Malware Analysis Report

2024-12-06 03:27

Sample ID 241029-zfxp7szcrk
Target 7cabbec80790ca5bd501a5210258d921_JaffaCakes118
SHA256 0ad854354c9b0e3003adbd071a7f5e02499caf6d60634a973275975474853604
Tags
socgholish discovery downloader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

0ad854354c9b0e3003adbd071a7f5e02499caf6d60634a973275975474853604

Threat Level: Known bad

The file 7cabbec80790ca5bd501a5210258d921_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

socgholish discovery downloader

SocGholish

Socgholish family

Browser Information Discovery

System Location Discovery: System Language Discovery

Modifies Internet Explorer settings

Suspicious use of SetWindowsHookEx

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-29 20:40

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-29 20:40

Reported

2024-10-29 20:42

Platform

win7-20240903-en

Max time kernel

142s

Max time network

143s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7cabbec80790ca5bd501a5210258d921_JaffaCakes118.html

Signatures

SocGholish

downloader socgholish

Socgholish family

socgholish

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{FF586941-9635-11EF-BA23-C60424AAF5E1} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000045c0dde48c11474f81d9a2c02be4ea2200000000020000000000106600000001000020000000d7f38fe2e3a809f91de1d072ae67e668d4b5e0efd292c405ad45b9030974eb64000000000e8000000002000020000000c9c3439eac8b774f818a745b21bd734c654ff1957f0c03b1907422f58cac3a3690000000eb83d8d83223920d83927439765dfbb8c52918addd7756f345e6e640204ca3cfaadb5104a35f33f01b3a91715a8bd3a5debbd561eb53a7aeee74ff9fd666f91b77330feac1b8138f1de6fa6993f8a7e15a4f54cd8dd1837b4700c4333e1606c5f01cd28b0ec77070a5759b173e3341d3311ef9cdf128419b1036289e855a3d79abbf21b2b886e9f479136ac693a575dd4000000016d7e6f6a5f32b294549f96cb95deb6baa96e676df87580d430a6a2749580dc73ee2a7391990e9a437aa3e331ed4ef974f6322a60dbe45d36a1b60bc8cc6d010 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000045c0dde48c11474f81d9a2c02be4ea2200000000020000000000106600000001000020000000e11c8755ae73a6c16686a95916fd3c917297ed3668946161f0fddafb66b6ed97000000000e800000000200002000000095de22e659f7f0c7f8f3ccb68ba6fed3a2313cdd9ceb508ca6a688b8e51f21e720000000086bd6f31aae62e3bc91f1f89050ce245072b66d968da9ff1eacc97ca9d711cf4000000088ad744129e829d96037f1eb9618640d5a6bc5d31a70958782fa54fe6dea4ff549e7ad95cc13c57a34f6f3bbcf369d4ef62b826519865f06d8b2371132a52ad5 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "436396285" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0c614d8422adb01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7cabbec80790ca5bd501a5210258d921_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2352 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 lh5.googleusercontent.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
US 8.8.8.8:53 lh4.googleusercontent.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 feedjit.com udp
US 8.8.8.8:53 www.instantonlinecounter.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
GB 142.250.200.46:443 apis.google.com tcp
GB 142.250.200.46:443 apis.google.com tcp
GB 142.250.200.1:443 lh4.googleusercontent.com tcp
GB 142.250.200.1:443 lh4.googleusercontent.com tcp
GB 142.250.200.1:443 lh4.googleusercontent.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.200.1:443 lh4.googleusercontent.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.200.1:443 lh4.googleusercontent.com tcp
GB 142.250.200.1:443 lh4.googleusercontent.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
US 104.164.25.193:80 www.instantonlinecounter.com tcp
