Analysis Overview
SHA256
b6908cc4805dec99d2502280a1bd0ad57aa17a83ecc39016c46d24cb8c95e227
Threat Level: Known bad
The file 72002772aa48b1fe03aadc88a45ce9f8_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
SocGholish
System Location Discovery: System Language Discovery
Browser Information Discovery
Suspicious use of FindShellTrayWindow
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-24 02:47
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-24 02:47
Reported
2024-10-24 13:45
Platform
win7-20241010-en
Max time kernel
141s
Max time network
149s
Command Line
Signatures
SocGholish
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "435939242" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e78a69453f00554b9c7935775bae7b9600000000020000000000106600000001000020000000f6633472540083e0196e687b324c4a6dd3acecd601369aef1036a87f71aeb1bd000000000e8000000002000020000000680c8db5dd8263a35d623af3efaf774ae321bd34e4ecbe3b2aed625af628ad93900000001b7f26378ec4475054e281ab6764b328a88fcc870ae6206f28676b857b5d49d6486af6f009e4c87b497840ce8ce3da229df0f2d8e1f449cd2ea7dbe527cf06638b7e0ccf67bbfdb07ce9fc7d304491b47681c8e4aafe2fca9eba2265a521c54a14226168c91e9187acfe0c731f29e734554b91ce16c2d8ccbc9553c356ecd3d3c2bc7f1fa0ac03626e2e83a086ab49b940000000e0628808aebfe23425ed2d9424aa0266409ecf1017435574737cf724a45b7ff9c2adb41cf7e3c7c72da5dd578638705ea8cd1794e6b61a55052c9104d6faffcf | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a04506ba1a26db01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e78a69453f00554b9c7935775bae7b96000000000200000000001066000000010000200000000d779a4e5a8a33b181381e0158df380ecbb1977271a9a37c4303be1928abba2c000000000e8000000002000020000000f95404d22413f7a387b3d86e79f313ba12d5077e8add93553e330b6d8a953d74200000008047a054b270e8a2055af8faae42212e7ddf8504e4c4f2c726609d9cb3806bba4000000037398fb771a57d0b8294ad78531394f16fb6dff057cbd8bfa15bf21acff2e6c69ab8b560237d461e3914c968cf4c20733b08557194edd0ee6d2d98c878879504 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{DEEA64A1-920D-11EF-A5D6-7E6174361434} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2844 wrote to memory of 2456 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2844 wrote to memory of 2456 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2844 wrote to memory of 2456 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2844 wrote to memory of 2456 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\72002772aa48b1fe03aadc88a45ce9f8_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2844 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| GB | 172.217.169.73:443 | www.blogger.com | tcp |
| GB | 172.217.169.73:443 | www.blogger.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 172.217.169.73:443 | www.blogger.com | tcp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 151.101.130.137:80 | code.jquery.com | tcp |
| US | 151.101.130.137:80 | code.jquery.com | tcp |
| GB | 142.250.178.2:80 | pagead2.googlesyndication.com | tcp |
| GB | 142.250.178.2:80 | pagead2.googlesyndication.com | tcp |
| GB | 142.250.178.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.178.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.178.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.178.1:80 | 2.bp.blogspot.com | tcp |
| GB | 172.217.169.73:443 | resources.blogblog.com | tcp |
