Analysis Overview
SHA256
7944024b4ef619e094c1d49e8c9a494c371d8d89a882937f64ed4290eacad685
Threat Level: Known bad
The file JaffaCakes118_0281a2f7419cd613c60370154e374cc3 was found to be: Known bad.
Malicious Activity Summary
SocGholish
Socgholish family
System Location Discovery: System Language Discovery
Browser Information Discovery
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-12-31 03:24
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-12-31 03:24
Reported
2024-12-31 03:27
Platform
win7-20240708-en
Max time kernel
121s
Max time network
149s
Command Line
Signatures
SocGholish
Socgholish family
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "441777361" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CC58D851-C726-11EF-BD41-DEC97E11E4FF} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2644 wrote to memory of 2764 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2644 wrote to memory of 2764 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2644 wrote to memory of 2764 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2644 wrote to memory of 2764 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_0281a2f7419cd613c60370154e374cc3.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2644 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | img851.imageshack.us | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | img52.imageshack.us | udp |
| US | 8.8.8.8:53 | img27.imageshack.us | udp |
| US | 8.8.8.8:53 | img696.imageshack.us | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | img215.imageshack.us | udp |
| US | 8.8.8.8:53 | img268.imageshack.us | udp |
| US | 8.8.8.8:53 | img143.imageshack.us | udp |
| US | 8.8.8.8:53 | img297.imageshack.us | udp |
| US | 8.8.8.8:53 | img.baixeturbo.org | udp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| US | 8.8.8.8:53 | img339.imageshack.us | udp |
| US | 8.8.8.8:53 | img703.imageshack.us | udp |
| US | 8.8.8.8:53 | img151.imageshack.us | udp |
| US | 8.8.8.8:53 | img242.imageshack.us | udp |
| US | 8.8.8.8:53 | img42.imageshack.us | udp |
| US | 8.8.8.8:53 | img8.imageshack.us | udp |
| US | 8.8.8.8:53 | img16.imageshack.us | udp |
| US | 8.8.8.8:53 | img838.imageshack.us | udp |
| US | 8.8.8.8:53 | img253.imageshack.us | udp |
| US | 8.8.8.8:53 | img20.imageshack.us | udp |
| US | 8.8.8.8:53 | img25.imageshack.us | udp |
| US | 8.8.8.8:53 | img19.imageshack.us | udp |
| US | 8.8.8.8:53 | widgets.amung.us | udp |
| US | 8.8.8.8:53 | img844.imageshack.us | udp |
| US | 38.99.77.17:80 | img844.imageshack.us | tcp |
| US | 38.99.77.17:80 | img844.imageshack.us | tcp |
| US | 38.99.77.16:80 | img844.imageshack.us | tcp |
| US | 38.99.77.17:80 | img844.imageshack.us | tcp |
| US | 38.99.77.16:80 | img844.imageshack.us | tcp |
| US | 38.99.77.16:80 | img844.imageshack.us | tcp |
| US | 38.99.77.16:80 | img844.imageshack.us | tcp |
| US | 38.99.77.16:80 | img844.imageshack.us | tcp |
| US | 38.99.77.17:80 | img844.imageshack.us | tcp |
| US | 38.99.77.17:80 | img844.imageshack.us | tcp |
| US | 38.99.77.16:80 | img844.imageshack.us | tcp |
| US | 38.99.77.16:80 | img844.imageshack.us | tcp |
| US | 38.99.77.17:80 | img844.imageshack.us | tcp |
| US | 38.99.77.16:80 | img844.imageshack.us | tcp |
| US | 38.99.77.16:80 | img844.imageshack.us | tcp |
| US | 38.99.77.16:80 | img844.imageshack.us | tcp |
| FR | 142.250.179.78:443 | apis.google.com | tcp |
| US | 38.99.77.17:80 | img844.imageshack.us | tcp |
| US | 38.99.77.17:80 | img844.imageshack.us | tcp |
| US | 38.99.77.17:80 | img844.imageshack.us | tcp |
| US | 38.99.77.17:80 | img844.imageshack.us | tcp |
| US | 38.99.77.17:80 | img844.imageshack.us | tcp |
| FR | 216.58.215.33:80 | 1.bp.blogspot.com | tcp |
| US | 38.99.77.17:80 | img844.imageshack.us | tcp |
| FR | 216.58.215.33:80 | 1.bp.blogspot.com | tcp |
| US | 38.99.77.16:80 | img844.imageshack.us | tcp |
| FR | 216.58.215.33:80 | 1.bp.blogspot.com | tcp |
