Malware Analysis Report

2024-10-23 17:22

Sample ID 240827-ayc13swanm
Target c4158cde4006bdabc91c683587d4377c_JaffaCakes118
SHA256 93c2787a64439fa9ffe4946574ecfd2cc524e280c0c80f9a303234dab2c91d6e
Tags
socgholish discovery downloader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

93c2787a64439fa9ffe4946574ecfd2cc524e280c0c80f9a303234dab2c91d6e

Threat Level: Known bad

The file c4158cde4006bdabc91c683587d4377c_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

socgholish discovery downloader

SocGholish

System Location Discovery: System Language Discovery

Browser Information Discovery

Modifies Internet Explorer settings

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-27 00:36

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-27 00:36

Reported

2024-08-27 00:39

Platform

win7-20240704-en

Max time kernel

135s

Max time network

147s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c4158cde4006bdabc91c683587d4377c_JaffaCakes118.html

Signatures

SocGholish

downloader socgholish

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430880880" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000043174f1aa2314a47aa677ebd5ad1f6c700000000020000000000106600000001000020000000429108ded36b45867ff21a959d9c31d6f98b40de51545355f6caabde2003e016000000000e8000000002000020000000d934f9040dc153723cb3be6282cdfcf69124ccb7dc1584f7abbdbe6e0cd5bcae20000000d38026acd8835c39204207392f2a31baf9ba4cb8d2737e7d7620873e9013438340000000ccd06ea5ae9cf204ea3c7e89faf6f8381cefb7ee0a8584d326a0fe48b22a1523ba2db8200585fb270c79f802f423a815dcc1faebcac8d18b4370a0047251b280 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 3055907e19f8da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7422FD51-640C-11EF-9E2E-D692ACB8436A} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000043174f1aa2314a47aa677ebd5ad1f6c7000000000200000000001066000000010000200000009841156c5a3c98e372c20b71bc0899c7659b9df9b4dba61021e00e8f680a6c14000000000e800000000200002000000057bf6a673f7cda738974939c12f31d97cf479c52741e6cd3c8997a36e5768d93900000003cf6d92eec6ec4e811746ecf88c0e61bb8e1bb64caa253308ec2aa2a35f92a4ae7a27f66cdd8b3d522eaebe6a974b7e2dd8fc51bb942aab8d009e4dccf8049ac4124d2f69941078963fa7b9a0390f3727592fa3c91b2f58dde90babcc30effa7fc7a7143149f7ee40d4dc5fcf5695cdd0a8d735a6a0dcfac0ada438a44598bc5673ad19f7af7985e6f369db15bc87e4e40000000d3e1142fbb7d522651f0583c59c6dbaf896b292b1b9f95abc0e05b63142b37b5d4f3e025be968b9a3417fb85ebfcd35242c4b4ee8a407a992e8ee85eb1b2e16b C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c4158cde4006bdabc91c683587d4377c_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2112 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 b.babylon.com udp
US 8.8.8.8:53 www.cpmfun.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 ads-by.madadsmedia.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 opi.yahoo.com udp
US 8.8.8.8:53 lh4.googleusercontent.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 myblogtalk.com udp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 archive2.tt-total.com udp
US 8.8.8.8:53 sstatic1.histats.com udp
US 8.8.8.8:53 www.21sme.com udp
US 8.8.8.8:53 www.getfreebacklinks.com udp
US 8.8.8.8:53 www.getfreebl.com udp
US 8.8.8.8:53 www.indonesia-blogger.com udp
US 8.8.8.8:53 www.mypagerank.net udp
US 8.8.8.8:53 www.allseotools.net udp
US 8.8.8.8:53 www.overshopping.com udp
US 8.8.8.8:53 www.auto-ping.com udp
US 8.8.8.8:53 www.allnewssite.com udp
US 8.8.8.8:53 lh6.ggpht.com udp
US 8.8.8.8:53 backlink.kaskusbb.com udp
US 8.8.8.8:53 backlink.syukur.net udp
US 8.8.8.8:53 kewlrank.com udp
US 8.8.8.8:53 blog-indonesia.com udp
FR 142.250.179.74:443 ajax.googleapis.com tcp
FR 142.250.179.74:443 ajax.googleapis.com tcp
FR 142.250.178.142:443 apis.google.com tcp
FR 142.250.178.142:443 apis.google.com tcp
FR 142.250.179.97:80 lh6.ggpht.com tcp
FR 142.250.179.97:80 lh6.ggpht.com tcp
FR 142.250.179.97:80 lh6.ggpht.com tcp
FR 142.250.179.97:80 lh6.ggpht.com tcp
FR 142.250.179.97:80 lh6.ggpht.com tcp
FR 142.250.179.97:80 lh6.ggpht.com tcp
FR 142.250.179.97:80 lh6.ggpht.com tcp
FR 142.250.179.97:80 lh6.ggpht.com tcp
