Analysis Overview
SHA256
ae6f3ac89b6e812f9321ba4f2c1a1d92acfeba6b05c1e4de9bd15afc2e763c68
Threat Level: Known bad
The file 6c0985e71d222fb02df5b89386fe506d_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
SocGholish
System Location Discovery: System Language Discovery
Browser Information Discovery
Suspicious use of FindShellTrayWindow
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-22 21:53
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-22 21:53
Reported
2024-10-22 21:56
Platform
win7-20240903-en
Max time kernel
142s
Max time network
147s
Command Line
Signatures
SocGholish
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f0fadcf5cc24db01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000953bd8210872ea40aad5946cc0771cd300000000020000000000106600000001000020000000d8ac31edf45b647781a76caf6968e96e2949942b90b43b3458ec401b71af172a000000000e8000000002000020000000073513cab1976125c85ac479d688edd9ffea4f938e152ff1553c515eef609a0520000000f9220f10674562defe00ae20b6ca951b4dc5c3958fa661805d495026e6517eaa400000009ae13571cc2348ea7cbec3e42b3a388b3c3c63a3cd733c8e1f7b6621a4cf213c4450d8f797cc00bff932a5917425778711ddcfa700a8ebe3dc65a3beb71568a8 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000953bd8210872ea40aad5946cc0771cd30000000002000000000010660000000100002000000001563a3f362b5718f8c76e0ca79bd3bc3f8231191b3750efc965641dbc6ce021000000000e80000000020000200000000c61748ed8b3db59c24943c2c049825875c8bfe281c7660f2d8e1811d479efc69000000023118ba019f98439b0a7782f331687783a842fcd92cc4924a145e502b237dfc7996128494c07c77466fe5e59c55070eb699596ab5fe2e97d2f5afc1513d48c99f19899f105c9878fd8a256e0c1975d7b41258605b702b54bf9ea54c20a0f67c45d5ab3442d9d4afbd361ccab26d6adb2c9a1257af174673fd6626c197e7f3659caf40c2819d26a48604a4995c3fc2e1a400000009fe92d68ae31c820931418daf8b08c8d357a261726c2dfcdc256339d39d642d4ee7a8b3296ea7de3c90bc79546fac3ec1275ef043c3a2740a343f5df6be6fa2f | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "435795897" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1EB17691-90C0-11EF-8587-EAF82BEC9AF0} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2276 wrote to memory of 1740 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2276 wrote to memory of 1740 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2276 wrote to memory of 1740 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2276 wrote to memory of 1740 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\6c0985e71d222fb02df5b89386fe506d_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2276 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| GB | 172.217.169.73:443 | www.blogger.com | tcp |
| GB | 172.217.169.73:443 | www.blogger.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.178.10:80 | ajax.googleapis.com | tcp |
| GB | 142.250.178.10:80 | ajax.googleapis.com | tcp |
| GB | 142.250.179.238:443 | apis.google.com | tcp |
| GB | 142.250.179.238:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | bdv.bidvertiser.com | udp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | ws-na.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| GB | 172.217.169.73:443 | resources.blogblog.com | tcp |
| GB | 172.217.169.73:443 | resources.blogblog.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| GB | 142.250.178.1:80 | 1.bp.blogspot.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| GB | 142.250.178.1:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.178.1:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.178.1:80 | 1.bp.blogspot.com | tcp |
| US | 54.241.51.109:80 | bdv.bidvertiser.com | tcp |
| US | 54.241.51.109:80 | bdv.bidvertiser.com | tcp |