| FR | 216.58.214.74:80 | ajax.googleapis.com | tcp |
| US | 38.99.77.16:80 | img844.imageshack.us | tcp |
| FR | 216.58.214.169:443 | www.blogger.com | tcp |
| FR | 216.58.214.74:80 | ajax.googleapis.com | tcp |
| FR | 216.58.215.33:80 | 1.bp.blogspot.com | tcp |
| FR | 216.58.214.169:443 | www.blogger.com | tcp |
| FR | 216.58.215.33:80 | 1.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 1.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 1.bp.blogspot.com | tcp |
| FR | 216.58.214.169:443 | www.blogger.com | tcp |
| FR | 216.58.215.33:80 | 1.bp.blogspot.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| FR | 216.58.215.33:80 | 1.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 1.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 1.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 1.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 1.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 1.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 1.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 1.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 1.bp.blogspot.com | tcp |
| US | 38.99.77.17:80 | img844.imageshack.us | tcp |
| FR | 216.58.215.33:80 | 1.bp.blogspot.com | tcp |
| NL | 82.192.82.228:80 | img.baixeturbo.org | tcp |
| US | 38.99.77.17:80 | img844.imageshack.us | tcp |
| NL | 82.192.82.228:80 | img.baixeturbo.org | tcp |
| FR | 216.58.215.33:80 | 1.bp.blogspot.com | tcp |
| US | 38.99.77.17:80 | img844.imageshack.us | tcp |
| US | 38.99.77.17:80 | img844.imageshack.us | tcp |
| FR | 216.58.215.33:80 | 1.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 1.bp.blogspot.com | tcp |
| US | 38.99.77.17:80 | img844.imageshack.us | tcp |
| FR | 216.58.215.33:80 | 1.bp.blogspot.com | tcp |
| US | 38.99.77.17:80 | img844.imageshack.us | tcp |
| FR | 216.58.215.33:80 | 1.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 1.bp.blogspot.com | tcp |
| FR | 142.250.179.78:443 | apis.google.com | tcp |
| US | 38.99.77.16:80 | img844.imageshack.us | tcp |
| US | 38.99.77.16:80 | img844.imageshack.us | tcp |
| US | 38.99.77.16:80 | img844.imageshack.us | tcp |
| US | 38.99.77.16:80 | img844.imageshack.us | tcp |
| US | 38.99.77.16:80 | img844.imageshack.us | tcp |
| US | 38.99.77.16:80 | img844.imageshack.us | tcp |
| US | 38.99.77.16:80 | img844.imageshack.us | tcp |
| US | 104.22.75.171:80 | widgets.amung.us | tcp |
| US | 104.22.75.171:80 | widgets.amung.us | tcp |
| FR | 142.250.75.226:80 | pagead2.googlesyndication.com | tcp |
| FR | 142.250.75.226:80 | pagead2.googlesyndication.com | tcp |
| US | 38.99.77.16:80 | img844.imageshack.us | tcp |
| US | 38.99.77.17:80 | img844.imageshack.us | tcp |
| US | 38.99.77.17:80 | img844.imageshack.us | tcp |
| US | 38.99.77.16:80 | img844.imageshack.us | tcp |
| US | 38.99.77.17:80 | img844.imageshack.us | tcp |
| US | 38.99.77.17:80 | img844.imageshack.us | tcp |
| US | 38.99.77.17:80 | img844.imageshack.us | tcp |
| US | 38.99.77.17:80 | img844.imageshack.us | tcp |
| US | 38.99.77.17:80 | img844.imageshack.us | tcp |
| US | 38.99.77.17:80 | img844.imageshack.us | tcp |
| US | 38.99.77.17:80 | img844.imageshack.us | tcp |
| FR | 216.58.215.33:80 | 1.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 1.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 1.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 1.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 1.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 1.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 1.bp.blogspot.com | tcp |
| US | 38.99.77.17:80 | img844.imageshack.us | tcp |
| US | 38.99.77.17:80 | img844.imageshack.us | tcp |
| US | 38.99.77.17:80 | img844.imageshack.us | tcp |
| US | 38.99.77.17:80 | img844.imageshack.us | tcp |
| US | 38.99.77.17:80 | img844.imageshack.us | tcp |
