Analysis Overview
SHA256
21565eb26be415321972ed20c1f84419e75fd5ee5b6dedc1afc92f19b35fb023
Threat Level: Known bad
The file 2e46ef6398d99937111e6aba0cb59d73_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
SocGholish
Legitimate hosting services abused for malware hosting/C2
Program crash
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-10 08:42
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-10 08:42
Reported
2024-05-10 08:44
Platform
win7-20240221-en
Max time kernel
119s
Max time network
140s
Command Line
Signatures
SocGholish
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | drive.google.com | N/A | N/A |
| N/A | drive.google.com | N/A | N/A |
| N/A | drive.google.com | N/A | N/A |
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{33132FA1-0EA9-11EF-8C47-FA8378BF1C4A} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421492411" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\2e46ef6398d99937111e6aba0cb59d73_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1928 CREDAT:275457 /prefetch:2
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1760 -s 3040
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | images.cooltext.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | im21.gulfup.com | udp |
| US | 8.8.8.8:53 | www.shy22.com | udp |
| US | 8.8.8.8:53 | img839.imageshack.us | udp |
| GB | 142.250.187.225:80 | 4.bp.blogspot.com | tcp |
| GB | 216.58.201.110:80 | apis.google.com | tcp |
| GB | 142.250.187.225:80 | 4.bp.blogspot.com | tcp |
| CA | 51.79.72.17:80 | images.cooltext.com | tcp |
| CA | 51.79.72.17:80 | images.cooltext.com | tcp |
| GB | 216.58.201.110:80 | apis.google.com | tcp |
| GB | 142.250.187.225:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.200.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.200.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.200.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.200.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.180.10:443 | ajax.googleapis.com | tcp |
| GB | 142.250.187.225:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 4.bp.blogspot.com | tcp |
| GB | 216.58.204.74:80 | fonts.googleapis.com | tcp |
| GB | 142.250.187.225:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.180.10:443 | ajax.googleapis.com | tcp |
| GB | 216.58.204.74:80 | fonts.googleapis.com | tcp |
| GB | 142.250.187.225:80 | 4.bp.blogspot.com | tcp |
| GB | 216.58.204.74:80 | fonts.googleapis.com | tcp |
| GB | 216.58.204.74:80 | fonts.googleapis.com | tcp |
| GB | 216.58.204.74:80 | fonts.googleapis.com | tcp |
| GB | 216.58.204.74:80 | fonts.googleapis.com | tcp |
| GB | 142.250.180.10:80 | ajax.googleapis.com | tcp |
| US | 8.8.8.8:53 | www.virustotal.com | udp |
| GB | 142.250.187.225:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 4.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | img4.hostingpics.net | udp |
| GB | 142.250.187.225:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 4.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | img15.imageshack.us | udp |
| US | 38.99.77.17:80 | img15.imageshack.us | tcp |
| US | 38.99.77.17:80 | img15.imageshack.us | tcp |
| GB | 142.250.187.225:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 4.bp.blogspot.com | tcp |
| NL | 37.48.65.145:80 | www.shy22.com | tcp |
| NL | 37.48.65.145:80 | www.shy22.com | tcp |
| NL | 37.48.65.145:80 | www.shy22.com | tcp |
| NL | 37.48.65.145:80 | www.shy22.com | tcp |
| NL | 37.48.65.145:80 | www.shy22.com | tcp |
