Malware Analysis Report

2024-12-06 03:27

Sample ID 241030-bmtecstejr
Target 7d62bb2e9dfe5a61dbe308d9cb186343_JaffaCakes118
SHA256 bd16132eca39f676ab1fa9c8163b0812962e491cc2ca9b745278a545a34d3787
Tags
socgholish discovery downloader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

bd16132eca39f676ab1fa9c8163b0812962e491cc2ca9b745278a545a34d3787

Threat Level: Known bad

The file 7d62bb2e9dfe5a61dbe308d9cb186343_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

socgholish discovery downloader

SocGholish

Socgholish family

System Location Discovery: System Language Discovery

Browser Information Discovery

Suspicious use of FindShellTrayWindow

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-30 01:16

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-30 01:16

Reported

2024-10-30 01:22

Platform

win7-20240903-en

Max time kernel

144s

Max time network

149s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7d62bb2e9dfe5a61dbe308d9cb186343_JaffaCakes118.html

Signatures

SocGholish

downloader socgholish

Socgholish family

socgholish

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000045c0dde48c11474f81d9a2c02be4ea22000000000200000000001066000000010000200000005ed4d333c1cbba54c3f4a1de7039db4afecef2c8160f8548823e30fa55167c76000000000e8000000002000020000000e65739bfd73430f8d9f9b57858d3bb477808ce77154365e8cd9b513d302fa876900000005ebecb8a9e420a8fa41404eefaf1c52b451070b3d736b4a915d308ffa4232c5e89fedb858a1897b350c7a096d9f8cc9ff829f6ecbcf68e7023adfe77e8eadc3e5f3332d7d9a08b551e48ef68eb99bb6cc7c0b3302845a2e71b68c59069d9031f1ac3396021577dc666fa7ae9c3d7143cdcd5199c69e6d3038151d56cbdad16540f418ae65f48b61e6b5a7a9d3c3a569a40000000ac3840dc636e6064f48095163be7a2ac7c2794b7d60797bf3fea1c2b86e8da97d652881cdcbf17bdd0b2b340a32d23c0c32d204538ebdda86ce36e3203a67616 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 307d82fa692adb01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "436413054" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0CDC3DE1-965D-11EF-8632-EAF933E40231} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000045c0dde48c11474f81d9a2c02be4ea2200000000020000000000106600000001000020000000ebfe5b66f8ea727b6e96b7be045f7155f02eb75250fe6fe6a5ca49df54b0dda6000000000e80000000020000200000005e5ec36457c7913c067b5374dade567b9fb54c036c7daeb595e4b67d539247f520000000d7f2f915beb3e913cfea4233b73195d01d20067d8b66dcdf9205298fedb9c453400000007661cea1f8ecf5b4390fc62edaa2bbe5767b69882590b6c9a3113ca6e2bbc46f63c920c6232634bc6d6d158f586488ae414f57770aa5907a9859e59e9999eb10 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7d62bb2e9dfe5a61dbe308d9cb186343_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2728 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.cine-world.in udp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 feeds.feedburner.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 www.blogtoplist.com udp
US 8.8.8.8:53 www.blogtopsites.com udp
US 8.8.8.8:53 www.topblogarea.com udp
US 8.8.8.8:53 www.blogrankings.com udp
US 8.8.8.8:53 www.blogflare.com udp
US 8.8.8.8:53 www.bloggapedia.com udp
US 8.8.8.8:53 www.ontoplist.com udp
US 8.8.8.8:53 www.topblogging.com udp
US 8.8.8.8:53 www.photoblogdirectory.net udp
US 8.8.8.8:53 www.blogarama.com udp
US 8.8.8.8:53 www.blog-search.info udp
US 8.8.8.8:53 www.blogadda.com udp
US 8.8.8.8:53 blogs.avivadirectory.com udp
US 8.8.8.8:53 www.blogs.com udp
US 8.8.8.8:53 www.blogadr.com udp
US 8.8.8.8:53 www.blogdigger.com udp
US 8.8.8.8:53 www.blogsitelist.com udp
US 8.8.8.8:53 www.zimbio.com udp
US 8.8.8.8:53 www.blogratedirectory.com udp
US 8.8.8.8:53 www.blogrankers.com udp
US 8.8.8.8:53 www.india-topsites.com udp
US 8.8.8.8:53 www.mybloglog.com udp
GB 216.58.201.98:80 pagead2.googlesyndication.com tcp
GB 216.58.201.98:80 pagead2.googlesyndication.com tcp
GB 216.58.212.196:80 www.google.com tcp
GB 216.58.212.196:80 www.google.com tcp
GB 142.250.178.14:80 feeds.feedburner.com tcp
GB 142.250.178.14:80 feeds.feedburner.com tcp
