Malware Analysis Report

2024-10-23 17:24

Sample ID 240510-q363qahe4y
Target 2f6ab08e78a8ea7ba734380a66760cb5_JaffaCakes118
SHA256 2fc0ebec58f7acd7a92d5ab5905d3a0afcd5f5ed1751d1597f87f7b406f3115c
Tags
socgholish downloader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

2fc0ebec58f7acd7a92d5ab5905d3a0afcd5f5ed1751d1597f87f7b406f3115c

Threat Level: Known bad

The file 2f6ab08e78a8ea7ba734380a66760cb5_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

socgholish downloader

SocGholish

Suspicious use of SetWindowsHookEx

Suspicious use of SendNotifyMessage

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-10 13:48

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-10 13:48

Reported

2024-05-10 13:50

Platform

win7-20240419-en

Max time kernel

142s

Max time network

143s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\2f6ab08e78a8ea7ba734380a66760cb5_JaffaCakes118.html

Signatures

SocGholish

downloader socgholish

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d10000000002000000000010660000000100002000000003ee690010d0474577b6814685373131ae09529875a8ba78a8a183c2aecd6da8000000000e80000000020000200000007c6968c98e06205ec179be0a12db2714188dc56217ec17bb008b8ef5cb8c6f8120000000809c685454ad1ac38be301d33ca0a1fa335dc2191166f88345ed8d6610516a9240000000d1ad283fde7b11ac80dd4f44de378258f89f4ab6025113660a2fdfcddb9f41a399eb4e1245e5f057c3db3addfd4548ed98694f37f247f2c30861e9aeacf73b53 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 606e0ecde0a2da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d1000000000200000000001066000000010000200000002224c8003df59b64f5f09b4d4c164ef63754c8b02e2a8e11f5e80bb770cd5fda000000000e8000000002000020000000a8e07332eae56a24ee47756d1604b97331e153f341e2401efe9e64b9f46772d8900000007d59ff1196b4ef7f3cdd25edd555f56496098b4964a1a7e32d3ce4018238e61f85933e88f894a83a2d143e3595886e58264c13bd260e05753bc57770de77c12a942323b77a3f201cd5000a94b21d192c4b40aa5ec494d0bf9093ee10107076510fe50cf916b055c3d887b6cb128907f303dd9119c6b8d9a4623adbc36234b1276a2f8f3f7da10d626c44722607e87429400000005161ceb3fae76dff99eaf4571dfaf75bb3a03221cb890f9e9e736e23faae41cfbf85fd44596a873c30c10a0f224eb6b1a287c02cb8921196df0272895b15391f C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F2A14BC1-0ED3-11EF-B944-E2C1BAF7F8C9} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421510761" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\2f6ab08e78a8ea7ba734380a66760cb5_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1960 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 drooid-today-script.googlecode.com udp
US 8.8.8.8:53 nusacode.googlecode.com udp
US 8.8.8.8:53 domassistant.googlecode.com udp
US 8.8.8.8:53 javascript-share.googlecode.com udp
US 8.8.8.8:53 bdv.bidvertiser.com udp
US 8.8.8.8:53 img1.blogblog.com udp
US 8.8.8.8:53 lh6.googleusercontent.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 images.dmca.com udp
US 8.8.8.8:53 xslt.alexa.com udp
US 8.8.8.8:53 www.blogtoplist.com udp
US 8.8.8.8:53 stats.topofblogs.com udp
US 8.8.8.8:53 apis.google.com udp
IE 172.253.116.82:80 javascript-share.googlecode.com tcp
IE 172.253.116.82:80 javascript-share.googlecode.com tcp
GB 142.250.178.4:80 www.google.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.187.225:80 1.bp.blogspot.com tcp
IE 172.253.116.82:80 javascript-share.googlecode.com tcp
GB 142.250.187.225:80 1.bp.blogspot.com tcp
GB 142.250.200.33:443 lh6.googleusercontent.com tcp
GB 142.250.200.33:443 lh6.googleusercontent.com tcp