| GB | 172.217.169.73:443 | resources.blogblog.com | tcp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 142.250.178.1:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.178.1:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.178.1:80 | 1.bp.blogspot.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| GB | 142.250.178.1:80 | 1.bp.blogspot.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | widgets.amung.us | udp |
| US | 104.22.74.171:80 | widgets.amung.us | tcp |
| US | 104.22.74.171:80 | widgets.amung.us | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RLHRIIGD\f[1].txt
| MD5 | b54d3c75ba6e88f96a686741364eebe8 |
| SHA1 | 8ac41eb444e16447464e785cb089dc0f7867bf3d |
| SHA256 | 760a5ba5862aecb0e3ce62b0a0a31aa727343ed77a20fb58d027b83438d85bf4 |
| SHA512 | 5a97c4afc8f92287c92dd545b68a2514334a5c5cd40c68ed690f2716570ba06d71f7a5ef55e221c569d8a8263bad2c0e243bb93559a2e9c7497e9099784cef48 |
C:\Users\Admin\AppData\Local\Temp\CabB914.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarBDC8.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5958a2cf70bd2eb8f33da607c665ff22 |
| SHA1 | 385f25bc1e7acd639b7eed076dd362ecd33c4728 |
| SHA256 | e4c2791fc9c2ca4a3b1bace3a9b1d1666a259a3275780e2e2cd9b67eba02a42c |
| SHA512 | dc611480501f3df5bf91cf49c83882813ebee5b736a071fd97a81317dfdd09f17f433e53e3a34702898c7719ef5cea7b18067de28d44eda16deb314828b9b225 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5006e0522964fade7052574d04c927c4 |
| SHA1 | c1d94e4818f86bab3bd1acb03026786c1028f156 |
| SHA256 | 94944e2ec510f1a6dfdccadd6f44fed241dd5b78af862bc60bce20603a66db13 |
| SHA512 | ace7fb935fe061eec911be8b581b54a95f4b1a9a88ea5ca7b24cab5a6be7faa8f726e7c7ab071ea7c5a258cf2cad243705e5147aac65cc95fe60fa68a0593093 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 54fc80618a9be4be31fae4ab5177705b |
| SHA1 | eb30fd8368e37cca9d82f1d241e6d63d6b5a3282 |
| SHA256 | b3b08c8673c28024786fdb1a663b83da459cc019afade473fb99512d47f6fe35 |
| SHA512 | 161f906e3b10ae4fecfc0736b174e82ac52d3e8654ccf0804acb830842a9fd50c0952d8cfea813d7a2747c56c85a5a67bf33a10099a54910d6afc395fc7a0540 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9e6147444d1618a59755997818abff04 |
| SHA1 | 962752bd417f806e4324dd4cb35910ac84f86d43 |
| SHA256 | fce34e646fa24296580f76bd1294749b10a63ce06b325d669950ef3a9a2107de |
| SHA512 | 2a6a4d6554b73a9626882b25968bb5094fbf9077e2ced7f089d18a292d967321f1e74caa4bae2cc7c4d91403b9115272d6f9aee405a70464fed2908e11204031 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6694a242b6985d67e653cba1a62cb537 |
| SHA1 | 575b65f55c522c8128ab278c9e6e89555c80caa7 |
| SHA256 | 9de52c4b273fac485c72269feaae998dffa5c084649fca441336c4f9760020e6 |
| SHA512 | 5d1e53787521c8be180c88fffd27654bb31b01de6dd7a92e6396fd6c7967766d4558f26e37587339f937e1526d149c26b9947cb0449e0d1bbb197a1885cef59b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ab3721f6b7ea694e4d690c5f6dbd1966 |
| SHA1 | a2a900c2a50ada7e790eed427782719faaaeafc0 |
| SHA256 | 2c7fcdfe261f193c023c8bf222dde9651f0d2f49e6afc3f4105711c63172558f |
| SHA512 | cbe0c4584982e4e82d8062f5c20637d99082f316459bb6f4e3347fb71f9655a0dfd940511a66ad88eba89643dbaf9367014100078a7157f25460e1c6f7b4affe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a0c08e8a9a55ba3ddce55f8d85b56621 |
| SHA1 | a3f1e466972c5ebbcfaf701b31eb6ceb4dad10f6 |
| SHA256 | d3a118b8e2c1c8ae2d5b7935ff97389ed09b17a21c70664b65c099636fe725c8 |