CA 149.56.240.127:80 sstatic1.histats.com tcp
FR 142.250.178.129:443 lh4.googleusercontent.com tcp
FR 142.250.178.129:443 lh4.googleusercontent.com tcp
CA 149.56.240.127:80 sstatic1.histats.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
FR 142.250.179.105:443 resources.blogblog.com tcp
US 172.67.128.107:80 www.21sme.com tcp
FR 142.250.179.105:443 resources.blogblog.com tcp
FR 142.250.179.97:80 lh6.ggpht.com tcp
DE 94.130.218.80:80 www.auto-ping.com tcp
US 172.67.128.107:80 www.21sme.com tcp
FR 142.250.179.97:80 lh6.ggpht.com tcp
DE 94.130.218.80:80 www.auto-ping.com tcp
FR 142.250.179.97:80 lh6.ggpht.com tcp
US 15.197.204.56:80 myblogtalk.com tcp
FR 142.250.179.97:80 lh6.ggpht.com tcp
US 15.197.204.56:80 myblogtalk.com tcp
FR 142.250.179.97:80 lh6.ggpht.com tcp
FR 142.250.179.97:80 lh6.ggpht.com tcp
US 207.226.173.130:80 www.allseotools.net tcp
FR 142.250.179.97:80 lh6.ggpht.com tcp
US 207.226.173.130:80 www.allseotools.net tcp
US 3.33.152.147:80 www.indonesia-blogger.com tcp
FR 142.250.179.97:80 lh6.ggpht.com tcp
FR 142.250.179.97:80 lh6.ggpht.com tcp
FR 142.250.179.97:80 lh6.ggpht.com tcp
US 3.33.152.147:80 www.indonesia-blogger.com tcp
FR 142.250.179.97:80 lh6.ggpht.com tcp
FR 142.250.179.97:80 lh6.ggpht.com tcp
FR 142.250.179.97:80 lh6.ggpht.com tcp
FR 142.250.179.97:80 lh6.ggpht.com tcp
US 198.143.128.244:80 b.babylon.com tcp
US 198.143.128.244:80 b.babylon.com tcp
US 172.67.175.216:80 blog-indonesia.com tcp
US 172.67.175.216:80 blog-indonesia.com tcp
US 13.248.169.48:80 www.overshopping.com tcp
US 13.248.169.48:80 www.overshopping.com tcp
DE 46.165.217.27:80 archive2.tt-total.com tcp
DE 46.165.217.27:80 archive2.tt-total.com tcp
US 3.140.13.188:80 www.cpmfun.com tcp
US 3.140.13.188:80 www.cpmfun.com tcp
US 3.140.13.188:80 www.cpmfun.com tcp
US 172.67.175.216:443 blog-indonesia.com tcp
US 199.168.112.46:80 ads-by.madadsmedia.com tcp
US 199.168.112.46:80 ads-by.madadsmedia.com tcp
US 198.57.150.161:80 www.allnewssite.com tcp
US 198.57.150.161:80 www.allnewssite.com tcp
US 103.224.212.216:80 backlink.syukur.net tcp
US 103.224.212.216:80 backlink.syukur.net tcp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 142.250.179.105:443 resources.blogblog.com tcp
FR 142.250.179.105:443 resources.blogblog.com tcp
FR 142.250.179.105:443 resources.blogblog.com tcp
US 104.21.95.245:80 www.getfreebl.com tcp
US 104.21.95.245:80 www.getfreebl.com tcp
US 104.21.12.69:80 www.mypagerank.net tcp
US 104.21.12.69:80 www.mypagerank.net tcp
US 66.115.173.174:80 kewlrank.com tcp
US 66.115.173.174:80 kewlrank.com tcp
US 104.21.65.154:80 www.getfreebacklinks.com tcp
US 104.21.65.154:80 www.getfreebacklinks.com tcp
US 8.8.8.8:53 www.hugedomains.com udp
US 104.26.7.37:443 www.hugedomains.com tcp
US 104.26.7.37:443 www.hugedomains.com tcp
US 104.26.7.37:443 www.hugedomains.com tcp
DE 46.165.217.27:80 archive2.tt-total.com tcp
US 216.38.27.62:80 ads-by.madadsmedia.com tcp
US 103.224.212.216:80 backlink.syukur.net tcp
DE 46.165.217.27:80 archive2.tt-total.com tcp
US 207.226.173.130:80 www.allseotools.net tcp
US 216.38.27.62:80 ads-by.madadsmedia.com tcp
US 103.224.212.216:80 backlink.syukur.net tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 2.18.190.80:80 crl.microsoft.com tcp
US 199.168.112.46:80 ads-by.madadsmedia.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 216.38.27.62:80 ads-by.madadsmedia.com tcp
FR 142.250.179.97:80 lh6.ggpht.com tcp
FR 142.250.179.97:80 lh6.ggpht.com tcp
US 8.8.8.8:53 widgets.amung.us udp
FR 142.250.178.142:443 apis.google.com tcp
FR 142.250.178.142:443 apis.google.com tcp
FR 142.250.179.97:80 lh6.ggpht.com tcp
FR 142.250.179.97:80 lh6.ggpht.com tcp
FR 142.250.179.97:80 lh6.ggpht.com tcp
FR 142.250.179.97:80 lh6.ggpht.com tcp
US 104.22.75.171:80 widgets.amung.us tcp
US 104.22.75.171:80 widgets.amung.us tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 4103c21cede21cf344955d79f5f87220
SHA1 27a810c177f163fbf28668bee674c0e865057b0d
SHA256 d10ee069105b107056114cbd3c1a25feeb99c0cfb59f4e6a9d7105dc943a0f58
SHA512 d890a2aaf627e858959825e9c1c14435a8deeff7d1c2c84670067a4f086a5d4ee1f29e3ab8b72c32ec4234cb13fcb9eb0f4cc91a5af4cceb577d91e4ea9f1fed

