Malware Analysis Report

2024-12-06 03:24

Sample ID 241022-fsmk8a1dmn
Target 690a8745a7748e8186559ade9eafbd47_JaffaCakes118
SHA256 afb298a7a9e4050f41b7817ed3018d6fa112fbfa1edd1930d2033dbd9eec172e
Tags
socgholish discovery downloader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

afb298a7a9e4050f41b7817ed3018d6fa112fbfa1edd1930d2033dbd9eec172e

Threat Level: Known bad

The file 690a8745a7748e8186559ade9eafbd47_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

socgholish discovery downloader

SocGholish

Browser Information Discovery

System Location Discovery: System Language Discovery

Suspicious use of WriteProcessMemory

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-22 05:08

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-22 05:08

Reported

2024-10-22 05:10

Platform

win7-20240903-en

Max time kernel

142s

Max time network

143s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\690a8745a7748e8186559ade9eafbd47_JaffaCakes118.html

Signatures

SocGholish

downloader socgholish

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "435735562" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d793ad506ece624c80bd99362738d907000000000200000000001066000000010000200000000f408feb857c9089489efd3d4ee01b71822ab33e7f6b48c7cf4cbf8b4079e5fe000000000e80000000020000200000001a1db9787ec648818495c6a04906418973228f89ac01766eddd9e4f5534cbe0c900000005dc621c6072514d3d315cd6d6b8d18fb8585146e236b674ea36fcb77f480f84e26c7474e64a18b1f96048a6a1c4905b002dd2b0a1a15b7c3cc63392b9a60593a34ceff117814220c20ff7958577f8d17b356a0550be352ee41b601030394762abb97cc0820ac34f3632f9ad2391f70765f349240d7bc7cad3932131c997b1873d5687cbfb0d0edb10e29a1e75ab4096140000000580cd8e268758f8670cd3b8d90d76e065098fa50019c07ea07e977596fbe5c86857d29c3df7d87a6a8ed0b0bc066f9f1cce662c017024abe5c6bf4cb297ad2af C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 6038bc914024db01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d793ad506ece624c80bd99362738d90700000000020000000000106600000001000020000000bba81bac7e587686ed7bde70780387673a09026e9bac868815f319e20ecff713000000000e8000000002000020000000f2e8ff877b17010d51be467e3c171bd4cf3d065e80a726950e6a0d2ead27c7592000000083fc450150ede051228aea5c99e26289e9c6edcc2308b40b94f0ea4d708d4d6140000000762cd5b843ad1b608ff41e445d4460ec66579a6f16474c0a53df8a2f6adcacc0f0c7babe8abfe41ba5faf749d54f373473d629579ab99225e3cc9c6f0a667fef C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A425FEA1-9033-11EF-8F2E-E67A421F41DB} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\690a8745a7748e8186559ade9eafbd47_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2144 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 watchsoccernow.com udp
US 8.8.8.8:53 www.feedage.com udp
US 8.8.8.8:53 s7.addthis.com udp
US 8.8.8.8:53 www.sitebro.net udp
US 8.8.8.8:53 www.topblogarea.com udp
US 8.8.8.8:53 www.centralblogs.com.br udp
US 8.8.8.8:53 www.mynewblog.com udp
US 8.8.8.8:53 www.blogrankers.com udp
US 8.8.8.8:53 www.topblogging.com udp
US 8.8.8.8:53 www.blogrankings.com udp
US 8.8.8.8:53 www.zimbio.com udp
US 8.8.8.8:53 www.wikio.co.uk udp
US 8.8.8.8:53 www.ontoplist.com udp
US 8.8.8.8:53 feedjit.com udp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 widgets.amung.us udp
US 8.8.8.8:53 www.bloggapedia.com udp
