Malware Analysis Report

2024-10-19 02:44

Sample ID 240825-2agsxaycnf
Target c1b5fae029275b311b627651c3c7f5a8_JaffaCakes118
SHA256 4920f8d211a77ef465be8b27a0209d47c4b5bcfb11c33aee781a41bb96b6bef9
Tags
socgholish discovery downloader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

4920f8d211a77ef465be8b27a0209d47c4b5bcfb11c33aee781a41bb96b6bef9

Threat Level: Known bad

The file c1b5fae029275b311b627651c3c7f5a8_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

socgholish discovery downloader

SocGholish

Browser Information Discovery

System Location Discovery: System Language Discovery

Modifies Internet Explorer settings

Suspicious use of SetWindowsHookEx

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-25 22:22

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-25 22:22

Reported

2024-08-25 22:25

Platform

win7-20240708-en

Max time kernel

143s

Max time network

144s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c1b5fae029275b311b627651c3c7f5a8_JaffaCakes118.html

Signatures

SocGholish

downloader socgholish

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{859DD461-6330-11EF-AAD0-E29800E22076} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430786428" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f04ab1753df7da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e337bacba951544a9a832c52e69bfb0000000000020000000000106600000001000020000000c1ac0e9574f0db44b0447273614209a29b805bad45cb62212d3f51f386515885000000000e8000000002000020000000dc93911bcc92c504cebbce8468177848008dcc98ad79e225cf020ada4d5c763f900000001de977907f8c407eb1c58f58708dde1845fe3d86e9db8e1d6917604c01cd070c61e35b7f7aeea2953f1ae42296a42072c43f1e921f66f88f7edad2e847d5386330861f3f492d81f5246a49554c8591ce738f056480c316b8b3cf4a7cab0676575e7b2c99423b05de88cf79679b858800d8ebfee836f51e1a747ce7864c8afdc74b58deb90d1a92205397ea7895c87ec640000000ddbd42ffa6c116b1f88357ae7b23ae7b5c20ede176d59842c35d2d6ded2872cd27f14ec0fbbfbecaea5ea8a3c9893c7e8cfc995fa282db863d3aede3b44b2186 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e337bacba951544a9a832c52e69bfb000000000002000000000010660000000100002000000062625801e6f2533a942be76a563ea6f376839d0e5ab02fa15f51e87ff4f2220d000000000e80000000020000200000004286bbf93adc7290efe969c29b90bf58022c81191cb3da2b8e5d65c9f705fa0220000000f35f78e366135e41367f6c4ced30eee969aa410bf6b8a87b35c42ae1fadbaa7d40000000cfd106c412d4c069f21a1b8faafbf0283807d07361f48638f4d6355e80ee5adaa4d4721de3a1e85dae34ee8f2729b0647027694db21b8f373b7c85c69c63e634 C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c1b5fae029275b311b627651c3c7f5a8_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2276 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 i100.photobucket.com udp
US 8.8.8.8:53 twitter.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 www.bestmaleblogs.com udp
US 8.8.8.8:53 img1.blogblog.com udp
US 8.8.8.8:53 cb.amazingcounters.com udp
US 8.8.8.8:53 jc.revolvermaps.com udp
US 8.8.8.8:53 st1.freeonlineusers.com udp
US 8.8.8.8:53 manifestgold.com udp
US 8.8.8.8:53 www.allamericanguys.com udp
US 8.8.8.8:53 www.tlavideo.com udp
US 8.8.8.8:53 www.turkxxxonline.com udp
FR 142.250.179.105:80 img1.blogblog.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.105:80 img1.blogblog.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
US 104.244.42.1:80 twitter.com tcp
FR 142.250.179.105:80 img1.blogblog.com tcp
US 104.244.42.1:80 twitter.com tcp
FR 142.250.179.105:80 img1.blogblog.com tcp
PL 18.244.102.32:80 i100.photobucket.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.105:80 img1.blogblog.com tcp
PL 18.244.102.32:80 i100.photobucket.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
DE 185.44.104.99:80 jc.revolvermaps.com tcp
DE 185.44.104.99:80 jc.revolvermaps.com tcp
US 199.182.184.141:80 www.tlavideo.com tcp
US 199.182.184.141:80 www.tlavideo.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
US 104.21.21.94:80 cb.amazingcounters.com tcp
US 104.21.21.94:80 cb.amazingcounters.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
US 172.67.211.101:80 www.bestmaleblogs.com tcp
US 172.67.211.101:80 www.bestmaleblogs.com tcp
US 104.26.9.237:80 www.allamericanguys.com tcp
US 104.26.9.237:80 www.allamericanguys.com tcp
FR 142.250.179.105:80 img1.blogblog.com tcp
FR 142.250.179.105:80 img1.blogblog.com tcp
US 45.56.92.145:80 manifestgold.com tcp
US 45.56.92.145:80 manifestgold.com tcp
US 172.67.151.175:80 www.turkxxxonline.com tcp
