Analysis Overview
SHA256
0e4b9eeb5bdf56d6b009808bdce2505ad9a68ac0dbf526703f95dd2373be26d6
Threat Level: Known bad
The file JaffaCakes118_9937add738802c4a123e7d97cdc479d7 was found to be: Known bad.
Malicious Activity Summary
Detected google phishing page
SocGholish
Socgholish family
Legitimate hosting services abused for malware hosting/C2
System Location Discovery: System Language Discovery
Browser Information Discovery
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SetWindowsHookEx
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2025-02-04 23:13
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2025-02-04 23:13
Reported
2025-02-04 23:16
Platform
win7-20240903-en
Max time kernel
142s
Max time network
147s
Command Line
Signatures
Detected google phishing page
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
SocGholish
Socgholish family
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | sites.google.com | N/A | N/A |
| N/A | sites.google.com | N/A | N/A |
| N/A | sites.google.com | N/A | N/A |
| N/A | sites.google.com | N/A | N/A |
| N/A | sites.google.com | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{AC3564B1-E34D-11EF-AA6E-5A85C185DB3E} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "444872689" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 536 wrote to memory of 2412 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 536 wrote to memory of 2412 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 536 wrote to memory of 2412 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 536 wrote to memory of 2412 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_9937add738802c4a123e7d97cdc479d7.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:536 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| DE | 142.250.185.228:80 | www.google.com | tcp |
| DE | 142.250.185.228:80 | www.google.com | tcp |
| DE | 142.250.185.169:80 | www.blogger.com | tcp |
| DE | 142.250.185.169:80 | www.blogger.com | tcp |
| DE | 142.250.185.169:80 | www.blogger.com | tcp |
| DE | 142.250.185.169:443 | www.blogger.com | tcp |
| US | 8.8.8.8:53 | img1.blogblog.com | udp |
| US | 8.8.8.8:53 | ads.bumq.com | udp |
| US | 8.8.8.8:53 | static.ak.fbcdn.net | udp |
| US | 8.8.8.8:53 | www.intensedebate.com | udp |
| US | 8.8.8.8:53 | tweetmeme.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| DE | 142.250.185.169:80 | img1.blogblog.com | tcp |
| DE | 142.250.185.169:80 | img1.blogblog.com | tcp |
| US | 192.0.123.246:80 | www.intensedebate.com | tcp |
| US | 192.0.123.246:80 | www.intensedebate.com | tcp |
| US | 172.67.155.89:80 | ads.bumq.com | tcp |
| US | 172.67.155.89:80 | ads.bumq.com | tcp |
| DE | 172.217.16.193:80 | 3.bp.blogspot.com | tcp |
| DE | 172.217.16.193:80 | 3.bp.blogspot.com | tcp |
| DE | 172.217.16.193:80 | 3.bp.blogspot.com | tcp |
| DE | 172.217.16.193:80 | 3.bp.blogspot.com | tcp |
| DE | 172.217.16.193:80 | 3.bp.blogspot.com | tcp |
| DE | 172.217.16.193:80 | 3.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| DE | 142.250.186.99:80 | c.pki.goog | tcp |
| US | 192.0.123.246:443 | www.intensedebate.com | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| DE | 142.250.186.99:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | www.blogblog.com | udp |
| DE | 142.250.185.169:80 | www.blogblog.com | tcp |
| DE | 142.250.185.169:80 | www.blogblog.com | tcp |
| DE | 142.250.185.169:80 | www.blogblog.com | tcp |
| DE | 142.250.185.169:80 | www.blogblog.com | tcp |
| DE | 142.250.185.228:80 | www.google.com | tcp |
| DE | 142.250.185.169:443 | www.blogblog.com | tcp |
| DE | 142.250.185.228:80 | www.google.com | tcp |
| US | 216.58.206.74:80 | fonts.googleapis.com | tcp |
| US | 216.58.206.74:80 | fonts.googleapis.com | tcp |
