Malware Analysis Report

2024-10-19 02:45

Sample ID 240826-ltm62axcqe
Target c2c02c4889a8583baca06ff18710c1b0_JaffaCakes118
SHA256 30f306d7787bbf46c24eed30c25f238dc942eb3c6d22a30c2e3cd75b5591e27a
Tags
socgholish discovery downloader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

30f306d7787bbf46c24eed30c25f238dc942eb3c6d22a30c2e3cd75b5591e27a

Threat Level: Known bad

The file c2c02c4889a8583baca06ff18710c1b0_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

socgholish discovery downloader

SocGholish

Browser Information Discovery

System Location Discovery: System Language Discovery

Suspicious use of SetWindowsHookEx

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-26 09:49

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-26 09:49

Reported

2024-08-26 09:52

Platform

win7-20240704-en

Max time kernel

141s

Max time network

147s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c2c02c4889a8583baca06ff18710c1b0_JaffaCakes118.html

Signatures

SocGholish

downloader socgholish

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{82C66031-6390-11EF-BB9C-566676D6F1CF} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002aec918cb9fa9248b7812ac80df2e74c000000000200000000001066000000010000200000003aba0a7b0373f46fe8976c9f8a6af21d33cb2767349df732fb3fcae07f0644f0000000000e8000000002000020000000f2d8595fc07c529b73054ebab6f893bac5f3dac06e7f1ed8b62ab646370b3dfb200000008917b0442255a7834ac95f9846e41a36ac6ab6bb9a04bb618e07620fd60b07524000000025f414ce56b3231969fef2e0946de6e324cc7d59f319756ca00d86ec691dd7ab86ce2f82c469001bcf78f60580d7f01455a38d799a032b84f6ad3dc2b3dba599 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30a0ec719df7da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430827647" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002aec918cb9fa9248b7812ac80df2e74c000000000200000000001066000000010000200000005054aa76a84d401c3041402f5d536b7e089cf85928421b1e4f276cfccee35de1000000000e800000000200002000000039aa7461b037ac138a9cd54c2d3cdf286bf5c091b4705357be1729390d000374900000007c4d86fb26962f514d65547fd25b89707f02905b02f4b5f35fbf34719fdd3f79da91b1c9c17e01ee056eca7d3370b51581306732cc878b81ea61beb73912b00c3b20686af1a828948e256f2f093860119d491f7acd8c955eefca3236d49a78309c238c8a1d1d76dc83640a9642872ad532cdacd40e7054e16a4e9cdab34817331b86472c6874a8016e531a7bd78ba7bf400000003b895199c5c775ee42ddd6a88830cd5d5b705340018e68e8ee5b5dd8982b4c648fb0f9cf2bdb68bfa9983f8e612ca21819807d11bb43307650905037d4e123ed C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c2c02c4889a8583baca06ff18710c1b0_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2268 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 img1.blogblog.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 st1.freeonlineusers.com udp
US 8.8.8.8:53 synad2.nuffnang.com.my udp
US 8.8.8.8:53 images.motorcyclistonline.com udp
US 8.8.8.8:53 badge.facebook.com udp
US 8.8.8.8:53 www.blogged.com udp
US 8.8.8.8:53 s07.flagcounter.com udp
US 8.8.8.8:53 s46.sitemeter.com udp
FR 142.250.178.142:443 apis.google.com tcp
FR 142.250.178.142:443 apis.google.com tcp
FR 142.250.179.105:443 www.blogger.com tcp
FR 142.250.179.105:443 www.blogger.com tcp
FR 142.250.179.105:443 www.blogger.com tcp
FR 142.250.179.105:443 www.blogger.com tcp
FR 172.217.20.202:80 ajax.googleapis.com tcp
FR 142.250.179.105:80 www.blogger.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
FR 142.250.179.105:80 www.blogger.com tcp
FR 142.250.179.105:443 www.blogger.com tcp
FR 172.217.20.202:80 ajax.googleapis.com tcp
FR 142.250.179.105:443 www.blogger.com tcp
FR 142.250.179.105:443 www.blogger.com tcp
FR 142.250.179.105:443 www.blogger.com tcp
FR 142.250.179.105:443 www.blogger.com tcp
FR 142.250.179.97:80 2.bp.blogspot.com tcp
FR 142.250.179.97:80 2.bp.blogspot.com tcp
FR 142.250.179.97:80 2.bp.blogspot.com tcp
FR 142.250.179.97:80 2.bp.blogspot.com tcp
US 206.221.176.133:80 s07.flagcounter.com tcp
US 206.221.176.133:80 s07.flagcounter.com tcp
DE 157.240.27.18:80 badge.facebook.com tcp
DE 157.240.27.18:80 badge.facebook.com tcp
US 12.129.245.166:80 images.motorcyclistonline.com tcp
US 12.129.245.166:80 images.motorcyclistonline.com tcp
US 8.8.8.8:53 st1.freeonlineusers.com udp
DE 157.240.27.18:443 badge.facebook.com tcp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.151.35:80 www.facebook.com tcp
GB 163.70.151.35:80 www.facebook.com tcp
US 8.8.8.8:53 m.facebook.com udp
DE 157.240.27.35:443 m.facebook.com tcp
DE 157.240.27.35:443 m.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 accounts.google.com udp
IE 74.125.193.84:443 accounts.google.com tcp
IE 74.125.193.84:443 accounts.google.com tcp
FR 142.250.179.97:443 2.bp.blogspot.com tcp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
FR 142.250.179.97:443 3.bp.blogspot.com tcp
FR 142.250.179.97:443 3.bp.blogspot.com tcp
FR 142.250.179.97:443 3.bp.blogspot.com tcp
FR 142.250.179.97:443 3.bp.blogspot.com tcp
FR 142.250.178.129:443 lh3.googleusercontent.com tcp
FR 142.250.178.129:443 lh3.googleusercontent.com tcp
FR 142.250.178.129:443 lh3.googleusercontent.com tcp
FR 142.250.178.129:443 lh3.googleusercontent.com tcp
FR 142.250.178.129:443 lh3.googleusercontent.com tcp
FR 142.250.178.129:443 lh3.googleusercontent.com tcp
US 8.8.8.8:53 www.blogged.com udp
FR 142.250.178.129:443 lh3.googleusercontent.com tcp
FR 142.250.178.129:443 lh3.googleusercontent.com tcp
US 12.129.245.166:80 images.motorcyclistonline.com tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 2.19.252.143:80 crl.microsoft.com tcp
US 8.8.8.8:53 lh4.googleusercontent.com udp
US 8.8.8.8:53 lh5.googleusercontent.com udp
US 8.8.8.8:53 lh6.googleusercontent.com udp
FR 142.250.178.129:443 lh6.googleusercontent.com tcp
FR 142.250.178.129:443 lh6.googleusercontent.com tcp
FR 142.250.178.129:443 lh6.googleusercontent.com tcp
FR 142.250.178.129:443 lh6.googleusercontent.com tcp
FR 142.250.178.129:443 lh6.googleusercontent.com tcp
FR 142.250.178.129:443 lh6.googleusercontent.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 11d0005e0b8794ab4aad0542756cbfe7
SHA1 7b8418bec44685422de5c662ac7a6d95d3c04a35
SHA256 721e5b826a6ca850601660da35945f26f901ac73bd9f707c93faa6b4274f9d08
SHA512 be28b411d7bdb72d96309bb44930be33db7898078cbcf10ef6fded144731748b7498b19c91cba5f4ac069fa6de0d250c495f4bceaf4f114f522c3947793ec249