US 172.67.151.175:80 www.turkxxxonline.com tcp
US 8.8.8.8:53 st1.freeonlineusers.com udp
US 172.67.151.175:443 www.turkxxxonline.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
US 8.8.8.8:53 c.pki.goog udp
FR 216.58.214.163:80 c.pki.goog tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
US 104.26.9.237:443 www.allamericanguys.com tcp
FR 142.250.179.105:443 img1.blogblog.com tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
US 8.8.8.8:53 o.pki.goog udp
FR 216.58.214.163:80 o.pki.goog tcp
PL 18.244.102.32:80 i100.photobucket.com tcp
PL 18.244.102.32:80 i100.photobucket.com tcp
PL 18.244.102.32:80 i100.photobucket.com tcp
FR 142.250.179.105:443 img1.blogblog.com tcp
PL 18.244.102.32:443 i100.photobucket.com tcp
PL 18.244.102.32:443 i100.photobucket.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 ssl.gstatic.com udp
PL 18.244.102.32:443 i100.photobucket.com tcp
PL 18.244.102.32:443 i100.photobucket.com tcp
FR 142.250.179.105:443 img1.blogblog.com tcp
FR 142.250.179.105:443 img1.blogblog.com tcp
IE 74.125.193.84:443 accounts.google.com tcp
IE 74.125.193.84:443 accounts.google.com tcp
FR 142.250.179.68:443 www.google.com tcp
FR 142.250.179.68:443 www.google.com tcp
PL 18.244.102.32:443 i100.photobucket.com tcp
US 8.8.8.8:53 www.gaydemon.com udp
US 104.26.4.171:443 www.gaydemon.com tcp
US 104.26.4.171:443 www.gaydemon.com tcp
US 104.244.42.1:443 twitter.com tcp
FR 142.250.179.105:443 img1.blogblog.com tcp
US 8.8.8.8:53 resources.blogblog.com udp
FR 142.250.179.105:443 resources.blogblog.com tcp
FR 142.250.179.105:443 resources.blogblog.com tcp
US 104.244.42.1:443 twitter.com tcp
US 8.8.8.8:53 themes.googleusercontent.com udp
FR 142.250.178.129:443 themes.googleusercontent.com tcp
FR 142.250.178.129:443 themes.googleusercontent.com tcp
FR 216.58.214.163:80 www.gstatic.com tcp
FR 216.58.214.163:80 www.gstatic.com tcp
FR 216.58.214.163:80 www.gstatic.com tcp
US 104.244.42.1:443 twitter.com tcp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
US 8.8.8.8:53 apis.google.com udp
FR 142.250.178.142:443 apis.google.com tcp
FR 142.250.201.170:443 ogads-pa.googleapis.com tcp
FR 142.250.178.142:443 apis.google.com tcp
US 199.182.184.141:80 www.tlavideo.com tcp
US 199.182.184.141:80 www.tlavideo.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 104.244.42.1:443 twitter.com tcp
FR 142.250.179.68:80 www.google.com tcp
PL 18.244.102.32:80 i100.photobucket.com tcp
PL 18.244.102.32:80 i100.photobucket.com tcp
PL 18.244.102.32:80 i100.photobucket.com tcp
PL 18.244.102.32:80 i100.photobucket.com tcp
PL 18.244.102.32:443 i100.photobucket.com tcp
PL 18.244.102.32:443 i100.photobucket.com tcp
PL 18.244.102.32:443 i100.photobucket.com tcp
PL 18.244.102.32:443 i100.photobucket.com tcp
PL 18.244.102.32:443 i100.photobucket.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 jf.revolvermaps.com udp
DE 185.44.104.99:80 jf.revolvermaps.com tcp
DE 185.44.104.99:80 jf.revolvermaps.com tcp
DE 157.240.27.35:80 www.facebook.com tcp
DE 157.240.27.35:80 www.facebook.com tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 92.123.142.59:80 crl.microsoft.com tcp
US 8.8.8.8:53 rf.revolvermaps.com udp
DE 157.240.27.35:443 www.facebook.com tcp
DE 185.44.104.99:80 rf.revolvermaps.com tcp
DE 185.44.104.99:80 rf.revolvermaps.com tcp
US 8.8.8.8:53 widgets.clearspring.com udp
PL 18.244.102.32:80 i100.photobucket.com tcp
PL 18.244.102.32:80 i100.photobucket.com tcp
PL 18.244.102.32:443 i100.photobucket.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
DE 157.240.27.27:443 static.xx.fbcdn.net tcp
DE 157.240.27.27:443 static.xx.fbcdn.net tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab7B0.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar1C2D.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 982770087722db667402fe53a86c215a
SHA1 7f154c69b53629256ee2595a8c050de4d8ae5a1f
SHA256 bfcf73fe69d33da13d0f9b95c339d0ab9c7c2eef0127ebf040b7722d50f7430a
SHA512 9e83a52273c7522f54de66971e98e88f5bc7239d435a11a902836d95d81ecbc903259525d321fedabb97375a1254a90fb9446bf8f543a3a5dbb18bc9deac08c7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e7362c915a959dc4a5c0af80b3d40b34
SHA1 ec061a8275abe4764065c49ac056cb10172b1dc7
SHA256 a285cc8f6b2ce7418937e7c9b6bc507cfb1560d7cc7d960ee3b3ce91451c44d2
SHA512 5df70f087b95fdb9cc597a54ecd0cfc0c24bab354c31553bdacae736feaeaeb17cf08667d973097b72554279dc302a228f922f7a7c1ff35c77d2b897a1a17b31

