Malware Analysis Report

2024-12-06 03:26

Sample ID 241023-g6ecfaxcqj
Target 6d7bafc5b92628f951ee15b97e9baf76_JaffaCakes118
SHA256 a0029a0d6e63c69ed2355e3153135cd9d036c6eac780c662a0f688aa8c282228
Tags
socgholish discovery downloader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

a0029a0d6e63c69ed2355e3153135cd9d036c6eac780c662a0f688aa8c282228

Threat Level: Known bad

The file 6d7bafc5b92628f951ee15b97e9baf76_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

socgholish discovery downloader

SocGholish

Legitimate hosting services abused for malware hosting/C2

Browser Information Discovery

System Location Discovery: System Language Discovery

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies Internet Explorer settings

Enumerates system info in registry

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-23 06:24

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-23 06:24

Reported

2024-10-23 06:27

Platform

win7-20241010-en

Max time kernel

138s

Max time network

149s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\6d7bafc5b92628f951ee15b97e9baf76_JaffaCakes118.html

Signatures

SocGholish

downloader socgholish

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{817517E1-9107-11EF-B4EC-5E7C7FDA70D7} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "435826558" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004ecf3e4259aa05419b9c0951a15b13190000000002000000000010660000000100002000000087dd020c619fbae668901cce6cfeebf08fdddd3d6637f43238a1682d8521975d000000000e8000000002000020000000ea541a13440616d7aaf1526590e679626a943421ac63ba316d0447bcd541e6122000000063526bf6411551d40bbc66a1d07e00748a2c6d3238c304352bac6f52b4b29b784000000025cc1ac7a84a7597d7c5f7fcf391573613ce634fdf24f76353270a43b0e0177b3a9b61765471752b08adc5bd932d76118f2e5fb32952df319891f23d17c5f81b C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004ecf3e4259aa05419b9c0951a15b131900000000020000000000106600000001000020000000835e3d8a20b455e266c3b219e703269123e4cbe595452ba25e2e5fb7d8729226000000000e80000000020000200000000e0f33c656116582b2de1e94413ebc1befa0e75a764ab361e22ec30f3a9bf9a69000000019edfb78fb65d49726951d0780d2d2681c3d2f816392ad0917ef9a16625f8b531b885e6b5532d9fbf7fe6bc3050dc878afe85b59f5d58841b898b615dafd77778a41e7eb7f5862ce02fd8b7c8e1825a022c41c375c5bf8be8ed43bacd8c1cc39bca9c6d8474e3da1aab9a8ae2b669703f363570718c7dd41dcfab4cfd9922d17e755a62d23338f16d8b389c207be9b0d400000001cea495f3a0e7d47b3065eedfa8cc24f1d9ec8482c431d0b27fc92575753842ecb38196036d1250766d159e56638327cbb798b8add34227544a72f70f80dcf9c C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c0e8685a1425db01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\6d7bafc5b92628f951ee15b97e9baf76_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2868 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 code.jquery.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 dl.dropboxusercontent.com udp
US 8.8.8.8:53 sites.google.com udp
US 8.8.8.8:53 dl.dropbox.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 adsafiliados.com.br udp
US 8.8.8.8:53 img1.blogblog.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 i40.tinypic.com udp
GB 162.125.64.15:443 dl.dropbox.com tcp
GB 162.125.64.15:443 dl.dropbox.com tcp
GB 162.125.64.15:80 dl.dropbox.com tcp
GB 162.125.64.15:80 dl.dropbox.com tcp
GB 142.250.178.1:80 3.bp.blogspot.com tcp
GB 142.250.178.1:80 3.bp.blogspot.com tcp
GB 142.250.187.238:443 sites.google.com tcp
GB 142.250.187.238:443 sites.google.com tcp
GB 172.217.169.73:80 img1.blogblog.com tcp
GB 172.217.169.73:80 img1.blogblog.com tcp
GB 142.250.178.10:80 fonts.googleapis.com tcp
GB 142.250.178.10:80 fonts.googleapis.com tcp
US 8.8.8.8:53 bloggercomment.com udp
US 151.101.66.137:80 code.jquery.com tcp
US 151.101.66.137:80 code.jquery.com tcp