US 8.8.8.8:53 www.blogtopsites.com udp
US 8.8.8.8:53 www.loadedweb.com udp
US 8.8.8.8:53 stats.topofblogs.com udp
US 8.8.8.8:53 i155.photobucket.com udp
US 8.8.8.8:53 i.urlfan.com udp
US 8.8.8.8:53 image.sitebro.com udp
US 8.8.8.8:53 www.allsportsites.com udp
GB 23.44.66.45:80 s7.addthis.com tcp
US 34.227.33.210:80 www.blogtopsites.com tcp
US 34.227.33.210:80 www.blogtopsites.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
GB 172.217.16.226:80 pagead2.googlesyndication.com tcp
US 104.21.56.47:80 www.mynewblog.com tcp
US 172.67.210.120:80 www.topblogging.com tcp
GB 213.175.196.2:80 www.wikio.co.uk tcp
US 209.90.91.147:80 www.blogrankers.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 209.90.91.147:80 www.blogrankers.com tcp
GB 172.217.16.226:80 pagead2.googlesyndication.com tcp
US 172.67.210.120:80 www.topblogging.com tcp
GB 23.44.66.45:80 s7.addthis.com tcp
US 104.21.56.47:80 www.mynewblog.com tcp
US 104.22.74.171:80 widgets.amung.us tcp
GB 213.175.196.2:80 www.wikio.co.uk tcp
US 104.22.74.171:80 widgets.amung.us tcp
US 104.21.40.170:80 www.bloggapedia.com tcp
US 104.21.40.170:80 www.bloggapedia.com tcp
US 172.67.128.15:80 image.sitebro.com tcp
US 172.67.128.15:80 image.sitebro.com tcp
US 172.67.185.168:80 www.loadedweb.com tcp
US 172.67.185.168:80 www.loadedweb.com tcp
GB 3.162.20.23:80 i155.photobucket.com tcp
GB 3.162.20.23:80 i155.photobucket.com tcp
US 76.223.54.146:80 www.allsportsites.com tcp
US 76.223.54.146:80 www.allsportsites.com tcp
US 52.6.88.216:80 www.feedage.com tcp
US 52.6.88.216:80 www.feedage.com tcp
US 8.12.18.87:80 www.ontoplist.com tcp
US 8.12.18.87:80 www.ontoplist.com tcp
DE 159.69.83.207:80 stats.topofblogs.com tcp
DE 159.69.83.207:80 stats.topofblogs.com tcp
US 199.59.243.227:80 www.sitebro.net tcp
US 199.59.243.227:80 www.sitebro.net tcp
GB 3.162.20.23:443 i155.photobucket.com tcp
US 104.21.56.47:443 www.mynewblog.com tcp
US 172.67.185.168:443 www.loadedweb.com tcp
US 8.8.8.8:53 bloggapedia.com udp
US 172.67.155.21:443 bloggapedia.com tcp
US 172.67.155.21:443 bloggapedia.com tcp
US 8.12.18.87:443 www.ontoplist.com tcp
GB 213.175.196.2:443 www.wikio.co.uk tcp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 192.0.78.208:80 www.centralblogs.com.br tcp
US 192.0.78.208:80 www.centralblogs.com.br tcp
US 8.8.8.8:53 centralblogs.com.br udp
US 8.8.8.8:53 r10.o.lencr.org udp
US 8.8.8.8:53 o.pki.goog udp
GB 2.23.210.75:80 r10.o.lencr.org tcp
GB 142.250.178.3:80 o.pki.goog tcp
US 192.0.78.169:443 centralblogs.com.br tcp
US 192.0.78.169:443 centralblogs.com.br tcp
US 8.8.8.8:53 www.zimbio.com udp
US 8.8.8.8:53 www.blogrankings.com udp
US 8.8.8.8:53 gelgit.tk udp
US 209.90.91.147:80 www.blogrankers.com tcp
US 52.6.88.216:80 www.feedage.com tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 2.19.117.22:80 crl.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8B2B9A00839EED1DFDCCC3BFC2F5DF12

MD5 56cae7676e19e05235309bd905e3f17d
SHA1 6f1a276b4192103df3b00a4ab674fd67c6cf6b54
SHA256 04c1101b8e1c570e697c3abc37629f7f044511a295f96fa2e977b145d93016f2
SHA512 f6f0099d167c7e71834a5c5a4ab36d2cf8ac88c7d97c4e973950c13f83babd713848beb812ec7ebc8a9be7b40bdf98d58a95e17315f177e98ad74246ce67c780

C:\Users\Admin\AppData\Local\Temp\Cab1DB0.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B46811C17859FFB409CF0E904A4AA8F8

