Malware Analysis Report

2024-12-06 03:19

Sample ID 241024-mbmyzsxdnk
Target 734170631629ef4f6b7f161796482eae_JaffaCakes118
SHA256 6183de4854ae229fd5f4029c0556a0169aaeb1ad98f8bd6eadf9625b1ce4ca0c
Tags
socgholish discovery downloader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

6183de4854ae229fd5f4029c0556a0169aaeb1ad98f8bd6eadf9625b1ce4ca0c

Threat Level: Known bad

The file 734170631629ef4f6b7f161796482eae_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

socgholish discovery downloader

SocGholish

Browser Information Discovery

System Location Discovery: System Language Discovery

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-24 10:17

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-24 10:17

Reported

2024-10-24 10:20

Platform

win7-20240903-en

Max time kernel

145s

Max time network

147s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\734170631629ef4f6b7f161796482eae_JaffaCakes118.html

Signatures

SocGholish

downloader socgholish

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b3e8f15f634dfc43bfa5c3a2648d88c4000000000200000000001066000000010000200000000ee2d4c0c275c2975400c83ec608cf14082ef396637199d18c5cb729bdba0d9f000000000e800000000200002000000093f58ee7ada3a94627243f6400a5599fbb702d1a6d0ff45f3c8fc8dcf8f428f2900000003033d9a33afaf70dc0bb7892eb5c5e7ce2d277efb5c42013be07b98c6ee0cbdf4f2f2a373b594283aad2a830246710e5d966d2806523ca1760d32afa945fe885ec5d50a427d796352ceaa7263918b625de498d5883cb50e471c3f0613b35e0eb12b42c06c76be37ca8f9f28005308b54183ecdad5a7e69c935fcc356fed1ebbdd0e4c6d2f163f5a15e0537d3c60611a040000000f6a4a5b774c2db8a7f1e3847f1846d4a7f21368268341dcf121679ff06007d7b6b26684cb17a65d7b34867271a4e0774e937dc9e2dd91fec0556eebbab16ce65 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{46E22BA1-91F1-11EF-BF61-EAF933E40231} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50122d1ffe25db01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "435926961" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b3e8f15f634dfc43bfa5c3a2648d88c400000000020000000000106600000001000020000000c032783e65ff991c35ba3d24bf9805f13bb3f2468ebb84d032e1acf2aa4ee491000000000e800000000200002000000030179cf05d217a57d0931da895b781d892e47da926cefae19b711016da198bdb200000009d39096b56ee472846632932ebb6948a4290c104eb87bdc378020bff0b957756400000000ce8a4a36342ba6b81f2b8766e098f9bd9ca68eab404b9ac95f26f572f083db3ef1bd2f1941b0d32af3c665b75027f79403bc76fbaa82325e77a0a9fd1e70841 C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\734170631629ef4f6b7f161796482eae_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1552 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.123bollywood.com udp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 static.ak.fbcdn.net udp
US 8.8.8.8:53 static.ak.connect.facebook.com udp
US 8.8.8.8:53 t1.extreme-dm.com udp
US 8.8.8.8:53 twitter.com udp
US 8.8.8.8:53 feeds.feedburner.com udp
US 18.208.5.78:80 t1.extreme-dm.com tcp
US 104.244.42.193:80 twitter.com tcp
GB 172.217.169.66:80 pagead2.googlesyndication.com tcp
US 104.244.42.193:80 twitter.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 18.208.5.78:80 t1.extreme-dm.com tcp
GB 172.217.169.66:80 pagead2.googlesyndication.com tcp