GB 142.250.187.225:80 1.bp.blogspot.com tcp
IE 172.253.116.82:80 javascript-share.googlecode.com tcp
GB 142.250.187.225:80 1.bp.blogspot.com tcp
IE 172.253.116.82:80 javascript-share.googlecode.com tcp
US 54.241.51.109:80 bdv.bidvertiser.com tcp
GB 142.250.200.9:443 img1.blogblog.com tcp
GB 142.250.187.225:80 1.bp.blogspot.com tcp
GB 142.250.187.225:80 1.bp.blogspot.com tcp
GB 142.250.200.9:443 img1.blogblog.com tcp
IE 172.253.116.82:80 javascript-share.googlecode.com tcp
GB 142.250.187.225:80 1.bp.blogspot.com tcp
IE 172.253.116.82:80 javascript-share.googlecode.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
IE 172.253.116.82:80 javascript-share.googlecode.com tcp
GB 142.250.200.9:443 img1.blogblog.com tcp
US 54.241.51.109:80 bdv.bidvertiser.com tcp
GB 142.250.187.225:80 1.bp.blogspot.com tcp
GB 142.250.187.225:80 1.bp.blogspot.com tcp
GB 143.244.38.136:80 images.dmca.com tcp
GB 216.58.201.110:443 apis.google.com tcp
GB 143.244.38.136:80 images.dmca.com tcp
GB 142.250.200.9:443 img1.blogblog.com tcp
GB 142.250.200.9:443 img1.blogblog.com tcp
DE 159.69.42.212:80 stats.topofblogs.com tcp
DE 159.69.42.212:80 stats.topofblogs.com tcp
GB 216.58.201.110:443 apis.google.com tcp
GB 142.250.200.9:443 img1.blogblog.com tcp
GB 142.250.179.238:80 www.google-analytics.com tcp
GB 142.250.179.238:80 www.google-analytics.com tcp
US 8.8.8.8:53 i1259.photobucket.com udp
FR 18.244.28.112:80 i1259.photobucket.com tcp
FR 18.244.28.112:80 i1259.photobucket.com tcp
FR 18.244.28.112:443 i1259.photobucket.com tcp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.151.35:80 www.facebook.com tcp
GB 163.70.151.35:80 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 i50.tinypic.com udp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 142.250.179.227:443 ssl.gstatic.com tcp
GB 142.250.179.227:443 ssl.gstatic.com tcp
US 8.8.8.8:53 accounts.google.com udp
IE 209.85.203.84:443 accounts.google.com tcp
IE 209.85.203.84:443 accounts.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 resources.blogblog.com udp
GB 142.250.200.9:443 resources.blogblog.com tcp
GB 142.250.200.9:443 resources.blogblog.com tcp
US 8.8.8.8:53 s10.histats.com udp
US 104.20.67.115:80 s10.histats.com tcp
US 104.20.67.115:80 s10.histats.com tcp
US 8.8.8.8:53 s4.histats.com udp
US 8.8.8.8:53 world.popadscdn.net udp
CA 149.56.240.130:443 s4.histats.com tcp
CA 149.56.240.130:443 s4.histats.com tcp
NL 190.2.139.23:80 world.popadscdn.net tcp
NL 190.2.139.23:80 world.popadscdn.net tcp
US 8.8.8.8:53 www.blogtoplist.com udp
US 104.20.67.115:443 s10.histats.com tcp
US 8.8.8.8:53 apps.identrust.com udp
US 2.18.190.80:80 apps.identrust.com tcp
US 8.8.8.8:53 x2.c.lencr.org udp
BE 23.55.97.11:80 x2.c.lencr.org tcp
CA 149.56.240.130:443 s4.histats.com tcp
CA 149.56.240.130:443 s4.histats.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 172f88efccc0977574e3236593bdbfda
SHA1 09904bc810d58416803fc5a0531ba991a0d290b4
SHA256 cfc63357ebc6b03b14f3b818083ba8e9159b6e62beb399fbd07ab966a508137c
SHA512 60b6ace0aeaca7d04a305e19006866a446b8cc2299b12054d4a775607a72d316d72b0a051261281dc3474ed89cfae3751bbe9a3575eca899e127adcf4158c2b7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 30ba39f0d9dfc242bcf5a13148c65714
SHA1 f35a36a5dd87eec68ee6d1e621224995838f30f2
SHA256 6cb7722d1559158bb31024e172b224988f0963e043cb8f60065c94c0e9f5b0a8
SHA512 bf732a235af263d14562f0f10495e910f18affdf4dd1f1f0507c470de7e9cc0d3f122f4e114962ab3342c434d71b20e97ee78dde7339a42300cb5a394f500a45

