Malware Analysis Report

2024-10-19 02:44

Sample ID 240826-mtmqyazajf
Target c2d4d2d4ce51cab7a74d376a5ef83f17_JaffaCakes118
SHA256 6c6462e14ff1be1776e540b007220471d73ca163c016daae77191034e38201f6
Tags
socgholish discovery downloader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

6c6462e14ff1be1776e540b007220471d73ca163c016daae77191034e38201f6

Threat Level: Known bad

The file c2d4d2d4ce51cab7a74d376a5ef83f17_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

socgholish discovery downloader

SocGholish

System Location Discovery: System Language Discovery

Browser Information Discovery

Suspicious use of FindShellTrayWindow

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-26 10:45

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-26 10:45

Reported

2024-08-26 10:48

Platform

win7-20240704-en

Max time kernel

145s

Max time network

152s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c2d4d2d4ce51cab7a74d376a5ef83f17_JaffaCakes118.html

Signatures

SocGholish

downloader socgholish

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{542B66A1-6398-11EF-9143-7699BFC84B14} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430831006" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bb7c5835718279428690b074aa627b7000000000020000000000106600000001000020000000b6ba88cd0aa31efc7c729145c84697ef801dc9adecb24d630322abd9de7ed2b6000000000e8000000002000020000000b5181a06ab046fbfcd2fac5d3320f1a1b09fb01ba2661d75722864132e53c1b1200000001015330636b624108a242faea7d155010c941089b61c8317e8fa141e4c8a455840000000674b56d07576dbd0f91af611acb2073b3f7b12542209871c2c4bc5ba97ee9436a32175cb4737275de5c48c4af287a187e2a60875d083921c574005db3655a83b C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 907d052da5f7da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bb7c5835718279428690b074aa627b70000000000200000000001066000000010000200000009f1439f21f372be384c243ae4922ce7eac4dce74a7eb58b8ede4e61d87a9f0d7000000000e80000000020000200000006da09b4efcb56a16670fcb4431af0f263916492624c55a447caeffa21857f6e7900000007bb077f8ed415828885f483ef2fe9213d24ee0b3ddb594365e52f21efcd8753edb3594bf4a33e60c3e4fac98525a82779ecebf8a40d420f7ca35458bf3ff143d7bf61aa1b24858b243af08f596517ef82148e2dc699db26b1f04f6ffdc1d86a11bfc5f8f168d5acc335c7537e7aa9cfc9d53f5d62a189084a36d9b8752b4e046846483b150b2aff2064b6e64f03687a240000000e2adfa863a14bf170f034257b37acbcd188c382c4bb707d1dba569a3820815ea957175ae9f9928d921756ff5aa3a359249ee5c5277740807a8f1f2ade1115f50 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c2d4d2d4ce51cab7a74d376a5ef83f17_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2124 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.edomz.net udp
US 8.8.8.8:53 scripts.chitika.net udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 img2.blogblog.com udp
US 8.8.8.8:53 img1.blogblog.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 feedjit.com udp
US 8.8.8.8:53 i43.tinypic.com udp
SG 118.139.179.30:80 www.linkwithin.com tcp
FR 142.250.179.105:80 resources.blogblog.com tcp
FR 142.250.179.105:80 resources.blogblog.com tcp
FR 142.250.179.105:80 resources.blogblog.com tcp
FR 142.250.179.105:443 resources.blogblog.com tcp
FR 142.250.178.142:443 apis.google.com tcp
FR 142.250.179.105:443 resources.blogblog.com tcp
GB 18.244.179.68:80 scripts.chitika.net tcp
FR 142.250.179.105:80 resources.blogblog.com tcp
FR 142.250.179.105:443 resources.blogblog.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
GB 18.244.179.68:80 scripts.chitika.net tcp
FR 142.250.178.142:443 apis.google.com tcp
FR 142.250.179.105:443 resources.blogblog.com tcp
FR 142.250.179.105:443 resources.blogblog.com tcp
NL 190.2.139.23:80 www.edomz.net tcp
NL 190.2.139.23:80 www.edomz.net tcp
GB 18.244.179.68:443 scripts.chitika.net tcp
GB 18.244.179.68:443 scripts.chitika.net tcp
GB 18.244.179.68:443 scripts.chitika.net tcp
GB 18.244.179.68:443 scripts.chitika.net tcp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
US 8.8.8.8:53 statinside.com udp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
US 104.21.57.149:443 statinside.com tcp
US 104.21.57.149:443 statinside.com tcp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
US 8.8.8.8:53 www.blogblog.com udp
FR 142.250.179.105:80 www.blogblog.com tcp
FR 142.250.179.105:80 www.blogblog.com tcp
FR 142.250.179.105:80 www.blogblog.com tcp
US 8.8.8.8:53 s10.histats.com udp
US 172.66.132.118:80 s10.histats.com tcp
US 172.66.132.118:80 s10.histats.com tcp
US 8.8.8.8:53 s4.histats.com udp
CA 149.56.240.129:443 s4.histats.com tcp
CA 149.56.240.129:443 s4.histats.com tcp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.151.35:80 www.facebook.com tcp
GB 163.70.151.35:80 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 r11.o.lencr.org udp
US 8.8.8.8:53 r11.o.lencr.org udp
GB 173.222.211.9:80 r11.o.lencr.org tcp
GB 173.222.211.9:80 r11.o.lencr.org tcp
US 172.66.132.118:443 s10.histats.com tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 104.77.160.148:80 crl.microsoft.com tcp
CA 149.56.240.129:443 s4.histats.com tcp
CA 149.56.240.129:443 s4.histats.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 eecdf0a7dcf35d061d4f6ef3a799307f
SHA1 9204d28a1720eb5f94c303ed96a0b9330cceb647
SHA256 37e52308a382dfa7a2233b3a708175fe7945ed6c90605ec50c7171971c06f923
SHA512 370a6a75c2328eb5c37ba8817c145b571108644edb28ea84e8fc6a759006161cffad3db4f21d6d00b492894d1ea7f07653aeaa325f6f7eb74ea48e96aee8ca65