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

MD5 e935bc5762068caf3e24a2683b1b8a88
SHA1 82b70eb774c0756837fe8d7acbfeec05ecbf5463
SHA256 a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d
SHA512 bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

C:\Users\Admin\AppData\Local\Temp\CabAB5E.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar9D5A.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 e93477cac1d88090934394fe65cf5e12
SHA1 acd83171b8d6775f98120bb827789296791f6131
SHA256 6fa7db8301e2417e455e5ec657b446152cdc1bef9384345791283d65e8ece0f1
SHA512 9cec57dc2445e0a9c81a18e01332fa034f20a549a24f4061917201ac13dc463d33a670eda7c843716310ff3e7c270403ea442812378e02bf089da4e6b24bbf84

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 62ba4e7b3d663b2ebdbd9f419b877711
SHA1 f7f23d76239528b164ead299e9bffc8694f90694
SHA256 c5c7a37efc5f75077f0b9e8ca92617962ac951920a1b9b1bebb0ec40f1813c74
SHA512 8c2874dc6444309e644fe31b10ab336c86f9dfd15e6b7bf1dc948c92b2235119ebab8d99ff214673853f0f85b18719132df82cf37e3778faf0e2462a01d15a02

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6f134a9fe43224f0e4df33e657c2fa81
SHA1 0c5067ca5dd4e65b21c893c3909c579d96f18526
SHA256 816af953b1a7fef417086c2262b33ea80aeeb98bf58f0723288450e8b6eb4957
SHA512 3e67067e36fd50815ab98e18036cbfbc654a326754f90e3f0126ba37f50512e17dd62fe12c8ff6cc5cf1347800213ee6f997f18a1b797604eba2c53c41aafaf0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 48a74f4ffbcef6dcc0ed92e50c2f00a7
SHA1 eceb88b02b4471eb5bc1b51f2c2751dcb5ce345e
SHA256 d91b4b1efb5a15d7ad89645cb44e9a47eac3cbb73bc40462950ebd09433388e1
SHA512 05b8462d0879b3ab5b0baea630a3c8bacae8260a7081dd305ef960f3e4032ab1e30b0ccfe8d24be9484b4278c75e9daba7fe487769816c67251dddf8b2ee62c5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3033762dc4f8ce222831e8d213bb3d3d
SHA1 d7180f934a96ebc698c6f1dd3f7c473dedb85ad7
SHA256 b908adb0898f85ca408e3dbac782721243cf125460bb3683f2bfa0397c63ce0a
SHA512 9e3ae580aeffd73af228b05ca65f6e59aadcd791e2cb0b5ef5a0494e34726f477d28e6f617fdacc48861e00b9113c91515ba2cc68feb58127e649f3b7c651290