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 75df04dbe67b5eea5be997f67038639e
SHA1 8f62fea6b9b86994f4e9dbc6572ad08879ce5b0f
SHA256 93a97e5ef9641bb5a03e1f435cbd0f6db3743cef451c12046082f8571c465153
SHA512 e7b93512a6aeda64f795ef89d7ceb939959a7ec8237429daebfbca484878091e5df3e355bc477c499fd8b691eada38a6d08344baace714d898ff798907d420de

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_F82FCC341F124F6AC9D153F6ECE89FFA

MD5 43ae1240e82a88c27729aa2e43fdcd18
SHA1 d3d075e4a91481cb936b162a4aef36a7ec25ee70
SHA256 e3502b118ac5ee1eb32690694f604b973f3d5c4a8bc00c7a41e71c63ed96bdf2
SHA512 b41079e60d4fc1c4640a119dc1fa47bec6efadabbc0e5f4e4a3f4c89abb160e74914531088e273feaa670d3a92b00a0e6380fd94fa480913709f34ad1c971a5a

C:\Users\Admin\AppData\Local\Temp\Cab1E4B.tmp

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\Local\Temp\Tar20A0.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b02c1554c7b201043b8fda510ebd7f69
SHA1 5c3847bbb7c4f43ae2d6ff7fe997f8061d0ce165
SHA256 faee19b379310cff6db5c3f8a17e80524929297fdd573d33cb799106f0eb67f5
SHA512 182860f78416cb5d01ae3321b024ad581d2a225e6dc2df71a0e1a699a59532fbe67caef7d56392a415676c2a384c6b905ff848b0b1759af7c4c914f267e310e5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 82da6ba69f48a66d5daf49cabc95765d
SHA1 96199cc10bd6154980916489053c344a02a0a4a0
SHA256 a5b5c10427196b8811de8990de362620366490b9f346b4c8c3bb948a167c4d7d
SHA512 8c98bb012cb921dd3d6546e1211297b298fc212b95da94c0a88452b1a1e9f2716da1aab645018e966f3d2645f541d18c22a81adfdd30babb1c07d54c93b1f25f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3d89b09cba7bf895eaa817f320026360
SHA1 58d6c52304aa031d74e971fe139ec946dd4213ff
SHA256 a08fbc0543ccbf1c8e8c798458781157519ca12319bc33d6f6d17cab4a221fbc
SHA512 36fa0eef43ccad6716462d30b6ecd1145b1930c06516e279cbf58483f83958c1973126b3bb6c5c9247c44ebe2eefad5c4f3e5a71cee7a40fd04c51738eee210f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 db0172439e7bb6a93fab2e9a30e51a80
SHA1 7609bd46e1930fb61b08ab8ca0c27323b0d85b71
SHA256 61143cca638bc6cc8faf6b7f705ee7bf6537a8b85ca65c2263483ab0808a9cf1
SHA512 127643551198cf1f946cd1ae0bf3d706f924ae5a4f158e9c59fb80d36478529ac11d437fd08942fe68d7af11b5aa547f0bc7f99583e1edf5637fd7e82b7077f3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0210d2edc07b9fff5b9adcc4c6049ad9
SHA1 458719c7a602e22202b19855418b2658498b7708
SHA256 d00a3e57c0a9566711ed63e1e79d7cd1af40e132ba72336d0d34474865557aec
SHA512 30ddc6a084d5b23ebdfa00ebc3e78f293ba1cc68eeb30d838cec7baa2abf6f65ca10513d792c72b07819d463863a35076bfa7ed6a63a709f4e02b18df8f164e7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9874212e9c19b15dab8bd5f830a27bfb
SHA1 1f09538a6cc17ad27f7e10f33a520ca279ec447f
SHA256 e3e072eb9494253a7d3b93e5214b4de68a7ec8e3fe5e4d46ea0f85da44a8c45d
SHA512 43332a8bbf2920c6b58dd7dc46dc79e0d704eb30dd939525557f213d72be3bc511bf315f7bf598705ed4cfac06302dfc6ca9a55419d6fd1c98646cb8952dd341

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8c759f0d90aceb96814c11a780fa491c
SHA1 7ff8364723f6d2a716c4dd2f46884472db4064d0
SHA256 a50634bb1ce791401b0e99ffcccf084bfd745321b5a6ad6e8909a8f8389b0d57
SHA512 e508456f586e9a0414f89badc4ae92d10babd59f2aa465ce266bfc5bb86408414dbe529d92791a37cb678e87b57c22d529df33a149ad89e17593d41fd0bd457a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 48648f18791367fb03db8873b66a03da
SHA1 84616eaa2a5761ff6b80e4e5cfe88239d1b44499
SHA256 e88d36fe546e4b05d6aa36ae5b83c743db753e476ae34c92f6a1d0f8ff9971b9
SHA512 1d68681784d65d98aa5b974a4b79e66aedb6356b70f4bba5c8e5b64546c5a8168dd8c768a8ad2c3114bb7a32c2c50fe53163bd54f4d508235837a56d2c597114

