Malware Analysis Report

2024-10-19 02:45

Sample ID 240826-a2qrcawgqk
Target c1ef8d3a3411f47088833ea5348a8126_JaffaCakes118
SHA256 f8f37528de48d0f05aa8a8bf34dea7e8bc0eef0d56bd6e15d5a5b75b68c93c77
Tags
socgholish discovery downloader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

f8f37528de48d0f05aa8a8bf34dea7e8bc0eef0d56bd6e15d5a5b75b68c93c77

Threat Level: Known bad

The file c1ef8d3a3411f47088833ea5348a8126_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

socgholish discovery downloader

SocGholish

Browser Information Discovery

System Location Discovery: System Language Discovery

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-26 00:42

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-26 00:42

Reported

2024-08-26 00:45

Platform

win7-20240705-en

Max time kernel

144s

Max time network

147s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c1ef8d3a3411f47088833ea5348a8126_JaffaCakes118.html

Signatures

SocGholish

downloader socgholish

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000082ebb0b9d6f3f0458e93e15bd38f268f0000000002000000000010660000000100002000000091fc5c9521a75040944bc554f877942eef092a479e4f1be9c66a990db51727c5000000000e80000000020000200000007734e0b861558794ba5bd4492e6272d4dc1151c8909cd4faec7ccffd4d3c4f19900000006e51e405369ea9f1f7f16034921a952b2a4cd0bd7c6cc419c7ebbf5ea606fe7f4cc160bd1ece8199ddf55838c18d549cc035a4f7948d0638f4a2f6c615b8fec36d5f06d243c57f16a3664274327e271b31d618d5e08f92e2ee531f9dc59ccd024e884c17fd065c3218c84a4256d43f91c79ffebd94219bf54969b5c086befcd43e45a6aa621e92a81e0d3fb86fc6b20c4000000078d638bf5459213822cf5b364223f6e3053607d141045cc6bc07219b8046702d1d530ef39efee6fa842e04971c78b497b41b26e9df1783d2f89f7a163b169186 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000082ebb0b9d6f3f0458e93e15bd38f268f00000000020000000000106600000001000020000000774d68fc5e572137d2fb251b3e1e545a9c4c4ebe3cca66bc810f30ebe6c7be80000000000e8000000002000020000000d2b0d39ca3c7a2004227ad35ce8975920acc73aeb56ae4a7524d15483913f8ae200000002fe3ae2cf4283ea40229112e6527a4630c3230b0629f37223fc9bed7a0df6bad40000000e2234d27323d20686a33a54509eeeebe7e15a4f2e0c7a9773ee66fe918bd8fd70f86c711d41bda62dec8a649d8cba7cadbcf9cdfa4a07b2e42863e6cbb8bcfc4 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430794833" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1C271501-6344-11EF-AB78-F235D470040A} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60b21bf850f7da01 C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c1ef8d3a3411f47088833ea5348a8126_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2088 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 drooid-today-script.googlecode.com udp
US 8.8.8.8:53 nusacode.googlecode.com udp
US 8.8.8.8:53 bdv.bidvertiser.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 javascript-share.googlecode.com udp
US 8.8.8.8:53 domassistant.googlecode.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 lh6.googleusercontent.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 i1259.photobucket.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 images.dmca.com udp
US 8.8.8.8:53 xslt.alexa.com udp
US 8.8.8.8:53 www.blogtoplist.com udp
US 8.8.8.8:53 stats.topofblogs.com udp
FR 142.250.179.97:80 1.bp.blogspot.com tcp
FR 142.250.179.97:80 1.bp.blogspot.com tcp
IE 172.253.116.82:80 domassistant.googlecode.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 54.241.51.109:80 bdv.bidvertiser.com tcp
US 54.241.51.109:80 bdv.bidvertiser.com tcp
FR 142.250.179.105:443 resources.blogblog.com tcp
FR 142.250.179.105:443 resources.blogblog.com tcp
IE 172.253.116.82:80 domassistant.googlecode.com tcp
FR 142.250.179.68:80 www.google.com tcp
FR 142.250.179.68:80 www.google.com tcp
FR 142.250.179.105:80 resources.blogblog.com tcp
GB 79.127.237.132:80 images.dmca.com tcp
