Malware Analysis Report

2024-10-23 17:22

Sample ID 240826-2rxkpazamf
Target c3f3654208148f72eb9c819d8adb43b0_JaffaCakes118
SHA256 e2985496aaa6ba8472aef79e6d072b60bd70f8dc513a12f541bba29479f7290c
Tags
socgholish discovery downloader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

e2985496aaa6ba8472aef79e6d072b60bd70f8dc513a12f541bba29479f7290c

Threat Level: Known bad

The file c3f3654208148f72eb9c819d8adb43b0_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

socgholish discovery downloader

SocGholish

Browser Information Discovery

System Location Discovery: System Language Discovery

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-26 22:49

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-26 22:49

Reported

2024-08-26 22:52

Platform

win7-20240705-en

Max time kernel

143s

Max time network

146s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c3f3654208148f72eb9c819d8adb43b0_JaffaCakes118.html

Signatures

SocGholish

downloader socgholish

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430874440" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000082ebb0b9d6f3f0458e93e15bd38f268f00000000020000000000106600000001000020000000b23135de7d0db6632aef7ddf0d52dd9f24140fa206af781b99feb087e661ffdf000000000e8000000002000020000000c83ab5bc5ec76fa6c66bb9ef5085ae96c73d46e8fb12f4b2ad2075ea66d99cd690000000f2ff47facc8bf53e5cb56d3d337aa9e9cc6b1f1e556ac13917b5aa57fca1f4054b4942f900a544061cc28fdee4f498f09b47e55616537a8a4d14e3fd21ea6d6c13153d9b3291bf770a8d06a7ec03359e8d6904d12d2019844db70abffda1468fdda943c44ea97e20c5146206e6d4367fed105036e82363f74efaaab1e827ea2c5ad311b818a14c8b69097d48a4c3d62d4000000005a2a4d1cc1c0480ddd37fddabfce55913d46a973bc4f0a0f36b88432737f90b0ab762bb345efc0d502c0a70156efe7f906979d60e354040273e734b955b0797 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d023e04c0af8da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{759A0AC1-63FD-11EF-9637-66F7CEAD1BEF} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000082ebb0b9d6f3f0458e93e15bd38f268f000000000200000000001066000000010000200000002d5320e5b77215f7247d842b05b4809523bbcadd1330eab0daf574df55148894000000000e8000000002000020000000a3772036128b79da78b8b1c7fb0ffad54889eedbd5bdaa4d91c412fd8a79738e20000000b46154a83ee4806586cd327425a0ca549898fa75ec11c78da09138cabe8b6d48400000009bef50033701790ac1da101e3d3201c3bdfbce43c8278d0e55742b8d207d4992699036eee878bcd2a345d7798318f5d22dd069013e448d251023eaa684f9e469 C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c3f3654208148f72eb9c819d8adb43b0_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2372 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
FR 142.250.179.105:443 resources.blogblog.com tcp
FR 142.250.179.105:443 resources.blogblog.com tcp
FR 142.250.179.105:443 resources.blogblog.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
FR 142.250.179.97:80 1.bp.blogspot.com tcp
FR 142.250.179.97:80 1.bp.blogspot.com tcp
FR 142.250.179.97:443 1.bp.blogspot.com tcp
FR 142.250.179.74:80 ajax.googleapis.com tcp
FR 142.250.179.97:443 1.bp.blogspot.com tcp
FR 142.250.178.142:443 apis.google.com tcp
FR 142.250.179.74:80 ajax.googleapis.com tcp
FR 142.250.178.142:443 apis.google.com tcp
FR 142.250.179.105:443 resources.blogblog.com tcp
FR 142.250.179.105:443 resources.blogblog.com tcp
FR 142.250.179.105:443 resources.blogblog.com tcp
FR 142.250.179.105:443 resources.blogblog.com tcp
FR 142.250.179.105:443 resources.blogblog.com tcp
FR 142.250.179.105:443 resources.blogblog.com tcp
FR 142.250.179.97:443 1.bp.blogspot.com tcp
FR 142.250.179.97:443 1.bp.blogspot.com tcp
FR 142.250.179.97:443 1.bp.blogspot.com tcp
FR 142.250.179.97:443 1.bp.blogspot.com tcp
FR 142.250.179.97:80 1.bp.blogspot.com tcp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 142.250.179.97:80 1.bp.blogspot.com tcp
FR 142.250.179.97:80 1.bp.blogspot.com tcp
FR 142.250.179.97:443 1.bp.blogspot.com tcp
FR 142.250.179.97:443 1.bp.blogspot.com tcp
FR 142.250.179.97:443 1.bp.blogspot.com tcp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.221.35:80 www.facebook.com tcp
GB 157.240.221.35:80 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
US 8.8.8.8:53 lh3.googleusercontent.com udp
US 8.8.8.8:53 lh6.googleusercontent.com udp
FR 142.250.178.129:443 lh6.googleusercontent.com tcp
FR 142.250.178.129:443 lh6.googleusercontent.com tcp
FR 142.250.178.129:443 lh6.googleusercontent.com tcp
FR 142.250.178.129:443 lh6.googleusercontent.com tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 2.18.190.71:80 crl.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 1d77892dc8a061b804d4e44beca41a45
SHA1 8df53f8fb16a9c547d4c981452d0996133b300d9
SHA256 8fc564cfccbd201ffea383d4d50cebec7e32df4313c9cfa0ec7b9caa43de0e18
SHA512 b130038c3c6800aed8df81b77cf4f97dcabdb826271d9da16c4bcce0ee921da126904c11e56cbec045f22638f7a92a1fb9ab88b8f626003444ccd9687cd2591d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 5b80b7db25ca8cf97e3e559efc6fe0ac
SHA1 17268e268bdf33f58e585c840e8f12b1edcc9793
SHA256 bce94058599bb5c98f74fcd22d224c93b576c73bc3c3ce3032af01b719d0240a
SHA512 8260c031ea0038e49bccec419669767a9da89b1455629bc92da897449eafd48b15dbb32a5e203d33bf3b18c7855ed50f3a213970f2bbb9a59b61ecfa568853ca