| FR | 216.58.215.33:80 | 1.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 1.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 1.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 1.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 1.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 1.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 1.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 1.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 1.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| FR | 142.250.179.67:80 | c.pki.goog | tcp |
| FR | 142.250.179.67:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| FR | 142.250.179.67:80 | o.pki.goog | tcp |
| FR | 142.250.179.67:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | img2.orkut.com | udp |
| US | 8.8.8.8:53 | 26-1.blogspot.com | udp |
| US | 8.8.8.8:53 | img560.imageshack.us | udp |
| US | 8.8.8.8:53 | img524.imageshack.us | udp |
| US | 8.8.8.8:53 | img543.imageshack.us | udp |
| US | 8.8.8.8:53 | i44.tinypic.com | udp |
| US | 8.8.8.8:53 | i43.tinypic.com | udp |
| FR | 216.58.213.65:80 | 26-1.blogspot.com | tcp |
| FR | 216.58.213.65:80 | 26-1.blogspot.com | tcp |
| US | 38.99.77.16:80 | img543.imageshack.us | tcp |
| US | 38.99.77.16:80 | img543.imageshack.us | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 38.99.77.17:80 | img543.imageshack.us | tcp |
| US | 38.99.77.17:80 | img543.imageshack.us | tcp |
| US | 38.99.77.16:80 | img543.imageshack.us | tcp |
| US | 38.99.77.16:80 | img543.imageshack.us | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| US | 38.99.77.16:80 | img543.imageshack.us | tcp |
| FR | 216.58.215.33:80 | 1.bp.blogspot.com | tcp |
| US | 38.99.77.16:80 | img543.imageshack.us | tcp |
| US | 38.99.77.17:80 | img543.imageshack.us | tcp |
| FR | 216.58.215.33:80 | 1.bp.blogspot.com | tcp |
| FR | 216.58.214.169:443 | www.blogger.com | tcp |
| US | 38.99.77.16:80 | img543.imageshack.us | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 38.99.77.16:80 | img543.imageshack.us | tcp |
| FR | 216.58.215.33:80 | 1.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 1.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 1.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 1.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 1.bp.blogspot.com | tcp |
| US | 38.99.77.17:80 | img543.imageshack.us | tcp |
| FR | 216.58.214.169:443 | www.blogger.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| FR | 216.58.215.33:80 | 1.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 1.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 1.bp.blogspot.com | tcp |
| US | 38.99.77.16:80 | img543.imageshack.us | tcp |
| US | 38.99.77.16:80 | img543.imageshack.us | tcp |
| US | 38.99.77.16:80 | img543.imageshack.us | tcp |
| FR | 216.58.215.33:80 | 1.bp.blogspot.com | tcp |
| US | 38.99.77.17:80 | img543.imageshack.us | tcp |
| US | 38.99.77.16:80 | img543.imageshack.us | tcp |
| FR | 216.58.215.33:80 | 1.bp.blogspot.com | tcp |
| FR | 216.58.214.74:80 | ajax.googleapis.com | tcp |
| FR | 216.58.215.33:80 | 1.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 1.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 1.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 1.bp.blogspot.com | tcp |
| US | 38.99.77.16:80 | img543.imageshack.us | tcp |
| FR | 216.58.215.33:80 | 1.bp.blogspot.com | tcp |
| NL | 82.192.82.228:80 | img.baixeturbo.org | tcp |
| US | 38.99.77.16:80 | img543.imageshack.us | tcp |
| FR | 216.58.215.33:80 | 1.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | ivisitas.blogspot.com | udp |
| FR | 216.58.213.65:443 | ivisitas.blogspot.com | tcp |
| FR | 216.58.213.65:443 | ivisitas.blogspot.com | tcp |
| US | 8.8.8.8:53 | blogger.googleusercontent.com | udp |
| US | 8.8.8.8:53 | whos.amung.us | udp |
| US | 104.22.75.171:443 | whos.amung.us | tcp |
| US | 104.22.75.171:443 | whos.amung.us | tcp |
| FR | 142.250.179.97:443 | blogger.googleusercontent.com | tcp |
