2379 |
| SHA1 | 6302dd36d51074dcd9a46983ba5f86087433d2bc |
| SHA256 | efa42907e88f897fb0ac9eaa978cfa6b929bc89efcd4849feb6540df7401912f |
| SHA512 | b27ec42e53f41ed11e4d608704483252f523fd656c5bea6622e89425030decea1995392248c34fc09fe1f663c06d23befb428cbf147e4febdd3ee8922743a651 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
| MD5 | 55540a230bdab55187a841cfe1aa1545 |
| SHA1 | 363e4734f757bdeb89868efe94907774a327695e |
| SHA256 | d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb |
| SHA512 | c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
| MD5 | 9e623393e5fea1de03bea45c24944329 |
| SHA1 | 263d942624f2d341903c58273feffd45b3b01f3e |
| SHA256 | e9ad3def92ee840fa89eb7e58a1c24e791a2b1102de5a665e294daf405ba4df2 |
| SHA512 | 6d2f9aaa7b5793c1b062995063971ed3a72bd9cec1bd9b5bb73fb273347217403465456c7f26aff3fd2b82b580ccabbf51f9798837d0cbf93dfbcd231c0bf1fc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 908a58996a27a183cc7633f5787f79c6 |
| SHA1 | e89ad90e09db3a0d3f0c0e857d622e04025305b9 |
| SHA256 | 843b5815f1d76fe68115416a1afe983738d7ddca69935f95e0873bb73da85f1b |
| SHA512 | af4aeafbc7b83f13669981815110c51b6da057b6f3bf958c10ef9ac458c21614a36576b1334c6e8e72fbe4b8d64e6515eaee81d1a0b70d6f9ea4776a7b7ebb60 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f8da4fe5bd8d72bc3d2cc6ced9139a7f |
| SHA1 | d7de4eb699b3687a7ded3f313c012a80d5dcc63f |
| SHA256 | c8fbf82000ecf006a62e2d6d4ff3376ad6c3be7a6eb1a966df7ddd1ada59d494 |
| SHA512 | 01c7e5800e36fbdfa88444dcf8501dec6ba582aafc93f953a9aa012603de5f52a82f433763400f5b5a29bd394c4b4b9dc84040937e1e94add5ffd52ca4d58e8c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7e6bc8ebb421add3e7afb293ad6c93e1 |
| SHA1 | b7ca59bd35fa8cfe27d0dd56974b6b3e196747ad |
| SHA256 | fd0a6aef798af0fce841e71c586e72d808767a2898db63aaef78f1b401a27109 |
| SHA512 | b43630d1af517cebde3c67cad9b45f02e3ba21b32629a5bd3cae156f3ae41cd794ac7c2877c7c1f417aee7f7d3e15a7f25f66bea7f2cd5b989c1337dd04c779f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0a46e3a88ab94be49c5abe46a0be3013 |
| SHA1 | 11aacf82943f3c784e49a77b7a6d26bf05aa6e6b |
| SHA256 | 460810cad42245ffad49a20477affe9c6a6420dbf6195ffe7302c85e75d113be |
| SHA512 | 1b85918456d87f4fdb44b65d48748f0e55e71869c7067d38b85e6e2792ea9bf4b6bf08c5ec70f4ee32497c0e0f6a719e46bcac987581d55ed1c1072e6a4a45f2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1578b1c056ce57b85c53f4679845e3bd |
| SHA1 | 1cda9b44580bdce8e3a9141f8a5245b73e0bf23e |
| SHA256 | 954c2e64ff204fae54455cffeb4f3409c676df9f4e266d12a6d6bc139778c5c1 |
| SHA512 | 89c4958a63cf5697fbdad4ae6bc96cb4d721005618b4bb09b1082be6b5690dfc7cfbd64282ffa13e90951633cba61e5ec12146769441e81395ce64207a21ae55 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2e440ae1c099c6e746542ec035e96745 |
| SHA1 | b9306abd63d1a4c95b28ebaa1ac1bd26f185fe62 |
| SHA256 | aa5c245a1b64012171f0b32b73c8aed2c5b65fe9d09277e9d871bcd7b65b9f9a |