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 2a4dd99a5f4c9ee277eb2a39a089d33e
SHA1 30f7b3fb4bc0907f4b1182b1fa37b65a4a76820f
SHA256 4d966aa3627a3361b115d9383245c45e009c2ad5e25d822cbff95b2ba6f1491e
SHA512 967d76094c395f57aa8a82217d620ca4fb0bca4e1db21cca6696cad9601aa2ab01a1b21b529bcdfa48bedab5ca0dbe40a5534b11a0b358d8c4d2826b86824d5f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 f297bfd2618e6983b7c7fcb836368359
SHA1 c196f680c6cd03be22082c5cb97a1f63ec58d763
SHA256 98afcdeb4e123c5098acbee3f9a5a6848d1b788c104a906a1ae8d9737d5a3f0d
SHA512 36a77dde42eca76098d1a363a438d8ad522c67b624e3df6f46a50fd7d3b79d2d7826814f29d1902b5f56c563659d3e79b1f595d4255f5827b6eaf6fcc10536de

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

MD5 e935bc5762068caf3e24a2683b1b8a88
SHA1 82b70eb774c0756837fe8d7acbfeec05ecbf5463
SHA256 a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d
SHA512 bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 cbe730dc11fc5b1b6e63b111ebe282b3
SHA1 b6323ae5f8dec6f23869e906c58c033d19cf0b31
SHA256 65a14721d28250dde00a3acd87fb9a562c15c168d69b45108540d1e8c3f15e13
SHA512 4b0e5230152128b6e6b44b7619ffca9c8cc6655f06d1c90a4bd44c6ca71fa3d2f831f84332291fff6fdec49b81a6c8ce159ccb3977dbfb271274224b18d72c55

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B3513D73A177A2707D910183759B389B_147AB4536A182B9FCE88E194D59F3B22