| FR | 142.250.179.97:443 | blogger.googleusercontent.com | tcp |
| US | 104.22.75.171:443 | whos.amung.us | tcp |
| US | 8.8.8.8:53 | www3.cbox.ws | udp |
| US | 108.181.41.161:80 | www3.cbox.ws | tcp |
| US | 108.181.41.161:80 | www3.cbox.ws | tcp |
| US | 8.8.8.8:53 | crl.microsoft.com | udp |
| GB | 2.18.190.80:80 | crl.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 23.46.73.244:80 | www.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\39GEHZPO\600px-Feed_Icon_Bl-Or2[2].png
| MD5 | d75339be22af589565c767de9c8b83e3 |
| SHA1 | 55f480ebc8615dfd21b0e394fc6fc20b60111c2d |
| SHA256 | c93aa4d94342a058e7a257771cae2bb787231b25df4c49cfb00f1386dd1645e7 |
| SHA512 | de09168dc6882cb38a0ea1b2deb7ce31e871d524fb4b53d20bdf71d33a37cc5fd6c4b51939d99b7a9de196387de71dc06ce28d2485e37bc8b95be6dc511bedfa |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UQFHO95Z\botao parceiro[1].gif
| MD5 | e772d00ef47d6985fab47e5b71266a92 |
| SHA1 | c003e0d5ecd4b685dbe64a622eb71d63931717d8 |
| SHA256 | 74234dc985561d315ba466a4e0a6c2263df8c79458af8fe6577eecc6838947cd |
| SHA512 | e8a715addcd55dbf6bc27d4a7e95c3aef4ff8e2495aaca6891df2aaedc00235c5f0f411e373922f5098027bfb3440ec114125dec7b67b65ea0ee14b44b68261a |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HHT5LGG0\55013136-widget_css_bundle[1].css
| MD5 | e3f09df1bc175f411d1ec3dfb5afb17b |
| SHA1 | 3994ec3efe3c2447e7bbfdd97bb7e190dd1658f9 |
| SHA256 | 1a2eca9e492e3a21e02dd77ad44d7af45c4091d35ede79e948b7a3f23e5b3617 |
| SHA512 | 16164d66d452d7d343b1902fe5b864ffdee42811ee90952cbfe9efa9847c58c0403f944c8e29db2bc2384ccd516b629cb8765e5e51de37da6efd75962cf82530 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HHT5LGG0\platform[1].js
| MD5 | da179f14fa23524b7a46d44fdf71eb47 |
| SHA1 | 238c5064c2139e8a754cf74e44ea46ab4db5ebf8 |
| SHA256 | 0d205e3611c526c7d6f6c936609ebe4a3979f8226f1ae2861629333cf078aa8c |
| SHA512 | 561e6ccef7acbda472f876ee9aa4fb0725327c36d8e610ee6c370ab14a7fce63301a3d28a50d9c2a3d2c3c4a668f063370cc2d8967128131c1ad3ca3f0ecadd2 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LPQ313RR\cb=gapi[2].js
| MD5 | 4b631ff88bd736ff7ee1d027c647d328 |
| SHA1 | 0ccec46ba9b399fdde5cac07e68d87165a144ad4 |
| SHA256 | 7d1ce7035000d38d825e3ee7cf8d8eb6971561154ff5d48fc3896523074a8601 |
| SHA512 | a3aee28a91b3cb5d9b1c99d0c4a51abdcae5fa486373de02233ea0b947aba3052c1cb44ee66cd92dc905680e5568232e1edc0608069cca94602748f406163087 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LPQ313RR\cookienotice[1].js
| MD5 | a705132a2174f88e196ec3610d68faa8 |
| SHA1 | 3bad57a48d973a678fec600d45933010f6edc659 |
| SHA256 | 068ffe90977f2b5b2dc2ef18572166e85281bd0ecb31c4902464b23db54d2568 |
| SHA512 | e947d33e0e9c5e6516f05e0ea696406e4e09b458f85021bc3a217071ae14879b2251e65aec5d1935ca9af2433d023356298321564e1a41119d41be7c2b2d36d5 |
C:\Users\Admin\AppData\Local\Temp\Cab4DD2.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bd757739bf242029ef9e490e7d4b9ed2 |
| SHA1 | 3e8a0d2399405321b0e77ed3feaa3c4935c56b45 |
| SHA256 | a5b9bb7405aefda029afcea60e99e006c09d1f0aa5860836c59db72426291ba9 |
| SHA512 | 3b914f98503e827a230acdf136d97ebc596da801e4e1ea80338b72ddb9fc6161abeeddfbcc4a3e868e4f9387d9ef101bdba48c0550b4d9174c9f9b26382746ce |
C:\Users\Admin\AppData\Local\Temp\Tar4E23.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | ed30adf813610f21fa4004bba6ed69b3 |
| SHA1 | 6e12387517d0c81e57ed10bf3d10debae6be6cf1 |
| SHA256 | 4c8f853cb0b4dcef4cc1404a73b4c7003af4e1831b887c822d440dac4660c1e5 |
| SHA512 | 73fb1e59d128147236244aeda0b6f532c4d2efff5c6ebe1b6e7182126d09c598bd0fb857af453d8e4447880e3489aaf1710a1b67ca84dfc834a33e1129a55208 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 38be0273fe537e52731b2dcb58e4f072 |
| SHA1 | 22bb4353e894e5d9299ca493c8882d7ad4f25179 |
| SHA256 | b4173ef1ddc8f9900da2cf93a6b0a1a3bd453dd5bb0f7b003fb3dc9e0f10ccc1 |
