Malware Analysis Report

2024-12-06 03:26

Sample ID 241029-faqj6atjak
Target 7bcd5b3d743b791d182b9e223b10a6fc_JaffaCakes118
SHA256 6e4e009bfff18729f325bad98edf8f371a74ffccd89f3787a40c3baae7d98eb9
Tags
socgholish discovery downloader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

6e4e009bfff18729f325bad98edf8f371a74ffccd89f3787a40c3baae7d98eb9

Threat Level: Known bad

The file 7bcd5b3d743b791d182b9e223b10a6fc_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

socgholish discovery downloader

SocGholish

Socgholish family

Browser Information Discovery

System Location Discovery: System Language Discovery

Suspicious use of SendNotifyMessage

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Modifies Internet Explorer settings

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-29 04:40

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-29 04:40

Reported

2024-10-29 04:42

Platform

win7-20240903-en

Max time kernel

149s

Max time network

143s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7bcd5b3d743b791d182b9e223b10a6fc_JaffaCakes118.html

Signatures

SocGholish

downloader socgholish

Socgholish family

socgholish

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a7e3310a2b0e6e498bd88e48ec67abf6000000000200000000001066000000010000200000004703a3579b4c7aebc1e3dd30eab7e3423653f8831d0228ab79b8db15ce8ef027000000000e8000000002000020000000405b497301284eff9392ac642ffb3eb3471f10994fcb0a63184ce1301fb0373f20000000efb1d3d27fc1761e510074e5d0c516f18e3376f3def8efd2f38fb220a5d5b64b400000000ab239a6aed2b7dabd2731c7ce78951cc5dfded770909659a3ddec82c59b4cf5aaf0d2be7bd683e7300b032b5a3ccb0abc353c5679a9fcfea3ae17b803f1cb89 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "436338693" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a7e3310a2b0e6e498bd88e48ec67abf600000000020000000000106600000001000020000000f8b4c026e0bd28fd1eb44de5d0ca8c0ea9591fcbc118579a0a50c5f72071d04b000000000e8000000002000020000000317117172d49a57cfd00171ba09c8e7952c801778da0ce211f11f530638adeac90000000b1a58999378260213587fff0ca2c13be6d2d938bd9ed6b0c802d4efc4245e62f28493fae060d011636469c2c6d61aec1a829fc09eb765ffbbf0c81a00f1f9138e75a418da4f14ec425992ae805f4b415043fe8bba5b86c15ca94904325263ef91d034ccad63e1bba620abd569a4745317ab980bc07f4bd855b9f2fe8f70d58ebcb2a584f2c51428625696e7f3425016c40000000a4d73f7bc70b5677efeaf416c6951f41d63ac226e82533763f078e9953cca95f4d06369c283456ab9fb0e412b869e7c326c7102b9cf19d7f18930246a33ed3e7 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0b824e9bc29db01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{EA37F571-95AF-11EF-869D-46BBF83CD43C} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7bcd5b3d743b791d182b9e223b10a6fc_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2512 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 blogmagsac.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 platform.twitter.com udp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
GB 146.75.72.157:443 platform.twitter.com tcp
GB 146.75.72.157:443 platform.twitter.com tcp
GB 142.250.187.202:80 ajax.googleapis.com tcp
GB 142.250.187.202:80 ajax.googleapis.com tcp
GB 216.58.204.66:80 pagead2.googlesyndication.com tcp
GB 216.58.204.66:80 pagead2.googlesyndication.com tcp
GB 142.250.200.46:443 apis.google.com tcp
GB 142.250.200.46:443 apis.google.com tcp
GB 142.250.178.10:80 fonts.googleapis.com tcp
GB 142.250.178.10:80 fonts.googleapis.com tcp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
GB 216.58.204.67:80 c.pki.goog tcp
GB 142.250.180.3:80 c.pki.goog tcp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
GB 142.250.180.3:80 o.pki.goog tcp
GB 142.250.180.3:80 o.pki.goog tcp
GB 146.75.72.157:443 platform.twitter.com tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 2.18.190.73:80 crl.microsoft.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 pinit-cdn.pinterest.com udp
GB 163.70.151.35:80 www.facebook.com tcp
GB 163.70.151.35:80 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 www.microsoft.com udp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 173.194.69.84:443 accounts.google.com tcp
NL 173.194.69.84:443 accounts.google.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 142.250.200.3:443 ssl.gstatic.com tcp
GB 142.250.200.3:443 ssl.gstatic.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 ep1.adtrafficquality.google udp
GB 142.250.200.2:443 ep1.adtrafficquality.google tcp
GB 142.250.200.2:443 ep1.adtrafficquality.google tcp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
GB 216.58.213.1:443 ep2.adtrafficquality.google tcp
GB 216.58.213.1:443 ep2.adtrafficquality.google tcp
NL 173.194.69.84:443 accounts.google.com tcp
NL 173.194.69.84:443 accounts.google.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\CabA802.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\TarA874.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5d06a717aeb176c073b627f4c7969697
SHA1 49a85198a84e3bda983cb9c79c141ac90f93659c
SHA256 61de50c894e6433eae57e29948d0c6cd749778db48ba0a4391fb9cac0683e51d
SHA512 6cb1a28500b5dc411c596c1cd9b83113e60b265662391f22e9d0e49aab37fdf54f0caa02084a79c9939da207671eac896df89a5b551381adb1ce707390edd72c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 899ddbc595909ff80eca9b7e85a54e5b
SHA1 52b67d5f1c6af29ddd818795e56defd36cc1fae9
SHA256 3463dceb09521dfab10ba9260a213ebcb0922203888c1c7ca7d75225a7f0b7a0
SHA512 2788718321ba5f8e84fbf19bd74ba9350d6b07441be16e545b63bf76982d100dbe99239b60628825d1ee27f1a5697ced695a39e50c8e73731ed6d76b45859a5f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9beba20f77f6a924f697ba80e830f951
SHA1 111aa1375406597c57b2614bf74ca2fcaf1bcc92
SHA256 73dc6ce45a8855f726dd3786473bafba2144c5bde51066490feb988e1269153e
SHA512 a1b82b09767acbaa4c1d2411d6201ff769df655d95a1114ca964678e3575587b6576b310e5831cba0e385796d10ea57c00abee4829286a472a9abae96156dc45