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 408c191c8eca237268d75f5b7270cabb
SHA1 3b5d2eefa16cd46d35cc28a731525c7ac535873d
SHA256 c5f8a12984c9045b26df6f42140f3964ea43b912fedc10082eda7fb0748dcc09
SHA512 53da64a78af19fba7a0f160ee4d64c21b2cdeed534c6a5dd6b8bea9d97e9847167938f21e92e32e2786ea503ed0c4511ec891b6b0c951d2449a15f808f73c316

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

MD5 e935bc5762068caf3e24a2683b1b8a88
SHA1 82b70eb774c0756837fe8d7acbfeec05ecbf5463
SHA256 a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d
SHA512 bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 ea4f296abc07730df38c0930465011c3
SHA1 c9aebaa1be20d1d27c4bbda36312ee16c213cc31
SHA256 37f42747e18a80fb71b3f02d9ed3505f28cad43cde066757c0114efbd13c09b4
SHA512 df84a091b299cbad7a85158f77a2770904b2b665c464c80cd879d3741671264497c1097c77b48adb1f574fc770649fc247359cc8311559703d6bb5c0ff3dbf75

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B3513D73A177A2707D910183759B389B_147AB4536A182B9FCE88E194D59F3B22

MD5 1c33733bba48dc1da9b3b72aa0d51872
SHA1 4cf2d3db81647006bb5f53aa30b9db7bcaf0d655
SHA256 88c15dbd932201db0eb1903827bcc264ed9abc80bcf323f4c49080ffcacc58b0
SHA512 3336ea7634bf22b2989549b621596496308446595d0e3b291902767883d901106aa5ed405789047b83c5ab97ffa05db2afe0d987593cae37c5a90c9e1b680988