| SHA512 | 6717a7dece588cb471056ada100861cb84fba1d899beb73665fb5afe95c3892b1a531940d3004477d058ee1015936a574742d2550390c85bd8848f28bfb90fea |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2faaf4b56b27fc3a015e9b39ea40e595 |
| SHA1 | c1382f99a65495bbe3b186a05113c895fe1ca7e2 |
| SHA256 | 21e9192f50a8cfb8a591d3c87ab24fc588db716a27b69831a21729155a6138b3 |
| SHA512 | 038aee14e2645a58afc8a8be9ad30225c761f55197ab5e165752861dca22f594cc4042845c8b5af393623daa02d49653a4f84964551906f038e4676cca1f1af0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8344510aa07eb88ef99e9c1c92e48662 |
| SHA1 | faa4e6f2804328e24e6c760b8f1fabaf91c054f7 |
| SHA256 | fa99a77404abed20ea0d81d61c8c7d760285f241f3b5f10a32a10d95bdd9d2d0 |
| SHA512 | 546435df84e127791b0175bc6d654cb705041c3ab769cef6f21b15500ba576c83b97475bcc3cdc4d8d4406b681e0f7d861050a13d314928d83ae6c2b95518fd1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | a23ce4b8c79fac192a3fa75394ec3037 |
| SHA1 | 36598aa8c9ec0a77d3c04ef181fdf3eb26c06fdc |
| SHA256 | 42fe1e2254c63eb04f916b4550a21c6ebc0ef5616fc8f1552167268918e13da7 |
| SHA512 | e50ddb64b7026d75aa5df96012bf25bb09b8f987785d2416f81ca75414d18c330a191074548ec7f818e731dcac2c542349079f1eb92199e13a53f7e996ae22e4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 047b2f7edcedafbbeca18e7ea275bde8 |
| SHA1 | 4c9fbe1aae9132682abf68d97763b2dcd1284554 |
| SHA256 | e52f87952d47f89c5573b962baf328a63552732d8185526ce0bbe6131f60ed98 |
| SHA512 | 93bfb53d7e7851d1512a38db77823686a0071fe67e9e0aced642b74d30c64d974f2ac34260e866b6c64dd47bb0ef73f44381ed4d2ea39227a3fa340b66ff7e0b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a4731b8a6712818e47824934252e0963 |
| SHA1 | f8c5916c2c9971bdb49f2ee98ab1c8032c9efce7 |
| SHA256 | 35572544473ba32930497e01eba48e515259e07cccc75ece6f697097f7349c00 |
| SHA512 | 2820064c54b0abadf45dc61afc4d2e57d0bbc43d41de18459c2ade42b568b8ee82a3338c0be34f584ddc2b59f760c707aeb20dbc07c82724b6773ed2265d4b29 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 766b6b681a4c3ab50321e0cec52438a5 |
| SHA1 | 32099cd8e1ad9db235f2c7ef7b36a732045f4842 |
| SHA256 | c2d453314a14ecf39bb07b5e7d1088aaec2a692eba4b8cb1b6b9bb56fea52e0f |
| SHA512 | 72bf50835567fd04afe759d3a220a1a45af044cbd707dc304570eeb4f5c23abf5a6f2d234f3647e6a9f9102cb40354d436b0ee82ee1285508ce4a34ad5731ae1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 768de477c7e68e1ca71d6ee66b0b37c3 |
| SHA1 | 64440811dd4bdddadb9efc123edb5dbfcb7b9882 |
| SHA256 | b9bfa5981a77cb55ef76d8bd45cef9027f82824323572febc74f163ab7895460 |
| SHA512 | cef5329f1100aed90cc24f1d373224bb97130094d43443d6f6e6813f82644a815b172bee0a98c2ca18b8908a5b337417f0c54afbc27f9e4ad320e4c1919f7ca9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | de7b9a3583a220d782af6d4cc9b7a0b0 |
| SHA1 | 3d239466f8e981a5a3aec232700601f90b9296d8 |
| SHA256 | 65ef7e71062b61ddcd782d7eac95335c4a373735d1822ef06845049b87da2650 |
| SHA512 | 726899cd79d4a7cc1cb408d4da0ecdf0806e65b19eb2978e3ac3adad4879d6d02ed0f2d89d823be4fcf743869eb75d7db3fbec44c07b004a222b9dbc9df7f4f6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3b9394bef5586e4b80db884bd1424299 |
| SHA1 | 8d5d72fdf10ac138ad9cea32dd62e373aef78117 |
| SHA256 | 3f67e55c4e044b0c8dfaf63de934eedc6a2a486b6e204dbc30a52e66ab243e30 |
| SHA512 | 98afdd4b87c4cc83b5b1ab2bcfa6463a50fe4065196fc541f9d7cdaa4f8ed29664188181d952c6d33e1dd4e7bbbc0c86a71487cd27db587d3bf6e67c7c5b931f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7bb9f80f1da02c2d9cb6a0b6c42dbefe |
| SHA1 | 333c2398ffd20138c730ce3abda361f16a5fb689 |
| SHA256 | ada8c9e362d2c556634ce8705cc37517f9dea3bc55ca01c036b7fa7f69b84d4e |
| SHA512 | 220ac3a786d6af48e2769adf913f89c946d900c83270ad21f6d7494c757eb846bc661d60114267e123a87c1fc7185a8de2a44fe196da095e982d54043f6c9105 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-12-31 03:24
Reported
2024-12-31 03:27
Platform
win10v2004-20241007-en
Max time kernel
145s
Max time network