| DE | 142.250.185.228:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| DE | 142.250.186.163:443 | ssl.gstatic.com | tcp |
| DE | 142.250.186.163:443 | ssl.gstatic.com | tcp |
| DE | 142.250.186.99:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | crl.microsoft.com | udp |
| GB | 88.221.134.83:80 | crl.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 95.100.245.144:80 | www.microsoft.com | tcp |
| DE | 172.217.16.193:80 | 3.bp.blogspot.com | tcp |
| DE | 172.217.16.193:80 | 3.bp.blogspot.com | tcp |
| DE | 172.217.16.193:80 | 3.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | img2.blogblog.com | udp |
| US | 8.8.8.8:53 | feeds.feedburner.com | udp |
| DE | 172.217.16.193:80 | 3.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| DE | 172.217.16.193:80 | 3.bp.blogspot.com | tcp |
| DE | 172.217.16.193:80 | 3.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 216.58.206.46:80 | feeds.feedburner.com | tcp |
| DE | 172.217.16.193:80 | 4.bp.blogspot.com | tcp |
| DE | 172.217.16.193:80 | 4.bp.blogspot.com | tcp |
| US | 216.58.206.46:80 | feeds.feedburner.com | tcp |
| DE | 142.250.185.169:80 | img2.blogblog.com | tcp |
| DE | 142.250.185.169:80 | img2.blogblog.com | tcp |
| US | 192.0.123.246:443 | www.intensedebate.com | tcp |
| US | 172.67.155.89:80 | ads.bumq.com | tcp |
| US | 172.67.155.89:80 | ads.bumq.com | tcp |
| US | 8.8.8.8:53 | www.gmodules.com | udp |
| US | 8.8.8.8:53 | ws.amazon.com | udp |
| US | 8.8.8.8:53 | twitter-badges.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 3.5.24.140:80 | twitter-badges.s3.amazonaws.com | tcp |
| US | 3.5.24.140:80 | twitter-badges.s3.amazonaws.com | tcp |
| GB | 157.240.214.35:80 | www.facebook.com | tcp |
| GB | 157.240.214.35:80 | www.facebook.com | tcp |
| DE | 142.250.185.225:80 | www.gmodules.com | tcp |
| DE | 142.250.185.225:80 | www.gmodules.com | tcp |
| GB | 157.240.214.35:443 | www.facebook.com | tcp |
| US | 192.0.123.246:443 | www.intensedebate.com | tcp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| FR | 163.70.128.23:443 | static.xx.fbcdn.net | tcp |
| FR | 163.70.128.23:443 | static.xx.fbcdn.net | tcp |
| US | 8.8.8.8:53 | ws.amazon.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | financialtools.stockgroup.com | udp |
| DE | 142.250.185.228:80 | www.google.com | tcp |
| DE | 142.250.185.228:80 | www.google.com | tcp |
| US | 23.21.52.60:80 | financialtools.stockgroup.com | tcp |
| US | 23.21.52.60:80 | financialtools.stockgroup.com | tcp |
| DE | 142.250.185.169:80 | img2.blogblog.com | tcp |
| DE | 142.250.185.169:80 | img2.blogblog.com | tcp |
| DE | 142.250.185.169:80 | img2.blogblog.com | tcp |
| DE | 142.250.185.169:80 | img2.blogblog.com | tcp |
| US | 8.8.8.8:53 | sites.google.com | udp |
| US | 8.8.8.8:53 | jg.revolvermaps.com | udp |
| DE | 142.250.185.228:80 | www.google.com | tcp |
| DE | 142.250.185.228:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.blogrankers.com | udp |
| US | 8.8.8.8:53 | www.blogrankings.com | udp |
| US | 8.8.8.8:53 | gelgit.tk | udp |
| DE | 142.250.185.169:80 | img2.blogblog.com | tcp |
| DE | 142.250.185.169:80 | img2.blogblog.com | tcp |
| US | 8.8.8.8:53 | www.bangkokbank.com | udp |
| US | 8.8.8.8:53 | www.settrade.com | udp |
| DE | 172.217.18.14:443 | sites.google.com | tcp |
| DE | 172.217.18.14:443 | sites.google.com | tcp |
| DE | 142.250.185.169:80 | img2.blogblog.com | tcp |
| DE | 142.250.185.169:80 | img2.blogblog.com | tcp |
| DE | 172.217.18.14:80 | sites.google.com | tcp |
| DE | 172.217.18.14:80 | sites.google.com | tcp |
| IL | 45.60.46.141:80 | www.settrade.com | tcp |
| IL | 45.60.46.141:80 | www.settrade.com | tcp |
| US | 209.90.91.147:80 | www.blogrankers.com | tcp |
| US | 209.90.91.147:80 | www.blogrankers.com | tcp |
| IL | 45.60.46.141:443 | www.settrade.com | tcp |
