Malware Analysis Report

2025-04-03 14:25

Sample ID 241214-1q3vmsxkcn
Target f0e0110ed12bc58ae54697ebf3cecd59_JaffaCakes118
SHA256 9284d8ddd130a7a45166d9066f2db238245dc34bbf10faf18176428ffdf14193
Tags
socgholish discovery downloader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

9284d8ddd130a7a45166d9066f2db238245dc34bbf10faf18176428ffdf14193

Threat Level: Known bad

The file f0e0110ed12bc58ae54697ebf3cecd59_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

socgholish discovery downloader

SocGholish

Socgholish family

System Location Discovery: System Language Discovery

Browser Information Discovery

Modifies Internet Explorer settings

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-14 21:52

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-14 21:52

Reported

2024-12-14 21:54

Platform

win7-20240903-en

Max time kernel

147s

Max time network

148s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\f0e0110ed12bc58ae54697ebf3cecd59_JaffaCakes118.html

Signatures

SocGholish

downloader socgholish

Socgholish family

socgholish

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000001299335696a33b4cb2d2058b3b293d8000000000020000000000106600000001000020000000394b503d84cec106b2ebbe6753b70e2a33319352ce93061e140d2c2c572414af000000000e800000000200002000000098a7716e7f924288e824f02cfe80263245af3bb6e4d61a8a3b6a441837c05b0b200000008c5ed9acf6c0793ae2eda8e0c8ff6cf648c10fb699365a5df4f70b5df1b1e5e8400000002bbdde4dd7f71fbd1899cc20faf8dfb5b446031843110dd0235b69f9161905f3f74055c14a04c3d7c6a0a75698288a0e22e0503b532c46831d61848bd643738e C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c0a4b182724edb01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "440374997" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000001299335696a33b4cb2d2058b3b293d8000000000020000000000106600000001000020000000c79ab372ea6ebc03ec8ff4c55d947cd52e89ef6deab5b609c95dc465fed2fb17000000000e80000000020000200000001d1fe0268e94b01f594afc0672b8deba377652be51e72621abf36360d0c5841990000000fb0b28690356146d86eb46708d5f0f5d5ba339725a666aaf584e5ee1c6fd1823c9724097926eb2d68ba4a21fa2b4307a36aa41e936b4aa2474ee089d2f85cfab7ea85838cb0d443d5f59a9f32ed0222b3ae03f48585a5fc75fc184a352bb2c46de1ad166f97f791e598166dc46d6eb65ac41b8e2847a7a230dee81fe5279a284c66ba38101880a50739cf374c3dbe57640000000fe55d8fb33adfdec9500ee3dd9af13568bd2f7a76b5939c296fd02d4bd38b6b094de8fed745bc87013b85b32a85d15ee75752cdfc08bccb62b6d0bef02bc8dc1 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{AAE377C1-BA65-11EF-A914-FA59FB4FA467} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\f0e0110ed12bc58ae54697ebf3cecd59_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2976 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 smartbca.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 berkahherbal.com udp
US 8.8.8.8:53 yourjavascript.com udp
US 8.8.8.8:53 klikajadeh.com udp
US 8.8.8.8:53 bloggerbersatu.com udp
US 8.8.8.8:53 belati.net udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 s04.flagcounter.com udp
US 8.8.8.8:53 www.viralgen.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 s7.addthis.com udp
US 8.8.8.8:53 img2.blogblog.com udp
US 8.8.8.8:53 img1.blogblog.com udp
US 8.8.8.8:53 feedjit.com udp
US 8.8.8.8:53 www.textbacklinkexchanges.com udp
US 8.8.8.8:53 lazada.go2cloud.org udp
US 8.8.8.8:53 www.gomezpeerzone.com udp
US 8.8.8.8:53 srv-live.lazada.co.id udp
US 8.8.8.8:53 banner.autosubmit.web.id udp
US 8.8.8.8:53 sepuluhribu.com udp
US 8.8.8.8:53 banner.adsensecamp.com udp
US 8.8.8.8:53 adsensecamp.com udp
US 8.8.8.8:53 klikaset.com udp
US 8.8.8.8:53 www.jempolklik.com udp
US 8.8.8.8:53 www.komisiklik.com udp
US 8.8.8.8:53 www.probux.com udp
US 8.8.8.8:53 www.surgaklik.com udp
US 8.8.8.8:53 duitbux.com udp
US 8.8.8.8:53 indonesianklik.com udp
US 8.8.8.8:53 rizkyprofit.com udp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 76.223.54.146:80 yourjavascript.com tcp
US 76.223.54.146:80 yourjavascript.com tcp
SG 152.42.169.9:80 berkahherbal.com tcp
FR 216.58.214.169:443 img1.blogblog.com tcp
SG 152.42.169.9:80 berkahherbal.com tcp
FR 216.58.214.169:443 img1.blogblog.com tcp
FR 216.58.214.169:443 img1.blogblog.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
US 206.221.176.133:80 s04.flagcounter.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
FR 216.58.214.169:443 img1.blogblog.com tcp