| GB | 142.250.178.1:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.178.1:80 | 1.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | ws-na.amazon-adsystem.com | udp |
| GB | 142.250.178.1:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.178.1:80 | 1.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | rcm-na.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | yourjavascript.com | udp |
| US | 13.248.169.48:80 | yourjavascript.com | tcp |
| US | 13.248.169.48:80 | yourjavascript.com | tcp |
| US | 8.8.8.8:53 | rcm-na.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | crl.microsoft.com | udp |
| GB | 2.18.190.147:80 | crl.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\CabF2CA.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EB0KZ1Y4\plusone[1].js
| MD5 | 1106da066ce809fb5afe9c6c1b4185b2 |
| SHA1 | 3b64d3a7f52b4c07047fa8727db4207137733bf8 |
| SHA256 | d0f3af1e716ce7846e7c252ace160c12480d41eecd5a7e7917ee5b2ccde62b51 |
| SHA512 | 3f0205b89d5293f14d863e344680a9d8518e5d4ee3b981dc5981106534bd597ed6b388eecab1385320f77c8d5a46a4ce5b64f03f4377b8ea13ecf9b569878fd9 |
C:\Users\Admin\AppData\Local\Temp\TarF33A.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6a31437352e08c212b692055d30b5c02 |
| SHA1 | 35f45a66c4ec2edc5c0f6937336a1ae58ccef81b |
| SHA256 | e618816604784038b58de4a9af1619dde9988c153be94e4fcfe92f918e25409e |
| SHA512 | 8536dd13b44cae7963fa9c63d25a8985a69dbfb86f2801dc76006da384727fdd93240b9eaef6f64202fe4ba0f6e3a778bcfa6352d950b7432dccf475021e279a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f58dca8726354c00f170ce635334dc4d |
| SHA1 | 5851451c3db7272f0c7c240fa263bf4e17c8b427 |
| SHA256 | 69fe2089310e901a577aac5c47560b55a440e6b6fa70f3c56b8927aed6a34116 |
| SHA512 | 91f7fac893666baae1805c29a1a238b2a95071865b455a0e919a29c7589e8bf063e57bf8916f22a412928fd6ca964810b4dfc960b77287dd429db92e93417b02 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b40ed18d58e31a23e4bbf8ddf3cd0e74 |
| SHA1 | 648288a42ea495bad4b3663f2a33a7d930043833 |
| SHA256 | 5e1d838a827b721e707e85a7eb402e99ffbf0f67a56deb112c7d4b90a44e9cd8 |
| SHA512 | 0d77bc0673b49176736350fc8c7f2ab62a1f757d1097b138c58efadfba6e093fe0aaa719a6e68911664097b0a51a70d43c467f57eba5ee154e2dfa78633b887d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7a92fd2ed442969d5e368cf918fa4e5e |
| SHA1 | fa655c8cb5ece225708d25f959a899207ca4d400 |
| SHA256 | 975e0dcfb9cb0e94bf00f1a9e310f5d7c6fbc56f5e3f176d4a6f7729f494fcad |
| SHA512 | 181ae1c7cde3deb3614860b495026f4ad17f15c1a8568030b9fcd509e2afba33f633310e69f42cce7c67aca26a479193fe1f3fd6308ce1dfc1b6d87d9727deca |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f81597d777c74e0ead14a91d90d02b9f |
| SHA1 | 46b2424c0e9cf3ac76c4bc373b817795f5914db4 |
| SHA256 | c4a0282d000d2a89f350264c072d0a48cc9488f966bde00f3bb4a0fdab49c8ce |
| SHA512 | 8fbc6c18d4c0005a4549652c60c579c7d396a58781c3701da16e7e2388dec9f88d7b23706a75a0874a487eca3611425dc3053d360f3deba6969a27690e546789 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f3ed7d4b1dcde2ff762378d922cf16c7 |
| SHA1 | b2a0313e65271efe313b0ee114279d0811630653 |
| SHA256 | 1a0d5e8e35d56350c4565ba564d7b82197a8701c7653d99e6f57e66546be4038 |
| SHA512 | 3db3c5ecbfd06fc0e23d3b4ceb5da825778a4f2826a2abc155b23bad13367734872cc66f0cfca6fe9fd5947fa97b6a775642c9ed92aa5afbc3b27afceb236bd8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f4f8b3d2259ea41241fa321aebe6cdde |
| SHA1 | bf15e6396f885293930e9ff43f77311f6513f623 |
| SHA256 | fb5ae385d2e706614813b5aaebf05b55560ce83f7e0ae0f20bf01cafe9f41c8f |
| SHA512 | 56966f8d7bf48e23582fef17af82d337f2d75f021bc224d61d3fc9acfac33e01479bc8c9a2299e4c68e6f0e6dfda450e6efa1bcebdc13502885670cd8a6a60a6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 10e1cc5bfc31c6c1104b99ff567ad960 |
