Malware Analysis Report

2024-10-19 02:45

Sample ID 240825-zkvfmswark
Target c18c6cbf9979c49fdcfb681e4d928a21_JaffaCakes118
SHA256 91e7061ea0604d2a4f4158a807d81b06613a99e08e7c07ec70b80cb1efc48ac7
Tags
socgholish discovery downloader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

91e7061ea0604d2a4f4158a807d81b06613a99e08e7c07ec70b80cb1efc48ac7

Threat Level: Known bad

The file c18c6cbf9979c49fdcfb681e4d928a21_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

socgholish discovery downloader

SocGholish

System Location Discovery: System Language Discovery

Browser Information Discovery

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-25 20:47

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-25 20:47

Reported

2024-08-25 20:49

Platform

win7-20240708-en

Max time kernel

144s

Max time network

151s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c18c6cbf9979c49fdcfb681e4d928a21_JaffaCakes118.html

Signatures

SocGholish

downloader socgholish

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{31413951-6323-11EF-BCF9-7EBFE1D0DDB4} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430780695" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e337bacba951544a9a832c52e69bfb0000000000020000000000106600000001000020000000ed172aee875c78ffc1b013a35bd828588ed06e969b41f924d110401bfd271324000000000e8000000002000020000000fa3f3c1739f807a8142eb700e2db668f38cd68cdac1e6b8952d713539e0a8ba59000000071580207f961a0d784e8d1912c31772a36b83bf575e0abd46d1b87ff3cbe52efca701ac9bb5d63e8e86fb23c035600452c43c20685cebf3525139e94c7e0a2f29245b3bcceabb45523df9a81c28cc9b53ac336911414d967f2d1077d69c53945d3f4b118c68e6fe168afa819a54286e465699105a6629cb8e33b5072126a73be6046a93dec40fb7f2aee78c91edaa9ec40000000862e8860eaaa2a361ffb9ee34c329142f629e71d59f36e9a47517ac1c70fae5d45fa9da13fe5c12416356bef2d8280bca083b6d60d240f7a20bdea9c51777e53 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e337bacba951544a9a832c52e69bfb00000000000200000000001066000000010000200000003374b9a8d1c05feae15532f2014e732b276c31fe759b1f77d0e79bb1ab6b4e7d000000000e800000000200002000000026e709ad8b0716a102aec697e8fbe0047e6a2a4629eb1454d4feee8cee68be6920000000407cc7e84efd15a333894863b67bba56e951b125232750b108848bfade4a7f914000000065e5f4bc3106f79d9f4f9afdd61158a2edbfd33a1371b7397f2f19e36dcefbf10d4fbc101fe79efa0b3e9c34a656bc735cd5b44a4e7f0eeb659b0c876baa7078 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0a8710b30f7da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c18c6cbf9979c49fdcfb681e4d928a21_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2636 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 img.pousadasbrasil.tur.br udp
US 8.8.8.8:53 agregando.net udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 blogdobem.net udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 i49.tinypic.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 gosteibloguei.com.br udp
US 8.8.8.8:53 www.geralinks.com udp
US 8.8.8.8:53 vidavadia.com udp
US 8.8.8.8:53 www.eutesalvo.com udp
US 8.8.8.8:53 vadiandonanet.com udp
FR 142.250.179.97:80 3.bp.blogspot.com tcp
FR 142.250.179.97:80 3.bp.blogspot.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
FR 142.250.179.97:80 3.bp.blogspot.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
FR 142.250.179.105:443 www.blogger.com tcp
FR 142.250.179.105:443 www.blogger.com tcp
FR 142.250.179.105:443 www.blogger.com tcp
FR 142.250.179.105:443 www.blogger.com tcp
FR 142.250.179.97:80 3.bp.blogspot.com tcp
FR 142.250.179.105:443 www.blogger.com tcp
FR 142.250.179.97:80 3.bp.blogspot.com tcp
FR 142.250.179.105:443 www.blogger.com tcp
FR 142.250.179.97:80 3.bp.blogspot.com tcp
FR 142.250.178.142:443 apis.google.com tcp
FR 142.250.178.142:443 apis.google.com tcp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
US 104.21.58.245:80 www.geralinks.com tcp
US 104.21.58.245:80 www.geralinks.com tcp
US 172.67.174.14:80 www.eutesalvo.com tcp
US 172.67.174.14:80 www.eutesalvo.com tcp
US 104.21.234.48:80 vadiandonanet.com tcp
US 104.21.234.48:80 vadiandonanet.com tcp
US 208.91.197.132:80 vidavadia.com tcp
US 208.91.197.132:80 vidavadia.com tcp
US 104.21.234.48:443 vadiandonanet.com tcp
US 172.67.174.14:443 www.eutesalvo.com tcp
FR 142.250.179.105:443 www.blogger.com tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 142.250.179.105:443 www.blogger.com tcp
FR 142.250.179.105:443 www.blogger.com tcp
US 8.8.8.8:53 widgets.amung.us udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 bit.ly udp
GB 157.240.221.35:80 www.facebook.com tcp
US 104.22.75.171:80 widgets.amung.us tcp
GB 157.240.221.35:80 www.facebook.com tcp
US 104.22.75.171:80 widgets.amung.us tcp
US 67.199.248.11:80 bit.ly tcp
US 67.199.248.11:80 bit.ly tcp
US 8.8.8.8:53 accounts.google.com udp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
IE 74.125.193.84:443 accounts.google.com tcp
IE 74.125.193.84:443 accounts.google.com tcp
US 8.8.8.8:53 imagensparaseufacebook.com udp
US 8.8.8.8:53 www.google.com udp
FR 142.250.179.68:443 www.google.com tcp
FR 142.250.179.68:443 www.google.com tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 92.123.143.234:80 crl.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 d81867ef09904cd8bad14b045cf82c4a
SHA1 388916047e6f36c9fb5f4387c0ebb328cd435960
SHA256 a41810364a52aaac18388d4090844fcdf51f48b84d0653b9d4a6ecce767eceb0
SHA512 358a61f69b1318171ed298036a55e5ef39b9d8611c6927b36a303499488c1d146aa9c99e8f36d21c2082491dc3fa6b3d61106b8e09e5bc56ed9359953f8646a7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