US 206.221.176.133:80 s04.flagcounter.com tcp
FR 216.58.214.169:443 img1.blogblog.com tcp
FR 142.250.178.138:443 ajax.googleapis.com tcp
FR 142.250.178.138:443 ajax.googleapis.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 104.21.3.77:80 bloggerbersatu.com tcp
US 104.21.3.77:80 bloggerbersatu.com tcp
FR 142.250.179.78:80 apis.google.com tcp
FR 142.250.179.78:443 apis.google.com tcp
FR 142.250.179.78:80 apis.google.com tcp
US 54.174.29.0:80 www.gomezpeerzone.com tcp
US 54.174.29.0:80 www.gomezpeerzone.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
FR 216.58.214.169:443 img1.blogblog.com tcp
FR 216.58.214.169:443 img1.blogblog.com tcp
FR 216.58.214.169:443 img1.blogblog.com tcp
IE 18.202.12.61:80 lazada.go2cloud.org tcp
IE 18.202.12.61:80 lazada.go2cloud.org tcp
FR 216.58.214.169:443 img1.blogblog.com tcp
FR 216.58.214.169:443 img1.blogblog.com tcp
CA 192.250.237.6:80 www.textbacklinkexchanges.com tcp
CA 192.250.237.6:80 www.textbacklinkexchanges.com tcp
HK 154.220.249.175:80 www.komisiklik.com tcp
HK 154.220.249.175:80 www.komisiklik.com tcp
US 172.67.211.5:80 www.surgaklik.com tcp
US 172.67.211.5:80 www.surgaklik.com tcp
US 15.197.148.33:80 indonesianklik.com tcp
US 15.197.148.33:80 indonesianklik.com tcp
SG 103.21.221.4:80 sepuluhribu.com tcp
SG 103.21.221.4:80 sepuluhribu.com tcp
DE 139.162.181.76:80 klikajadeh.com tcp
DE 139.162.181.76:80 klikajadeh.com tcp
DE 64.190.63.222:80 www.probux.com tcp
DE 64.190.63.222:80 www.probux.com tcp
DE 141.101.90.96:80 www.viralgen.com tcp
DE 141.101.90.96:80 www.viralgen.com tcp
US 104.21.3.77:443 bloggerbersatu.com tcp
US 172.67.211.5:443 www.surgaklik.com tcp
DE 141.101.90.96:443 www.viralgen.com tcp
US 172.65.190.172:80 rizkyprofit.com tcp
US 172.65.190.172:80 rizkyprofit.com tcp
SG 109.106.252.11:80 duitbux.com tcp
SG 109.106.252.11:80 duitbux.com tcp
US 54.174.29.0:443 www.gomezpeerzone.com tcp
US 8.8.8.8:53 c.pki.goog udp
ID 103.30.145.12:80 adsensecamp.com tcp
ID 103.30.145.12:80 adsensecamp.com tcp
US 8.8.8.8:53 c.pki.goog udp
ID 103.30.145.12:80 adsensecamp.com tcp
ID 103.30.145.12:80 adsensecamp.com tcp
US 8.8.8.8:53 o.pki.goog udp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
US 8.8.8.8:53 banner.autosubmit.web.id udp
US 8.8.8.8:53 e5.o.lencr.org udp
ID 103.30.145.12:443 adsensecamp.com tcp
GB 2.17.113.9:80 e5.o.lencr.org tcp
ID 103.30.145.12:443 adsensecamp.com tcp
US 8.8.8.8:53 viralgen.com udp
US 8.8.8.8:53 www.dynatrace.com udp
US 199.60.103.22:443 viralgen.com tcp
US 199.60.103.22:443 viralgen.com tcp
DE 18.245.86.69:443 www.dynatrace.com tcp
DE 18.245.86.69:443 www.dynatrace.com tcp
DE 18.245.86.69:443 www.dynatrace.com tcp
DE 18.245.86.69:443 www.dynatrace.com tcp
US 8.8.8.8:53 s10.histats.com udp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
DE 18.245.86.69:443 www.dynatrace.com tcp
DE 18.245.86.69:443 www.dynatrace.com tcp
US 104.20.2.69:80 s10.histats.com tcp
US 104.20.2.69:80 s10.histats.com tcp
DE 18.245.86.69:443 www.dynatrace.com tcp
DE 18.245.86.69:443 www.dynatrace.com tcp
US 8.8.8.8:53 s4.histats.com udp
US 8.8.8.8:53 www.ppcindo.com udp
CA 149.56.240.131:443 s4.histats.com tcp
CA 149.56.240.131:443 s4.histats.com tcp
US 8.8.8.8:53 r10.o.lencr.org udp
GB 2.22.144.149:80 r10.o.lencr.org tcp
GB 2.22.144.149:80 r10.o.lencr.org tcp
US 103.224.182.208:80 www.ppcindo.com tcp
US 103.224.182.208:80 www.ppcindo.com tcp
US 8.8.8.8:53 r11.o.lencr.org udp
US 8.8.8.8:53 r11.o.lencr.org udp
GB 2.17.113.9:80 r11.o.lencr.org tcp
GB 2.17.113.9:80 r11.o.lencr.org tcp
US 104.20.2.69:443 s10.histats.com tcp
US 8.8.8.8:53 ww38.ppcindo.com udp
US 75.2.120.224:80 ww38.ppcindo.com tcp
US 75.2.120.224:80 ww38.ppcindo.com tcp
US 103.224.182.208:80 www.ppcindo.com tcp
US 103.224.182.208:80 www.ppcindo.com tcp
US 8.8.8.8:53 crl.microsoft.com udp
FR 2.16.149.12:80 crl.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
FR 2.20.41.218:80 www.microsoft.com tcp
CA 149.56.240.131:443 s4.histats.com tcp
CA 149.56.240.131:443 s4.histats.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 40e83ae4946c3b2c3bdc307b4b9a3a3a
SHA1 7d8dcea38adfd8e16a85ca875beade1f9b3148f7
SHA256 c489161b20547cad7552fb17d576395ad8260b8b9b67946d21341be1a91ea56f
SHA512 2cf4174381c5c6036c7ece59a9acb64c50e2dba0f505b6e637c17066cbb0b9651466218fcf11b9092848635b7ca741a933c2062a6124817757200058d9ad5986