FR 142.250.179.105:443 resources.blogblog.com tcp
FR 142.250.179.97:80 1.bp.blogspot.com tcp
GB 79.127.237.132:80 images.dmca.com tcp
FR 142.250.179.105:443 resources.blogblog.com tcp
FR 142.250.179.105:443 resources.blogblog.com tcp
FR 142.250.179.97:80 1.bp.blogspot.com tcp
FR 142.250.179.97:80 1.bp.blogspot.com tcp
FR 142.250.179.97:80 1.bp.blogspot.com tcp
FR 142.250.179.105:443 resources.blogblog.com tcp
IE 172.253.116.82:80 domassistant.googlecode.com tcp
IE 172.253.116.82:80 domassistant.googlecode.com tcp
FR 142.250.178.129:443 lh6.googleusercontent.com tcp
FR 142.250.178.129:443 lh6.googleusercontent.com tcp
GB 216.137.44.17:80 i1259.photobucket.com tcp
GB 216.137.44.17:80 i1259.photobucket.com tcp
IE 172.253.116.82:80 domassistant.googlecode.com tcp
IE 172.253.116.82:80 domassistant.googlecode.com tcp
IE 172.253.116.82:80 domassistant.googlecode.com tcp
IE 172.253.116.82:80 domassistant.googlecode.com tcp
DE 159.69.42.212:80 stats.topofblogs.com tcp
DE 159.69.42.212:80 stats.topofblogs.com tcp
GB 216.137.44.17:443 i1259.photobucket.com tcp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 172.217.20.174:80 www.google-analytics.com tcp
FR 172.217.20.174:80 www.google-analytics.com tcp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.221.35:80 www.facebook.com tcp
GB 157.240.221.35:80 www.facebook.com tcp
GB 216.137.44.17:443 i1259.photobucket.com tcp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 ssl.gstatic.com udp
US 8.8.8.8:53 img846.imageshack.us udp
US 8.8.8.8:53 i50.tinypic.com udp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
FR 142.250.179.97:80 2.bp.blogspot.com tcp
FR 142.250.179.97:80 2.bp.blogspot.com tcp
FR 216.58.214.163:80 ssl.gstatic.com tcp
FR 216.58.214.163:80 ssl.gstatic.com tcp
US 38.99.77.16:80 img846.imageshack.us tcp
US 38.99.77.16:80 img846.imageshack.us tcp
US 8.8.8.8:53 accounts.google.com udp
IE 74.125.193.84:443 accounts.google.com tcp
IE 74.125.193.84:443 accounts.google.com tcp
FR 142.250.179.68:443 www.google.com tcp
US 8.8.8.8:53 s10.histats.com udp
US 172.66.132.114:80 s10.histats.com tcp
US 172.66.132.114:80 s10.histats.com tcp
US 8.8.8.8:53 s4.histats.com udp
US 8.8.8.8:53 world.popadscdn.net udp
CA 158.69.254.144:443 s4.histats.com tcp
CA 158.69.254.144:443 s4.histats.com tcp
NL 190.2.139.23:80 world.popadscdn.net tcp
NL 190.2.139.23:80 world.popadscdn.net tcp
US 8.8.8.8:53 www.blogtoplist.com udp
US 8.8.8.8:53 statinside.com udp
US 172.67.146.166:443 statinside.com tcp
US 172.67.146.166:443 statinside.com tcp
US 8.8.8.8:53 r11.o.lencr.org udp
GB 173.222.211.9:80 r11.o.lencr.org tcp
US 172.66.132.114:443 s10.histats.com tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 2.18.190.80:80 crl.microsoft.com tcp
CA 158.69.254.144:443 s4.histats.com tcp
CA 158.69.254.144:443 s4.histats.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 5a34b857b147c975851da46393be6b87
SHA1 6b6e48c1450543262d80c49894d2ef8b728f59a0
SHA256 37745fc74ebdcc328cafde7869fb01e760b95c0858e6944e540e9b4a113858fc
SHA512 c0f8a03721b13291293f0bb2bd6ad1934b7a499c557d74d297b561f48737041d41837f6a5b202cd0ef270af29c98d154c059c53f301b38b5f8dd0a5af04b470e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 e47e640c6d5cbbff8321f43d4c443f31
SHA1 7c5810c28e124142c82a1c29f7c36bd99ec8caef
SHA256 689fac305bdb68e718e7c7c0441f2655d558b35d04e1d78e18f3375ef9f39508
SHA512 dc438a75cf4a3993a24ff0816458d8b225ba53e584111fbaa3c8b73616f558468378abd3ca84acfa631bad2d99491005e24c750fa1d7bd72133ab86e52ff53c7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 36c28093e15de662f68d1625fa5b6d8e
SHA1 0f8ebfce30e800b697dd2f7f1fbfacb0c1569303
SHA256 0d0095b8f059db90c99cb23ab6dc6fe897ad7ed04f5e5cc8488971fe151fe89a
SHA512 cfa24a1f4b615cacf7d8782a51c4528967f5ec4c73f0d7a5d74620d5b42118e31321b862a178a090ef16a869a6b5c1dfbc3503cba8b16d1d0fcb4f4c1746c2c8