| DE | 142.250.186.99:80 | o.pki.goog | tcp |
| DE | 142.250.186.99:80 | o.pki.goog | tcp |
| DE | 172.217.18.14:443 | sites.google.com | tcp |
| DE | 172.217.18.14:443 | sites.google.com | tcp |
| GB | 184.85.54.124:80 | www.bangkokbank.com | tcp |
| GB | 184.85.54.124:80 | www.bangkokbank.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| BE | 64.233.184.84:443 | accounts.google.com | tcp |
| BE | 64.233.184.84:443 | accounts.google.com | tcp |
| BE | 64.233.184.84:443 | accounts.google.com | tcp |
| DE | 142.250.186.99:80 | o.pki.goog | tcp |
| DE | 142.250.186.99:80 | o.pki.goog | tcp |
| DE | 142.250.186.99:80 | o.pki.goog | tcp |
| DE | 142.250.186.99:80 | o.pki.goog | tcp |
| BE | 64.233.184.84:443 | accounts.google.com | tcp |
| BE | 64.233.184.84:443 | accounts.google.com | tcp |
| BE | 64.233.184.84:443 | accounts.google.com | tcp |
| IL | 45.60.46.141:443 | www.settrade.com | tcp |
| US | 8.8.8.8:53 | websiteblogdd.blogspot.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| DE | 142.250.74.193:80 | websiteblogdd.blogspot.com | tcp |
| DE | 142.250.74.193:80 | websiteblogdd.blogspot.com | tcp |
| DE | 142.250.185.202:80 | ajax.googleapis.com | tcp |
| DE | 142.250.185.202:80 | ajax.googleapis.com | tcp |
| US | 8.8.8.8:53 | www.blogrankings.com | udp |
| US | 107.22.223.179:80 | financialtools.stockgroup.com | tcp |
| US | 107.22.223.179:80 | financialtools.stockgroup.com | tcp |
| US | 209.90.91.147:80 | www.blogrankers.com | tcp |
| US | 23.21.52.60:80 | financialtools.stockgroup.com | tcp |
| US | 107.22.223.179:80 | financialtools.stockgroup.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\CabDB53.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarDC40.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BQQODH7V\maia[1].css
| MD5 | 9e914fd11c5238c50eba741a873f0896 |
| SHA1 | 950316ffef900ceecca4cf847c9a8c14231271da |
| SHA256 | 8684a32d1a10d050a26fc33192edf427a5f0c6874c590a68d77ae6e0d186bd8a |
| SHA512 | 362b96b27d3286396f53ece74b1685fa915fc9a73e83f28e782b3f6a2b9f851ba9e37d79d93bd97ab7b3dc3c2d9b66b5e8f81151c8b65a17f4483e1484428e5f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3d7e95c8612b45c6c937c8770234040a |
| SHA1 | d0451eb9d074bb374f430be2d913193b4571c18c |
| SHA256 | 325c5dc4a2fa8baab0a9e1f5d4fe1f091681913480bfa6f6491df8c6e5d824dd |
| SHA512 | efc8bae753797a9c7a5f51db322696ddea3067ec37c7dbd805bb563117de8ba095774019097797a99cb966e94bf44170cc57fd99bc6a9cf758f48615b2e11b3f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | dfbe8cee9ef413212e62239f83b1fcf6 |
| SHA1 | 2f0c69fb38d20ca6561b504f5e5cb66039978fe9 |
| SHA256 | 8e9ad623ca3e099eb1f582276082c7343f00403bfce124ac131e40365ceeb1e5 |
| SHA512 | 4e8b5acd82ba579ee424d63070a6b9e2a9438200c02744b824bb1500529a67feb9420c3f1b1479051ae970fbc1e8193758371f04ed5c198ef62d2cc9f15df974 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 299f6d0d67428172e901934085f29ec3 |
| SHA1 | 6c9bc77cbfe075b53e515990ca90e9f4579f875f |
| SHA256 | a03a1646805297d97e9e7b991800f2ebd9edc0be46919d1bc854d895c462ae21 |
| SHA512 | ca751f785604e50fd90c743a3443191c735bf2a5a5ce86c908f669ba67f592f8464334315b0f80342f4dcddf188ee057a065720e42b0f6eac9eb76f65bff37cb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aaf72189850e04a0d9ede31298d1a0e9 |
| SHA1 | c7677335c1fb640396aaf4b2c29599f0b15bb1b3 |
| SHA256 | 81b70e5a54e09a5422c0faf41ea38490631686061c0656aac89793a257dc26fa |
| SHA512 | b0315f35b5d993152579d1b0abf81d575f1723c51a05a6c1970f2f710d4bad2d6ca268a3cd7664e0b4fe6ba1577943d9a9ee9f0144516672a3e6c2152c23d6f2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0db176b090340b7cfe7445ac5e0034ef |
| SHA1 | 053a4c9516568299a0b681b37391da588866035d |
| SHA256 | 6421dfb4d680ab4ff90d3387fd097fba05a22008e52f1df2e826d1c4f650a849 |