| SHA1 | 16c8b51adb84148bd521ad52166f71672334b96a |
| SHA256 | 2505b936d9bb585d3f322d309b818faa7f9042046dea09415e4ee325bd5f92c7 |
| SHA512 | aa4aa37f32c7c00825558b3b7378078d13d644dc64a1b3f69a2cb8a0ba340b8d129956ef928e90c63701b66159a1fdb5ffa67761010ab92592f45e15fd6c7849 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 009df947998e8c387b850aaad5b2228d |
| SHA1 | 0577610ab32ab8a5a05709cce2e8c236332cc70e |
| SHA256 | 811a5623b0b5a792ab0f0d0a5fa2f0d4acf16ad98aa4300f1a8845024f342fe3 |
| SHA512 | 75ed351f5763125e4d8a5b353f7d7fad6e4ca81b16f755c47bed5fd55b39c938d700b3dc4bb218cdf3fd10b9a665286a66c45d87ae0f1ca66c5b23ad421eeb96 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 64bd13263a6aeb298453896eb5754167 |
| SHA1 | 30930f1f19d456025d59789fbb1db2f2e31d5b42 |
| SHA256 | 6fb0d0ca0c87fb1917eb8ae7b6766ba23418f29ae3c54976baaad9b5d3810488 |
| SHA512 | ad142e43289335b39207b64df3659f9376ace7273f95d82bfa14a3c729627423761c3c11bca193431ae3e1397698712eff8ec2880be544ea4122c5189392fcc2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0c757f932b4b8fe0544b3465c84aff0e |
| SHA1 | e4b31010f15a3505f5f3762fddd89f8ef9a618ca |
| SHA256 | 68d18aa484eb4ec0ce14ab1ab23d67a730d875845d3bf17aeb8b7f8737411738 |
| SHA512 | 9b710c766715f2877816f573b1be7454a57e1fb108472328333774e76da85cad24609596f62c5b9a236b2bcad129cef266f5313147a0b3af833105ea8e66c7ae |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8b70da0fa06041dfd79c251685e13728 |
| SHA1 | 4dae8b65bb44ce598d060a53f7bd7cb8a3937cb0 |
| SHA256 | 7f8fe634731e039e9f86ae812751fe0283a08ad1b96b695431e08f81498fb326 |
| SHA512 | 08ad37613f27186d8f04f392391c767a90dcd977a241240aa10ba4e6cad51171dcbaccfc90b431a9251232393c871a2dfa441044cf70f3625201ab315af2c098 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5ce41eaa555f5c262ef98457b185dca2 |
| SHA1 | c22087073dfbba6f500a730c0a445a90de717e1b |
| SHA256 | 349c7ad56942ad06a2289eb485cb8abbdcf2ec324c37aca7113b59ff96bd61df |
| SHA512 | 783ae899b1978b2d80d4153d528e3b0960e24bbace9b57f5320fc8079c27ea06ea36419f92e4a6b009c2f12204fa748d390286260d8d4713fe95710b8d812a75 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4bb879b0e8b37c63d173cc82561a5e6e |
| SHA1 | a42260ea9d7f9867f92bfdff8bbbd9e199475b8e |
| SHA256 | e85d270206f709ae5adca059b7cf59c90c18049bee923fecc40e22121dbfd4e3 |
| SHA512 | 037294d5eb87ab08fd2d5c0347c6d64e448d2f52d5c3289e46ca87125ca3e7c081e540322ce34cee5813e1a819b7ad0abf73c5922fd0cc54109ce2dedd80cc09 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 7586d79d328b30650d0010235cb4a44f |
| SHA1 | 0c99d82ea432f74a44b895a3f7cd7f400f2ffc5b |
| SHA256 | b0dcd816832ae45e71d681c9ea544e12fe8da77724feea591c7e6bc225f3468b |
| SHA512 | 15e694cdbdd11d0d1725d24d4caa600e3ad7f99a8669c31604c5de7ed46139693e2908c8e979def63d723663f0ebb8ed1bc0e07ab9b048b0abf3a17042dfe9d7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1157c0d399e48c1f3cec95260f34765c |
| SHA1 | c824cae7962480ef083e802de44c390d915bed9a |
| SHA256 | d7e3a88b7f96b2cd4c34f839643a6c08ba9868cac64a73e0344cc2f8a6a0f042 |
| SHA512 | c3223a8fa581f015d89b6dc06e996fa1ded170bb9e3c28627eefff6d7db778ebc651ba8ea8e5ae96d6036963dd3f4f58912af9efff3258e4a86b06400279326b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4c8a1f73b62211b7bc5051d04100e2bd |
| SHA1 | 3009c1adddb7497cbd780dc6ded36d570cfa7cb6 |
| SHA256 | 9c648b32a2aa2abfeb24e0747d738a0561236fcfbab7c2ccc73c9493267cd039 |
| SHA512 | ec63bcbc1620c7c9c46200f8eeb8850792bd58abe451d44b54604e44a6bc93ba8f9fd1e1c81c6c32b3baf61d5c5bb3c2cf44dbf5fa19d14854dbd4a3943a3cfc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8234347da3b39c70e6a4512d0d4ff7da |