MD5 1c33733bba48dc1da9b3b72aa0d51872
SHA1 4cf2d3db81647006bb5f53aa30b9db7bcaf0d655
SHA256 88c15dbd932201db0eb1903827bcc264ed9abc80bcf323f4c49080ffcacc58b0
SHA512 3336ea7634bf22b2989549b621596496308446595d0e3b291902767883d901106aa5ed405789047b83c5ab97ffa05db2afe0d987593cae37c5a90c9e1b680988

C:\Users\Admin\AppData\Local\Temp\CabDC3D.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1VX38S3F\platform_gapi.iframes.style.common[1].js

MD5 aada98a5b22ec7188655c2c17a083c57
SHA1 7c3c2fb8744e7412d8097e28f588788d91b9cd9b
SHA256 f2f09baa213dd3dd95edb5a30c7764e4a44d9a79c0831f90b1ad8ebedec9dab8
SHA512 a780aa3b9e36f61be8240487e75c19a96fe26d54abf9006680a00af9d1d394e81e517f0bbbc13edff3a7190679260ecd56fd5cdd7c2d2f416ab8982c3277b953

C:\Users\Admin\AppData\Local\Temp\TarDCEC.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1VX38S3F\cb=gapi[1].js

MD5 cb98a2420cd89f7b7b25807f75543061
SHA1 b9bc2a7430debbe52bce03aa3c7916bedfd12e44
SHA256 bea369fc5bdd5b9b473441583c46b9939232bf1f98c1cedf6bc2241c4f5068d4
SHA512 49ccede4596d1e5640a9c8e8be333f9c18812d58f02b2b15adb54172df1387439e9dc5afc4ccd9d8f0f75f092318bed68d3cd577338e88ef4f9373de8a07c44e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 8c73ea01185ee225720742650273405b
SHA1 83b808ff811205068e553fb936e4139613759f4a
SHA256 382449d78b2d6b7d47fda4935e0b4af5d4f093c35cdac645b150c62c28054b7a
SHA512 5a46a294db75da6ce65281e2353ca8bc381da68c890331812d0ed44a1e2f4809f60ffa0c631ea818fd52a899a64f6e9334774b209e2517b85964665bfad01d47

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2c8420de33e5cbce7ad8ae1cd3c33094
SHA1 aabb400eeb4f4a695501346d9f5e2d31b5cbf628
SHA256 f755446b0b4456930c002ba92144c0dc38dd3788cb9f708dc66c283d259c285c
SHA512 176651dbb563eeb466b398b4e709cab7b2431eff69f5a94a231396f1b3b9714ab3c4454fa4963a380522acc7ea2e4bb9076af5624a5863e22ff9e1947654c95c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 47c7fda9c4493c4ecd602c57d3bce340
SHA1 2bebe2d12f11177da99fc4b384892aa5f35c0210
SHA256 f21696f8cf9130a1258b6516b0f430f7b417839d3042aff04c72255da832093a
SHA512 49338c94aab69ba4cac4999e651cce77f7b8c5f34c58ec1ed99fe5740407c7ec469c561ecd116e19438db1a93e02faa1fc1e4bfcc7206db55a89415b739d34c3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d498bf768aaf03b4ef7e5d5f191a9aa1
SHA1 4f00bac486abf0eabda6b5d43ec513ca76e27fce
SHA256 5af8f6b08c64e654911aa99059bba93fc20b0349515ac355b43101d4b024d290
SHA512 81a8f5343b22cad54dc603b87eaa57f7a691534cc3ad17bec63ce9f204061c2265580b037c71d714de9e4be9c604e7955f505d19b7aa46c95a07ba82c15a6e41

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 763fa20e5289479db6abf2b1da94d6c9
SHA1 afaecd0224ccd0a88503dac0e410a17385293454
SHA256 d8e69f8166365ec401c117d41d648ca7e64736bb176a81dffd1869c8aa669bbf
SHA512 4a70f37c00d45e86896603a2f96dec81d2dfdcad1ced6255380d1641223ed3e85a973bfd5a5f1aa7a4333195b08861edd4c0e9dd40193389a689f969363fc133