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0b79bc84023f25af2055e4927f286866
SHA1 2b7c26d65246dc399e9610fbb50fc70aca776d85
SHA256 e3ef0846f2f7dfddceaca77bb62c66e17b25bd9efbdb43a8fb308fb9d16c33d1
SHA512 4a4c4971fdf9b8974c7c20806971b2f4aa5047eba22147cd84761ff3535c1f755b0818fa56bf93dffaffaaeb5270491603ff8a1611d473e60b5a7335144c4ed4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6b6449400cbd47cdc63b729d1ec3b818
SHA1 bbe313e3a9cfa9169d7f8432b00c358132ab9837
SHA256 acf134bc4ec9ddf42015232da29d877da8bc66289a8d635a7d062d25a887e4f3
SHA512 3152cf13b93fabf674968fa5946d2a022e98e8b3b9bb3671a48473c0be973a5b4a7fddec81f7d42575e6b33ee6e5562d4a3269ef3d1602253fa0ccca3466d714

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c2c12074d25f3dc487a21ad1b0ed63f5
SHA1 92a9f4bba30268f352985fac00215fe9cfd5e58a
SHA256 af5c4f120740a1f2624d4ad6c5b546f19d4e148305b408edfa34ccf0d88c9e77
SHA512 ad235bfcac613dc7914df71b677eed4567918089960abd9ee0da53cf1ca0120a5785533afca87fc28ae937a8d5a32938d5de01df76d73a21a8271b0b352ebebf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0e47a1cf00cab3695ecd3b6e5ac25f17
SHA1 097b4c2ac6abb8acddff0dce41ddbbc0c4946cbf
SHA256 9ca2dfa3c9f312001cebdec55b30b6e5faf50aec7bfdd08a1a80e6b7e716bc11
SHA512 9bf108b5dce89e254da98d8717922344f7b6854df81322da5b1c7f2bbcfb63d6494e673c42f1a03453abf44a2677104fd9e9ff4a668c900852259ba757615515