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b00d9e7ad53cfa444f20837b178494bf
SHA1 9c29acba7d51bd21659ef1ec9eafb261e86ad5ca
SHA256 8b4f292003a4feb27472b71762ae78a0c71589bc076108a2d3d0110d6a64b3be
SHA512 4ef6b3694190ad08d4e793ad779eb9c7d74a178f994f0afe621a0348992352dcf84600dd815a14811f1f24e1505d7dbb61165a363c37c64f3a1aa6e2012462b9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 99546f987a6f99a8412efc9aa29ed474
SHA1 136e6a20d97633bf81624928b12c4f47db412247
SHA256 fabf69a170534303719da2a2ea3274ecb7d6c718c604aeed1e6adbcbe4924d33
SHA512 d288c29092d95216a0e2942c353ac36ee0f2b6f1af86dda2bad5b40943b7fb6953497465d183d6535c7cded9a2761b7cfe53549960a1d04863e3c6712a7e8e12

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 21e42a6d8aa254e21f0b375d102ca194
SHA1 f634baf912fded2071ba72a25a221ddd37fa895b
SHA256 f49f25bd68737b3b0ad64f47ae99c9de22243b03a47ecb0af75483d02b7d4443
SHA512 bbf4826bad7241c18f9c3b6a7d90bf2b5fd624e6c90c3403edbb304acf45a4b1ca437a6f4ebe2d07f0d94cf745ca25fc7f696abec531e93210d34c2e89647495

