Analysis Overview
SHA256
b27e145d05625372672486569cec90773959bc0211340df6687a40ae433b6560
Threat Level: Known bad
The file c2f34b84798c0ad2bddb7389308c0079_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
SocGholish
System Location Discovery: System Language Discovery
Browser Information Discovery
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-26 12:00
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-26 12:00
Reported
2024-08-26 12:03
Platform
win7-20240708-en
Max time kernel
139s
Max time network
145s
Command Line
Signatures
SocGholish
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D2B696C1-63A2-11EF-9982-6A2ECC9B5790} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a3d5a058b71c4645a1a6b8b9d2c7fb4700000000020000000000106600000001000020000000f5c12aa1813e42243dfc213dd202427c0f4cc1c13f188e3b73f0b127a5e33b3c000000000e80000000020000200000004d0b832c6cbf059955b1613a03be3e50216924b07611a4de6afa03bca9715030900000007267b7af42c5f90c590e3a00d4f212b43ee3af3d240b205ae17d9bdb7915ed4f739257108bf145a4970c552385111920420ee3ec486d2ad90b9e184bd2be2f3ec5eeb606ff27c277b7ac36e9f40fcc2b84f57dd84f4e1663179b8cafce6f07dc36eb6fc52ae96c60ad799c49e9f11d69cb0206444511421511d0de0a9b9dc2cdc670bbab9383e0d63972289f73b5f9a0400000008299d7baa4d34aeaa569d2fbeb18f31f177901835ace8091a3ffd161df07327fd549d457f5397f359fd47043008f99bd9ea5be4b8c20b0d2d86095eae033f32b | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a3d5a058b71c4645a1a6b8b9d2c7fb4700000000020000000000106600000001000020000000b65cf6eaf05551af3a655dff28d602be9e45249fff2f35fb509c3d637d8bee2d000000000e8000000002000020000000a3344f5fc4218af112cb287c3272742434a2ed1ff069844f75f964fa932a5c7e20000000e4e9a6b1ecd91a6d2f26284735bb5b76f4854a8e210989e1e6a308564239084d400000000ea95dc750f5388622c59e83cecd9cb904ef4ed6c259241b236444917411a90f4fc299ef9f847f6dcd83fb8d45e17e4b2409fc9af7a5c1c343c728c792406a0d | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 308d97a9aff7da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430835516" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2096 wrote to memory of 2940 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2096 wrote to memory of 2940 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2096 wrote to memory of 2940 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2096 wrote to memory of 2940 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c2f34b84798c0ad2bddb7389308c0079_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2096 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| US | 8.8.8.8:53 | ads.adport.com.tr | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| FR | 142.250.179.97:80 | 3.bp.blogspot.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| FR | 142.250.179.97:80 | 3.bp.blogspot.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| FR | 142.250.178.142:443 | apis.google.com | tcp |
| FR | 142.250.178.142:443 | apis.google.com | tcp |
| FR | 142.250.179.105:443 | resources.blogblog.com | tcp |
| FR | 142.250.179.105:443 | resources.blogblog.com | tcp |
| FR | 142.250.179.105:80 | resources.blogblog.com | tcp |
| FR | 142.250.179.105:443 | resources.blogblog.com | tcp |
| FR | 142.250.179.105:443 | resources.blogblog.com | tcp |
| FR | 142.250.179.105:443 | resources.blogblog.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| FR | 142.250.178.142:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | ad.hepsiburada.com | udp |
| US | 8.8.8.8:53 | srv.sayyac.net | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| TR | 31.186.15.180:80 | srv.sayyac.net | tcp |