C:\Users\Admin\AppData\Local\Temp\CabBB55.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 4f17366137b8fd879db790a2714d55ea
SHA1 868d13810927a19a627724a50b72d8b1f149efe4
SHA256 e45a17834fb21a5b4aff5195b2953659454c027c1df785ad7848cdf75f2c8f68
SHA512 dbd7a3188c454583fe0e0c9a3f3c0f6d28f7a12e606e4a63bfbebd64b15c18220044649de8ae5afbcc455362ea71e3a204f4f0f1544a18bd6fde2e2060e63ab7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

MD5 e935bc5762068caf3e24a2683b1b8a88
SHA1 82b70eb774c0756837fe8d7acbfeec05ecbf5463
SHA256 a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d
SHA512 bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

C:\Users\Admin\AppData\Local\Temp\TarBB78.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2b5bcc550ad687e481b73deccd2276c1
SHA1 cb2824244b9b9908ad19d9d379b809a3c9d1cf93
SHA256 9d4e0f5d4da39cacbadc65f31c340c62d62531d0da93171011f2865a6d33cd13
SHA512 474fa707f8359bab777f0abe2086a6372fdbbc9ec9d5b99ad4d4970c9de2d6d1e3a791e42de295e91390c707fd7566e9bc9386bf647e72a86e826052063168cf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6ef898b77ba92df4158988b60e1558be
SHA1 e6b0b7be8224ed6bc032aba68328e27cf02a0e38
SHA256 4052d77263e2475d1243771e8e2128550ade5cd39255fb6b64203ea7bee90301
SHA512 e3e0e1588d55b9c100bafcb8b3a11a07d9e6ed82ca7af9035ea122d14e5900c3d5f95fdacce795a9c99f18981e9bc50a2c89d07ab4601513bc4eb4b6a677dbf6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3783d5b742e569d783b3877f61fb6818
SHA1 715c9e5b2ea6bd5bcbed90422f555a47c1821418
SHA256 068618fb9f8df42511d624845a0c68ba7648c5041576f35f75268955cd27e210
SHA512 559565160e55b61c2f94af8c2fac0f5c5ac86b2dcfd59516d549d630ad8c1d84bd78e0dc97a7f28395f4f3bbb2d7994df0207c14aaec23282b0559be379a9944

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cd78beb0cc9c0945fd74f286525d05b1
SHA1 21eb050078f5b3e06bde90d7d2d9fa15b3808129
SHA256 53aa577515dba5f92a2207cd345392e0b6b6141297208bd80395c5bc653bf736
SHA512 25546bf790dfade0f438a48afb46f042ca09873c42acbd3af2405ef92ea652a3e56833e44631035b2c8582c28765712fdee9515755dc22ff3c15f425ce00392b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a7d6025d11b8f0aadb6a77a252d296d2
SHA1 140364717e21f21998c4761420407a97f4132dab
SHA256 6d36ee771fd19310a2a74ec4c2458227132225ad4c6792f6643becf461686065
SHA512 744e1c7b8f262770b38b8408972a1007e5731040cee9d581c15daad5c3d80c5c576028d99835a1b9a9e9403ca82d1528ec4cceb4b6777bb6c0c020e9428cac73

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1f7df990c6305167c889e596fa24cb64
SHA1 fc4594081d0bfa01e262072a1e6ac1e3459b4bca
SHA256 ad1ab8d171c5cdd8a550b6c954df7ec3d8034d07e22ac27ed4434a447d42eb79
SHA512 6872d54f389ab2b24b78b69b3f476caf24c97adb761dfc19b062a04a0ae9f9e539b71844a4e3807db8a0c1a30314cb76b514c9b33286efd4c72a1985ef5a430b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2508ce0a656f5b728fc2b3ee9c47403a
SHA1 351e0433636cfdf30e8c770e7bcac193ce595c73
SHA256 c9670be5b7bcc539b3dd098e9934bd2650586e61da4220e4bbfdae5688e1534a
SHA512 0f296c05ee798b25175cdef77eea6abe284d6db5aa0c3e458ce6f8a88172099de6fa1779a6e905144651308d93e96abffe9fb023d74fecc8cc6f2184ced5b57c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 32e51dad50df4dc6b948a8668429ef1f
SHA1 691ab023d4687c707a63743721c971c18bd264d7
SHA256 0af12dd1d36174e22e7a3e8c5477ff12a1f4a17741fe36b6789e1b26dd7f0514
SHA512 03995089880ebb6af3ec123d98edeb4cc3414801acfe8cab7705705e71d4b707e0007309778b424001ce25a8ea03894d4a89bcb1320aef90898f3d46791fce86