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a5c222247eb3e0103ce17cae710322ae
SHA1 a9c9dc3c04c7a5151774627b27dab18f5641f36a
SHA256 aac356fe894c32362c50203b59e295a846ff43b86c33b52831a8fc45b482e394
SHA512 6a6c757a59e5b6c458aca29173ae0799fc551f6ab0422cb86675970287cd60be8bf43190790b4daee2aafb5a3eae67453013a15fbb9f190b028b51933eb25f48

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 7b23ec5ad8b562931b42963cefd9f81c
SHA1 39ecf4a812cc4901eb1d4e15bac6cd63e02c58af
SHA256 ffa10bc4fbc7f87ce0442e65c9860178044a4caf5e9312361edf58d17a5d4aaf
SHA512 ad7594a4e42a262b2e73352b5286598af0e7a97219e10f0ba1b939c0b9ff35bf702a1175f3b4957bf01dc7c544a84f2918a4957a2141e563c9cce1e737a5aa45

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 fc6d7c3d37c1f6936c4ab809a6cbea90
SHA1 672d56703b86ffb1fbb8e0f247cec3c89cfc065f
SHA256 1387dbed37670383a79608240a612b5a9b4ce0322c91826be48101cf40f7b87b
SHA512 c01cc9763090e85e24f69d43110d5a8ab19a36b36f09e6cf6974feedcfc79b693a97302e4c0696d770ced98dc4392a561273823c90bbf8df06e717a3ca1167b5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4631e973250c1f8b5c52895ce31df43d
SHA1 1882adb244c49557c936fa19703be02bf322b520
SHA256 8b481cd2ddff8df3bf0c5f8373a3546b99a70b8fb1eb7483539395ab4a720bfa
SHA512 694c0391edb7517e3dbf6ba96d2053846a69c7b9ed934e06fe5eb13392b34d817f89aba294baffec931f56efdeb1c65491833717517a0d9ffda79d5018adc85a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c561678d87b0f34e132cb5f51b5d02c4
SHA1 40ea3e2355c086214ae5dde24d97ef26b2398655
SHA256 a44ea58dd54c0f711732ef92a24e063bc09d23aef6867d2bb7c959a522131448
SHA512 387450a70a4fd99d6adc15d75a92ce9af3e6aacd12b5fce6d0265bfbbf96b6573cac6e30ff0027b6d8f1c54438560b739854e9528f450e474173e117c9a5bcd1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1a76d7e5dc09f35be4b3ea3abe6bfdb4
SHA1 4aae987d6fcb98e59841d01da85122931dfa972d
SHA256 ad847f308877b832a42066d20d88764ded8ecd9209e7f30c783e93efdcd7d727
SHA512 4bcffce4bf03db12817c358f6f2cd4d81596133eeea42ec21b1c6782cc4fbd05edde18c2a4d973b7f5389dd552d7d75fe996cbd52f8201a3463cfcae9a6697f6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0c8b1299e6549f7e11232ec70790322d
SHA1 92b360a3505960f816341f8ea095b821fd6a9950
SHA256 73afe12342e86a27e537e5747837354a275f21e25d367daeaf65059109320681
SHA512 c0ae485495fb6e098dc7283ddaaf8b6a77e701ac01795c3deb12b1431d319baa8d057440d4f894d4992ef19850a6b992d7a7304d8f49247a9539c4b64f404962