MD5 e935bc5762068caf3e24a2683b1b8a88
SHA1 82b70eb774c0756837fe8d7acbfeec05ecbf5463
SHA256 a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d
SHA512 bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WHDSWW5V\platform_gapi.iframes.style.common[1].js

MD5 aada98a5b22ec7188655c2c17a083c57
SHA1 7c3c2fb8744e7412d8097e28f588788d91b9cd9b
SHA256 f2f09baa213dd3dd95edb5a30c7764e4a44d9a79c0831f90b1ad8ebedec9dab8
SHA512 a780aa3b9e36f61be8240487e75c19a96fe26d54abf9006680a00af9d1d394e81e517f0bbbc13edff3a7190679260ecd56fd5cdd7c2d2f416ab8982c3277b953

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6XUZ2JLF\cb=gapi[1].js

MD5 cb98a2420cd89f7b7b25807f75543061
SHA1 b9bc2a7430debbe52bce03aa3c7916bedfd12e44
SHA256 bea369fc5bdd5b9b473441583c46b9939232bf1f98c1cedf6bc2241c4f5068d4
SHA512 49ccede4596d1e5640a9c8e8be333f9c18812d58f02b2b15adb54172df1387439e9dc5afc4ccd9d8f0f75f092318bed68d3cd577338e88ef4f9373de8a07c44e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B3513D73A177A2707D910183759B389B_147AB4536A182B9FCE88E194D59F3B22