| NL | 37.48.65.145:80 | www.shy22.com | tcp |
| GB | 142.250.187.225:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 4.bp.blogspot.com | tcp |
| GB | 216.58.201.110:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | edawri.com | udp |
| GB | 142.250.200.9:443 | resources.blogblog.com | tcp |
| US | 8.8.8.8:53 | drive.google.com | udp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| US | 8.8.8.8:53 | upload.traidnt.net | udp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| DE | 93.104.214.173:80 | upload.traidnt.net | tcp |
| DE | 93.104.214.173:80 | upload.traidnt.net | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 104.21.17.19:80 | edawri.com | tcp |
| US | 104.21.17.19:80 | edawri.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| GB | 142.250.200.14:443 | drive.google.com | tcp |
| GB | 142.250.200.14:443 | drive.google.com | tcp |
| US | 38.99.77.16:80 | img15.imageshack.us | tcp |
| US | 38.99.77.16:80 | img15.imageshack.us | tcp |
| NL | 37.48.65.145:80 | www.shy22.com | tcp |
| NL | 37.48.65.145:80 | www.shy22.com | tcp |
| NL | 37.48.65.145:80 | www.shy22.com | tcp |
| NL | 37.48.65.145:80 | www.shy22.com | tcp |
| US | 8.8.8.8:53 | cooltext.com | udp |
| CA | 158.69.24.116:80 | cooltext.com | tcp |
| CA | 158.69.24.116:80 | cooltext.com | tcp |
| CA | 158.69.24.116:443 | cooltext.com | tcp |
| GB | 216.58.212.195:80 | fonts.gstatic.com | tcp |
| GB | 216.58.212.195:80 | fonts.gstatic.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab9188.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | fca8af0dc8436b9952fdf961f8c7f401 |
| SHA1 | ac194f887a84a4538985ece94daf59cea48fe65b |
| SHA256 | 477645c7b83bbde8bdcf6d066f0de596d5b02fd47c223f89dde7d86903338cf9 |
| SHA512 | ba0d8f654216d9530bec83aa011a3433cea27873be327ac60eb1244997995489db76e25077dead09fcd43009b05deda51fd37b30a33fff01c94ba3927e1c21d5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 97c19b7c7a7e129987f32dc4d39dde8c |
| SHA1 | b28db264b403c9d2f28a05268493c77ef6d3c991 |
| SHA256 | f8ca15727d88543e44a1f2ab760aaa673a9d7115e96d2c12bdfa25c21199ecb5 |
| SHA512 | 6541dee1f066d727a489aed996a92c340eeda4b63498f0fa255c4641cdb77d4f333f30fb50fd72c8b9f30ef1ece39f72668233fc0e8e2c38b96fd584974a84e8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | d2c8ee205c698af372692e6a9ef5ca79 |
| SHA1 | 84c2a3546ecd2466d899e5ad4150eadc663e511d |
| SHA256 | 75a5fe3a11eb7d39193f20135e02b532bb0275b6ce3c7898019826ff15831e74 |
| SHA512 | 73640a0b047ef85055e6ef354cc1ce61b0da3a63e260f759e058f698518fc111f0b5048914601a9e968425cd63758a27d597381ac61b50766b8b8919acadb58e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | ac89a852c2aaa3d389b2d2dd312ad367 |
| SHA1 | 8f421dd6493c61dbda6b839e2debb7b50a20c930 |
| SHA256 | 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45 |
| SHA512 | c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b50ba941fc9378e3036767b092368179 |
| SHA1 | e6d6172a5dee7f86ce6c7d80d26782524ca2a14e |
| SHA256 | 3bea420d750df3caa9b142e08814f48f891410a616fde1175edafbffca2df5b6 |
| SHA512 | baaae83563ed63c03373cfd02a033af70e40ee5359419e79642469077d8725c24895c32616ff86e9a2a778598bf48abb4b6a0e288ea463bd1e385f0ef59152f0 |
C:\Users\Admin\AppData\Local\Temp\Tar92D6.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_F82FCC341F124F6AC9D153F6ECE89FFA
| MD5 | f07c0f9a66ace6f300b1cb1758034a2e |
| SHA1 | ffbed2d93287aac1f93556339514d8e399462615 |
| SHA256 | 2acb032b653b924893e01986a8206ca169a4f4228d63ae7f0f5f7211a9ca29d4 |