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 2ee6d5208d66372e059283ff2ce2ae03
SHA1 7df2432afba1242462e56882f68f2dc145af2b3a
SHA256 21c0c7df9ca9748b0584e4a2f43bcd986e6a1acb477f087c97db83c2bb087cd7
SHA512 18b2c6683fd50433e43598a1ab15eb488d1c4257400e025e554527d428628d0a8375e78f530cb9222cd6cdf44b0c71d32a8816dcbad4be4e0e3439ff564205c2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 1353700010464e6edd551626e13be701
SHA1 323b2091d814a68ea41f5d438b9bb7e37037fa7f
SHA256 d94e2f8eb82d75e74f3ffc9195026b58be1b5f61177f06c8419c4ba5a7126a90
SHA512 720f600736defa7d4bb12f6633737e49cafba747d4e2582fdcae6a4a47eac69ac3b495a473f0bd9be9e1922b061e9f362e31ecf671ee26ccb3cefc94c56f74af

C:\Users\Admin\AppData\Local\Temp\CabB5F9.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\TarB61B.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 f4ae8277ee2a4827e988d27da1b3e0da
SHA1 27d16d8cc43d6df1b4ed1e95a224dd21751c7a2d
SHA256 81ce90a1a8da1fac04ef40cf2ffde2ed5c716198c392f2c3dbd6f35a88b4517a
SHA512 30942d81f76ca810d76d569052090efa6a97c2f748cf4a805192367333a1c13ab091b5be0ce82c776cc0bae2e986422107e6e16155b35bf0cdc553afcd69bd7e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