| SHA1 | 6cd22483831425fef97f29945734a9a7b3a07ee3 |
| SHA256 | 95d7af9101bf5d0228f227c60aa4f0c8911088b53e65f1d7c637cc29485c06e4 |
| SHA512 | e898b97d51d5ce349b60c5eca819eaa021adfd2353ab1944d9cf8b557ca6a519d0635dd5eba4288704ae267bdcde747c8158f220203b56197491c60ff3329863 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1e535345033e5eddfb8f7ad47e9c89fa |
| SHA1 | 6e68409b66d9b5e3a83d66bf2353dac3fdfbc0ef |
| SHA256 | 2b6c9e63bad9526b8c85d5625f5f38a3867f240924a2ce7b771506c83661e5dd |
| SHA512 | 76c4f58f4c23eb9d9a3bec85a95a4921ae1c9a4a6fb4b45a8825215dddb9e7bc72dcf43122d6e8eaa1433128de7b200231488f4a93d54304b03ea08747aba828 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 0c4d8a050adf7ae5a9d38557858803a0 |
| SHA1 | 4956c59c3a9df73882fb10e039192a0f405ff4fe |
| SHA256 | 954e0613750fa7e993167a751beae43149cad1310deb01227aa6fdd863631a7b |
| SHA512 | d0de1edee302b227ef8f01c578f72dfb89f23d68326caa418d3c07f5f18f84671a1d2b18f9ac7bd3ab54e36f3d1bef974d679efc099fdb588accde9197bd2bed |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7a3c80a7c2496cf7fc6b187a85d77d10 |
| SHA1 | 54b82d65ce2acc59b07f2f80748a48f9e5220dc1 |
| SHA256 | 28e1920c5e26a3a2a388c52bfc9540fd337e6201b1b5f64640e814edad38e88d |
| SHA512 | c8e48ebc45b00a7a176c210066f561b89c7036a547749993fa4c8e18ff0baa3cd9f5785487beee1061fba9e076d0a5663133237d040781d9d7b9e81f4a80adec |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4001b448aafd44f7418e03e45c60b2bc |
| SHA1 | f83d39c1e394e8434ba00c08601d256ecc5d3200 |
| SHA256 | c5f4d73c3a736d2026168eabda909b662a58049d9110a642720285b08cce25c2 |
| SHA512 | a239e91d534f6b00584d1b2a5e016002024cfc595b527e22d74871c1b926b92659c116a9274ac324fcca5db1dde2ffcdbc34c73481a11341527a23ae2916375d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e5b11f35630466e4c08e49decb0a030b |
| SHA1 | 9100ff2ebf8529ac862de5b6b0be985b2f90454e |
| SHA256 | c6e9d63340f8bffeffcab91f50bc996dc4fad5f2518193dacd94233c482a16f5 |
| SHA512 | cdc432c2f6e0697c94322f3e84e79a8787002e29e786e28975561d95f258eded139de183bd758ddc37c33cc8b34c6505ed83782b6b42d5f691f51a326667609a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b3d53bdaa408585c74033e4e754dc674 |
| SHA1 | 8964f9f5ecf18bbf1e60799490a3fa4a1948bc50 |
| SHA256 | eba17bc08d76d225e1750d6b1283dc766bdebc7414a1480b3eaf57bba0b696a2 |
| SHA512 | c868f1af66709c3793ecce4a036f3e187775b0e565cf3fa58053e1e14943c50b1cc590a769a9fb903b0787645de2e2cae33bd3b2628020bb4dbb2bbb813eb3e5 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-22 21:53
Reported
2024-10-22 21:56
Platform
win10v2004-20241007-en
Max time kernel
145s
Max time network
148s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6c0985e71d222fb02df5b89386fe506d_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe5bfb46f8,0x7ffe5bfb4708,0x7ffe5bfb4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,2111236000122028694,649683068150370922,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2036,2111236000122028694,649683068150370922,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2036,2111236000122028694,649683068150370922,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2680 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,2111236000122028694,649683068150370922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,2111236000122028694,649683068150370922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,2111236000122028694,649683068150370922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,2111236000122028694,649683068150370922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,2111236000122028694,649683068150370922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,2111236000122028694,649683068150370922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,2111236000122028694,649683068150370922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4120 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,2111236000122028694,649683068150370922,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1952 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| GB | 142.250.179.238:443 | apis.google.com | tcp |