| TR | 31.186.15.180:80 | srv.sayyac.net | tcp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| FR | 142.250.179.105:443 | resources.blogblog.com | tcp |
| US | 8.8.8.8:53 | crl.microsoft.com | udp |
| GB | 2.19.252.143:80 | crl.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199
| MD5 | e935bc5762068caf3e24a2683b1b8a88 |
| SHA1 | 82b70eb774c0756837fe8d7acbfeec05ecbf5463 |
| SHA256 | a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d |
| SHA512 | bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LPQ313RR\cb=gapi[2].js
| MD5 | cb98a2420cd89f7b7b25807f75543061 |
| SHA1 | b9bc2a7430debbe52bce03aa3c7916bedfd12e44 |
| SHA256 | bea369fc5bdd5b9b473441583c46b9939232bf1f98c1cedf6bc2241c4f5068d4 |
| SHA512 | 49ccede4596d1e5640a9c8e8be333f9c18812d58f02b2b15adb54172df1387439e9dc5afc4ccd9d8f0f75f092318bed68d3cd577338e88ef4f9373de8a07c44e |
C:\Users\Admin\AppData\Local\Temp\Cab5B0C.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d7817d22b7a5904e3fd6598fc3d4f2e3 |
| SHA1 | 0c72197ce4dbf759dbae651fe215a20f7b2e6397 |
| SHA256 | b51b6c41ac4ded573438b7707f38f6a0640d9480c0927f1e855d6b70137e353c |
| SHA512 | a4b7d91f0b61d977d61f10f0a721eace779d14d7b99b6ca92c63200d477f44487381982d663f28ecf2c8a6bb78e25a81069f213068cb44256485e36d452b8c2b |
C:\Users\Admin\AppData\Local\Temp\Tar5B1F.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 550ce11f246f89a4bedbdc6cfd5b084d |
| SHA1 | 528a6a57bccfa2c32da6ecf71af917f01066cf83 |
| SHA256 | d381b5fea5b44d7f7c642add509f271fcb92a21dbdaa425bd77cd1ca6be349f1 |
| SHA512 | 3c35c1cfcd673b5e084d93814632d4401ca2890971e2587b810a9f55937c0c5d7966fd0feb256c4eb63e00534437d5df6c7378a5214603bafb10eea4c433476a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 82eeb465fcd5a20b93ac18a19d5f3192 |
| SHA1 | 74cdc517dec38b542f07294b09ed9c9f7d856d7e |
| SHA256 | 7b3be9ed80bf3e53d05cc93426f0453d00c07bb0fe7f4c13945db6a99ae4fe4b |
| SHA512 | 1e8986bc460016d2179180830bd12abea13a530f0404261fd913f83ee417bda244ff15798d174a5123a2f85ac0df614e97cd1e8dac9799a4c72e7780aed318a2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 471053e87c8a94f00c6d0d9ff69cfd03 |
| SHA1 | 3c1b6e0307db8104155573d39f5f325b90ca06ff |
| SHA256 | 2e51b012c580d9a0b1d4dd20b212e9320c910263e1f1e5b91ef5c43fee0132fe |
| SHA512 | 1b4ca80c7ead08b394ecb9cebee7e9d94ff898f807b53f78612ad91b4a404f8894ac0df929839d3c24a02742703fa863049f17e89dd8528502b3d34cec85d2d1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5584c5f7aa6c782a683230dc62ade5f2 |
| SHA1 | 12c496c64c54fc514a4230d2bee85d84512bd4eb |
| SHA256 | 3ce8394672505fc9aeb4812ad366eb0822cfdf4c98a1464b1d6fea93059e11c1 |
| SHA512 | 11184a455de95685b96c57792085e9649dca90bd4e4149b2c2c3062a60017abdddf0eea69bbea2043d13afe0cd07ba7d648fe39d0e5af984f3e0a19456b868e4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2b71b83ba6e462f1fed61c559d064b2a |
| SHA1 | e564206696bb54ce44957d3c8a044d4b44cae61e |
| SHA256 | be09aaf92e866ac81dfc0634b32d9bc2da66319c88a1eb9906431904b306d332 |
| SHA512 | 5c96ab625bfa503176d1ea9f578963b767642637c0511eaa36252dce76ec1c15730560babc03cd6673fb22434c813568cea62a7a10f68a01111206850b36e641 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 81eac8c5d2c7b9ed13da95dea62a04df |
| SHA1 | 253a5aa2c1ab96757d9c35705a86b17f17bf54b4 |
| SHA256 | cdfc50c5f70844ce9ee693c4aa87ad4903285e3b0ac801624087143cfb5b6e2f |
| SHA512 | ee6ad9d0904399a19cf772696a0c6c0ecd9453b792bb2c16f2f9a7632825f28dc1b038d8e2891f6e7886cf9dfa9855a99c4279390c46fb982699bf737a8ea1a4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | da01aac0d016bb632fd83b62552a7aa4 |
| SHA1 | 8572cebeeb7ebe44faa68bb14fbdac9013e8c794 |