MD5 e935bc5762068caf3e24a2683b1b8a88
SHA1 82b70eb774c0756837fe8d7acbfeec05ecbf5463
SHA256 a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d
SHA512 bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B3513D73A177A2707D910183759B389B_147AB4536A182B9FCE88E194D59F3B22

MD5 1c33733bba48dc1da9b3b72aa0d51872
SHA1 4cf2d3db81647006bb5f53aa30b9db7bcaf0d655
SHA256 88c15dbd932201db0eb1903827bcc264ed9abc80bcf323f4c49080ffcacc58b0
SHA512 3336ea7634bf22b2989549b621596496308446595d0e3b291902767883d901106aa5ed405789047b83c5ab97ffa05db2afe0d987593cae37c5a90c9e1b680988

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B3513D73A177A2707D910183759B389B_147AB4536A182B9FCE88E194D59F3B22

MD5 88420463d68079f259fb6fe06910577d
SHA1 d518daf76f8633efa67409de2547a9a04a9b2fe1
SHA256 bb31c551cadba1e99919b614e740fc31fced63fbf23623f2dc2fcd2ca963388a
SHA512 853f6ab002b828ccf4e9d62fed401cdebe4a1541ef9a2d1bdf3637ec002b3611d075bf14dd57d769090698342e3cf3a2629880e736126ebceb773e84216a29af

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4UQ4J2DQ\platform_gapi.iframes.style.common[1].js

MD5 aada98a5b22ec7188655c2c17a083c57
SHA1 7c3c2fb8744e7412d8097e28f588788d91b9cd9b
SHA256 f2f09baa213dd3dd95edb5a30c7764e4a44d9a79c0831f90b1ad8ebedec9dab8
SHA512 a780aa3b9e36f61be8240487e75c19a96fe26d54abf9006680a00af9d1d394e81e517f0bbbc13edff3a7190679260ecd56fd5cdd7c2d2f416ab8982c3277b953

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4MP1SLKR\cb=gapi[1].js

MD5 cb98a2420cd89f7b7b25807f75543061
SHA1 b9bc2a7430debbe52bce03aa3c7916bedfd12e44
SHA256 bea369fc5bdd5b9b473441583c46b9939232bf1f98c1cedf6bc2241c4f5068d4
SHA512 49ccede4596d1e5640a9c8e8be333f9c18812d58f02b2b15adb54172df1387439e9dc5afc4ccd9d8f0f75f092318bed68d3cd577338e88ef4f9373de8a07c44e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C02877841121CC45139CB51404116B25_9CE832D646FBAFC5C4ACFC523FDD84AD

MD5 fae1f0f20f14af0b22c222e9f39a2908
SHA1 b590857b29044c8ec7a85ac2552cf2c8bbfada79
SHA256 87e7b3931e3b63a465c18530e80de76a993143b79bc733472460228659665d34
SHA512 12f90e4ca498a337f6cc334ca7f43da23351bb06ffdfbbdf1d7a72b7afb490c44c7babf73720c9a6fa02c2fe5cf0f22e16d2f58e455a750b26ada579571f75e4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C02877841121CC45139CB51404116B25_9CE832D646FBAFC5C4ACFC523FDD84AD

MD5 3565d3104fa920a897ae5ae49dfbc5bc
SHA1 4704720303efd716199f5a53390a13549fc054f8
SHA256 e59be9994e30908914b4579c7625d33ab7473e0625c7f1db2c31782cd65c2e09
SHA512 e37a07d3cc4f9f66973f3f0cd9c1e119cd7ca42746045b6a2f0cdde3615a711a47a2423378f1dcfa6d6f620037b86b56a07a73eddf5a6b4d2f064f24efeb52f8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C02877841121CC45139CB51404116B25_D71A94740B0CED76EBD7AAE2374CBE8B