| SHA512 | 10f78864670af4c14261ca4ef60a2c98a705fda8c71d26c50f4f4fe9282397167dce5c01985d4cce0d39b34a7796c39ca8a53ab3c5425a669964ef020d44d302 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c6111319918b4f03b29fe5849deeb864 |
| SHA1 | cd6354a3f65e7e1f4d8fb277027b833687c9c12c |
| SHA256 | 90bed9ff1ccee4ab4accc07bfecb7a1b09008e42dec42f48d552a5441c41745e |
| SHA512 | 435e0b1e36756f9a207eb84fc177640ea8a90ae436ce182ebc7977efd13e180ad6aaff12dfbab36db2e81408a381677e97c0845398d1346b0e11a4d5136e47e0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_F82FCC341F124F6AC9D153F6ECE89FFA
| MD5 | 172831834ea62b24f27ae09586544041 |
| SHA1 | 1bb2f6eb9c319fe96051c9a7db6cc4b882912471 |
| SHA256 | c88fedc9c4ce58c474cbda40048f9c60ea139d81438401ca3f9f38de59e57319 |
| SHA512 | ab2e156cf49e575074aabec3dc76df497408755944acb34ea9a67f85eb75bfd1fc4eb898b445cab38d6cfb799288668ca6ca9338422de9d774264dffcda4de44 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d219d580c618bb1584173ecb57586704 |
| SHA1 | 58938c4cb5df465a77bdd848a9e2357d4f57cf1d |
| SHA256 | afa8680bdf2170e28830bb10ba9162769a7933eadde7dee03d78bd4b7e829eac |
| SHA512 | 45f064fe5ffe127af5665aebb11e0bc6baccc77b84140c6fbca83f44c2f20c4cd3ef322b8ae2b997e1dd737e26cb0b8c4863f9131e5ab97480b6dfe2e8fa30ec |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 67abcff1fdd49bab8d5d1d81f9a9398e |
| SHA1 | df410e9597d3cef1271917d97f8bd7758982b25c |
| SHA256 | b0b0e1de4ca32b98b372a22649e0d5172880cc405d0c96e166a618f4c8bb45d2 |
| SHA512 | 6935a0cdd1d3643044a9e50d00e60b54f7ff1fa9d8ffec3ec771ac97bef8e02d58335e609360eb151e2c0af23d60cef1109c34b081789b5c7efc013951803596 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0e0402c61c9df9c3ef036adb95df5a58 |
| SHA1 | 0c84d9fde7dd4c974f37063d61cab2104ebf4ba3 |
| SHA256 | ce7f586fc99893c342ca25398db3ff6b8079e14ab9bfe69052d4d1daeae20558 |
| SHA512 | 859c094d1e71adafe0663b2329f5f7416da588875b096fb04401fde3aa59119bce24ea14662ec90217dd4a1c85bcf700205cb5edf73f6102fcfd2880df3b1251 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d1ae02bbff083c5fb56c2301c1faab27 |
| SHA1 | aa610cad84c2ca3cb3d26eafdc68d7ccfaa4c672 |
| SHA256 | d368e23c265635c7869a6d5049370b0f70330a38ff447d3f9d6009de56642e5e |
| SHA512 | ad6deafee39fef9a2955a44356dc230e035ab7289f727e2198b01c638f07c6e6f07390f9f89f902c0680c41dacb63c755e1af1d4b7a8fa58190d9ecc6de986d7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fb52a37f8b3147a6f958dd29424cf80e |
| SHA1 | 91e344e613da093fa32b993b2c703f233b40f3f3 |
| SHA256 | 9487fc4a193a4337347c939978199e55d23505bc863d7fcae8ef193df6803543 |
| SHA512 | 293c0dc3397985013d5d6725036e1a46d43fb213c73bd6b95f0fc2a97b26c309e4c53b29345aa02def453f00b5716691c7e5906a4860cdcd383164ea216dfaaf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4ee04df1a37c154a6791b8fba6ddd840 |
| SHA1 | 9a4b9ba7777e8a80a5eecc9c242615632acf1b03 |
| SHA256 | 3d205f894da7078d4ec0a8cc61dcb3c3be3ad4e8bb608810332150fd434c755f |
| SHA512 | cc59593059f0377cf4aca8cf9a6e8a07cd41af15d92ae7106a004e298f01bd30f9305c28707576f4d93799141942ee0732ed52b8da15ca698e84502a2424e17b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 459191fea6ff1da8877e12ae179b6eb4 |
| SHA1 | a1230a307456ea64e549fc5dbc46cfe224676cf6 |
| SHA256 | 6e74d4364673a22aa4d25891169f3bcf2001ac7c2ed7acc15df3f7774956326d |
| SHA512 | fb2c96ef1fae0ec0e38f720847cb7e3773cd7043526a6407c0305bcdcb0f5f2bccac70643630d4316238abf5b2f24aceb4a145e6029cf30519cb36bcc2c54368 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 2d8db7bc3586f796be0c840d43e3c6e2 |
