Malware Analysis Report

2024-12-06 03:27

Sample ID 241030-dtyc1awanp
Target 7db6cfe0f5885f3f0306a44a6ecbf731_JaffaCakes118
SHA256 16775eb1db5324b57da3e56901143e66f03a471f535c8bf5cb6c8ef5eb782213
Tags
socgholish discovery downloader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

16775eb1db5324b57da3e56901143e66f03a471f535c8bf5cb6c8ef5eb782213

Threat Level: Known bad

The file 7db6cfe0f5885f3f0306a44a6ecbf731_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

socgholish discovery downloader

SocGholish

Socgholish family

System Location Discovery: System Language Discovery

Browser Information Discovery

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-30 03:18

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-30 03:18

Reported

2024-10-30 03:21

Platform

win7-20240903-en

Max time kernel

138s

Max time network

150s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7db6cfe0f5885f3f0306a44a6ecbf731_JaffaCakes118.html

Signatures

SocGholish

downloader socgholish

Socgholish family

socgholish

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "436420192" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 40609f987a2adb01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A9158441-966D-11EF-9F10-C28ADB222BBA} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000078a0cc6b0b830b4fbbc12dd3fac6f542000000000200000000001066000000010000200000008bc67cba289ed10d33e0e96c9716e285032fd72cb62e43d7acc30f04b78a823a000000000e800000000200002000000024deaaef449379fbee556e2ece13d71925bda6126081b3595c493ca5f8671bc020000000d356e348d76b0d37a5a39d00ad8ab93e184f218fede97a1810c1815a0abb47a540000000e9d6e23eb0186cb93bd9911825e98c3582ccbffbd1dfabdbffb81e6b0c014709318b14af2b44f5797f4994c353916f6ccf5a9047eb359cbb5e3b9ff09c272aac C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000078a0cc6b0b830b4fbbc12dd3fac6f54200000000020000000000106600000001000020000000a972241ed3a220e360c5b398297071cdca0756de1cdd42e77b26f61813a58f9a000000000e8000000002000020000000c3fcbba64f94eaff162282a35420de017c9301165063af3815ad34a929bb24e7900000008c8f92d4f9177c65a374a2a00dd429643efb1c5fd13e0d8721d9f601581ffd19d04fc9ce9ae1445924a8c86e988414f438551ee846944e19d9ecdcee339cb5aaac224baa45852de17e0ec2d0229f40c283dad909bdd9cb6067aafb529cafa1ebab7c43b2599190f627ee707fd348d3276bdab6b9b5949059715be51ee1f6229db65d303d98954e493ce533ffda773b0840000000152f144a43287c2261bd30a60e47a6ae8932a76b82d068e6c66c1076f67bddd7b1aa0a2035c60c17d42a8a4338b0a5856080abea9f14f4f3670f2ecf6a3b4957 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7db6cfe0f5885f3f0306a44a6ecbf731_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2408 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 img1.blogblog.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 www.blogtoplist.com udp
US 8.8.8.8:53 www.scrubtheweb.com udp
US 8.8.8.8:53 xn--crdenas-hwa.net udp
US 8.8.8.8:53 www.submitdomainname.com udp
US 8.8.8.8:53 www.plazoo.com udp
US 8.8.8.8:53 www.blogrankings.com udp
US 8.8.8.8:53 www.feedburner.com udp
US 8.8.8.8:53 us.i1.yimg.com udp
US 8.8.8.8:53 buttons.googlesyndication.com udp
US 8.8.8.8:53 feedjit.com udp
US 8.8.8.8:53 sm9.sitemeter.com udp
US 8.8.8.8:53 www.topblogarea.com udp
US 8.8.8.8:53 www.bloglines.com udp
US 8.8.8.8:53 img.tfd.com udp
US 8.8.8.8:53 www.bitty.com udp
US 8.8.8.8:53 plusmo.com udp
US 8.8.8.8:53 image.excite.co.uk udp
US 8.8.8.8:53 www.webwag.com udp