150s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_0281a2f7419cd613c60370154e374cc3.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc46f246f8,0x7ffc46f24708,0x7ffc46f24718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,15385316858512447080,995111134158710027,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,15385316858512447080,995111134158710027,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,15385316858512447080,995111134158710027,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,15385316858512447080,995111134158710027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,15385316858512447080,995111134158710027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,15385316858512447080,995111134158710027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,15385316858512447080,995111134158710027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,15385316858512447080,995111134158710027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,15385316858512447080,995111134158710027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,15385316858512447080,995111134158710027,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1936 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| FR | 142.250.179.78:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| FR | 142.250.179.74:80 | ajax.googleapis.com | tcp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 8.8.8.8:53 | 74.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | widgets.amung.us | udp |
| US | 172.67.8.141:80 | widgets.amung.us | tcp |
| US | 172.67.8.141:80 | widgets.amung.us | tcp |
| US | 8.8.8.8:53 | 30.179.139.118.in-addr.arpa | udp |
| FR | 142.250.75.226:80 | pagead2.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | 226.75.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.8.67.172.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| FR | 216.58.214.169:443 | www.blogger.com | tcp |
| FR | 216.58.214.169:443 | www.blogger.com | tcp |
| US | 8.8.8.8:53 | img851.imageshack.us | udp |
| FR | 216.58.214.169:443 | www.blogger.com | udp |
| FR | 142.250.179.78:443 | apis.google.com | udp |
| US | 38.99.77.17:80 | img851.imageshack.us | tcp |
| US | 8.8.8.8:53 | img52.imageshack.us | udp |
| FR | 216.58.215.34:445 | pagead2.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | 26-1.blogspot.com | udp |
| US | 38.99.77.16:80 | img52.imageshack.us | tcp |
| FR | 216.58.213.65:80 | 26-1.blogspot.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | img27.imageshack.us | udp |
| US | 8.8.8.8:53 | img696.imageshack.us | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | img.baixeturbo.org | udp |
| US | 8.8.8.8:53 | img560.imageshack.us | udp |
| US | 8.8.8.8:53 | img2.orkut.com | udp |
| US | 8.8.8.8:53 | img524.imageshack.us | udp |
| US | 8.8.8.8:53 | i44.tinypic.com | udp |
| US | 8.8.8.8:53 | img543.imageshack.us | udp |
| FR | 216.58.215.33:80 | 3.bp.blogspot.com | tcp |
| US | 38.99.77.17:80 | img543.imageshack.us | tcp |
| US | 38.99.77.16:80 | img543.imageshack.us | tcp |
| US | 38.99.77.16:80 | img543.imageshack.us | tcp |
| US | 38.99.77.16:80 | img543.imageshack.us | tcp |
| US | 38.99.77.16:80 | img543.imageshack.us | tcp |
| NL | 82.192.82.228:80 | img.baixeturbo.org | tcp |
| FR | 216.58.215.33:80 | 3.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 3.bp.blogspot.com | tcp |
| US | 38.99.77.17:80 | img543.imageshack.us | tcp |
| FR | 216.58.215.33:80 | 3.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| FR | 216.58.215.33:80 | 4.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | 169.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.77.99.38.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.215.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.82.192.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.77.99.38.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| FR | 172.217.20.164:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | www3.cbox.ws | udp |