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 77f4a4cc50820f04dcc89d4eb3c3f21b
SHA1 827f64454b694acf70686ba5ecf2f7772854b5be
SHA256 0c1fe27b693c3d961219ca14df32270612594d9c2b5eaa96e0b74c0c5332c14a
SHA512 5a9923cb56d9eec3ff01f73457365a61f45cdb6fbfdbe3f242867d41155436fcf0436558b4a704e80dbae1cc5fc74d4a84d0dacf2bab84eef48084e4cfc9ca91

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 748bbf6bc2b73ab9ae1038a8c158f32c
SHA1 ea425978f06f18cbbf71efdb6ece93550b951e17
SHA256 8b112258c601812afd38cf0d4b81ec53786cfeb13a40b4186fd26cba1d7cfefc
SHA512 0dbecd02571160b4aac4e4313554a6d3ab957ec81b72dc4e1e3d8ee4c990f8dd73c2dc311ade46800d25eb8be3bbeb271077be4d275e9ffaa1c1a6c95c36cec3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6db023fe69368148f13e8563ef172701
SHA1 04a2a20814409c3d4cae6606385d113803b681dd
SHA256 0cb731c7081c454028c9121147642424d2aed720781feb4b55ba914a914e4d88
SHA512 f32890606c0412f75f1796a9f1aa1b3378166d04d74019eafa88167968163f7e347a87e9cc285e1cbafd3c99fbe39462452682f1b8952077035b79c0ac954ea1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 410eca0c396c991bd3e8d4aed9d84480
SHA1 eefb08be4eeee064c4a9417569fe513d80584b6b
SHA256 88ad2110b59a73e177acb0fbc4f59426186ef1aebce446c3585b8473283b7d0b
SHA512 f9f24ba0d7d053f0611f38f52b33662df52663339495dcee7741a9f1489a8985ce1abb0235eb9a834a0283f424e36ea36cfdcfd3417db90783ef74225788af38

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3ff1df16c13ed57b3e454782a95a9fa1
SHA1 cae3871de14e1cca2f74d74248e8400cb74a62fb
SHA256 9d61978b1480c24c9af7076af3436514a6ec67f03bd4f2969f7a8175eab0b8e6
SHA512 83bbf0243c683b7e04aef4191af80412b0e391acfe1fbcc9fd84cd5b0606fe61b72729db40d48f83fd610d8af81fd8db91c04709f6be1548775d8a027bf7a0af

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2a9330cb90290b2d241f07e1abd9e640
SHA1 7af382ac262857687110c5d26c74fef553ab2317
SHA256 abf8eeb1043d25253c56b0ad160bf2386efc346fafd994013f49164509853445
SHA512 f97bf946d55a0144a9745b2db66f85808eb75ff5c312861351e9c8cece7053f49d503dfdcfbf8cea0ad26e0a938c18a99e6c6a6b912ff664587cead3c01aa2e3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d457def0f622bdec34d33cff56c4ec75
SHA1 aa30a1063faba222368ad1ddf7294aaf128b714e
SHA256 69d314c93a5cd3c7ba2a5cece6ae025beda18e86ab92e7fc2fdda51cd78d9f68
SHA512 c2ab09dbfaaf87c46415d9699d8ebe96e088abb75546419c8d0dda40e72e6f6eba8fe431cbf254e1e29164a1070ba05bc94bc3cdd35c60041ff618c55799d09f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dcd248b81be3d48aaf37244ed591cd1e
SHA1 f981e1490c65132b27c81b4f38d3f1346400afba
SHA256 bf0a03503c13ab7a36d592c61f4d856610efc371bfa620320c2ee84d4b1d3718
SHA512 9c9585b196de6b76160056fa5abf7766e0a49c440b7c2f88a9b3f9d03eaa6ac91e3bae930beae8988a48bcbf35303ef9f100b3a998a4a7fcc23b10207df12ee1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 f05b5ba5fe10831433460e1e2d75e7ae
SHA1 9d6cd717895615f4675394999e37b307070fbd56
SHA256 46f3a0be5cb3119e6b95d6807191ecd6d32b7e68aedbe64f44e44a5a911d93ae
SHA512 d56ba87d2ff658f5b35bebe7474adf044be291d64a8c598d98c9a329f260d4b2df51ae5aaf1dded2586b226ed1302bb435c00f1450bf362978ede8581b9575ce