| GB | 172.217.169.73:443 | www.blogger.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 172.217.169.10:80 | ajax.googleapis.com | tcp |
| GB | 142.250.200.36:445 | www.google.com | tcp |
| US | 8.8.8.8:53 | bdv.bidvertiser.com | udp |
| GB | 172.217.169.73:443 | www.blogger.com | udp |
| US | 54.241.51.109:80 | bdv.bidvertiser.com | tcp |
| GB | 142.250.179.238:443 | apis.google.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| US | 8.8.8.8:53 | ws-na.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | yourjavascript.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| GB | 142.250.178.1:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.178.1:80 | 1.bp.blogspot.com | tcp |
| GB | 172.217.169.73:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.1:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.178.1:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.178.1:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.178.1:80 | 1.bp.blogspot.com | tcp |
| US | 76.223.54.146:80 | yourjavascript.com | tcp |
| US | 54.241.51.109:80 | bdv.bidvertiser.com | tcp |
| US | 8.8.8.8:53 | 68.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rcm-na.amazon-adsystem.com | udp |
| US | 54.241.51.109:80 | bdv.bidvertiser.com | tcp |
| US | 8.8.8.8:53 | bdv.bidvertiser.com | udp |
| US | 54.241.51.109:445 | bdv.bidvertiser.com | tcp |
| GB | 172.217.169.73:443 | resources.blogblog.com | udp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| GB | 163.70.151.35:445 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | 1.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.54.223.76.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.179.139.118.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 109.51.241.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| BE | 64.233.184.84:443 | accounts.google.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| BE | 64.233.184.84:443 | accounts.google.com | tcp |
| GB | 142.250.200.46:80 | developers.google.com | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 216.58.201.99:443 | ssl.gstatic.com | tcp |
| GB | 142.250.200.46:443 | developers.google.com | tcp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| GB | 142.250.179.238:443 | apis.google.com | udp |
| GB | 216.58.201.99:443 | ssl.gstatic.com | udp |
| GB | 142.250.180.1:443 | lh3.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.200.36:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 35.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.184.233.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.200.250.142.in-addr.arpa | udp |
| US | 54.241.51.109:139 | bdv.bidvertiser.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| GB | 142.250.187.194:445 | pagead2.googlesyndication.com | tcp |
| GB | 142.250.200.34:139 | pagead2.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | themes.googleusercontent.com | udp |
| GB | 142.250.180.1:445 | themes.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | themes.googleusercontent.com | udp |
| GB | 142.250.180.1:139 | themes.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| BE | 64.233.184.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | www.blogblog.com | udp |