MD5 eec971bc753cc9e2e6b53f9a70b2ec46
SHA1 180800efd67b9f2d3904d26b0f023d091f96e364
SHA256 16d1ff1fe2e5e3897c08895cb20db9b4238e04a9df8c241fcab508d4833ae57e
SHA512 03c8d025850682fbc950f9cc25fb270a87bb585417454bb5ba6ae38dc8ac7687cc2de83e44b1fd24e3fb591ef27393f7bdf156f83d2fd707570b3dc62dbc019b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 72c9a94c6529b9fe6b7bdf1d7228f7b2
SHA1 935229718c90747fb35ec292b0eb7eae7ee54a76
SHA256 54c3880ff22f5acdc83e23bb7001e7293bb59c6c6cd56712f5c85587253b5c65
SHA512 d6759e75084b2a6bef5983ffca4bf24b7279d0ff0b0a0c5d0377146b1bc9b857848805f9f75552c3335423a930a7ca42a18ca83f4d1a0ceda4ab79efc2ded54e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e0704f4f90a4d01d00a3bcc4ecb08b85
SHA1 09b9c117247c80f7a9cc78b84198bc0dcd6a909d
SHA256 df46872855ad7e4ce50dd5c8ef60942a45e0d7a55961f8f862b9e2b2bd1c3f66
SHA512 790ee3429346a10ae4773fe4d316f9342914dcb94ba02ade3a04f1a3dada67ef5f61271cb4b0a458ea67491afaaee6aa71dcd0da5ac7ca803287893fd390281d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 bad1132b89edb1b7e3211bb4d39f1c02
SHA1 fff7bbf02e10940b765192b3cfe50d8f3f73b9ba
SHA256 7b45dc1a0b969c135afb6e944a7e88b09ec10f55b6cd375cc2fe6fc8a1f12b10
SHA512 ea805257276c98444702bdf5520094a09a8929d004f82a11b5e858030297067b5bd7839482730b24d88181e9a7b0eaecb5b7fa463adcd4227d0dbc89e85315ab

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 26d222df9f14a92cad910fa6fd7a9d16
SHA1 4fa97cbf0366685f8d6986ecf4ec4d26f154ba47
SHA256 f1743915a173cb9844ebcaa852fc00a0bf424c9d534e2b5316d35e1ad0b232f7
SHA512 e3b62e7fd05978b88200e33eaef6de95b9cc5ca96afda3cb39ae265bd013f2642ac7062a19e9809ecc86096028062cb2cabc2cf2c589af8ea989fb7baaf6190c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ec1af613f88033c138d5275a70872adb
SHA1 122aeae209bb05cda0a07d91ced6bc0cac792c26
SHA256 e9eba52aeff9a9090e1acef0847607c7edb8792101e9577e0b2665ece4075a7e
SHA512 4f6c56bc10dbecdce751eb492e5861cc868845e652aba1a433a27251f58e13795ae4d226f38b13d2848f9668f30496b8d96e7d1c55b6d23fcc09c43abd55fdbd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 37530fe59f7ad44b105e51dc806adea5
SHA1 34a1767da028ad865ddd47efbae879aab5c3ed89
SHA256 98f5fa242bc213e5e43d44d1c6283c8a9d2a6f41531a31effaef6ee38ccc603a
SHA512 1a3ac3455edf9fdb40462ecff91bd48a4caee3bfaa033b093bd68f32f692c193eddbbe656fe67703708cc483e89aac2704bc3989492a7feaff03af780fa8effc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0b63c1f6d809c7da82e64dfc6ff94d1c
SHA1 1d372217e6885ac7b800296bfd58a58ea93e29a5
SHA256 44fe8fac061c55cfad65ea1a09fbf5244bb6ba9529f60d06474d32506c0f1523
SHA512 d4598a5c0f3f39f821789078c7c6e1015f3679402d5f1a3937405a5c59f3521dd173f950f60da01bf6ce1c9f13bbc159258b0165311b462d215bf63792e8b31e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6b2fda156dc8590fb915171c5e3f60a1
SHA1 58942e45ee917866f2de878f1a5f94287f395e07
SHA256 54241a552567a46b3770a945b672195c1cd233c6f92b654f4fa324e4a2395386
SHA512 14dbd3365529ec128d6596d960dc5bf31365587e69e2a67fc661aa07560aad9120669edd16a4c6474e0752a0b833820ce91a1b6c1e39e2872347973e9f5e0cf8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4b1543ac52a9aff80341a585ceb514c4
SHA1 de7dd6f5a42d95a0e1de88949732272b7d2f4cd5
SHA256 dd6b2db6fe712a00b2afebd0c2225319c105c132644d33155b64a21670fdc43c
SHA512 af8928bad758606c85278a36c722d08aeca11ced6495fbd19d72475bb8cb3ee50699b4b928a859835679326475252addee66ab8220348430fccae8db413abc74

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 70ba0ea355dc1bd2afb669df5debd71b
SHA1 da39b77fc8a9c6c3d7a0ba744cf8b5570faadeaf
SHA256 d53c3364a4b6312c9c6ad7d2e434e55776f47755d9b423afe919d22846a4344b
SHA512 548470efe1e09baac9540930503762a9aebfb942a43c32e8399987f031fb5da41bf56c7a1389f27a28fab6afdaad56fcd96a77d6072cb0595d8b82daf25d1292