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0ee64598591cbad6be97d3eef126c6da
SHA1 3ffd769d3fbd31362661f2939c1f859be2a0ad50
SHA256 f917137b673b1a21af5dc59abd8dd7623504fea43281259d6ff68dda6bbc8c55
SHA512 273688436ba795e6900b6a226e97e604f73b0bc3540445708819c850ff22544aeb4898dd015a880b3e361104728c85032da8130d365e086293a508389924fcc6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 50b52580bdb624716aec4974eedbc7fc
SHA1 55cd7e27d959414ff73bfc25fb5ad3a939d68a2f
SHA256 5c95addd6ddd7483ffa460bb08f5148bf6b1d89f07db89b7ef7910e353321864
SHA512 cd3c89952157654b7fff7ca5568f30bfd894efc32585caa47f17b4d715802fa1a54c15430bf2354550c7eee1ae180377ef3d0fdb38ed0ff2033f955ba5ed5bff

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d737ea6a14a2bcf773faf2f3e2fa4946
SHA1 80949e6197e6fbd0b050e430b209c57c3c6527f9
SHA256 7eeaaf72364f0c17f251b22fef8d8a1afcce2195d3fda7a628f5d964caee4c57
SHA512 1445907679cdc8f1f85e185740a10b36b379913424f376ee256040e40fd100610c7348bd222930675a0c0e4bc5f696fd71ce668272fcdb437e9784a9508e2e67

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 21ee0ebc54ada66f673e7242963784c2
SHA1 aae1275f7a9be0be500b96e9eb51a9ef3bc444aa
SHA256 bdd0679e9864551ff454797011ab7458b223eb55b8bb323c9741d17fcd2016e1
SHA512 b4c6239c7394650cb8876f3a57405a34ad073470be80753abb86122b0198da4cf7240a024d1126239b415f3ada4ada227ed4fc17f446b2c6208818f8c2376bf9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c3639c08a192966638941f1a1bd6bf0a
SHA1 ce92cde061ddb7b1c96b19517d0dc92c4193f87b
SHA256 086e5bb3b1c710b11d43a4d00f63f85492533ca5fa663248e75318b88f4bbfd7
SHA512 01d790ae6a8297186dabd1ab8bf4cc3eca1c551ca155b97cdc524add2d4d530c038a3685b0a649040db96322b8a56a933252658c749cd3e912f5d505541cd060

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 781aef07f2535fde2ab48402ae1398f7
SHA1 241b9e6c116e62e24a4d7cef7dcb882f48be7194
SHA256 b81d0b44d06f950595acb2f7feb4a6483fc4aa4a6b5daf9497c8fd2c065d7682
SHA512 05d4a596466dbb0b205825c03a81ae83ecc3ce2241657465494a8a2782ed089a8eb224e552dd4f9d6dc42b480b7aeb901f4e12baef76277b4b2a5894b7f86dc7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 de6cd4d651f1fd1bd6f985e89677d90b
SHA1 2a97d9229f2f66a566b086b64dfee2393e2e541e
SHA256 6febf03853d6b5f0986743a12691e6cf0e6b24f2a6e866cc43e7e83602e67474
SHA512 38b4fb612d1bd605ed6438cc13a8bd76cf01137bdfcb4bb71d8833fbf427d95585e88e36633a50781ec330faf23c1687e4360e31d196a23e87bafdb2d01e46ad

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 38d7e15168e83b58da681f0a15fff558
SHA1 dfde5e4dbb584e61e65db2c1e0375955465a65bd
SHA256 9e9d6e1347d1254089f409d0864ad3971167dd1e0c2013d35fea368135169596
SHA512 0f58ff2933e492dc75ba414cda23a8b1b1e18d9b4443572527ee47d42b03bb5e0d8bec35fe0fba0b6ec7be278c574b81f787992e697367a021cc5f1dc9bfe30a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0217fbf8df2426f008270659cb814d0e
SHA1 b57a081ecf2ab3a39d81c0d4b7f74e5a87a83fea
SHA256 0beb7b09140109b79f54adbe0aa8a2fc64baf5df43788fa30788e32a51aa1985
SHA512 f805396e6685babe7746c30c53de59c497c050d01d04340ee449970841cd5bcee1e0619a13c7070363cf96718bb58971baceab3caeda62b9a3ed33d5f1dad0df

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 54f4e1a082c3773a23adc63373054560
SHA1 49933495dfebd6ec6702775d7c036e1e3ee9a53d
SHA256 5a97e396d13166eaf6c871858b4a9dec9d6fec47e98da6758b841fab5d762b62
SHA512 d544600d5ce391956c2effe05eba87f7e3db16a74dd4e6753aee183079c0a5e3bb3e219711c813b9d27a0e76cc00ccdfc7d313e0f70618c2cfefe282e3899fab

Analysis: behavioral2

Detonation Overview

Submitted

2024-08-26 00:42

Reported

2024-08-26 00:45

Platform

win10v2004-20240802-en

Max time kernel

145s

Max time network

140s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c1ef8d3a3411f47088833ea5348a8126_JaffaCakes118.html