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3e72f0a9d26036bcc155dce2910c853a
SHA1 2c49690915712c39209d627156644c1fe9f2ba2e
SHA256 7e97214ab0e765a65050596c0eda577b9310dc26821aa3515fe4875970d23ba8
SHA512 163a3eb7311f37cd26a6f723c42814e31fa7874ca3c062a1f77604e7643f99eb40af0f2b9401cf9b1db5f7afa70830690ec6d2d8df83de4a46acc54d13cea436

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ac75c07ad20fa8153a6794d0ddb1c356
SHA1 0032995d67d1e746a9f2b67450f99e128492aeb0
SHA256 0bfa932e0bbe1e97e7b03a9e31ca55a40854212cbd60a71b51471433703f7a6e
SHA512 3baa36275cf6cb6857dd393501a8e7a6ba78a344ef05b5e0ec1310940fdc61a0b530174e2c6820283b572723ea9d25d63abb52a57277e9df64c398b37955d16d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bd2981037ace2a97ae67b914376e1ed9
SHA1 affde0f20c80bf4b68abb8bff8f0d74f8ff0231d
SHA256 cb674090e3322f28cb93e78604a9fe7a47a33dd7160b1a7110bd6d06219a9131
SHA512 78ba57668e0f992e263f4ec507277ee50498d8ee02639dd6d36c55f1419670c5c2087d30bb1504b12b31f0d5f0ffc07bb6f5e955de039e98aacb99b413a78c17

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 483c06c273839fb9dbb556ab0c5d7b45
SHA1 3d9983e8f28ab75520f41af8a1d3b518f26d28b9
SHA256 4a0dd3f9731ca70ad7e4c09c76dea01fef1b5b307192c0cf39ccbfbe67fd72fc
SHA512 1a312529ab17b79d06e02af23ec7a3ecd3b95f01810df23d60ec05eec8f97c424ed03a0e8b744fff9f89f631fc09660ee637ffa0f10d4bf12c6125080977445c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8452S9S3\cb=gapi[1].js

MD5 1d4cb29476060a1b3681fdb681200b11
SHA1 d541f88bf8d4fd98b9e0e723e050c47d4d32c18a
SHA256 5930e64b0cbf1dc5922f65060422fcf822870ac69439450ee3cb134365a51a82
SHA512 85575c3656c8e0d70cbcdf76194e37dbe3f7bd4535221a8f51fb6b51266fd682809fa86bc556c27d127f713a6ff75290ae1fbdcd8e589211e1685f82b99d93cd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b525323b551d5d72eff50affd96f0af4
SHA1 93bca44ec47352f7af77feee2679374709c2fc20
SHA256 5c9c53881e3596b217fb2f2cfb0412124a6f6b2a6783b31415a0d3b175160775
SHA512 f5d655c59444f78505ff55e00b1565ca497565a9ec39d3a0ba75664d914906fe819e6ec801a204689933c165b025c4afc90dd62e14f1289cb19be73e2d70791c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3d63c8cf6448e745b47a82c7c4940bb2
SHA1 6ee810d1b7f3daa1eeb0b189102ec1db234a9826
SHA256 7f007527d9425d87a18c4602e3cd296dc8a3245c72c6bff368b0f4a04c676734
SHA512 2af8e6f172dccbbf23d400c8911ef7e05dfe5e283e323ad72c8c57d5d2e533f939bb1b0b8c087de20e270c210f8be10a8418fb6d943be19ec832630bcbac4e55

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 94962f71fa41bc12a238ab081083e898
SHA1 cddd17e67ad128d300071511232db6d4f2287c2a
SHA256 dc9e9ecf79ee0cb38cc49d8fb0d224fb549ed8e56fa927e88f7cbbf85acd285c
SHA512 9a4238a35b0a5dcc11c0473a5bb4f9a06d44a8c89fe7b9fc0bc3678765782ba46891bf84efc9b9016bf2ff1332f9bd1b19f77236eb8d15d044c849b23d97bb5f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 07037485722d4381dff8b74382db2388
SHA1 b6beabb6441f8a61fae986ce122869feecb06139
SHA256 2e569ebf7e67888cc88b7657583f8656d14e6bab7ed494d3e03ac8b31e345bc5
SHA512 5a7211f53b110c431ca4bae0a09f5ae4ba53dbd1eeec9e97d322fb05422537331972fcc6018a7e2f72a4b68261c2040fe7d76a5374cb3b831c7ade6f78c8ac88