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 ca56af0c04c5f9db4fa4f692c26459f4
SHA1 ea7091b3fb90a0e5d87aa60fe77f5ad427fdee9b
SHA256 a4055c5ba8d83623c48da8ad1b14d9d41451e3fcf7fecf11a1b0287229ec018a
SHA512 5c280f885a90c1f1a65748dffde7b99cf238b9ef0014e19629211f1d4652c2207e03030421827d04f6281b84c275a9df701c63b84882c70205860b0be54ef4e7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 1326d239ad5be493bf5fd56e881f2a29
SHA1 581842f34af3ff826bd75bab8f858a2c6a6ec724
SHA256 fa449d903bc5fe464f03615782943adb6acfa4c151a7d171fa7c329f7baa0221
SHA512 b6bee0e2ad770424bec102b4898fee1f4fa53fea3638a2e59c3c7e11dbbd091b45733893d1e3a17c1f64845426ab690eb699c8f3d4cfbc0404b7f1fc611b6a58

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 80d47b094404fc16294852f8ba84417f
SHA1 23ccecf4059535e6cb214d22c90f6802fe334ed7
SHA256 1e31fd6b7ce431d2d53d6a79a6cf54dcb36b21a9e8396b53da68359b0fa86cf0
SHA512 0aa1b82e81713e6898808f01d8dfecd2edfe844a9ccf7e332db667337fa7590bc3c15e3192c7b697a8e0506964be904d78a90989e4dc31c3feda07ddb2275464

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

MD5 e935bc5762068caf3e24a2683b1b8a88
SHA1 82b70eb774c0756837fe8d7acbfeec05ecbf5463
SHA256 a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d
SHA512 bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 426b2fce1659119534fb587a7cf41828
SHA1 656776a79a546ac0758b344bf4596acfef6d9ba3
SHA256 8d10b8a41becfbeb7d4e81c804d246197af64615f65502e2eabda4030294262c
SHA512 7a68267b0c3e48c753096a16ffa0fca328ab9587712608414c371590d2cbc06f7e477212f8b5db588c1e88ea2c0b77cca42789d3cc15babb0a338d7717e561cd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 dcdf0580275386c56c84e37e512287f0
SHA1 ff0325340ae052c5632d45d87385d525dbfc91c6
SHA256 6e222fb832fb951a38385662bb8fea20f378006782d2b56de19fcd156de6bbd2
SHA512 bfe0658abc58b25d6c577b6e132e289e784a952ba45752059b40024aa90f593f92c24c27781fe48e81f14e88904da7fd5ee3506a34c402a62fbf518e683da78d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DDE8B1B7E253A9758EC380BD648952AF_86F2A83F54EA52E2D59C5D2EE00149B8

MD5 058c55308960d1cd571efc31654f5988
SHA1 fd99e119336ed530636b7056dbb0518ae044bbf9
SHA256 59f5a534a7dfe7efdfd57c79a6867d40903372605659d3aa82a9619d8dfe8c17
SHA512 956100ed80dd2ada19b7342190ef87b72c83f691f13086d9489f5f37bc8c1e3aeb1844201aad88bbb260838f70ff93584b4f11faff5af020c825589bb491522f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DDE8B1B7E253A9758EC380BD648952AF_86F2A83F54EA52E2D59C5D2EE00149B8

MD5 55cd3c4eea5ba01c7012e345c743f6b6
SHA1 23c1dc9e1691e8755bc2f8a25622d94fe8a0dfb0
SHA256 b80ba8627414b71449f9aa43ee5e355e30ee6ec443481dbc503d941886e7b5ae
SHA512 9f1743d0789775c9d106f83cd3a51daa9469184dfaf6591f4f46657dfeda3c3c7d9d2450f422645b8023935dbd4616bbcb93b10fd09df72407c8bf27081d76f7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DDE8B1B7E253A9758EC380BD648952AF_86F2A83F54EA52E2D59C5D2EE00149B8

MD5 ae3ecffde4ab085447ae3b9ed649fc96
SHA1 fe71f9011f62838020579d4b6ad808b16e46b0fe
SHA256 728854fbc10e1e01a667c0c0eb45e961329026db02d315a997dbb7d34888dfea
SHA512 7a600a114c5fc3f8f97d3d86dbead9493af0d8d7e72c185b483d889155e3d554093bd77a8240f084f198505f51f78ad6451567a0468fae9512c193873978ac79