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 02ed41fb2e42fb172231d4e4395fb5db
SHA1 efb8ee1fc0d737b69d99e6d1f5b0f514d5995608
SHA256 c32434a5aab3778bc2b11d15412fdd4032b4ebde5ff716b25d883f9079672124
SHA512 45ea5e95efb0327cb62c68cfc3aaa767df523219a4a1bb5ebb328697058b98764caadcb2bf6f26d831a12559bbce9c49bbcd2e033c4e1440d74eee99e0c0da94

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0c7aaf4b0cd05b2c7cb003e44ccf59d6
SHA1 3aeb7342495f245e7c4dc82ec345d0e17bdc0cb5
SHA256 e1da9278d104918968a055c6834c999bd39f3e47a1d1437ee74cc64e0fa770e8
SHA512 fbb86c9ff2237f99176b9b2f948319b1873d316d746443c363490065ca6292b9c00dbf8c9630e85eb9a2e8305e74d610a37a65677e44b3b0e2b02db9883d3775

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 994c7a52a5445449f227d7a3f516fb2c
SHA1 51048998d47c6e5751991521d251ac18077ae5e8
SHA256 705465a4a7874120be5fdc72efd3decdd2ee0846aff61e22133820d145462d4a
SHA512 30b9d6ee340c7574f4761c991972bf22723671ae2923e39f9a3320f54912fc14d4e45e63f7e0772ab23148b12abf696f423c2a927c41e0759c06579824771593

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8cdf6a3057645a1044c4143f32e9198d
SHA1 1eb12339cf04f2ca66abae29dc1aabe8a603bcb9
SHA256 1d700a6e4e13584d24a4a188012af0fe10c5ca95978f07cceadbcecddcbbfa18
SHA512 ec6292dfb9570ecbd8ba197e8678e5c01e617fd4ee43e368014ead14ba0d0ed2170671daad092dba3d5de9631be77e76cc90ca508e79bb8ef5b56253f796c29c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0d186bb54fefe1407274716cdf600e00
SHA1 8b90953fe9af53c70bff9a49d9c5a7bb5ff4cf98
SHA256 7e778d028ec8317f18ebac404de7255edd132c6d80ebc4573c66fc3ddeb1da9f
SHA512 e43d9318c6c7b97fc0b810d6728c02fe9f94fa58610379c67d723b9c0dd755e69afedbb440ea7aff2bab11a119cfbb3e04b845d51e50660e879b0f473741feff

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6698a932631a5d8124272058687f7547
SHA1 eb23439a1463d3c5286970ae0bb7e728879b0e44
SHA256 4af0c189fac1474cafc16942c6cd8a6f88790fb0a4446a4c898d3bb6c362c8bc
SHA512 08a1f6d8cc4aab65e3b6edec20c4e9bac73d5d8c56f332d2438121e374f44e7630a0b871f4f088811492a7e7956b4e7b5ad5a035559ec2ec6ba7e2c9ee163f21

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 af496ef2c596b056e059c513c71e9bb6
SHA1 82612b4d379b803b7c9101b96a21f8b065e20df2
SHA256 e27a4b3303f5821d8b04afad368617a78f9b42b23f4b33c76a8a0e4e458aab79
SHA512 6b06c6bc88fa7c585b33e4bdf3550f36af0dc3cf7656934e6f94c3f2f19bdf6027621c71f9c6048f423ed4aa83d4d313608558002be1afcb3878593cebd3b292

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5417ae739f7f0b1973e18c2c21dd3c0d
SHA1 6f8be045639e292be1ed40d6ea2a405727e4d5f8
SHA256 bbb30199a664c7b4950de7bdd436c8edd02b395a17c4165246e74888ad5e7a2e
SHA512 7b13ddafd0bcdd78a2a097330966f6dee1c02e4e90b70633ba259be3fa6ccf3d2fe06714d714f9d12dba65d20b18f3e0ee0b07ad7ecf1414c189eca5469757fe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 900dd4eeed8fcf1cb6e45ba7f04ce533
SHA1 bd951d1cf437ef116e485c16950c1e1a530fcdf6
SHA256 14e62ef36ba964b1b72a9837b4774ad29733826ef355b856f95e7d5dd1e4e9d7
SHA512 dd21fe84ea020422a721f3f45ad19aa2cadc36ec21fa053100b5db768ad2f47cdf5599a728c3e3481c2852cb7c03f15deb3891e35994a330eb42577ad280d596