Signatures

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 228 wrote to memory of 3692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 228 wrote to memory of 3692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 228 wrote to memory of 4316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 228 wrote to memory of 4316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 228 wrote to memory of 4316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 228 wrote to memory of 4316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 228 wrote to memory of 4316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 228 wrote to memory of 4316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 228 wrote to memory of 4316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 228 wrote to memory of 4316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 228 wrote to memory of 4316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 228 wrote to memory of 4316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 228 wrote to memory of 4316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 228 wrote to memory of 4316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 228 wrote to memory of 4316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 228 wrote to memory of 4316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 228 wrote to memory of 4316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 228 wrote to memory of 4316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 228 wrote to memory of 4316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 228 wrote to memory of 4316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 228 wrote to memory of 4316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 228 wrote to memory of 4316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 228 wrote to memory of 4316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 228 wrote to memory of 4316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 228 wrote to memory of 4316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 228 wrote to memory of 4316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 228 wrote to memory of 4316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 228 wrote to memory of 4316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 228 wrote to memory of 4316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 228 wrote to memory of 4316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 228 wrote to memory of 4316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 228 wrote to memory of 4316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 228 wrote to memory of 4316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 228 wrote to memory of 4316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 228 wrote to memory of 4316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 228 wrote to memory of 4316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 228 wrote to memory of 4316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 228 wrote to memory of 4316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 228 wrote to memory of 4316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 228 wrote to memory of 4316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 228 wrote to memory of 4316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 228 wrote to memory of 4316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 228 wrote to memory of 3920 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 228 wrote to memory of 3920 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 228 wrote to memory of 2864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 228 wrote to memory of 2864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 228 wrote to memory of 2864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 228 wrote to memory of 2864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 228 wrote to memory of 2864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 228 wrote to memory of 2864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 228 wrote to memory of 2864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 228 wrote to memory of 2864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 228 wrote to memory of 2864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 228 wrote to memory of 2864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 228 wrote to memory of 2864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 228 wrote to memory of 2864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 228 wrote to memory of 2864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 228 wrote to memory of 2864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 228 wrote to memory of 2864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 228 wrote to memory of 2864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 228 wrote to memory of 2864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 228 wrote to memory of 2864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 228 wrote to memory of 2864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 228 wrote to memory of 2864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c1ef8d3a3411f47088833ea5348a8126_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd476846f8,0x7ffd47684708,0x7ffd47684718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,17205866298263338654,16117743684024114492,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,17205866298263338654,16117743684024114492,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,17205866298263338654,16117743684024114492,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17205866298263338654,16117743684024114492,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17205866298263338654,16117743684024114492,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17205866298263338654,16117743684024114492,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4084 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17205866298263338654,16117743684024114492,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17205866298263338654,16117743684024114492,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17205866298263338654,16117743684024114492,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,17205866298263338654,16117743684024114492,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4956 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,17205866298263338654,16117743684024114492,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4956 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17205866298263338654,16117743684024114492,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17205866298263338654,16117743684024114492,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17205866298263338654,16117743684024114492,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17205866298263338654,16117743684024114492,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,17205866298263338654,16117743684024114492,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5312 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 nusacode.googlecode.com udp