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\01LB6K3J\js15[1].js

MD5 4beb0b1c8bbca69316e6eadcd83b1bf0
SHA1 602491c5f60960bf4ba7c3d2e600681a06ffcaa1
SHA256 429e7004f3f8fbe42cacb984c36a9cda33efdacc100a276b12e82c6ab78bf7ec
SHA512 3bc8560d56f39ba09da8a3582587b9ca727dd9fa60582892a2a8a2d7de42fa0fa057b28986a0975b84589d8e9ef320f976b3731a19ea17c83388c1309041b8f9

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0I0VVMWQ\2109501[1].htm

MD5 7cb051f4d6cc2685a0c266b46a9ded48
SHA1 2bdc81e6318f63ddd756b56bad7c4d29f9b5c793
SHA256 df1b5f7a07c0d3bd0891b3d2068d94fd01cf0e6bb07eb229e0c17caf1a083bf1
SHA512 b97573827c83a56ca0b5f30dd938289d49d36fb10435dce9e0366689830797a3c3fcb8b1deff27b846232ee5c05b670f436243665f82f3c9c3af79939238f1ed

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 362e4f72065309a21f54ab8fd40ce122
SHA1 62324767d66e178a559a70dead5fb03801c56519
SHA256 4af8f6c08985180545fb807060091bd0a61b855abd09b175c5fc3d296148d192
SHA512 4b03f89d4ca375895703677603c8ac3676cc533f1ec1585f7537381a5cce58cb9e5a4cbd5162202e3820a1f30bb7e4935a74af442615807b291f321a8d64007c

C:\Users\Admin\AppData\Local\Temp\CabB54D.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\TarB54F.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 78846260ba3827343d49d90663e0913a
SHA1 e4fcdd3e254d794487298d7195f1a96b77ad96a2
SHA256 1232378bc8d8efbb8b4edc2a797cfc2be46c7f43fde9f38093b4910d71a45317
SHA512 1e3da014bc26b03189b8fca098515c092216d33b5448da52d4c7ff8445e633bc8c366c93c8f2fe435bfe85612a76871604501f8e6aea0032e8ddf4afa1befa63

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a354c3ff8dfeffaeb947f415397aadf6
SHA1 977028d2f36b4890d4b518dab30bf6018872c767
SHA256 2da56d3db26aa299a7286877e8dec27edcef9a7def24b78ab3a5204fd4f9cd0c
SHA512 ae5b2bb33e807c983df1aea77c8b283b5a0d2540ea479c15f3f53551ece45e4ecb40414c167fd5689e710d73ca879e7304981c30a460408dd3a700ed6905783c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e339ca7de464980371a46a16d506a1d0
SHA1 e2ebb37ffe157011c97129a90f5e6c49c3b56757
SHA256 21ad3f2e5e55a2a12288f8fced47b37f634327baa0fb59b6f62223cd62564701
SHA512 b238b49702e0aa7f9c7d411e8337b6d2926297db719ba56848f4d4d855ef21f0529e93478132433deb32e1b32f18b9598b024baa9b70b7495cf7c69c5e651e7d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 00b73c3cc191a4c63eee692785d37a6d
SHA1 512aaead89f5ff69393745b4ebf4eb687918f4a6
SHA256 2f7cab0de0ce1b98de7e3ffb03d3941bf4157d802efeb5d8145a9aa6cdcf626a
SHA512 59b9d21234a6965935afa028487534eb6fb555ca9eda562754e13983799409b8a4443d45118b17b7a53649dcd99159ae90aa43ff01c0965cd47d320d29afba3a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3fb8c6fcb15acfd10b840c0b8c485a9a
SHA1 e483b270d68f4e1888a423375e1ea2447b43f4a2
SHA256 5837451bd84c7832fdf073044ce0c771e1623807640c7ed13ef14f268c8c9159
SHA512 dff9a2972d9516aa00a310b6604d2a73868621b8811a90446bdc3395141cb06a725dd6cc6ea6735690311a2c5347399333f0e7184c6634d21d7058b95ed99ff8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3506303bc2b611dab1b0fc0c722b0821
SHA1 dc7f148ea11c5c269482dc07d8b4a78b64ac8082
SHA256 eb7e9e87e193f50d9ecf8baea256514179933384fbd934a8324f65a0ded86128
SHA512 df3c7cf11e83bb64063bc1a2fd7b607dcc291b3b4520dc6005e5f189079758932551c6e1b889d32b3dbda36a4ecdef5a8a8dbdccefdea443899ccb3781e15908