US 3.220.195.79:80 www.blogtopsites.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 3.220.195.79:80 www.blogtopsites.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 172.67.155.21:80 www.bloggapedia.com tcp
US 172.67.155.21:80 www.bloggapedia.com tcp
US 172.67.210.120:80 www.topblogging.com tcp
US 172.67.210.120:80 www.topblogging.com tcp
IN 3.111.253.42:80 www.blogadda.com tcp
IN 3.111.253.42:80 www.blogadda.com tcp
US 199.188.204.184:80 blogs.avivadirectory.com tcp
US 199.188.204.184:80 blogs.avivadirectory.com tcp
US 172.66.43.66:80 www.blogarama.com tcp
US 172.66.43.66:80 www.blogarama.com tcp
US 8.12.18.87:80 www.ontoplist.com tcp
US 8.12.18.87:80 www.ontoplist.com tcp
US 13.248.158.7:80 www.mybloglog.com tcp
US 3.33.130.190:80 www.photoblogdirectory.net tcp
US 13.248.158.7:80 www.mybloglog.com tcp
US 3.33.130.190:80 www.photoblogdirectory.net tcp
US 104.21.73.237:80 www.blogdigger.com tcp
US 104.21.73.237:80 www.blogdigger.com tcp
US 199.59.243.227:80 www.blog-search.info tcp
US 199.59.243.227:80 www.blog-search.info tcp
NL 185.182.56.134:80 www.blogratedirectory.com tcp
NL 185.182.56.134:80 www.blogratedirectory.com tcp
US 172.67.167.144:80 www.blogadr.com tcp
US 172.67.167.144:80 www.blogadr.com tcp
US 104.18.41.208:80 www.blogs.com tcp
US 104.18.41.208:80 www.blogs.com tcp
GB 163.70.151.21:80 connect.facebook.net tcp
GB 163.70.151.21:80 connect.facebook.net tcp
GB 142.250.180.14:80 www.google-analytics.com tcp
GB 142.250.180.14:80 www.google-analytics.com tcp
US 54.204.93.233:80 www.blogsitelist.com tcp
US 54.204.93.233:80 www.blogsitelist.com tcp
US 172.66.43.66:443 www.blogarama.com tcp
US 8.8.8.8:53 bloggapedia.com udp
GB 163.70.151.21:443 connect.facebook.net tcp
US 104.21.73.237:443 www.blogdigger.com tcp
US 172.67.167.144:443 www.blogadr.com tcp
US 8.8.8.8:53 revuwire.com udp
US 104.18.41.208:443 www.blogs.com tcp
US 209.90.91.147:80 www.blogrankers.com tcp
US 209.90.91.147:80 www.blogrankers.com tcp
US 172.67.155.21:443 bloggapedia.com tcp
US 172.67.155.21:443 bloggapedia.com tcp
US 8.8.8.8:53 www.yahoo.com udp
GB 87.248.114.12:443 www.yahoo.com tcp
GB 87.248.114.12:443 www.yahoo.com tcp
NL 188.116.45.164:443 revuwire.com tcp
NL 188.116.45.164:443 revuwire.com tcp
US 8.12.18.87:443 www.ontoplist.com tcp
IN 3.111.253.42:443 www.blogadda.com tcp
US 199.188.204.184:443 blogs.avivadirectory.com tcp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 r10.o.lencr.org udp
US 8.8.8.8:53 e5.o.lencr.org udp
US 8.8.8.8:53 e5.o.lencr.org udp
US 8.8.8.8:53 blogdigger.com udp
GB 2.18.190.73:80 e5.o.lencr.org tcp
GB 2.18.190.73:80 e5.o.lencr.org tcp
GB 2.18.190.73:80 e5.o.lencr.org tcp
IN 3.111.253.42:443 www.blogadda.com tcp
US 172.67.193.92:443 blogdigger.com tcp
US 172.67.193.92:443 blogdigger.com tcp
US 8.8.8.8:53 o.pki.goog udp
GB 142.250.180.3:80 o.pki.goog tcp
IN 3.111.253.42:443 www.blogadda.com tcp
US 8.8.8.8:53 gelgit.tk udp
US 8.8.8.8:53 wd.thebestlinks.com udp
IN 3.111.253.42:443 www.blogadda.com tcp
FR 79.137.112.106:80 wd.thebestlinks.com tcp
FR 79.137.112.106:80 wd.thebestlinks.com tcp
FR 79.137.112.106:443 wd.thebestlinks.com tcp
FR 79.137.112.106:443 wd.thebestlinks.com tcp
FR 79.137.112.106:443 wd.thebestlinks.com tcp
FR 79.137.112.106:443 wd.thebestlinks.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.zimbio.com udp
GB 163.70.147.35:443 www.facebook.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
US 8.8.8.8:53 m.facebook.com udp
GB 163.70.151.35:443 m.facebook.com tcp
GB 163.70.151.35:443 m.facebook.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 www.blogrankings.com udp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 www.blogtoplist.com udp
US 209.90.91.147:80 www.blogrankers.com tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 2.18.190.73:80 crl.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab658B.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar658A.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DJB1KT77\f[1].txt