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 baebb237b6cb88a4efa5aa7ba2f6189a
SHA1 04bfb18bf807fd0a2ba384e7017e21a714135786
SHA256 ef2a2922346076183429b617f05b1b8ee8c831f5173b56ad3882fbafc56fbe3b
SHA512 9bb785f5b02bf867db727b205d0d62ee22bc1f4204f4f5df79a7174062e1e1bfea6911264b9fe10e261cd00df6fc34db18163fcbbce38422e7bf5d276084b749

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5eac24bd2d5fc0c35211ebeb2e619947
SHA1 270544ee440d5b500784f601861a8af08387f1fd
SHA256 1d1880cf16eddae3f4874dfd94e796dd7a06ff14f314667e26c38ecb09083326
SHA512 44ccc538069f5e3547702bd21f8681b0758084fc0bc27348ae409f46fad70b736e5d4b24e563992c65705638cb8177f4ae2eb8b92c87146471e00f8c8eb02462

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5eeb773fed25ae67ddb27995f19f7e93
SHA1 9586de821ad2e7ad6de2bd1942f200a95211bf00
SHA256 82ae69f9e07e842f9c7438f0779feda48228f2b0de9f6f253a52cff7cafa04f7
SHA512 6e14a6815a786b18340ec8c72c922a8f5e6eac3e39429139d67090c29f214f35a60b14ea54c489c339fb6577e9ca7f5d29f1489a24794b0857ce68633fd3b112

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 1564cd80dae181fa0636e9d49e5b442f
SHA1 8f7e89e94172764f3c8f74942cfcad780c5defe1
SHA256 a96f11db1254a7236997c2d51663008b0660c37a5b85fdd7ffefdbe28e746ac8
SHA512 32c4507644fec97bbc0ed922714774e64582df1ed444bd9bcb1fc87c9a9196312e093bafe7e18c3bf06a0917c2e66ed8d8a1dac2318d1b2d633c06839bd11ade

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 496fac2e3c5ed01c5a2aeeb2ff695a78
SHA1 fabe7de7e420d0d5f32b6524a8060e1d93561bf6
SHA256 b2f28ca626748df9de45ff0d0e6ea4d9ddbd62baa0791988e778014fd05e4ff2
SHA512 006ed2a68a3bb463fde8c95f4a4008a57d04d6b87c7fa77d74c82199fee4191b4d108cd91635b2c033fc1ee974beb0646382885852959226042b1e652d60e95f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 470b87b92a32f220bdadb74c9d2cb144
SHA1 229ed29e1d3eb9df1379f6268ac728754588a32d
SHA256 fea0d695f95b2e9776a41481a33b5c4df0da567a783187a0377c71666152475b
SHA512 37ecd861028a79b6f6e55b9ff992c52c6e93a438215085fdb08da5ba77314358899fbe0320c079eae8a956b8e8ed06ebb026c14a9ba1cfd023bbdd4856af6a82

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0621c00b081c681f39be651a396151d4
SHA1 3ae6915f152debf6764eef4fdf61b6ef5ca15366
SHA256 b539877cefed9f6f9be0a74ae89a88963fe2fb8a3814e5aac7d91203a2064cf3
SHA512 d89c4e1e468ad367ca85804cea36a04c1ae985ded8d373c6b70181196030c1de6ff0b93c067ec44b01c92779c96b59f1834de268da5f3ad46ff9e1c0036cd694

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 71e06771e58020d79c37a5b76215052b
SHA1 1576ffaf669a9e33a7d3671396a2296d287fe3f2
SHA256 a6dacfd4b7d0b1c56c7adddb383bbcb04240fe4f9519235bc9f6e9785d1cc47c
SHA512 08e1a5ead9e0d8c0281c7d85112d176763ccab59d29537c1f37f36b4d3e8b12146d52e7e12b5bcdf7909641d3023206951a3e4979fed9b1c73389f946740e59b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9fc77ec5ba98f1a9a1b26e84b5dfecb9
SHA1 e1d6b3113b8ee155a0cf07e9e615655878639289
SHA256 4be96fdd90d83e762f82657dadf0b4f7affd26ca9e654c66c0d64444553e44e7
SHA512 c1ddc3131b76f134e91ace04c2b05408f468ae47a5910b83d08af3741fea77464afbec1ffbfa769e0652faaeb00ce4f5c0f7ddc56ff602600a4d26decc3bef97