| SHA1 | 3f56434009be23494379c2dacf296ea7f4c36add |
| SHA256 | 869fdc268895f15e547108527c5214d1d0ddd38b51bada778c6c79d80b4db02d |
| SHA512 | a99183944b5085ef86c2eb8f75cdab1de61ed5711db19476d0e0029980f7fa50453d857ce2f84cbf4948ca1b975a37902edaf94c966b6ae581a49acf0f400be0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a35624d2b662365b186096aee5de2743 |
| SHA1 | d86c53a1509796c11094d950798e235585ae80d5 |
| SHA256 | d04baa7685f0bab94f6baed54e955088a1bc3785127470d9db40dbf27616007b |
| SHA512 | 776348d17c90bc7fa95adfe6e924ae2c66abbf02079fd8343269500f451e8c8c8c9679196f60128a73bbc19061a40eac5ad9fb569a6ba7d3de79acef071127eb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6e91b5fbc7a4610654ffe0ea37a3b76f |
| SHA1 | 57ef7711233c1b8d81963158f7e0852ffae59a52 |
| SHA256 | e7f90e264b9c64968ae255b37a3a17a9dac1955600d69d3b389f058cff650ecf |
| SHA512 | e402b8a4c3831b6c35da5450c227d4519f3dfaf3786f34515bbb3239907a5b319406efbde37ae3762473bace635dd65df9ecf8a8b384d9deeb8e0f9dbbd714ee |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | da21e907fb0128213658f310ccdf49d8 |
| SHA1 | 4a6e02bd879473679b1b0ca700e78239ca1e8452 |
| SHA256 | efbdc49dc6ff72f12ae29f348d067e007a2a22e84d338eb5225bed69ec6e1920 |
| SHA512 | 5c9ba553e48883b180816a350c7c19c8cd5273c2754d0b6693065cfb9e75b74a604159ec70d7e556bd2b1bedf137fde3ff22e0b2d6420ce5156f51add488314c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | c00c3577b6f3ee44f80293f09ebe04a5 |
| SHA1 | c94a9ea2285dc6ae6ade52716880feb5208d1d8f |
| SHA256 | 5d17cd191da582591a90e59eb7db2fa64b5005b208585e40a25e5b1d884e53b9 |
| SHA512 | 4d3ee21424c0170a1f6a1fcb8996ebd9976fa0f59aba35c449c89a51817efd41f9288ea001d6b2ffed9af2fe58c24729907dc34d4117456547a8de8ec1d3864d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 91162f8d3d377a3dc10659291e189772 |
| SHA1 | 1fba040d545c6be3b82ca895d841c86e613bba2d |
| SHA256 | 36302b25a0a6a57df5b7ceea804fa65d948d553db47738f7a6d9668954d4c0a6 |
| SHA512 | 3e8cd4888767612c72ede7b17ad476cd4dd388a3a77d91f69aaedf0ea03c0318540f5908b54a920834079ac6488405b41d12de937727794b3354ec8a1d94af34 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 229883ef76a23f420434b62dd61f1ee5 |
| SHA1 | 3d23ae920fac879dede3c771832033ae8adb33d0 |
| SHA256 | b86b6dd0ac9abe7eda7abc3d266e89dd86ed97fd02beeeeb28435d9bc1b075eb |
| SHA512 | 9e25bbadc2adec9a3ca93a343fc11fe049935017c3f72ddc1b3ec10179a59f8e416d781972372a74cef11b64eb5f5ac7115c7d715bf93323f64c8439034daa90 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 34becbbb461e910bd4e048efcdde1b54 |
| SHA1 | 1b56ff323e25675838c5c5aa4f2d0666438bbf91 |
| SHA256 | ede76391bd0d40042c94f04a4fbda5fea211ab6d564374c55cd988587be29309 |
| SHA512 | fddf0bb198b877de292f8cd93957fc78f30ca54ec0cae85ab031b1d71eb3bf1803829a4b2052a417dd56b70e803532c5ffc258e0b5e3c6180157c3341037a9a2 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-10 08:42
Reported
2024-05-10 08:44
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
150s
Command Line
Signatures
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | drive.google.com | N/A | N/A |