MD5 8add81be95b2422076d414086e842934
SHA1 5532d2d81583896341b80eed275451fcd797b3dc
SHA256 da63d55f9b85e8487b072bacc9a1dad501273e8c26d576ee710b595533c5b960
SHA512 4e89787e415ee4326d1299e8a99c6035b48e5e9b9ae227f1cc21f7be44c7817e5f4c71b1dc0b932eb0f072e1fea1e4409e64c9760ae3be542538194a5630220d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8B2B9A00839EED1DFDCCC3BFC2F5DF12

MD5 67e486b2f148a3fca863728242b6273e
SHA1 452a84c183d7ea5b7c015b597e94af8eef66d44a
SHA256 facaf1c3a4bf232abce19a2d534e495b0d3adc7dbe3797d336249aa6f70adcfb
SHA512 d3a37da3bb10a9736dc03e8b2b49baceef5d73c026e2077b8ebc1b786f2c9b2f807e0aa13a5866cf3b3cafd2bc506242ef139c423eaffb050bbb87773e53881e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 aac875c1bb1f3cdbfd44e31b7a59fc5b
SHA1 957f127c49ee8e954d4f1081f20023f2810d4b6f
SHA256 04da773118e94b8d3d8fb087448f15d2c6ac90dc51c7deb42181cf20f7f05f58
SHA512 b77360bbb6549059c3fdc8d5f77d2eb2d66d201ef41cceaba5f65108fe9f380cadd5876c56c823ebe00762319ccd5c30e9722d9c9a0a87d3c78aa49f5b5f8ad5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B46811C17859FFB409CF0E904A4AA8F8

MD5 91fffb3242c11504a9c8b0ffcaf12d68
SHA1 3e34905f002d4bba48e0affe9c0035ee33077a84
SHA256 c0324cd319d9f955a3dce9b605efeb46b99335ead819d89166db52c4c11023dc
SHA512 0e9b29b5403498925f108affb72bc634dbbe15d5ddb97ecdfa35591cd63e6435eda07ac91db935ea6fe15b92e935911afed50ffffad7de8cff2d4608260cfb53

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 518ba1e64315dd1fa5a023a47b8f9a80
SHA1 3a40e0136edeb945a129d6dc0b556b874e0d11d6
SHA256 0d118007841a0e29e598af4c4f66037be87ecabf2465b1fb8742a693fc73f3c6
SHA512 9b2cd1ae4aceead10162d422eae3ffdb437d3d746180985f49c7cd46883942272c8cbcc881ea20551ab8045f1232ce1b514f58948b5c8180eb18804f2df58aa5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B46811C17859FFB409CF0E904A4AA8F8

MD5 971c514f84bba0785f80aa1c23edfd79
SHA1 732acea710a87530c6b08ecdf32a110d254a54c8
SHA256 f157ed17fcaf8837fa82f8b69973848c9b10a02636848f995698212a08f31895
SHA512 43dc1425d80e170c645a3e3bb56da8c3acd31bd637329e9e37094ac346ac85434df4edcdbefc05ae00aea33a80a88e2af695997a495611217fe6706075a63c58

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9537a3c1d1148ff5749154fd2381e5f0
SHA1 b97ad2a6385e54785c23de2ab9ab2fae65ad4341
SHA256 190c3a259184a58a2819ce476e6f0277aa2b420e9ee6bab7c0aa2798fdd8038f
SHA512 8892f83dfc1447481fc6fd7ae4cfb34230598188bc8f7cd702445185a3272298c7c2f0a47975bdf75a408c1b5891ded80e3b04f872b3abce8fb97a4cefeb6777