| SHA512 | 5b07e777dc91e71c4194d8d74d45b1b3499ebfc68bbcf49be024260d244f39e3a6f82bf13ed2da79be747af108ab7521df11740c97ed428dd0ec1cfdec7dabf3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7335f38b6e409eb73bdeaf73a71e0a13 |
| SHA1 | 757ab0d3f7540874d341cfbfe685c4a429764f3f |
| SHA256 | 0fc39e68b1e93293d9f2fb3683a3a1285a06b67cf31519830416ff44557c07cb |
| SHA512 | 16e4f3a6448e79c03ba93f9957d8dd89366430de8ab8664ceddf20ea4c3ccd426a41b3ada7c02db7da061008b6d0d354a91959854e960cad7034d62299a77f63 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b9d3b9838e6fc1bd081e8e6cf4cf10d5 |
| SHA1 | 09c2ecfb60e7362dde4477929f8f854fc8f00669 |
| SHA256 | 30a6e67523b4b849e415170db07eae1fb82d3e1ad67bb78188e3d18aff6429df |
| SHA512 | ed3f31b954466f4658a1c05790189a6244b74d1ff258aa4af3072441f50ac1e050c07b614b52839742377b54b42ff8fea8488575f4f85e4d50983e8bd7edef5e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3175ee20099d6f14d87f444de47b715b |
| SHA1 | de933093bde9c33113f10bf765141fe186e5207e |
| SHA256 | 461dac4308a548c640f0be56134be30632073a2bbfed75afd8a515437500a169 |
| SHA512 | 42d76c55e0b497b7840a8f46654b66abf32b543cac7751dc592accc8d4bf7b44b2929fdc144c3879ced6c9553a39ecd91c70ee81ad7ab382e796dbda010e08ee |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 84b1fc60e7ce7c2e56d4fb9f5da32810 |
| SHA1 | 867b1a779b51b400bc1b1dba23332a8aabfe9698 |
| SHA256 | 8a19edbc456d050258733b683a35951a815cfe0aa00e8567a8ad09b59e633a02 |
| SHA512 | f2b122f40ba5aaa4f07053781d3dec4ec6130a72229ee58a794e25f2e331c46d6f957d4ac0534a4ee4f0e815d2c916af375608f40b336a91071e94975cb8b2c7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a4bae864fc5b486e02362aaf7ea3a4a8 |
| SHA1 | be2865e845362ed4c4e810be210bfbc6850dba9a |
| SHA256 | 1d976eb0a210bbfd40d6057e9a3aa16b011b02a681dd0ac9a81a5ca968cb2c95 |
| SHA512 | 08ab47ba77ece8b990d4590acb053fe71b15b77c7eba6a90db9448ef592abf29ee3913a3d875d5af311e10c943895f60a81486fa65a26bca3bf544775941a0a3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 02ec42b24744437306c29062720e88ff |
| SHA1 | 0815f874f8adc8b1993695bf1f3811f61e0bb8ce |
| SHA256 | 73487c755c8237bb648417ee4e74771bd09f4d5a66b756d65a4d9eba744a8f38 |
| SHA512 | 1f5d5b484ddb403d9601af6d7d42dc0a696eca23db7192b59a17002956c0c2f16cf0fa0679fb685c266c73ceb4c78fb03051f730e08645e6dd4f72a948afb626 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9b35d6f0c57457b5e56a34ad510023ee |
| SHA1 | 2887c7f8f1f5aaaedc371665e5c705e9330380c8 |
| SHA256 | 1eb0a8260c34cad0a5a2b12e63df4cb864c0c3ca4bbc750699012a0ff8e514e1 |
| SHA512 | 11b2e3a4868aeca04cdecef997ed8ff12de6cbf2952808f4708e023906acba510fa5cc448e43ed9e256fd605595dd81b34f3a56028cf7620d0ab575b8d928e0e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d02cf936b71e2cae8a952eb3eefa39d1 |
| SHA1 | f522085467730c17b9e77cd7bcf580e88210822d |
| SHA256 | a3f2e699ab3c5c19b1414ea661c3166dbd112e9ba13817ec2ebbdf8d0a47014b |
| SHA512 | 6b20df1253d882043c0030866bccb68154a3c98bbf728cbf963d640103d65375a44e13b739121733fa5fa84c650a4cb4cfaf33ae6dadfe0542349bea4c3c178a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | deaea30f3ff2b70b1b098068e0a9c4d8 |
| SHA1 | af3b60605c2ad2b98a4b6fd053a532ade852ad6f |
| SHA256 | 1a0f99bdf010a0282a26830823d1ecb94d0011409568dd876fcd7afee47c434f |