US 8.8.8.8:53 www.podcastready.com udp
US 8.8.8.8:53 www.europerank.com udp
US 8.8.8.8:53 www.mynewblog.com udp
US 8.8.8.8:53 widgets.5z5.com udp
US 8.8.8.8:53 www.zimbio.com udp
US 8.8.8.8:53 www.yousaytoo.com udp
US 8.8.8.8:53 www.blogrollcenter.com udp
US 8.8.8.8:53 www.blogtopsites.com udp
US 8.8.8.8:53 www.britblog.com udp
US 8.8.8.8:53 www.blogdigger.com udp
US 8.8.8.8:53 www.blogrankers.com udp
US 8.8.8.8:53 www.ontoplist.com udp
US 8.8.8.8:53 www.sonicrun.com udp
US 8.8.8.8:53 www.top100add.com udp
US 8.8.8.8:53 websitesubmit.hypermart.net udp
US 8.8.8.8:53 www.wikio.com udp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
DE 213.136.69.6:80 www.plazoo.com tcp
DE 213.136.69.6:80 www.plazoo.com tcp
GB 172.217.169.36:80 buttons.googlesyndication.com tcp
GB 142.250.178.9:80 img1.blogblog.com tcp
GB 172.217.169.36:80 buttons.googlesyndication.com tcp
GB 142.250.200.46:443 www.feedburner.com tcp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
GB 142.250.200.46:443 www.feedburner.com tcp
GB 142.250.178.9:80 img1.blogblog.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
GB 87.248.114.11:80 us.i1.yimg.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
GB 87.248.114.11:80 us.i1.yimg.com tcp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
GB 142.250.200.46:80 www.feedburner.com tcp
GB 142.250.200.46:80 www.feedburner.com tcp
US 208.98.35.225:80 www.scrubtheweb.com tcp
US 208.98.35.225:80 www.scrubtheweb.com tcp
US 8.8.8.8:53 www.w3-directory.com udp
US 151.101.2.114:80 www.bloglines.com tcp
US 151.101.2.114:80 www.bloglines.com tcp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
US 8.8.8.8:53 directory.bloggerplugins.org udp
US 8.8.8.8:53 www.ukbest50.co.uk udp
US 63.135.106.45:80 www.bitty.com tcp
US 104.21.73.237:80 www.blogdigger.com tcp
US 104.21.73.237:80 www.blogdigger.com tcp
US 63.135.106.45:80 www.bitty.com tcp
US 3.220.195.79:80 www.blogtopsites.com tcp
US 3.220.195.79:80 www.blogtopsites.com tcp
US 172.67.177.143:80 www.mynewblog.com tcp
US 172.67.177.143:80 www.mynewblog.com tcp
US 172.67.198.153:80 www.submitdomainname.com tcp
US 172.67.198.153:80 www.submitdomainname.com tcp
LT 79.98.26.232:80 www.yousaytoo.com tcp
US 8.12.18.87:80 www.ontoplist.com tcp
US 8.12.18.87:80 www.ontoplist.com tcp
LT 79.98.26.232:80 www.yousaytoo.com tcp
DE 51.195.17.238:80 image.excite.co.uk tcp
DE 51.195.17.238:80 image.excite.co.uk tcp
US 104.21.95.51:80 www.wikio.com tcp
US 104.21.95.51:80 www.wikio.com tcp
US 74.208.47.213:80 www.sonicrun.com tcp
US 74.208.47.213:80 www.sonicrun.com tcp
FR 77.87.110.40:80 www.w3-directory.com tcp
FR 77.87.110.40:80 www.w3-directory.com tcp
GB 185.2.219.212:80 www.ukbest50.co.uk tcp
GB 185.2.219.212:80 www.ukbest50.co.uk tcp
GB 185.2.219.212:80 www.ukbest50.co.uk tcp
GB 185.2.219.212:80 www.ukbest50.co.uk tcp
DE 178.254.50.91:80 xn--crdenas-hwa.net tcp
DE 178.254.50.91:80 xn--crdenas-hwa.net tcp
BG 185.31.121.155:80 www.europerank.com tcp
BG 185.31.121.155:80 www.europerank.com tcp
US 151.101.2.114:443 www.bloglines.com tcp
US 172.67.177.143:443 www.mynewblog.com tcp
FR 163.172.47.39:80 www.webwag.com tcp
FR 163.172.47.39:80 www.webwag.com tcp
US 38.113.1.158:80 websitesubmit.hypermart.net tcp
US 38.113.1.158:80 websitesubmit.hypermart.net tcp
DE 178.254.50.91:443 xn--crdenas-hwa.net tcp
US 108.181.102.67:80 img.tfd.com tcp
US 108.181.102.67:80 img.tfd.com tcp
US 104.21.73.237:443 www.blogdigger.com tcp