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cd8e0a59d087055ad8db878290d74fd8
SHA1 0edc054fc8b03f3ed9784bbfa8016bebe9f235e6
SHA256 130d36df4b315dc07180fef8ddc7a837d107d4f77ed14e8aeb20aac6d1f2fb71
SHA512 cc1174fe05477a45d297d36f42a28829d59cfeceae43fad5bb2689517b84a2a30d187a339066804879fca47ad30141bbd19507c6a990ddb93043e2538b048872

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8520b7e1928ac2f101cac880cbc364e9
SHA1 82e3ad6f3e1ba239246b3deb2367923e87c4cbbe
SHA256 f8a40d404264e2d8da6355f68b1499442175f17ecb30849e615a15df419d8607
SHA512 e98551d907a250b63b0f25b67e38d749342e983c63d60722167eb36bb7fda475a2e3711be28389d3d40cdd31b4889e957f2e62c2b9983fc1613d2c6d6e499173

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bc75556b2cb3a6b644af4803b795fb1f
SHA1 fcf726d1de1bfc4fcd43d1a0efbde924613e7d3c
SHA256 042682513ef41837e253ae620152ef2645ed779b2105b76052c9c4aa9c21279a
SHA512 cf94407e5ba8ac3fbbc818354aaca082184d5e99ff592035e387c570956d23b200fe4f0d1cdf66926f0f3d3ee6d9389dc72c13ca0fb96bcbdb81164fd9b68155

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2bc726c2f2fcb0ddb498c41402afdde4
SHA1 b3c81688eac06738bb70878d3c8d75779bfcd45e
SHA256 ce209f2aa2a8c337efd8b9eede0b7eeb1d30c644a94d52d4df2faee9bce4017b
SHA512 4519c0615560f4623fffc6926296e739559f7979ac332ed87594bc5a259fd02dd53004e8d08678ba52159d0718fc510806c578b2e726e397b1b0d872751bff08

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2b17677bfefe5a3b9cb857b652d77688
SHA1 87a58938472f05497e933bc76981908569b64c3f
SHA256 c4a73d92fe3c1f9f6a20f6a19129ad0abac826a63e3ec049aa64099da62103a2
SHA512 8b9fc6d3ec7b8ea505b1101045b107490a2c0b502d47b307a083ae8917d5ae7858438903154529a12ad8175e082cd5777e1022b5880a20e4017b0791260bccd6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3fa7387a736e54ec1c09dc62a2a476ac
SHA1 85778bf7ceaecb2c68532ed36f1a5a97cebc8719
SHA256 5de69b9d1a002d9efe026057c0afdd6f2b9ad3f634b28cfc4e90283647c8dd34
SHA512 134ac536d79810515ca5a8cef3f1e0aa111bf2446e99a5aa0abdd1f4cd2828d17b88ba9641d9fdd49c809db60ba43976642d5e12f6f7eaadd2a314b7bfd4f460

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 8cd527bf42b6a872cc7a242eebacfb06
SHA1 2e2c727ccda759b59688a6f93806cb633eada577
SHA256 0e8bf8239e1ad50654f111e3c441857f3e0fcc4d5999673946f75a963dbeccd2
SHA512 f76d3cdca4da127a08ce2684286425d571af6685a42cd8fe768bfc8b3f433d55eded06bd184c9187001b30ee0f2933964584e1342e938f5bb056c29c3d1221e4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 04486ada78470a5bc672dd7fc4e984bd
SHA1 c1259acac76d490f18f20ff069785db9643b2dac
SHA256 2050fd4bb78f264b8d27af17cdc528d89459288f66e6245e7a6069cf1aaee783
SHA512 345fc4ba8ddec231defc8976a5eb41978735ca56de3c32dc6d67d8f32e3a3cdab9bcf9ea7216af63a2558a8a3ff6e37c1b74dae1ab71c2a6d59fc6f1947ba325