MD5 9567f5fa5f9ab437be782dd03c82992f
SHA1 1b43a7366e8048396ac77aab2f664b7f04e297f3
SHA256 9c3b0a98bf69d02ee9a23c48ba3ec79898db6bdfdb3ea2fa9df9ae582bbfeac7
SHA512 41865f00932057bb7d225735b1a2ed844ceda711f95dba8f630fbea78d9043ff09bbfb9614ac9cbdc2947ff8035cdeb13a9e04eb0960c54c8d1add8824a93e47

C:\Users\Admin\AppData\Local\Temp\Tar103B.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\Local\Temp\Cab1039.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b4593f41bcb708ee6da48b666ade9c66
SHA1 92ba1326019895892b1bd2c435a0d67f84fd86fc
SHA256 a5e28ae6daedc8dc9184ac839c6feeefaec211120c4c2453ed65481b5504b945
SHA512 d821e0e03e939fdc1c429de7e2fc32512e897b3c1431e1e30ae44a671d73cbee29733d0337c6eef554040e0332bb3141fd401e200c046f1a0135e21f16cce221

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f25a8545cc4c4b2566a0cfb54c1757f8
SHA1 f510d4b0014fdd8e6b28b27f2f97b8758aba27fd
SHA256 74d407fa24c99b6ea940bcba0e36e645f61506b42c5b8078badde1ec26938d1e
SHA512 792b07822a37ce1993a967ebea442d8f410d9a5212f338669da192f84a8dcb03ca7fc2196a505377bb34bc7a16ea0bd29e7cc2d8d67c5119982c2f7245dcdfc8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b9c252346eccdd875a1557511aa32ae5
SHA1 c460ecbf18116824413b90b6b2a6c7e8d7d8f61f
SHA256 4f6126d146a16b08399f3e2ab4e0bf2a75ea4f99c52025faa58968a28c087e91
SHA512 23fd1d792f2f451075ae8a886786299dd967b49f2834d4c1b55b2b9ccf208400c678b4fd634d33ee3817701781cf689bb06d5f5bf28ab67eccde42dad5e9ffab

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9e2f4b190ba2446c3f71da703b6f2e96
SHA1 798fb140660f4763d3df802648c84b3e7f9d65d1
SHA256 9d00540896d5b8229d9781d67cf8e2faec99c4fc3ef05a9f4ceca8ad0ab5ad47
SHA512 8b1a188c761c0fd65644c866d4beb2f0e44a418654d487b366801d6dc99a9e72d844b704e66584a12db8d6a15480fcaf2350a0bae7d3a0cd9449ad5d254ef3ae

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 973eb53724dd5334d86bdeb865787ecb
SHA1 4187cc3f16ab4e7c6c8de6649967f5961594969f
SHA256 dd716ee40247bdb97344f97457f9bd9188b440e5972f73e5f76cd204397fac9c
SHA512 b6bc2cea65f908ad8c212caf8b74234b0b4567816f3c8a782140874f215b5acfeb2ab6e7aa0b1d7c0159467a9a5fcdf416f79e033e2cd9bc8794398e0c5cd67e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 56363935cec8d5d85d9ffe9b59d621c2
SHA1 128d297d3fe10b5491e2d9af63ced452936767a1
SHA256 995fc4f9f71ae64b149e2567b5dbfc75d3a47135a60254e9ed00b4377b51b19f
SHA512 99cd3c7201b01271a82538a95f3530eba2cbabc3b37ffc0078523f86b88ad640b84a54a218db9105fdf8c0f6831f460e1a822ddeeff8ee24fec96ab1143ce8dd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 72d5e340d9128009094dfc48c835d457
SHA1 ed3dbc686a2d5f0a708a2ef031437c353fcea41a
SHA256 5f94d306b2757d77af7a22b052f3cdae17c76c7e0a40e04cfe73f6aac052e72b
SHA512 a5308a136f6e561ee24d39120c0248f7053e2534cffc788687f0a6b63ade01db18c7f9741210cd3dd41e5c63b0b11aaec557a69b9df857d45b20ff72fce7543a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 17c58bbad5109fe92778bf74a1684ca8
SHA1 43ff07a3fde8fec00cf15945309aac68daa77cb0
SHA256 ea646b55c88786945da59aed42b23c2e6eb699d40876a08f185ddc3c781a31a3
SHA512 007befad043523a1702b4c5c9da9d472c06237fe6c190b9d9a3bcb2f40f673c96cf68475e6a885defc3e49c6864e50344b574a7f4d0c00ad5967333e17551479