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0040a9adf0b1c6e5de3f20b80363c35d
SHA1 e18538a22f717d0faa644a7bdc711799f1f2eb3e
SHA256 5e03e84de6b898eb9334d6549aa8673ab57bd468e233985a3650880fa5c5d4ac
SHA512 9908747275f031efabdf763038ce3f652bb340e7943e9b719054b4e0efcf38b6e280057d17be8194dbc6c265440e172ddaef56ec256b9acc53bd726719c997e4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a06ed359c010633a2bcbb966f3199293
SHA1 c3ed825cb411457aeca563360cb36d620d338c05
SHA256 e79cac5c7a925d0c0fc6058ff5488a5944a9c1a6eab4f71a18cca80339583bc7
SHA512 f8b72389f33331cbc913e0b7e903d61cd2eba5bf51c5d611b477273420c69137deb475a67313b8b730b9800ac0f48a0db86127acde68272f05d124b56d4d5105

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6f7a769017b43584897a1cc6342c5d43
SHA1 af7b254420738c5952e33ab6960a0f6e2870039f
SHA256 75e89d930253efec0b8557c40a1ebbdf4976f395622a49f9c59371cc0a79baef
SHA512 fb17839ad2e2a183d0eb507d81eba7ea8364f239eaddc60c814a437d6a9b2b246b8627f57d180344fda03f24ab1d4cdb277157840a5d3a9f5869776659b2225c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c821c9d00ccb9e0d77cb5be233430dde
SHA1 27eed6d5b5961a3e23fb148f4053638dafcc2bab
SHA256 c073138fb3785f93e6f26bdaacc06822f852033b05cb5399cea682d12bbf271b
SHA512 c79ec7661e9c89ff693cf234d2c92896f65f4828c8f3696cb4b34bef0d683c42e989f834db967f95cc250ba51b87583ce5f0c43b144db7e010052c530dccca28

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bdfd59772d90c16050f55532a27e9a0a
SHA1 d9c6841bf17f84137da03b824616e212c8e60ba5
SHA256 a68bf3997f6bb1df95b28b689bb5987ec20d60bfb600af9051e2a595e6791adb
SHA512 5c84811f76255506cc0098c5c3099c131926c0c286d4faf68e09828da13f0d9b5f8ab6fa519d92cf09099aee9cac4eb12d7791fff5f07478f01e0394b45a79a7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 44f5e9cc1fdb9e6befef05873b251679
SHA1 f23201098ce1b8c47693fa3c928e4ba3c400f470
SHA256 6d58363ad603c341d675eff14b92732b7479810334b711d322913aacc72b744d
SHA512 7419dbb581c9bb1402daec2674d1be03cdd95d2822cd3992ff56caeef168050480f53b037d34025388a54d0514b3c4aa440e93b4e7c327030f2f133dcefa50db

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6a662a74713af2e999a211293320bdbc
SHA1 8eccdb7e57c126a0f04e66a2adf0db233baba423
SHA256 ca5b60fd3ea287b0a482732e7359dff9a09e46d7b2818960b5010cf91579ce8d
SHA512 ac58128d65b1bc86649779b84202731ba0c13baab0e8af252fc83997b25633a304ae5c76ed710c504a542b9e6c83b9860d4cb7e71a2dc2e91582322ab5c812e5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1af8261a9055b973f01ee28124a4942c
SHA1 19f68cc9735f99f12f14a3104fcbec021edb533a
SHA256 9a6edd6ca7a04514f769e4c2b1c98d901d6658d322b4e7c2edcd28f7210278e0
SHA512 a275a9c26bd6756c7388ab5fb8fe825dbcfe2ae4ce3a8b9ba85ad0d75c395a01743cae667e1dc99650da359848806fce79cfe52a96def80b6c1de47a2aaba27f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3ab12093d1f1b9f36e6aae70a9b6ad3b
SHA1 1f96210c1bf6c8924f2113d8fd2fa3931b6e1b10
SHA256 907264f1e70ac4ed826b9d22b25399c6f6a7bae4af22e65d7f4a2fa944c01ce0
SHA512 8baee2db1112745124b552b0e93f8ff3278994a3fb1f9cafe50289139d8c539837e100d6d28229af3581c9589ac8c37111939148b0073caaa8e0c4b154b70891