| SHA256 | 3fe046fa057a6f5c896a9536f9ee70e08bae33f2f639dc2fb2fad510a64525b9 |
| SHA512 | 40a79da9437c311f378e5e29594ce2d8f7586d8ef907dda476bd899db37e21edfe929191fac75b3b64c1763247b5c1713da648a79ba8a6f30045e56d6daac9c4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 42429f7120fa5cb17838ac16f99111af |
| SHA1 | da549b998c33cb94fa66ee860632a04bc16aa1ec |
| SHA256 | fb76c559ef13bd9b488053574007d636d5462cfdad2624ac56f36ecc62009f7a |
| SHA512 | 5675bbeae52f32f80cbc40a64e06d5b576f6fd0c57b0b4bcfd265daa281bdd554ca7d023e5e5d7556f5c257d79368416142b6cb370a6feb81ce552db94e97b68 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 515495cd0258195a7d8209b522bae027 |
| SHA1 | 727e109c83a7e9e7917fff468b6ed133bde3b303 |
| SHA256 | 52013770738131be9899e7c10a71af244208b26b4353cbba4f78602b7f071cff |
| SHA512 | e6499c34956a0e545e1e2f82507934431dae924e8cdb9d1706e4da247f02045ab44933e1a13928cdf2a094e1c46135b543c11f3f2670afe7631e4f34fd49700c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 39a5ce3cdb9d409b853f82d35b1d007c |
| SHA1 | 3072eb6352a364cdd292b778cb43f2f63a423e16 |
| SHA256 | bd4b9ee6b91f659c8fdc785be46c7bf857d674f17d45b7efc33861362b07f319 |
| SHA512 | 7ac3be28bd544410f3811c9a2509c3c31c8a575f4b0c77d3b1e241bfa8f7528508e57754dc7bfab73038af14e4d2a6a93ea67a1b02f6cf3a71554677965b3688 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f8120fcaf152ab280841ca755f4f86c8 |
| SHA1 | 558566b2107d2186b6856b69671d0f9fd27577b2 |
| SHA256 | ac481e72f7e61c92985d5b9831978bf54529cf9f2f9863811f8093c8d25e4fcf |
| SHA512 | c6c24be507d2d8eee6e93b1f18cdb57d2e420c9c86350d903351faad82fcbaf63c7bab2bff26d5894067d6e0b1a3d23055e6e3c81b860532ec802aba3b7ced59 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 29601d8ccc5e923dedeb387a729ada29 |
| SHA1 | f6a1879b6d340814a1e155abf966bd68be501436 |
| SHA256 | fbf8b848e2d58b8c81d5a10fc74cab32164eb263cd3a86f549327f6a292815ab |
| SHA512 | f009e29224efcc04b67acb45ef7ea4b39f849daf4e1656f312cbc7a80694001ee14060a7ed9a6fd12205d3931830633652a9a2520c5bc6681b025e52e0cbb728 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8a791d2e3d3266e0a54dbe3f48e12018 |
| SHA1 | 0bd4d3ac0ce1c3ca1a8c8e8c7b0d360b51f2ad29 |
| SHA256 | 4f2e9ad37f42a47fe0f119afcc2aedcd4448830c31b0567c345a23c2c6e22a5a |
| SHA512 | 580fddee9ca45fde286f662f544e56967164611cbf2f93a85605a1b65b54ebb7c2e450e1bb1b4571caf2d656171e9fd4fe5b0bb907bdbcac2208b5d7d01487a6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a61a393034bcd054c672c840d0618cf2 |
| SHA1 | 8c34b8978f202ccd4a4bcf4f12a8436a1a898181 |
| SHA256 | b23d137189cb6acfb6c3f8ffe0c6ee05136b73d2413cbaf20ff42a266bd4cf51 |
| SHA512 | 4adedae9afcce1c32ad0a85731da62fe806663b9d6cc1099dde268bb11e7c40e45ae1eafe3239bec00ad8816e021e97220a73103dc8d0183d9435e04bc4dec50 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 61c7389719bf10f01aa338887a69ba65 |
| SHA1 | 3be0597255b06c34554437da093de0eb3ee603cb |
| SHA256 | 378599fcca71d433c0e382ff0053069634946e83b81eccb34c0ff1374a9d4fa5 |
| SHA512 | 358a9740cae08fb63d5285d1b0165a07404ee85586914466482216dddc0860898a2f36fa23ed9f9771f43099d7e938d3d9f5d7b6e038c5f4a48996e58570a68a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4452b5f84d5ab8b009bf70fa18c81974 |
| SHA1 | 4476f92746b25eb36f7d13cc1e60a379ecf5c4ac |
| SHA256 | 30e633b33cc9c40b19d4e0535863bb58377501a2de4d5b39a854116cbf8fc300 |
| SHA512 | 30156efba67c125713a97877ee80f2ddbdd5f4b5377307abf894bf8c698c5f895faa04d02118c45999e1ff93f7e5c2149303ac91b9e5dfcfc1e3f0d0c1bd6278 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 21d039b9aa9324f929a4508cfcd7f0b1 |
| SHA1 | 2201af2fd7ca99f57dcf9b878067d8840a18b276 |