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7c87ad2555473c13547891836853b42f
SHA1 ae80abb877b4aec44a18616d3592f1e2def1e7c3
SHA256 d9d86de78e4a4f4008f5d635c5695713502a133952389dc785c7f32e5870d1a2
SHA512 7034c48550bf559f0a8b3265bbf72021b4edd8ecb7590be16c4ef1134fd6ff5b6694fc7bf72c129d067134229eaa286f977bd4c463db858595495a210376bfd4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a124f1f6b67a6c5288b5f3c5dc223fe9
SHA1 9cbfa298bd8fdb8aaf1fe5b6be22f3605128e0d2
SHA256 df3879c5a7f74d9b4107ca000903e30f71121e42a9b801abb246ae70e7ecc945
SHA512 34015d0550d17ab2c3bca24b30b0a5fbf18ec319fef15fec121b0963dbb9a1ff1b1d178550fad8eaaea74a7fc78771fa8c781f0c785e95dc985d3d4a2ce32bc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 440336cb2e1459ef522aa205c0f177a0
SHA1 23ab519be2e550fd20a522f2ce114c4c34ae9631
SHA256 fd9460f48ffa3a692d41988f2e8ce47c3d406fac1b1605d340aacaaf2762f9cc
SHA512 6bf56e303eaa7618d42d38e4de03d47b0df4fc28b5a7a6697a3416da2bca8fbafd62be9e73983141b05da34939a9e18974b4b60df4d495b5f965a78e6366827b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 eac95b476b5ae1faca33a704e688d0dd
SHA1 a587aa7394e266f999757985be03feddfdea395e
SHA256 08c06604a9e18d59055aab97c1fae7cce9287cb3a0160c79731b13d4d00e0638
SHA512 b3ebb2fc1ba0a402a284ee7b12c44231d0b33119bb288de9085f1f49a0f4b6401fe0ae047b49b35e19f8d74bb79f3c81e3e8ac08716015b4eefde88f21b8aaaa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4a946fa736682cd9d1a1dbc0ba1bac06
SHA1 edc6562485c38f3b38a48973aa03b7ed2fb4808a
SHA256 a03aff91fa501f3ff54e8acdc56f6a0b2429bc455f03dd9c96bfc1b75cd364ef
SHA512 65ed567bbfd8ef3f030cea0fe6a11191db3cd83ddf8e5ee5d47d22dd959d3877433497da1792c0298584f752cca3dacd04629d7e882b5849132e9c816c1eb466

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cb2eb2adfdd0dd42ee2e65563840edd3
SHA1 9f131cd7a20d17ae98d3eeb93c4357212f63b325
SHA256 3c23a4aacf35fd2143bd143cb528a041dc44ffbe9e86ad70155a705bb0ccdb9e
SHA512 7111ed8a31cf94de022d77023028fe7fb57cf0f7440fb067f7ba61bc139e86c3317b185f89e08081fa1addbb9b9b4d2d66db354450791ac9c0fb4dafdd8f0460

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 98ca7270fa9dcd4938345d1c128aa9a3
SHA1 ac7859fcd00ad4ea9a71c7a9886da2f8a23f69bf
SHA256 8418519d8dc478d798a9477d0540a0d1f684e052717609f76488884fb2474aa6
SHA512 2f625254c9ab788187d9a667ce35147514b3ae4cbb15c3ac55a2ef911c9092bcee1f2772a9022be0b05eac96f2df12bca6b5938ddc0f13568a68bda0f7b1a48b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 9a1d314472ca581a6a1b55cdda614201
SHA1 0ea3841ee8ba4b1f68131a9245bedaffbf010c52
SHA256 df1b54377fb6f8adb897a6efb4aa72909dd0cda3191c28f2a0c612f2d29dae4d
SHA512 592d01ab0d284c0778914c2bf1d9e08ae9417757a85e338d1b962b121c4d7a471e5f9e70f57283b35f26113e759d457f9167e252e3c864fbbba412ac8a3932e3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c6c58e019a94d52971dca4a7e86fe795
SHA1 db50772236e1dde39677706b88ca353473777ead
SHA256 2a8e042e36e6831ee63d45890f33dcabc5206f7fbffb45c860130aea87815daf
SHA512 ebaa2c5660b01b55c40cbce89e8665170b5f675a603b586530a4573b284668b63b56e49459f54059e313dfc2f80c51cac18c09975f174c90bd8abc0d69b8632a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9deeb6c6d39dab7d180f0eb166114457
SHA1 1b615474b558ccf23cb14dbf64fc66c52217cc3d
SHA256 c24d967f162d2ca6dc67e137381c4dfe1b2f03d9041b136d3790dda231187585
SHA512 6cbcd016c91c933ed668e2d63bab1c5189ddc7ca2a6f81f8f71d72899d7d0b9e913f39516b7b276f4efa73cd17e5c126d6ce0fba6aade1e32bac57b6ff317a57

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4419836d72ea6ec7c70c05c57c8871a0
SHA1 da0ace07a4f2f6c5f3a9ae3fc9aa146851902be3
SHA256 1dfac178391ff3b590e149de6fc4deba30990a3854c601ab066ac741ed0fb7b3
SHA512 7f6f81d547cf6e5377aa17c5ed30c833f55bca2bc6b65a41ca241703d01ed03fb3c79f34a7c8bd9ffec95eaf0e9389dd2c765907f9dff738a6606657dcd43aea

Analysis: behavioral2

Detonation Overview

Submitted

2024-12-14 21:52

Reported

2024-12-14 21:54

Platform

win10v2004-20241007-en

Max time kernel

145s

Max time network

144s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\f0e0110ed12bc58ae54697ebf3cecd59_JaffaCakes118.html