US 209.90.91.147:80 www.blogrankers.com tcp
US 209.90.91.147:80 www.blogrankers.com tcp
US 162.215.117.222:80 www.top100add.com tcp
US 162.215.117.222:80 www.top100add.com tcp
US 8.12.18.87:443 www.ontoplist.com tcp
US 74.208.47.213:443 www.sonicrun.com tcp
JP 202.208.220.131:80 www.podcastready.com tcp
JP 202.208.220.131:80 www.podcastready.com tcp
AR 200.80.209.243:80 plusmo.com tcp
AR 200.80.209.243:80 plusmo.com tcp
US 8.8.8.8:53 c.pki.goog udp
AR 200.80.209.243:443 plusmo.com tcp
US 8.8.8.8:53 www.zimbio.com udp
GB 142.250.180.3:80 c.pki.goog tcp
GB 142.250.180.3:80 c.pki.goog tcp
US 8.8.8.8:53 o.pki.goog udp
GB 142.250.180.3:80 o.pki.goog tcp
US 8.8.8.8:53 blogdigger.com udp
US 172.67.193.92:443 blogdigger.com tcp
US 172.67.193.92:443 blogdigger.com tcp
GB 142.250.180.3:80 o.pki.goog tcp
US 8.8.8.8:53 www.blogrankings.com udp
US 208.98.35.225:443 www.scrubtheweb.com tcp
US 8.8.8.8:53 www.blogtoplist.com udp
US 8.8.8.8:53 r10.o.lencr.org udp
GB 2.18.190.73:80 r10.o.lencr.org tcp
US 151.101.2.114:443 www.bloglines.com tcp
GB 142.250.200.46:443 www.feedburner.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 i161.photobucket.com udp
GB 172.217.169.36:80 www.google.com tcp
GB 172.217.169.36:80 www.google.com tcp
GB 3.162.20.109:80 i161.photobucket.com tcp
GB 3.162.20.109:80 i161.photobucket.com tcp
GB 3.162.20.109:443 i161.photobucket.com tcp
US 8.8.8.8:53 widgets.amung.us udp
US 8.8.8.8:53 s10.histats.com udp
US 172.66.132.118:80 s10.histats.com tcp
US 104.22.74.171:80 widgets.amung.us tcp
US 172.66.132.118:80 s10.histats.com tcp
US 104.22.74.171:80 widgets.amung.us tcp
US 8.8.8.8:53 s4.histats.com udp
US 8.8.8.8:53 gelgit.tk udp
CA 149.56.240.130:443 s4.histats.com tcp
CA 149.56.240.130:443 s4.histats.com tcp
GB 3.162.20.109:443 i161.photobucket.com tcp
US 8.8.8.8:53 e6.o.lencr.org udp
GB 2.18.190.80:80 e6.o.lencr.org tcp
US 8.8.8.8:53 www.blogtoplist.com udp
US 8.8.8.8:53 r11.o.lencr.org udp
GB 2.18.190.80:80 r11.o.lencr.org tcp
US 172.66.132.118:443 s10.histats.com tcp
FR 163.172.47.39:443 www.webwag.com tcp
US 208.98.35.225:443 www.scrubtheweb.com tcp
FR 163.172.47.39:443 www.webwag.com tcp
US 8.8.8.8:53 musikschule-seesaite.de udp
DE 178.254.50.82:80 musikschule-seesaite.de tcp
DE 178.254.50.82:80 musikschule-seesaite.de tcp
BG 185.31.121.155:80 www.europerank.com tcp
US 63.135.106.45:80 www.bitty.com tcp
DE 51.195.17.238:80 image.excite.co.uk tcp
US 209.90.91.147:80 www.blogrankers.com tcp
US 209.90.91.147:80 www.blogrankers.com tcp
JP 202.208.220.131:80 www.podcastready.com tcp
US 208.98.35.225:443 www.scrubtheweb.com tcp
US 208.98.35.225:443 www.scrubtheweb.com tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 2.18.190.73:80 crl.microsoft.com tcp
DE 178.254.50.82:80 musikschule-seesaite.de tcp
DE 178.254.50.82:80 musikschule-seesaite.de tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
CA 149.56.240.130:443 s4.histats.com tcp
CA 149.56.240.130:443 s4.histats.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab985B.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar9FAE.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2b17e743dddc8871751efef2fc8f2c35
SHA1 e31bd60aca9cba84582512d9932dde18f67fd49a
SHA256 92a14e746c7f1cc1aea93233f2c29d88c758ad7d1d38c711a54111aee72e6cb7
SHA512 2cd5c55ff8838cd43fd55e602f1d4a9ef3604df4c73bde23ff630b0b5e97b60bd0af1a3ff0a113dc088fcc8db15c2de71070efdcad6b77bf39b798f98de8e839