US 8.8.8.8:53 javascript-share.googlecode.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
US 8.8.8.8:53 drooid-today-script.googlecode.com udp
US 8.8.8.8:53 domassistant.googlecode.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 bdv.bidvertiser.com udp
FR 142.250.178.129:445 lh3.googleusercontent.com tcp
IE 172.253.116.82:80 domassistant.googlecode.com tcp
IE 172.253.116.82:80 domassistant.googlecode.com tcp
US 54.241.51.109:80 bdv.bidvertiser.com tcp
FR 142.250.179.105:443 www.blogger.com tcp
IE 172.253.116.82:80 domassistant.googlecode.com tcp
IE 172.253.116.82:80 domassistant.googlecode.com tcp
IE 172.253.116.82:80 domassistant.googlecode.com tcp
IE 172.253.116.82:80 domassistant.googlecode.com tcp
IE 172.253.116.82:80 domassistant.googlecode.com tcp
FR 142.250.179.105:443 www.blogger.com udp
IE 172.253.116.82:80 domassistant.googlecode.com tcp
US 8.8.8.8:53 www.linkwithin.com udp
SG 118.139.179.30:80 www.linkwithin.com tcp
IE 172.253.116.82:80 domassistant.googlecode.com tcp
US 8.8.8.8:53 www.google.com udp
FR 142.250.179.68:80 www.google.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 76.242.123.52.in-addr.arpa udp
US 8.8.8.8:53 82.116.253.172.in-addr.arpa udp
US 8.8.8.8:53 105.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 109.51.241.54.in-addr.arpa udp
IE 172.253.116.82:80 domassistant.googlecode.com tcp
IE 172.253.116.82:80 domassistant.googlecode.com tcp
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
US 8.8.8.8:53 lh3.googleusercontent.com udp
FR 142.250.179.105:80 www.blogger.com tcp
US 8.8.8.8:53 bdv.bidvertiser.com udp
FR 142.250.178.129:139 lh3.googleusercontent.com tcp
US 54.241.51.109:445 bdv.bidvertiser.com tcp
US 8.8.8.8:53 xslt.alexa.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.214.35:80 www.facebook.com tcp
US 8.8.8.8:53 lh6.googleusercontent.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 i1259.photobucket.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 images.dmca.com udp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 stats.topofblogs.com udp
US 8.8.8.8:53 www.blogtoplist.com udp
FR 142.250.179.105:443 resources.blogblog.com tcp
FR 142.250.179.105:443 resources.blogblog.com tcp
FR 142.250.179.97:80 1.bp.blogspot.com tcp
FR 142.250.179.97:80 1.bp.blogspot.com tcp
FR 142.250.179.97:80 1.bp.blogspot.com tcp
FR 142.250.178.129:443 lh6.googleusercontent.com tcp
GB 157.240.214.35:443 www.facebook.com tcp
FR 142.250.179.97:80 1.bp.blogspot.com tcp
GB 79.127.237.132:80 images.dmca.com tcp
FR 142.250.179.97:80 1.bp.blogspot.com tcp
FR 142.250.179.97:80 1.bp.blogspot.com tcp
FI 65.21.240.245:80 stats.topofblogs.com tcp
GB 216.137.44.125:80 i1259.photobucket.com tcp
GB 216.137.44.125:80 i1259.photobucket.com tcp
FR 172.217.20.174:80 www.google-analytics.com tcp
US 8.8.8.8:53 2.bp.blogspot.com udp
GB 216.137.44.125:443 i1259.photobucket.com tcp
GB 216.137.44.125:443 i1259.photobucket.com tcp
US 8.8.8.8:53 68.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 163.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp
US 8.8.8.8:53 30.179.139.118.in-addr.arpa udp
US 8.8.8.8:53 35.214.240.157.in-addr.arpa udp
US 8.8.8.8:53 129.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 97.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 132.237.127.79.in-addr.arpa udp
US 8.8.8.8:53 125.44.137.216.in-addr.arpa udp
US 8.8.8.8:53 245.240.21.65.in-addr.arpa udp
FR 142.250.179.97:80 2.bp.blogspot.com tcp
FR 142.250.179.97:80 2.bp.blogspot.com tcp
FR 142.250.179.97:80 2.bp.blogspot.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 img846.imageshack.us udp
IE 74.125.193.84:443 accounts.google.com tcp
US 38.99.77.17:80 img846.imageshack.us tcp
US 8.8.8.8:53 i50.tinypic.com udp
US 8.8.8.8:53 ssl.gstatic.com udp
US 8.8.8.8:53 s10.histats.com udp
US 172.66.132.114:80 s10.histats.com tcp
US 8.8.8.8:53 s4.histats.com udp
US 8.8.8.8:53 world.popadscdn.net udp
FR 142.250.179.68:443 www.google.com tcp
CA 54.39.128.162:443 s4.histats.com tcp
FR 142.250.179.105:443 resources.blogblog.com udp
NL 190.2.139.23:80 world.popadscdn.net tcp
US 8.8.8.8:53 statinside.com udp
US 8.8.8.8:53 174.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 107.39.156.108.in-addr.arpa udp
US 8.8.8.8:53 84.193.125.74.in-addr.arpa udp
US 8.8.8.8:53 17.77.99.38.in-addr.arpa udp
US 8.8.8.8:53 114.132.66.172.in-addr.arpa udp
US 8.8.8.8:53 23.139.2.190.in-addr.arpa udp
US 172.67.146.166:443 statinside.com tcp
US 172.67.146.166:443 statinside.com tcp
US 172.66.132.114:443 s10.histats.com tcp
US 8.8.8.8:53 162.128.39.54.in-addr.arpa udp
US 8.8.8.8:53 166.146.67.172.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 54.241.51.109:139 bdv.bidvertiser.com tcp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 resources.blogblog.com udp
FR 142.250.179.105:445 resources.blogblog.com tcp
FR 142.250.179.105:139 resources.blogblog.com tcp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 147.142.123.92.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 1.bp.blogspot.com udp
FR 142.250.179.97:445 1.bp.blogspot.com tcp
FR 142.250.179.97:139 1.bp.blogspot.com tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
FR 142.250.179.105:443 resources.blogblog.com udp
US 8.8.8.8:53 accounts.google.com udp
IE 74.125.193.84:443 accounts.google.com udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 38f59a47b777f2fc52088e96ffb2baaf
SHA1 267224482588b41a96d813f6d9e9d924867062db
SHA256 13569c5681c71dc42ab57d34879f5a567d7b94afe0e8f6d7c6f6c1314fb0087b
SHA512 4657d13e1bb7cdd7e83f5f2562f5598cca12edf839626ae96da43e943b5550fab46a14b9018f1bec90de88cc714f637605531ccda99deb9e537908ddb826113b