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7a401b33e3a44c4a770eec040461e4d9
SHA1 d35b24c570520daeef7f75866709d11e3d7cb152
SHA256 c0fb7c990704ee19de815ee7e53667f28ff26893cf022d66c58861a579ce3bbf
SHA512 7ec401638f2dac5b035e5e0615fc5bfc2ca3aa70aada1c9b6aad7f9624763d48b1a89fb06877e87617099028231bd318872f19bed2a2cc22f06d97ead6de4b5f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 36b975016c82c64e6e9318c1db9e6d93
SHA1 a26c4d59e192803b1e98fcc43e29354201cae152
SHA256 236e2b5e453d26a6398b760ff60e06276f6540e9a6043ac20f9a1484e59a8dbc
SHA512 f56703c644c95c28c2a74402842634c36d2b76e663b775864aaaf4706c04c69156bd41d66e523c2114633ae331a831756ae5f96324e21889c9af2c7fb7fc5671

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 48f5729e90a0f97c155c3a74e7a44de0
SHA1 ead07642f2cd5cd02627dc0f0a8f1e8223e208ca
SHA256 1515b3faee7f44b1b1b9bfc6944a9283d53a7ef16fb768f013abd818a3bf782b
SHA512 8ed1b9dcc8ae2716b40d39e993484efe9c9dce167460d24804484124db2fac5a55402851a6889f4dac6605073b6c2b9d7d039df450d5eaa62204a4fe64956898

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9c3d46f88bb5c90baa40846536fb69b2
SHA1 ebb53247eec33c991afc63f4097a49aafeee44dc
SHA256 42a687e423c21c65ce91c60d291189c0ae5e9a7f3918835d8a7d0a789e192cd6
SHA512 c066050b082d375e71c1bbf6b4f744d2b610f0e0a8a393f2f133606cde82ebf711abf36af91920e9dc2d468f230b60de0ffdf88fd7a0fd6addc0df2c91c99de9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 78e97832e6083be2425547654e7edb83
SHA1 9b8cff423dc1a2a302e3205011a9df6cdff42d25
SHA256 a2d5736d9e4d6041dbce5a4aed55216bc0ce54592a6a4d89c4cca85fff16c6f5
SHA512 9ef0d4d4e73841a317cd7ab81334acdeeddd51fbb8e3cf32371e4968d8b484a26b6cdf7a20c8673e01ac4873485d3d623894fabeab29623330d96851e1e20ff1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cb8bc0c2217f0525f177d33bdaea06ed
SHA1 012f5da2e2fe2f56c7910ab7c77ea43c125f5aae
SHA256 7c53db2e2bebc3eb6bf6f84bc6a00b93255905eb18553d23133567fc5c0a65f2
SHA512 873ad4e23d3c2a26dee2047526b9a9ed8c0eba6b2b162aaee23620ce4c6d385ea4f648241dd88127548f2ee9016b6cc181530b9a5da40d7fdbc081d06768bd5d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7f8ac6ae945e6be66cc992d9b7b6b521
SHA1 34b86fa67b49d89f86b638c573903804715de490
SHA256 51f915f43a139710aeb2c4e8a768f1728eec0fc24df5af850cb9c15f80849dd3
SHA512 9ca2cfee4dac03962045f70141d48ffa8bd9668e3350b034aba27b8e273c0cd12cebdfd9c12b5c715f582dddfa5e251d699d5d487aff95c673536d1d4169c381

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4e4815ece579def96d8428ecbcbdf3dc
SHA1 cafb04a1e2f1691fad720468590db73f3a3f760c
SHA256 69e3c9378b52b898d63566d9247f9350155d734cd476dd8e35818f9ce1b5dec6
SHA512 ce7f949176aa6709abc65d2b86b54107765c8f234ef412c84e77a72c80d35f54c41d3cb7e0c53068264e22d6fb8b420e980b26707e1acdaede45823c937f956c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fa904296dfc881812f475ae2f534331d
SHA1 1a01987406a2c49fa53ac02eda98e621ad05c6f6
SHA256 4d64779e081ce32a2bce7d4fe7782601bb76e13a86093ea7fa3cb9a8671a2895
SHA512 15890b97553b699ad480725eba57c5660a4b9ef01897170058a39331cab4fb3c569cc3eea573ab25cf276174e3f8ea0453dfdc3e708f6986d6efe2f3dca32a67