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F59A01A8B782D93EA6991BC172CEFFB1

MD5 c5dfb849ca051355ee2dba1ac33eb028
SHA1 d69b561148f01c77c54578c10926df5b856976ad
SHA256 cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b
SHA512 88289cdd2c2dd1f5f4c13ab2cf9bc601fc634b5945309bedf9fc5b96bf21697b4cd6da2f383497825e02272816befbac4f44955282ffbbd4dd0ddc52281082da

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F59A01A8B782D93EA6991BC172CEFFB1

MD5 33455b6efba446d217eb2b43383f4b69
SHA1 41507e9d6f711976996f7104c5d81838a808bea1
SHA256 f81a5c1d77d4a49c0f42b4744c7bcf51539be108474b9e59659f6facf9976e83
SHA512 149923d7560b10006b7b8275a2a604f6d2f596d0a59c172eb4ac267a9a1d56cf604d46c72725094582b98a524571bd10ae036415ed36c32c0689167a9018a362

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 935726718bab170eb3c2d64d4fe9e249
SHA1 d0356a76c64ece860ebe43dcbbb852c82511c661
SHA256 708f62460957e37885e177fa6973ed179afd35d50eec5872d6ccacf500f9225f
SHA512 f7bb33c0555d7f6a37445778116cf7feff4bd360fed99bade9db5f3ee879165e856d2423a580e278332fe7163be671c1c0796de2729cff53ae61a6cd55cf3cb7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2d381c9a770886a2ee68123ffa3b4647
SHA1 1bffbc2c00d6c874d7ba407b6c58913e61e8f2a1
SHA256 fbbd3bdf85110aedd195f08978e60af088d817131720e71c1d08dc715b1e6929
SHA512 065b7b8651c3898f4c2c34a5e99a5479162b13cf4783b23a8beeb8f28d12fcfb6c6499622f084a9e720cc6a7511620f27f493d1b85bf4e047fb210d2e7510f1e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fbab01fcc24114002cfad6258fc53051
SHA1 220940828e4a1a2bbf295fd9cb3a0956b2c66230
SHA256 b0ec01c0bb7a530b404d1b28b529cfb211bc25c53d7dc841845e25a95bf55ae4
SHA512 76821bdfe7c67a6bf5826415e2bae41b4822ef6080a071c8112c47735d8c2f38cacca352a1f460c78c2a561061a30ae7274f7398b4136135df0e1d223f0fb9d3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 49883baf70e4625a310658314f2a8541
SHA1 425fa02831c09fc941b1264f65c540ada6318937
SHA256 f3bda39a8bc7f9ad9fafc4b9ef48a2f4136e42899c6948fcd8f52cd845f9fda7
SHA512 74c7681db2a7be7ef5e60efa2dfb76d89890a797c15d84ff287daaab082a1d8c80df91f438c757d3694f094e3fdb8195614c8d5736ece7b9c19e2832167bd76d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ddf50234a8c10b5df79720b239b4bf02
SHA1 8d23f53ff3125c3074b47147f494abdfd7101c79
SHA256 4de520480b4a009a43669e0a95deb66bf64da5ced9f1aaaf8c7c62fc83a5a1a5
SHA512 0639d3432b09b685f497598fe2000c12ae6643a266ec2f872b2951bbb06270f0f31af1d4fd75af8aac787c3147cfa73bc573e2fa72d82f2a7a6eb4a32a45b385

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

MD5 55540a230bdab55187a841cfe1aa1545
SHA1 363e4734f757bdeb89868efe94907774a327695e
SHA256 d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512 c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ffcec8e934ba5a84dfbe88d8f5be486e
SHA1 9a6c19c534f414d2143d3a30cede1dcf9f01da72
SHA256 64d4d8bf3b2d030ca3a133468293d9ca4cc07aa315b7ac1894a80190502d726e
SHA512 4241bc14830019011eb1eb4b86836477128a34bc359f47e62be5e6b0486ad247ddde66c0beaf05de0ae64bf5e027d00d1a77fed5e52fce045a66e044aa27edb8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 84b0fe83c5a29fd0057693a35d1effba
SHA1 caab60e67fa67c82c615e63d65cbee844f7ef332
SHA256 38ed5fa84f0b635567cc98ad1e98dcc539503eb7ff0dc847d6634fffe00dab16
SHA512 aba0ac28611773af72737530acedd17421d3d8232b7219fb1e010238dda3bdd10e38c9a18e5a6acbd5ecfa548817f1ef03e09054bca536b6bd6464b53433163e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9ac022b63de47177ad97804cbc423951
SHA1 f4fb5b26cbfeabd9058bd13ffc30f3fdb7d3738c
SHA256 9c92ddee40e11501899df3dc050d0f7bf532c8022fc7a30e55ae99d253c7d8d7
SHA512 73ae1c0d3a70a08c8e654ea2ae56b6c47a61cce12d47c4ed5fef95bb616e5aaaa586dc326030717a9f3d75717c2df38e917d4dd426c2dc8108bd47a461612166

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 69b73c7af69a08a370d6c9cf8570b69f
SHA1 339c4581d582c7c7ff3c761d2b058e695405e5b9
SHA256 9dc5b6e1e361ebee3fb55b19ed47e4c894d9e129a01be67417b230d8c4ac205a
SHA512 1cd0b86ba8edff92ceb7dde351981ec32d74a078f33c06a1eb74f318bdac6b0959971b862ef64d40d3bf315e8baa3c5438f5e4610875ff39e41a0cdcb89bca2a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 aa5968651820c568e61bfa3d51c0f035
SHA1 36974cd88bef03b937dc3c5fb235df7e46f2d85d
SHA256 678b7209134d0cfe6b43ce02bf5adb6f874edabf227b7356b00ddf6ebe6305c3
SHA512 b648f66aede7c0c6851a3773d81590b6bdca9cd744d5a4b0fbe8f252323680b8c7c5ed348cdf69447d2830dd9ed7a86fef5b02531aa19cc817b174b0881aec75