GB 142.250.178.1:80 3.bp.blogspot.com tcp
GB 142.250.178.1:80 3.bp.blogspot.com tcp
US 8.8.8.8:53 www.google.com udp
GB 163.70.151.21:80 connect.facebook.net tcp
GB 142.250.178.10:80 fonts.googleapis.com tcp
GB 142.250.178.10:80 fonts.googleapis.com tcp
US 8.8.8.8:53 voce.grupojbrf.com.br udp
US 8.8.8.8:53 www.adcash.com udp
GB 163.70.151.21:80 connect.facebook.net tcp
GB 142.250.179.238:443 apis.google.com tcp
US 8.8.8.8:53 www.linkwithin.com udp
GB 142.250.179.238:80 apis.google.com tcp
GB 142.250.179.238:443 apis.google.com tcp
US 8.8.8.8:53 carnage.spider.ad udp
US 8.8.8.8:53 tag.cleverad.com.br udp
BR 45.152.44.151:80 bloggercomment.com tcp
BR 45.152.44.151:80 bloggercomment.com tcp
GB 142.250.200.36:80 www.google.com tcp
GB 142.250.200.36:80 www.google.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 104.18.223.112:80 www.adcash.com tcp
US 104.18.223.112:80 www.adcash.com tcp
GB 162.125.64.15:443 dl.dropbox.com tcp
GB 163.70.151.21:443 connect.facebook.net tcp
US 8.8.8.8:53 adcash.com udp
US 104.21.95.65:80 adsafiliados.com.br tcp
US 104.21.95.65:80 adsafiliados.com.br tcp
US 104.21.95.65:80 adsafiliados.com.br tcp
US 104.21.95.65:80 adsafiliados.com.br tcp
US 104.21.95.65:80 adsafiliados.com.br tcp
US 104.21.95.65:80 adsafiliados.com.br tcp
US 104.18.223.112:443 adcash.com tcp
US 104.18.223.112:443 adcash.com tcp
US 104.21.95.65:443 adsafiliados.com.br tcp
US 104.21.95.65:443 adsafiliados.com.br tcp
US 104.21.95.65:443 adsafiliados.com.br tcp
US 104.21.95.65:443 adsafiliados.com.br tcp
US 104.21.95.65:443 adsafiliados.com.br tcp
US 104.21.95.65:443 adsafiliados.com.br tcp
BR 45.152.44.151:443 bloggercomment.com tcp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
US 8.8.8.8:53 fontpis.blogspot.com udp
US 8.8.8.8:53 o.pki.goog udp
GB 216.58.212.193:443 fontpis.blogspot.com tcp
GB 216.58.212.193:443 fontpis.blogspot.com tcp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
US 8.8.8.8:53 blog-pager-link.blogspot.com.br udp
US 8.8.8.8:53 www.cpmaffiliation.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
GB 216.58.212.193:80 blog-pager-link.blogspot.com.br tcp
GB 216.58.212.193:80 blog-pager-link.blogspot.com.br tcp
GB 142.250.178.1:80 1.bp.blogspot.com tcp
GB 142.250.178.1:80 1.bp.blogspot.com tcp
US 8.8.8.8:53 www.cpmaffiliation.com udp
US 8.8.8.8:53 www.cpmaffiliation.com udp
US 8.8.8.8:53 www.cpmaffiliation.com udp
US 8.8.8.8:53 widgets.amung.us udp
US 8.8.8.8:53 www.facebook.com udp
US 104.22.75.171:80 widgets.amung.us tcp
US 104.22.75.171:80 widgets.amung.us tcp
GB 163.70.151.35:80 www.facebook.com tcp
GB 163.70.151.35:80 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 blog-pager-link.blogspot.com udp
GB 216.58.212.193:80 blog-pager-link.blogspot.com tcp
GB 216.58.212.193:80 blog-pager-link.blogspot.com tcp
US 8.8.8.8:53 www.blogger.com udp
GB 172.217.169.73:443 www.blogger.com tcp
GB 172.217.169.73:443 www.blogger.com tcp
N/A 127.0.0.1:80 tcp
N/A 127.0.0.1:80 tcp
N/A 127.0.0.1:80 tcp
N/A 127.0.0.1:80 tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7BCOPU31\1[1].htm

MD5 0104c301c5e02bd6148b8703d19b3a73
SHA1 7436e0b4b1f8c222c38069890b75fa2baf9ca620
SHA256 446a6087825fa73eadb045e5a2e9e2adf7df241b571228187728191d961dda1f
SHA512 84427b656a6234a651a6d8285c103645b861a18a6c5af4abb5cb4f3beb5a4f0df4a74603a0896c7608790fbb886dc40508e92d5709f44dca05dd46c8316d15bf

C:\Users\Admin\AppData\Local\Temp\Cab3A83.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar3B03.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 76b2de4276a82861ed2fc9622aca4532
SHA1 121d53d4ccd29ff917c424c703a718f4ce811172
SHA256 a5d281814ab7745a410c2de4e66244f253662f3c78fdc0d2a280632afab807e4
SHA512 de2758ac45fd6d48008c9ad0f58e71d064e6284f8665cd09794f9d1a6d6c2747ed7c9be6f6a784c530b72290c0de015849e9a650e2ddd7172dda1dba79562605