| N/A | drive.google.com | N/A | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2e46ef6398d99937111e6aba0cb59d73_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff824c446f8,0x7ff824c44708,0x7ff824c44718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,8828314625913837826,5543292978498048308,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,8828314625913837826,5543292978498048308,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,8828314625913837826,5543292978498048308,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8828314625913837826,5543292978498048308,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8828314625913837826,5543292978498048308,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8828314625913837826,5543292978498048308,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8828314625913837826,5543292978498048308,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8828314625913837826,5543292978498048308,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8828314625913837826,5543292978498048308,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3820 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8828314625913837826,5543292978498048308,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8828314625913837826,5543292978498048308,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8828314625913837826,5543292978498048308,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3616 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,8828314625913837826,5543292978498048308,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1472 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,8828314625913837826,5543292978498048308,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1472 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8828314625913837826,5543292978498048308,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2564 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8828314625913837826,5543292978498048308,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8828314625913837826,5543292978498048308,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3948 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8828314625913837826,5543292978498048308,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3812 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,8828314625913837826,5543292978498048308,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4792 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.200.9:443 | www.blogger.com | tcp |
| GB | 142.250.200.42:443 | ajax.googleapis.com | tcp |
| GB | 142.250.200.42:80 | ajax.googleapis.com | tcp |
| GB | 142.250.200.42:443 | ajax.googleapis.com | tcp |
| GB | 216.58.201.110:80 | apis.google.com | tcp |
| GB | 216.58.204.74:80 | fonts.googleapis.com | tcp |
| GB | 216.58.204.74:80 | fonts.googleapis.com | tcp |
| GB | 216.58.204.74:80 | fonts.googleapis.com | tcp |
| GB | 216.58.204.74:80 | fonts.googleapis.com | tcp |
| GB | 216.58.204.74:80 | fonts.googleapis.com | tcp |
| GB | 216.58.204.74:80 | fonts.googleapis.com | tcp |
| GB | 142.250.180.2:445 | pagead2.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | 68.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.201.58.216.in-addr.arpa | udp |
| GB | 216.58.201.110:443 | apis.google.com | tcp |
| GB | 216.58.212.195:80 | fonts.gstatic.com | tcp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| GB | 142.250.200.9:443 | www.blogger.com | udp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| GB | 216.58.201.110:443 | apis.google.com | udp |
| GB | 142.250.178.2:139 | pagead2.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | im21.gulfup.com | udp |
| US | 8.8.8.8:53 | images.cooltext.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | www.shy22.com | udp |
| GB | 142.250.187.225:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 3.bp.blogspot.com | tcp |
| CA | 51.79.72.17:80 | images.cooltext.com | tcp |