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b87a3f7e706b9f392851d547bb0b1e13
SHA1 197f1c55956c8885b6e67253ba9dc37c951cebc9
SHA256 07b9e9bf5252993086bc16d0d8db286b02162d1ce7fc6aa035596311be3d0f69
SHA512 e85a4721dc76d713a386501e016ce439f9e35b0f1f974907b39e5de4543fe9da07e05955c6bca2f19588afeb0fd14e11c90a3f3d0a6936dc891f0676f104da8a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 215b7dab397b7f6eba20ae00c9634986
SHA1 6d39f7d46b4078c615439ce60373588544c2a19e
SHA256 bb7cfa555ce3043e3962aa869d94779cb5164fa57bc68249531f84f76956cde1
SHA512 066edaa7502250ef73a032110bb05d2fb81670a521edcde4a4c416265e41a1bcacae7ff87ba8b3ef6af4e057d404c2daf57ed930ef2a6b7526831f2b128a42a4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3b8084359aaf68ac56df8936662c793e
SHA1 3a4c273f4210e477f29df59e0e181f26d8d7c82c
SHA256 8173a0ffc773c97f276b6505f552ef40b0fe0d698f524f7e69c3f51210ef555b
SHA512 bd4c832513ecdb1804abb1d9e0caa436eafad346622b8758996e13466993c8c6be9ab38b39bfe4ff560cc7d812c8b1a9898f752189e2ef7aefdfaaf156de6a07

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c7aa33a2c149ec2d4ba934fa4f5faaf8
SHA1 65f170510473f09f2e222c402baeef4ae4aa2112
SHA256 6e1ad4b0f286afcd0ef87e176805eefad7f41cbe5c993d65afe5ac1379d52bad
SHA512 071f40081089b1bae989e85bbe3316a9c0281b3ba302c70a05338621b1c3259655512d3f282b94d8f5b8ce6035e3eb9c33411cefe8ce1926eaf03c23df4ade75

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a754f0012d9abd03eb2de1808fe46f66
SHA1 c6be8de65a10f728bf969549755cc6c832c25d0f
SHA256 5330e2a572947a451935508d797a1d223cfbaef4b277eac766117265fc34f9ba
SHA512 445cfd080d02f1cf65b7a84825aa4fc6b9b849e9a9e2d8dde0dbffb7a1b980b6c1d61e290e796c9911220d934ada38194f67c386d306ae863f43e356cb21c750

Analysis: behavioral2

Detonation Overview

Submitted

2024-08-25 22:22

Reported

2024-08-25 22:25

Platform

win10v2004-20240802-en

Max time kernel

145s

Max time network

149s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c1b5fae029275b311b627651c3c7f5a8_JaffaCakes118.html