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 efb402aed0d32f7249df36384d68d6be
SHA1 252bc5c71dee49a0e1e6fc10e821dc529b570d17
SHA256 b24fada5ab2a45f36406bd97facdad156d3eae1155e6a9fc6e0d18f548d17829
SHA512 76cc08133ec653066839d3ecbbe49dc33f00873366a84c84d75ae2638e427d0abb68fe234e09eb2f4169e566627358ab6b0eb30f121c94649dff5039c614f504

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 03f4283cc52121425b5a81d5bf0a56f3
SHA1 e56a6deee2514c4444af6d0a18bee7fb1330c438
SHA256 8be56f2b8e61d89ddfe16b89f2b3d5cdbe87267907544b475a588e2006956cdd
SHA512 8f85985cbb5a240036f0778e70da8a597ec5e00d506b556ee064a1e3f10f68e1462d2f35a4adf44c04519d4645b576cae6a4eaa670ce5522942d5d0a9a71ad41

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f57ab8a6a000465b34aa136f0cb9ddce
SHA1 8a428e489b74f3174d6b28f78897e310f2d2ad37
SHA256 d55b1276fe48b4fa915cd93198bfec169ee6fb72358a81fa5b065a7934080a70
SHA512 78207fe2377c36eb479e1ed3dfd6bf3ef71b97a53196c3e300f0340a5354e01e87a40e8add01841de8a5cf52abb3f69c7e131b950f9ad66d0758666eeac4713a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 498d5e4268b87ec10d4692b2cfd86e3f
SHA1 193ce52a7081ef3d6daeaec52b3e3f08dd002a4e
SHA256 4772dc3610d62a06769d80518bac7f6b5d3fe691a6734e3f271cfa6ca55d467b
SHA512 d9d31e595b53089e30ea22b271240f6d3aebc6819f7a8a61a50f556b5511d5ddc15cd26c4e7a5f5c5575abfcafac6aa617a37eca50414f11a47962df7b5a5058

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e28a32be76251ebe9bdcfecbb90e1d4f
SHA1 c1e6e503e132924910fb3dedf1912a27e3c88494
SHA256 760b5a9614e9a50de8dae42a243a39ffb9cf1b9e3eba3b3f553dd3fcfce44c94
SHA512 c7e28e6fcc89e05440cf25dc84e24709b9e19e9a576f3c3dc187c730313fbf61ec1a61203d59080d94845cf6e2a54a2ec9b25a2769acd28598485b37ef857eb6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9bc042af61030f73ecd99729083dd3d9
SHA1 ded8c8a06b8da1274b23a7cd1f1a140db5d2cb82
SHA256 df252b5065a91ccc8b56e4a821b5cdb1e3da486b52d5aa1174494b768e484bfd
SHA512 fbb160765165a0ba252690585d210eb1d51d51ec25f96d2a7a65da1737c1db3c12dd030117ec0887ee07aa9146086e9ae202eea639e0e830bf6ddbcab6a1120e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e78c50bd07c0d2bae65f157c2c1ff882
SHA1 23abb0e82c22d0294bb1de1bf31e3d89b8214c1b
SHA256 2268741f26f947e4944895cb33596fb17de0a816461e411498198f92a7ffbbf2
SHA512 796fef09d0d7fd0eea146ba58c89c5d9b75ad77e3d1b6ae6f960cf64d3f998110a55e1207c0040128f078e917331dd4f40f15c1c683fc24504b7aeea651d55db

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M7H6XY0V\domain_profile[1].htm

MD5 b36877381f4258d137da05b0bd02bfe7
SHA1 ae97e300d79a17c1222faa14f9e35d2f78c5e0f6
SHA256 2d8f96c063e605c888bd0e0872ac9992e21faa140d8d6f5ca10e60636f55846b
SHA512 fead7959c1a7a713c28818dc49f31076114f4b925572f1cfe745636f4f394de796c4c9a4b44af924eb4d94c7cf8abbb55e393bbcb390d6f183db8905b486d6ca

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 83c0b8aba18d3d48438c18a8d41b2f03
SHA1 4f6b1b0c4da4122e9364bb92c5d85086c7413c5e
SHA256 e0a3fbf667e69a998db8020825fb7251f0e841bc854e52a47c3a877c3c28c500
SHA512 6ed7e2c6e92839332a40e4a97866e899ece4c7d54284d8f698284dabfc940fe251facef107b46d5584d306d0cc3997233772a77fd3fde9e8ca5446941e86b0ef