| SHA512 | 72da193a6fb55d6de3244d244737df2d46847217cee15924031cce0d5df60816fb2bf2bb0406d0cee3f9893de80b27e03c58e63bfbd03faf8ee70637f24f2dc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 158e1eeb5e98689088e6c282fc34df24 |
| SHA1 | 63248a07b293d0aa19c0392554de9fecddf67b15 |
| SHA256 | 91936e9e74fa20707c36730628f2bc6b28cd41d2202a09e8091911919a299027 |
| SHA512 | c7bfe4c75b5e526d081b77dd66deccea3813929c3f0ed56fe554452dd3ac13c2720f8657df717176cb6560bd6797ae5886ed53ae8205da221eddfcf5a592f83d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 811225b0b4540bf73e35f98bedef0d9c |
| SHA1 | 8e758966b16d21c65c8daf32c994ab0bf9e7b49b |
| SHA256 | 1c7ff4a58567d9d6dbbc574abc1639f714a1e0bc9c18d0e72a7405dc36d3ce1e |
| SHA512 | a259d572c31775d13c9b85a9c9e0bf3a2498310e70ccbef702f8218e7d95f3749180f72a4e14718b5cd0d8dd2807024211b063dbf3383caae5af6ed2eb00ff9a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6fefa02fdc503dd22d25f477b3c55905 |
| SHA1 | fd24dfa4a2a641e6e2bee546405f48458afed649 |
| SHA256 | 7ddfc540b5c2ed5f1200147c147d8fc77671d09f5389fbd42b7b50a426894edb |
| SHA512 | c730354b5eb205b257a4c531798610f50c7d5642802b47773b66a14848b19944b134f274c51449f5bfb131a3ddbccca3ac5cc6401fae0b53567b1f487fc1ccdb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 275cfc5498124358e36ee6b0fe276bf5 |
| SHA1 | 0b6b47cbc9423b2a092c9e5f4ffb41a116b53bb7 |
| SHA256 | 345341149fecb68d6ec3dec457dd23bdcdd2dac2fa59f619b059afaea1edfeba |
| SHA512 | d9cdbf2feca5ecad444f0f0892cfd5e9b5cca2ba53ce10a37830d0ff58293c890f28a48dabfce3d0ea303345c57fa764fb518648437f5b05449fe098bd6d88c1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6f7dc86955cb68dd177cc62f8f48802d |
| SHA1 | b21fdbe2e63b6fcbbf7c2d8b8d337d5086808ad2 |
| SHA256 | 8c7fbfa305b42fd3cef5d0dd82b17e3a5e06c20b1de2a808a1d3d236ee0a8440 |
| SHA512 | 5f7313b2116a22d2c1202e1de17f37bb4097d8bc70e390fb5fab79f6620b84649f95a4020a30e9ae7105aaaf537278c7245721c02c10c7da1ec69245a3e4b31f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8a75c1057ab9498efb3b3e2dd3dc89fc |
| SHA1 | c48a229d38c5acf8bd02c7f71c9b8caadeb65c7d |
| SHA256 | d9f0eefd3e5e9952a27901824f28797889f467cbe161256ebad924dbf6120f30 |
| SHA512 | c338156a718caf5d2f8629853e5d4ab06554ea439f3dc1b83ec5a200b554197cb63fc7a0e9ac58be414e0899b4bf2a4607f1fffa444078086076f70429c33583 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2a255e5132e61853235de9c0a3f4faca |
| SHA1 | a35a7fb4059ea500fc1f76df356dd5e5b4793c06 |
| SHA256 | 248dd566e0cf02b47d76d2e5cddc7b30d56bc9cb026a319cd957b21be3ce73b7 |
| SHA512 | 8ba6c40f4219b942b30012a8535106cfe748d9a967305284dd145869f52351f9d2be7dda4d3fdaad9dbee3b92b08c4fac1bebb25864195a62220ed058ca0fb95 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 143b118dc066e4ca3967673a072f8fea |
| SHA1 | 2860c17c664883cb0cb4b3ceff1b5ef7c032983f |
| SHA256 | ce1af18faa8a1393645132fad59abcec5dab3f9c56979cd8b5f5e2096f38d64d |
| SHA512 | 503b14a89238521f90941d925eff86bb461a4d5d7df72e47df14b04a499d3d332cea957b33203e8ade4550c5ec7d1bee75e72d44d34c3f963c075ebdcc82b758 |
Analysis: behavioral2
Detonation Overview
Submitted
2025-02-04 23:13
Reported
2025-02-04 23:16
Platform
win10v2004-20250129-en
Max time kernel
149s
Max time network
146s
Command Line
Signatures
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | sites.google.com | N/A | N/A |
| N/A | sites.google.com | N/A | N/A |