Signatures

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3364 wrote to memory of 2792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3364 wrote to memory of 2792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3364 wrote to memory of 940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3364 wrote to memory of 940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3364 wrote to memory of 940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3364 wrote to memory of 940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3364 wrote to memory of 940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3364 wrote to memory of 940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3364 wrote to memory of 940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3364 wrote to memory of 940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3364 wrote to memory of 940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3364 wrote to memory of 940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3364 wrote to memory of 940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3364 wrote to memory of 940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3364 wrote to memory of 940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3364 wrote to memory of 940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3364 wrote to memory of 940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3364 wrote to memory of 940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3364 wrote to memory of 940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3364 wrote to memory of 940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3364 wrote to memory of 940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3364 wrote to memory of 940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3364 wrote to memory of 940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3364 wrote to memory of 940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3364 wrote to memory of 940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3364 wrote to memory of 940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3364 wrote to memory of 940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3364 wrote to memory of 940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3364 wrote to memory of 940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3364 wrote to memory of 940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3364 wrote to memory of 940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3364 wrote to memory of 940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3364 wrote to memory of 940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3364 wrote to memory of 940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3364 wrote to memory of 940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3364 wrote to memory of 940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3364 wrote to memory of 940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3364 wrote to memory of 940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3364 wrote to memory of 940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3364 wrote to memory of 940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3364 wrote to memory of 940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3364 wrote to memory of 940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3364 wrote to memory of 508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3364 wrote to memory of 508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3364 wrote to memory of 212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3364 wrote to memory of 212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3364 wrote to memory of 212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3364 wrote to memory of 212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3364 wrote to memory of 212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3364 wrote to memory of 212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3364 wrote to memory of 212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3364 wrote to memory of 212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3364 wrote to memory of 212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3364 wrote to memory of 212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3364 wrote to memory of 212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3364 wrote to memory of 212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3364 wrote to memory of 212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3364 wrote to memory of 212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3364 wrote to memory of 212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3364 wrote to memory of 212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3364 wrote to memory of 212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3364 wrote to memory of 212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3364 wrote to memory of 212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3364 wrote to memory of 212 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c1b5fae029275b311b627651c3c7f5a8_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbd45c46f8,0x7ffbd45c4708,0x7ffbd45c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,8318392667060581209,8800738498367758163,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,8318392667060581209,8800738498367758163,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,8318392667060581209,8800738498367758163,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8318392667060581209,8800738498367758163,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8318392667060581209,8800738498367758163,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8318392667060581209,8800738498367758163,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4176 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8318392667060581209,8800738498367758163,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8318392667060581209,8800738498367758163,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8318392667060581209,8800738498367758163,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8318392667060581209,8800738498367758163,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,8318392667060581209,8800738498367758163,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6960 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,8318392667060581209,8800738498367758163,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6960 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8318392667060581209,8800738498367758163,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6460 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8318392667060581209,8800738498367758163,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6540 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8318392667060581209,8800738498367758163,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8318392667060581209,8800738498367758163,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6152 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,8318392667060581209,8800738498367758163,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6404 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 www.blogger.com udp