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7e3fbdf7e8c23c220d8a1da4a4908533
SHA1 d7a062f28701303b12f4f267b43ffdc2830025c7
SHA256 0581a940a1d0011d42af1eee028eca8149ad91b39e1920024c7ad084a5f823e8
SHA512 14450133d14746429b08bdae8e202d5a8007ff4fe89fb1448b403dfffb94b3340f054c11b4184c26504352cf424180ffc06dc79a920d9171d6b8c01e260b18f2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5d26136845958c168282197736f8ad09
SHA1 b56588b046f68d7a4db696361c1c4381f3e5813f
SHA256 ead7216db436a19fe778de48541f319e103c2de611252da543706f36dd34604e
SHA512 1e8c412f2d0aa554ee75c0cdfbabf064c9931f636f85a520c8a145f70279cc837912573b4db87c5818650407c54ad4944ae006525f0ec59e1c5de8d1d071c631

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e1683ed9437ce8fccc02f31e43936f5d
SHA1 ace3904aabd949db5add30150b84ed6f7cbfc93c
SHA256 390eabafdc4de8c19036b7dce65b313a3785a58ee091c60f60a4898f6424713e
SHA512 56717007a4a5bd9c0cb848c87a198b4acd0b85a881db488ddba328a5c57a7f5ab99f6cc25a9aacf1dc784fab3aad8421a79ff58ae1f4d2a12832dc6bafb53409

Analysis: behavioral2

Detonation Overview

Submitted

2024-08-26 09:49

Reported

2024-08-26 09:52

Platform

win10v2004-20240802-en

Max time kernel

145s

Max time network

139s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c2c02c4889a8583baca06ff18710c1b0_JaffaCakes118.html