Analysis: behavioral2

Detonation Overview

Submitted

2024-08-26 22:49

Reported

2024-08-26 22:52

Platform

win10v2004-20240802-en

Max time kernel

145s

Max time network

150s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c3f3654208148f72eb9c819d8adb43b0_JaffaCakes118.html

Signatures

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4736 wrote to memory of 596 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 596 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 1304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 1304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 1304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 1304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 1304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 1304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 1304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 1304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 1304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 1304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 1304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 1304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 1304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 1304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 1304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 1304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 1304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 1304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 1304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 1304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 1304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 1304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 1304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 1304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 1304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 1304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 1304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 1304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 1304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 1304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 1304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 1304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 1304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 1304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 1304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 1304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 1304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 1304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 1304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 1304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 1944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 1944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 3160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 3160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 3160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 3160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 3160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 3160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 3160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 3160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 3160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 3160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 3160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 3160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 3160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 3160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 3160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 3160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 3160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 3160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 3160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4736 wrote to memory of 3160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c3f3654208148f72eb9c819d8adb43b0_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa08db46f8,0x7ffa08db4708,0x7ffa08db4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,18286384653326532875,6530140219816658461,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,18286384653326532875,6530140219816658461,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,18286384653326532875,6530140219816658461,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2704 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,18286384653326532875,6530140219816658461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,18286384653326532875,6530140219816658461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,18286384653326532875,6530140219816658461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,18286384653326532875,6530140219816658461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,18286384653326532875,6530140219816658461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4700 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,18286384653326532875,6530140219816658461,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4620 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,18286384653326532875,6530140219816658461,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4620 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,18286384653326532875,6530140219816658461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1856 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,18286384653326532875,6530140219816658461,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,18286384653326532875,6530140219816658461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,18286384653326532875,6530140219816658461,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,18286384653326532875,6530140219816658461,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1980 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 www.blogger.com udp
FR 142.250.179.105:443 www.blogger.com tcp
FR 216.58.214.170:80 ajax.googleapis.com tcp
FR 142.250.178.142:443 apis.google.com tcp
FR 172.217.20.194:445 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 134.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 www.linkwithin.com udp
FR 142.250.179.105:443 www.blogger.com udp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 www.facebook.com udp
FR 142.250.178.142:443 apis.google.com udp
DK 157.240.200.35:80 www.facebook.com tcp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
DK 157.240.200.35:443 www.facebook.com tcp
FR 142.250.179.105:443 resources.blogblog.com tcp
FR 142.250.179.105:443 resources.blogblog.com tcp
FR 142.250.179.105:443 resources.blogblog.com tcp
FR 142.250.179.105:443 resources.blogblog.com tcp
FR 142.250.179.105:443 resources.blogblog.com tcp
FR 142.250.179.105:443 resources.blogblog.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:443 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:443 4.bp.blogspot.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 105.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 170.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 142.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 35.200.240.157.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
FR 142.250.179.97:80 3.bp.blogspot.com tcp
FR 142.250.179.105:443 resources.blogblog.com udp
FR 142.250.75.226:139 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 97.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 30.179.139.118.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp
US 8.8.8.8:53 58.99.105.20.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 themes.googleusercontent.com udp
FR 142.250.178.129:445 themes.googleusercontent.com tcp
US 8.8.8.8:53 themes.googleusercontent.com udp
FR 142.250.178.129:139 themes.googleusercontent.com tcp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 www.blogblog.com udp
FR 142.250.179.105:445 www.blogblog.com tcp
US 8.8.8.8:53 www.blogblog.com udp
FR 142.250.179.105:443 www.blogblog.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
US 8.8.8.8:53 bnpost.blogspot.com udp
US 8.8.8.8:53 lh6.googleusercontent.com udp
FR 142.250.178.129:443 lh6.googleusercontent.com tcp
FR 142.250.75.225:80 bnpost.blogspot.com tcp
FR 142.250.178.129:443 lh6.googleusercontent.com tcp
US 8.8.8.8:53 129.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 225.75.250.142.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
NL 52.111.243.31:443 tcp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 847d47008dbea51cb1732d54861ba9c9
SHA1 f2099242027dccb88d6f05760b57f7c89d926c0d
SHA256 10292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1
SHA512 bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f

