Analysis Overview
SHA256
d0bbbb7b4efcd16e00a4e7ca73a029761b156308e29adacc60865290968c0b97
Threat Level: Known bad
The file fceebb0a5e7c557099f9191531eb5806_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
SocGholish
Socgholish family
Browser Information Discovery
System Location Discovery: System Language Discovery
Suspicious behavior: EnumeratesProcesses
Modifies Internet Explorer settings
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-12-18 20:05
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-12-18 20:05
Reported
2024-12-18 20:07
Platform
win7-20241023-en
Max time kernel
144s
Max time network
151s
Command Line
Signatures
SocGholish
Socgholish family
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "440714187" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{674BF911-BD7B-11EF-BE68-6A5AD4CEBEC5} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f0d57e4a8851db01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a907cc1344750743988d8bab481dbfbf000000000200000000001066000000010000200000004b2571cb30ea39afae2e251d250bfe77776c7fdc2b7719e6c4b11d623a90f822000000000e8000000002000020000000e0a0e6f1f91efc0b92834f144accc9d6e98f74b70906e42e083419c0785e98a2900000007420ed1ef81e72b64966bca6f3c5b82cd57517cb37cae0fd94fc86d4e6bc86ecdd57b00500d69083f140cbe46e4fc1c42acdeeead6e115e58d00533a0a29fab3c58dcb1761ce95ca743e565a2592a13b460352a266be36c3f9da9367e0b130195142298d3d75ac674542b44b7e6cbebebada23754860d4502631b01f4aa7280243fce1cd9a84ed9d5c15ae40f22dec43400000007bf5c626f45e8501d25f29474a0e1f9e6bec1b096f211cf06ea09e618a49e0572d85995e23f75f49cc92382f7488ded86f6412ba3e8af1b9b9af9b180f848951 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a907cc1344750743988d8bab481dbfbf00000000020000000000106600000001000020000000e2e12d707ee95d8b0418d557db4e8dd208b0c92ed15fbd07f78316094e93869e000000000e8000000002000020000000a8ad51e75f0c3343b5346d6a111360d68577a69250a9af662e9b343ffc33c93b2000000073571ba63e7b206a769a1ba7ef1c1bae0583dda1e69dadb7294b90fe4c1b535a40000000e2da2b074d165a6f96ca6529e104f1138f28519631f73f98a67069588aa0b5105a0749f4c6e36125d422cb6f677a7e50fca4056a44cb401cdd989982882ba40a | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2380 wrote to memory of 1888 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2380 wrote to memory of 1888 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2380 wrote to memory of 1888 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2380 wrote to memory of 1888 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\fceebb0a5e7c557099f9191531eb5806_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2380 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| FR | 216.58.214.169:443 | www.blogger.com | tcp |
| FR | 216.58.214.169:443 | www.blogger.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| FR | 142.250.179.67:80 | c.pki.goog | tcp |
| FR | 142.250.179.67:80 | c.pki.goog | tcp |
| FR | 142.250.179.67:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| FR | 142.250.179.67:80 | o.pki.goog | tcp |
| FR | 142.250.179.67:80 | o.pki.goog | tcp |
| FR | 216.58.214.169:443 | www.blogger.com | tcp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| FR | 142.250.179.98:80 | pagead2.googlesyndication.com | tcp |
| FR | 142.250.179.98:80 | pagead2.googlesyndication.com | tcp |
| US | 151.101.66.137:80 | code.jquery.com | tcp |
| US | 151.101.66.137:80 | code.jquery.com | tcp |
| FR | 216.58.214.169:443 | resources.blogblog.com | tcp |
| FR | 216.58.214.169:443 | resources.blogblog.com | tcp |
| FR | 216.58.215.33:80 | 4.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 4.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| FR | 216.58.215.33:80 | 3.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 3.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | widgets.amung.us | udp |