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9561720f5ed13a62c52824c5370dd884
SHA1 1d874d5331d7e6ebd04d2ac983c1a09970a8b3b0
SHA256 e53c7dedfc9d539f7fca9bddb6b2f04c0fe9ae298b57d7fa69a77c6ff891fbbf
SHA512 463626a96fa2b48c433d29b20ff2675664d287f39f36bb4f5b2ee3d88e6d55cd0f54aaf9e8f32a89ec8d6f13ca3afa15f1934d61fb490e3424b3518dd9f4603d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3a6f74481c38be8aa01eafcf138c3d63
SHA1 48193f338a066df098a66fc82caea6901df8b235
SHA256 4dbc96b772a29100b9a7cd85b9a4e9267879fb09ed1e52c6392638c561bb0878
SHA512 1dc91ec2cb0456bffda8e0efdb39f07de5c846285985e873e2c8480857578cde44d4a577486d50a28d5491806cad5d3f370cd2e7cdc869d72ed25c81fd79d1b1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 14910907e246009e91d44aba84b08eb1
SHA1 9b361da6ec1927ca150b42cd0225b14e900c5936
SHA256 efe70c3ba2b865e4eaed663ccceb807a874b9a8cda87be01ce9c715caf4ccb03
SHA512 1c9dd9053e42dc59a46b166893e82a3f6947acd57f425aefcae758ad7938a75b8d685ac141be5f1301c9d9446ff0342f45eec8cbf71fe99c4b7b38a1b63f7f05

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 65cbd5887e00bf78b8cd7758436ab423
SHA1 b39012be02eb58490402016c71c87f1c2a0ee5f0
SHA256 4220eaad098bb1f668c3c6178e1280a0bce7893a6a90b67c878bde6eed064371
SHA512 ae3eec15cc77b823d485a2638c7a5923cddce421f03f22503998c1612e3e3b9a2ae726243bddcd5b8b932b06e63a2205f8a1c01c55e24998e815d25bbbb322bf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 50e28277622dcd85fe8de0906044af5d
SHA1 43a7e3d32a454165b464add34d77324c9f160ef1
SHA256 1e68c40a017bbb6ada1eb6633f41d1feb82847819a94e2c5acb313a171f15361
SHA512 322dbc9a249c3bc7a2f3518117a3557ab6465fbf1e436b6b2c0553d767533cde69ba59b150789e90eb44413e53e822e574aac657e023751bc5e4f432029548b7

Analysis: behavioral2

Detonation Overview

Submitted

2024-08-27 00:36

Reported

2024-08-27 00:39

Platform

win10v2004-20240802-en

Max time kernel

148s

Max time network

151s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c4158cde4006bdabc91c683587d4377c_JaffaCakes118.html