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VOGNAB2O\plusone[1].js

MD5 65d165a4d38bfc0c83b38d98e488f063
SHA1 1c4ed17c5598a07358f88018a4872aa37ae8bc07
SHA256 b1320e0dda0858c87971f7baa0d53063ad2a429d232fd06b0067bda8b9eeb0ec
SHA512 abf4c755d88193e7e05398b6f934fc561d8e2adbee7d2170af399e145e54a4a8a93988e4af4e28d6240c0bd1bda7035ae97f67a85a471088820baae8d89f3d41

C:\Users\Admin\AppData\Local\Temp\CabCEA7.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\TarCF94.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1ddcc02d97ef18f2e9552f50d79bd710
SHA1 18ad866bb62bb9b6bc2f40d3088c85c2e6a7ba53
SHA256 6cc691f785e3b836e430b7efb535a881cd53a17c762aaa73a50fc50300bbcfde
SHA512 d28c35ac22311f78896019f9afa4b50a670e4f99cf0858cbe5612c333b6e845b083e9d7ce0631aa498f42e40e97378d5e012c8eba9a686a9e9923814d2759a2b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 27a93321c788d76e68adaa82ec1e656d
SHA1 ed67953abc96d437a24cd1ad975f1eb658e2f1b2
SHA256 afea6924a7b03b3cdf025257f10aa62d9096fcc34de276b8ac83cf16125d9a40
SHA512 004a737f2a38a0f0371e6a2defeda37e5056ddffe4ebae4682eb7b7bca83b74db9cea0e7614f24ef432c4f6bb1fd9cd0ff57d710dc6af53f75d4393be533d98b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4855cb4056909a245757ff6ef21f395a
SHA1 aa01b6a5efedbf784dce6dfb80aa74a4911e4b39
SHA256 eea953c657a152a0dbbe7de7382ebe3f575c463567ac9a741c4a4c0201cf2951
SHA512 b449d89f6da880cf6e82bf7a823da16e50a575959a47b36dbc0124bb3f22b3e9db7c7c471a369a676caeef76a160729f8f3d8bdf5628ec15a02e478340acd4c0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bb670ae8039c99a0232e147ba839e0a5
SHA1 4949f017074aa7a389beca4d8f1eab62c266dc65
SHA256 7e86544856b153335da87d26a39aedee574c310ff0cf6440a73e06cda8b09379
SHA512 171880f7535f25e4fa924fb63634bf50b6f02b7ba5012c595bc2f048fc3dbf3652830fc4d5b9d7e81d6960477bbf40433b93507c91799e8e04d28b90520e95ec

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9d5fe9ddeb40e5b64b5ef8c1cddd3982
SHA1 8693a39a9d94a3b6f947cd80747a0e2e588c4b57
SHA256 7ec15c12999190b2110d8c5bf4e4b1c170a4f0f9c1cc967b01bebc58aba43813
SHA512 84ffffecd6ca9a52e0cc9ba651ee571c85a24151b6270a600f19f7e3473ee47dae91d1a138fd5e4dc86c87a4148e21e1324c3b0d2845fabf81f434d9264ad21d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 381ded0347366b2cfa047f0f03cc80f9
SHA1 5f90a0f19601c9f2faa7b2f46fceebb96eb63338
SHA256 eb3883f513f57d40f73e0702b94df05c530db018101981250cdec015c856b976
SHA512 e77c7251b25032e1683980f1f4e8724daccbc58df30274a984a7963650241d4c493abae784877dc502ed93aa993684a244ea55da6b32991c425b287242e65b3d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 64181176fa10f401f5f0c84a9fa75bc7
SHA1 23c2e99f23b07e57af1e430b13571e90dd98e7d0
SHA256 1230c674ac28db5eac033d6248ad299c485513b9864a09e63ad99c924ecca2be
SHA512 d2d71df1560377d9c6b2330104246ae798d5fdb7a6d1210075f8cecbb905171dd3b4d98f240d5a4090f808ddaada5a199dee839a01a6a6dccbaf3a29ac268cc9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 46e4c72c3f5a6f8239397ec2c3d43df4
SHA1 4bfe9afdd27177e537cef1511a04ada4d14e7a78
SHA256 eaf8c67630032d44bf8c10528ad1f69e272a1ea9b24bb1cffe224b83beac9e5d
SHA512 d79b070e462d61581d066c2536231848d3c2ae1089c6816be146d8bfedbac9236a1994e98631f111d22bcd171ece7e2e53161cc602f72f6d2071809f727c8959