| SHA512 | 606867f154a7cb35996dda85dc9cfbdfc2c7087c1d1653ce3df73d13ad794d36908e5ee00356ae250db75fc029a5e94df890b8b0c419b3d193105d816f6d3a6b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8a0e13a532d11d556836d41e5b37bb58 |
| SHA1 | 906996322b4013374dad5ba7b629cb72bdd1024e |
| SHA256 | 51a0ed88f38a1c3966053d77d065cbd897b0153fd1da9a8728677abbebb69dc6 |
| SHA512 | b945bc4fa3e06bd35e59aeca133adb2f29c280b1ae94eb664c511e2c529a46e8e6f46bd426ec2cf7a07464aaeaa23f29c40575ef6b96c625eb2869d2c848ce4f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 94dddcbbd9dbd6c637f58701b5c2f26c |
| SHA1 | 66d6cd1853dd49b180e78cdcea7504444606e407 |
| SHA256 | 5edd9d8553a052af71a1c9a4a818857dd5fbef331ca4943d10270ebbc768e536 |
| SHA512 | 2b31aae072f247f97afb611b266271239e711d08086d11bf45a0e43eff4d62c2be7ee2c5664a5f5769fc4f0350c4538651423171938ae08c81aa85d1cf096288 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dccf55ebb889cb226e9ec2f14d4e8d81 |
| SHA1 | e544d33f9ed2caf152043fccdd1cdba1c5580cc1 |
| SHA256 | 3f7a4596ad3ae98a5c937fad3aacf6eb93090f50950db6441e1ae49168df6e30 |
| SHA512 | c06dfba5a0d9f9b01e994a04958ed74cdd2699383e57e36db486510e94528677618cb26242d2712bee5183b4ab7470dad2f878398fbb104666a386912581a266 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a44ba64480a8c6a0278ddefbb80d40cc |
| SHA1 | e6e12f9d5c1bd81ba0d95fc582d6369ed328b1fa |
| SHA256 | 0a0438954805c3e6967e3cb5d8aa2eb1a40267ba4b3911288d60ac2172422ef7 |
| SHA512 | 1d7e3445a27ca30b467ca82d3f8c9514dbbb70a9d1c7279f486f509cb1509a6ff4c673ff0a0383f29263e83c3c9a5b794e65b4172dd37365ac4f440ab981da2e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e85a272ebec11e522f1a8bb09ec49444 |
| SHA1 | 289b8be3b9de7cffcae596b1ab821e5b01740bd4 |
| SHA256 | f8128b93be4db68c479ae354f9fbf559fdd2cad64c425b3081ab1a44886c59b2 |
| SHA512 | f2d567c19455e41d29c103f30aed2ce9f8a4a1d761ebf1f347ddca1c9d08a066b579034bc005b6c311fa009ae1236fc42e8d295c66afe6cfce7032f5aa76478c |
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-24 02:47
Reported
2024-10-24 13:47
Platform
win10v2004-20241007-en
Max time kernel
148s
Max time network
150s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\72002772aa48b1fe03aadc88a45ce9f8_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8f3e046f8,0x7ff8f3e04708,0x7ff8f3e04718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,4701654118021135273,6350679661716247194,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,4701654118021135273,6350679661716247194,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,4701654118021135273,6350679661716247194,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2892 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4701654118021135273,6350679661716247194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4701654118021135273,6350679661716247194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4701654118021135273,6350679661716247194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4701654118021135273,6350679661716247194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3792 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4701654118021135273,6350679661716247194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4701654118021135273,6350679661716247194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1760 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,4701654118021135273,6350679661716247194,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6508 