| GB | 172.217.169.73:445 | www.blogblog.com | tcp |
| US | 8.8.8.8:53 | www.blogblog.com | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| GB | 216.58.204.67:445 | fonts.gstatic.com | tcp |
| GB | 172.217.16.227:139 | fonts.gstatic.com | tcp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bdv.bidvertiser.com | udp |
| US | 54.241.51.109:445 | bdv.bidvertiser.com | tcp |
| US | 8.8.8.8:53 | bdv.bidvertiser.com | udp |
| US | 54.241.51.109:139 | bdv.bidvertiser.com | tcp |
| BE | 64.233.184.84:443 | accounts.google.com | udp |
| GB | 172.217.169.73:445 | www.blogblog.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 36988ca14952e1848e81a959880ea217 |
| SHA1 | a0482ef725657760502c2d1a5abe0bb37aebaadb |
| SHA256 | d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6 |
| SHA512 | d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173 |
\??\pipe\LOCAL\crashpad_3364_GXCIXUFANZTCLHPX
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | fab8d8d865e33fe195732aa7dcb91c30 |
| SHA1 | 2637e832f38acc70af3e511f5eba80fbd7461f2c |
| SHA256 | 1b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea |
| SHA512 | 39a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3d400ba9daa2d343e0fb4b9933e344a1 |
| SHA1 | 6931c83be265ffeeec258026783cc9e9d9fa2cc6 |
| SHA256 | 4a595f2d5da4e160cf2fd2d9b423fe8b0abf6762daa07caedc3555d1062d9045 |
| SHA512 | 598435e75ef6d201c001ce3fa5e09a7dfd9ab50404efccbce39fca76feae0df14dd80a2b65a60f209561b6f4725dfa2a90bd86b1ab575ba3aad1be7fb28a5a27 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008
| MD5 | 05197e9427acea2ac4dc812f97a8f078 |
| SHA1 | 3d2a38b79da52e57783360f195ac3e7c85edefd8 |
| SHA256 | 7bdfd36b4f017340dbc84a310014381bfd3028416ff21c54f7ce0a35cfd38191 |
| SHA512 | 084d4febc28358d3ba6b0bef400f637b7f350381b8b592b1e412dd860d5aaf034c03ecfa87a064cb19dd8a42faade23c260e35a8660791011b7e51b726418ead |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 49fdb8500b8d6b034f80712eaf093837 |
| SHA1 | 9f173abd41993e2447340ad272dc9dc136d6c9b6 |
| SHA256 | 840504652f3c842d4529c516e70faa3859b81ad961eca1a8069387bd8a2e022d |
| SHA512 | c7f31caf184dac0e8677ea164b1b3c88ca98e2fb03db11fd74d0fcd76a0a09425474d6c07750339ab1e600b799dc367ce64143a378056b405b0a5d5fc02a8a3a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 423fabdc51bb2cf535c963cf0bbe0e2e |
| SHA1 | f54bf6ed3fe4ac750c4ecc7ded7e2eb38cd9452e |
| SHA256 | 42aa2b01941572c11c332e4bdd24e57d98e4107de0c11cb89045535cfe1f86f1 |
| SHA512 | 3216fb130dbd6a8f0aa289d0828e846b6cb84ab08b46b34b3af5594920dd873dd379fd21789a40c18689072c4f7d3340e1bbf0f2a1f786ff9b74814de7e160e9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 4775186b2dde20b179dfba376239bed4 |
| SHA1 | 46950d23ba080b3b56e3d02e0e019fd9b47e1cd4 |
| SHA256 | aba0c912e4e0c6bc14e7fe669273e3f55cd554446e1c3f69da7ccc8e7c90ef68 |
| SHA512 | 42b72ee19e39278d10bf741614240d11a166d05ed01d84acfcf1e89514aee9dad3b835d9e9140b4d12cc8f3d8950da0465048e9d353fbc795d274b5c791754d9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 97258eb350a932dde1b4a6adc0fb89e5 |
| SHA1 | aad75c80e85d41be5f6fe2b676056c490d578463 |
| SHA256 | b2c47f2f1403f8ba95ee40d3066b3ca9a8275fd2412c3ee2d13cd1b1f71e13ed |
| SHA512 | 60928c45f018b8222618f42fec8d07c81c346ace5ca188f25bc45250c1124c0aae5c39d8605626fa3ec0b38f1aab53344c0b2c932039cac24ef6fd450776405d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 076b77b83d14cf71be5c94207eeea96d |
| SHA1 | 5c077f9e2f98fba111427386bf61f765dbb35a63 |
| SHA256 | d12dda20eaaffb39bf56799a1f3629aebf9406d241b74d31799e631f5de3e585 |
| SHA512 | d5e5bdd05ac7b227bd0464a0dba52b63022294286d17b633bafd989a8a7ffcf7a30f1e022b01a0c133c47eab8ed1b7311e23798bc99f643aac1c7befdde89c43 |