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cf005ac27ffc414c65db185e66a4df45
SHA1 e4f5cab8e94533af7071fb0d8dc3a634a5684e3c
SHA256 8bc0445f99ffd17bf5d91fbfda4e141ed30d3913339079d7ad6f5105971c1632
SHA512 fe62d52e2a6589de64468c1e6003d6fc67c9435bf8e5cdb3fbbfc144db35c1c54d900c44b19a9893a5064426485f0be618b7c68009136ab209998ed2726ee90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f33717bae5e32fc7d6976c7e0fb77628
SHA1 f7354680ac7c548b5f1bc6d721dee7bc9ec4ec03
SHA256 11a53af218acb336ef8d8e13544cd8532bbeb8aca569aa4592249ec25c5c4749
SHA512 d86d7f2e0a4589497210d9ef92ec02ad08fb8db33de08de6dc3822f5564f44b83a50323dcd0a6248b855d6332b9baccdddeb6dd735f27a3c964356333a7c3689

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 95839596e47b0bb9b213b158ea119298
SHA1 0cd49ca471e44a76e3e5952db8fe3dc8f4b3d8b9
SHA256 522b7d08930719be55c462bf8afd80267623903f62881b559b4ace1d4ae7b28c
SHA512 1727a9bf495dabd2261d57e0e739429d2f5f7ac68cff6dd0fac77c9e8b859feb24bf2a1127345f2b362a1eaec43f215d3fa0013439bdd07e0dc5315575eb91a5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0441436d35dab4757f5198e153bad2dd
SHA1 6b2e0ddfa72aadc5b30f828d9cf77d4e45379135
SHA256 6da13792fe25ea4875090a24753373f9a9d212e4ac970bfc37279870aaae1eb6
SHA512 bbce0a28ff3e2c614d42b65d48e6e5a4c2b646a7300e57e27f21031496eb2157c4009cb840676929b15efcad112ec0b8253ac05e79efb00d82e28d9830d53695

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cae26f15cc631bfe0f9fb1ca1915ec83
SHA1 db51f382f1b7f3717b690ebfbb4bccaa0af609f0
SHA256 e56a9f20337b2c1a07000327d2db784564fcd9d90910cc04deefb54b0e6646ca
SHA512 5ccbc4aa88d0deb2369fc1483306c57a9f5b281b44d6640ae5812d855b69e14f46a3706dc8143823616b12aec0ae508968041b8f5c88ca154cf5b8e22e779559

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 df96090896a24b1168088f73400f73bf
SHA1 0cbe39d03e2bc7257c0dad0038287e2a3c752603
SHA256 e526909a1249888b3c2aff93447286f76712517af5f9e7030b5cdf19d2b75393
SHA512 98e9f2ac27f994e45ec5d131d2112e32f8dff205a6a6bd7aae8dfed02536b38c78c8fa8a8a46abf08850a6b386584bc57616116e666cf32ccaac63b558ca47ca

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 304ff133134fce0792c30a69f236566d
SHA1 760715ee40ca2fefb85f319e2f24432d34717bb4
SHA256 3d657b16e490d3f4c58f6ac3710c01847f8e44425af83535d1451ac56a7dedc3
SHA512 03b923bc1e40c50952b89463419800eede3ad66d90c3b6ba6f689db936f22ada83cdbffd1ad4cb9fe78d175ba57ce406847422fb0beda6a559de1929a70ca0ff

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 366ea4d475355fee45da084e73d55ea8
SHA1 340f879f088c799ec49de31e02d00538f674f0c3
SHA256 073ffa0161dca394fd2ab20c52e48777aad2b71e20939073011779e5dd9faa7e
SHA512 12cbeab2738f3142de793309e5e849a0cf207f0e7cbe70ea2cc1fa212b3300b437bee079ff80ad9ada9588e405cac2ed55ff9dda2e358818a68c1434ce27632f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 9fba338f70a2b8282bc8510b8d80f46d
SHA1 df88677cad050d3b126cd1ff8569167ea2dfab8d
SHA256 83a2811312661a8256ba5f749c4d77d408a04d2b0d90b494d2fe6689bc96e2a5
SHA512 ee51e1a20c453e938f60c7caef14730fb7ec8c0d3cdab3faa185c3ccbb0878fbc604e00087c585f5e02504b01a2ce6475c9a83874052e1f1611c341b18cf55c2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 30a87fbcb1754c2b923c24251d4cdd9b
SHA1 243483cb88c4f2963e3883b4691481071858ba99
SHA256 a0b6ec22f60432541da08b088d2e2ce446307448e036eeb9b7e3590d18cdd80c
SHA512 42de853ac9e7b2c6812e48cb75dac1597e4b6079faaad0dcacf59dc15ab2b89592be0dd7c7b2ff3ee8a92817a2bd3fd0a150e68ec1dcde3b7d541bfb5d033c48