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,4701654118021135273,6350679661716247194,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6508 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4701654118021135273,6350679661716247194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4701654118021135273,6350679661716247194,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4216 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4701654118021135273,6350679661716247194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4701654118021135273,6350679661716247194,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4064 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,4701654118021135273,6350679661716247194,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5408 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 151.101.194.137:80 | code.jquery.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| GB | 216.58.201.98:80 | pagead2.googlesyndication.com | tcp |
| GB | 142.250.178.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.178.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.178.1:80 | 2.bp.blogspot.com | tcp |
| GB | 172.217.169.73:443 | resources.blogblog.com | tcp |
| GB | 172.217.169.73:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.1:80 | 2.bp.blogspot.com | tcp |
| GB | 172.217.169.73:443 | resources.blogblog.com | tcp |
| GB | 172.217.169.73:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.1:80 | 2.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| GB | 172.217.169.73:443 | resources.blogblog.com | udp |
| GB | 142.250.178.1:80 | 1.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | www.blogblog.com | udp |
| GB | 216.58.212.201:445 | www.blogblog.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 172.217.169.2:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | widgets.amung.us | udp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| US | 104.22.74.171:80 | widgets.amung.us | tcp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.194.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.179.139.118.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | t.dtscout.com | udp |
| US | 141.101.120.10:443 | t.dtscout.com | tcp |
| US | 8.8.8.8:53 | 10.120.101.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.74.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.blogblog.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | whos.amung.us | udp |
| US | 104.22.74.171:445 | whos.amung.us | tcp |
| US | 172.67.8.141:445 | whos.amung.us | tcp |
| US | 104.22.75.171:445 | whos.amung.us | tcp |
| US | 8.8.8.8:53 | whos.amung.us | udp |
| US | 8.8.8.8:53 | 56.163.245.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.190.18.2.in-addr.arpa | udp |
| GB | 172.217.169.73:443 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | gold410.blogspot.com | udp |
| US | 8.8.8.8:53 | ep1.adtrafficquality.google | udp |
| GB | 216.58.212.194:443 | ep1.adtrafficquality.google | tcp |
| GB | 216.58.212.193:80 | gold410.blogspot.com | tcp |
| US | 8.8.8.8:53 | ep2.adtrafficquality.google | udp |
| GB | 142.250.200.1:443 | ep2.adtrafficquality.google | tcp |
| GB | 142.250.200.1:443 | ep2.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | 194.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.200.250.142.in-addr.arpa | udp |