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8B2B9A00839EED1DFDCCC3BFC2F5DF12

MD5 f22fa065f938424a40136b2d6b8111cd
SHA1 fa8b557532e946f035b76e4a1d8504fe29dcc2dd
SHA256 55019b4a55fdd5c767fb548678ee3c944495b5092f726b9053de50405eb89a72
SHA512 0be5f6925ef73f8f8f3391a61e80d3874814a8eda826fd9d1b76477fe442a48b5e947d8b2353a171276aa94f274d445e4b16144b65171306bdafcd444f283685

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 79f5c05c47d2425e7b2be4035ac50754
SHA1 169fecc4612816cfe513265b685dc40baa2cd06a
SHA256 fcfbd7bcef83064c5a3072b00fd2d7d922be2abd838e051b1be5d0072b38307a
SHA512 2e42744918d14092def9faced08b51ab071a75be322c1aac85f77bc26a0536a821f9ca80dad5fc7431921e14e71de5f5b4c46c19471493f4cae9799cca521aa2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8B2B9A00839EED1DFDCCC3BFC2F5DF12

MD5 67e486b2f148a3fca863728242b6273e
SHA1 452a84c183d7ea5b7c015b597e94af8eef66d44a
SHA256 facaf1c3a4bf232abce19a2d534e495b0d3adc7dbe3797d336249aa6f70adcfb
SHA512 d3a37da3bb10a9736dc03e8b2b49baceef5d73c026e2077b8ebc1b786f2c9b2f807e0aa13a5866cf3b3cafd2bc506242ef139c423eaffb050bbb87773e53881e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6c46be590363a3f6f155f161aa323760
SHA1 e1d33db5bc698a4ef896a36041459d8082fd4955
SHA256 10a6a93698048d90a2a1297040363e35acddbfcab239e8f7c32ab77ea23958d5
SHA512 bd958483f7e121c32ff02e09b55ecd7f22460c3f20f80f0b2e0f56ee187bb828da819cb0c6814d707a0060c65f56ef478e506457867475efdfca0d2d92d94dd3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B46811C17859FFB409CF0E904A4AA8F8

MD5 3ac42c741a0edf36a71ad82b39478c99
SHA1 aae915e4781667621810f7d5f6fe3c870907ab56
SHA256 0e2499676099b883dacec2be8683e0ffbaff1abe19552a35855eae713e4e2907
SHA512 5036d17c131d2fcdb0f69ba5507bbdea7667de97f54c07d11c8adaec7c74f3ac8944b63a53fac773ab0cf74e1f303504483c33b59cf7683d54c1710a191056da

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 fa80b3e9e17ba881c20c3b32a69524ff
SHA1 31e5a3767b975a8d5f5feec54ddc461bd3f3aa2e
SHA256 01f621de260a65bdeef3c15ba80522af7d701dbafd097900bfd52e5e28b9f543
SHA512 a16faa083d882d5fa67a5be3aedbdc948c1cba7f80ce36a8dc01b03832b3b36b33d6520427d98929ce30b101ddc606338253e75466bcc887c31e3a37ae701468

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

MD5 e935bc5762068caf3e24a2683b1b8a88
SHA1 82b70eb774c0756837fe8d7acbfeec05ecbf5463
SHA256 a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d
SHA512 bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B46811C17859FFB409CF0E904A4AA8F8

MD5 971c514f84bba0785f80aa1c23edfd79
SHA1 732acea710a87530c6b08ecdf32a110d254a54c8
SHA256 f157ed17fcaf8837fa82f8b69973848c9b10a02636848f995698212a08f31895
SHA512 43dc1425d80e170c645a3e3bb56da8c3acd31bd637329e9e37094ac346ac85434df4edcdbefc05ae00aea33a80a88e2af695997a495611217fe6706075a63c58

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B46811C17859FFB409CF0E904A4AA8F8

MD5 56ec4f1e70c8b26c51ebad60f4a47e29
SHA1 e4069b13dfeaa7cbc80a057da6fb4125534e8149
SHA256 42c830388c2c7539ab12ca03d8bcf9fc63887c6b012a75de6c22ebe282d5daa1
SHA512 27d68ec757bf689735cd243d7ae8b6dea10af7cd0e5deb8eb1b4869ddc542617617ee7e672a22615ae623696761ff9c82924da4de472bfa6c2d43b3c622b42a7