Signatures

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2816 wrote to memory of 3904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2816 wrote to memory of 3904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2816 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2816 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2816 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2816 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2816 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2816 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2816 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2816 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2816 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2816 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2816 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2816 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2816 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2816 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2816 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2816 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2816 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2816 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2816 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2816 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2816 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2816 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2816 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2816 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2816 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2816 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2816 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2816 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2816 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2816 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2816 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2816 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2816 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2816 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2816 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2816 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2816 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2816 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2816 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2816 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2816 wrote to memory of 1940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2816 wrote to memory of 1940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2816 wrote to memory of 4780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2816 wrote to memory of 4780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2816 wrote to memory of 4780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2816 wrote to memory of 4780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2816 wrote to memory of 4780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2816 wrote to memory of 4780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2816 wrote to memory of 4780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2816 wrote to memory of 4780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2816 wrote to memory of 4780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2816 wrote to memory of 4780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2816 wrote to memory of 4780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2816 wrote to memory of 4780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2816 wrote to memory of 4780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2816 wrote to memory of 4780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2816 wrote to memory of 4780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2816 wrote to memory of 4780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2816 wrote to memory of 4780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2816 wrote to memory of 4780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2816 wrote to memory of 4780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2816 wrote to memory of 4780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\f0e0110ed12bc58ae54697ebf3cecd59_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffebdd546f8,0x7ffebdd54708,0x7ffebdd54718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2236,1048959084078434026,8729031294486435559,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2256 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2236,1048959084078434026,8729031294486435559,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2236,1048959084078434026,8729031294486435559,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,1048959084078434026,8729031294486435559,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,1048959084078434026,8729031294486435559,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,1048959084078434026,8729031294486435559,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2236,1048959084078434026,8729031294486435559,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1940 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2236,1048959084078434026,8729031294486435559,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1940 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,1048959084078434026,8729031294486435559,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,1048959084078434026,8729031294486435559,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,1048959084078434026,8729031294486435559,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,1048959084078434026,8729031294486435559,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2236,1048959084078434026,8729031294486435559,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1860 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 translate.google.com udp
US 8.8.8.8:53 yourjavascript.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 13.248.169.48:80 yourjavascript.com tcp
FR 216.58.214.169:443 www.blogger.com tcp
FR 142.250.179.78:80 apis.google.com tcp
FR 142.250.179.78:445 apis.google.com tcp
FR 216.58.215.42:443 ajax.googleapis.com tcp
US 8.8.8.8:53 www.linkwithin.com udp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 169.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 78.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 42.215.58.216.in-addr.arpa udp