MD5 4350e783613a604dc648117848af904b
SHA1 a2fd62e371074eeffa991f4ad68ef947c8878fb5
SHA256 4867b0537b4c75237706a0842db167a729c8605c936091cdbab8abf55c58aa80
SHA512 6c003156dc763a7c19e839736ce67c33db0bb4eec64561b82f6c2ee3a456069e18baa57f38ee6804c561d52a24a7101bdff10975007bd8e78e8dee344f889631

C:\Users\Admin\AppData\Local\Temp\Tar1F1A.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dbf8c303f50257257758957ef3987239
SHA1 800ef9a3be8ff97893569493cbf0c340ce828f05
SHA256 d930cf93fe8d832343ed22d25364d2b648278f37bf017b31d4fef62ccfc71f2f
SHA512 be31986d23c5d15a66ade9568a490cbbf22920d59124c80ba0d1c5f377f615566bce5bc1c97fcf18fd4b1ba52e0b63940866c3df53b64c971dfa089614e56a59

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

MD5 2fcb4006b6f811f7359974156aa7c58d
SHA1 30dfc4101fc38b580478955a16fc58f908727020
SHA256 b13703dfc1f56613ff953ad40c4dff0bc94b281473f897bfd43a566ae8fe61e3
SHA512 02fed35e46a30d60d2a566531e8b614da95006ba14be504f40cfc47bc4c8c051bd23dc8d700d4796d27675bd5a6234dfc9d438bf5c76f9209ab40f5dda2aea79

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

MD5 55540a230bdab55187a841cfe1aa1545
SHA1 363e4734f757bdeb89868efe94907774a327695e
SHA256 d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512 c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 096d54ad8c9fa6ce15c95a5d05cc7fa1
SHA1 1ef0b3ceab5fa11e0ed0ae5fc36977e86190eba5
SHA256 2a7f3ca1a0508adb3d9e40baba063c570acec51c76b51a103b110936cd4998e6
SHA512 d52a8f503e5343af1c86a9d10ff6bac6a6aacd83a225f0200e62dbd7034afbc75283cd6a044ba8f88c3e0e25c63a858bca0838a68758eeb45df2537122535772

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8d50de56e593144c915f3b442215ba07
SHA1 5dac3661eb2ab8c0ae86a4c497ca6ee9af86fb2c
SHA256 6318c34ea8641066c208fd1e245968d3db2183c983111fad8f9f07c3d00161d5
SHA512 77c15325bb3670c9e16a032373b733d47f1d4eb4a18bfcaab938335dfed4fef32695c7036a2eb9b7d2bf381c84f1618579ef2d4b5c58f8d2446043dae33afe3c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 b1a4c5e859e17d02b4eba1dd7347b0b1
SHA1 6702099f7c522d40e45f809e06c1b68c464bc16f
SHA256 08565feaeae1492ad8907690a3b37739b7b3653dd966103742e935827e667138
SHA512 dc03d353d94b95f0004e5a3ab4f50549546dbeb42791515307b5b40ca1cc5e6a0e453e57341a9bcda5c0627b45516423bad8617d63d3a02f5205dd82679caebb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b7ca0a9f55859a7dbcd686c92d401196
SHA1 8809ad8916ec159d6572e3f867ff24a1c0504eff
SHA256 f98e07dcf0e30573b766138e8e7980ded3afe2e85ec8afd7a8439987a6214a49
SHA512 1bf8dbe389002f03b53cd3f19b3ae3541a7a58cdfec7b2dec030d4ee09173866adbab02dcafdeb3dfdb2a5c50154dbe3d8aaa148a27deeadf640d62f7fb198a5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7f3ef5d81f3c5ea3ef59de367e529c4c
SHA1 4550bf9a64d987c07e2853b57d772223af9cc027
SHA256 4ecd2ce92f665df5aaee6a3d5af7b885ff1fed7a34ab231fb9cfa6164368f7bc
SHA512 8b67b7d533cd4772884105828aa3bce8647468e1485e8d06d566064d2a1427832af6a7a9136e2b60373c6dcdf68526b3f1be9101c001e9bd75db5082af39c4ad