Signatures

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3740 wrote to memory of 440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3740 wrote to memory of 440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3740 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3740 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3740 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3740 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3740 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3740 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3740 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3740 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3740 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3740 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3740 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3740 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3740 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3740 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3740 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3740 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3740 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3740 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3740 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3740 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3740 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3740 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3740 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3740 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3740 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3740 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3740 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3740 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3740 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3740 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3740 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3740 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3740 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3740 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3740 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3740 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3740 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3740 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3740 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3740 wrote to memory of 760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3740 wrote to memory of 4976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3740 wrote to memory of 4976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3740 wrote to memory of 2364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3740 wrote to memory of 2364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3740 wrote to memory of 2364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3740 wrote to memory of 2364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3740 wrote to memory of 2364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3740 wrote to memory of 2364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3740 wrote to memory of 2364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3740 wrote to memory of 2364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3740 wrote to memory of 2364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3740 wrote to memory of 2364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3740 wrote to memory of 2364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3740 wrote to memory of 2364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3740 wrote to memory of 2364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3740 wrote to memory of 2364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3740 wrote to memory of 2364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3740 wrote to memory of 2364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3740 wrote to memory of 2364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3740 wrote to memory of 2364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3740 wrote to memory of 2364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3740 wrote to memory of 2364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c4158cde4006bdabc91c683587d4377c_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff80c1846f8,0x7ff80c184708,0x7ff80c184718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,4247890234104619929,6660817752759514467,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,4247890234104619929,6660817752759514467,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,4247890234104619929,6660817752759514467,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4247890234104619929,6660817752759514467,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4247890234104619929,6660817752759514467,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4247890234104619929,6660817752759514467,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,4247890234104619929,6660817752759514467,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6092 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,4247890234104619929,6660817752759514467,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6092 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4247890234104619929,6660817752759514467,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4247890234104619929,6660817752759514467,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4247890234104619929,6660817752759514467,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4247890234104619929,6660817752759514467,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,4247890234104619929,6660817752759514467,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
FR 142.250.179.105:443 www.blogger.com tcp
FR 142.250.178.142:443 apis.google.com tcp
FR 142.250.179.74:443 ajax.googleapis.com tcp
FR 142.250.179.105:443 www.blogger.com udp
US 8.8.8.8:53 www.cpmfun.com udp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 myblogtalk.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 ads-by.madadsmedia.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
SG 118.139.179.30:80 www.linkwithin.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.105:443 resources.blogblog.com tcp
US 3.33.243.145:80 myblogtalk.com tcp
FR 142.250.178.142:443 apis.google.com udp
US 18.119.154.66:80 www.cpmfun.com tcp