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9b1c0d0be01e11c8f9043ecd00a9f610
SHA1 24281ce6eb37e049fc39e0368b772066217a4d17
SHA256 2b0aa0b0075b09df3b183e9f76beae017d681fad9b1a8ea43ad3b42e1a29a717
SHA512 f866c8ac46cf47a59793356cc6737e7888bb1f0f8d8583c37235c5ab523919370c26582657b3893948c8ca7c5674c0d9bdad3e273e3f6de8801ab15fd5ecc240

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a52445010c8b2ba84ce7062703e79c9b
SHA1 2450a6f599c511e17af249a567496f504d9c7e05
SHA256 bc71adeff1f7698e2c93225bd3825ec8ace0f6b61a0a0b9eaa1a75ad3a252d6e
SHA512 eee38df66c54c215f07052bb37db12829f69c8ab4e4f37b9d69076f093a93dd57487d5379e7f026b4fb330230d00bb44c6ce3809d94652032178d0b708353a15

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 05aea545d293e15c4e120a2392be5717
SHA1 4df15c206f28c09b515c67dc9d59c962c671c99d
SHA256 a909af5a4fd499412cf8f4168ce4b92cc07cde68183e1eee27ccfdc21ea47780
SHA512 ef9cbe5e92a20b37e1e264368982df6f02d854b4064b0961cd2610cd50e07fcb879931f70b5eb27ac3364985f3c88ae0963021d76fecff118ceb009167f0ef75

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0942f4b4cc9ecbb5de7b56936803d822
SHA1 56b8929a76487f3a0778f267f3bd7e9a1fd12a80
SHA256 827f897449f90a6c1a082268765760b987f166466b5fa85288a6397264faded4
SHA512 5ae816a72f9dbe6ff1d90a1f8e1b530ed352c9a9a917fab1f33d61335df5a2700e2c74418d3aece9547b9be98246d2765fb0a92b417708dcdfd0a539fbad25ed

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 4bd6b6d61bc31b2a3bb95a8fa52011d2
SHA1 34bcbc94a4319d965c8eb90f61f608ac2c1b6c4c
SHA256 61bb8ad2973e0c19bf4bf83608bdaa9555dbc8aab4c0b7a0e065291c9757971b
SHA512 8a6e0d1382e74861b633d93e2c3b800b5f3c9fe3d1834987cb9b03c37d78d57d3eb4fb6ed76ddc4b230630a806efae5882a735f82e2a944916d98ece8ddb4436

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 12cab8c8d43e02a58bbba945922f41a2
SHA1 052c9a633dfb18cbfa5fe2553c6b2333e89ba492
SHA256 287e037f398c41e0f77d3d7ea6f12d15c5f4932c1bcedae4b9c37f5f91ad94a9
SHA512 664e530167bf4243dd33165f283c4e5fa17de67233a4d9432a9dead530fda54574d9f9c52e11c6cdb6bfb0e1cf1b5d5b912dccdd655fb27f6745d9a465b34e42

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6f05e041f1617279a8e5159ac3b9649e
SHA1 86df21f6d7a3c5872e19c2c896a5aa34dfab9ded
SHA256 a5d734cabb693e78b41a59c9c8eb39a39bfff7225491cb3e4d961883c6243626
SHA512 4db59dbc23291ac724e266925487c2d1408181b9a8f471ab182996d8b1dfb783e46e38af7999b6c4b4e3603c05d7a4c9e508df01caa4ad31344e211959f63c60