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_9937add738802c4a123e7d97cdc479d7.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe2d0446f8,0x7ffe2d044708,0x7ffe2d044718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,11280575561751902819,11705790489206011713,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2036 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2020,11280575561751902819,11705790489206011713,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2536 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2020,11280575561751902819,11705790489206011713,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2948 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,11280575561751902819,11705790489206011713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,11280575561751902819,11705790489206011713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,11280575561751902819,11705790489206011713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,11280575561751902819,11705790489206011713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4652 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,11280575561751902819,11705790489206011713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,11280575561751902819,11705790489206011713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4604 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,11280575561751902819,11705790489206011713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,11280575561751902819,11705790489206011713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,11280575561751902819,11705790489206011713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6496 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,11280575561751902819,11705790489206011713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6528 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,11280575561751902819,11705790489206011713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6632 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,11280575561751902819,11705790489206011713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7100 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,11280575561751902819,11705790489206011713,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7316 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,11280575561751902819,11705790489206011713,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7484 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,11280575561751902819,11705790489206011713,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7484 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,11280575561751902819,11705790489206011713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7840 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,11280575561751902819,11705790489206011713,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7964 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,11280575561751902819,11705790489206011713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4156 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,11280575561751902819,11705790489206011713,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7180 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| DE | 142.250.185.228:80 | www.google.com | tcp |
| DE | 142.250.185.228:80 | www.google.com | tcp |
| DE | 142.250.185.169:80 | www.blogger.com | tcp |
| DE | 142.250.185.169:80 | www.blogger.com | tcp |
| US | 8.8.8.8:53 | ads.bumq.com | udp |
| US | 104.21.7.9:80 | ads.bumq.com | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.185.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.185.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.130.81.91.in-addr.arpa | udp |
| DE | 142.250.185.169:443 | www.blogger.com | tcp |
| DE | 142.250.185.228:80 | www.google.com | tcp |
| DE | 142.250.185.228:80 | www.google.com | tcp |
| DE | 142.250.185.228:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.intensedebate.com | udp |
| US | 8.8.8.8:53 | static.ak.fbcdn.net | udp |
| US | 8.8.8.8:53 | tweetmeme.com | udp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| US | 192.0.123.247:80 | www.intensedebate.com | tcp |
| US | 192.0.123.247:80 | www.intensedebate.com | tcp |