| US | 104.22.74.171:80 | widgets.amung.us | tcp |
| US | 104.22.74.171:80 | widgets.amung.us | tcp |
| GB | 157.240.221.35:80 | www.facebook.com | tcp |
| GB | 157.240.221.35:80 | www.facebook.com | tcp |
| GB | 157.240.221.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 95.100.245.144:80 | www.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7BQ20K5D\f[1].txt
| MD5 | fe1b77737082c636ec1a252bd04ebb5c |
| SHA1 | 33fd71824dd24e228df5240fa198ed1c65d6c510 |
| SHA256 | d9a661b515bc07fea0f12683e5a9eafbbf38398ed4767c9f2c4ed3a155fa1bf5 |
| SHA512 | 5da8275401ffc0a6a4eee020940961deb10453b884149bc83afb33ec2a7697f2840ef56be08d6998e336cd7639942e27047f59097092668b5470d80aafde64b3 |
C:\Users\Admin\AppData\Local\Temp\Cab35D.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar41B.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aa0d6934f9470bed4c4d49480c0a3dae |
| SHA1 | e708ec9c53632810c15c93fad8138ebb062c1567 |
| SHA256 | 91706683ebe5be9a9dd8d5139b576ae7044bd4358bfe8989229d6593cf4352c7 |
| SHA512 | 2294e07f24c0b96d708d3deaf8d0184633a4b921ba46b5b9e5aaf954371458aeac61f7404200fc9f8697c659efacda0aff3f9b1c669f8cf3014109452475ed29 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 23f0c893252ef1928a893ee266b27f59 |
| SHA1 | 287ec8a9ce6fcfc3158f969aa2efa3b5ae166018 |
| SHA256 | 799a41adec7150b23db0eb48a084bb33bedefcecb4c817473f8f08c6a9724c85 |
| SHA512 | 6680efc2c996b75441e53f27fa9efebe2bc7b91c9e6a906e9dc9f7533a0944325dc5af99ad23f5de0c715bae1c37ccf22a2df3efe214359664bbd13d15a41c16 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ea55202f67c9fa19bd51d4b034372a0c |
| SHA1 | 1e30a39dbae5ed379453f908466f8e06e573440a |
| SHA256 | 4030b4a348f8005e59be6796bcb3c2c280b14380ecb95d5794ff5be1acfde450 |
| SHA512 | c38a2a53954f0dc3239b56a4989d957203a994ac2a9466b132f984285fd6365c7041d6614e52522866a9d6986ee33b1b8fc0233a3e6594eb2924121ebde7ce9a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3f17e7852d84b7bcc14955477ba7ca02 |
| SHA1 | a27e8c623653a4c6d1b5e4a5634b7e1bb854d2d3 |
| SHA256 | e49f4147768406b2dd3a5b1fe5d66b98a6bc4ff28027191d9ecbc16037476fa4 |
| SHA512 | 4e0064431fec3da3b028da7c87d68dc31e2d54ead1ef4f86d33529cc9dae489b68e7c3b457e878e831666d71a180d886ec0f6a144fb0d2912cc63cd787d644db |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b37fd916f4ddfb4194f91ca6f3eb44a4 |
| SHA1 | def1b7ff73e65e60276bbdf78f8876dfc68934d8 |
| SHA256 | fe0ff183ca91d76131d9712a93ddc26bfa5e56e09f6e2c62ff43a1f48bbdb4f3 |
| SHA512 | 84ce3f3497a0b6abc4a4ef6231bf1bc5e00b18a00da353eb0dec37ca8a17c30f9da220f90382893cded2594341690122fe85e9f9dc1b0cac59b8d6ff97f8360d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 381e2b4726dc7e2eafc9e3e4b189b88b |
| SHA1 | 83f83cfbe1886ab683d645217eb95c900d4a7ae9 |
| SHA256 | 1c1bbf80eecde43448adeea2be2925b9fa767cf6715486c855384f356fc3c026 |
| SHA512 | 8f9d1ed2af51a52b9847f5574695ecaf3e8a5177460a3ccfaf751642250d3b4e42312e53dafd6774677f0ccb79c74d23ca03338993479c3780e84e9e6f573671 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fc22dd46f084bdd3fae8cc2c3ef3c391 |
| SHA1 | 7e668f63b98b0a42891bff91f492eaf3051f45ab |
| SHA256 | af5864d2d2d7ff5e260b733039a5f4877c4f39ba7e436f5c2954d8dbc4ebf648 |
| SHA512 | 520477cca37b5a96cc5d30fa7260facade2137d11fc2fc02af604dc0852647d6edebf4ed3b9043165493cc4d60e1d61ce20045c7ddc16cf937348077a1946938 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f52615366d9532006eb4aa9f9f01fcce |
| SHA1 | 2d248d98fb4f5bd9dfd789fc822f6fed8628a13e |
| SHA256 | 9aefb6e2f3fcd1c25cec2a55a322077114e698fae17ee2a131c286e3593f6de7 |
| SHA512 | 6185eebce0d0f5d7337e0e8f824d956ec3aeb4ec8ed67e6a7365cd1ff88f10f00ca5699402bd678f736d3691f014fdf0dbaba038327b271af98f2e1d7ca0f728 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 97e7635700485c6841834b3f269545a8 |
| SHA1 | 83c9f1938c5d6fad0cd516b7e83382a28681d78f |