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 42cd7203285b50cc52a344f3dba61fd6
SHA1 630c506f085fbd8eb0ad6440ea3c7bb3dc7f09f9
SHA256 784e3bee0f309bbf2bce31927c9ebeb9b34c10cb01d1592ef1105d2dfbaa8770
SHA512 c85990b696017476824bbe3b26b9caa416566fe5ff9416634fdf165f7008246169a0f2542cb0bfbc7ad5f755e6c6c8dce280ba09161d43fb3f44d2e1959d09b9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 947127caa4caa6da8313fbde9440b8a2
SHA1 d06937dd5d8462dc4ba56ba08ce2800d9c6aeac1
SHA256 d5200dcb27901ccebe8138a70898355f17c0ecbc5c7cec09348509d9983682be
SHA512 0e1333f98bbf5fede5ca7a92aa33ab70ad1985dcc8d53589cc1e82fc94b318a0b4b426a3e93d4b151bf2fc98c954035972a4d71623a5932f63afcfd49297b5c2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 93a9c6d6fde5f65159f4705ce8f53329
SHA1 0782f521e3ad6a4d629a73c66455d809f15e86ea
SHA256 6392d5c8d5118e4d34ecb1e90e2505b74d3a138f7187cd86dc47b6da22200f75
SHA512 5b311e38cf7f47e8564bcae2ffd804e156ba3151341d7ce6faf1c34e118134e0d19bd1bc36cac1d7f5e8a9904ca370041fae27f7f85836648fa61d3800699f2d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 6b3f20ebbbc26d4c6611656278922e56
SHA1 0d1527a3f80c9858dbc1bc1a500a50c4de0a96dc
SHA256 4893ecc17ae419e0f8b8f844dc5b805bcc136274bbb4f22da179ca96963bfca1
SHA512 c89b85bb58996d1027d117cb688c43a1b06a5f467c8936396f81f5c9fba2dd898fc678a672f9b9f3d410390bf26f7c05a75aa33431e1b324cca500110a330c65

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0ef4f78b05b22acb801ad8d2eb9e9727
SHA1 0ee784bac34a74e71f705248a35f47405969a908
SHA256 67b8a9474045ff786f5013b0821c4093373e4ea2778854204e66e0869b61deda
SHA512 d03eb146791f424159407478e6c2eed3167f6edd3066ff6456e46819a50425a3e97caf9e6fa97a76c47920236a139105c591e4d6b4ff50c87c41d91013bd9125

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ecbfb29f51146ccc5656f5f091baa51d
SHA1 53a8ba829170ada417e01291043f929fd9d9ea54
SHA256 07ff81315a1a9814475259500128eba9cb6bc12607c42190b2c11426680590ff
SHA512 66f4a19bf80bca3defc0f752731e28a4c559a4c42042f5222a182c72e417302a0b357e96b901bb129055f5b07006769d820ce1154d408d0d5bd1347b39de41a2

Analysis: behavioral2

Detonation Overview

Submitted

2024-08-26 10:45

Reported

2024-08-26 10:48

Platform

win10v2004-20240802-en

Max time kernel

149s

Max time network

140s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c2d4d2d4ce51cab7a74d376a5ef83f17_JaffaCakes118.html