| US | 192.0.123.247:80 | www.intensedebate.com | tcp |
| US | 8.8.8.8:53 | www.blogblog.com | udp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 8.8.8.8:53 | ws.amazon.com | udp |
| US | 8.8.8.8:53 | www.gmodules.com | udp |
| DE | 142.250.185.169:80 | www.blogblog.com | tcp |
| DE | 142.250.185.169:80 | www.blogblog.com | tcp |
| DE | 142.250.185.169:80 | www.blogblog.com | tcp |
| DE | 142.250.185.169:80 | www.blogblog.com | tcp |
| US | 8.8.8.8:53 | jg.revolvermaps.com | udp |
| DE | 142.250.185.225:80 | www.gmodules.com | tcp |
| US | 8.8.8.8:53 | sites.google.com | udp |
| DE | 142.250.185.169:443 | www.blogblog.com | udp |
| DE | 172.217.18.14:443 | sites.google.com | tcp |
| DE | 172.217.18.14:80 | sites.google.com | tcp |
| DE | 172.217.18.14:80 | sites.google.com | tcp |
| US | 8.8.8.8:53 | img1.blogblog.com | udp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| DE | 142.250.185.169:80 | img1.blogblog.com | tcp |
| DE | 172.217.16.193:80 | 2.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.28.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 192.0.123.247:443 | www.intensedebate.com | tcp |
| US | 192.0.123.247:443 | www.intensedebate.com | tcp |
| US | 192.0.123.247:443 | www.intensedebate.com | tcp |
| DE | 172.217.16.193:80 | 1.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| DE | 172.217.16.193:80 | 3.bp.blogspot.com | tcp |
| DE | 142.250.185.228:443 | www.google.com | tcp |
| DE | 172.217.16.193:80 | 3.bp.blogspot.com | tcp |
| DE | 172.217.16.193:80 | 3.bp.blogspot.com | tcp |
| DE | 172.217.16.193:80 | 3.bp.blogspot.com | tcp |
| DE | 172.217.16.193:80 | 3.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | 9.7.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.181.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.185.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.179.139.118.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.18.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 247.123.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.206.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | img2.blogblog.com | udp |
| DE | 142.250.185.169:80 | img2.blogblog.com | tcp |
| US | 8.8.8.8:53 | feeds.feedburner.com | udp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 216.58.206.46:80 | feeds.feedburner.com | tcp |
| DE | 142.250.185.106:443 | ogads-pa.googleapis.com | tcp |
| DE | 142.250.186.46:443 | apis.google.com | tcp |
| DE | 172.217.16.193:80 | 3.bp.blogspot.com | tcp |
| DE | 172.217.16.193:80 | 3.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| DE | 172.217.16.193:80 | 4.bp.blogspot.com | tcp |
| DE | 142.250.185.106:443 | ogads-pa.googleapis.com | udp |
| DE | 172.217.16.193:80 | 4.bp.blogspot.com | tcp |
| DE | 172.217.16.193:80 | 4.bp.blogspot.com | tcp |
| DE | 172.217.16.193:80 | 4.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | twitter-badges.s3.amazonaws.com | udp |
| US | 3.5.29.75:80 | twitter-badges.s3.amazonaws.com | tcp |
| US | 216.58.206.46:80 | feeds.feedburner.com | tcp |
| DE | 142.250.185.169:80 | img2.blogblog.com | tcp |
| DE | 142.250.185.169:80 | img2.blogblog.com | tcp |
| DE | 142.250.185.169:80 | img2.blogblog.com | tcp |
| DE | 142.250.185.169:80 | img2.blogblog.com | tcp |
| US | 8.8.8.8:53 | www.blogrankings.com | udp |
| US | 8.8.8.8:53 | www.blogrankers.com | udp |
| US | 8.8.8.8:53 | 227.185.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.206.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.185.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.186.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.29.5.3.in-addr.arpa | udp |
| GB | 95.101.143.177:443 | www.bing.com | tcp |
| US | 209.90.91.147:80 | www.blogrankers.com | tcp |