\??\pipe\LOCAL\crashpad_4736_FWYOLNNHDKKGDLVL

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f9664c896e19205022c094d725f820b6
SHA1 f8f1baf648df755ba64b412d512446baf88c0184
SHA256 7121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e
SHA512 3fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6672320f070468270ecd0909053e1d21
SHA1 00e0fdfc6affc4a4dc379b04f8968f6c0d24f68a
SHA256 1ea92614ae0b7a184409ceea17b7f3fc2d949735dfcf2caaa901540316bdf072
SHA512 30b779efc94b5de742a36e5b6881a4b76b85125d1e87532c1954f6583b17912f8cefc99786837760c5062d59f78521f8d8083ce52fa0ee661eca8fa114f325ee

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 41dcdad112b88a864cf8215b83dc9c1d
SHA1 7ba7024096dc4c89b6b6800d4af0f3548dbf947a
SHA256 3a8a5ba6a5b066c6ab49f70afa5aa36e4b183644583a12dfab32f3bd67e4ff92
SHA512 e3c0968d0bdd14be6c4e535e0329f39f6e653c76aba8371675546cb4edba27a0202c05ac534c140b5436a15fdb3182b1ad6e69b744288716cfbfd9350860c930

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8a3902b1e72f3b5030581f1081bd235d
SHA1 a85d61b1a686fbc5581a78fdef8500f540f10adc
SHA256 cc9dc9024268d9799d1e8558b71501794d1ed15bbcba187d04ecfb347a26ef85
SHA512 a578f24c5182d1f45bde8e40d57cc7b79aa96000b5088b3d88865d4df805c4c80bb9b1f7d048611e6c46cb5ff826d17ab48b9eb1af5acb6807a7301639c1ba3d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 0d86d40bd4d8c0f0448967989d92c9be
SHA1 14173fdba1b5b43e4fc78e9211fb9b258ec4f0ac
SHA256 d93097a5617179b368410ecc800dcf3ab3db64b44527f5f959884d66c55318f9
SHA512 a656350f1afd2995228fe651c44ed0ca560dcbf801e8a4d82f5b9b3a251f7557837600caae61dcf18b80d0a09b5528c829fab34abd330a07e0f2d820ab0da12b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 13eb3886047cab1a02dc176aa66d4e24
SHA1 2a5582101992d6f10705863b0e68c23792e7385d
SHA256 71d6473e7cf3431f7c5e57677f3d6a9361abad2a8bc4644247704eb6504ad266
SHA512 c018760c69795ca85b2bc787cbe93375e57fc716ac024c702c5ef8c50a5dc00d2d7ea1eb521d31b8f3e94859d78e1256a72e5112b5989bcb6546fc3278c4d0ef

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 9b0405c64b6183a9abed62e5712c22c5
SHA1 1c6ca1dd3a171ea5d8b3b7e0e388e39c3f8e0530
SHA256 7ea0e9f69951384c1369f421535061a2158a045f905532873617a8d25d98b7f8
SHA512 a461c49ab50cc2bd197b9e952758917ec6e1cdbb635dd1189e0b0b84d65b2124e2a522d7dfbf9c985f0f87ebac2cd6376232481f8cb038659872648d6cdfcbe8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 687ac64905010215e06c204cb892fd7b
SHA1 11a83d995b570417fce66e6bccfed542aaeb968b
SHA256 1ecb2cf3d994292c2f8140532228f8e7abf4075b356c69adeb4c38906f5e0992
SHA512 10235d55f5ffa57428179f1372da6dcd110fc55db156c39c9b9a85294dad53663bffdf0d125a38dc4c0462ade6855f1c2ad2c711445f26b86bd71ec6286a6852