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 063bdff77ae188a9f12acfa73811c734
SHA1 3016ae91662d8f085bd0e64013090c863a0d8eee
SHA256 77613c002623271e8b30efc69e6264e342b7d87a32ca7c7025547191163a133a
SHA512 c82c0a7c9dc8807a7d90c2ea1a7bf9010c1ceccd05fb11fe3498d836e2e54eb19902cc405727996f7220134e2646c4d8bcec4c42e1f48b138558174647c6fb7e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b23d7f8b146aa6831201bb43d5598503
SHA1 6c9675cd2c0d3911e676cc60e1b7ed884e8a7bb5
SHA256 450351a18e9d3d5839f422d6f7a41cd3d9f58ecee6ec41fa254bbb1fb624b0b1
SHA512 90d0b0d12e6859c36500afcb17b9b199e006c7d2e0e086159f210643332386a034a604e62a127e9deed3901c574a830af40e486276059cad036fd3ab4478ba54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ec0587a79a86aaccf08b463cbfcbad4b
SHA1 b557e61eac6f3f5ee929eac7f65cd730b3ee1d22
SHA256 cd74c1031ef8f97db37096c50fecdec38dc9d44a6b70f96aa83d9bc77c487a0e
SHA512 c02b0181ef9d1a421aa663ab85d49a31b21e59c3bfc0dc8c4df3866df5336791aabd21323fb9fc64278d4c3991eb897e24379920a56ed0c14c3adc2b045ea273

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a2863b860cd9ccb7dc627949f485e02e
SHA1 869c542d959a4525815ba0cbbcdfeb67884c2b9c
SHA256 0dc3135184e5e5eafddf149623bfe837c1dafeb49af47cc0d6ebea8e586451a9
SHA512 ad1ce2933e1add2e716a76ed979e09ef1e4da73f8cdb66b694ddb157b991bb9709c3c58df56a422a5ca20d9c8d104981a238cfc7c629db30a52a40bf416cfd1e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a8e62250721c595448dc26f5e2dea379
SHA1 b5c3e22ae78d25d3b2ac432d4cee8796caf61d9e
SHA256 d817e4b21195358840281cffd18747ea1ad743be2614f67ba5345a632f623df2
SHA512 25ea604052b1ba4ee1129973510709c453b6eb2e115a4c620bce51e1fad9913959fb461b431ba6fd1fdeac49a816238b7f464cfc687adbad03459250a3e11bb8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ef868b554768c9dddf12299fe2b4f389
SHA1 be20d73c658d118f8729f3ce30eafc2b0c8dbb7a
SHA256 b93743c405a2ac8650d7143bfc7094bf7904ebfc0e4fbe75816f2ad760160d1a
SHA512 dcc585719205f2c3fac91bd69816e54dd61611881125497c6f52af5315d0db4f5aaff20676ec9c2a6e700250e48c620cf209b1ecfed216ef95c1eaff5e0cd35b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 75ac814e9490ad973f06595e06fc925a
SHA1 7964ad8262cb314c1d0825001dcdb6f1cb278004
SHA256 49791a8cfa175730bee65871b73049e6586199e3597e13c9eea37bad99918f8b
SHA512 b840beeb4c1aa36a94e156e3d38ddb97d5f9c8aed46ab5091ef5ff3bbeb2de4dbb8af83171bfbbfc462543d1b0fbda8528e321e5b977be42fee288b06def0bcc