Signatures

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3236 wrote to memory of 620 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3236 wrote to memory of 620 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3236 wrote to memory of 4192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3236 wrote to memory of 4192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3236 wrote to memory of 4192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3236 wrote to memory of 4192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3236 wrote to memory of 4192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3236 wrote to memory of 4192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3236 wrote to memory of 4192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3236 wrote to memory of 4192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3236 wrote to memory of 4192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3236 wrote to memory of 4192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3236 wrote to memory of 4192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3236 wrote to memory of 4192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3236 wrote to memory of 4192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3236 wrote to memory of 4192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3236 wrote to memory of 4192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3236 wrote to memory of 4192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3236 wrote to memory of 4192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3236 wrote to memory of 4192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3236 wrote to memory of 4192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3236 wrote to memory of 4192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3236 wrote to memory of 4192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3236 wrote to memory of 4192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3236 wrote to memory of 4192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3236 wrote to memory of 4192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3236 wrote to memory of 4192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3236 wrote to memory of 4192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3236 wrote to memory of 4192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3236 wrote to memory of 4192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3236 wrote to memory of 4192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3236 wrote to memory of 4192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3236 wrote to memory of 4192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3236 wrote to memory of 4192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3236 wrote to memory of 4192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3236 wrote to memory of 4192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3236 wrote to memory of 4192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3236 wrote to memory of 4192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3236 wrote to memory of 4192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3236 wrote to memory of 4192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3236 wrote to memory of 4192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3236 wrote to memory of 4192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3236 wrote to memory of 1300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3236 wrote to memory of 1300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3236 wrote to memory of 4692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3236 wrote to memory of 4692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3236 wrote to memory of 4692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3236 wrote to memory of 4692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3236 wrote to memory of 4692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3236 wrote to memory of 4692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3236 wrote to memory of 4692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3236 wrote to memory of 4692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3236 wrote to memory of 4692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3236 wrote to memory of 4692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3236 wrote to memory of 4692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3236 wrote to memory of 4692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3236 wrote to memory of 4692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3236 wrote to memory of 4692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3236 wrote to memory of 4692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3236 wrote to memory of 4692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3236 wrote to memory of 4692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3236 wrote to memory of 4692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3236 wrote to memory of 4692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3236 wrote to memory of 4692 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c2c02c4889a8583baca06ff18710c1b0_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcfff146f8,0x7ffcfff14708,0x7ffcfff14718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2252,7600889352658496799,11438294367945666965,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2260 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2252,7600889352658496799,11438294367945666965,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2252,7600889352658496799,11438294367945666965,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2400 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,7600889352658496799,11438294367945666965,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,7600889352658496799,11438294367945666965,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,7600889352658496799,11438294367945666965,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,7600889352658496799,11438294367945666965,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,7600889352658496799,11438294367945666965,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2252,7600889352658496799,11438294367945666965,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5640 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2252,7600889352658496799,11438294367945666965,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5640 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,7600889352658496799,11438294367945666965,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4780 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,7600889352658496799,11438294367945666965,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,7600889352658496799,11438294367945666965,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,7600889352658496799,11438294367945666965,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2252,7600889352658496799,11438294367945666965,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5128 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 102.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 translate.google.com udp
FR 172.217.20.206:445 translate.google.com tcp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 synad2.nuffnang.com.my udp
FR 172.217.20.202:80 ajax.googleapis.com tcp
FR 142.250.178.142:443 apis.google.com tcp
FR 142.250.179.105:443 www.blogger.com tcp
US 8.8.8.8:53 www.linkwithin.com udp
SG 118.139.179.30:80 www.linkwithin.com tcp
FR 142.250.179.105:443 www.blogger.com udp
SG 118.139.179.30:80 www.linkwithin.com tcp
FR 142.250.178.142:443 apis.google.com udp
US 8.8.8.8:53 st1.freeonlineusers.com udp
US 8.8.8.8:53 s46.sitemeter.com udp
US 8.8.8.8:53 images.motorcyclistonline.com udp
US 8.8.8.8:53 img1.blogblog.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
FR 142.250.179.97:80 2.bp.blogspot.com tcp
FR 142.250.179.97:80 2.bp.blogspot.com tcp
FR 142.250.179.105:443 resources.blogblog.com tcp
FR 142.250.179.105:443 resources.blogblog.com tcp
FR 142.250.179.105:443 resources.blogblog.com tcp
US 12.129.245.166:80 images.motorcyclistonline.com tcp
US 8.8.8.8:53 4.bp.blogspot.com udp
FR 142.250.179.105:80 resources.blogblog.com tcp
FR 142.250.179.105:443 resources.blogblog.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.105:443 resources.blogblog.com tcp
US 8.8.8.8:53 badge.facebook.com udp
US 8.8.8.8:53 www.blogged.com udp
DE 157.240.27.18:80 badge.facebook.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
US 8.8.8.8:53 s07.flagcounter.com udp
US 206.221.176.133:80 s07.flagcounter.com tcp
DE 157.240.27.18:443 badge.facebook.com tcp
US 12.129.245.166:80 images.motorcyclistonline.com tcp
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 202.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 142.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 105.179.250.142.in-addr.arpa udp
FR 142.250.179.105:443 resources.blogblog.com udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 97.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 18.27.240.157.in-addr.arpa udp
US 8.8.8.8:53 30.179.139.118.in-addr.arpa udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
DE 157.240.27.27:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 accounts.google.com udp
IE 74.125.193.84:443 accounts.google.com tcp
US 8.8.8.8:53 translate.google.com udp
FR 172.217.20.206:139 translate.google.com tcp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
FR 142.250.179.97:443 3.bp.blogspot.com tcp
FR 142.250.179.97:443 3.bp.blogspot.com tcp
FR 142.250.179.97:443 3.bp.blogspot.com tcp
FR 142.250.179.97:443 3.bp.blogspot.com tcp
FR 142.250.179.97:443 3.bp.blogspot.com tcp
US 8.8.8.8:53 133.176.221.206.in-addr.arpa udp
US 8.8.8.8:53 27.27.240.157.in-addr.arpa udp
US 8.8.8.8:53 84.193.125.74.in-addr.arpa udp
FR 142.250.178.129:443 lh3.googleusercontent.com tcp
FR 142.250.178.129:443 lh3.googleusercontent.com tcp
FR 142.250.178.129:443 lh3.googleusercontent.com tcp
FR 142.250.178.129:443 lh3.googleusercontent.com tcp
FR 142.250.178.129:443 lh3.googleusercontent.com tcp
FR 142.250.178.129:443 lh3.googleusercontent.com tcp
FR 142.250.178.129:443 lh3.googleusercontent.com udp
US 8.8.8.8:53 129.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 synad2.nuffnang.com.my udp
US 8.8.8.8:53 www.facebook.com udp
DE 157.240.27.35:80 www.facebook.com tcp
DE 157.240.27.35:443 www.facebook.com tcp
US 8.8.8.8:53 35.27.240.157.in-addr.arpa udp
FR 142.250.201.162:445 pagead2.googlesyndication.com tcp
FR 142.250.201.162:139 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 www.blogblog.com udp
FR 142.250.179.105:445 www.blogblog.com tcp
US 8.8.8.8:53 www.blogblog.com udp
US 8.8.8.8:53 lh4.googleusercontent.com udp
FR 142.250.178.129:443 lh4.googleusercontent.com udp
US 8.8.8.8:53 lh6.googleusercontent.com udp
US 8.8.8.8:53 lh5.googleusercontent.com udp
US 8.8.8.8:53 bikerboyz11.blogspot.com udp
FR 142.250.75.225:80 bikerboyz11.blogspot.com tcp
US 8.8.8.8:53 225.75.250.142.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4dd2754d1bea40445984d65abee82b21
SHA1 4b6a5658bae9a784a370a115fbb4a12e92bd3390
SHA256 183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d
SHA512 92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ecf7ca53c80b5245e35839009d12f866
SHA1 a7af77cf31d410708ebd35a232a80bddfb0615bb
SHA256 882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687
SHA512 706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696