GB 172.217.16.238:80 feeds.feedburner.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
GB 172.217.16.238:80 feeds.feedburner.com tcp
US 67.222.110.133:80 www.123bollywood.com tcp
US 67.222.110.133:80 www.123bollywood.com tcp
US 67.222.110.133:80 www.123bollywood.com tcp
US 67.222.110.133:80 www.123bollywood.com tcp
US 67.222.110.133:80 www.123bollywood.com tcp
US 67.222.110.133:80 www.123bollywood.com tcp
US 104.244.42.193:443 twitter.com tcp
US 67.222.110.133:80 www.123bollywood.com tcp
US 67.222.110.133:80 www.123bollywood.com tcp
US 67.222.110.133:80 www.123bollywood.com tcp
US 67.222.110.133:80 www.123bollywood.com tcp
US 104.244.42.193:443 twitter.com tcp
US 67.222.110.133:80 www.123bollywood.com tcp
US 67.222.110.133:80 www.123bollywood.com tcp
US 67.222.110.133:80 www.123bollywood.com tcp
US 67.222.110.133:80 www.123bollywood.com tcp
US 67.222.110.133:80 www.123bollywood.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 disqus.com udp
US 151.101.192.134:80 disqus.com tcp
US 151.101.192.134:80 disqus.com tcp
GB 157.240.214.35:80 www.facebook.com tcp
GB 157.240.214.35:80 www.facebook.com tcp
GB 157.240.214.35:80 www.facebook.com tcp
GB 157.240.214.35:80 www.facebook.com tcp
GB 157.240.214.35:80 www.facebook.com tcp
GB 157.240.214.35:80 www.facebook.com tcp
US 8.8.8.8:53 123bollywood.disqus.com udp
GB 157.240.214.35:443 www.facebook.com tcp
GB 157.240.214.35:443 www.facebook.com tcp
US 199.232.192.134:443 123bollywood.disqus.com tcp
US 199.232.192.134:443 123bollywood.disqus.com tcp
GB 157.240.214.35:443 www.facebook.com tcp
GB 157.240.214.35:443 www.facebook.com tcp
GB 157.240.214.35:443 www.facebook.com tcp
GB 157.240.214.35:443 www.facebook.com tcp
GB 142.250.178.14:80 www.google-analytics.com tcp
GB 142.250.178.14:80 www.google-analytics.com tcp
US 8.8.8.8:53 e2.extreme-dm.com udp
US 8.8.8.8:53 internetcountercheck.com udp
US 18.208.5.78:80 e2.extreme-dm.com tcp
US 18.208.5.78:80 e2.extreme-dm.com tcp
US 8.8.8.8:53 c.pki.goog udp
US 67.222.110.133:80 www.123bollywood.com tcp
GB 142.250.178.3:80 c.pki.goog tcp
US 67.222.110.133:80 www.123bollywood.com tcp
US 67.222.110.133:80 www.123bollywood.com tcp
US 103.224.212.211:80 internetcountercheck.com tcp
US 103.224.212.211:80 internetcountercheck.com tcp
US 8.8.8.8:53 o.pki.goog udp
GB 142.250.178.3:80 o.pki.goog tcp
US 67.222.110.133:80 www.123bollywood.com tcp
GB 157.240.214.35:443 www.facebook.com tcp
GB 157.240.214.35:443 www.facebook.com tcp
US 8.8.8.8:53 ww25.internetcountercheck.com udp
US 199.59.243.227:80 ww25.internetcountercheck.com tcp
US 199.59.243.227:80 ww25.internetcountercheck.com tcp
GB 157.240.214.35:80 www.facebook.com tcp
US 8.8.8.8:53 m.facebook.com udp
GB 157.240.214.35:443 m.facebook.com tcp
GB 157.240.214.35:443 m.facebook.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 157.240.214.11:443 static.xx.fbcdn.net tcp
GB 157.240.214.11:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 2.18.190.73:80 crl.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\TarDE91.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\Local\Temp\CabDE6F.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AS91FDNI\f[1].txt