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6427e12938a1a5921c39bc0cc34eeff3
SHA1 c7624e300f48e5d2641d563bf0e7dcd3293e72a7
SHA256 1dde4dfeac8b2dfc9f0dc4071fe84a58462f0af9ece1bd09ee6f810dc973cab9
SHA512 c7e91bba759ca9a5c555642f77a6e5dbfc2ec618133c345f3e9f17ef1b9cdcaeadf059dae822a99bcabeb5954c6bd831f78e64f32f1f056a6682e9e99d258dfb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bb0c8ba776370b7db9519c8996e8da24
SHA1 b3efbfa0d51a36a732f53e3b593c7244eefbac3a
SHA256 fcedb836c2d47dc8691bf95e842cab9ad3d12e0d13ddd302f99343c2d607dc9f
SHA512 ca706cf8200e502f55913289556dc73ad46a8d3ae03b061ce34fb784a750a9964f05fc70c6061751c7d27c4897b4434c7c70cdb039ef32ba28bbf7f3f86e05ce

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7e3d578adff52c91cb33f22bd9e0efe3
SHA1 829e30af76414d9f8238158a234e63df1d7f04f2
SHA256 9011f9bd2d81882b75cc7d87bb1a4686c6859d1900e49e97fc4f1e75db9227a6
SHA512 c135871e5816619d0e20559b6fd01da457468a32eaad350a1a6c668a4f4c3987bf2530efa5c409f331547936f0549921621d5b8e4f928bbdd0b4ad0ef53b645a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c3673e06fc4f8f1b8312e1c36e727445
SHA1 fa34cd1d8761d3327b4f556a880f15e70a0a3df6
SHA256 33e85f9ad5cf48e11baf145bb739d720d275066ec122292893c510d9bce6a713
SHA512 76f3908eb07d3e01415e4204db76d1397b045056ce8120767c5e38acbd01748a584dc55d74d799d83b042898a3bb698008f5aac070f12be758a7c8f356cd323c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 31eb561358e1b6f924c62bdbac7722e5
SHA1 2fc8d5787d2fd0930dfd7a704c3956431854fa94
SHA256 880a37516050e05cf3eae969a8f59c77d815d9a7e1e91be18c6a122f8a2e4b32
SHA512 4d15b1408907d01566587ff36f33a644d478da408ffe8e1f1a3ca432dd0b35c59b65de37d4ddeac45d579a91b4f1822ae2798acf566855674168e27a7c8ee3ef

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2fd6e7aeb4272101049368ef5b948ae6
SHA1 e22a7ac79f53442174ecdf844be382afb547f616
SHA256 ed883243709a6cd71dede162d980f467400c08d3e184bd2b1db2f49830723f67
SHA512 074e1802fe4f6f9b4ca205b3a2237b48d660f8e5a2710abd5d20e13b16a57406bca82ab1e1cbcd2ad36a84ea44d3d408e28324c9dd61023e0321baacd6d53327

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3285e3c374e3965832bc2c09ace740b3
SHA1 b24abba5abb6d74bbfb5decfc3acf81a67c3eb36
SHA256 fc07d031f189348bf0e4499c59a922092e3b7b16de7e52ce6ceafd7570c4ec5a
SHA512 442ba8f57ce47e539e1c0ac8fcaf5677b233fcc99d34f6a50030cb4009bf6105e6463e8076a3c1a048f2cc6fb01b10dc8339239b9db48b1e4ed305c8feb68c57

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f48db7f44b03de845b06875aaf26528b
SHA1 b0fc1c9d9b78c05043bd7597b5a7520bd1057356
SHA256 30b46033de5bb967fd1a135a922ba7024f87b9df9a421656524fc0da5d0e70e1
SHA512 a986f4e2f912c810e5df73a2c8cb9cc6a6d5a4cc846f4bc570c563caa1ccf423155c25fb89afb94f66e200ec2652d85e4a1d3bedc196724bb8c707e268114738

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a80df6940ca3627569f66a4e375a0a4a
SHA1 d896a21376f12b1983b426aeef01f5103288896f
SHA256 cc33ce10f7ec5ff512d7169f48a7647aea95cb85aa1158b806a911b06d2d7460
SHA512 200e19187027ec471bb0e692cf13c2becc412d992154027fd85ae154158ce4a4964604c05d253185cebc71f4526d2e797aea9fa3bfb2c01693e827d0d036f859

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7ba52d46b33ad94c7d0821a991b600bf
SHA1 1f94e04b6f7902bd193f64d6bf50cd39a17f6796
SHA256 c008d572bd2c29f838e9828a06c7b6b76c7948124bcb7f5e7fe1016168e9a499
SHA512 896a0fa02c7387a08d3b6deceaefb2597ef1b408b5c5d207405a3ddc493d4445f8d669add34553e89684061ca1d708aac86c94d0d311f4bf764b0e4fde404041