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 9537fa793a0fd61b8cf6d30e8372bf41
SHA1 c6c903687df5dab3cff91422c4078401a7519eb6
SHA256 ec85b6363f07cf26110e6f415cc49c0e52b3a236daab34fd289bde2685ffb073
SHA512 1d0dbddf3bc69a832afd9c9bebdda655ae22605d680090310518698e9e9f73383a9e15e0b928538776e702bb8840bb4b8704eed35ecad094bfe989f31658044d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8e7b4a8ad1a44e05ca73f999207d85f9
SHA1 741dc502bc0bb6d503b250d8b02c813211c11e67
SHA256 2ae40cc7d60ebdfa0274aa030e74b0f189ef8f319ae6e8ec4cf5cbf025fe063d
SHA512 dee200d3914918ddd325849ea50d7422d6021fe9a3e89b379ee8a353478af1756ec62061c8fcd17f6bb2d1b5e870fc1721923eb840fd9d07ff5f01f0dbf1b8a2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e567efe6efdd40b0a587a41164541020
SHA1 cdea4cf108cb7c99854c306a24a5c0079a95b219
SHA256 16dd13b70cf796c887fbf2e7b1af24c2816d90e5f6b940c306834161e70cdc95
SHA512 bdf4b0b6ea9598f87a0eb788c0eb465927c64f6640f345ba853593b0b2ada8e556078e79932e4322216b86d14085b290998c1bd2a1b99c6dad6167327d6aaf53

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c25a0a0a52d4bc0dbcfeae7b18f98894
SHA1 cc3ba510620ca6264f014e33078f83cf1c6a0e36
SHA256 116c93c102326369d1a525a7204ead5f1b748592b60c4c6d17f843bd055e4433
SHA512 874e9bb98540657d4736a50add9cef474909426fea5f8756f52393e2ea65045f92a34fbdd72f2e605ef24d7b5d6e8fc708c27c0513417cab35d9b5469d537f3b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 354e6c650df3323ff49fad1e124230f6
SHA1 3e4f4793dc863f2797d68c8eeafc2c06730185f3
SHA256 cd06ef7889825469c41a3c0a34be2830fda7a4fdd97028be63e308cad0fc9802
SHA512 8610cd99f057155e5dd9bb9015800ee808ca4a8647d990a98675ece16b11e288c1cc23216aa5737cabd08cb79106807bb7a8148840876744b0359812a473d19d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bf1c2ee8ffb0974e464b699ddd2bd64d
SHA1 d7ffc4a7aee443a4897bb907c32c920dd17c8589
SHA256 9a6cdfe7d36a5c801935e3352a4c0a454c54ccb4f404ac56475da3463f8d919a
SHA512 6ed1d251d92994243e6f37d8ba55a28fd256a718d9776fe52c954fa00183fc8d14fc55556afbc081fb67216bc8f052a74e6830d01a519bef1187d5f22c8c7c19

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cf92d6f886f164712ed304cf320ab609
SHA1 6754f39aed9caed8dcc14adccf78338f225df9cc
SHA256 0a00ddeee0bab85d6061c3daa10bfcdd4c32acd410b2ffeb399aebabec31ee12
SHA512 0ad0df446be27557968472ad77b3e5f62a8a3630da6d4ff40c0f7b12353de80163b1a28a1623fefd099cbc23c2a829fc7ebd74428833b1e6c6448943fb916bbe

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-30 03:18

Reported

2024-10-30 03:21

Platform

win10v2004-20241007-en

Max time kernel

145s

Max time network

153s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\7db6cfe0f5885f3f0306a44a6ecbf731_JaffaCakes118.html