| SHA256 | 288188a0548e8901e41c0a5f2af03bf585bc7fdd6e8c81b0bbdc3e4d31c9836e |
| SHA512 | e040f1502e67647edb5d6dfd49458b5f3e4b177158338514cabf3e344fce809ea11f53020d70fff465dea83780260b23f6b834c9f912e563706bc6ff1f9056ac |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cfad41b35de4ec37ae14fa7efa00475e |
| SHA1 | 2f5c1fe2b1ca3096752409558bf7426aef6638d1 |
| SHA256 | 74ce25cd480cda350bea67755059f7baf87810c1034ac6395a3fcb535afbc717 |
| SHA512 | f0e64799766c652c6669245afa1ef8cae311997a06b679a05af70a89d45c0e364b1e5e36e2040c719965d1915b7297cd8e57bc025e417e21d45c81bee32633dd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7729801e0ac6e5e80b3daed0226de450 |
| SHA1 | d666b324f1d05ef9971e8c7e3a073be3241f1750 |
| SHA256 | a5a6cb0013bc5a79e59099b92bfb5b0c16bb9d615a85119bfb00a2a83a0d48c5 |
| SHA512 | 06937172b7b841447550f9168b8ff5f6d4f5aabd95f06e704b9101f58c8b6a653cfea65d7f12f5bbb3416399746a44796067e0006213e380b3a710da62c1ab82 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | e25f3b7d7c2f06d36000106633efdf05 |
| SHA1 | 1ebe1d6d29dd4efef454af794446163e839690c4 |
| SHA256 | a62d13d8bd2cfea2a8b7c69d250da1dfa03ee77440f4190fde9a502e9ac01f60 |
| SHA512 | fadfe6dfbcc23fa0c146674e281772e37333d97e029c38595cb8fdbea8c58e570bbdb13ffbf442d29748722c1c2aa277a4ec9068b0365393efc742f7636a43de |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 98f5b6b3b20eb834dbb0d3e42c0eb1be |
| SHA1 | bb89b636370943c714322b45b2555417f6fa3bdc |
| SHA256 | 7bc2d1657645e8b02256ddce799e4e670113ef0ace3f7d2d0a2fece8fa91ea1e |
| SHA512 | 59b289e79ca9158a54eec877639114b3633ece297f8e9e320bd0edc94d3cf155515499cec4c88db61b9c252006c1838dfbb3a2da2bf02cd70c1b7b3bea7d02dc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2acf91de305f4ab5ddce378b968cfe14 |
| SHA1 | 2e4c91096f3bc346bdb52e8787bb0587453e8702 |
| SHA256 | 073feb830fc916512e76bd8fd5db27cddc762637c32e928d46e5252816ede508 |
| SHA512 | 1533250ad467f6a80fd029abfe573331918c8174da81d8eab4aafb30f586f0d0c4b537caad4cc1d164197ba89b82157287697af46e2aa54a1bcba248f435ec48 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0fc2b41f4de510dca0410b8018cdc582 |
| SHA1 | edfc22f65e7d903cb9419369bed68620350d1fd4 |
| SHA256 | 5db373b97939531f160f7e176087ab779bfb07daa5f33b6d63ab5f981e46904e |
| SHA512 | 2c47a99ab7cdd97591326bfadb89de0dbf13deeb0775ae3d360dc5df48d436e3632de106020e71c1ad7807ddda4d717031d1cb03bf6cae218ca2e1fef61b061f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 18521afcea7daaaf657877cc0930dd90 |
| SHA1 | 7b37269a093adf0b40de045b8b9c0f736dfd14b1 |
| SHA256 | e5d2a66c0926f25ba25651b964dd957f7ae2fcfbb5d687a07455d99e60157cc6 |
| SHA512 | c5690f29a0017b36987adeefc650b0a5dd46450dd59a877afebfa464de57d93146df4c290f1db528fa2a51bb5f72657c8b0e309b7065f16fa5f0688e1a83d28d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 55cb7af41d189892a3b8260bc081db2b |
| SHA1 | 10e4a6b5316c5ae94bf5653f22fab83d0b2997db |
| SHA256 | c0ac9adf65341240f32db282d112b249b9c88a1cd5c4635d7f4a66193406096e |
| SHA512 | e1e193cbd30d74554b8ccdb4cee6a9824356763972a52079804836f4afd1d690eda4597985b08248aa6c38c7283689e9f5023134ce57adef3a42986b69e8a8f8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 4fe692178906b05678f4300ba32afc52 |
| SHA1 | ec2f967af38a1c0db25c4d4b549b4fd854fb14fa |
| SHA256 | 25844dd1042e8e75930d951b4e45b1d992b88d1af905de4764182f65c1dfac8b |
| SHA512 | 94f3255948d1e07ec82fdaacc038736e770f1a78009d2da5560eb3dcabc81877fc46fb765ce774d7f84906a512fa22af2f3b0e3e17c36d9411d12e8037784036 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | befc5ac8162142e8e30e17813c9c1aa0 |
| SHA1 | fc66ef967ea9c58661110e23afabbfcdcc6a599d |
| SHA256 | d522b6758feb3284c5fabab137247fe1a0a5ac760f7496a2a2419400047a0471 |
| SHA512 | 11d6a0d781ffaec9d0675c9895c7a322ad1363938a51f1213333d9408c3a5c851e79ded3b82e6d174623095ada4de07ed45fec49437b2c2e0e4f6ba698a0959a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ee23538cc1a55d74984e64c66863ed8a |