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 df79880fc0404ceed875c64207698f91
SHA1 d7b6e13446ade212ad20d120811133710b98332c
SHA256 d167a308933d66c6425ae25d114b8ba8c36ae0eb55f758ed127b2a4f3af32cb2
SHA512 a758da9ca5eb5657b3d3110fcf8f7c2f232c26b1eeb0c2f8a96318d655ee57a8f7b904568cd3f4b3fa3e8a28060f431414f9d834c8687335b4c569f386b875ad

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5730cff74a37ae79857fdac4d1c69c14
SHA1 07ed5fdad69602eab8fb11d0fe51b2a8cb6542af
SHA256 8bbcfa0f7812c420fd3f75deef26aa1d569b513e8ad00d3a82bbef3c279b6de9
SHA512 bf9e8e6e4db9c3722b8be2044a83a8e302cc30afddb834c8a955a1d1261a0310ea2f832fdf1775f8976bd693476404d73b9b7fa03f51da78d548e306d2b51eed

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 748ebf5b1dddde578fe27f9e020b141c
SHA1 2c5d0891feabbd8cac43a382e3f31bdb96b75277
SHA256 97db9b531dda6acc8337a3dd0f04dbaeca8e4b8f322e1d6b766df42c5376fe9a
SHA512 9b59198cb488db03a8fc227ed4cfbbb7d7889c5d5a44867f57ee4fffcff9356e2a58486c0b9572dfdefe69f5d953cb88b60fbc3bcc7bab46b8aeee680c313360

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c8963babd7494569ed91f2620b40c569
SHA1 a492d1f548342bdb2fc143c45c77a62103bf2a65
SHA256 4425a47ed2e4d3c44241b3c4d89fc2383bd349372520e528e7cd90735d365add
SHA512 155a7d43434b91c9079f41f39a7027ca54e92c209e65f8fbf4feea3efe3776067ad6d943efa3ed0f550550f5c9a300ef864200864df0761f4b8fa7241aed0bbc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c2405d10799483af70485c243973476d
SHA1 e1a8701bd6b84956b5317567edd1b0a1206eb267
SHA256 f3e32cdae6606565dc62432dfa80e68eec9c28585335853a08360064b434420c
SHA512 38ffe685dd0ce569bfd91b6efb41be109816987516313649814594af2cbbc0cf6994097f3061c1865cc12f8344ffd04c0262a4484cce4d3168f5dd8f52ff4ed5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 acd81779c61381fc379e56c1c5834386
SHA1 bf51e5ead3c4354d9fc4f0a1914c9e0eac3f9f4c
SHA256 7e26df97d444d2314c27a87d1b683e7bda5933f77d397e67449867595eaa6e41
SHA512 ac8751b9b6e88d78e826ba8941837e72249c7df4bcd9a73588ad48f0ee062389f9d8e623740be474d8382fd1d18b5b19d3de3f8fdc7eb3c913dd5d99ca7d2b9d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 7f6742062588b809de2fb2db9b8e5660
SHA1 ae1833e960a79fadab512cf72749f3c1546b3b03
SHA256 8ddcf0ce537b38d4fa0237eaad2bd5b398c7544d97d385d810c934172297ffc9
SHA512 4c816df324f4a76a9d70342e1b74b13523202b43a8bb422dc02b02bc8753870531e885f0fa3c7c0a4c16d6e322db91f81190248a8979667eda6e12eeab0b4997