US 104.164.25.193:80 www.instantonlinecounter.com tcp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.180.3:80 c.pki.goog tcp
GB 142.250.180.3:80 c.pki.goog tcp
GB 142.250.180.3:80 c.pki.goog tcp
GB 142.250.180.3:80 c.pki.goog tcp
GB 142.250.180.3:80 c.pki.goog tcp
GB 142.250.180.3:80 c.pki.goog tcp
GB 142.250.180.3:80 c.pki.goog tcp
GB 142.250.180.3:80 c.pki.goog tcp
GB 216.58.204.67:80 c.pki.goog tcp
GB 142.250.180.3:80 c.pki.goog tcp
GB 142.250.180.3:80 c.pki.goog tcp
GB 142.250.180.3:80 c.pki.goog tcp
GB 142.250.180.3:80 c.pki.goog tcp
GB 142.250.180.3:80 c.pki.goog tcp
GB 142.250.180.3:80 c.pki.goog tcp
GB 142.250.180.3:80 c.pki.goog tcp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
GB 142.250.180.3:80 o.pki.goog tcp
GB 142.250.180.3:80 o.pki.goog tcp
GB 142.250.180.3:80 o.pki.goog tcp
GB 142.250.180.3:80 o.pki.goog tcp
GB 142.250.180.3:80 o.pki.goog tcp
GB 142.250.180.3:80 o.pki.goog tcp
GB 142.250.180.3:80 o.pki.goog tcp
GB 142.250.180.3:80 o.pki.goog tcp
GB 142.250.180.3:80 o.pki.goog tcp
GB 142.250.180.3:80 o.pki.goog tcp
GB 142.250.180.3:80 o.pki.goog tcp
GB 142.250.180.3:80 o.pki.goog tcp
GB 142.250.180.3:80 o.pki.goog tcp
GB 142.250.180.3:80 o.pki.goog tcp
GB 142.250.180.3:80 o.pki.goog tcp
GB 142.250.180.3:80 o.pki.goog tcp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.147.35:80 www.facebook.com tcp
GB 163.70.147.35:80 www.facebook.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 173.194.69.84:443 accounts.google.com tcp
NL 173.194.69.84:443 accounts.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 172.217.169.36:443 www.google.com tcp
GB 172.217.169.36:443 www.google.com tcp
US 8.8.8.8:53 developers.google.com udp
GB 216.58.212.238:80 developers.google.com tcp
GB 216.58.212.238:80 developers.google.com tcp
GB 216.58.212.238:443 developers.google.com tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 2.18.190.73:80 crl.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 21a92c1a38ba59d7ae7b76d7a4126eea
SHA1 38055ebec3e5d069da55f20419658f1bdae57556
SHA256 a0301815a12f691e5b32d94e10807ee3d274e6c04712366780e2565d2d69f2e5
SHA512 881bdaaf17e0ee598594cc1ef71e5c1921ee6aa0399d86f5f2f247fbbaca88e8d20eaefdeff866d4f88dbcf97eca4d09c0e1a5bd371ff33c108a873d64a6b7f8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 b3d67714e74db5f69d4c1c0acccf5cca
SHA1 97c8f9377d23103ad301b81d82d1ec342b2af015
SHA256 a41d15456d9163833d6b4d919e1f3b4be0e6194919a604204fb0733fc85d8686
SHA512 77d908af345306de10f79b99812646ac05090280265d880d316cf3616f4122f448d5ccac6ca22a08e91148675c0dd25abe94e8631bc9c9772adaa0f8ef39cbc0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 03c8a6c1d5aea0e00a73d3230f601eb3
SHA1 ce0cdb74a7d2c78ebf41c0915c5b80238f5d3330
SHA256 4d4e8f0c00ef15ad3fc84e5775bad0f1cdbd04ba52e14edb50878a1c08cc49d2
SHA512 024b5cd3b5aa72f37298ef1b5f4c55a3ee58ac5d8a9a8596334a41ac712e353eb4ba9c97169601f08002f0b70da1d5c48cd74d4fbd2d7e3470dc23c7e4fe1c1b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 d98c9247c67c74f8ef06e4cbf3739de8
SHA1 d836be6b18901a941fb75fbced4f97a6d33b2bf3
SHA256 f64931147b4468e96aa86a656934282e612dce543a4d372c55f62445b00e0e28
SHA512 7078244004796d6773e32eff51e8d52e947eedf9219307cbde90f9a772da8048cd29099af26ea13123e1747fc4fb42d3c7c49fd37d92fb73e8eae6a13ed5c3a3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 d7230cfa565d6fd136cbefa4c9fac8c1
SHA1 43955f32742956de5965073e7604581ea0b08ef3
SHA256 628b09727b1a38abaea366556888158b015841cc92459504b024a0778d029780
SHA512 d80180263e33c790ab494d42c6c77395329cedf6055dfc18f89e5b94cc2804012611da4b54791b188090c06f541bf7417f1096eeb78ea85b306042f186fdddc3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