| GB | 216.58.212.194:443 | ep1.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a0486d6f8406d852dd805b66ff467692 |
| SHA1 | 77ba1f63142e86b21c951b808f4bc5d8ed89b571 |
| SHA256 | c0745fd195f3a51b27e4d35a626378a62935dccebefb94db404166befd68b2be |
| SHA512 | 065a62032eb799fade5fe75f390e7ab3c9442d74cb8b520d846662d144433f39b9186b3ef3db3480cd1d1d655d8f0630855ed5d6e85cf157a40c38a19375ed8a |
\??\pipe\LOCAL\crashpad_4060_OVIYAUBCSHBWODSW
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | dc058ebc0f8181946a312f0be99ed79c |
| SHA1 | 0c6f376ed8f2d4c275336048c7c9ef9edf18bff0 |
| SHA256 | 378701e87dcff90aa092702bc299859d6ae8f7e313f773bf594f81df6f40bf6a |
| SHA512 | 36e0de64a554762b28045baebf9f71930c59d608f8d05c5faf8906d62eaf83f6d856ef1d1b38110e512fbb1a85d3e2310be11a7f679c6b5b3c62313cc7af52aa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 36046b7077003e512b49ecf46ede3343 |
| SHA1 | a37acac4bebc33662e7266e87b0e9071397fdead |
| SHA256 | 137eb3bb457c2791c2263b546de4282098ac1beeb1eeb7f777c12a8e1d40bc3d |
| SHA512 | 32004447986aae96b40c577e3dbcffcf628de5c1f4b9b15c9db8248d35613faf049dc746fba31225558f642d98ebd5d170de834eca9817759606b357fa506729 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | dfd8fde30e333924237b58b0b76ddc1c |
| SHA1 | 2232812b7fee00a8b75ee1f6427621d8b35e459c |
| SHA256 | f82ffbdedafd3f1df43fe3aa4f9358417a77fbc8d541be6fefc628d37992afe5 |
| SHA512 | a6ed859a6b9f48f14012bbee6e4ad8236faeb7575b4eaf84041006c84e8f2c7a0366790c36c6d3dcc7e985de6fd33b089fd55b3d0efe7a00532c5b2d51ef177f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 63ee873025984b597e16b3bc07e5c7cc |
| SHA1 | 42ec838ba9de92835b342e0d9c5890ffae67b81b |
| SHA256 | da35bb472cb4169b8fd1566cc1bc705f24f3c8bec084b7aaa1f91d14c1992dd9 |
| SHA512 | 9ee97c0a1306069c14cbad317ed25864048cbc1de292d6785ed3c8941c190251e340ab06910ad0537d33ad5facc20a6ec8cfb1b3e960ef57ddaa1b16b34800c7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 624606db89ee022d3c52283cc5ae2348 |
| SHA1 | 3d9b1eb79a76ea66bf04a95a38e9de339d6d70ef |
| SHA256 | 64bfd5b7c48bbd3e1a53882c07e0a7aa06291f0e2e193f954466d16f6c28c39f |
| SHA512 | ca67723c31463f1d1a3b2d1a9efbac10918592b33d7f9d6a16acb8b633a0d4b1ef2ca8e876d53ef5f8e32d53a0be6cf290e8a9e62271ae258859602c7cbb1c01 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | f5a29eee51ec0cca2f58dcf50a8a35bf |
| SHA1 | 23627334bc9e13265cd122ab1d16dc21179705b8 |
| SHA256 | ea4d39b57a3cf2602db45055fafa1cd29fe23ade2d70824ddab6f5100b6c48b1 |
| SHA512 | 3b914e5eb89ef18a50645467ea14c748f4a974ada7eb6f6d96751cf8b7449e3e8bdbd897feb5d62601d27227442603d350c8a00246ebd472d16ed79148131de6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 70c7df17b916b3a3b4616a829e442e77 |
| SHA1 | 19942ec9c6263fca768c9b9c7bcb2a1f4a5dc4d1 |
| SHA256 | 3a65bb02be4be3e0901feafac6eded89855c98cda46586cd187522bc24df5ceb |
| SHA512 | aa8e41c055bdf55cd8f87cb497395cc64a3f54f2a0392b8806de81207ec804dc7e91c425fdf8d5def44935d5ef8ef868b1ada1460d8068f03128201860675d3f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 2e452d2f4eaff7d42f43cfca43dcd970 |
| SHA1 | b01c0297bf676e5af794c6cf72f4f0546901c647 |
| SHA256 | 212ba618f600cc3c849dcb876195da554982ec584b85ee1a1f9e8b07b187d56f |
| SHA512 | 8ed452ca19fff6914bd3a26a276ea274c7cd16412fb0602c2e9d76661f80192ca301d91d0553041fa563dae64d535982e88f68c24689b1b091fb639fbfb0cd45 |