| US | 209.90.91.147:80 | www.blogrankers.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| DE | 142.250.185.142:443 | play.google.com | tcp |
| DE | 142.250.185.142:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 177.143.101.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.185.250.142.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 104.21.7.9:80 | ads.bumq.com | tcp |
| FR | 163.70.128.23:445 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | r-login.wordpress.com | udp |
| US | 192.0.78.18:443 | r-login.wordpress.com | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| FR | 163.70.128.23:139 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | 18.78.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 104.21.7.9:80 | ads.bumq.com | tcp |
| GB | 163.70.147.35:80 | www.facebook.com | tcp |
| GB | 163.70.147.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| FR | 163.70.128.23:443 | static.xx.fbcdn.net | tcp |
| US | 8.8.8.8:53 | 35.147.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.128.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.49.80.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | financialtools.stockgroup.com | udp |
| DE | 142.250.185.225:80 | www.gmodules.com | tcp |
| US | 23.21.52.60:80 | financialtools.stockgroup.com | tcp |
| US | 23.21.52.60:80 | financialtools.stockgroup.com | tcp |
| US | 104.21.7.9:80 | ads.bumq.com | tcp |
| US | 8.8.8.8:53 | gelgit.tk | udp |
| US | 8.8.8.8:53 | www.bangkokbank.com | udp |
| US | 8.8.8.8:53 | www.settrade.com | udp |
| US | 104.21.7.9:80 | ads.bumq.com | tcp |
| IL | 45.60.46.141:80 | www.settrade.com | tcp |
| IL | 45.60.46.141:443 | www.settrade.com | tcp |
| GB | 184.85.54.124:80 | www.bangkokbank.com | tcp |
| US | 8.8.8.8:53 | 141.46.60.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 124.54.85.184.in-addr.arpa | udp |
| US | 107.22.223.179:80 | financialtools.stockgroup.com | tcp |
| US | 107.22.223.179:80 | financialtools.stockgroup.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| DE | 172.217.18.14:443 | sites.google.com | udp |
| DE | 142.250.185.228:443 | www.google.com | udp |
| US | 8.8.8.8:53 | websiteblogdd.blogspot.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| DE | 172.217.18.106:80 | ajax.googleapis.com | tcp |
| DE | 142.250.74.193:80 | websiteblogdd.blogspot.com | tcp |
| DE | 142.250.74.193:80 | websiteblogdd.blogspot.com | tcp |
| DE | 142.250.74.193:80 | websiteblogdd.blogspot.com | tcp |
| US | 192.0.123.247:443 | www.intensedebate.com | tcp |
| US | 8.8.8.8:53 | websiteruengdd.blogspot.com | udp |
| US | 8.8.8.8:53 | websitetraveldd.blogspot.com | udp |
| US | 8.8.8.8:53 | gravatar.com | udp |
| DE | 142.250.74.193:80 | websitetraveldd.blogspot.com | tcp |
| US | 192.0.80.242:443 | gravatar.com | tcp |
| DE | 142.250.74.193:80 | websitetraveldd.blogspot.com | tcp |
| DE | 142.250.74.193:80 | websitetraveldd.blogspot.com | tcp |
| US | 8.8.8.8:53 | 106.18.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.74.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 242.80.0.192.in-addr.arpa | udp |
| US | 192.0.123.247:443 | www.intensedebate.com | tcp |
| US | 192.0.123.247:443 | www.intensedebate.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 908f9c2c703e0a6f81afb07a882b3e30 |
| SHA1 | 53ed94a3145691e806e7dd8c160f5b459a2d16ef |
| SHA256 | 4436bec398522c5119d3a7b9c41356048c19d9c476246c76d7a4c1ee28160b52 |
| SHA512 | 7af7116a91c8e3dfc23db8a78d7aff9a8df8e3b67df7f4ee66f9380dba4d1e66d980afaefc5dc2d9034ab5c0b7c6934400feb32645373f3ff4f8816414ae6ff4 |
\??\pipe\LOCAL\crashpad_2072_URBOFWPPMOCGRKCM
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b9013b8bea41aa2c8fa7f4763168069e |
| SHA1 | 349be86bde65cc0c3a15b2b21b6eaf2db452e92d |
| SHA256 | 6245436fe808740cde15c227fcda465a37a52f17f3642a71f0abbc466ce5b466 |