Signatures

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1372 wrote to memory of 3780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 3780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 2140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 2140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 2140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 2140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 2140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 2140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 2140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 2140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 2140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 2140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 2140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 2140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 2140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 2140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 2140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 2140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 2140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 2140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 2140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 2140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 2140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 2140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 2140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 2140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 2140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 2140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 2140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 2140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 2140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 2140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 2140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 2140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 2140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 2140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 2140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 2140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 2140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 2140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 2140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 2140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 3872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 3872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1372 wrote to memory of 1016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\7db6cfe0f5885f3f0306a44a6ecbf731_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffba9dc46f8,0x7ffba9dc4708,0x7ffba9dc4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,13724084078769126694,18315645391351857346,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,13724084078769126694,18315645391351857346,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,13724084078769126694,18315645391351857346,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,13724084078769126694,18315645391351857346,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,13724084078769126694,18315645391351857346,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,13724084078769126694,18315645391351857346,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,13724084078769126694,18315645391351857346,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3224 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,13724084078769126694,18315645391351857346,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3224 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,13724084078769126694,18315645391351857346,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,13724084078769126694,18315645391351857346,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,13724084078769126694,18315645391351857346,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,13724084078769126694,18315645391351857346,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,13724084078769126694,18315645391351857346,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3244 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 img1.blogblog.com udp
US 8.8.8.8:53 www.blogger.com udp
GB 142.250.200.46:443 apis.google.com tcp
GB 142.250.178.9:80 www.blogger.com tcp
GB 142.250.178.9:445 www.blogger.com tcp
US 8.8.8.8:53 www.linkwithin.com udp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 46.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 9.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 feedjit.com udp
US 8.8.8.8:53 sm9.sitemeter.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
US 8.8.8.8:53 30.179.139.118.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 2.bp.blogspot.com udp
GB 142.250.180.1:80 2.bp.blogspot.com tcp
GB 142.250.180.1:80 2.bp.blogspot.com tcp
US 8.8.8.8:53 17.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 www.blogger.com udp
GB 142.250.180.1:80 2.bp.blogspot.com tcp
GB 142.250.180.1:80 2.bp.blogspot.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 www.blogtoplist.com udp
US 8.8.8.8:53 www.scrubtheweb.com udp
US 8.8.8.8:53 xn--crdenas-hwa.net udp
US 208.98.35.225:80 www.scrubtheweb.com tcp
DE 178.254.50.91:80 xn--crdenas-hwa.net tcp
US 208.98.35.225:443 www.scrubtheweb.com tcp
US 8.8.8.8:53 91.50.254.178.in-addr.arpa udp
US 8.8.8.8:53 225.35.98.208.in-addr.arpa udp
DE 178.254.50.91:443 xn--crdenas-hwa.net tcp
US 8.8.8.8:53 musikschule-seesaite.de udp
DE 178.254.50.82:80 musikschule-seesaite.de tcp
US 8.8.8.8:53 www.submitdomainname.com udp
US 8.8.8.8:53 82.50.254.178.in-addr.arpa udp
US 8.8.8.8:53 scrubtheweb.com udp
US 8.8.8.8:53 www.plazoo.com udp
US 172.67.198.153:80 www.submitdomainname.com tcp
US 172.67.198.153:80 www.submitdomainname.com tcp
US 8.8.8.8:53 www.blogrankings.com udp
US 8.8.8.8:53 153.198.67.172.in-addr.arpa udp
DE 213.136.69.6:80 www.plazoo.com tcp