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 930a65f4f1c67e1cf8083f28ec76328f
SHA1 4c5ecfb3173eb10bfc123a527e1e2d45df020cea
SHA256 0f26ff34ad0c2271a370367bf2c778788f22e63a60d3acc2de887bd79c642478
SHA512 988c8e31dada410a33775eb9c3e05f4238dbc3a6a9df6ce04a4029f0dcb969715e5f4f17be06159f67aeff463f671128055079ec81ba038b56e464f9f15bca62

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 9e0468795a61acb466fbfb1acc039b2d
SHA1 252f5edd8b7d1b3447d709bcbad827a62af94fbb
SHA256 8aaca5abb1faca4b67097a9d03525c89eecea111f05efecc40d7668b9f10fd9b
SHA512 89b82eed23e7cb84e4878388140cc23f418eafa867bd3bec08d1bff00cf440677e6d9144ebd1381d6693fb5bc1f10b7006face2d6922b5a22c26c85308f62234

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9d9bdcb557853df53821023a6129e3f4
SHA1 2b854be8125db3eb32c3dd7ad10c94cf84f0caa1
SHA256 6fa30dd282317a4f1854604311bc808e31e4e9f5cb269b9e4f278471155e6294
SHA512 6afdb6349d32ed9260a250f7cd1da3ec1cf1b62389fd2cf49f18fc99673a0135a0fb6f36bf406c4ed13e5acf59fcd43e04385d5b261b7aee04086736d14672a8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d039639c77008f42c7f7ff82e24260be
SHA1 a5bd363d6fa2567563bd1f93ff950801ca4f2a50
SHA256 38f4bac01b7c5402f99282f7501e588b8bc33585f61546e99477732359f59372
SHA512 65fb9467ad71d08a103ab287f511fa388ad91aa1289333c429b2640f1e9ea8e33b4e7d382ccdc6c0f6260ccccbdf19b345bf549b9bb0148662a1bb5a217c0d0f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 da738c11a268395705a4d073ee157449
SHA1 2c793c557ebb29334b3707aff17e6df9f0e314ce
SHA256 045aa17bf8d2bd84cd5919779965e42791c74f6c7248cfa67d41c7a3bcd69c02
SHA512 8af209546f58c1a00d9caff37edeb6a38e6a2ba82f99b1be9e71874361543a41e4fee8afb84ced8522f54aed26f2cacc002825f9d5a8d069c9a2414530a2a514

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2e12da2d985e1c10bc5ba27fa1222bd1
SHA1 196a252b6e90eb8ea9862f6e17c0b396e0a3d2f4
SHA256 39e6685b738c605531a83eb691e9cd89e253c1f538257b0027d3d10d92882d10
SHA512 7a25076c85e46f2e35f403dced4efcc51bb9c464999aca8e8857233d7b615dece1d484f79182eab756d906a01c06f48b8de7baca415366f947611420a08b8b73

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 02ddfa5e0a286f81a7ea6d14174fd715
SHA1 9a90c1897e5db0593c08ee52b71416ac953a31f8
SHA256 6f368e755ff18f17cad6ccefc92fc7255ec33a7f5cf9a66f79a0cfa3d5c090ef
SHA512 e446164e35767c845dbc30cf5400f954241e9e8959b1a324ee5766300213cfba5efa45bcba56c5e554d1982e94dfa764d529cce5d15dcaff669b706c469cb851

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a8aac3605eee6f9e2585992bc743c768
SHA1 e66e02b731faf85f9077947f109e3056c4d437d2
SHA256 e217970fc0095c7d643965bd5e4cc3f831f5ff948d4717ffced90ab91142cc69
SHA512 d4354330de40b3b4907f82a2c8d4fec69eed58f9056d941ddade7301fcf7c9eba4b20057220bebca6bbec53411e8900269866ee6b8ebac25a54c0b65f65a9d59