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0e0faf4641e8813b35c7bfdcd4a280f1
SHA1 de4252e338ba51b4f1a991db97cc463802c85187
SHA256 13bab6704126539682eeec741f6a17032c07198e0f8803db5c7f6283f2a12afc
SHA512 97adff6a51c373e6001ef2bebcd133cb1e5c3abc28f0b8becf903047c8bb82dd798f98c0d900bec2bd0531ba910bd7a3435519e8d9fc6e9599c8b3ba94a0f906

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 070a6ba91266bf33145c82e35a93a5c2
SHA1 6c5662168c15e3aa14dc99ec054f8d2ee97822da
SHA256 f67bb6834c05438ce98f8188b822353f37ada09de200c15f2511d9666e0d50c0
SHA512 91e70c90745224c7ddb276a809cc45b766c0dec2ce6e9b07aa8989d3c217264edd192a57127db8ee03ad409dc5ecfa7ced56e7c6c9c04b525003910e14a9a347

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5a6032ad9b1ad39fe97ebb01714b9d62
SHA1 8ccada621020aafcd389bb8f5918edd8338a57f0
SHA256 a0cb008bf99a41fa6faf795b8837f0277e2fcf38e644fa8dde448c91b24d0ffe
SHA512 3d0f1b11a956e416dc8a24fafe5ed12742defe4de8141a812564888db2114aeffd76fa386ced9c47c6cd3971503d7733ec8be58539fa3f47bb270bc9feb215c8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e82b4fddf297ebca8523ac7c3ba7285b
SHA1 7cb54064bbfe7c9895bae6057816d7c8fd2c2299
SHA256 08df2e0e270425046d7c61c37cf74211a3d4108c7b18d5053dd5426a888e4826
SHA512 749582a4be271cff8593dada2bd0ca34e86f70331f59ac0c7086693b6f16cbeb204988a3849c722f0b847040cf81973c65c18624e242fc96558eee12e58d2608

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 df9f6550c72eed0056939250fba154f9
SHA1 5b7ae461c37357d568f206ff5be75909b310ad97
SHA256 e0d7df71a3e6019244c52064b3a51c501ccff8782e947aade5b7f110573e76bf
SHA512 44307e75035758fbc3cc722a97ef6a6120b3eb57be0f04646ad35f21f84d245a02ed55d4c173fba29f54958f1cf93a9832a43bc4bc705cd4dcc3a0a07e1d65fd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 721628c46fdfee2aa80c8658af36a416
SHA1 068efa56bc94a95db3cf126bd49475a97f59564a
SHA256 3e7f2922e64fe2bb99335f043a488c2a10eb0a700dfed46f1568914217a94444
SHA512 82cfb466632782193e6efc3377208a551032cd2404522a53a3a2c70ac0d0b4ab1fc46ae0ef58ce5b2930c36dc13b1049b9aed0c9443af0a69ae015e61578bbd1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 3072fea9043552c2c8e3105bca9f919d
SHA1 6c744f145c247e7aa88a878654b2fe7f62db969f
SHA256 4e47b37d5488a9351e2487fa21fa7785e7d0649c168d92e4d85937661e7fbc74
SHA512 3c3d1ddc8ccd1ad27fcc3e12d1a5236b9580e144cf4c382d3ceb38566559b3ce1816725a7aa39c1899ed417efce29c344e1ec28fc985b4a7a105f223cd92fe70