MD5 bada91627ee7b198a4428e65c2132213
SHA1 9318519e1336d5695522651f2366db385c924d27
SHA256 d57c77841349dae27d2f50a7bbdf2563f62ed9b6b437ebf8bb5649fd8a9ce875
SHA512 1c5c1106bf28ff7d26d0045da5ada5980b6775aa42edbe65b9a145d20967133b8a10808a7580c61ab53bbf2e8c63b51cc728e26cc24d54d2211d01d7fce8155d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b9d441dc586d5152e4a06948c51e77bc
SHA1 6b42feb16d6a91668e18990e8490c5749045ea6c
SHA256 ab0c1256b6dd58703e67c6b068a227f217beae0e0361b4339722cccae0832fc4
SHA512 97e766649bfe5fc684047e2f9bb9e206e1599471dcf32a8bd8923adc28e68d235de595ef88479a99e8ed3408a76acb89225df226744bdd5f344b39bde978b300

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9UR26M8S\ga[1].js

MD5 e9372f0ebbcf71f851e3d321ef2a8e5a
SHA1 2c7d19d1af7d97085c977d1b69dcb8b84483d87c
SHA256 1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
SHA512 c3a1c74ac968fc2fa366d9c25442162773db9af1289adfb165fc71e7750a7e62bd22f424f241730f3c2427afff8a540c214b3b97219a360a231d4875e6ddee6f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 747c71443e99797e8d6ca586e7f84a2b
SHA1 f76043a50d852625a6a4f27ca0bbc6cf52c5311a
SHA256 39e3fcdda0be2c8e48f0e305fe9616d09ae77439a7cb0ddbe3789003c21db523
SHA512 5a181f4693ff6b04ac2c86d06d081b90302a555bd81378bd18f33c20b4dfda4317aa4dffd3906440ae5b5d880bd8a5e66904d9cc4bab714a111fa3999bf08696

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 45f9a1e411f4c327e863d1f8952e079c
SHA1 94504804451eb22c6c8b6aa43f3faba08380f071
SHA256 a3679740a746b036edadf8db24646d1a0de9b37abbc0c79b32f2677f23eece61
SHA512 ca847469fab1e76444cfab7586c19daa1f4869a658bdd409437f3e72f0afed91cba02233f7554289937486b5241271efb6208eda4aa7e890d5135c7811200cf8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0a312027a39d3bad5680612643677954
SHA1 492f79d605fdb7bdfadc759a9353d33c2c595c38
SHA256 b8afb52cd224d887120d4e0eb08eae5c856d8f426174712adeb960d2fb6a8a05
SHA512 fa625fd5b3929a02f59ca2a5f203f81c404adea0d4a89ad75620c2e8f70466a7402e05bf780daa583b98576b9c086b636368a9762c80d6210507ff1671090c7e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 96a7257946819698fbe0ba3049ef816c
SHA1 5f66307d1b319960e1e4c9f74e784c344d032086
SHA256 5c7c38d0d3e0ed26a74a14b19680e9a7d1a1300b9560fa273371cd00e539c44a
SHA512 9e7e29b4669bb73af55e970df029d73d7676cccbfcab689b8d4cfb5d102e12ff768fbe19771f15e978c8540c2f7c1cd0eb92f71ced080a436096e595b9f36908

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB

MD5 a2c4448d1f59dec176063bcbc2c41072
SHA1 29d3824da707fa8d79d53dae4218111d6ebcca2d
SHA256 a2fa53a83c7fecc7bc7c44fbcc2c4e2d1b0fe8f39c30744f6ec9da811cc860a9
SHA512 88b227efa66671a106e5afaf9ab5094ffea017222abcf86a08473e905137e4491dce680830d62fbd04ba2deb79321f861cbb47f7d7613c9e81861b4b46d339c0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\35DDEDF268117918D1D277A171D8DF7B_B97162C9D06210EE1D917B1578CBABE8

MD5 385b32a88a54f67afe400c87feedefbe
SHA1 8a3e29927dce12c13fe57220ef27587193b7b900
SHA256 d2a22188aaddbe8c9f7d4131613be46d10ad8bbf70d44be16b944f366a5a6d12
SHA512 2488975536801eb0e663770b2261f3e2b2001bc9e8448dfe98474dd1558fb821ee5585c9df4309be4cf99e4db4d21540f4f7242bd9d9786ea98b80a092feae54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 efae2677d967386b04d902c4aa319868
SHA1 c7f11201595c1e7d10c7585acf2dcdbc0782189f
SHA256 e6e3be29057893110b5f7007322f7d4f9bc16f1ac7e1a578aaa44043d8240301
SHA512 f62f875b0a97c12a77c628158317edc61dd99cb7e326fd969493d4f0888bc5eac5022b7b09d4a9c41bb6a1fb89f084cb106c00971196a886f711c01db77079f4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\35DDEDF268117918D1D277A171D8DF7B_B97162C9D06210EE1D917B1578CBABE8