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 361e8990701a9ab5756fab08a7a84004
SHA1 e3f7fc4b34c2abd8f6499b9b85e925f4df40f572
SHA256 f7c979e6788280345ca7a8c11bb053c8f1e4cc76420e8e30c9a2f1dc094a5d6b
SHA512 eea21b30d31baa0177888a6f5529ec0c996975255587ff3449da916a9f08e70371d772af29e50f973146eb643e40573346cfa1e301a37464e343db82ada42d32

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b7a225e474e99b2627ab8975dac734c1
SHA1 b0b69834467a3b31109a8ee083279d522ff2d73b
SHA256 c60b2c6d1b7a4428d1ee1dfdfb996bcb0b68b4a18bc2c644117bbbd26c0081a9
SHA512 7cb15aedf2bed120152e891faf844220dd39e778ccb3873978404d175a65abb4cc571909823d31b19b025953fe22267207e0e51d36034edc5d5f19a20486194c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 54f649f4be3c4afdbe60f763450e62f4
SHA1 0e2f0dfeb8fe02a6f5938f4ec4a088c69d9d0eca
SHA256 b61e4a2b3e3f66edfd70e66f26d99065f433b21876f60fb92f2c210c0dc45cfa
SHA512 3cb210906b66cb904c9e863d3e7c232f1024aae1e77f49ded95d5dd10b6b0efcd275cf30777cbb3c3fe8ab7ca1bc4f2df38fb8d0c99ef87002ad8de3cdb86be2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8ca9b66629c323b9874dbe3f3343959d
SHA1 aa210566faf2ceaffbd85d541266df10e93201cd
SHA256 28daa2e53acea4da5821ead2652023cdf50d55ffedb292b39aaa078f09056861
SHA512 b469124df3c4758b3391110010870c336d075622d8979515c8490cf833de67d7d1995c2dc129a0c1ea883453edb4b0535ac87784af0f2b15ca891a8af4e162ae

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a8d1132952179ff4656db340c9fb702b
SHA1 dceebd4be13ba4e597c39c237ac682e0fa7b52be
SHA256 f0d0d78b08afdc402e85f1b010082e6925562966f10ced5e10d56f930d7396be
SHA512 4e2bd173cdb14e155cdc48a70004e610c9a00988d5abd555d0d6cef02dfa18a16b4569445c6ebddbcac6db5a12f661789d1a9f34ebc90b851f71a206e0a979ce

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K3VL8XEP\rpc_shindig_random[1].js

MD5 70116351ebc507731f11cfb8653f69bf
SHA1 667d48cd3c244c41a84302056e5b14140045acd3
SHA256 e3fff060584ca9c8eb12a6925252c8c6333622f4e6aeae8417449bf0ae355020
SHA512 a69875a52b635e7a561cfe2c7f4639bc122be434989dd39b37ab8dda08b49aa4bfd681c572628e9dc056c69808d0a03e2c6b4fef88db20a59ca73f097870aee9

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IAE3FJ0M\2254111616-postmessagerelay[1].js

MD5 c264799bac4a96a4cd63eb09f0476a74
SHA1 d8a1077bf625dac9611a37bfb4e6c0cd07978f4c
SHA256 17dce4003e6a3d958bb8307bffa9c195694881f549943a7bdb2769b082f9326d
SHA512 6acd83dfd3db93f1f999d524b8828b64c8c0731567c3c0b8a77c6ddcf03d0e74ee20d23171e6ceac0c9f099dce03f8e5d68e78c374da2c055973f6ac2db4e4f9

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-29 04:40

Reported

2024-10-29 04:42

Platform

win10v2004-20241007-en

Max time kernel

149s

Max time network

150s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\7bcd5b3d743b791d182b9e223b10a6fc_JaffaCakes118.html