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 763d832d8bb8a82b8cde26c65952b561
SHA1 18029bb89bbc1b0adda96452155603107b7d0757
SHA256 6148d9955dbcd24d1a63adf1709e04c9197125df007fa4980da01d518f6d6ab9
SHA512 8be389c8f9c1182c48cd5152a04d95350d0aa54ebd2d72918415f2b6e32ec51f9f5b851ae864dc0a0f32ba3f86bb7c8b2bac8f9809d39a8c12297b9caa58ce86

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 99a30b9ba5cab5295c01cb3be6164652
SHA1 a2da8936c3c18d70848fd8845dd11c18bdc8562d
SHA256 bf738d580744cd547a0df6433b97d440c0396e7f87fb085aa5a3bcf464d7dde0
SHA512 6a929dc343f0e63b2f2b64da6d301dfaccdb15b3e2e329b448eb9ec85a2b9c4a26e71aaa90a2e3d4a81b63918308b9526630611b18a10745fb80207f06cb0eee

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ce51d6939a0866aaf3176d15dedc43ac
SHA1 fe9bec089b8bdccf47ab1c9c62e7f70bb558fe17
SHA256 4f05c5dd60fdc864fb9c265eb757f4732969114e3c259b8ad0bab6610c8e7abd
SHA512 41a3f532fdb093e811d4fb4673205594b5f94ba0909502de22309cdac82906852f81f1b4595c9b398ad90de8ebc3a94df6df8f6f90343b983bb2e905442c2d03

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-30 01:16

Reported

2024-10-30 01:22

Platform

win10v2004-20241007-en

Max time kernel

145s

Max time network

143s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\7d62bb2e9dfe5a61dbe308d9cb186343_JaffaCakes118.html