US 18.119.154.66:80 www.cpmfun.com tcp
US 18.119.154.66:80 www.cpmfun.com tcp
US 199.168.112.46:80 ads-by.madadsmedia.com tcp
US 199.168.112.46:80 ads-by.madadsmedia.com tcp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 b.babylon.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 opi.yahoo.com udp
FR 172.217.18.194:445 pagead2.googlesyndication.com tcp
FR 142.250.179.97:80 2.bp.blogspot.com tcp
FR 142.250.179.97:80 2.bp.blogspot.com tcp
FR 142.250.179.97:80 2.bp.blogspot.com tcp
FR 142.250.179.97:80 2.bp.blogspot.com tcp
FR 142.250.179.97:80 2.bp.blogspot.com tcp
FR 142.250.179.97:80 2.bp.blogspot.com tcp
US 8.8.8.8:53 lh4.googleusercontent.com udp
NL 198.20.96.92:80 b.babylon.com tcp
US 18.119.154.66:80 www.cpmfun.com tcp
US 199.168.112.46:80 ads-by.madadsmedia.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
FR 142.250.179.105:443 resources.blogblog.com tcp
FR 142.250.179.97:80 2.bp.blogspot.com tcp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 44.242.123.52.in-addr.arpa udp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 105.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 142.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 74.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 145.243.33.3.in-addr.arpa udp
US 8.8.8.8:53 97.179.250.142.in-addr.arpa udp
FR 142.250.178.129:443 lh4.googleusercontent.com tcp
FR 142.250.179.97:80 2.bp.blogspot.com tcp
US 8.8.8.8:53 www.hugedomains.com udp
US 104.26.6.37:443 www.hugedomains.com tcp
FR 142.250.179.97:80 2.bp.blogspot.com tcp
FR 142.250.179.97:80 2.bp.blogspot.com tcp
FR 142.250.179.97:80 2.bp.blogspot.com tcp
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 8.8.8.8:53 66.154.119.18.in-addr.arpa udp
US 8.8.8.8:53 92.96.20.198.in-addr.arpa udp
US 8.8.8.8:53 129.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 30.179.139.118.in-addr.arpa udp
US 8.8.8.8:53 37.6.26.104.in-addr.arpa udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
FR 172.217.20.194:139 pagead2.googlesyndication.com tcp
FR 142.250.179.97:80 2.bp.blogspot.com tcp
FR 142.250.179.97:80 2.bp.blogspot.com tcp
FR 142.250.179.97:80 2.bp.blogspot.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 archive2.tt-total.com udp
US 8.8.8.8:53 sstatic1.histats.com udp
US 8.8.8.8:53 www.21sme.com udp
CA 149.56.240.130:80 sstatic1.histats.com tcp
US 172.67.128.107:80 www.21sme.com tcp
US 8.8.8.8:53 www.getfreebacklinks.com udp
US 8.8.8.8:53 www.getfreebl.com udp
US 172.67.149.192:80 www.getfreebl.com tcp
US 172.67.146.176:80 www.getfreebacklinks.com tcp
US 8.8.8.8:53 www.indonesia-blogger.com udp
DE 46.165.217.27:80 archive2.tt-total.com tcp
US 8.8.8.8:53 www.mypagerank.net udp
US 15.197.142.173:80 www.indonesia-blogger.com tcp
DE 46.165.217.27:80 archive2.tt-total.com tcp
US 8.8.8.8:53 www.allseotools.net udp
US 8.8.8.8:53 www.auto-ping.com udp
US 104.21.12.69:80 www.mypagerank.net tcp
US 8.8.8.8:53 www.overshopping.com udp
DE 94.130.218.80:80 www.auto-ping.com tcp
US 207.226.173.130:80 www.allseotools.net tcp
US 8.8.8.8:53 www.allnewssite.com udp
US 8.8.8.8:53 lh6.ggpht.com udp
US 13.248.169.48:80 www.overshopping.com tcp
US 8.8.8.8:53 backlink.kaskusbb.com udp
US 8.8.8.8:53 backlink.syukur.net udp
US 8.8.8.8:53 kewlrank.com udp
FR 142.250.179.97:80 lh6.ggpht.com tcp
US 8.8.8.8:53 blog-indonesia.com udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 107.128.67.172.in-addr.arpa udp
US 8.8.8.8:53 192.149.67.172.in-addr.arpa udp
US 8.8.8.8:53 176.146.67.172.in-addr.arpa udp
US 8.8.8.8:53 130.240.56.149.in-addr.arpa udp
US 8.8.8.8:53 173.142.197.15.in-addr.arpa udp
US 8.8.8.8:53 69.12.21.104.in-addr.arpa udp
US 8.8.8.8:53 80.218.130.94.in-addr.arpa udp
US 172.67.175.216:80 blog-indonesia.com tcp
US 207.226.173.130:80 www.allseotools.net tcp
US 198.57.150.161:80 www.allnewssite.com tcp
US 66.115.173.174:80 kewlrank.com tcp
US 103.224.212.216:80 backlink.syukur.net tcp
US 198.57.150.161:80 www.allnewssite.com tcp
US 172.67.175.216:443 blog-indonesia.com tcp
US 103.224.212.216:80 backlink.syukur.net tcp
US 66.115.173.174:80 kewlrank.com tcp
US 8.8.8.8:53 216.175.67.172.in-addr.arpa udp
US 8.8.8.8:53 48.169.248.13.in-addr.arpa udp
US 8.8.8.8:53 174.173.115.66.in-addr.arpa udp
US 8.8.8.8:53 161.150.57.198.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 216.38.27.62:80 ads-by.madadsmedia.com tcp
US 216.38.27.62:80 ads-by.madadsmedia.com tcp
US 216.38.27.62:80 ads-by.madadsmedia.com tcp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 widgets.amung.us udp
FR 142.250.179.105:443 resources.blogblog.com udp
US 172.67.8.141:80 widgets.amung.us tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 t.dtscout.com udp
US 8.8.8.8:53 whos.amung.us udp
US 141.101.120.10:443 t.dtscout.com tcp
US 104.22.74.171:445 whos.amung.us tcp
US 8.8.8.8:53 141.8.67.172.in-addr.arpa udp
US 8.8.8.8:53 10.120.101.141.in-addr.arpa udp
US 104.22.75.171:445 whos.amung.us tcp
US 172.67.8.141:445 whos.amung.us tcp
IE 74.125.193.84:443 accounts.google.com tcp
FR 142.250.178.142:443 apis.google.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
FR 142.250.178.129:443 lh3.googleusercontent.com udp
US 8.8.8.8:53 84.193.125.74.in-addr.arpa udp
US 8.8.8.8:53 whos.amung.us udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 73.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 catatanmathin.blogspot.com udp
FR 142.250.75.225:80 catatanmathin.blogspot.com tcp
US 8.8.8.8:53 225.75.250.142.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 2dc1a9f2f3f8c3cfe51bb29b078166c5
SHA1 eaf3c3dad3c8dc6f18dc3e055b415da78b704402
SHA256 dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa
SHA512 682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e4f80e7950cbd3bb11257d2000cb885e
SHA1 10ac643904d539042d8f7aa4a312b13ec2106035
SHA256 1184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124
SHA512 2b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4610c358f49e4f8a6815f81ad730dfd6
SHA1 9ae8507beb971509a07eddb0489322e61a8e96cf
SHA256 4a498693bb3dfb4cd248a2c3b4371665e9ce662f8acbda8d1b90037b824b4e82
SHA512 9409138195eb4458c2b2dc99b69da383b53fb1aa3a2058182300c298981f2044790c503860058f73bdfdc8b691a4efcdc66ec48b4a33a360eb2c3ffbd6d1867b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 4e0d0cd0f8350964aa6514a710bd062f
SHA1 631b34aad1a4993dde2a73c13ec0d886fbb3ad65
SHA256 7b4f85043845466173e3a8696fbcc189f748388f085720a3c3ef7c4e173b3b7f
SHA512 915ff16e027728f246a61b010f74ffa92b9e0634aa92d1fe9cc385c345ce2877631da7d0808cb7d675e1e809aa6a033ba77dda6c7a65b88c306ea109cadc4c53