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 26510d43e1c92e3f5ffece6deab59d89
SHA1 088b0b3775d7dc17889b723ccf3b94179e335b3b
SHA256 1a851897fc2a5a4a05af8789d6355cbc4d7fb269ec21409d6953a910b5b127e0
SHA512 9a181077ff31750af0a1587343a564da4f37347d13a173e95d93416ae57c47935be798435e0b6adbc2218558de5eb8838c8c0b015023a6fa6468d7aef7bdae3b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3de9602d51ba47dbd0b2bc915fcf4745
SHA1 fab0453fc11c1a888aea36a8463a9c6f42bcf405
SHA256 86bd86ae2265755f7174f4c610409b46aaabdadaa6480d13c5852dc8bb39864d
SHA512 a666e2ed20a69a5d54c657a831ae356575619f65a4864d4b6f8a3732d6eef150e8c944a05478969bc39642a46314e87f43808c14a15aafa517825e63a5a71e6d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 efa9271294c2606cf5e99f9886d58775
SHA1 d0d5dd0d7ba4673c0a40990455e3edc414b61e68
SHA256 1f62ba3ac94d7122957a6a79f3e6264ff1bc6fca5cbd2c2c0a10ba33f37d8382
SHA512 5f248a3443f06ce582e536e0e20bfb7b443cba7f75b027092c166497b7ad2ce3b8e44cd4b94cedcd424cc83d2faec57c420404599d69030064e51478f4893b0c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9d22ef87c9708f23b07163fa89d4d0cc
SHA1 bed8efc3e5c2a3514139f067cfe675a0293e0488
SHA256 39296cb92f081da4922a8420fddc9c497ab5b07de0de012a3be1927b2b4e7855
SHA512 5d1c8ff6b4d713425668fa922518e49e54fe5976ef8f921f151e5e296d5418933ee4261a7896f7fc33ce47428bebe0de3a96981cb1d696a6243ebab413ec740a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 424c5c76b5f7c5a03fc9d2e58e76413f
SHA1 b1efc8e1b819b90faf66f0f51219fbc9a9711d28
SHA256 54269050cf707ce659aa8177748b0b8ed3c62f4c76cb47971ea876eb88a37286
SHA512 f717d743ba9291479892ab46c1eababd9e7f7b54f0e974ce67fd238abbbd88fa9cebe2620204f889d509c90c6ca15a2f13aee3760b9cfd9e018b616d331a8562

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 aa4a3fe8894b6f5e0a076c6730c5ae6e
SHA1 9f3ac4ec752e50295cd206d6a3b951c6e005cd98
SHA256 980768f459798734f23deeb80a4c4ee43fe79f49479856c8bfa8ee82b32ea748
SHA512 408c0b9cd6572f755b8635cddee9eacdfeef3d1a39ba0c07740a02e4373b184f9d0834b5d79bc0f14087d70ed317dd461814fe48af1b9f73337a039a958aa4f7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 84d5602f1ed8c98fe5f9080ae35f8ad8
SHA1 fd264f5d6f2879da45e863b1fe2988b1caec7a74
SHA256 8853127df1ebfc73ee08d48b9b7e81e76bc2cc02a6aa3e3a1f0f27bff28552e0
SHA512 395fc426d19b93b4c5e669c63ddb6a978669aee5171bdd63b046d3ef08969532117e86e74304a0eb01d6a444c8e27521241d1fb7216073f9d7183cce3cdeca25

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1c6675af01bdc64c90ad8863a7d2304c
SHA1 326e47bc73372601ee559a86683d532d0b60f17f
SHA256 6171f246a7aa8e16169e3368695838c35a9843d8c85b981d174ce39a0d10cab7
SHA512 812ca298e4c689c7e72263ddeb40ca72667b324f6f5485314a8f8299d8bf69f22f4f0486dc127a868f4e8623bab617d8597e397477735402e13477eaed15bcd7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 64f1e496c8ea70f78eeb104f3086000f
SHA1 d2ebb16996075eb3254ec93d6ece35cc419a7edf
SHA256 846c05ae62a6c30de60f181f06ad6db14d1b7590c0f6fe470b82f7b6e9473983
SHA512 899df657a313baa26577ef3aa1888dbad1ee71b7a5f8b49dfd0f69408317fa6de43efebe401daf291f3e17e1de4306dea01fdc8742795b247be0543c8f4038bf

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-22 05:08

Reported

2024-10-22 05:10

Platform

win10v2004-20241007-en

Max time kernel

146s

Max time network

140s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\690a8745a7748e8186559ade9eafbd47_JaffaCakes118.html