US 8.8.8.8:53 48.169.248.13.in-addr.arpa udp
SG 118.139.179.30:80 www.linkwithin.com tcp
FR 142.250.179.78:443 apis.google.com tcp
US 8.8.8.8:53 s7.addthis.com udp
US 8.8.8.8:53 feedjit.com udp
US 8.8.8.8:53 lazada.go2cloud.org udp
US 8.8.8.8:53 translate.google.com udp
IE 52.210.2.133:80 lazada.go2cloud.org tcp
FR 216.58.214.169:443 www.blogger.com udp
FR 142.250.179.78:139 translate.google.com tcp
FR 142.250.179.78:443 translate.google.com udp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 adsensecamp.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 klikajadeh.com udp
US 8.8.8.8:53 belati.net udp
US 8.8.8.8:53 bloggerbersatu.com udp
US 8.8.8.8:53 berkahherbal.com udp
US 8.8.8.8:53 smartbca.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 s04.flagcounter.com udp
US 8.8.8.8:53 www.viralgen.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
ID 103.30.145.12:80 adsensecamp.com tcp
US 8.8.8.8:53 30.179.139.118.in-addr.arpa udp
US 8.8.8.8:53 133.2.210.52.in-addr.arpa udp
US 104.21.3.77:80 bloggerbersatu.com tcp
FR 216.58.215.33:80 4.bp.blogspot.com tcp
FR 216.58.215.33:80 4.bp.blogspot.com tcp
FR 216.58.215.33:80 4.bp.blogspot.com tcp
FR 216.58.215.33:80 4.bp.blogspot.com tcp
FR 216.58.215.33:80 4.bp.blogspot.com tcp
FR 216.58.214.169:443 resources.blogblog.com tcp
FR 216.58.215.33:80 4.bp.blogspot.com tcp
SG 152.42.169.9:80 berkahherbal.com tcp
SG 152.42.169.9:80 berkahherbal.com tcp
DE 172.104.149.86:80 klikajadeh.com tcp
FR 216.58.215.33:80 4.bp.blogspot.com tcp
FR 216.58.215.33:80 4.bp.blogspot.com tcp
FR 216.58.215.33:80 4.bp.blogspot.com tcp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 206.221.176.133:80 s04.flagcounter.com tcp
DE 141.101.90.96:80 www.viralgen.com tcp
US 104.21.3.77:443 bloggerbersatu.com tcp
US 8.8.8.8:53 img2.blogblog.com udp
US 8.8.8.8:53 img1.blogblog.com udp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
US 8.8.8.8:53 www.textbacklinkexchanges.com udp
ID 103.30.145.12:80 adsensecamp.com tcp
SG 152.42.169.9:80 berkahherbal.com tcp
US 8.8.8.8:53 www.gomezpeerzone.com udp
US 8.8.8.8:53 srv-live.lazada.co.id udp
CA 192.250.237.6:80 www.textbacklinkexchanges.com tcp
DE 141.101.90.96:443 www.viralgen.com tcp
US 8.8.8.8:53 banner.autosubmit.web.id udp
US 8.8.8.8:53 sepuluhribu.com udp
US 54.174.29.0:80 www.gomezpeerzone.com tcp
US 8.8.8.8:53 banner.adsensecamp.com udp
SG 103.21.221.4:80 sepuluhribu.com tcp
US 8.8.8.8:53 viralgen.com udp
ID 103.30.145.12:443 banner.adsensecamp.com tcp
US 54.174.29.0:443 www.gomezpeerzone.com tcp
US 8.8.8.8:53 www.probux.com udp
US 8.8.8.8:53 www.jempolklik.com udp
US 8.8.8.8:53 klikaset.com udp
US 199.60.103.22:443 viralgen.com tcp
US 8.8.8.8:53 www.komisiklik.com udp
US 8.8.8.8:53 duitbux.com udp
HK 154.220.249.175:80 www.komisiklik.com tcp
DE 64.190.63.222:80 www.probux.com tcp
ID 103.30.145.12:80 banner.adsensecamp.com tcp
US 8.8.8.8:53 www.surgaklik.com udp
US 8.8.8.8:53 indonesianklik.com udp
US 104.21.69.181:80 www.surgaklik.com tcp
US 8.8.8.8:53 rizkyprofit.com udp
US 15.197.148.33:80 indonesianklik.com tcp
SG 109.106.252.11:80 duitbux.com tcp
ID 103.30.145.12:80 banner.adsensecamp.com tcp
HK 154.220.249.175:80 www.komisiklik.com tcp
SG 109.106.252.11:80 duitbux.com tcp
US 8.8.8.8:53 www.dynatrace.com udp
US 104.21.69.181:443 www.surgaklik.com tcp
DE 18.245.86.69:443 www.dynatrace.com tcp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 172.65.190.172:80 rizkyprofit.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 8.8.8.8:53 crt.rootg2.amazontrust.com udp
US 8.8.8.8:53 77.3.21.104.in-addr.arpa udp
US 8.8.8.8:53 33.215.58.216.in-addr.arpa udp
US 8.8.8.8:53 86.149.104.172.in-addr.arpa udp
US 8.8.8.8:53 96.90.101.141.in-addr.arpa udp
US 8.8.8.8:53 133.176.221.206.in-addr.arpa udp
US 8.8.8.8:53 12.145.30.103.in-addr.arpa udp
US 8.8.8.8:53 0.29.174.54.in-addr.arpa udp
US 8.8.8.8:53 6.237.250.192.in-addr.arpa udp
US 8.8.8.8:53 9.169.42.152.in-addr.arpa udp
US 8.8.8.8:53 22.103.60.199.in-addr.arpa udp
US 8.8.8.8:53 4.221.21.103.in-addr.arpa udp
US 8.8.8.8:53 181.69.21.104.in-addr.arpa udp
US 8.8.8.8:53 222.63.190.64.in-addr.arpa udp
US 8.8.8.8:53 33.148.197.15.in-addr.arpa udp
US 8.8.8.8:53 175.249.220.154.in-addr.arpa udp
DE 18.66.147.56:80 crt.rootg2.amazontrust.com tcp
US 8.8.8.8:53 69.86.245.18.in-addr.arpa udp
ID 103.30.145.12:443 banner.adsensecamp.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 172.190.65.172.in-addr.arpa udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 8.8.8.8:53 11.252.106.109.in-addr.arpa udp
US 8.8.8.8:53 56.147.66.18.in-addr.arpa udp
US 8.8.8.8:53 98.66.9.65.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 s10.histats.com udp
US 104.20.3.69:80 s10.histats.com tcp
US 8.8.8.8:53 s4.histats.com udp
US 8.8.8.8:53 www.ppcindo.com udp
CA 149.56.240.129:443 s4.histats.com tcp
CA 149.56.240.129:443 s4.histats.com tcp
US 103.224.182.208:80 www.ppcindo.com tcp
IT 157.240.203.2:445 connect.facebook.net tcp
US 104.20.3.69:443 s10.histats.com tcp
US 8.8.8.8:53 ww38.ppcindo.com udp
US 75.2.120.224:80 ww38.ppcindo.com tcp
US 8.8.8.8:53 69.3.20.104.in-addr.arpa udp
US 8.8.8.8:53 129.240.56.149.in-addr.arpa udp
US 8.8.8.8:53 208.182.224.103.in-addr.arpa udp
FR 216.58.214.169:443 img1.blogblog.com udp
US 103.224.182.208:80 www.ppcindo.com tcp
US 8.8.8.8:53 connect.facebook.net udp
IT 157.240.203.2:139 connect.facebook.net tcp
US 75.2.120.224:80 ww38.ppcindo.com tcp
DE 172.104.149.86:80 klikajadeh.com tcp
US 103.224.182.208:80 www.ppcindo.com tcp
US 8.8.8.8:53 ww25.ppcindo.com udp
US 8.8.8.8:53 224.120.2.75.in-addr.arpa udp
US 199.59.243.227:80 ww25.ppcindo.com tcp
US 8.8.8.8:53 smartbca.com udp
US 103.224.182.208:80 www.ppcindo.com tcp
US 75.2.120.224:80 ww38.ppcindo.com tcp
US 8.8.8.8:53 227.243.59.199.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 e.dtscout.com udp
US 141.101.120.11:445 e.dtscout.com tcp
US 141.101.120.10:445 e.dtscout.com tcp
US 8.8.8.8:53 e.dtscout.com udp
US 8.8.8.8:53 21.49.80.91.in-addr.arpa udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
FR 142.250.179.66:445 pagead2.googlesyndication.com tcp
FR 172.217.20.162:139 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 hengmenroom.blogspot.com udp
FR 216.58.213.65:80 hengmenroom.blogspot.com tcp
US 8.8.8.8:53 65.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e443ee4336fcf13c698b8ab5f3c173d0
SHA1 9bf70b16f03820cbe3158e1f1396b07b8ac9d75a
SHA256 79e277da2074f9467e0518f0f26ca2ba74914bee82553f935a0ccf64a0119e8b
SHA512 cbf6f6aa0ea69b47f51592296da2b7be1180e7b483c61b4d17ba9ee1a2d3345cbe0987b96f4e25de1438b553db358f330aad8a26e8522601f055c3d5a8313cdd