| SHA1 | 371a5b3af6c9de38c9f581ed150630de6ecac749 |
| SHA256 | 5dac63e3693fba76b638f89fce49fe8f75971ca6020c1c387c165276dd55aa63 |
| SHA512 | f7dd731f9b8f8081c91c639cd477e49aec56b8c3d946271aaca78a3a5839dc8367c92299caaf951d4cc3e25710bea037449cd6c9b8541f087f77c552aa2d34a1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fb25013f198936daab759e622ad5d190 |
| SHA1 | cdc1d662ec0fa6b78614bfd3dd0f41aa72cd3560 |
| SHA256 | 53a8ad991db4d4c2e3b499f8923d97eff1369ffa1563b4407471fcea24da7344 |
| SHA512 | 8cd58412016ffd16385bc962e85483fa3371cbede6242a26c261b3101101f8815dfebe7b6d43b8dd7fc898dfcb7d457893a8fbef817884148fdd51e5087421d2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 44ccee357ea48bca9eae4679cf73e9fd |
| SHA1 | 9ad50444269c4f825e3796e0be10e1541287081a |
| SHA256 | 9d24ab5efe9d03b2754ae0a8e598f0c68849a23411ce1bea39304b54e589a590 |
| SHA512 | 4d80cd250a37a1ac16e4dbc4746675b8a11faff50a5971a13ee87db07c7557446bbc8031c15defda59ed0fc9ec2cf5bb99e4003a35200a8c6e5417fa3e39b700 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-12-18 20:05
Reported
2024-12-18 20:07
Platform
win10v2004-20241007-en
Max time kernel
145s
Max time network
153s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\fceebb0a5e7c557099f9191531eb5806_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ff9840e46f8,0x7ff9840e4708,0x7ff9840e4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,15622649174697160715,5641072584769699884,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,15622649174697160715,5641072584769699884,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2404 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,15622649174697160715,5641072584769699884,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15622649174697160715,5641072584769699884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15622649174697160715,5641072584769699884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15622649174697160715,5641072584769699884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15622649174697160715,5641072584769699884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,15622649174697160715,5641072584769699884,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2228 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| FR | 216.58.215.33:80 | 4.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 4.bp.blogspot.com | tcp |
| FR | 216.58.214.169:443 | resources.blogblog.com | tcp |
| FR | 216.58.214.169:443 | resources.blogblog.com | tcp |
| US | 151.101.2.137:80 | code.jquery.com | tcp |
| FR | 216.58.214.169:443 | resources.blogblog.com | tcp |
| FR | 216.58.214.169:443 | resources.blogblog.com | tcp |
| FR | 216.58.214.169:443 | resources.blogblog.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 151.101.2.137:80 | code.jquery.com | tcp |
| FR | 216.58.215.33:80 | 4.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 4.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | 75.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.blogblog.com | udp |
| FR | 216.58.214.169:445 | www.blogblog.com | tcp |
| FR | 216.58.214.169:443 | www.blogblog.com | udp |
| US | 8.8.8.8:53 | 137.2.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.179.139.118.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.215.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.blogblog.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| FR | 216.58.214.162:80 | pagead2.googlesyndication.com | tcp |
| FR | 216.58.214.162:80 | pagead2.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | 180.129.81.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | 162.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | widgets.amung.us | udp |