| SHA512 | d23bc18adb6acf9eb36fea85becb7b1a004bed034ef443acc3d442d1364f2ffa17f57e8eb6eeb1702dc459c5c16763b4e72249e6a326c9c36800d3f395fdd326 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2fe72b49c0e620e152c410b5fcb705a0 |
| SHA1 | 23c4d710356a1c817537a3f3de35556de6d59fcb |
| SHA256 | 2d2fab4b5169cc41ff5ab371c89a53ea128c666d85d6e5efa0e05f5f196f611f |
| SHA512 | 350817cd432586892868c123560d797eeb1b6ce2c6ecbd4445718c27357eccc2d39ca590e7790d7fed5521e78dae42454075a9df299c583481934c3b812792c1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | b4a4fa33a1317f193ce3b0e495f063bb |
| SHA1 | e387c2e7439034e59dff8f41d68adc78f146ad2e |
| SHA256 | 00896ce7e0b5bb3ceebc084a34f324054fd6828bd447dddbdc2e8994c7998550 |
| SHA512 | 8dbfc107f9fd778951214bb5c759b52e654dcde6999b9482e7e408dcdcfbf1773d4932d6b32197170ab3b183773955c19dfd9867923031f6144b6b61563ac3c4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f742cdb276cccbc751bddfe90ae4dfe6 |
| SHA1 | b3104fe3b863711cd91c8362874bd4760a351636 |
| SHA256 | 2b1bef72a1b0c1bd6607c7d11bef5957fe81725ac89fd4f864505dfdff89d4e1 |
| SHA512 | 27c5e8da954d993bff5ea32e31637cc7fb7f44f39e9c6a016f5c509d115879dff1d92d8caf3d363895bc6667052cd9bfc33441dbcdc52432f19d1148753c180d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | eb2f47f640bb165796df7b5b3f5ac436 |
| SHA1 | 9de2ef38247d9a3c75ffe6c413b8eb68f9ad88cb |
| SHA256 | 83a1156f76cb9677841b6b8e7e6b0acaece5bee76ab7be5a4702af29287ce31c |
| SHA512 | f39436ac4ddd705a06f57a610b74e5ae30afee532625bbfead71a43eae513390851d9386d0269fcef6b4a0f199c40c73c77fcb28e56d9bc147e132a0355e7adc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581e70.TMP
| MD5 | 09c325eaae8b37cd15c52cf7372c4b62 |
| SHA1 | a2bf533261eb1e03b3d44c956655ebaa8cd1a629 |
| SHA256 | fec78ab3de66cedf50ff560531ae65584701115b3a723f6af75c363a3743c948 |
| SHA512 | d9ea142a37ff768d56e7324a98cbbf05b2926eaa47964daef96dbe54bd1a2490c423c5ab8154e19e8cbec59390f2059a784a89673188e382ca9a0456d175705d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 56ed8c37daa73d638fd955c2bf8a3224 |
| SHA1 | 28b9565fbe921af24b7edd9ad410f983ee9cd4b2 |
| SHA256 | f157473c07dd399304bf559796806e847e5a2dcb0fd7f12e3363148675a81141 |
| SHA512 | 904100bb99eb6a82169a399c4b5f743d442c6d8a9395d0488f72da971dc0053c64a599e40fd5d6d2549e390336fffe528bdbeebaaa9209471d6ee0b524504ae2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 9d491bd012d69e913926e2961217d816 |
| SHA1 | aa5ca7447bb342ffa5eb9933febd7ce4b957488b |
| SHA256 | c12b92e0fbc347f4cb8de7eac1979d3f6f9f3e08fa0c5d03f3c25e65200ca192 |
| SHA512 | d96857d2d33e84776e8f604f4229c806e039c35edf99078076945714596e6f81e4f67133428d282fac6c5ed9381cae31990dd7c8e7f8e661bcfc9320cfcc6f1d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 2c28db313632783bb268f7acc10c687a |
| SHA1 | c97b8493e320fb4d79cdd91ce96e54ec999da80d |
| SHA256 | 439fdeb24792ea2b13ae8f11f648ab3ecc198d754eb261f4c9111725e4f100c0 |
| SHA512 | 3ad506717c4ee42c04f76e837a5df0c701284e4cc688f3c7196d4627ab9b19e1de57952528b8f81326fabbd3c6859a1132f47aee6c15c9fd8da46324516e1644 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 722d2cd303e694f94cd819a164cdd0ea |
| SHA1 | febaba4f6586f25eaed58edad63a5d3fd8a8d7b0 |
| SHA256 | 3ec51a8b1a806e8fc7478c09f89131f37cbd01c18d8fade35ec700575fede09a |
| SHA512 | 692dd69b9be80cd671e807f2ccb88e535faf4d76be7cdc12be1426568efb3000d7e02156bd5eb2af20d929e25ebfa60a0fbb940e572e714c3832678cfc2952ff |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 961b553bddca4fe668ad7308154f113c |
| SHA1 | 31a83b1d2e4f06aee3e99465dee5c177ef535239 |
| SHA256 | 5f1fdfead62a2175164ad4a57b64ddb677743230058fa042d7ef5bc4cac4d16b |
| SHA512 | eba5c97e3b951048bfc38b4c36a6495f8ae6c23bc70bb95b92580f38fab17d0a8c699a0bb99d2d68f6079ea76a140b1fa95c4b55e9711bbe888641d3465a7e47 |