| FR | 216.58.215.33:80 | 4.bp.blogspot.com | tcp |
| US | 108.181.41.161:80 | www3.cbox.ws | tcp |
| US | 108.181.41.161:80 | www3.cbox.ws | tcp |
| US | 8.8.8.8:53 | img25.imageshack.us | udp |
| US | 8.8.8.8:53 | img838.imageshack.us | udp |
| US | 8.8.8.8:53 | img19.imageshack.us | udp |
| US | 8.8.8.8:53 | img339.imageshack.us | udp |
| US | 8.8.8.8:53 | img16.imageshack.us | udp |
| US | 8.8.8.8:53 | img20.imageshack.us | udp |
| US | 8.8.8.8:53 | img253.imageshack.us | udp |
| US | 8.8.8.8:53 | img703.imageshack.us | udp |
| US | 8.8.8.8:53 | img8.imageshack.us | udp |
| US | 38.99.77.17:80 | img8.imageshack.us | tcp |
| US | 38.99.77.17:80 | img8.imageshack.us | tcp |
| US | 38.99.77.17:80 | img8.imageshack.us | tcp |
| US | 38.99.77.17:80 | img8.imageshack.us | tcp |
| US | 38.99.77.17:80 | img8.imageshack.us | tcp |
| US | 38.99.77.16:80 | img8.imageshack.us | tcp |
| US | 38.99.77.17:80 | img8.imageshack.us | tcp |
| US | 38.99.77.16:80 | img8.imageshack.us | tcp |
| US | 38.99.77.16:80 | img8.imageshack.us | tcp |
| US | 38.99.77.16:80 | img8.imageshack.us | tcp |
| US | 38.99.77.16:80 | img8.imageshack.us | tcp |
| US | 38.99.77.16:80 | img8.imageshack.us | tcp |
| US | 38.99.77.16:80 | img8.imageshack.us | tcp |
| US | 38.99.77.16:80 | img8.imageshack.us | tcp |
| US | 38.99.77.16:80 | img8.imageshack.us | tcp |
| FR | 216.58.215.33:80 | 4.bp.blogspot.com | tcp |
| US | 38.99.77.17:80 | img8.imageshack.us | tcp |
| US | 38.99.77.16:80 | img8.imageshack.us | tcp |
| FR | 216.58.215.33:80 | 4.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 4.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | img215.imageshack.us | udp |
| US | 8.8.8.8:53 | img268.imageshack.us | udp |
| US | 8.8.8.8:53 | img143.imageshack.us | udp |
| US | 38.99.77.16:80 | img143.imageshack.us | tcp |
| US | 38.99.77.17:80 | img143.imageshack.us | tcp |
| FR | 142.250.75.226:139 | pagead2.googlesyndication.com | tcp |
| US | 38.99.77.17:80 | img143.imageshack.us | tcp |
| US | 8.8.8.8:53 | ivisitas.blogspot.com | udp |
| FR | 216.58.213.65:443 | ivisitas.blogspot.com | tcp |
| US | 8.8.8.8:53 | img297.imageshack.us | udp |
| US | 38.99.77.16:80 | img297.imageshack.us | tcp |
| US | 8.8.8.8:53 | 164.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.41.181.108.in-addr.arpa | udp |
| US | 38.99.77.17:80 | img297.imageshack.us | tcp |
| US | 38.99.77.17:80 | img297.imageshack.us | tcp |
| US | 38.99.77.17:80 | img297.imageshack.us | tcp |
| US | 8.8.8.8:53 | www.cbox.ws | udp |
| US | 38.99.77.17:80 | img297.imageshack.us | tcp |
| US | 8.8.8.8:53 | blogger.googleusercontent.com | udp |
| US | 8.8.8.8:53 | whos.amung.us | udp |
| FR | 216.58.213.65:443 | ivisitas.blogspot.com | udp |
| US | 38.99.77.17:80 | img297.imageshack.us | tcp |
| US | 104.22.74.171:443 | whos.amung.us | tcp |
| FR | 142.250.179.97:443 | blogger.googleusercontent.com | tcp |
| US | 38.99.77.17:80 | img297.imageshack.us | tcp |
| US | 38.99.77.17:80 | img297.imageshack.us | tcp |
| US | 8.8.8.8:53 | 171.74.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.179.250.142.in-addr.arpa | udp |
| US | 38.99.77.17:80 | img297.imageshack.us | tcp |
| US | 38.99.77.17:80 | img297.imageshack.us | tcp |
| US | 38.99.77.17:80 | img297.imageshack.us | tcp |
| US | 38.99.77.17:80 | img297.imageshack.us | tcp |
| FR | 216.58.215.33:80 | 4.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 4.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 4.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 4.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 4.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 4.bp.blogspot.com | tcp |
| US | 38.99.77.17:80 | img297.imageshack.us | tcp |
| US | 8.8.8.8:53 | img151.imageshack.us | udp |
| US | 8.8.8.8:53 | img242.imageshack.us | udp |
| US | 8.8.8.8:53 | img42.imageshack.us | udp |
| US | 8.8.8.8:53 | img844.imageshack.us | udp |