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-10 13:48

Reported

2024-05-10 13:50

Platform

win10v2004-20240508-en

Max time kernel

149s

Max time network

142s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2f6ab08e78a8ea7ba734380a66760cb5_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1004 wrote to memory of 3908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1004 wrote to memory of 3908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1004 wrote to memory of 2232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1004 wrote to memory of 2232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1004 wrote to memory of 2232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1004 wrote to memory of 2232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1004 wrote to memory of 2232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1004 wrote to memory of 2232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1004 wrote to memory of 2232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1004 wrote to memory of 2232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1004 wrote to memory of 2232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1004 wrote to memory of 2232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1004 wrote to memory of 2232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1004 wrote to memory of 2232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1004 wrote to memory of 2232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1004 wrote to memory of 2232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1004 wrote to memory of 2232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1004 wrote to memory of 2232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1004 wrote to memory of 2232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1004 wrote to memory of 2232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1004 wrote to memory of 2232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1004 wrote to memory of 2232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1004 wrote to memory of 2232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1004 wrote to memory of 2232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1004 wrote to memory of 2232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1004 wrote to memory of 2232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1004 wrote to memory of 2232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1004 wrote to memory of 2232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1004 wrote to memory of 2232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1004 wrote to memory of 2232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1004 wrote to memory of 2232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1004 wrote to memory of 2232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1004 wrote to memory of 2232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1004 wrote to memory of 2232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1004 wrote to memory of 2232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1004 wrote to memory of 2232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1004 wrote to memory of 2232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1004 wrote to memory of 2232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1004 wrote to memory of 2232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1004 wrote to memory of 2232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1004 wrote to memory of 2232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1004 wrote to memory of 2232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1004 wrote to memory of 1344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1004 wrote to memory of 1344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1004 wrote to memory of 1032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1004 wrote to memory of 1032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1004 wrote to memory of 1032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1004 wrote to memory of 1032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1004 wrote to memory of 1032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1004 wrote to memory of 1032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1004 wrote to memory of 1032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1004 wrote to memory of 1032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1004 wrote to memory of 1032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1004 wrote to memory of 1032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1004 wrote to memory of 1032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1004 wrote to memory of 1032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1004 wrote to memory of 1032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1004 wrote to memory of 1032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1004 wrote to memory of 1032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1004 wrote to memory of 1032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1004 wrote to memory of 1032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1004 wrote to memory of 1032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1004 wrote to memory of 1032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1004 wrote to memory of 1032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2f6ab08e78a8ea7ba734380a66760cb5_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe6b1346f8,0x7ffe6b134708,0x7ffe6b134718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,10207282688347780848,17638462885759709178,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2032 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2200,10207282688347780848,17638462885759709178,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2200,10207282688347780848,17638462885759709178,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2980 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,10207282688347780848,17638462885759709178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,10207282688347780848,17638462885759709178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,10207282688347780848,17638462885759709178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,10207282688347780848,17638462885759709178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,10207282688347780848,17638462885759709178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,10207282688347780848,17638462885759709178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,10207282688347780848,17638462885759709178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,10207282688347780848,17638462885759709178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,10207282688347780848,17638462885759709178,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,10207282688347780848,17638462885759709178,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6528 