MD5 e935bc5762068caf3e24a2683b1b8a88
SHA1 82b70eb774c0756837fe8d7acbfeec05ecbf5463
SHA256 a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d
SHA512 bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 cf8eea7146a5f826bb25a7a3b4a069e3
SHA1 c5a7ca7994e84076ba6784598340b625fb9d4fad
SHA256 96333f9fea7eee529fcdf11d02c8a81749932c9e0067c44c02313043953abc33
SHA512 0cdf668a83efb5e3e9afdf13ae77ff34317bc040b040b11ae0fea739195f2e08db9d6793a609bab96d3433e1dd220b34b4b2417b566607e4b020e04dfd4eac4e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 148b0c3190ce21ab66bc898367096538
SHA1 e4b903ad8f39c1d28482725587d88f2a5d501b92
SHA256 e019b81f596040e486357d6bf99cf094588ef0200613712cbd71dbab06a7f0a5
SHA512 24d055fbe3df0e374cd08f1dbcd70694f407ecc804582e2b3c72780f790f6f12dbabe9fa8c0ec55dccf2c7d110f24342f0ebae9c0e48760ce6eb0af0a616e05c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4FA45AE1010E09657982D8D28B3BD38E_1D349A035F531E40CCCF658F74AE70F3

MD5 ba4b25cadec7f3e38aeac46d9106e299
SHA1 cdc91cb530b8d103ae39ed486620c3e64000fcf4
SHA256 66a13fe3652645715c7efd36d01ba4a1c32563f60e89c0b0887ac17a92b5b874
SHA512 521bbd3d256bd02fceb4e9fb0d392be0159b086f3a8fc6e47c796ba04e5d989bba6dbf82dab6863a797bd2b58dfb475caf3c37b71104988be749800c8cb879b3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4FA45AE1010E09657982D8D28B3BD38E_1D349A035F531E40CCCF658F74AE70F3

MD5 b913d8a7cf611b277bbf0bce4347d24c
SHA1 5c77dc771ed7ddfa9d2ad99b1e046e370ef13727
SHA256 c771a07983ff412e2d7e670565352f611807d0332c544bee1fd69ebc9697eb41
SHA512 b642aaab7568fc37b5aa093ad07273b806850b2cdf8f80fa77a394b8fb1c62e77a1b1bd89cd61ff90220075ec1d39c8b4756128a112278cdf26e599da12c1055

C:\Users\Admin\AppData\Local\Temp\CabB3C7.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4FA45AE1010E09657982D8D28B3BD38E_B5CFE5FD779BB3279A8A1976B86E6FEF

MD5 ebf5c9f2ec7282ca6f245e2100f7b5b2
SHA1 f9cd7df869dfa53482320697b35437455ebdf677
SHA256 1b9946c0861ba92a45587a23e3eb97b3198c8e41e72f562426545f511c3f3943
SHA512 c5382d6558c7e7f1c3f398917831e2aac3c6ef97d9d151d58e1054ed0e0893a369005f23f46653e0a4c8cb004549155053199e6e2d5ee65c5ddbc38fbbceb5db

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4FA45AE1010E09657982D8D28B3BD38E_B5CFE5FD779BB3279A8A1976B86E6FEF

MD5 39b19b16e050c1decb762df4cab13bce
SHA1 9214d72575fdc354c8d2ac750f5555b062cca6a2
SHA256 d5ec201ad8fe99023efe19abfb31e8efe3011aabf5d80291651b68895f478b6d
SHA512 06d093daecfdf0ebfc115cd57cb8500b8a0a8455aff3ddae9f20e0d355a29f2d2f9a9401dd5ee5e5010ef701e00b086122db4ebb76bed7b4b51c7e2750a4e2b1

C:\Users\Admin\AppData\Local\Temp\TarB61B.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6dc30f61d84237d02125a348f1e23244
SHA1 e2f5e957f72b2c366e8b79454183ff8f23158ca6
SHA256 bd00a2d71dd36aa4cb5f38924029a4fd80c69b58b344840c2fced151d09153d8
SHA512 609c59fa2b05fb8e009728b44631f0b8f7e8670d4c8ef403ba3e6b8efeceb3ee72bd55517ad17aaf4e7e821a39748f5fea2705e0ce05f2413de81af986c211df