FR 142.250.179.105:80 www.blogger.com tcp
FR 142.250.179.105:80 www.blogger.com tcp
FR 142.250.179.105:80 www.blogger.com tcp
US 8.8.8.8:53 twitter.com udp
US 104.244.42.65:80 twitter.com tcp
US 104.244.42.65:443 twitter.com tcp
FR 142.250.179.105:443 www.blogger.com tcp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 69.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 105.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 x.com udp
US 104.244.42.65:443 x.com tcp
FR 142.250.179.105:443 www.blogger.com udp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 jc.revolvermaps.com udp
US 8.8.8.8:53 st1.freeonlineusers.com udp
US 8.8.8.8:53 i100.photobucket.com udp
DE 185.44.104.99:80 jc.revolvermaps.com tcp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
GB 216.137.44.112:80 i100.photobucket.com tcp
GB 216.137.44.112:80 i100.photobucket.com tcp
GB 216.137.44.112:80 i100.photobucket.com tcp
GB 216.137.44.112:80 i100.photobucket.com tcp
GB 216.137.44.112:80 i100.photobucket.com tcp
DE 185.44.104.99:80 jc.revolvermaps.com tcp
GB 216.137.44.112:80 i100.photobucket.com tcp
US 8.8.8.8:53 65.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 g.bing.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
US 8.8.8.8:53 www.google.com udp
FR 142.250.179.68:443 www.google.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.68:443 www.google.com tcp
US 8.8.8.8:53 68.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 97.179.250.142.in-addr.arpa udp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
IE 74.125.193.84:443 accounts.google.com tcp
IE 74.125.193.84:443 accounts.google.com tcp
US 150.171.28.10:443 g.bing.com tcp
US 8.8.8.8:53 112.44.137.216.in-addr.arpa udp
US 8.8.8.8:53 84.193.125.74.in-addr.arpa udp
US 8.8.8.8:53 99.104.44.185.in-addr.arpa udp
US 8.8.8.8:53 234.75.250.142.in-addr.arpa udp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
GB 216.137.44.112:443 i100.photobucket.com tcp
GB 216.137.44.112:443 i100.photobucket.com tcp
GB 216.137.44.112:443 i100.photobucket.com tcp
GB 216.137.44.112:443 i100.photobucket.com tcp
GB 216.137.44.112:443 i100.photobucket.com tcp
GB 216.137.44.112:443 i100.photobucket.com tcp
US 150.171.28.10:443 g.bing.com tcp
FR 142.250.179.68:443 www.google.com udp
US 8.8.8.8:53 resources.blogblog.com udp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 150.171.28.10:443 g.bing.com tcp
FR 142.250.179.105:443 resources.blogblog.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.68:80 www.google.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 rf.revolvermaps.com udp
GB 157.240.221.35:80 www.facebook.com tcp
DE 185.44.104.99:80 rf.revolvermaps.com tcp
US 8.8.8.8:53 174.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 30.179.139.118.in-addr.arpa udp
US 8.8.8.8:53 106.146.227.13.in-addr.arpa udp
US 8.8.8.8:53 131.178.250.142.in-addr.arpa udp
GB 157.240.221.35:80 www.facebook.com tcp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 35.221.240.157.in-addr.arpa udp
US 8.8.8.8:53 163.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 www.revolvermaps.com udp
FR 216.58.214.170:443 ogads-pa.googleapis.com tcp
FR 216.58.214.170:443 ogads-pa.googleapis.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
FR 142.250.75.238:443 play.google.com tcp
FR 216.58.214.170:443 ogads-pa.googleapis.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
DE 157.240.27.27:443 static.xx.fbcdn.net tcp
FR 142.250.75.238:443 play.google.com tcp
US 8.8.8.8:53 170.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 238.75.250.142.in-addr.arpa udp
US 8.8.8.8:53 27.27.240.157.in-addr.arpa udp
FR 142.250.178.142:443 apis.google.com tcp
FR 142.250.178.142:443 apis.google.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
US 8.8.8.8:53 img1.blogblog.com udp
US 8.8.8.8:53 www.bestmaleblogs.com udp
US 8.8.8.8:53 cb.amazingcounters.com udp
US 8.8.8.8:53 manifestgold.com udp
US 8.8.8.8:53 www.allamericanguys.com udp
US 8.8.8.8:53 www.tlavideo.com udp
US 8.8.8.8:53 www.turkxxxonline.com udp
US 199.182.184.141:80 www.tlavideo.com tcp
US 104.21.21.94:80 cb.amazingcounters.com tcp
FR 142.250.179.105:80 img1.blogblog.com tcp
US 104.21.33.238:80 www.turkxxxonline.com tcp
US 172.67.72.147:80 www.allamericanguys.com tcp
US 104.21.85.210:80 www.bestmaleblogs.com tcp
US 45.56.92.145:80 manifestgold.com tcp
FR 142.250.75.238:443 play.google.com udp
FR 142.250.179.105:80 img1.blogblog.com tcp
US 104.21.85.210:80 www.bestmaleblogs.com tcp
US 104.21.21.94:80 cb.amazingcounters.com tcp
US 45.56.92.145:80 manifestgold.com tcp
US 199.182.184.141:80 www.tlavideo.com tcp
US 172.67.72.147:80 www.allamericanguys.com tcp
US 104.21.33.238:80 www.turkxxxonline.com tcp
US 8.8.8.8:53 142.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.gaydemon.com udp
US 172.67.72.147:443 www.allamericanguys.com tcp
US 104.21.33.238:443 www.turkxxxonline.com tcp
US 172.67.70.244:443 www.gaydemon.com tcp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 8.8.8.8:53 210.85.21.104.in-addr.arpa udp
US 8.8.8.8:53 94.21.21.104.in-addr.arpa udp
US 8.8.8.8:53 147.72.67.172.in-addr.arpa udp
US 8.8.8.8:53 238.33.21.104.in-addr.arpa udp
US 8.8.8.8:53 145.92.56.45.in-addr.arpa udp
US 8.8.8.8:53 244.70.67.172.in-addr.arpa udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 8.8.8.8:53 jf.revolvermaps.com udp
DE 185.44.104.99:80 jf.revolvermaps.com tcp
DE 185.44.104.99:80 jf.revolvermaps.com tcp
DE 185.44.104.99:80 jf.revolvermaps.com tcp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 172.67.211.101:80 www.bestmaleblogs.com tcp
US 8.8.8.8:53 101.211.67.172.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 192.142.123.92.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 73.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4dd2754d1bea40445984d65abee82b21
SHA1 4b6a5658bae9a784a370a115fbb4a12e92bd3390
SHA256 183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d
SHA512 92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1