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NT668XG4\plusone[1].js

MD5 1106da066ce809fb5afe9c6c1b4185b2
SHA1 3b64d3a7f52b4c07047fa8727db4207137733bf8
SHA256 d0f3af1e716ce7846e7c252ace160c12480d41eecd5a7e7917ee5b2ccde62b51
SHA512 3f0205b89d5293f14d863e344680a9d8518e5d4ee3b981dc5981106534bd597ed6b388eecab1385320f77c8d5a46a4ce5b64f03f4377b8ea13ecf9b569878fd9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5fe1ac1c602a7abb042bbd62100d5233
SHA1 002927ec510518b0451eb0ab45a01c7ae3e3fa91
SHA256 9907b5d1d9484df5b3deadeb6fcd35c63bc228d3a5c75908a3484099d7d3a0bf
SHA512 dcd2a0234c8a946f8e3bcf0d13dee5b832b9a02ef13204ca9d2964fdfa5e9f34e7db932a9362281012e8f53dcda64b4b9721f609e5dc08ea0679860bf4d4c1d4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c14ccbd7a93eaaa105f1497458325394
SHA1 52420c89e868022a7937418a59302757285ad12e
SHA256 c4c669b6de3b93f23e498683e36b98383a0d6722f26f5488cac9b31fa49de610
SHA512 15f296e9df754679cafc83431d4e0078a0370b11aa63b8cf2f0d08015c4d36858b5af7ea9bb70e069c723ba0897a154fc2933759f25ab9e7f05fbc1dbb34637e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c57822d85cf8460d8b1a15def76ca194
SHA1 d7fce567dc0ea0fd88ba0e55af2353f88d04e70c
SHA256 c2d8e606cd80fee854012a732ec374c51b136bb82e073e5224345007f67b5a8f
SHA512 4fe6345f63f6546a46ea032861793f7cc0443fd686fdac413ea29884c97a19685f6dc9c365da452871a896bb9d0d618a95f92ea3e03c7c38423aef73169d9980

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 946d63601b796d4e42dfaf7a2f56d489
SHA1 1e400c4850ec2941dc9d48ddec90b207fdb3c112
SHA256 3c098c7252aa6ff1b2170a88fc6fdb962d0e481ce564fa5a16822db489330770
SHA512 9e56e4d81bd92c468caa0b92fe4ac3be0c840f18a1277fdb8fbf8cc6f1bff8dfa2bdda64f42de8123b957434575d6c72d8121800e86c7e0bac68f6e5c4a9f3b1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f752fc67a85fd6e5e26ada17eeda381a
SHA1 4490d84b94568f590f0e14cbcf13e8c56456d009
SHA256 a064af0f64c89a858b375fcc2bef60d1c6fabb496e9bbec2b1ec9dd1c2196fb5
SHA512 4b6c2bd8fb8f90a3f73147b68ae4267f8d5800a18cc8b6f1317939a5386e23d75ca70a86ed7075f6c2340c179c385d0232a0770bcd0453e27ac2e2f5f82c77d3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c7e3235ea17a1624bdd7dc4cbb305bda
SHA1 dea95d5075109539f84c4d56774d03cd8e12565c
SHA256 e32b7c3167756a2aaaa63ebfee505c1fc8751ec3486dd1d51dfb2070573f5252
SHA512 36965a8885b1e4431bb3e165007c31569d3a3e71fa3eea5df15c7723dc165aa733e3ff3c1e114b45c4fcdefb19d318f96440c59fc52132502641cfdc3f9c4f4d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1e27d11ce22527b8b7d469ae4327c305
SHA1 ce74aa609466fb22fdc2a1a09acba32e85b03f3b
SHA256 bb43e414870d5c8b055fc09e0c50937a5fe4629d6145398fc15a8014999ad925
SHA512 01f1742a5d3703511a87ae99695555e6c625caa6eb96025d95a16f177af1666f39627ea12636b4343e33404f297626a7811269a6f20f20cf4410753ff95a06a4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1e8b9a5103e2eff700581111b55fda0a
SHA1 789e928283c845d5d218787f22fb6944966bc6cd
SHA256 9a426e4e5eb47c497be7a163a1df9e0825fb984c32969d38cd185fb0803e1dbc
SHA512 66d176087543a003014b54cf001f431664c941efe302fc3a9dab34554895916ff1cac93c43b49ffbf962bc52f63665483c69af522bfee59032012883881ed8d5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 29c97cea5744aceeb053bec16b505cee
SHA1 286e2859affff2103a8d9884e6135a9d7eb6da47
SHA256 9fa098de991be94753187340c220859abd7385a19a3086edd24565794bd03128
SHA512 c8b37c9e28d394627d6ad06f45f5da7405164b5324c8c2b3b79599a67c09d5703f99d6d3ae16715e4c3dfa62936d5e02c50b51be1fd418b8c83813ec387a6f38