Signatures

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4920 wrote to memory of 3712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 3712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 1980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 1980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 1980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 1980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 1980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 1980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 1980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 1980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 1980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 1980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 1980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 1980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 1980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 1980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 1980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 1980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 1980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 1980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 1980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 1980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 1980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 1980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 1980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 1980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 1980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 1980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 1980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 1980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 1980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 1980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 1980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 1980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 1980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 1980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 1980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 1980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 1980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 1980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 1980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 1980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 4192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 4192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 3944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 3944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 3944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 3944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 3944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 3944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 3944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 3944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 3944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 3944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 3944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 3944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 3944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 3944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 3944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 3944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 3944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 3944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 3944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4920 wrote to memory of 3944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\7d62bb2e9dfe5a61dbe308d9cb186343_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb773746f8,0x7ffb77374708,0x7ffb77374718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,14123710819914232111,15883839078799752103,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,14123710819914232111,15883839078799752103,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,14123710819914232111,15883839078799752103,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2956 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14123710819914232111,15883839078799752103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14123710819914232111,15883839078799752103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14123710819914232111,15883839078799752103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14123710819914232111,15883839078799752103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14123710819914232111,15883839078799752103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14123710819914232111,15883839078799752103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7060 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,14123710819914232111,15883839078799752103,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,14123710819914232111,15883839078799752103,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14123710819914232111,15883839078799752103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14123710819914232111,15883839078799752103,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14123710819914232111,15883839078799752103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6920 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14123710819914232111,15883839078799752103,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,14123710819914232111,15883839078799752103,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4988 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 www.cine-world.in udp
US 8.8.8.8:53 www.google.co.in udp
GB 216.58.204.66:80 pagead2.googlesyndication.com tcp
GB 216.58.212.227:445 www.google.co.in tcp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 feeds.feedburner.com udp
US 8.8.8.8:53 www.blogrankings.com udp
US 8.8.8.8:53 www.blogtopsites.com udp
US 8.8.8.8:53 www.blogtoplist.com udp
US 8.8.8.8:53 www.topblogarea.com udp
US 8.8.8.8:53 www.blogflare.com udp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
GB 172.217.169.36:80 www.google.com tcp
US 54.87.82.0:80 www.blogtopsites.com tcp
GB 163.70.151.21:80 connect.facebook.net tcp
US 8.8.8.8:53 www.ontoplist.com udp
GB 142.250.178.14:80 feeds.feedburner.com tcp
US 8.8.8.8:53 www.bloggapedia.com udp
US 8.12.18.87:80 www.ontoplist.com tcp
US 172.67.155.21:80 www.bloggapedia.com tcp
GB 163.70.151.21:443 connect.facebook.net tcp
US 8.8.8.8:53 bloggapedia.com udp
US 8.8.8.8:53 www.topblogging.com udp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 www.photoblogdirectory.net udp
US 172.67.210.120:80 www.topblogging.com tcp
US 172.67.155.21:443 bloggapedia.com tcp
US 3.33.130.190:80 www.photoblogdirectory.net tcp
US 8.12.18.87:443 www.ontoplist.com tcp
US 8.8.8.8:53 www.blogarama.com udp
US 172.66.40.190:80 www.blogarama.com tcp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 8.8.8.8:53 www.blog-search.info udp
US 8.8.8.8:53 www.blogadda.com udp
US 8.8.8.8:53 blogs.avivadirectory.com udp
US 199.59.243.227:80 www.blog-search.info tcp
US 8.12.18.87:443 www.ontoplist.com tcp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 66.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 36.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 21.155.67.172.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 21.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 0.82.87.54.in-addr.arpa udp
US 8.8.8.8:53 87.18.12.8.in-addr.arpa udp
US 8.8.8.8:53 30.179.139.118.in-addr.arpa udp
US 8.8.8.8:53 120.210.67.172.in-addr.arpa udp
US 8.8.8.8:53 190.130.33.3.in-addr.arpa udp
US 8.8.8.8:53 190.40.66.172.in-addr.arpa udp
US 8.8.8.8:53 www.blogs.com udp
US 8.8.8.8:53 www.blogadr.com udp
US 172.64.146.48:80 www.blogs.com tcp
US 104.21.57.246:80 www.blogadr.com tcp
US 8.8.8.8:53 www.blogdigger.com udp
US 172.66.40.190:443 www.blogarama.com tcp
US 172.67.193.92:80 www.blogdigger.com tcp
US 172.64.146.48:443 www.blogs.com tcp
US 8.8.8.8:53 www.blogsitelist.com udp
US 172.67.193.92:443 www.blogdigger.com tcp
US 8.8.8.8:53 www.zimbio.com udp
US 8.8.8.8:53 www.blogrankers.com udp
US 8.8.8.8:53 www.blogratedirectory.com udp
US 3.220.3.111:80 www.blogsitelist.com tcp
US 104.21.57.246:443 www.blogadr.com tcp
US 3.220.3.111:80 www.blogsitelist.com tcp
US 209.90.91.147:80 www.blogrankers.com tcp
US 8.8.8.8:53 blogdigger.com udp
US 209.90.91.147:80 www.blogrankers.com tcp
US 8.8.8.8:53 www.india-topsites.com udp
US 8.8.8.8:53 www.mybloglog.com udp
GB 142.250.180.14:80 www.google-analytics.com tcp
IN 3.111.253.42:80 www.blogadda.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 199.188.204.184:80 blogs.avivadirectory.com tcp
US 8.8.8.8:53 227.243.59.199.in-addr.arpa udp
US 8.8.8.8:53 246.57.21.104.in-addr.arpa udp
US 8.8.8.8:53 48.146.64.172.in-addr.arpa udp
US 8.8.8.8:53 92.193.67.172.in-addr.arpa udp
US 8.8.8.8:53 111.3.220.3.in-addr.arpa udp
US 8.8.8.8:53 14.180.250.142.in-addr.arpa udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
IN 3.111.253.42:443 www.blogadda.com tcp
US 199.188.204.184:443 blogs.avivadirectory.com tcp
NL 185.182.56.134:80 www.blogratedirectory.com tcp
US 8.8.8.8:53 revuwire.com udp
NL 188.116.45.164:443 revuwire.com tcp
US 13.248.158.7:80 www.mybloglog.com tcp
US 8.8.8.8:53 www.yahoo.com udp
GB 87.248.114.12:443 www.yahoo.com tcp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 8.8.8.8:53 42.253.111.3.in-addr.arpa udp
US 8.8.8.8:53 184.204.188.199.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 134.56.182.185.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 164.45.116.188.in-addr.arpa udp
US 8.8.8.8:53 7.158.248.13.in-addr.arpa udp
US 8.8.8.8:53 www.google.co.in udp
US 8.8.8.8:53 12.114.248.87.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.187.194:443 googleads.g.doubleclick.net tcp
GB 172.217.169.36:80 www.google.com tcp
US 8.8.8.8:53 gelgit.tk udp
US 8.8.8.8:53 wd.thebestlinks.com udp
FR 79.137.112.106:80 wd.thebestlinks.com tcp
US 8.8.8.8:53 194.187.250.142.in-addr.arpa udp
FR 79.137.112.106:443 wd.thebestlinks.com tcp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 106.112.137.79.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 ep1.adtrafficquality.google udp
US 8.8.8.8:53 www.cine-world.in udp
GB 142.250.200.34:443 ep1.adtrafficquality.google tcp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
GB 216.58.213.1:443 ep2.adtrafficquality.google tcp
GB 216.58.213.1:443 ep2.adtrafficquality.google udp
US 8.8.8.8:53 34.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 1.213.58.216.in-addr.arpa udp
GB 142.250.200.34:443 ep1.adtrafficquality.google udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 d22073dea53e79d9b824f27ac5e9813e
SHA1 6d8a7281241248431a1571e6ddc55798b01fa961
SHA256 86713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6
SHA512 97152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413