DE 213.136.69.6:80 www.plazoo.com tcp
US 8.8.8.8:53 www.feedburner.com udp
GB 142.250.200.46:80 www.feedburner.com tcp
GB 142.250.200.46:80 www.feedburner.com tcp
US 8.8.8.8:53 us.i1.yimg.com udp
GB 87.248.114.11:80 us.i1.yimg.com tcp
US 8.8.8.8:53 buttons.googlesyndication.com udp
GB 172.217.169.36:80 buttons.googlesyndication.com tcp
US 8.8.8.8:53 www.blogtoplist.com udp
GB 142.250.200.46:443 www.feedburner.com udp
GB 142.250.178.2:445 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 www.topblogarea.com udp
US 8.8.8.8:53 www.bloglines.com udp
US 8.8.8.8:53 img.tfd.com udp
US 8.8.8.8:53 www.bitty.com udp
US 8.8.8.8:53 plusmo.com udp
US 151.101.194.114:80 www.bloglines.com tcp
US 63.135.106.45:80 www.bitty.com tcp
US 8.8.8.8:53 image.excite.co.uk udp
US 8.8.8.8:53 i161.photobucket.com udp
US 8.8.8.8:53 www.podcastready.com udp
US 8.8.8.8:53 www.webwag.com udp
US 108.181.106.66:80 img.tfd.com tcp
US 8.8.8.8:53 www.europerank.com udp
US 8.8.8.8:53 6.69.136.213.in-addr.arpa udp
US 8.8.8.8:53 11.114.248.87.in-addr.arpa udp
US 8.8.8.8:53 36.169.217.172.in-addr.arpa udp
AR 200.80.209.243:80 plusmo.com tcp
DE 51.195.17.238:80 image.excite.co.uk tcp
US 151.101.194.114:443 www.bloglines.com tcp
FR 163.172.47.39:80 www.webwag.com tcp
GB 3.162.20.24:80 i161.photobucket.com tcp
BG 185.31.121.155:80 www.europerank.com tcp
GB 3.162.20.24:443 i161.photobucket.com tcp
FR 163.172.47.39:443 www.webwag.com tcp
US 8.8.8.8:53 www.google.com udp
GB 172.217.169.36:80 www.google.com tcp
US 63.135.106.45:80 www.bitty.com tcp
AR 200.80.209.243:80 plusmo.com tcp
US 8.8.8.8:53 www.mynewblog.com udp
US 104.21.56.47:80 www.mynewblog.com tcp
DE 51.195.17.238:80 image.excite.co.uk tcp
BG 185.31.121.155:80 www.europerank.com tcp
US 104.21.56.47:443 www.mynewblog.com tcp
US 8.8.8.8:53 widgets.5z5.com udp
US 8.8.8.8:53 s10.histats.com udp
US 172.66.132.114:80 s10.histats.com tcp
US 8.8.8.8:53 www.zimbio.com udp
US 8.8.8.8:53 www.yousaytoo.com udp
JP 202.208.220.131:80 www.podcastready.com tcp
US 8.8.8.8:53 gelgit.tk udp
LT 79.98.26.232:80 www.yousaytoo.com tcp
JP 202.208.220.131:80 www.podcastready.com tcp
AR 200.80.209.243:443 plusmo.com tcp
US 8.8.8.8:53 www.blogrollcenter.com udp
US 8.8.8.8:53 www.blogtopsites.com udp
US 8.8.8.8:53 www.britblog.com udp
US 54.87.82.0:80 www.blogtopsites.com tcp
US 8.8.8.8:53 www.blogdigger.com udp
US 104.21.73.237:80 www.blogdigger.com tcp
US 104.21.73.237:443 www.blogdigger.com tcp
AR 200.80.209.243:443 plusmo.com tcp
US 54.87.82.0:80 www.blogtopsites.com tcp
US 8.8.8.8:53 114.194.101.151.in-addr.arpa udp
US 8.8.8.8:53 24.20.162.3.in-addr.arpa udp
US 8.8.8.8:53 226.21.18.104.in-addr.arpa udp
US 8.8.8.8:53 39.47.172.163.in-addr.arpa udp
US 8.8.8.8:53 113.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 66.106.181.108.in-addr.arpa udp
US 8.8.8.8:53 47.56.21.104.in-addr.arpa udp
US 8.8.8.8:53 243.209.80.200.in-addr.arpa udp
US 8.8.8.8:53 114.132.66.172.in-addr.arpa udp
US 8.8.8.8:53 232.26.98.79.in-addr.arpa udp
US 8.8.8.8:53 237.73.21.104.in-addr.arpa udp
GB 142.250.200.2:139 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 www.blogrankers.com udp
US 8.8.8.8:53 blogdigger.com udp
US 209.90.91.147:80 www.blogrankers.com tcp
US 209.90.91.147:80 www.blogrankers.com tcp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 8.8.8.8:53 www.ontoplist.com udp
US 8.12.18.87:80 www.ontoplist.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 8.8.8.8:53 www.sonicrun.com udp
US 8.12.18.87:443 www.ontoplist.com tcp
US 74.208.47.213:80 www.sonicrun.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 0.82.87.54.in-addr.arpa udp
US 8.8.8.8:53 87.18.12.8.in-addr.arpa udp
US 8.8.8.8:53 213.47.208.74.in-addr.arpa udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 74.208.47.213:443 www.sonicrun.com tcp
US 8.8.8.8:53 www.top100add.com udp
US 162.215.117.222:80 www.top100add.com tcp
US 162.215.117.222:80 www.top100add.com tcp
US 8.8.8.8:53 websitesubmit.hypermart.net udp
US 38.113.1.158:80 websitesubmit.hypermart.net tcp
US 8.8.8.8:53 www.wikio.com udp
US 104.21.95.51:80 www.wikio.com tcp
US 8.8.8.8:53 158.1.113.38.in-addr.arpa udp
US 8.8.8.8:53 222.117.215.162.in-addr.arpa udp
US 8.8.8.8:53 www.w3-directory.com udp
US 8.8.8.8:53 directory.bloggerplugins.org udp
FR 77.87.110.40:80 www.w3-directory.com tcp
US 8.8.8.8:53 www.ukbest50.co.uk udp
GB 185.2.219.212:80 www.ukbest50.co.uk tcp
FR 77.87.110.40:80 www.w3-directory.com tcp
GB 185.2.219.212:80 www.ukbest50.co.uk tcp
GB 185.2.219.212:80 www.ukbest50.co.uk tcp
US 8.8.8.8:53 51.95.21.104.in-addr.arpa udp
US 8.8.8.8:53 widgets.amung.us udp
US 172.67.8.141:80 widgets.amung.us tcp
US 8.8.8.8:53 s4.histats.com udp
CA 149.56.240.128:443 s4.histats.com tcp
US 8.8.8.8:53 t.dtscout.com udp
US 141.101.120.11:443 t.dtscout.com tcp
CA 149.56.240.128:443 s4.histats.com tcp
US 141.101.120.11:443 t.dtscout.com tcp
US 8.8.8.8:53 212.219.2.185.in-addr.arpa udp
US 8.8.8.8:53 40.110.87.77.in-addr.arpa udp
US 8.8.8.8:53 141.8.67.172.in-addr.arpa udp
US 172.66.132.114:443 s10.histats.com tcp
US 8.8.8.8:53 11.120.101.141.in-addr.arpa udp
US 8.8.8.8:53 128.240.56.149.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 8.8.8.8:53 connect.facebook.net udp
GB 163.70.151.21:445 connect.facebook.net tcp
US 8.8.8.8:53 connect.facebook.net udp
GB 163.70.151.21:139 connect.facebook.net tcp
US 8.8.8.8:53 whos.amung.us udp
US 104.22.75.171:445 whos.amung.us tcp
US 104.22.74.171:445 whos.amung.us tcp
US 172.67.8.141:445 whos.amung.us tcp
US 8.8.8.8:53 whos.amung.us udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 x-carsnews.blogspot.de udp
GB 142.250.178.1:80 x-carsnews.blogspot.de tcp
US 8.8.8.8:53 x-carsnews.blogspot.com udp
GB 142.250.178.1:80 x-carsnews.blogspot.com tcp
GB 142.250.178.1:80 x-carsnews.blogspot.com tcp
US 8.8.8.8:53 1.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 36988ca14952e1848e81a959880ea217
SHA1 a0482ef725657760502c2d1a5abe0bb37aebaadb
SHA256 d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6
SHA512 d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173