Signatures

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1556 wrote to memory of 776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1556 wrote to memory of 776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1556 wrote to memory of 2988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1556 wrote to memory of 2988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1556 wrote to memory of 2988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1556 wrote to memory of 2988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1556 wrote to memory of 2988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1556 wrote to memory of 2988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1556 wrote to memory of 2988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1556 wrote to memory of 2988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1556 wrote to memory of 2988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1556 wrote to memory of 2988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1556 wrote to memory of 2988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1556 wrote to memory of 2988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1556 wrote to memory of 2988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1556 wrote to memory of 2988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1556 wrote to memory of 2988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1556 wrote to memory of 2988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1556 wrote to memory of 2988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1556 wrote to memory of 2988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1556 wrote to memory of 2988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1556 wrote to memory of 2988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1556 wrote to memory of 2988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1556 wrote to memory of 2988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1556 wrote to memory of 2988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1556 wrote to memory of 2988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1556 wrote to memory of 2988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1556 wrote to memory of 2988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1556 wrote to memory of 2988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1556 wrote to memory of 2988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1556 wrote to memory of 2988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1556 wrote to memory of 2988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1556 wrote to memory of 2988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1556 wrote to memory of 2988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1556 wrote to memory of 2988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1556 wrote to memory of 2988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1556 wrote to memory of 2988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1556 wrote to memory of 2988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1556 wrote to memory of 2988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1556 wrote to memory of 2988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1556 wrote to memory of 2988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1556 wrote to memory of 2988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1556 wrote to memory of 3436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1556 wrote to memory of 3436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1556 wrote to memory of 1676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1556 wrote to memory of 1676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1556 wrote to memory of 1676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1556 wrote to memory of 1676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1556 wrote to memory of 1676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1556 wrote to memory of 1676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1556 wrote to memory of 1676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1556 wrote to memory of 1676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1556 wrote to memory of 1676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1556 wrote to memory of 1676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1556 wrote to memory of 1676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1556 wrote to memory of 1676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1556 wrote to memory of 1676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1556 wrote to memory of 1676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1556 wrote to memory of 1676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1556 wrote to memory of 1676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1556 wrote to memory of 1676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1556 wrote to memory of 1676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1556 wrote to memory of 1676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1556 wrote to memory of 1676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\690a8745a7748e8186559ade9eafbd47_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffce3ba46f8,0x7ffce3ba4708,0x7ffce3ba4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,3733746044919907843,2020822540832188847,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,3733746044919907843,2020822540832188847,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,3733746044919907843,2020822540832188847,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2592 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3733746044919907843,2020822540832188847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3733746044919907843,2020822540832188847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3733746044919907843,2020822540832188847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3852 