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 40bfcf20f2f402935eeac60bd6164714
SHA1 e152f3d362a609f85ba896fd4319e5a2792d4a6f
SHA256 a5f0665e42791d2c5a05705fc8eeba6771fe5847a7b1e1dbcf8fab447682abd0
SHA512 7fb2a1c2adb68e1e9a437530edb2e8eab7c660f1654e22ae1ac27f14f8d755e41c25ff48b99cfb228ea2118e828a50b903f11d8b396ff6012e18a96f6160a9ab

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 1c4bb32981384b99c69925447124d201
SHA1 1f088f3fc31d1c2ec9cd8b92dbc604d1e98efcd8
SHA256 a2f82cb5a3beeae506815558e22b0689cb01bb4060e101dfe977f871e554de4a
SHA512 485b772eb853e57a7a550fd5db6296a7ed31270f9363969de5a158baca0ea77ec36b09b7f5de9dbce9166c952c0d2a5c18d864a2dfb4fd5a7ff8df26246f2541

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

MD5 33a83c16527e4531fbfca2631f653674
SHA1 87a63514c262ba4bffc52d2ceebb3ca14353507a
SHA256 1156bb50a264543f6a9dc8922dd2c65d444c8bb11b3b18be95d5adff840b33b4
SHA512 f1dba28d0f81aa0894436ae7b4ba76a2e635f002f666d17d31b8b21500dc2321d7862ca8dcfd22e44aab4d1f33112c076dc95191c889546a40f9c6197cccbda3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 fa89854a13c4d98a006eab8bebdbf071
SHA1 da5234cce5fd9702e0e198625439777591fb534f
SHA256 46a1f1d0b7c3d8b9adf7aef4376b092d55dc38254673849168a0b3ba42635876
SHA512 3e22959f413aeab0134a577f7f1b38f4ee54e5d3728bad42dae70b0268ddc967a90f332a35646d2b98dde3beefca89e49f6103b8b06fd1f6398439ccc7b7218b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 311c52a64de53165bdf045ff9a8bfc9a
SHA1 b5e08e1700129499c0ff28c8ceef2b42129e1694
SHA256 97baadcbf51ef3b1b894f4f2a358a66b8492b1d9791881366f3ab1312386a5b0
SHA512 26bde7ed59e4129848747474825b6e97529d2abcd6f51a69464eb58261be644f1795125ef93e0228358929b1876ac2e7cb8bd77d4f736e8d525a867932593c6e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e5a1d54ee483f9577c5034097ce70a2b
SHA1 d2048b470eef3d788b21d1f09484210c83dce368
SHA256 68f0a8c69843fb00550cfa3315f68134a18a9ce390c45ab806c987e036410d0f
SHA512 36e68c3c2d4012f5fd9a3e985dec617aef09368a2d6726e80b92517b0df6b662b7ea89f258030b2c9fb38f769c4e110297efbf58f8c8cd86681326d81b69eb90

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 a073c8c2f1d0a21247335ace8c73b679
SHA1 6748697d285fc6421c6edc95b7661e1ce7bfe227
SHA256 c9c43cb13084f3914d1f566c7732eb7f9221adb1dc29953bb6910ded83ca5425
SHA512 c9d3619eae427562ac35d96377cd9fe3f547f80b791afea4a01e41e0aacb132ce474e7f528341dc27bc5c6f25370c5ba03a2a1ef49bc00a92a509bac7b9433ef

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 03bee3b96aa97658a428f9db8039aa71
SHA1 accae064594f4aa22f38111ce1787fcc2beec6ff
SHA256 cfadc09c3ecb7d22bbe06a11f76f2a4752d815959c78e96a89413d0d1a34933e
SHA512 73519b6689f253bf3d884705a4e4d2d2acf9f08dc9dae72460f69e67417d350e979fbba24854b6a01ff9e1203b389fec9ccb98cefdd23e9c48c12abb42a2ed92