\??\pipe\LOCAL\crashpad_1372_IAKYZAWPKPMTDCPV

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 fab8d8d865e33fe195732aa7dcb91c30
SHA1 2637e832f38acc70af3e511f5eba80fbd7461f2c
SHA256 1b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea
SHA512 39a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b6850d704278f6ded6e35d783afd0e3a
SHA1 a603dbb35e4e949f5e27f40ea3abd0f80d150601
SHA256 30fbb1a304de39072abcbd7fbb5ac1be47317319a76e81d26bf42979139a11d7
SHA512 1bb8fc509642f13342937f8477f2bbc2a02a5437366cb7ab669c52cab9cc69400e7987a223cb7c52b96d3bc43df3ab70aa3eac4b536b8d081fb2490802f33db7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 13abad1babdf5c33e7fc3413fbd03085
SHA1 3b8d43789f58411cf565347d67bf96ea80bf7279
SHA256 e2fefd75808bd552a925ec2c04e6f9c0a4d9c4c29fec85147c7f5081d4ad7048
SHA512 c3f0b4b7ef80004f6bedbcba4df248438236c88fa23ec2e9719cd4a5176cf0282156c7818089e5b0221545afb30f14bae750b00ca0fa11e3c1a0ac2cb06ffcba

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5874fadda8e6309efcc931c02071db87
SHA1 1d968a314037ae88c5ce0ebeb6092d43c9d17334
SHA256 0c2e760fbdff8f1ee1aa1b6399e32fc0d87857aba1be480f0762a74ff2a44213
SHA512 f427d828c9e996a5c90a5cc182d2eb5cea7467b10ad62ba9d95403e5e56be33330b995a792107db7092a348d0eda0d5aa23086dc959c80ff0f1b8c69b778f4b7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 12ac3c4973bce271859939d93af7f092
SHA1 2eaeb0b9a6618ef59fa41508d8746538c47f499f
SHA256 9168e82ae28eb4e526690d35ffea886e38ecdade2e3e8d2f9e8c31191ccb65b5
SHA512 e36da2548335a91fc3e3fa8f583637a87ee428d412dab13dfbb77388bdfe6e00dff5ce323dae125df6768c6d470d4a225329b33df0354faad4a121a9912c6b00

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 c5997b6100efdc423d4200ba87d83cf6
SHA1 c3615f95ee132503314ac182a2101f1d8126d8d7
SHA256 457e154234796d5481b4d5951251e9a4d6d7673c89e538edddf874a4ae0ebd67
SHA512 765785d4f2783d88689962e370da225d49a83bda1427e4b3857d8b7aba8e2de9c7bb82984240343586e13d83555df2afd6209972e7ad0f2e58439c1f3d92782d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 40513b35791a6fc7c1d1ca64f1cc7241
SHA1 716b976c9fc8d8150e915691fdb8a23a02fa33bc
SHA256 5fbabd7ec14a1b866f42ccf15fb156883fd58b9439a0e164729b058a37008116
SHA512 344fa35c86b97deef4b2f21a7753cb007fa0fbe7de42b3732717c83a95a4cd1e8dcb966b21048bab079a20178ab15d454d9f4db4c73cdba2dbac0b76184c3114