MD5 85351dedecb2e9a91d2aea679497b768
SHA1 d304fc0c0aa79058da8a049eb1d5208f82654ba1
SHA256 7a7dfd4d09b56dd07a537b98dd280e736deac3ade00b5cc08e1af4038de00394
SHA512 0307117433c13532bebb4de71ff83e888162204004c34e7c6a18ef205f472357d53132fac03617c589617730adc8273c68e474bd3ffa2f5810cfa7570ea4afa6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e3884e9c4a6dacaf79fd6928b68b31f2
SHA1 1fcf5d5299d458167ad226e2c5edb112b6bca92d
SHA256 8e700edc562d0b63e60923a3b043d4f20259029f2c37f4dc2453fb0e2b4fedd4
SHA512 333657dbe35a3c163fa38dc026e49be760f9fd5f61af925800b4829c135118bd664907ec42cfbe1a5d2dc07a618ef1c4bf5ccc2f8081ba0c9fc206b8638e405e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4deef5ebcda8f99290a5d472c6476b35
SHA1 2b6d3b739b56fb11e8cd96f128423a9cd4f9a976
SHA256 53f6ec64e7614191f88fae20d30994fc535ce457c3fe1abf43a6f70262c05987
SHA512 2fc2836c61066299ec3cc9444eb15ddfe8089dce046628f987fec8ea97c13fa556a2c41c94b14a75be2a404f03375ea984349bdd3444f19bf1264f5661c6bce3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bad182a32dcececc6d3ce06e93caf61c
SHA1 4b5d4b94acb50979919bf21dc12d1e445cd1bc5e
SHA256 1af9d14080d387abb11d015ada796742c79da46aba7009b2c1a61de0a3779805
SHA512 ee72f60e96ba239e9ff4a928ef15e6317d5cb18a27ccdd18ba0be79b7e74b23019f8a6b8b0e80a4bcac4776f4a2e2cfa614d33ad3f98774b7e7ce50c3b8aa57f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d7e6fd56780e1a5acca413e719e85d71
SHA1 e2bd9920b83e2f657208d2c409756df9124d86a3
SHA256 7f79ddf6a867fdf4e7db97b8ac01a79003ad6527f92908399004971786f5342d
SHA512 dc04b8be28115de21f73a29ac20b0760053b86327008fc5ea3e0aa2a149281c8cbdb03efe2c6b6199159022b5f4709be8c3d497b2c784d13a494040ed323f9f3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 66180e16152596f3f8757f56c1bc93a0
SHA1 b2e7fdf828b2942c447a34e77b29f747fdf7ad21
SHA256 9ea04d427cca8702bb4a953d0235c2031e21924a247ca7c5086075bbb24c970d
SHA512 49c3eb347039654dc1f9c154e7088a5e82e64dfacd787a2f14d4fd0f39d924d886ed3719a56819d5636e29fbbb1fed3f8777e9e55858b512bd61cbb1bb41b217

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3074cce2c23349e62ed2f7edc6c765b2
SHA1 57b94434c30c366bc5f2c2391c51bc2af39415f9
SHA256 da58930d8c14a9c98c992d37111a00113a3086542dd39c9af7ad33a1a455a9a3
SHA512 056598dd00aa93b420c50f86e722613f683f9a413b2b5484bc9112f97d119a40f88f7e351a4f1f24c113372175ca98ae7d8f45a84bc4ddbf97686e12d14120fd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2977080daadf53a0e8a89eb91f3b9bdc
SHA1 d4573a695e325664f6f830bd52e9d7a7fd9421bf
SHA256 b84602ecbab5c65f924d55c60a46c866052bd6d722483e4d53a5102c79fe4fe8
SHA512 94d68f0ce54937ba5c0886e12c38db482ba06bfaba2b2766b267e7c81ef66ae8c8b079f76397ac5ede91218bd242bdd3ee235ace1b3e842674a46ed86a76b8b3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5c6c817f42aa19ac4dd7c2f0f4a9a02e
SHA1 a5cc01942f0a093d23021d93bce15ecb79136465
SHA256 e39237b260187650c79d5a8948cf3908a8ed54256e52a5da07e29e402a8b4242
SHA512 79bb7193d2e5cdb5f979aa2c1f388c710b1369cdc9584730b6f6017e976b6580bb001552f4175c39f81a09d8777094183bed872f939368214f3a3ab5b1f01937

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ffe88317818b0da0b67f940a98e28d66
SHA1 9cf843b5a7be70c6118496ce27157f29088d5fb0
SHA256 35c1d3b2670d3b13573c5c0686babd1f8cda3938cfa8c31619b0d3c074d7a5ae
SHA512 8aaad0c369d98e12d913cffdac155c15624ab29af3637af4f0a9b23510d6ce6a52b838d2af02be93c44aecd1908e2a8f72004bdc3b69e8d6cb44c320096b0d43