| SHA256 | 56d49354f99018e11f363559c889e5582bcc53bb3c6b91e47ff273ab2b6427ae |
| SHA512 | 7fe538c8e90072aa7160554569a30e66a4f96f266d30046fab67fb544ab18f1590c50ae6fcb5b4fc74d103fd0d0d38a9b3b89491984f562a818ae9a453b7d5d1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 1fe0d973fc1ac37d59ec494613840b49 |
| SHA1 | 68ece52ab3d16e0672d82ce460521a04a54392a8 |
| SHA256 | 5a8fae200bf93c9f95e1972a754cec08c0aaf248203c1eff63dd24eff06e2969 |
| SHA512 | 45dbc286997a9bdaa0587bf879bbcc67be29c4f10420f8abff5c2690783667686d3ce9d4d050b45509baa5790176e969a1276d5d32937a21b7ee6587ed9ccdb4 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-08-26 12:00
Reported
2024-08-26 12:03
Platform
win10v2004-20240802-en
Max time kernel
145s
Max time network
139s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c2f34b84798c0ad2bddb7389308c0079_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa23db46f8,0x7ffa23db4708,0x7ffa23db4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,13395818946764235816,2344410111185773838,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2040 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2032,13395818946764235816,2344410111185773838,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2032,13395818946764235816,2344410111185773838,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2664 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,13395818946764235816,2344410111185773838,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,13395818946764235816,2344410111185773838,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,13395818946764235816,2344410111185773838,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,13395818946764235816,2344410111185773838,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4848 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,13395818946764235816,2344410111185773838,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5640 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,13395818946764235816,2344410111185773838,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5640 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,13395818946764235816,2344410111185773838,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,13395818946764235816,2344410111185773838,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,13395818946764235816,2344410111185773838,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4104 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,13395818946764235816,2344410111185773838,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,13395818946764235816,2344410111185773838,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5156 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | ads.adport.com.tr | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| FR | 142.250.178.142:443 | apis.google.com | tcp |
| FR | 142.250.179.105:443 | resources.blogblog.com | tcp |
| FR | 142.250.179.105:80 | resources.blogblog.com | tcp |
| FR | 142.250.179.105:443 | resources.blogblog.com | tcp |
| FR | 142.250.179.105:443 | resources.blogblog.com | tcp |
| FR | 142.250.179.97:80 | 3.bp.blogspot.com | tcp |
| FR | 142.250.179.105:443 | resources.blogblog.com | tcp |
| FR | 142.250.179.105:443 | resources.blogblog.com | udp |