Signatures

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3036 wrote to memory of 448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3036 wrote to memory of 448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3036 wrote to memory of 2272 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3036 wrote to memory of 2272 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3036 wrote to memory of 2272 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3036 wrote to memory of 2272 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3036 wrote to memory of 2272 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3036 wrote to memory of 2272 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3036 wrote to memory of 2272 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3036 wrote to memory of 2272 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3036 wrote to memory of 2272 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3036 wrote to memory of 2272 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3036 wrote to memory of 2272 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3036 wrote to memory of 2272 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3036 wrote to memory of 2272 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3036 wrote to memory of 2272 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3036 wrote to memory of 2272 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3036 wrote to memory of 2272 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3036 wrote to memory of 2272 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3036 wrote to memory of 2272 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3036 wrote to memory of 2272 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3036 wrote to memory of 2272 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3036 wrote to memory of 2272 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3036 wrote to memory of 2272 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3036 wrote to memory of 2272 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3036 wrote to memory of 2272 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3036 wrote to memory of 2272 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3036 wrote to memory of 2272 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3036 wrote to memory of 2272 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3036 wrote to memory of 2272 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3036 wrote to memory of 2272 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3036 wrote to memory of 2272 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3036 wrote to memory of 2272 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3036 wrote to memory of 2272 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3036 wrote to memory of 2272 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3036 wrote to memory of 2272 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3036 wrote to memory of 2272 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3036 wrote to memory of 2272 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3036 wrote to memory of 2272 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3036 wrote to memory of 2272 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3036 wrote to memory of 2272 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3036 wrote to memory of 2272 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3036 wrote to memory of 712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3036 wrote to memory of 712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3036 wrote to memory of 948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3036 wrote to memory of 948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3036 wrote to memory of 948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3036 wrote to memory of 948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3036 wrote to memory of 948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3036 wrote to memory of 948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3036 wrote to memory of 948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3036 wrote to memory of 948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3036 wrote to memory of 948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3036 wrote to memory of 948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3036 wrote to memory of 948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3036 wrote to memory of 948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3036 wrote to memory of 948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3036 wrote to memory of 948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3036 wrote to memory of 948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3036 wrote to memory of 948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3036 wrote to memory of 948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3036 wrote to memory of 948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3036 wrote to memory of 948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3036 wrote to memory of 948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c2d4d2d4ce51cab7a74d376a5ef83f17_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbb50146f8,0x7ffbb5014708,0x7ffbb5014718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2232,18254073465763793561,1049908006873949865,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2244 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2232,18254073465763793561,1049908006873949865,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2232,18254073465763793561,1049908006873949865,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2656 