| SHA512 | 98cfa9e2ca43de4c62906f2a3dcb11654a32c3d88ec1937c05597b957fe2952bf235190357189a3ab4f29162181f1ff4dc86aa5b3cf739bd6d3a1dc97d479746 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c15bd44da4945eac7dd0f951c4c625e8 |
| SHA1 | cafc3948cb1c2c3f633de71f94f151ff8abdd3ef |
| SHA256 | 1a7f3a68a7b367349543c1bc5eccdbd98fdd1a79a910efdaeb67c7198a69b3b9 |
| SHA512 | 1c4caeee4235d5a4087497c5a36e1bae0f33a89e0e40451d5f33aa5e7e5746e1fe2c487fb26658854e5acab36fc85dafdc7845736dc4818b0e0a29a3fde86354 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 028b7138248c17ec592d15d606e66994 |
| SHA1 | 71647be1223d836b69a1d4f4e847c567927c8e3b |
| SHA256 | 5a6ce57444278374f6067248417d4e8d2231c7ddf537dc5aff6b4736ec1d0df0 |
| SHA512 | 41bfbe03b52a832caddca126fdf366b039349903ffab65c5dffff4050ee66f906c0ba136f7264d1e2d480eb96f22d12bdc1fbee569e62e68234c6ae809ac90ac |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0022582305f66d8ed18d5760cb2c8112 |
| SHA1 | bf6de1d065bd32562a3d0651b8f00f576bcad748 |
| SHA256 | e85d42577afcf2a8f1db4fdd23acec7fcdb3cccd07dcf54d229e7083a8e994c9 |
| SHA512 | 5bf06d5fc8a526237b636156c26fa6b459fa8225001219271811bc922768b96ef2c4772a60a2be2c92e3fc56a7fb2ff2e921748013f45dc4085c4e3d0d45045d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a3e44e9cabdc56f15e358d6e3d4e119e |
| SHA1 | 62a151e1feb600d7495371687aa8b16fb5103bd0 |
| SHA256 | 42eec12208eb514cafe522e435415334ae9a4c3da98c6bec5bce568a6d8b6137 |
| SHA512 | 5ca325771a567ec5aa389c0ef271d828ff250fe5b1847d536636459378ae5e8850e8f764654c77e861d007f0b185e1dbe8078717802fc874d079f5e4d9b1a41a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 66974f1203501f950e735248dc5ac64b |
| SHA1 | 60f772e5fe90a47acdaf8fa31158fcec8ee860c2 |
| SHA256 | 0226bd82ba9f0489a4663498839085812bf5e61abcfa7dca71e670019d4f49c7 |
| SHA512 | 6ea18f467b823ee545973854bcfe89e6fcfad5636e6c65299147fbf1e8e15995d968e31f550cf64c89530ab9251cf075e7b7e8cb304ceeb5f877a4f0b807dca8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cc531cf621cd189af4b929d80f8303a0 |
| SHA1 | 386dee245b97605fc285b6b95403dbaa38d605f2 |
| SHA256 | fd746d3c82245b9bcde2f21083a850eaf2ab1a4f0bf329acef1d50d01dee209b |
| SHA512 | 711b454633184edaec088b25d769be7992fe1c26e541401d9917e1806ba9ff02a25292f0c496e00f93f6e11d2e105fb65e92c8fed78e53340078cd91e8b76f83 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2413d737ea04e7a8169919257f9730b1 |
| SHA1 | dc3cb7f21593337932bfeac9b4a22e91be0c8684 |
| SHA256 | d9efd074b190e58e94541c897d18ac61a84d15d63356c8b1945b7df618cac7f8 |
| SHA512 | 233da6543c8a0e8791c421f7169193d29d1ecf964a0bd5f7a6aefb8aa52b86fbfad912d6bb979064be29f6ff61bf507a66c53310d431f3a2d2ddfdc30d51511e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8c1e441b168674971cddecae44c7c469 |
| SHA1 | 4d1226e3a16a97d54254b3404516247f29341247 |
| SHA256 | 73edc83654a41804983a059e0d52eefed8b4139f87a36837a5a31f961974071d |
| SHA512 | c0da3fc0eca05fc7a2e598a978cdd5532aa88d325721c8032cb0efdf897f68a93cc26b9ff6d3d943226c6b21881217ac15282167807d0e46a8627fe24e70d3eb |