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e940e793eefa7636916539956a8a252b
SHA1 e9ce507e91400a8b4b11b7b5aea1177d062638ed
SHA256 e3108bd9b65328191546b259705afd7abfd4fefc6874241576a54e0919c2b232
SHA512 ecd06e8245f7c1bca6e50a690e369c1eebcb11e7623ff2a5ee146df7f084b0d35271a652a9263e23e32884853cf1147fa36816e371cff7f50bc0fe33362935f7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f44f1e62001f5e30fe1a88141f259bd0
SHA1 d7ab30e21926b1e6178c93382da916548f9ae5f2
SHA256 68195282dffa748b3adfcb00ed81740b807201cd77f563d741a76d5ce058784b
SHA512 a6c8809edcdbd7dfe12e31ecdd494f2c1fb888ccda54f958657857bdb44b3b96409f757a45ae8433e642bddb4789c4a074d12a9a9aa46e9d105648faf66d5a23

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4dc1f46f5ac4e4bcd914a6f12ceb55bb
SHA1 b0761fabe727f3d214826ff9f3d8f68731cc0cc8
SHA256 18b215d2c6fcec18dd922012ac7ecf6b51a6b0462b1ad967e4f8a788c4bce325
SHA512 e6060c57c752e4a2493bed6f721662f23f2ad6d32af75ff3b860435e626b6ec774119b8569783cd9c86e81ac8a23392acc44fa176f2fb65a379f5658430156e8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 78b3e46ae3b6213e4d0ee692bceb4c0e
SHA1 11e70a6b758541f80909d1b4c3f1f1dc4277ac75
SHA256 044b377b9ac5473b89d1ee9ff30e8cb59e68aba10ab2b02e942a1e3ba0c933a7
SHA512 f666e09af60bef47b4caf6b2a111d4124b0124fb58e2bb2c306c9fe7e6de7b10da3208181b5fd0e770c3c9c2a69b816cac5da85756a1f2d05cbdeb91f082e067

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 06e7198b5c7ec579ac088b59503ece2a
SHA1 ee59289c85d0b4b5540de252a3707ba1e364e4bd
SHA256 cf87c949745767ae6652d5bbbf199af67bf156781fde74e38952d4e8c58a3db3
SHA512 1d99eb4b81267c7dc7c29a1505c8562337e62e4375feb7f4c9cafdd41e86d5ce5055c5e54e2b8ed0f935cbf6fde6b7f200a14c43eb2f2cce23653560085e5321

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bf4cc2f99a0231390b1f78be5de0512e
SHA1 f19c0226e730d8f12df736c6e51378e6280479cd
SHA256 d5087b4ea6355f7f1d69bde2c44a9296a93d29ad6000a1f51f1400d7d778be0f
SHA512 776bf2f4e805e16b1a1d98b718508c8eda5297e8f83db505b8719a35006c443efc878f73d9f80dffda7d40ce515d23db42d46d66f414bdb1f23abafb14e3cd4a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9a6426cc997cc5af6db28f1e6eb067fb
SHA1 72b3c7e77292140ea53ef8d2c3f4ad1b24fe8d13
SHA256 f1ca4b54a2f9cc4bb69be62c80d206a8ba2b7c8e9ffd37335bb3a75ac87361a1
SHA512 826194a38ed171310e693ccc5ce1c04c916ea3639a32ed4317dd2361805b89b8c97945e539b0ff25ef05a345f0f7d4131a5096c4f207b1797a2dd212f3dd2fda

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 afbd51c3bf672e0bccfda7fbb233afe4
SHA1 b22ccea3390257665f81823856be5cdfbc0d66ca
SHA256 75eaf5021842331f2ad0f370b97e6fd2282d848a4f53e5065c391ed93feca510
SHA512 21089e59e732ce04fe89a07c7d88858d0f893795136bfe16c3828271082ebe169db552c8cab2176778b9c5e3802e972296e26141c57443e3fe07bf90e43be809