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,18254073465763793561,1049908006873949865,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,18254073465763793561,1049908006873949865,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,18254073465763793561,1049908006873949865,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,18254073465763793561,1049908006873949865,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,18254073465763793561,1049908006873949865,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,18254073465763793561,1049908006873949865,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2232,18254073465763793561,1049908006873949865,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7116 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2232,18254073465763793561,1049908006873949865,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7116 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,18254073465763793561,1049908006873949865,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7084 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,18254073465763793561,1049908006873949865,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6176 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,18254073465763793561,1049908006873949865,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4220 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,18254073465763793561,1049908006873949865,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2232,18254073465763793561,1049908006873949865,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4860 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 www.edomz.net udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 scripts.chitika.net udp
FR 142.250.178.142:443 apis.google.com tcp
FR 142.250.179.105:443 www.blogger.com tcp
GB 18.244.179.50:80 scripts.chitika.net tcp
GB 18.244.179.50:443 scripts.chitika.net tcp
NL 190.2.139.23:80 www.edomz.net tcp
FR 142.250.179.105:443 www.blogger.com udp
US 8.8.8.8:53 feedjit.com udp
US 8.8.8.8:53 statinside.com udp
US 8.8.8.8:53 img1.blogblog.com udp
US 8.8.8.8:53 img2.blogblog.com udp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 i43.tinypic.com udp
US 8.8.8.8:53 resources.blogblog.com udp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
FR 142.250.179.105:443 resources.blogblog.com tcp
FR 142.250.179.105:80 resources.blogblog.com tcp
US 172.67.146.166:443 statinside.com tcp
FR 142.250.179.105:80 resources.blogblog.com tcp
US 172.67.146.166:443 statinside.com tcp
FR 142.250.178.142:443 apis.google.com udp
FR 172.217.20.162:445 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 www.blogblog.com udp
SG 118.139.179.30:80 www.linkwithin.com tcp
FR 142.250.179.105:80 www.blogblog.com tcp
FR 142.250.179.105:80 www.blogblog.com tcp
FR 142.250.179.105:80 www.blogblog.com tcp
FR 142.250.179.105:80 www.blogblog.com tcp
US 8.8.8.8:53 102.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 142.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 105.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 50.179.244.18.in-addr.arpa udp
US 8.8.8.8:53 23.139.2.190.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 61.39.156.108.in-addr.arpa udp
US 8.8.8.8:53 166.146.67.172.in-addr.arpa udp
US 8.8.8.8:53 developers.google.com udp
FR 142.250.179.110:80 developers.google.com tcp
US 8.8.8.8:53 s10.histats.com udp
US 8.8.8.8:53 accounts.google.com udp
US 172.66.132.118:80 s10.histats.com tcp
IE 74.125.193.84:443 accounts.google.com tcp
IE 74.125.193.84:443 accounts.google.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 s4.histats.com udp
DE 157.240.27.35:80 www.facebook.com tcp
CA 54.39.128.162:443 s4.histats.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
FR 142.250.179.110:443 developers.google.com tcp
FR 142.250.179.105:443 www.blogblog.com udp
DE 157.240.27.35:443 www.facebook.com tcp
FR 216.58.214.163:443 ssl.gstatic.com tcp
US 172.66.132.118:443 s10.histats.com tcp
US 8.8.8.8:53 30.179.139.118.in-addr.arpa udp
US 8.8.8.8:53 110.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 118.132.66.172.in-addr.arpa udp
US 8.8.8.8:53 84.193.125.74.in-addr.arpa udp
US 8.8.8.8:53 35.27.240.157.in-addr.arpa udp
US 8.8.8.8:53 162.128.39.54.in-addr.arpa udp
US 8.8.8.8:53 163.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
FR 142.250.179.97:443 1.bp.blogspot.com tcp
FR 142.250.178.129:443 lh3.googleusercontent.com tcp
FR 142.250.178.129:443 lh3.googleusercontent.com tcp
FR 142.250.178.129:443 lh3.googleusercontent.com tcp
FR 142.250.178.129:443 lh3.googleusercontent.com tcp
FR 142.250.178.129:443 lh3.googleusercontent.com tcp
FR 216.58.215.34:139 pagead2.googlesyndication.com tcp
FR 142.250.179.110:443 developers.google.com udp
US 8.8.8.8:53 97.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 129.178.250.142.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 www.blogger.com udp
FR 142.250.179.105:445 www.blogger.com tcp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 68.144.22.2.in-addr.arpa udp
IE 74.125.193.84:443 accounts.google.com udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 138.201.86.20.in-addr.arpa udp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
IE 74.125.193.84:443 accounts.google.com udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0446fcdd21b016db1f468971fb82a488
SHA1 726b91562bb75f80981f381e3c69d7d832c87c9d
SHA256 62c5dc18b25e758f3508582a7c58bb46b734a774d97fc0e8a20614235caa8222
SHA512 1df7c085042266959f1fe0aedc5f6d40ceba485b54159f51f0c38f17bb250b79ea941b735e1b6faf219f23fe8ab65ac4557f545519d52d5416b89ad0f9047a31