| US | 104.22.74.171:80 | widgets.amung.us | tcp |
| US | 8.8.8.8:53 | t.dtscout.com | udp |
| US | 8.8.8.8:53 | 171.74.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| DK | 157.240.200.35:80 | www.facebook.com | tcp |
| DK | 157.240.200.35:80 | www.facebook.com | tcp |
| FR | 142.250.201.162:443 | googleads.g.doubleclick.net | tcp |
| DK | 157.240.200.35:443 | www.facebook.com | tcp |
| DK | 157.240.200.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | 35.200.240.157.in-addr.arpa | udp |
| US | 141.101.120.10:443 | t.dtscout.com | tcp |
| US | 8.8.8.8:53 | 162.201.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.120.101.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | whos.amung.us | udp |
| US | 172.67.8.141:445 | whos.amung.us | tcp |
| US | 104.22.74.171:445 | whos.amung.us | tcp |
| US | 104.22.75.171:445 | whos.amung.us | tcp |
| US | 8.8.8.8:53 | whos.amung.us | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.163.245.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.49.80.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 2c40d5d7c5e0a85321aa5a230e68a231 |
| SHA1 | c4ac788ba4da6897adc3c9ef661ca6b469fc547e |
| SHA256 | 9bc3a5bef04210d4751fd4ed395131776e8f7737a5a377be09fcddfb7eb45384 |
| SHA512 | bb513fae1e4dbaed4ae59181407a24fe987c642451e6546fbcf14555fae575ff2d227fc39dee997fd64407d2927973831bfa14645d675c041b2dfc61ed3d55c0 |
\??\pipe\LOCAL\crashpad_4584_VZRVUIHZDHTYCYLE
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 1b9739f5776a018d1dfea64dee3f4897 |
| SHA1 | 3dcea83f53d046c24318fb0748f4d0652b213456 |
| SHA256 | a667d0d19885a961de72e4ba4b89957e9904bb9ac99e878e7fc106da0b3091e0 |
| SHA512 | d22f0a192450d4185fe73674d0bde7f2fa1f68bcc16ade038c372028a891d230391e45d08c02db9d11b8fccc250abbc5a29ca3d7759dbab8cb937cb4066e46e8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 15f3435a140da2b462d7329ac9d620e8 |
| SHA1 | 7cecff100010adde785f3fbafe2ad09327353e08 |
| SHA256 | f34267fbf553f4ca3df8662711d71c0f54589fa18791ce1c1febc2cbd63a8c63 |
| SHA512 | 6212486fb7b47ac16a447876e3009857c742a7c197e606c895d736cf18a923e567b0fb05433a2f1780c9e650896d6ff4552c64661da6ccc2d78e6451622801f6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 5aae03c3992691cf31da6bf6f11d1b5b |
| SHA1 | e863492edc0bfc73176ba67427089419e0fc29d5 |
| SHA256 | 90c07c81fb0cf4ae3fb3ee4d9c727451aed46e953d2104b5030e1bfa7304d26c |
| SHA512 | 6509d722f45d14dd5bc2b6419687666cac87e0d19bceefb1af88ce593154310a97ccbe741a3faa5df4556552cfe4541019c6f6eeeba6b6c36565d6e7a7aa5f0c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1bdbe26d0c937121d900516b9d310eb9 |
| SHA1 | 46e180aeb1bc24838bc95ef5e9cbc568116d2d7f |
| SHA256 | f8714f97bc40b3bc959666cebbf834292b5a7bfd90e10166ec1880d3bbf5fbfc |
| SHA512 | cbc35b37052d1068bc0cdb1cd3c01057da0873f25da78b54a611246caf07e6b708d4efaf39ade2816a7d7f43b2b2e4f9d5fc530aaa484a54e689945eead7edc0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 62fa438b48fdfb61c360e6d4fd356110 |
| SHA1 | 6e54e946a5211afa1459715b9f37a18ea92cdd57 |
| SHA256 | fe3d2e83848ede65097467a54ea813ed25a51119e87121089b3cfc531ebe5798 |
| SHA512 | 01ada296a3fefe713f53d80d2c95b6e41231012d0998077b7948a68d961b61292d1e3b1b3457488eaa739fc4ff0974672ee448d29d2fcce2c1bebab49da96624 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 807419ca9a4734feaf8d8563a003b048 |
| SHA1 | a723c7d60a65886ffa068711f1e900ccc85922a6 |
| SHA256 | aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631 |
| SHA512 | f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | dcef615345ba97b3cb0acfeacf99ba67 |
| SHA1 | 3f0e3bf4cdbed2d1314e78ea5f0a41d43c0da3c5 |
| SHA256 | fdd521e75da83474e1bc74bc3d9fc5a29aaf9c7e74caf0d75b9c8765e84b3052 |
| SHA512 | 4048d67bb038c14b71a03c5fdf09afbeca370f413b3a7ceac458a3861ad46dc9a0b11f633aa1d8eb509f2a07a45d8944934025dc9b88c0755835475dd7931495 |