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cc1032166d42e950c346f82531fd25bb
SHA1 543b8cedb7fa6b325cd427221523e70fc6e0b781
SHA256 d4e1315c47b811ca5381c61dc5f1d6c9d0d9e36f2e19da3747dd7093463cdb51
SHA512 ab437157dfc110a95c8e631a55bf6ea8015596d278a727f432c18afeac0c90e210bd9e9db1566ada497365d3fd2a203580e7ca7a1dd2d965cd119794ce73bb3b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0716aa19a083bbf8782ba2abb534fe2d
SHA1 1f699cca8f6b86c4a0fbfaf7e0ec2c6d71f65463
SHA256 c0da21b90dcad06834bb63149f7efaaa116ae3a95475028ff4b3e4349d4661e2
SHA512 95d8164c2dd9ba4932eee38e1bcf61dc89e14b2dd8e7a1fdc3f74d2036317dd89593f4031fe8a7fd50b04cd7e63f40331e0dc3149eeed889d5f969366b3a6ff2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e0b471816b2b8690cf6d231f71cd2ee5
SHA1 6f75d8429e060a27d2d3909fd4ebb9c8690e7aea
SHA256 462271def8b59ab834d578584e003d3934dbc4bc21a508b1869f82bd1ba1016e
SHA512 dbadfcf1b8694eef11e8b18446dce2c938919c89b11970ca1c7a03a823c84306edd8deca2c02788b29ed4092ac852d2b3f349952792e0d723dcf23bb41752437

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 03a651605664ea9308b6dc112f36c622
SHA1 8eca2d3895d90eb2bee94562aec2e3293bf6fceb
SHA256 be04e8069fb1dac311e943f6bb7739d0b463e1809890eb980cab4c81d3b39377
SHA512 4a6ee2a83c3daae627e1a8ebe04223c94f1684ac992b0753e3a9d5f423522754e63f5ca52133f01d768bfc955e5861680737add4576e776fc4e70b360db7e382

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fd193e4c2c2e5abefcd788a54ff89bd7
SHA1 0af62ab8028a133b118e3c5909efbd34c0fb38e3
SHA256 169c9c733e247f213097073fb92a7232744f0c92dff234bc9cee107bb50bcab8
SHA512 e33faba4d06ae3285b900e9bb6dbee519afcd1889c41dfde1361327e5a41935e656cfa9435ced793210385afbbbd1b77f4b55e71a15cf3ea938d391fe739fc23

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fc39c240839d1174b67016805634359c
SHA1 aae846188e05dacbcb2598c66d43086bf5bda450
SHA256 cb17965b310f9ee12a11ad873a199fb21f5f06dc5d83a987e8659ab2452e6ae6
SHA512 db8c08e34e02406d9f6ca11fa57baebfc0aa07143ac0d69662ec29bb1c7bd41abb62ccadad4942efd1750ab639c4e1f1fc9cdf9bc5b1833110c186a1f86c1303

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 551a0015aff1fe89e6bfa11930020599
SHA1 5e21ffdbcd63d0ea95c8b3c89edc01a14b5e4f29
SHA256 2ab8ee2cc9d1e27f50c4c82d805d834ac443fc94b4368fa64ed1929607e97ffa
SHA512 a25ec73af35a555100b097bade61f127100f008c574db2cb019736bafcdce52e56c6dab63b7e790a872a19fa317816e644c26a09999cb70204d7dcf06de899d1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 73cddf0b3e4ec3c60d23234bf8a12652
SHA1 ee387ac0fe2ed6ca1400198b2e3d17c8243e515b
SHA256 8073ec45edc14781b4f0179e22cefeb642e144b58b4a903ecb90b5418de70ad8
SHA512 79ae102e041745700d49cb86580c7dccc73c15d6adeba9326a34e12c649e02f15d200896827dde75da5c08a8d53b1eca94fed0b6fd39d44e5b51e91e68777e9a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b4cc9c994082b0f5937a05206a59a1a2
SHA1 95e7b44808dd41ec1e41219dde68293000d5af40
SHA256 942af52f81197fb5c20fa724bf059d4b5dc05706962de98861c7671f05518ddd
SHA512 b66c682f007580b3864b1d0cedd2ed7577ba2116bf67c89c24f8b3d851db1697eaeca29f905df2cd1b2eab3a36e50d488d061921be35c45114e97fe909cc097b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ce832edcbcd5ac58e9f5dafbc9b245d1
SHA1 3cc4eba39c7cc1099581cf78dc55df2b08cacbd8
SHA256 4de8ffba292818a9a486fe8a4326f9c633757a7813dc8c2bcf9b050b13be0681
SHA512 cafeed2d6e0c489ee94675bd93ae40dbd2a4d4df8d5c88fb9adc559a0980ce02d0618d37f55284c1896b2c903cb5740b1a57a9cb21835453a86b1541ce836fe1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 9fe3a57568eea7373ea70d423d1a9813
SHA1 0f4829860eeae8f0249fcb08d02ac4a3b9e010a8
SHA256 5aee3ad4d5f2bbb924d463f7f3cf573fde0a8485e352cc14b03cb3bf1c3c9275
SHA512 614a2816cf95e00731363d079bcff44f68e0bdeccf4982523a4a86216d20bab5a8eb08e881fe2ed4c0e90b76515a30d2c2329ec21ed698ea492d28ef19b96873