Signatures

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2908 wrote to memory of 3568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 3568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 1356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 1356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 1356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 1356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 1356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 1356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 1356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 1356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 1356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 1356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 1356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 1356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 1356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 1356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 1356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 1356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 1356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 1356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 1356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 1356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 1356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 1356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 1356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 1356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 1356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 1356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 1356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 1356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 1356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 1356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 1356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 1356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 1356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 1356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 1356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 1356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 1356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 1356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 1356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 1356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 3896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 3896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\7bcd5b3d743b791d182b9e223b10a6fc_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8dd1246f8,0x7ff8dd124708,0x7ff8dd124718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,8448423550612482426,8115702849180068661,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,8448423550612482426,8115702849180068661,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,8448423550612482426,8115702849180068661,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2932 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8448423550612482426,8115702849180068661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8448423550612482426,8115702849180068661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8448423550612482426,8115702849180068661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8448423550612482426,8115702849180068661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4764 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8448423550612482426,8115702849180068661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8448423550612482426,8115702849180068661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8448423550612482426,8115702849180068661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8448423550612482426,8115702849180068661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8448423550612482426,8115702849180068661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8448423550612482426,8115702849180068661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6792 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,8448423550612482426,8115702849180068661,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7600 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,8448423550612482426,8115702849180068661,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7600 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8448423550612482426,8115702849180068661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8448423550612482426,8115702849180068661,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8448423550612482426,8115702849180068661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6848 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8448423550612482426,8115702849180068661,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6756 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,8448423550612482426,8115702849180068661,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5960 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 blogmagsac.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
GB 142.250.178.10:80 fonts.googleapis.com tcp
GB 142.250.180.10:80 ajax.googleapis.com tcp
GB 142.250.180.10:80 ajax.googleapis.com tcp
US 8.8.8.8:53 www.linkwithin.com udp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 pinit-cdn.pinterest.com udp
GB 163.70.151.35:80 www.facebook.com tcp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 platform.twitter.com udp
GB 163.70.151.35:443 www.facebook.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
GB 146.75.72.157:443 platform.twitter.com tcp
GB 142.250.200.46:443 apis.google.com tcp
GB 142.250.200.34:80 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
GB 142.250.200.46:443 apis.google.com udp
GB 163.70.147.35:445 www.facebook.com tcp
US 8.8.8.8:53 developers.google.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 142.250.187.227:80 fonts.gstatic.com tcp
GB 216.58.212.238:80 developers.google.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 syndication.twitter.com udp
NL 173.194.69.84:443 accounts.google.com tcp
GB 172.217.16.226:443 googleads.g.doubleclick.net tcp
US 104.244.42.136:443 syndication.twitter.com tcp
GB 216.58.212.238:443 developers.google.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 142.250.200.3:443 ssl.gstatic.com tcp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 30.179.139.118.in-addr.arpa udp
US 8.8.8.8:53 46.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 157.72.75.146.in-addr.arpa udp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 34.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 238.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 136.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 226.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 3.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 84.69.194.173.in-addr.arpa udp
US 8.8.8.8:53 twitter.com udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 ep1.adtrafficquality.google udp
GB 142.250.200.2:443 ep1.adtrafficquality.google tcp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
GB 216.58.213.1:443 ep2.adtrafficquality.google tcp
GB 216.58.213.1:443 ep2.adtrafficquality.google udp
US 8.8.8.8:53 2.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 1.213.58.216.in-addr.arpa udp
GB 142.250.200.2:443 ep1.adtrafficquality.google udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
NL 173.194.69.84:443 accounts.google.com udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 45.19.74.20.in-addr.arpa udp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp
NL 173.194.69.84:443 accounts.google.com udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f426165d1e5f7df1b7a3758c306cd4ae
SHA1 59ef728fbbb5c4197600f61daec48556fec651c1
SHA256 b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841
SHA512 8d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6

\??\pipe\LOCAL\crashpad_2908_TBNUYSWZVDEKXETW

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6960857d16aadfa79d36df8ebbf0e423
SHA1 e1db43bd478274366621a8c6497e270d46c6ed4f
SHA256 f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32
SHA512 6deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 31829aa6d5e16d814585de9b866948cb
SHA1 be0d43a11ebcc404b5c696ad1b15685b2735c414
SHA256 872e115ca10c7721f81d804aba58e886de06cb9b580f798701bb1ccd6dab3598
SHA512 3ac844ab7308396d6f3e83485df9b996139555fbab59e8954735544037777c5792bbb46570e985449c39fe9dcdd5bf94b926d20b604586b77755a106cd23e687