| US | 38.99.77.16:80 | img844.imageshack.us | tcp |
| US | 38.99.77.17:80 | img844.imageshack.us | tcp |
| US | 8.8.8.8:53 | i43.tinypic.com | udp |
| US | 8.8.8.8:53 | t.dtscout.com | udp |
| US | 38.99.77.16:80 | img844.imageshack.us | tcp |
| US | 38.99.77.17:80 | img844.imageshack.us | tcp |
| US | 141.101.120.10:443 | t.dtscout.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 38.99.77.17:80 | img844.imageshack.us | tcp |
| FR | 172.217.18.194:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 10.120.101.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.18.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | whos.amung.us | udp |
| US | 104.22.74.171:445 | whos.amung.us | tcp |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 172.67.8.141:445 | whos.amung.us | tcp |
| US | 104.22.75.171:445 | whos.amung.us | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 36988ca14952e1848e81a959880ea217 |
| SHA1 | a0482ef725657760502c2d1a5abe0bb37aebaadb |
| SHA256 | d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6 |
| SHA512 | d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173 |
\??\pipe\LOCAL\crashpad_3296_YRMQBIZFOGJCITGU
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | fab8d8d865e33fe195732aa7dcb91c30 |
| SHA1 | 2637e832f38acc70af3e511f5eba80fbd7461f2c |
| SHA256 | 1b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea |
| SHA512 | 39a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 52d92d081bf9f91e5c4f0deac2ddda59 |
| SHA1 | 719eecf80cbb3cc656de222060280cdddbb0f134 |
| SHA256 | a244cd65ef08396cb7d2188959c07d3d37fef3beab4b5f43c53e2221ffab4486 |
| SHA512 | 70e45112fc4d9ed4a6987b51dbe331344b485dbfe87e081c6f11fec86f8488b5f86ce6da1a6307faf5fd3a8f2d938da6d064b6b020c502f9ce50d8da8c20152c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010
| MD5 | d75339be22af589565c767de9c8b83e3 |
| SHA1 | 55f480ebc8615dfd21b0e394fc6fc20b60111c2d |
| SHA256 | c93aa4d94342a058e7a257771cae2bb787231b25df4c49cfb00f1386dd1645e7 |
| SHA512 | de09168dc6882cb38a0ea1b2deb7ce31e871d524fb4b53d20bdf71d33a37cc5fd6c4b51939d99b7a9de196387de71dc06ce28d2485e37bc8b95be6dc511bedfa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017
| MD5 | 1da8deabd421929fa1a865599f43aad8 |
| SHA1 | 88af7573c39022643333f85b523a329cb6448675 |
| SHA256 | 07b01330c36ae322ea1f1e2ea70e60b629b292b3f7ee7aae5a9968dcf341e685 |
| SHA512 | 0be3f8d02397c3cc32164b116c807115c42a310fd70c72c94b3b523732422ea2b222d8762e81d91ef0c36a8328df4f7ae8e4570c4bc46ab94cbed5131389ea3d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 3b18e006ee12c717248df1e42b96bfa4 |
| SHA1 | 8d74967c0a34ce1af964cb838b46ba71b9979a4f |
| SHA256 | d7c13006115672b61a69e158855897e3a70e271d7212650cadaab16fd352961d |
| SHA512 | 83fcc93f5a2bf18b3465c3ee30c19ec2ca8885a6dc9f5a8e1506e91dcf96ea72b62cc4072d7944e372bf3887c8c4248ba40fca3db2a3b18ee93252d0bf95682f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 27d62ca2046418e49a73ac81c9402213 |
| SHA1 | 5c8f291e54040d58a5fbb81231b5b94964270383 |
| SHA256 | c6ce6abfdee7318eb94194a64f09aefa4136dd8b2879fe6e114176cba21f375a |
| SHA512 | 8e8ba2c721a7892317dd871de02a3b8ffc41b5aab736819350bd59cf81cefcee9ab6dc2fa72a4f67eb132d6761b0443d3f2b3244b5b4c3761bb3e812cf084ea6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 2e1c8fc32d56b9477859500e464ed1da |
| SHA1 | 03317446b0bc3c7abb9e676f3623fc300819cb29 |
| SHA256 | 3e7bbf157432fb0ddc656af355df0d1be9a69868930b127f5443620c7875066d |
| SHA512 | 09c61c45a60ab16b25bd54246b00b0b1a844e1abef23bef68bd162b5a590a2b27aa626cdecafd7820a28a67f9d126019ce50ef77970e6103474450a9f94b2e73 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | af1d7f65033f2884fa8adfc32ffc037d |
| SHA1 | f1e4c4c8696a3c2240d4ccfc9c17cb638494c972 |
| SHA256 | dd64b7cf68e6c3b069ad2cce0d99cd2806890d837ec0b0cbd760520d92ca53d9 |
| SHA512 | dcd3104ef81446701ef2ff100011b142230a72e3ab0b79a6b226118d23d72ce960b051372eef97009b7da09c42d3f65518bffc2bc6498067b84cbe6ecdc71814 |