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1b62b8674a226a092a76885907dc2045
SHA1 ed3f0ffe9b68330f3a5c84788341e0db85aaae2c
SHA256 3cace41e74fd5b6d6bae6a26f816fcda8f3e344d541454f95b0720a58378823f
SHA512 202815e9b9c1a987cb4e4356674ff105496dc95797c5c359df69b85c076ff58e0b3c9833ecc98f237901b360a4b51e7b605adeed65c634d844d12f0732e786aa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c29ef8ed1b51d1d3bec8a90f4b5a20db
SHA1 15b2c48087c46d85cb8612fef4fd049fced810bd
SHA256 437bf486ef25c7a79083471a8a15ec4465e3de0c1477dbc670bfcd13aa3dcd3c
SHA512 02a751ec8bbdca38dff2de8e7c58d99dda9931a55cd68fcf0a49351f3cb4632d873bbd2fe9f31030687af146ccd15d3bb99748e9e875452d03be4fe078dd5439

Analysis: behavioral2

Detonation Overview

Submitted

2024-08-25 20:47

Reported

2024-08-25 20:49

Platform

win10v2004-20240802-en

Max time kernel

145s

Max time network

142s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c18c6cbf9979c49fdcfb681e4d928a21_JaffaCakes118.html

Signatures

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4864 wrote to memory of 1544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4864 wrote to memory of 1544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4864 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4864 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4864 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4864 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4864 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4864 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4864 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4864 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4864 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4864 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4864 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4864 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4864 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4864 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4864 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4864 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4864 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4864 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4864 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4864 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4864 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4864 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4864 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4864 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4864 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4864 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4864 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4864 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4864 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4864 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4864 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4864 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4864 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4864 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4864 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4864 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4864 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4864 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4864 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4864 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4864 wrote to memory of 2140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4864 wrote to memory of 2140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4864 wrote to memory of 2204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4864 wrote to memory of 2204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4864 wrote to memory of 2204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4864 wrote to memory of 2204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4864 wrote to memory of 2204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4864 wrote to memory of 2204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4864 wrote to memory of 2204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4864 wrote to memory of 2204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4864 wrote to memory of 2204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4864 wrote to memory of 2204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4864 wrote to memory of 2204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4864 wrote to memory of 2204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4864 wrote to memory of 2204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4864 wrote to memory of 2204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4864 wrote to memory of 2204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4864 wrote to memory of 2204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4864 wrote to memory of 2204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4864 wrote to memory of 2204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4864 wrote to memory of 2204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4864 wrote to memory of 2204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c18c6cbf9979c49fdcfb681e4d928a21_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9c78546f8,0x7ff9c7854708,0x7ff9c7854718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,13077965359580637699,2003719384710315459,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,13077965359580637699,2003719384710315459,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,13077965359580637699,2003719384710315459,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2636 