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 fa1ce75b72d0aa549040b75330663303
SHA1 38e0ca1497953898e22734b4b4ee21d2d3dfb36f
SHA256 573cc77007da0ea0074c61bb3aa39857bae03210719034b4119cb218193ae923
SHA512 6c8ff24c3978cc2fd4c47becdf8a5c6401c4074d8ce9a9236f3ee7939011d176044404d2e78725356618840e2e71767544fd653c6ae0c7858682b36f741fce91

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7babcb8cbc2166527ae62b40fa48cd7e
SHA1 dd311b23eac731dc44972f5c74f324cdb0cc97c7
SHA256 729782bf392172eee0d9c7b4e283c2e1740347e7b26b11ecd4bb4f71ce87193e
SHA512 938aa585a3ef9f3dc411e151ab9cede60883287116f0c559a6a8cdd8876822996dc11b1cbf6aff6f8224b75c42b6c4b326d5694a40aaa04716eeb6c270ecac24

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 99992f273376a649ab4f2a71c799ac46
SHA1 800f5fb1e103fbed08425a5d5bdd0380eab612e6
SHA256 60d41e7a86652c995ffff84a502581d10d387b36805912b74c0ca5a5d23ff1cd
SHA512 fbecb6341d12d9d7e246a26d89520201a5ac9702adf15874ed41418a843f9b46bc88d3d573c6ea0224ea028ae916fdbe4f0f66641a32f5fec10df1114d889f10

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 6f8343fb2eee40a7cced04cbf38fd9e5
SHA1 dcac2b526f3b9c58760f96536872a752a5d3bcd6
SHA256 ae5ac6f887464d3db88b2dca560c4b2bc01e59d1dfd85b958b19b173a358890f
SHA512 965ad818b292b24b6a9eca91f222d24a61693389422016c322e1bcc5b990ab96ee890e8f596277c9aff3e595c15767c8c9d9750a7cb29d8bb0edb223b4aeaad4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

MD5 05197e9427acea2ac4dc812f97a8f078
SHA1 3d2a38b79da52e57783360f195ac3e7c85edefd8
SHA256 7bdfd36b4f017340dbc84a310014381bfd3028416ff21c54f7ce0a35cfd38191
SHA512 084d4febc28358d3ba6b0bef400f637b7f350381b8b592b1e412dd860d5aaf034c03ecfa87a064cb19dd8a42faade23c260e35a8660791011b7e51b726418ead

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\70697f79-0d21-43df-88d9-f7dbe6f04168.tmp

MD5 2288d36c2b75cd32eec718aa343c1e9e
SHA1 361c42c12a29ad2bee9810567e3af8564b1d42f0
SHA256 07004fa76f7f52fcd64235f1463b2cafdcb512e3c85b774516d1f29d8f638f7d
SHA512 9544ad26b1bbea9882f45f07ecf36548cd0bf5af52cfad9b65a5c2c0478b4414ad797227fd82a24c582ad2634bf9ab2467b7d7bdf0c348689b5ce4bfa369700d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 36ef52665d5e42fee0fa158683e3f9b9
SHA1 c3daac4011c3f0d57a670c2fcb646cb2fe64ecf2
SHA256 213fe884fc4181a9e2ecb2cc0e49c9c2fe0ab918015cf40bacc2eabfa1661bfd
SHA512 59d6ad5bbf684cbc93316526b97fa90d33eb84f7cb0e987b51a87fd12255ae328db8fa7a776d5fc3dec78ced1b3c2e11f1bd071110ea53249fe738a7ed7a764f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 6a2440f79d1d240fec25b91612f5d046
SHA1 89c51804796378e7ab3a0132d51cbfaacfe343ba
SHA256 be285334c1b375fc9841f5750fd7f89c19010984a74fe0a9e4aa4036410bc746
SHA512 dde97ea6feefbdc30e437a45410274a434cf9a657af8e89f9a63416515596c1afd494524834b8d68023576a2b454af52d1608f1a24705be45a55bd312110f02e