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 95e8ef62788d2f0342bd3b163bac1bac
SHA1 43bffa2a820ac80da7f4d2547e32478dc9e2b56e
SHA256 2fc19ded3b8fd09bd87d97e7415fa56cb993a1223eb0f570e1acaacf0c655e98
SHA512 b01faec5700603862bb340ff44725b17e0f4e5d6f5fd0fa3e10afc92a28085622a03384405afd629012b487998144d1063a61b230115c5181b7f2f2667dac81e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ba2dc4d7557df5b3df3e87d885ab95ba
SHA1 37f5e52a8232fd749ffbef95f2e80075a5e40940
SHA256 f78fe8a267b6046165352796f77c26a6c956fb2d399515515c4a1ca752590d55
SHA512 43ae8252a23725ff485de08b7a4e2956a4e59badb21e4c0c82db5a1794acb4d6453a6b48db4c3c66fb40fdc710b8ca88f14fb0374fd7d495413ffe8ae1cd32f6

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-24 10:17

Reported

2024-10-24 10:20

Platform

win10v2004-20241007-en

Max time kernel

145s

Max time network

142s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\734170631629ef4f6b7f161796482eae_JaffaCakes118.html

Signatures

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4804 wrote to memory of 5104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 5104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 2320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 2320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 2320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 2320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 2320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 2320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 2320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 2320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 2320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 2320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 2320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 2320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 2320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 2320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 2320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 2320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 2320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 2320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 2320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 2320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 2320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 2320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 2320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 2320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 2320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 2320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 2320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 2320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 2320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 2320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 2320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 2320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 2320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 2320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 2320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 2320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 2320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 2320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 2320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 2320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 2792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 2792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 2032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 2032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 2032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 2032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 2032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 2032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 2032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 2032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 2032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 2032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 2032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 2032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 2032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 2032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 2032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 2032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 2032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 2032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 2032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 2032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\734170631629ef4f6b7f161796482eae_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x40,0x108,0x7ffd5e5b46f8,0x7ffd5e5b4708,0x7ffd5e5b4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,6362926503337392784,15004612089396547247,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,6362926503337392784,15004612089396547247,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,6362926503337392784,15004612089396547247,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6362926503337392784,15004612089396547247,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2176 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6362926503337392784,15004612089396547247,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6362926503337392784,15004612089396547247,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6362926503337392784,15004612089396547247,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6362926503337392784,15004612089396547247,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4124 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6362926503337392784,15004612089396547247,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6362926503337392784,15004612089396547247,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6362926503337392784,15004612089396547247,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6362926503337392784,15004612089396547247,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6362926503337392784,15004612089396547247,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6500 