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,10207282688347780848,17638462885759709178,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6528 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,10207282688347780848,17638462885759709178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4140 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,10207282688347780848,17638462885759709178,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6556 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,10207282688347780848,17638462885759709178,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5240 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 nusacode.googlecode.com udp
US 8.8.8.8:53 javascript-share.googlecode.com udp
US 8.8.8.8:53 drooid-today-script.googlecode.com udp
US 8.8.8.8:53 domassistant.googlecode.com udp
US 8.8.8.8:53 bdv.bidvertiser.com udp
US 8.8.8.8:53 www.blogger.com udp
GB 142.250.200.9:443 www.blogger.com tcp
GB 142.250.200.9:443 www.blogger.com tcp
IE 172.253.116.82:80 domassistant.googlecode.com tcp
IE 172.253.116.82:80 domassistant.googlecode.com tcp
IE 172.253.116.82:80 domassistant.googlecode.com tcp
IE 172.253.116.82:80 domassistant.googlecode.com tcp
IE 172.253.116.82:80 domassistant.googlecode.com tcp
IE 172.253.116.82:80 domassistant.googlecode.com tcp
IE 172.253.116.82:80 domassistant.googlecode.com tcp
US 54.241.51.109:80 bdv.bidvertiser.com tcp
GB 142.250.200.9:443 www.blogger.com udp
IE 172.253.116.82:80 domassistant.googlecode.com tcp
US 8.8.8.8:53 www.linkwithin.com udp
SG 118.139.179.30:80 www.linkwithin.com tcp
IE 172.253.116.82:80 domassistant.googlecode.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:80 www.google.com tcp
IE 172.253.116.82:80 domassistant.googlecode.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 73.242.123.52.in-addr.arpa udp
US 8.8.8.8:53 9.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 82.116.253.172.in-addr.arpa udp
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 109.51.241.54.in-addr.arpa udp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 4.178.250.142.in-addr.arpa udp
IE 172.253.116.82:80 domassistant.googlecode.com tcp
US 8.8.8.8:53 xslt.alexa.com udp
IE 172.253.116.82:80 domassistant.googlecode.com tcp
US 8.8.8.8:53 apis.google.com udp
GB 216.58.201.110:443 apis.google.com tcp
IE 172.253.116.82:80 domassistant.googlecode.com tcp
US 8.8.8.8:53 img1.blogblog.com udp
GB 142.250.200.9:443 img1.blogblog.com tcp
US 8.8.8.8:53 lh6.googleusercontent.com udp
GB 142.250.200.33:443 lh6.googleusercontent.com tcp
US 8.8.8.8:53 bdv.bidvertiser.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 www.facebook.com udp
US 54.241.51.109:445 bdv.bidvertiser.com tcp
GB 142.250.187.225:80 4.bp.blogspot.com tcp
GB 163.70.151.35:80 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 2.bp.blogspot.com udp
GB 142.250.187.225:80 2.bp.blogspot.com tcp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 images.dmca.com udp
GB 142.250.187.225:80 1.bp.blogspot.com tcp
US 8.8.8.8:53 www.blogtoplist.com udp
US 8.8.8.8:53 stats.topofblogs.com udp
US 8.8.8.8:53 i1259.photobucket.com udp
GB 142.250.187.225:80 1.bp.blogspot.com tcp
GB 142.250.187.225:80 1.bp.blogspot.com tcp
GB 142.250.187.225:80 1.bp.blogspot.com tcp
US 216.239.38.178:80 www.google-analytics.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
FR 18.244.28.15:80 i1259.photobucket.com tcp
GB 142.250.187.225:80 1.bp.blogspot.com tcp
GB 143.244.38.136:80 images.dmca.com tcp
FR 18.244.28.15:443 i1259.photobucket.com tcp
GB 142.250.187.225:80 1.bp.blogspot.com tcp
US 8.8.8.8:53 accounts.google.com udp
GB 142.250.187.225:80 1.bp.blogspot.com tcp
GB 142.250.187.225:80 1.bp.blogspot.com tcp
DE 159.69.42.212:80 stats.topofblogs.com tcp
IE 209.85.203.84:443 accounts.google.com tcp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 30.179.139.118.in-addr.arpa udp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 33.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 225.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 178.38.239.216.in-addr.arpa udp
US 8.8.8.8:53 15.28.244.18.in-addr.arpa udp
US 8.8.8.8:53 136.38.244.143.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 i50.tinypic.com udp
US 8.8.8.8:53 ssl.gstatic.com udp
US 8.8.8.8:53 s10.histats.com udp
GB 142.250.179.227:443 ssl.gstatic.com tcp
US 104.20.66.115:80 s10.histats.com tcp
GB 142.250.200.9:443 resources.blogblog.com udp
GB 216.58.201.110:443 apis.google.com udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 s4.histats.com udp
US 8.8.8.8:53 world.popadscdn.net udp
CA 149.56.240.130:443 s4.histats.com tcp
NL 190.2.139.23:80 world.popadscdn.net tcp
US 104.20.66.115:443 s10.histats.com tcp
US 8.8.8.8:53 212.42.69.159.in-addr.arpa udp
US 8.8.8.8:53 84.203.85.209.in-addr.arpa udp
US 8.8.8.8:53 50.201.222.52.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 23.139.2.190.in-addr.arpa udp
US 8.8.8.8:53 115.66.20.104.in-addr.arpa udp
US 8.8.8.8:53 130.240.56.149.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 statinside.com udp
US 8.8.8.8:53 apps.identrust.com udp
US 104.21.57.149:443 statinside.com tcp
US 2.18.190.80:80 apps.identrust.com tcp
US 2.18.190.80:80 apps.identrust.com tcp
US 104.21.57.149:443 statinside.com tcp
US 8.8.8.8:53 149.57.21.104.in-addr.arpa udp
US 8.8.8.8:53 80.190.18.2.in-addr.arpa udp
BE 88.221.83.217:443 www.bing.com tcp
US 8.8.8.8:53 217.83.221.88.in-addr.arpa udp
US 54.241.51.109:139 bdv.bidvertiser.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 e.dtscout.com udp
DE 141.101.120.11:445 e.dtscout.com tcp
DE 141.101.120.10:445 e.dtscout.com tcp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 e.dtscout.com udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 31.121.18.2.in-addr.arpa udp
GB 142.250.200.9:443 resources.blogblog.com udp
GB 142.250.200.9:80 resources.blogblog.com tcp
IE 209.85.203.84:443 accounts.google.com udp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4158365912175436289496136e7912c2
SHA1 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59
SHA256 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1
SHA512 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