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 9b008261dda31857d68792b46af6dd6d
SHA1 e82dc88e2d1da2df7cb19d79a0346b9bb90d52b3
SHA256 9ac598d4f8170f7e475d84103aead9e3c23d5f2d292741a7f56a17bde8b6f7da
SHA512 78853091403a06beeec4998e2e3a4342111895ffd485f7f7cd367741a4883f7a25864cba00a6c86f27dc0c9ce9d04f08011ecc40c8ae9383d33274739ac39f10

\??\pipe\LOCAL\crashpad_3036_LAOINUPHBBVBJDXM

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0e0b11d41ffdf67f2729da7a4ddd142f
SHA1 2588f85fa889c4f69b20918ba2b981de269fdea1
SHA256 8ee423b0abb7686660276951266a9140497b52c303f17a4c42a15515ea600856
SHA512 6bb6c7aecf678a7e7e21bebaaa130d46e6c9d51f286b19288ea83b18e6ca2dd4d8a6ed05c0718e457bc853d6c30264663df500e207a20aba67d62020dad06ac2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

MD5 a0423f1305547bb6b8f5a4fb1a9fc2d8
SHA1 092dcf1fe57e6bb53821eb754e04188ee70602d5
SHA256 6add651cb411ed9ce9a17883c1522920a6ee3b4eb676f5b411e72d1a5e7de6e8
SHA512 b8487c60b40d332e562cc5d4fc7c515e3b3c2c82311700b788905754c1376ce6f0da650583545a4691d51f04ec5da0c0204997214d167c85b788d4c85236c4c3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 4f6ebf2f527a85a912199e631086002a
SHA1 578d9a57148cb16e8e17f4cb6958f740fc212549
SHA256 3c8a610438187a7ebfdfacf64b7a7f8dcafa8178ff9274946714f1f41d429409
SHA512 966078ee53d2da079b3f89876e67b94e007fd4fe49a0d79c41a5ed9758db56f12614b865832bcc08e53e51fb895b5e3aac7d75dd24c71d3fbfd54913661ecbbf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6cc6ae90762b771c3ad9a29088016a5a
SHA1 1f8c1d3b343f78256dc3d6ab1d7d30275b077e4a
SHA256 f64bbd6c417e10c4dfe96c28dd7fe556dd1c3ed9277831d9af06aba72b8bec34
SHA512 6efaca389912308dd1cf07917c0acfe398e0e1dcb9d77413b760f0d87d71cf9adbdc9b72b27d1068b9668378ad998923cf92f46f2ad6f9b98dfc3612427d5437

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 be353e462acd26348af0567c64905cc2
SHA1 89f4df6f4926d06c0c6cc3c23116fb61f78570d5
SHA256 29c5896342a8cf0cf18e4aad61d7551bf86dd5cccda1ccf75233d88938529f18
SHA512 5ef4d0174a8b29cf91a43d9a1225e326b3a0881d16ac7d7add134fd71c395a8f1fa1fd1c4dbf2a29d6c01aa3b49f792ccb07267aa1e0d5ca9cfbcdd6e128d036

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6892dba918573410325911d8949d6ea1
SHA1 224659838ff3ae9bcbd6f6a41ce4b99e1b799698
SHA256 19126b42187d55c0a11d3053836869dec484d55415b0c76f961b015d4c291a9b
SHA512 4ebbd632ee841968fcf93272b7046578a4444934cbd690cce215e46b6e7b4945e4598c35c47c126ed6d111cf076e67bd4d3870d64508c30f6fdedb8e5a21deeb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 6d7734e477d36263fb616056121f1e0e
SHA1 639ed90517cd56bba7f56d9d166858c1794baeee
SHA256 76c2a70baee7b4cdd0efedf893b3c1e04017b6038600ae8e711924df5d5325ce
SHA512 a2e84922ca9358eeaa7f4b6141dccbba9b84b22194ed180b594671d3e9e7145cf5cca061cd41d231af50944c2397c74d561115f987c6cf046fef08597f690886

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 75b983fd0d933dfa70520c2f0e10ab84
SHA1 a30689af5231a7e322411666e2dce87c44556243
SHA256 f9d6b951b5392dcb9649e375f27329b4e2ed783695e41f6e4b0baa0b0c828347
SHA512 fa7162645a595019c6cb02b9cfbe52305a23560c4aad5fe16d7adf969dce2dcd6ef5e625e2bc7f03c77f62e19ce87422df68111901db3e9be91344c9d7314134