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7028d9293cdbc84f0c6e62f00114278f
SHA1 0e0bef9317cd2ac77ecfefc6cfd4e03cc5fefd01
SHA256 0c6007c7fc925424ddd579a428449a822357882aa07c59a4ed03bb354919f225
SHA512 8fb75a0141ddb2629ed1cd1cb3c8fdd25c55a401a739935c97b073f90f60eedc8e42e4e0ac590fc2c6ba972912b87e4b585bffa3a94a64082a9c9cfb66175ef0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 de9b42aba9af2fe60b632730a61e3781
SHA1 2551ce8949a92f6766dab97a5736d7d24ca7d934
SHA256 176bad4f954b86f5ed4f2b53a7f02e360368c8cfc9b30b79a89cf1bd5df3151f
SHA512 cf93f42cfcf059896a1bfc370e3ba4d4d607772094c983bad99dc1e8efcd9cd7a10d88e9062d83567a3770d71942d6b8ae8c43f91266dccf97dd24a5aac7940d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 943109a26e4c0cc610f8d3396363cd78
SHA1 bfa9e9510bf4b759470071de5a7947f94c7a3484
SHA256 4083cf09549b9d088df40405bb29011edab8bdc7dbe3519f17b5533f63158585
SHA512 200aee959361938472390f657e001b69c813711d450f549e1a19a36f21f1f8714ac534866ee736b9bf931570bb46cd1d9832dfac1696863ca51680458232faec

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7528dbdc32bd583dbe82709794d00fd9
SHA1 b01a9185bdf70c6c0f03a998219bbc79c87cfc86
SHA256 e662f9d99e0816df8ccb9941accc328faa76d8f785fa178c531757ff770a15fe
SHA512 3fc60e3dfd2d0aa3adbc50783b2cf1bcd1df91b350b3b2f920c81cbf9bc682cca37f877683b084b3c87c1a9ba0d3a40cd37297c30aa0d0c775916cb8b5137cae

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c507b401593966737adaead6382686dd
SHA1 bccaf41ad2203ec011212091d1531bea2a15c7c1
SHA256 8f40ad60e6e70dfd16aaf4f9f157366f8383a2076bb92a36ed0269feffac6dc7
SHA512 0fbeb76545d4633c87fbac0918d1d00c481f7e69a3cffb20ec3a265a11ad114a90a090bd23992069d134ffc2945413bff947774ebc808a2b3270ebc450abbcf0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 08095ee3bdfacd4fbe94ba582a6afa2a
SHA1 5e048b01a3ab92efb20330b35b6270a302b10126
SHA256 beaf69a0d492d8e3879f2b769eeab525671ee960155d6eb7e45ecc3aa749be46
SHA512 001ff2943268fbf0cc45249a29feb67a4fdb1ce14f10935a6171a2539a18592163eb90136b7411b80a48057af56524c3970e46e544cc0bdacdadb55944b7ecd2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b2ed5996b77e5d4b5bad50e0e57af10d
SHA1 059006b2733b66fff8c5193908ec188553c435c4
SHA256 5745306b46ba46979c038878b22b58f86ac530d5ad9a2b8f498af97a818fa752
SHA512 da220276d90658f868427103a9a31cecc5db5aa993b8ea00ac822b8d9f0fee3faecab7d8062a6f8d5547f8a53d556ac5bb74763749cd601a13e5360a06e00246

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e06735bd034c0543f51871d559263b4d
SHA1 84652579b50d03af25418ecdbf6e69d60824ff5e
SHA256 07d6bed821afb0d44d048e274a2ac6042dade98c0802948cb1ab2a0febea9716
SHA512 51d3b7977b8186e22b36e86d9beb9b0bfff6f5ed2b27dbb97b33f201de568c539c4fbcdfd900033d419122b7d87234b9ff9eb109722a9f02173b57c99f46191f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 13c0583dd4ba746f37316c0c3920538c
SHA1 e87cad10dba640d597f995ca652bd19161fc0cd4
SHA256 ec369924647c0327c8dc5ae8f9bdd0de123b72a1156184921768345d652f536c
SHA512 01a845c47b4a0a2cfeecce530137618f20f3fda8e62b8bbf358dd9a0e3571ff954123cd207a9e83a34a55779a0a3ee86a85265c06f9cd561915fa1ac313b0670