| FR | 142.250.178.142:443 | apis.google.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| FR | 142.250.179.97:80 | 1.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 1.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 1.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | 147.177.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.179.250.142.in-addr.arpa | udp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| FR | 142.250.201.162:445 | pagead2.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | ad.hepsiburada.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | srv.sayyac.net | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.179.139.118.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| TR | 31.186.15.180:80 | srv.sayyac.net | tcp |
| FR | 172.217.18.194:139 | pagead2.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | 180.15.186.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cizgifilm-evi.blogspot.com | udp |
| FR | 142.250.75.225:80 | cizgifilm-evi.blogspot.com | tcp |
| US | 8.8.8.8:53 | 225.75.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.142.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 45.19.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 983cbc1f706a155d63496ebc4d66515e |
| SHA1 | 223d0071718b80cad9239e58c5e8e64df6e2a2fe |
| SHA256 | cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c |
| SHA512 | d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd |
\??\pipe\LOCAL\crashpad_3572_CYLMUCNVGTOEIWZL
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 111c361619c017b5d09a13a56938bd54 |
| SHA1 | e02b363a8ceb95751623f25025a9299a2c931e07 |
| SHA256 | d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc |
| SHA512 | fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b0cc2e06bfb68ab8d63edcf3006de6cc |
| SHA1 | 1617591d7ac8c83cbe3d8ddf719ed35f88c586b8 |
| SHA256 | ecb45aed50720b08a7de442edc91655cee96cfc3e4e66e79a9394f10510a386f |
| SHA512 | 6b3cfb658f93c54eac5dd2584a1261677c0615f3d89662599aa0c2130f665eba305c32125905b24ba8864a61eeea5690df563c8569b0726006cac3537c53c917 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f9e8f574fa42d6ac53afac17e37a7944 |
| SHA1 | fa0a54fd275b3b8e2a1cb9deee5b7dd3a54f5200 |
| SHA256 | c16da79c3dcc9ec8b710ae67458d4c38ddd0f4e5b6e1b43b476b311a3210ad01 |
| SHA512 | 522620dc4aeeb2695c99346d95478840519607a991a231545f1ac1d9729ca1220d75c7cea572874b163296fb5d14af0b36a2ecc7f0dc9068032737e80e3af143 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c7917b5160ede398494d5e624c353a44 |
| SHA1 | d39860bd5a7f6156b78bb03d7beef0c7c46205a2 |
| SHA256 | cf840fb8c23a7e24552e116255f667389b1cd1d9622dc6d5a9e3a189594c3ddf |
| SHA512 | 55a6b5e5f2646d9dae9ce58d257132298dbe742e9dca62e8539ccce8b7928f55be7955e3a6ca2b8dbdd131b8582a09963ee1f271b4e1857b6f0395ebab1efdcd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 216732fe2196ff82809d4c49e3dc9ebe |
| SHA1 | d814b07ccf8c60fc942ad0cca475911a71aec182 |
| SHA256 | a07f27139b00a2e578df1cb4da2f5f55786f4736ee2d925ca7da60d64117a7c2 |
| SHA512 | a87ef13666ce7aeeb57caa2b255dc50026714cba84b3f1f1d64911bf0ec9a0c43855431fd538cd6e73c5d73234543a899542be10dfdaccfd87f3cc0ebebcb408 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7c22957143f154c2e8e90df891589020 |
| SHA1 | e08adc045188e3df1ff6747aa65c06f99ef05874 |
| SHA256 | 73107d0a669c018dff56ebc3ee61a79eff0080911c39a9ddf84c923618151783 |
| SHA512 | 696533060128095e89546685630fad552923068870453e56a33e415a0ea5b765247e46b8c1525fbaeaead867f698b82f5382aa1681ed558167b6a505375b5bf4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 205b920c7b399282cb4ee0f31dc5ce57 |
| SHA1 | 9da6fa1ee1beea39917a0161a6ad2793779f772e |
| SHA256 | 6f1f766fd4490970a1bb22057e4785225e80a680d5405bb80c2a97915df845d0 |
| SHA512 | acd133c1699be3f23e735ae57197fda4c2d59b124cc6ea7b4ab160a806afff20cc828c4dd905f20bfe393398803a8ceec455d08d6c7ef4502dd9a822edf0bbd3 |