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,13077965359580637699,2003719384710315459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,13077965359580637699,2003719384710315459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,13077965359580637699,2003719384710315459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4640 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,13077965359580637699,2003719384710315459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4900 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,13077965359580637699,2003719384710315459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,13077965359580637699,2003719384710315459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,13077965359580637699,2003719384710315459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,13077965359580637699,2003719384710315459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,13077965359580637699,2003719384710315459,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5160 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,13077965359580637699,2003719384710315459,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5160 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,13077965359580637699,2003719384710315459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,13077965359580637699,2003719384710315459,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,13077965359580637699,2003719384710315459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4036 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,13077965359580637699,2003719384710315459,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,13077965359580637699,2003719384710315459,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5124 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 resources.blogblog.com udp
FR 142.250.179.105:445 resources.blogblog.com tcp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 agregando.net udp
US 8.8.8.8:53 img.pousadasbrasil.tur.br udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
SG 118.139.179.30:80 www.linkwithin.com tcp
FR 142.250.178.142:443 apis.google.com tcp
FR 142.250.179.105:443 www.blogger.com tcp
FR 142.250.179.105:443 www.blogger.com tcp
FR 142.250.179.105:443 www.blogger.com tcp
FR 142.250.179.97:80 3.bp.blogspot.com tcp
FR 142.250.179.97:80 3.bp.blogspot.com tcp
FR 142.250.179.97:80 3.bp.blogspot.com tcp
FR 142.250.179.105:443 www.blogger.com tcp
FR 142.250.179.105:443 www.blogger.com tcp
FR 142.250.179.97:80 3.bp.blogspot.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 blogdobem.net udp
US 8.8.8.8:53 i49.tinypic.com udp
FR 142.250.179.105:443 www.blogger.com tcp
FR 142.250.178.142:443 apis.google.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 gosteibloguei.com.br udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 73.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 97.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 105.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.geralinks.com udp
FR 142.250.178.142:443 apis.google.com udp
US 8.8.8.8:53 vidavadia.com udp
US 172.67.166.126:80 www.geralinks.com tcp
US 8.8.8.8:53 www.eutesalvo.com udp
US 8.8.8.8:53 vadiandonanet.com udp
FR 142.250.179.105:443 www.blogger.com udp
US 104.21.80.39:80 www.eutesalvo.com tcp
US 104.21.234.49:80 vadiandonanet.com tcp
US 104.21.234.49:443 vadiandonanet.com tcp
US 104.21.80.39:443 www.eutesalvo.com tcp
US 8.8.8.8:53 widgets.amung.us udp
US 8.8.8.8:53 www.facebook.com udp
US 104.22.74.171:80 widgets.amung.us tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 bit.ly udp
GB 157.240.221.35:80 www.facebook.com tcp
US 8.8.8.8:53 t.dtscout.com udp
US 141.101.120.10:443 t.dtscout.com tcp
FR 142.250.179.105:139 www.blogger.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
FR 142.250.179.105:443 www.blogger.com udp
US 8.8.8.8:53 142.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 30.179.139.118.in-addr.arpa udp
US 8.8.8.8:53 39.80.21.104.in-addr.arpa udp
US 8.8.8.8:53 126.166.67.172.in-addr.arpa udp
US 8.8.8.8:53 171.74.22.104.in-addr.arpa udp
US 8.8.8.8:53 49.234.21.104.in-addr.arpa udp
US 8.8.8.8:53 35.221.240.157.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 10.120.101.141.in-addr.arpa udp
US 208.91.197.132:80 vidavadia.com tcp
US 208.91.197.132:80 vidavadia.com tcp
US 67.199.248.11:80 bit.ly tcp
IE 74.125.193.84:443 accounts.google.com tcp
US 8.8.8.8:53 imagensparaseufacebook.com udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
US 8.8.8.8:53 132.197.91.208.in-addr.arpa udp
US 8.8.8.8:53 11.248.199.67.in-addr.arpa udp
US 8.8.8.8:53 84.193.125.74.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
FR 142.250.179.68:443 www.google.com tcp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 68.179.250.142.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
FR 142.250.74.226:445 pagead2.googlesyndication.com tcp
FR 142.250.179.98:139 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 45.56.20.217.in-addr.arpa udp
US 8.8.8.8:53 www.blogblog.com udp
FR 142.250.179.105:445 www.blogblog.com tcp
US 8.8.8.8:53 www.blogblog.com udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 whos.amung.us udp
US 104.22.74.171:445 whos.amung.us tcp
US 104.22.75.171:445 whos.amung.us tcp
US 172.67.8.141:445 whos.amung.us tcp
US 8.8.8.8:53 whos.amung.us udp
US 8.8.8.8:53 putariacomputa.blogspot.com udp
FR 142.250.75.225:80 putariacomputa.blogspot.com tcp
US 8.8.8.8:53 225.75.250.142.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 150.171.27.10:443 g.bing.com tcp
US 150.171.27.10:443 g.bing.com tcp
US 150.171.27.10:443 g.bing.com tcp
US 150.171.27.10:443 g.bing.com tcp
US 150.171.27.10:443 g.bing.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0446fcdd21b016db1f468971fb82a488
SHA1 726b91562bb75f80981f381e3c69d7d832c87c9d
SHA256 62c5dc18b25e758f3508582a7c58bb46b734a774d97fc0e8a20614235caa8222
SHA512 1df7c085042266959f1fe0aedc5f6d40ceba485b54159f51f0c38f17bb250b79ea941b735e1b6faf219f23fe8ab65ac4557f545519d52d5416b89ad0f9047a31