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 36db2051af3f5771f737c6e6ff266390
SHA1 6d5c6889ae1a2b02466d595af434a18befa3b01b
SHA256 c6a00eb6838738c21292265a78771b7cac29465562e3b99c6a4fdb70d67de0f4
SHA512 590bbe0fb156cf8fa4140b8dcf6317f09047aefdfbb899413456a77f2de34e51e6131a971351f9e64dbdb30d5092770ea0fdf7c5eb9b8a12f6820b4afff9863c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4d20f0bb3b0d2b23eb18015199223281
SHA1 2b57194483518d3ef31a5b5368c081142f26f599
SHA256 d28a4e23a7fe000d05b7576b6191d261de483a6231cd48d899b62aa46e123613
SHA512 25f15c9db041683f34a069d17bbdc3a4957c5dbc7ffa79b4e90a4ae4b6b0ba50e3b9fb42b2b22368eef310b31a96a717f8e370ea4bbf26e4f1c9dffdef3bb225

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9c7761a8d2136852b518969ca824593f
SHA1 7b1354c1b2b209895c92acf34739db54a5222b36
SHA256 894e1f77457f7c60febda2e6f4bb6d826cd05c065e7e1545680be9a2ef42d449
SHA512 2a91da4a0775b9b600d05b19a357b002a57580e8b4b58a9304bbc80504d777ded0c08fa3f889c9cefe5d634c53bf2bf9f30f142ed67a659ac41ec3d7dc6bb3b1

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-23 06:24

Reported

2024-10-23 06:27

Platform

win10v2004-20241007-en

Max time kernel

148s

Max time network

149s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6d7bafc5b92628f951ee15b97e9baf76_JaffaCakes118.html