| GB | 142.250.187.225:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.200.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.187.225:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 3.bp.blogspot.com | tcp |
| NL | 185.107.56.195:80 | www.shy22.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| NL | 185.107.56.195:80 | www.shy22.com | tcp |
| NL | 185.107.56.195:80 | www.shy22.com | tcp |
| NL | 185.107.56.195:80 | www.shy22.com | tcp |
| NL | 185.107.56.195:80 | www.shy22.com | tcp |
| US | 8.8.8.8:53 | cooltext.com | udp |
| US | 8.8.8.8:53 | img839.imageshack.us | udp |
| NL | 185.107.56.195:80 | www.shy22.com | tcp |
| CA | 158.69.24.116:80 | cooltext.com | tcp |
| US | 38.99.77.17:80 | img839.imageshack.us | tcp |
| GB | 142.250.187.225:80 | 3.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.56.107.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.179.139.118.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.72.79.51.in-addr.arpa | udp |
| NL | 185.107.56.195:80 | www.shy22.com | tcp |
| NL | 185.107.56.195:80 | www.shy22.com | tcp |
| US | 8.8.8.8:53 | www.virustotal.com | udp |
| US | 8.8.8.8:53 | img4.hostingpics.net | udp |
| NL | 185.107.56.195:80 | www.shy22.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| NL | 185.107.56.195:80 | www.shy22.com | tcp |
| CA | 158.69.24.116:443 | cooltext.com | tcp |
| GB | 142.250.187.225:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 3.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | 116.24.69.158.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.77.99.38.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.34.125.74.in-addr.arpa | udp |
| US | 38.99.77.16:80 | img15.imageshack.us | tcp |
| US | 8.8.8.8:53 | edawri.com | udp |
| US | 104.21.17.19:80 | edawri.com | tcp |
| US | 38.99.77.16:80 | img15.imageshack.us | tcp |
| GB | 142.250.187.225:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 3.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | upload.traidnt.net | udp |
| US | 8.8.8.8:53 | drive.google.com | udp |
| DE | 93.104.214.173:80 | upload.traidnt.net | tcp |
| GB | 142.250.200.14:443 | drive.google.com | tcp |
| US | 8.8.8.8:53 | 19.17.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.77.99.38.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.214.104.93.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | im21.gulfup.com | udp |
| GB | 142.250.187.225:80 | 3.bp.blogspot.com | tcp |
| GB | 163.70.151.35:445 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | www.alfarido2.com | udp |
| US | 104.21.17.19:80 | edawri.com | tcp |
| US | 66.29.136.78:80 | www.alfarido2.com | tcp |
| GB | 142.250.200.14:443 | drive.google.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 157.240.221.35:80 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | 78.136.29.66.in-addr.arpa | udp |
| GB | 157.240.221.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | cur.cursors-4u.net | udp |
| US | 96.43.128.66:80 | cur.cursors-4u.net | tcp |
| US | 96.43.128.66:443 | cur.cursors-4u.net | tcp |
| US | 8.8.8.8:53 | 35.221.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.128.43.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | thprodevoloper.blogspot.com | udp |
| GB | 216.58.201.97:80 | thprodevoloper.blogspot.com | tcp |
| US | 8.8.8.8:53 | 97.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | eaa3db555ab5bc0cb364826204aad3f0 |
| SHA1 | a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca |