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,6362926503337392784,15004612089396547247,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7308 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,6362926503337392784,15004612089396547247,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7308 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6362926503337392784,15004612089396547247,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6362926503337392784,15004612089396547247,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6362926503337392784,15004612089396547247,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4060 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6362926503337392784,15004612089396547247,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6540 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,6362926503337392784,15004612089396547247,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4804 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 static.ak.connect.facebook.com udp
US 8.8.8.8:53 www.123bollywood.com udp
US 67.222.110.133:80 www.123bollywood.com tcp
US 67.222.110.133:80 www.123bollywood.com tcp
US 67.222.110.133:80 www.123bollywood.com tcp
US 67.222.110.133:80 www.123bollywood.com tcp
US 67.222.110.133:80 www.123bollywood.com tcp
US 67.222.110.133:80 www.123bollywood.com tcp
US 67.222.110.133:80 www.123bollywood.com tcp
US 67.222.110.133:80 www.123bollywood.com tcp
US 67.222.110.133:80 www.123bollywood.com tcp
US 67.222.110.133:80 www.123bollywood.com tcp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 133.110.222.67.in-addr.arpa udp
US 67.222.110.133:80 www.123bollywood.com tcp
GB 142.250.200.2:80 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 static.ak.fbcdn.net udp
US 8.8.8.8:53 www.linkwithin.com udp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 2.200.250.142.in-addr.arpa udp
US 67.222.110.133:80 www.123bollywood.com tcp
US 8.8.8.8:53 twitter.com udp
US 104.244.42.129:80 twitter.com tcp
US 104.244.42.129:443 twitter.com tcp
US 67.222.110.133:80 www.123bollywood.com tcp
US 67.222.110.133:80 www.123bollywood.com tcp
US 8.8.8.8:53 x.com udp
US 104.244.42.129:443 x.com tcp
US 67.222.110.133:80 www.123bollywood.com tcp
US 67.222.110.133:80 www.123bollywood.com tcp
US 67.222.110.133:80 www.123bollywood.com tcp
US 67.222.110.133:80 www.123bollywood.com tcp
US 67.222.110.133:80 www.123bollywood.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 67.222.110.133:80 www.123bollywood.com tcp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.214.35:80 www.facebook.com tcp
US 8.8.8.8:53 30.179.139.118.in-addr.arpa udp
US 8.8.8.8:53 129.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
GB 157.240.214.35:443 www.facebook.com tcp
US 8.8.8.8:53 feeds.feedburner.com udp
US 8.8.8.8:53 t1.extreme-dm.com udp
GB 172.217.16.238:80 feeds.feedburner.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 18.208.5.78:80 t1.extreme-dm.com tcp
GB 172.217.16.226:443 googleads.g.doubleclick.net tcp
GB 157.240.214.35:80 www.facebook.com tcp
US 67.222.110.133:80 www.123bollywood.com tcp
US 67.222.110.133:80 www.123bollywood.com tcp
US 67.222.110.133:80 www.123bollywood.com tcp
US 67.222.110.133:80 www.123bollywood.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 35.214.240.157.in-addr.arpa udp
US 8.8.8.8:53 226.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 78.5.208.18.in-addr.arpa udp
US 8.8.8.8:53 disqus.com udp
US 151.101.0.134:80 disqus.com tcp
GB 142.250.178.14:80 www.google-analytics.com tcp
US 8.8.8.8:53 123bollywood.disqus.com udp
US 199.232.196.134:443 123bollywood.disqus.com tcp
US 8.8.8.8:53 internetcountercheck.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 e2.extreme-dm.com udp
GB 157.240.214.11:443 static.xx.fbcdn.net tcp
US 18.208.5.78:80 e2.extreme-dm.com tcp
US 151.101.0.134:443 disqus.com tcp
US 8.8.8.8:53 c.disquscdn.com udp
US 8.8.8.8:53 123bollywood.disqus.com udp
US 103.224.212.211:80 internetcountercheck.com tcp
US 3.165.148.44:443 c.disquscdn.com tcp
US 199.232.196.134:445 123bollywood.disqus.com tcp
US 103.224.212.211:80 internetcountercheck.com tcp
US 8.8.8.8:53 134.0.101.151.in-addr.arpa udp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 134.196.232.199.in-addr.arpa udp
US 8.8.8.8:53 11.214.240.157.in-addr.arpa udp
US 8.8.8.8:53 22.10.230.54.in-addr.arpa udp
US 8.8.8.8:53 44.148.165.3.in-addr.arpa udp
US 8.8.8.8:53 211.212.224.103.in-addr.arpa udp
US 199.59.243.227:80 ww25.internetcountercheck.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.200.4:443 www.google.com tcp
US 8.8.8.8:53 syndicatedsearch.goog udp
GB 142.250.187.206:443 syndicatedsearch.goog tcp
GB 142.250.187.206:443 syndicatedsearch.goog udp
US 199.232.192.134:445 123bollywood.disqus.com tcp
US 199.232.196.134:139 123bollywood.disqus.com tcp
US 8.8.8.8:53 227.243.59.199.in-addr.arpa udp
US 8.8.8.8:53 4.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 206.187.250.142.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 67.222.110.133:80 www.123bollywood.com tcp
US 8.8.8.8:53 ep1.adtrafficquality.google udp
GB 142.250.187.226:443 ep1.adtrafficquality.google tcp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
GB 142.250.200.1:443 ep2.adtrafficquality.google tcp
GB 142.250.200.1:443 ep2.adtrafficquality.google udp
US 8.8.8.8:53 226.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 1.200.250.142.in-addr.arpa udp
GB 142.250.187.226:443 ep1.adtrafficquality.google udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 69.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 61cef8e38cd95bf003f5fdd1dc37dae1
SHA1 11f2f79ecb349344c143eea9a0fed41891a3467f
SHA256 ae671613623b4477fbd5daf1fd2d148ae2a09ddcc3804b2b6d4ffcb60b317e3e
SHA512 6fb9b333fe0e8fde19fdd0bd01a1990a4e60a87c0a02bc8297da1206e42f8690d06b030308e58c862e9e77714a585eed7cc1627590d99a10aeb77fc0dd3d864d