Signatures

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3772 wrote to memory of 4144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 4144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 4896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 4896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 3092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 3092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 3092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 3092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 3092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 3092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 3092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 3092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 3092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 3092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 3092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 3092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 3092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 3092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 3092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 3092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 3092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 3092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 3092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 3092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6d7bafc5b92628f951ee15b97e9baf76_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcc30c46f8,0x7ffcc30c4708,0x7ffcc30c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,1573222933002637180,2780645927923521987,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,1573222933002637180,2780645927923521987,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2500 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,1573222933002637180,2780645927923521987,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1573222933002637180,2780645927923521987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1573222933002637180,2780645927923521987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1573222933002637180,2780645927923521987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1368 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1573222933002637180,2780645927923521987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1573222933002637180,2780645927923521987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1573222933002637180,2780645927923521987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1573222933002637180,2780645927923521987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,1573222933002637180,2780645927923521987,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6084 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,1573222933002637180,2780645927923521987,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6084 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1573222933002637180,2780645927923521987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1573222933002637180,2780645927923521987,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1916 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1573222933002637180,2780645927923521987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4120 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1573222933002637180,2780645927923521987,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,1573222933002637180,2780645927923521987,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5612 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 code.jquery.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 sites.google.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 dl.dropbox.com udp
US 8.8.8.8:53 dl.dropboxusercontent.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
GB 172.217.169.73:445 www.blogger.com tcp
GB 163.70.151.21:80 connect.facebook.net tcp
GB 162.125.64.15:80 dl.dropboxusercontent.com tcp
US 151.101.66.137:80 code.jquery.com tcp
GB 142.250.178.10:80 ajax.googleapis.com tcp
GB 142.250.178.10:443 ajax.googleapis.com tcp
GB 162.125.64.15:443 dl.dropboxusercontent.com tcp
GB 142.250.178.10:80 ajax.googleapis.com tcp
GB 142.250.187.238:443 sites.google.com tcp
GB 142.250.187.238:443 sites.google.com tcp
GB 142.250.179.238:443 apis.google.com tcp
GB 142.250.179.238:80 apis.google.com tcp
GB 163.70.151.21:443 connect.facebook.net tcp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 72.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 15.64.125.162.in-addr.arpa udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 137.66.101.151.in-addr.arpa udp
US 8.8.8.8:53 21.151.70.163.in-addr.arpa udp
GB 216.58.204.67:80 fonts.gstatic.com tcp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
GB 142.250.187.238:443 sites.google.com udp
US 8.8.8.8:53 adsafiliados.com.br udp
US 8.8.8.8:53 bloggercomment.com udp
US 104.21.95.65:80 adsafiliados.com.br tcp
BR 45.152.44.151:80 bloggercomment.com tcp
US 104.21.95.65:80 adsafiliados.com.br tcp
BR 45.152.44.151:80 bloggercomment.com tcp
US 104.21.95.65:443 adsafiliados.com.br tcp
US 8.8.8.8:53 www.linkwithin.com udp
SG 118.139.179.30:80 www.linkwithin.com tcp
BR 45.152.44.151:443 bloggercomment.com tcp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 65.95.21.104.in-addr.arpa udp
US 8.8.8.8:53 151.44.152.45.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.200.36:80 www.google.com tcp
US 8.8.8.8:53 voce.grupojbrf.com.br udp
US 8.8.8.8:53 fontpis.blogspot.com udp
GB 216.58.212.193:443 fontpis.blogspot.com tcp
US 8.8.8.8:53 www.adcash.com udp
US 104.18.223.112:80 www.adcash.com tcp
US 8.8.8.8:53 adcash.com udp
US 104.18.223.112:443 adcash.com tcp
US 8.8.8.8:53 30.179.139.118.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 36.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 3.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 193.212.58.216.in-addr.arpa udp
N/A 127.0.0.1:80 tcp
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
N/A 127.0.0.1:80 tcp
US 8.8.8.8:53 112.223.18.104.in-addr.arpa udp
US 8.8.8.8:53 www.blogger.com udp
N/A 127.0.0.1:80 tcp
US 8.8.8.8:53 tag.cleverad.com.br udp
US 8.8.8.8:53 4.bp.blogspot.com udp
GB 142.250.178.1:80 4.bp.blogspot.com tcp
US 8.8.8.8:53 img1.blogblog.com udp
GB 172.217.169.73:80 img1.blogblog.com tcp
US 8.8.8.8:53 3.bp.blogspot.com udp
GB 142.250.178.1:80 3.bp.blogspot.com tcp
US 8.8.8.8:53 i40.tinypic.com udp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 carnage.spider.ad udp
GB 142.250.179.238:443 apis.google.com udp
US 8.8.8.8:53 1.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 73.169.217.172.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 s7.addthis.com udp
GB 184.26.134.46:445 s7.addthis.com tcp
US 8.8.8.8:53 s7.addthis.com udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 blog-pager-link.blogspot.com.br udp
GB 216.58.212.193:80 blog-pager-link.blogspot.com.br tcp
US 8.8.8.8:53 blog-pager-link.blogspot.com udp
GB 216.58.212.193:80 blog-pager-link.blogspot.com tcp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 www.cpmaffiliation.com udp
GB 142.250.178.1:80 1.bp.blogspot.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
GB 216.58.212.193:80 blog-pager-link.blogspot.com tcp
GB 142.250.178.10:443 ajax.googleapis.com udp
US 8.8.8.8:53 widgets.amung.us udp
US 8.8.8.8:53 www.facebook.com udp
US 104.22.75.171:80 widgets.amung.us tcp
GB 163.70.151.35:80 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 whos.amung.us udp
US 8.8.8.8:53 t.dtscout.com udp
US 104.22.74.171:445 whos.amung.us tcp
US 141.101.120.11:443 t.dtscout.com tcp
US 8.8.8.8:53 171.75.22.104.in-addr.arpa udp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 11.120.101.141.in-addr.arpa udp
US 104.22.75.171:445 whos.amung.us tcp
US 172.67.8.141:445 whos.amung.us tcp
US 8.8.8.8:53 whos.amung.us udp
US 8.8.8.8:53 www.weblolnet.com udp
GB 94.229.72.117:80 www.weblolnet.com tcp
US 8.8.8.8:53 117.72.229.94.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 7de1bbdc1f9cf1a58ae1de4951ce8cb9
SHA1 010da169e15457c25bd80ef02d76a940c1210301
SHA256 6e390bbc0d03a652516705775e8e9a7b7936312a8a5bea407f9d7d9fa99d957e
SHA512 e4a33f2128883e71ab41e803e8b55d0ac17cbc51be3bde42bed157df24f10f34ad264f74ef3254dbe30d253aca03158fde21518c2b78aaa05dae8308b1c5f30c

\??\pipe\LOCAL\crashpad_3772_IMDEROTIQFUCKWQQ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 85ba073d7015b6ce7da19235a275f6da
SHA1 a23c8c2125e45a0788bac14423ae1f3eab92cf00
SHA256 5ad04b8c19bf43b550ad725202f79086168ecccabe791100fba203d9aa27e617
SHA512 eb4fd72d7030ea1a25af2b59769b671a5760735fb95d18145f036a8d9e6f42c903b34a7e606046c740c644fab0bb9f5b7335c1869b098f121579e71f10f5a9c3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5fc9f890a176379be19fb3e0f1473ff6
SHA1 5f60d861f7331b92605e635f60b5ac9058493100
SHA256 52880268562234f1084a276ea3c9d01b02472d584be778a382629638312631be
SHA512 8ada857f33a7cdb9952eb80a77498dc1f73ee52a728a9588a7445c284db1ef57ce93210e227287d778eee71091c88d8c60ce1eb6b4e7f0278f92d068e0d3b76b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 8442942b9220504e843b1280352893ca
SHA1 21e075e8c44bb8b66ca043cab2674fe4bc7f33bd
SHA256 268b440744fa3ce253eee618b394da50fc8abd88c18abb20e0a15ac18f307635
SHA512 a6c32aae1eae0857aed2619cabf1d75208d9bc0f1c4d19c48ec47a772ae0f940a9f321657b2d843ac169a8070db9296a21ce060f68383f17cef925254f51d996