\??\pipe\LOCAL\crashpad_3364_XCREXUBNNHVBFANB

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ecf7ca53c80b5245e35839009d12f866
SHA1 a7af77cf31d410708ebd35a232a80bddfb0615bb
SHA256 882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687
SHA512 706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 34ba0640f46e02937a9ff0ef350baf9c
SHA1 17a1354830c4605a9fd482e2441dd3dfa7b84bcc
SHA256 5787465e70a789b7c042173deae619c9fef40bfc321d8bb969b690ce2b2ff701
SHA512 dacc00da41976ba5d080163e2045a38c9f04baad6345013f319070881180548da3c1c38684b68a986efad0ed47f040aaf133523f2586ce7633ad11359164d7ae

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 60efea35d92a79606991f684c7e44a2a
SHA1 9a0e3da02ef2224371789bbeae1902788f24cff6
SHA256 c6a1c1516e73267af4cf04ef45f26aeaf3204988a0f9ecd3df0b1f568e31011f
SHA512 fb2f2d41ccb80b26ec31b564c8c7fa762baa61e20bdfc4ff3ec4158e970be6b925fb0c00c8852d631617bb329d0dabc8d8e4c8e1796d950acab0388280b959e1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a30568bb-e243-4ac2-85a4-a46f08dcd476.tmp

MD5 d4c4b020a7c046068c2acc5981381537
SHA1 36fa310881cbe92120cf1bcd13f801a797e5bec4
SHA256 c46eb3c84e67528c994bbfe5cb0c8069e34508afd5a9e85d0d4106e81a967de3
SHA512 d9babafbe4570afdd484668f6559d3eb195cba285a26798997c418d083cb05e78a9f92b88579bd03a738507fa80b125cd85a2226e290ddf974a2660360d961f5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5f4b8b163170e1821ecc35369a6819d5
SHA1 5693d742899e6441d4325b15c0363885ec7cc24f
SHA256 f64b345fecaca64f9c9e05f87d711c6f2457d7bb21fb1bbb277bec530224b90e
SHA512 ff03dbf64fb9a2ebd0a1c6727e7a220ea54ef487e893462abd3404d42c593eb8612f5b2f25450c3dc23ef6ff843b5b8cce1c8071aad8390ee1934c2169a51384

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f898.TMP

MD5 2c1ac51bf9b887fc869a073bccda3b5d
SHA1 a09f5c2212790a87d6f2ede5416c71ff26b0ec8b
SHA256 b35a1d1fad760483c4e0d05499daa95ef29431e532ec47a5128ae7ef518161d0
SHA512 b14b88f1b6de89087f48d0e6df0a43b7ab4c7c2bbbb2fbb8fb00b00467924121c1967a9f44a14636fdef607508337511af13d9a7be49e02e3424ea8c3bfbcd3f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b4d4666bac9a328c2ecbd6fd0007cbfa
SHA1 50a2f94a465df87bb5dffb58700cf811c1b21d6e
SHA256 2102a1927cd67c0d62c853bed0b609561f04f62d27535f4b5a1b3f8a60f366c9
SHA512 1924c5d84d1041ca7fff620c525f92e3ed1c6226d4851b27d92c421d3ceb7a751cbdf5aa138da9c989fba63d4206d2476d808f5706dc8a8cc4b81025e36a9dcc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 0439530eb43ecac09dd3fe60cf1dc41e
SHA1 84642494e3b14bbc722720d57a9bc52ed6c1fce2
SHA256 aedc120bc7959a04bf3cff350ffe0c54b38d85ffd89f6c7785ad20241be11892
SHA512 c297b68a90c1c7f69d504805f546202e63dc2578b8dac7eefb11119ef0e913c3d75557e6c2a58ea354ece73fd925f8755a3a898ce65c3c9caa15ea1d08f50d65

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 37540ea8a7c41526973193803c59e4dd
SHA1 30acf39efbd411e9cecbc085b9122ed8151bd630
SHA256 a8ad0ad224b7ba50424704e623e99c9b44e625f6868c76b3de70871f66cb2017
SHA512 0cff21022892191da732aaae0534524bbc6d894d73c25910304ac45e894b87bfbcda7ea8d261d2b9e8af362d1b7bae54b26442ece9946a256e39f97a8dd491cb