\??\pipe\LOCAL\crashpad_4804_RHQMHVAPVHRIXOWE

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0a9dc42e4013fc47438e96d24beb8eff
SHA1 806ab26d7eae031a58484188a7eb1adab06457fc
SHA256 58d66151799526b3fa372552cd99b385415d9e9a119302b99aadc34dd51dd151
SHA512 868d6b421ae2501a519595d0c34ddef25b2a98b082c5203da8349035f1f6764ddf183197f1054e7e86a752c71eccbc0649e515b63c55bc18cf5f0592397e258f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9eee6ff0b19502e9d725e1074842c37c
SHA1 ce696376e28d2e8a3630d798fdff838791af79d7
SHA256 ab45cd4c9d09ff7abb2b6ff7c47b5e5ccc2b6f6877c486ad8c1fa743cfb26aa7
SHA512 f08822158087bb0342342767b139f08eb029e943bea5949be554036ea798aa22af67e47639dce7fef830f477fd69484c5b6cee8997a2833366ae2ef85f9241ca

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 97fc4e9e501baef9da84558068258f93
SHA1 7a23263a6738d655eb5145fde786100a4fd1cf45
SHA256 51ebf6610920c3fa11321e9a98a565503b2c211f5e178bdd17691d690616d3b6
SHA512 1caf3b6bbb26999523c2ac7230bbea794d5bcb9aeba3d1747dc551dde6558f7223c5a6624456b9cfea023a4f33325988134ae6c1f7def837dd214ab26949b0b0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 70b85cf6a58e2e64a32bacee4ee0e501
SHA1 1327d7c4380f9a189fe52440b68b9e2e95b7632e
SHA256 ac93ba3bf09496d3af9f63f31711eebaa2c5e507ee54d0afafe8578e87e46a0a
SHA512 35d7504b4253a847fe707b6010ba672b438766367d0b22b3b5d9852cdbae077edb6c46958cf4d8be0ba9c93b22e89712583987fa03da20d56d303d05039c4996

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 47677dc353b5929f7b0afab337dbc36e
SHA1 d5178a6a073c1977bf6b039a3c0c05b2280f7b8f
SHA256 7d63441ec64496b7f57b5f8c75954741f28ef1bc1c4539391b811db8dd7a37d0
SHA512 086d9b70236f4e7179f8296b88933513e681de52604d6762ae6a112d1d2220f3e1d6581ad001357c2c71f69135240535299c7dc4750b4bdf3b417ebc7a7612e3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 a80424179e57620a6ec24331fe19affc
SHA1 5cba7b1cbf7ce78e98d0a94a108afae2ef43d0a3
SHA256 4f11a9a0f75bd60b809746d7f6cae72cea1a6bc2fe4381483b9a1b676737b7f1
SHA512 e8909ea647a8b9b10dd423db8dd2da7c98e50e1687e205ec4966bb4345a18ff2a20e130698ef6dc8feee9c0848f4e81dc687f97dced0fd874a6652391cd411f4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 e2ec977e93a80c38d864bd6549d7949b
SHA1 cd0d65a4b32d814d9a6696167d83d3d8affe2080
SHA256 8a1f6c7d8d5b8adfba76f5b6cfbcbc8294b5e658e66a0fd4f330e64b74615c6a
SHA512 821b7b7de755a1c9ca50b1327792449c6a647e6bd89aa88f8ade7fbd8e43de507b6670d451f55fc1bb61772cbc4b80252eba97114d76c5b9730f32fb6618d60b