\??\pipe\LOCAL\crashpad_3236_HWNSASJDNOUYRSTF

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f99700d9374716186befca0b4efa838c
SHA1 aa27d98b8ffbed6f6fd9828f7858361a8d5e794f
SHA256 ea8e8dcc0ac1482d4ad9bbd3ec914a3bad7831623c62753cf40f96bf18855395
SHA512 6a84947f5cb7ef139e1850a17d4f39967d8118025054197f0c542c2146430abed89245f4093153c1f69512cd086c7b42985b880083e6f4c60c3cb1d8a8e3c41b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 483ce14d58ed5459326ace8bec572cc0
SHA1 d543427bc00732541c7e72809e09ac2a6f365073
SHA256 55fa378ab079a7af573ae9be6fc55643034d7ad3c508116eeb8dd3b1f86e28ac
SHA512 6b76dd304c9b726e6230c6dc44abf1f944633effdc7f7a5bd7eb56bd21bac78e2277670ce543a78ca203fd65c4bd476220117de3d162ead1ddef6cf1cd8c336a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9fa7b5c36ce9af0a481a0506efa425fa
SHA1 45b19e786b7967059193a293e3bf75aafee66feb
SHA256 087224fefad74dc460d10fade2d4acfc1514a05289ca7259664be3abb270f517
SHA512 fe6de50a85f8d5017170cbc6f83fa3d0af88c8501edb8948bdac6d96b3c34ec9c2b955a52da9a0c6f3c783ae38a034b59947d35df3211acc64bdc7938271dfed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 a848a0148e32de3a0542ce0b165f52c6
SHA1 376a3bce4d6577c389c26f0c27ae40fefb2efe0d
SHA256 8dbf2a648a5dccad9705eb157fa030a41d3c6ee264690fe963d73477fddfde7b
SHA512 48a2e23ce9dca6145da48eedc967beabee2c12d835765d885f324c28abe460cd3b970e946697440f1c49b3d98f4b3d7104892527cb4445f246625164c902c1f1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 51b0bfec259cde30e50c9f8420c7e16d
SHA1 4c6154a67e49b41947893be4743d3bb4b4c5ab76
SHA256 aac03f8fc7445fe92c065a26488bfafa4e15b16278999b4251b846d698783372
SHA512 d313acb2bf5be86c0677d0b13b6c52df05cc9d4ff8ce614e4650742343ef67252b8fa49e74242fdda35fe4ffcb7b06590993d74279a008b383d6710c40adc2a6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f1a157c099439aab1da5542030c13840
SHA1 c0c55cbe4c85606a619c2a16d3e509c3d14d572a
SHA256 bbdf8aa2213ecb0e4ea9890c2212dee81591458979960b7e3d15f3a2b80e2e46
SHA512 4078c3766690b670fa4013526c060ec318629002be9b1fb4e356c418cb013d388aeb8e3cbdba90dbd3da9b1f17bd3dd10f3624c71dc51b7d247fc98dd76c6209

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 e7fe0fda64291b88e8c8c8a1c389ec2a
SHA1 14434399802892514f359dbba396facabc1b24d6
SHA256 df2215fd04bf3807bea80827678a91b52f82ab29ffe08d8235ad0bdce4225863
SHA512 b66fe5237653052b9e7a20c19331bcd46e11fad77abbecefeee3fd0cd31849b0566002280659b9fea075a13d10e4672b2c1e0732ad70f946626fbfc8e05ea9e0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 5aaa7c8cd176b29bd5beb840cb4f281a
SHA1 efad055fc5e6ae62a17a8aa58fb4b217eab50b73
SHA256 8f0ff45185eefd04d6b6497b725a9fa61b92ec80532acb4c8a861c8a7d38fea8
SHA512 cf397646e8a6ae8c0e0f0534c095458436e42142ec27f084af220948e955ce3d385964743d9ef7d132bf9a3d8498b1af171841e0e70ff19bf38598fa1438bf02