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c67c35b3c5a6d3ecb3606f5f7e5784e6
SHA1 5262bbe33164ebd6718d4a5c4647fdae322c3fe5
SHA256 a0fdfbce2017a1947148e5730c19439e61b5b44048c4c27869e739ae87da6e21
SHA512 24680517a2199a3873eb451231d63a5fac6e98037b2834de770bbe2eebe67e8c607c150d25ec87c58f6af774bb82fbecea20bd2102400d4ebab22a8bdf62f915

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 8da8fa0e61a9e7c3af01c6817b71a4db
SHA1 5c19949b102849cec8dbf3c2e12dd0ef2a5900c6
SHA256 2f88e954e361f29a5e9142959bd27594425a964598cb2fb3db1c4a31a8b995b4
SHA512 27f53d84cc908265cd9dadf8f67fe54e34d7fca06efaf28503b6f6b7b44f11837d97b6c47adcfd99c35be56c6135afc20db1452031bc8bc6bb91e8e716697637

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5809af.TMP

MD5 1404cb9a30c3be1e25524d732b4a5d17
SHA1 b3f6718a99f9a51b2d3d2c0b2876dc882d3ec98f
SHA256 98322591fa980e2f0cc2b1b7c779ebec79ccef3021fe9d243191ea647cae20dc
SHA512 407d498e3c400c4e149c89f1f403ede23852d57429d26da945d1ba44caf1b2a3b5949ba5cb9a4a32d61b227991bc886e2d592bf584f98ec07c94b77df29e0b36

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 6b17657d0181aeb5428d06324bd21e37
SHA1 9a36c43dc476b69abf119b16f1c071b0e7382fb0
SHA256 e1b5bf69788ce9da25589c688bc092dfa80aa35c7dd072989a5aadf8fec3a3d2
SHA512 dd9e4978f6661c60ed2e0fc97aef950d85c93723ca05a802301eaa08ef7dc963b705160b4d88d21c76b3644a71c944750c835b60b0e35be523e6c1fe2941f5f4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f8c95f75-de57-4bb4-b898-f1fbbb3a58f6.tmp

MD5 e8fb36e1ed93729f6fb52f86191df2ec
SHA1 2136e5c6edd91ed24de94c7380bd834a0283f0fd
SHA256 d7b86852113c6b13b5ea59a348bcb7812d9f338301c0c669ceac91ea0ba78381
SHA512 e70f0a17f30aa2628f9f46d741769252fd3688d341794fe2c484f8f5ff134ad107f76ca86c90fc76596270a507f7e6dc1d20b4c5f0aafaa3894f19e7e841936d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d1fa694bdf2acc80ceb9092312cdfbd0
SHA1 e710831e610a90d8b51e4f4435935d5f989724a6
SHA256 a1e707828bb5792b0a416ae4389057a76a78d9f23cad13684c0462a96797fbab
SHA512 31c440c065abd8490b8f1657e3a2c7c03cba24e768d896869b923ed9193638dad9aa12a1673bb7caae548c4afc3bcb51542adae8cf75614f4801a5b52ddcb7c7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 826c90c4c62dd96f645fb56677776d67
SHA1 de239f3e2d1351e7e58e2e5f0227c8e1ff0cc513
SHA256 5184f6a11a54da51fb1ad8ffc2e3c1204cc65e80c8a1b6ceb0e22336a49d0a9c
SHA512 bad8f4fd9d405776a29344fd6dc596b323d8e1482e93d369fa2e7d037c5b3c3a406fed1063bd394659440b0e4cabb37fb317c3f9921f1a98e815bc9e1b532d4e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 f1f148df9b29ae5bdec098effd4e6b17
SHA1 1472008618fb2af17d3e42ebabbe30802dd04bae
SHA256 80e44ffcb368da14ff9091b1e21a413902a718b1cac764f9e660e50e791f370c
SHA512 6b6914058d42ec193e6b41562e8dd27ce0b1b18316ee8bf6ecde3c475b0c7661ee176abf16100a8ead483c3e46d5b3c003f1933ce77cd2e9e705152bbed9a2dd