\??\pipe\LOCAL\crashpad_2816_TKSRIOGJMWVIKTEO

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 56a4f78e21616a6e19da57228569489b
SHA1 21bfabbfc294d5f2aa1da825c5590d760483bc76
SHA256 d036661e765ee8fd18978a2b5501e8df6b220e4bca531d9860407555294c96fb
SHA512 c2c3cd1152bb486028fe75ab3ce0d0bc9d64c4ca7eb8860ddd934b2f6e0140d2c913af4fa082b88e92a6a6d20fd483a1cb9813209f371a0f56374bc97d7f863b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 bea551bff414fcbd91e45f70be123842
SHA1 663080dc329d8ad712ef69606a831cc65dbc275a
SHA256 7fe8eebb7e63c099e46f21e4623223dafa00f20fc2fe55c785fb00cf06f2a73b
SHA512 adbe7f8d30e5ef127739818f78451d817b92328eb210b39a3104c6e3ffeffef11cd9af7b5fa5209d85ffb3928e549532b7efc7c596325b6852d91ed1a72cfe4d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 9b18ea00274730877d00660f2f355e88
SHA1 da8840fb2f795933bba46fb0b8bd9154d9cec73b
SHA256 df254cdb51574486ff7106f231192f3caf009367a4688f7917ccfde71a18f316
SHA512 cfb337ea4400b9192ae81765e8028fe026276bd4ff8f60ca4eeeac091a3cd3cd1b0dd5e52cb3e3376dd76b51d84d050243782d28597f4b06595e6c43ae076ead

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 57be887ab191d333c1c7b0170e68697b
SHA1 9388643893c0670fc8a25295857467db351b9fd4
SHA256 eb87808fb282454af7942e1af3d30d02f08d3e698efc6204a2a65f9d2e64d553
SHA512 a74725f9cf3e989e029074a2a5ee197f68e6cac8664742a6612611df05cd077f0c84574ba7146889c6c52f5ef848e91350b120f5a29b75b199aed4728102b434

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 19bca6a92d0a2e3b65283355862627cf
SHA1 7922b1c5d145effd00a1de0408083bb47211af43
SHA256 34877249a663148da617b2c8fc6638a86c8d38c3610da2d13a68aae942c5a86b
SHA512 5ec8e4905234103b5d39077352dfe6f8bce3c41d763b77127a6dc597f6314946f9001449a114fd72a69bdffb9878ce529ae1610684fad299564762471e0e9c6c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 4183994b97fa199ffb8f5d510c9597f7
SHA1 4d04109dc4a9435b00b65c4c70a217e2a0bb5da2
SHA256 71a2654deffabb0634e33edd504e2250453537b2ee6e8de2a6117dfe2b59ad21
SHA512 a4fcfea8dd37735c8000225ec4f30d28fdcba48ce0d57be23c81a36bbee51ef2daa9671c05e8b93e5391a02e5e46513863b074ba8d5e76406e306f63d40430bf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 23a683f43e78b51e2decb3b2ad9e8f0e
SHA1 8de2f1a0b4b2436d4f7b092cbef4176d79a6b9a8
SHA256 44ee66b4f886c11277af439872cb56d917fd34786b18ed2907372f6f3b9dcf16
SHA512 5f1ac043704944b1fcb65d3e0ede8ffeced903c064fa7b3434fa14a83db99f1f816efc133b66b0c5b16f0a6a5e6c06777afd353d0fd094922251627ea983bb35

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7837c4d5f65b78c73f31d707c2409c88
SHA1 4ca1740101c03f5430c89b5986dc0c20acdf9a58
SHA256 8bf64831340b74056fdc1d91b64a9af3433790c912905281b443eb6c800bcb71
SHA512 191cc125b085d0be36c50a437328143999a791fa8ef569a4376fd58058415a5cc4cce894f322f36232c55a370386e7fd9777c769ab962f0700c940a4524b9cd5