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3733746044919907843,2020822540832188847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,3733746044919907843,2020822540832188847,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6540 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,3733746044919907843,2020822540832188847,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6540 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3733746044919907843,2020822540832188847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3733746044919907843,2020822540832188847,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3733746044919907843,2020822540832188847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1824 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3733746044919907843,2020822540832188847,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4148 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,3733746044919907843,2020822540832188847,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4928 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 watchsoccernow.com udp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 s7.addthis.com udp
US 8.8.8.8:53 widgets.amung.us udp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
GB 142.250.187.226:80 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 feedjit.com udp
US 8.8.8.8:53 www.sitebro.net udp
US 8.8.8.8:53 i.urlfan.com udp
US 8.8.8.8:53 www.wikio.co.uk udp
US 8.8.8.8:53 www.zimbio.com udp
US 8.8.8.8:53 www.blogrankings.com udp
US 8.8.8.8:53 www.topblogarea.com udp
US 172.67.8.141:80 widgets.amung.us tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
GB 213.175.196.2:80 www.wikio.co.uk tcp
GB 23.44.66.45:80 s7.addthis.com tcp
US 8.8.8.8:53 www.topblogging.com udp
US 8.8.8.8:53 www.blogrankers.com udp
US 8.8.8.8:53 www.loadedweb.com udp
US 8.8.8.8:53 www.ontoplist.com udp
US 172.67.210.120:80 www.topblogging.com tcp
US 209.90.91.147:80 www.blogrankers.com tcp
US 104.21.19.79:80 www.loadedweb.com tcp
US 8.12.18.87:80 www.ontoplist.com tcp
US 8.8.8.8:53 www.feedage.com udp
US 199.59.243.227:80 www.sitebro.net tcp
US 8.8.8.8:53 image.sitebro.com udp
US 199.59.243.227:80 www.sitebro.net tcp
US 104.21.0.139:80 image.sitebro.com tcp
US 52.6.88.216:80 www.feedage.com tcp
US 104.21.19.79:443 www.loadedweb.com tcp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 226.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 141.8.67.172.in-addr.arpa udp
US 8.8.8.8:53 45.66.44.23.in-addr.arpa udp
US 8.8.8.8:53 2.196.175.213.in-addr.arpa udp
US 209.90.91.147:80 www.blogrankers.com tcp
US 8.8.8.8:53 www.centralblogs.com.br udp
US 8.8.8.8:53 www.mynewblog.com udp
US 8.12.18.87:443 www.ontoplist.com tcp
US 192.0.78.169:80 www.centralblogs.com.br tcp
US 172.67.177.143:80 www.mynewblog.com tcp
US 8.8.8.8:53 www.bloggapedia.com udp
GB 213.175.196.2:443 www.wikio.co.uk tcp
US 8.8.8.8:53 www.blogtopsites.com udp
US 52.6.88.216:80 www.feedage.com tcp
US 172.67.155.21:80 www.bloggapedia.com tcp
US 34.227.33.210:80 www.blogtopsites.com tcp
US 8.8.8.8:53 gelgit.tk udp
US 172.67.177.143:443 www.mynewblog.com tcp
US 8.8.8.8:53 centralblogs.com.br udp
US 8.8.8.8:53 bloggapedia.com udp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 30.179.139.118.in-addr.arpa udp
US 8.8.8.8:53 120.210.67.172.in-addr.arpa udp
US 8.8.8.8:53 79.19.21.104.in-addr.arpa udp
US 8.8.8.8:53 227.243.59.199.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 87.18.12.8.in-addr.arpa udp
US 8.8.8.8:53 139.0.21.104.in-addr.arpa udp
US 172.67.155.21:443 bloggapedia.com tcp
GB 163.70.151.21:445 connect.facebook.net tcp
US 8.8.8.8:53 stats.topofblogs.com udp
US 52.6.88.216:80 www.feedage.com tcp
DE 159.69.186.9:80 stats.topofblogs.com tcp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 8.8.8.8:53 i155.photobucket.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
GB 3.162.20.24:80 i155.photobucket.com tcp
US 8.8.8.8:53 www.allsportsites.com udp
US 13.248.169.48:80 www.allsportsites.com tcp
GB 3.162.20.24:443 i155.photobucket.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 216.58.204.66:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 t.dtscout.com udp
GB 3.162.20.24:443 i155.photobucket.com tcp
US 8.8.8.8:53 169.78.0.192.in-addr.arpa udp
US 8.8.8.8:53 143.177.67.172.in-addr.arpa udp
US 8.8.8.8:53 21.155.67.172.in-addr.arpa udp
US 8.8.8.8:53 210.33.227.34.in-addr.arpa udp
US 8.8.8.8:53 9.186.69.159.in-addr.arpa udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 8.8.8.8:53 24.20.162.3.in-addr.arpa udp
US 8.8.8.8:53 48.169.248.13.in-addr.arpa udp
US 141.101.120.10:443 t.dtscout.com tcp
US 8.8.8.8:53 dtsedge.com udp
US 104.21.14.49:443 dtsedge.com tcp
US 192.0.78.169:443 centralblogs.com.br tcp
US 8.8.8.8:53 connect.facebook.net udp
GB 163.70.151.21:139 connect.facebook.net tcp
US 8.8.8.8:53 66.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 10.120.101.141.in-addr.arpa udp
US 8.8.8.8:53 71.10.230.54.in-addr.arpa udp
US 8.8.8.8:53 49.14.21.104.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 whos.amung.us udp
US 104.22.75.171:445 whos.amung.us tcp
US 172.67.8.141:445 whos.amung.us tcp
US 104.22.74.171:445 whos.amung.us tcp
US 8.8.8.8:53 whos.amung.us udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 142.250.187.225:443 tpc.googlesyndication.com tcp
GB 142.250.187.225:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 225.187.250.142.in-addr.arpa udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 443a627d539ca4eab732bad0cbe7332b
SHA1 86b18b906a1acd2a22f4b2c78ac3564c394a9569
SHA256 1e1ad9dce141f5f17ea07c7e9c2a65e707c9943f172b9134b0daf9eef25f0dc9
SHA512 923b86d75a565c91250110162ce13dd3ef3f6bdde1a83f7af235ed302d4a96b8c9ed722e2152781e699dfcb26bb98afc73f5adb298f8fd673f14c9f28b5f764d