| SHA256 | ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b |
| SHA512 | e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4 |
\??\pipe\LOCAL\crashpad_4640_REMEWLYXWHQWORKB
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4b4f91fa1b362ba5341ecb2836438dea |
| SHA1 | 9561f5aabed742404d455da735259a2c6781fa07 |
| SHA256 | d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c |
| SHA512 | fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5629a5db4bfbe7e232d4d5dc0ccc636e |
| SHA1 | 45a43882359cf9597b4f1eb5754c6156dcef3426 |
| SHA256 | 916a420bcd0e2bc41fa724ccef86667ef26dabf681b18246b666ffdb3eba6571 |
| SHA512 | e0efce4058fb01ddb34452561244a0169fbdb4d473ac82c47e67462d56298fc7fd7a781c6a7b83c32d69fc3f80ad247c72dc8495e3c5ecd139a769c3922cd734 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 0656b56a732fbf25142475b89129ca81 |
| SHA1 | 684953e2b7b0c91ab910c9f8c713a78284b53bfe |
| SHA256 | c973116e6d529ade948e62c0543ade681946df166c28c7896c5eccad803d7712 |
| SHA512 | f5fdb2492e3213d519ee64da5cb0936a659328aeea6de00ba8addb7178ddaa686d074b0ba62f7e1a365768a2f78c003afbad4daac8a54eb042740f14e56639e1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 671da6752eb6054dd73ba99b444f10f9 |
| SHA1 | 686de6d737539e5969d5b0651616e447cdbe6475 |
| SHA256 | 3930a53e24887d10d0cb0952f541639f559398f84b53b574b53b6c344204b12a |
| SHA512 | 6bd9248cc01574fdb5492cea016a44f8c421d77e5dc3062d40adebd0a31d96e1936c8dd0f09b6da1100195317b446565189946c6c45552198c169a7c727af7e9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 807419ca9a4734feaf8d8563a003b048 |
| SHA1 | a723c7d60a65886ffa068711f1e900ccc85922a6 |
| SHA256 | aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631 |
| SHA512 | f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d
| MD5 | 397383c90a2d930f866f405747e27466 |
| SHA1 | 7bb6b5d6cee104c877dc5c3462f61232ffe5b360 |
| SHA256 | a67db01d19e15d8fa76e5a075e336e195325d79d277a83aadb6a440acf887c47 |
| SHA512 | 4357eddc0581e3cd6209646540bf59756cb4035d7dba47d5cb6b0050e6c202bda65721d4e9d644f37e3cd105bc5fa240574cfa96649f01e2769b796b523e08aa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | aa9c8fb19ad405034e387227f7a1836a |
| SHA1 | dd3f6eb0c60496fbca1fd2969ad1890ccb4b36c2 |
| SHA256 | 66e44d54409e808fd41bb390925e2309a4f0522b05484c7e68b5292c072ebb19 |
| SHA512 | 4cc90e9168016ab9066041e16e4de7f2f509bbec4a7c41cb8a7d25cf40bbba7ed0206b9fa6c73ffc676a398de450df24ab8d96c5e9b8a7c261f10ff4a3ddfd50 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 1ddfb73ac64dd834e65bc78b189a2bf4 |
| SHA1 | 52efd1d87ee40a2366d244c6910826a6106a76c2 |
| SHA256 | ad91594c88396c1cc28e97fb57759d6abbdbd38faa615b862aaaf46d3b52d1a3 |
| SHA512 | 05571a12fdef4d1bcd6106f54ee628a496b0dcec5b513c7f5d7f6a636de0b9a325d9ee4e8510e851aba114fdfa38da064cfbacc015a747e019dfc1312faf696c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | cf7a071d833f7a05f7f51833c313b2b0 |
| SHA1 | 93af65934bdcaffba5bfcd2db8bca37bb311a305 |
| SHA256 | 662ac07c9ab64f9249d334b9c916398660130270db953c73538c54bb669dbb3d |
| SHA512 | 079c8cdd265cefdcbd6f2931b4c656da3e7b5fdb436b32f9244727ac236134b62708c74d01a2b6d63a3c96cc35cac45bf705d5fa3f5736d96be8edf76684f25b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 35a530fb2ee47e1e79a60ee30eb82820 |
| SHA1 | fd86cb71ed60d0b122123283517ca7845250e535 |
| SHA256 | 5ae1ac2da840679157832a1e207f3bd552aad6c3efd5ba76fb2922d225850dc7 |
| SHA512 | f33a5277aba0632c1935f6bdb59740b79bd38be9ede360d45c8ed93444d2fd8225325349b43022fc06fbf15dcb8b29e507684827f66c5988bf05868c139cb991 |