\??\pipe\LOCAL\crashpad_1004_OYQNXEKZDSROCAAI

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ce4c898f8fc7601e2fbc252fdadb5115
SHA1 01bf06badc5da353e539c7c07527d30dccc55a91
SHA256 bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa
SHA512 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 adecd1da331b909949d7998ea38c2f48
SHA1 24cef4d3a66d202e819b8b8b710b4b89d2107624
SHA256 79bbb31500d0ec7532ddf47f1e50e5f7a6b0a749c38b91a74abbf1df19196a1a
SHA512 ede2e033f2b20d66d18dc8cad044d4d095f5dc10780eaac4e0beaa2923ae4521ece351d781b9f0ae44b43145751473d90817322b9ccaffa1adadb6de6aec4197

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 9ab370b6824cb2b994af2cddc57e7502
SHA1 526a17d1344f259e29a73d9e7fb21714c3b1596a
SHA256 4b7d6e6d1e88418b385aa4249f1b32db8bfcc727a937658ef02103b9a7830165
SHA512 7369d56bf6b62f8586ffc23f4f7b939b86a853d570ed86c8744e2edfb5e106768911e178c49c740b1838060f1f0381fe56f8d7a234bc8c16061fee499a4524ae

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 909cc93f1818aad1cde3a7ef3ded4c90
SHA1 7059a186f77941da2470280f2ded05c073fc137a
SHA256 e453e606549b147133a716ff6d729a16d21cb58a0ce17736260c746218715cb3
SHA512 dda95132a25c7d29e437eb3c8de856b95b2fa5a996f06b5e7c5cdceb62be9e6c06fdd8a5b4e6a3e7fc9735acfb8a3035952ef7dee63bd18c182c6379a3eb3664

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 f15776271ae240e7ea8245f50abc85b7
SHA1 4e9181f7d2844b563c4d4e93961464e57012af51
SHA256 5ed7d07472c64b0327527889e9439ecfc34adbe6afb55f2932632dc3ccff4b7f
SHA512 efc4d136840502a9f8ebd3762524c0f29eb463467764372f9805da790c284ee3a48498beef2d8b2b5e64eb0cdf836ce8d14eb12f2fa75c317f6c429c6e70f1ae

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5830cf.TMP

MD5 fa88534e115e61e7a1ad60f4af5c9b42
SHA1 7c4a15b80b3b16d62dcf1ae221d793fece1148c4
SHA256 18c421ad927f43a426c3f0e2a2d02d73c171e84e3024dd66b368545a4f11adca
SHA512 724771a1c51288a8adf46513b286fc1e4f0b53bb7a747bca2d706282512f1b0ec10ba13569a1af8fea092305804603902d8395fc4c8709ced44d403466052ed7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 549478d57da7c18473b0a5102f6e29f5
SHA1 f90ac3fe33d47d648a97c01ca627d6fb4a0dbdac
SHA256 7a4825c42b3bced098dbe1c08ab8108420190af59cb24a4ef8a107063165397d
SHA512 d9862ee2ac7cb60b5e97674332ccf84cdb120deac0f92b5e411ccac74567c85fbfcd3119c897340cd7e74b79cce03a8d7736850f138b0b2145fd051d2b2eacde

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 8068c45e622b93f87f90ef1f0e8c6a76
SHA1 5396aebc7a12a246c8f8f92210b23058a188233c
SHA256 55a51d220658dbc1d0f859e724079ac8f1437e5d23509a7b13827a7c95d392e9
SHA512 4cd24cf118d128554e3b3d8688e81bf780648ce3cc15427799bfdc183f29e626411ee82e7eb5944bd926df4886a5dfc0e43277f7703e0fa17947d818600122a3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 b4d10bdc5fad76b41f76e91636078d6d
SHA1 a361c8c1ddb3d8f681dd5c21c76b2227b3348df2
SHA256 81a571c5de9c8aac8188e51360a2aad8d77aca7389c7fabb644c00c8ad30e30d
SHA512 ad8c4a5b93f45c76c57499bccd8bb4a27d64b1de5510864260296b9a6f0f528e6b013bec96cdd68b55637c07cc2892e0a644eb82ca0ab0c35c14902ba1570230