\??\pipe\LOCAL\crashpad_4864_RSZRUSEJFIPFZVWS

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 9b008261dda31857d68792b46af6dd6d
SHA1 e82dc88e2d1da2df7cb19d79a0346b9bb90d52b3
SHA256 9ac598d4f8170f7e475d84103aead9e3c23d5f2d292741a7f56a17bde8b6f7da
SHA512 78853091403a06beeec4998e2e3a4342111895ffd485f7f7cd367741a4883f7a25864cba00a6c86f27dc0c9ce9d04f08011ecc40c8ae9383d33274739ac39f10

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 046c8203151031b22850d9bcd1548d7c
SHA1 42a3cbc6228e46d10e90ff59c1e7be34b72a05aa
SHA256 17d9ed4a464ae9fc0a7e13f24c46549f59701b3d176a7177e9b88062e27f4a1a
SHA512 f649062b8ec5aaaed3b8b3e070ae14489b3f33c64c9707e7b318277f019d6eaf5d80b28fb03970398946017db72a48d882050511cf128c1a89e49c9c3f49d6fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 75483fb92fbfa58fa2cadfd9db4251ff
SHA1 d70dbcb39b22dd1d7653076f649e035cfd9d1976
SHA256 e9062792a9a34faebc7ff8dbd690a4f352f2b007765824b25c0733a04e117053
SHA512 5cf93a084e8db9d06ef77696ecc7be32e3e012117e59fb96317d7b1ab263f18913160b4de6099736a86588c44e44790404e4db2ac39da0838692eee300091b4e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 bfb3ef5f2b388cb3a09b1fa3fd276186
SHA1 7ac45ebd1c2c736a5ebca036fcb4ca4662b48a06
SHA256 f264611d321e3a77e0958530227fb2b808cfb18d4fdd87a9a08243acffbff878
SHA512 cb6e99ed45b6eb22f9f3dfa34f90653aa7571fbd677d79f0d4a01c4e3b488ed697d80dc6b3c6af7856fa48151790c1bfeb84da616642f91af75889a5821378db

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 e79d6b7d74388d20f534ccfc754e7879
SHA1 5ea4aa6bb7b7fab310e569a1d9625d912aca6242
SHA256 152ae831fc7ec73307b0f0fb9aaf2e535e5a1dead57e4d019a3aef50360d827f
SHA512 144e380120df9e3187705aa53e2ad1ee2a9d5fdfd6635fbbe6d7064629cc687a495ead3831b29aae0495c2e3343d8db308e70e0ecd02c0345a673c12b8022cd8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 86d8e88fe91732705cc02e99e0a89b6e
SHA1 03ab0bd80e414959c6d879477ea5e9fe99eaa006
SHA256 b8d800fa75e53f8aeee2218fe2e68a742f0066d9a71509832ac46f51ee37ff38
SHA512 5fba3fe51487f3dc22f4dbe5226dee7aae24b5c908ff9312e8d6cca4734401b779f59659d3b0c3fdb406c95e5ad4587e573a723fe49d598fbf654e20972e2fb6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 75ad02ba3a51d5d6cb136c95b3f3ec29
SHA1 036f53d1bc42b82fff72106be2f779e14e50a520
SHA256 43062519242f21ae7e3ee2e399d6a3b35435146a43eff7ffd3df0acef7896f07
SHA512 d5b0684204f02c2573133ae7081c30d4683345e0392a843d16301c436bd800668bef338b5668f5ca1b9b24f88236fc4c9fc1668527d9d775cea70cbebf098f71