\??\pipe\LOCAL\crashpad_228_GNTKEWYTTFRELFYT

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ab8ce148cb7d44f709fb1c460d03e1b0
SHA1 44d15744015155f3e74580c93317e12d2cc0f859
SHA256 014006a90e43ea9a1903b08b843a5aab8ad3823d22e26e5b113fad5f9fa620ff
SHA512 f685423b1eaee18a2a06030b4b2977335f62499c0041c142a92f6e6f846c2b9ce54324b6ae94efbbb303282dcda70e2b1597c748fddc251c0b3122a412c2d7c4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2772dd5a07eaef191a775bb975e0c747
SHA1 04c31d728045b4ac5533b194757735e28395dd15
SHA256 9ce0518aebad3de23a5d27ae37a527cafa805c989bb60af8b97fdb0b5fb5f130
SHA512 950be3e14e77a5ca12dbe15d79d8d1d0c52c369095a543e4d27d5d532691d068fa3053734aaa35ee9ea109485cb319d144419e17e6b8a8276c93951f6b7e715a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 1f71ebc01c5e0ffb3142ce46232e963a
SHA1 dffdcaed4a8308fc31328c4e6e06b0876840c41d
SHA256 0cb8aa0b4e956ce902a0804723bd16861a8118321900d96f8cc1d8c72e58710d
SHA512 2e6cf03bbcb313c572521f9feee22af07644c071d79a8367292fe627c951b9609bc3cb7791ac42523a0ce398dec9de736721d2bba3b0f8005b5f7e2dfdda293c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a3310e566ab7830bf92fae45bb1ed6db
SHA1 f9cbb18f0f284a8e3fd13d547bc950604203443a
SHA256 175b8390a5a5794ae6fe6e94c2e9e1f930efbbabe38567bfbd73ab8f0b4e46a9
SHA512 90c5001d8d97b8f050070bdc22be13e47b5fc1f69d4bb67638e9a0e362efb41c1db76ac52651050ae4fc889cdd01fe8499ab75e2f47953f7bac31c263e91b3ee

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 16c4e8073ada6be6af3f9530c7571c74
SHA1 85087159178ea83e7cc05584424f1f8d12560a86
SHA256 f09717f5f73624ff72c2308deed931b07ec3bfade3149230cc0439ac30e14a42
SHA512 b5f1ff2d4ff6804f6d906f161b23110c56b2b5253e97a9b734b63ccb8e6c1c20eb5c5b4d28b9df1e509758d953e82654b8603a1e3e013301b002730e6f603e6d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 fca34a806adbae8288f09ee27b63e7c7
SHA1 3199d763cac07707b976c1c3aa8be6dc821e9713
SHA256 2685f207c9297e10dee6483011c07ec9ce2d08a93286f843dc0c2d985c3475f8
SHA512 2e3a926687da21e262678da84cc28dc4f5fdcefb51ef6e1d5f19d5608836806933e992910169fcfcc8d5729567d1f445010a188a1273af65c710d37d620ad66b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 7a31b7cbcb0bec2eebf0b6c42925a69f
SHA1 8e3c6c7eddbf41820f7483415dcdb90b25953f81
SHA256 ea53afef76ba88b3754edb7e5c037e4dc4be37146e42085535e109cdcbb16ceb
SHA512 127373bbf0487bafe32738e8995e3bc908bd9a48a3f287a74e4d77bf17324e53318ec2d4cbd40073a9f017113e53b38306ed0d84a11e9606bd7352cdd7a0a85d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe589d64.TMP

MD5 48affb27d3e5576449faa435289e8912
SHA1 32ec360ce01531e440fd11d9d4a68f887d197e38
SHA256 2ca9cd90e5434b5e288b585488f8071a4315d32a996d932202dc8fa4c04a60d9
SHA512 98c202a5467ba728a8f79c61612e2b39a2f0dded931f661ee81414e604f60088dbc3ce2f2ec4b310e4472471e81af15fba4775f5f3eae4a945cf5bae45933006