\??\pipe\LOCAL\crashpad_1556_LFILXSOHUULDQOLY

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 99afa4934d1e3c56bbce114b356e8a99
SHA1 3f0e7a1a28d9d9c06b6663df5d83a65c84d52581
SHA256 08e098bb97fd91d815469cdfd5568607a3feca61f18b6b5b9c11b531fde206c8
SHA512 76686f30ed68144cf943b80ac10b52c74eee84f197cee3c24ef7845ef44bdb5586b6e530824543deeed59417205ac0e2559808bcb46450504106ac8f4c95b9da

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\cc73d05a-b7d2-4c3f-8da2-759ce751d14f.tmp

MD5 10ebbd40c39ab1bf74ce43d4ee96a8bc
SHA1 a7a601d98b55021ee63adb3c07e71ca5f93e4bdb
SHA256 40b12d006f6e427ffd74e1909b8c69691a3ef5812a4f50d4cadc7edbbc990039
SHA512 e3f3709e3e7bb66c2f0b83a7a83351f43b8e41f1c3877fb75f2a3cb5f2425dd2cfd11272a18f253354cdb5d2f8484b8e044dfb2f37162dbd401774b3a08b807f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 9b7e4f8708ca24b56ec148111d57203a
SHA1 e39b28cffa04addaaacece0ca2f3b93c6318b5e9
SHA256 5ffe8b3b6b326470c9af7e19ae2158b7432a5a939c706da4bc35db31df709902
SHA512 810468eb03dabbd31466cf650f402a3e46d1008952dbce83051e02b1642ec166ab4d43fefd4c565bcf62e04d54ad7042517dd70b3b39246f8fcca6ff4f7842a9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d0ce85f091c3b21d3ca2af0601fe3afc
SHA1 4a56d691edaf9da3b0ea12d429fd08ff21bcfb00
SHA256 2830823b8e58a04c15edce8dcd4c544b10fb719722473ab55e21549d722b5357
SHA512 c171a78ecca2244d7f522ce5a514f7e92ea9192d35d72075a274f6bf0f657c5f5afc9e1f9bfb4c9808d622271a09b1d2f2353c91a495cc168a19a3dea1b7be98

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 be9a89dde2471b55f1aab0327c4462c4
SHA1 764ce836e4ee365dd1ea711a4c1bfca50d98d5a3
SHA256 6a7f1f76027bb36d5e5799e8a5ad1476bdd3ad996450fbd2154c5e24870f1a74
SHA512 f277431d02876fe1b9a823250a1e9f125f606b0b24fe9864041387b6ae36d344a2c9bd6284509cbe3d0af66c9d5e98b973d023a804865cd63aba31f9974b99c5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 72b47b3ac286739bb8f138738d5e0aa4
SHA1 82b635690419f0b5f6f5c6a9a4f9081f0568ac2a
SHA256 ebc0cb9e25e6a40853044699017c4802de0ffb777c3d1817b12c3b8c74d35b00
SHA512 611be5167be5754e809ed9a3f0cb53e8d47cd6cf1c34be4d3d1f072ef50d59b3f61977965c8a308114286171af5b7baafa15387b321d06efb680f724e37292f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 05079814981a5f1752eea891e52377b1
SHA1 40e1a30fe1b34a67e86ee75f190c3781c57973e3
SHA256 fda1ac07578676bcfa186340e03c397019452a71e32d0513d7f9b2f41a58de23
SHA512 e51416c3588eb72da13b2f168c55eafb1ae5d3bc4529c740e0d887e831aaeba07674903f44a6d866aae1622b8ba69aa89c292b3451f03c115a322c3e54416aa5