\??\pipe\LOCAL\crashpad_4920_RVKZGWVRCDELFDKE

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 bffcefacce25cd03f3d5c9446ddb903d
SHA1 8923f84aa86db316d2f5c122fe3874bbe26f3bab
SHA256 23e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405
SHA512 761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f75a09c6017384b744de134f9aea4cad
SHA1 5673fc66dd1994ac04198c9862fbe2b8a5e6a3dc
SHA256 a250f9f3ea778e61adf211a6c32e171d8cb86f9e1c27de50ec8d08a9fa8c385c
SHA512 304a626428b5c419d9b5426cd24f270abda224ff875c46afcb3e4272362fb31239dd8af4822df50ff52a3bebe593bc88873d56cf58d378119186089e38e3bdc5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 dbb0d11b92c6e89e5a011cb18738e792
SHA1 1ec4f8e44dd4f309e86aa47c78c3702d521dbecc
SHA256 4e461486b77bca6d780ee4c99f722a84e5af0828dd62c082f0e61c6bdef82d04
SHA512 7f95b959edbc6c09da00362af8e988face15f781db78e3329eb709b3a10c46056bed41a49e219ffab503e3297e7405ce8123a60d5691b456fd03384c6ba93d0b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6a8a327231f7b44666450622bfc1b4bd
SHA1 6bf5362789af0cb358c227042ef54f50211b381a
SHA256 2c684979ae359c35410577de88521af6706b8e3e8d72af5190d0d9f5e32e0fb5
SHA512 c7cc265aa96e8383934cf9154dca02f49e272990df8e1a769ccdfa5721f799efe9a9b51c74d4916c4152782a9a38bd7767334cf5dc153fea7f806ab34d151a1e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580395.TMP

MD5 a9de5a8636fbcca1d0d410e161aa90d2
SHA1 ecbcef13784f7aca5991d3d212b441e16fcfa8fe
SHA256 b7ad24e1056e632bcc9a129fc742dd3125e4ca6c39ce3c6645318ec5cf82889e
SHA512 596fd28ff5567006162e4691ca75e2369451c64b29d5d76a6bcd151a8891f9830f11ce745eba778c77cfc4c82db9052aa2a8b761d3ef7e9faaf3550143cb2092

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ff4d22ec3a737f6dac987d02108017e7
SHA1 94c3804667b2d1df9f7c73886560fe1d38ded605
SHA256 bf34f64e485a514179083a64da88d630a64626cbca9b60f10b20ea5b79c086d2
SHA512 049453d70fd0b4137bbbbfc666932192a77feea76da6e22cbd718b5dc7469ce72331215df559af8f92fdc4e9f6a8c37b2d6eec1201868ca6a56b823cc3c76e23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 053816820ec8951ea7819504e9a1bcd2
SHA1 e10423502faa96d15659affbb00859db33887fbe
SHA256 c45664f6b86a97c63dbbfebc1a1bccf0beeb241bb0baff348863fa1446bd12da
SHA512 90455805ee6c8d912e083e89595eeed1655b159a13be9be9c89c3f1704352cd050e0a941c0b82893ad0045cf060d529d1818b8621edbd349e656242fb0fc2839

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\6ecc3433-ecd6-4bc3-86f3-9bd69f9aa25c.tmp

MD5 d61d3094db2951cd840f8480a9a77645
SHA1 908a66c78871cba3d308b1335df09eec2c4f7259
SHA256 34db119207aa0ef9cd3c7db2e56284b154bb1f70b6f45fbc1c8e0ba381904683
SHA512 1e2cc2aa2d2688e19325b79f4f05d8eee36d45fd01903f0e8356cf5c75e3612c64ff2bd18e8c3dc4ad36cc262616eef2f13ae92cc7c1e83dd4a8ee06efb8ad50

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 d98842077528711ff245828e3aed7508
SHA1 922a973c88bd04f88ec7f4e537d0ba2bd19a3e3c
SHA256 3b20b0ef007daa708b068b6546b3c2002f10d3be2ab97d66bfb89013aa16d1bd
SHA512 6716a5d1a0da2b7e0a14c25829e194c9e9b9a0cb668516b88da9380060d1423c4a79940b8759c4048911e60fec414e68d4c53179bea3f9b74cb74dcca3918000