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 77438e0757a121348ff32f11fd210237
SHA1 5b0198bdeec594498ae6bc03ba4e310d6077e532
SHA256 853547a39f49145089b7f711d11c7813661e2e5d9a29ed6d203c2f21871cb6a7
SHA512 661fabd36592d55fba92cb20ed001c48e033683a06906e5895b0e020ac3f1cab95a0262f97abe49975f5fc85fecd1ff7d31038045aa9b0ea2f8f665be4eb1a21

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 612333ab2f402d7190d0941839b21e62
SHA1 1eac42a2aef374581b4cbb1166065b4a2f91d654
SHA256 34441444aef0b77267164bd38be2859a592b70d75dc51f0d6a7aca33789c48a7
SHA512 f9a27e1990b8514c55b1f3e7c26203cc352c71b5a5fd117d18e1fe1a2dfce155ba50027aeb52c88305d7b4225041ff39f9a450fc6248ddefe52066857ce1fef2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2bd8ede0c9e6b4d7f03cd8110c368efd
SHA1 0f3e3b33b3fcbc856ec35104eea575ac4e34b711
SHA256 0e8728666c4a6e7f52b754848e9abdaabe7a3c1788afecec2977a4e9bf4e42fe
SHA512 cb4c9cc436d8c99f90a82eec1f2a68f46ba11bf69ea40edc118a4ec091a2a041ef55105fbf66084c34166bca381498db382035fa592fd697985aa088e96e699e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 2fecd72fa493e839b70d8af3932cd89e
SHA1 3dfea86dc0d7762e89f01a453ffe66a6650e44f5
SHA256 52f218dd88e60fc3ff1a444b55fc3bca3904f763408528f609cc0ede4b8ec32c
SHA512 b15d3dfd28c99b9b66a3f8b7ebb4f8491d3bd387e39fed66a242df07a0080220967e620048e92f8f25f237fc02cbbe87cbf914f7e18fc733b05c4be3b4e93378

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0e33ee1adeb406cafdda997b86102bd1
SHA1 e0fc8b6cff2d3a0daa91656465b49d099a00cbf2
SHA256 af98bc295ff1ea1e37c748ff3c9f788f0062828924ed702dbccb5cb05bfa5b5d
SHA512 7f3a91fe48b03673a9f87eaaa65db7400fd8afed47b9ee0d2ca984a420e5e7a02c4ae5c6091ba33566c6ed2b37f0711ebd84fd3a5b4605942a985206b63865df

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 548843be9ab560c3c7b07abea8ff4e62
SHA1 e2d0e82aa3c98208a181639b02d0d2d5a8b7e4e1
SHA256 2613428b34754d7e60c6b779f90ab0b7945203c4db219d7b79a329f112288c59
SHA512 0bc366d1fc78a04827e16930142a49ca74be6fe4486733d1ee6ca8202da1b17c6d68e7ae6539bc2fb836deb05ca29252d31b2f10df6662e367a251b32d82b470

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 840a992b0b898f5cede2da9d77844e97
SHA1 ba3419dee6c9ae5221debf1fafce8601960f7f7e
SHA256 54c4a2c0ee386a7b834ea7c792f54363d7a17ada80614e6e08221ece68994b50
SHA512 aba0d5611da3476768eb285853eaa023dd31dd4aa72e09a8943c69e13902faad340a05e96e093c630ee48a730789c0b876ec202c941f60c84003916f7b1cde4d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0c28b550a2829cb0d9f6dbaf96d9bea0
SHA1 94316404e058940003beb95289b251ff05b741b5
SHA256 f6144b28517a4cfd24a5a43fc37235f7ae121dac00c4bc8f3ca816aa84010614
SHA512 d09d6c96f1d022c45790f3fd9804215f3e884c8963a37bde7172cc41290b90b580760f5fe2e125447bc2ecee88b24b2978f8521d985d5721380ede3c2c078581

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 4c438169c65b661d7e682a519b22a718
SHA1 b737e7ae2236aa3e182504725afb9ea66b7ac287
SHA256 749b4496e0dc112938af3cc531193ebb71dd3ca1520a6555e5eaa232c532d40e
SHA512 28f4530c5d69147944ffbc04fc857bbaf3bc6a8fad92c218b8c88ca0c15e712483af4896dff3ae9a7a371742174c94d6dbbb6b39cd27155a679931c0a66b8936

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f6da29d6c6d7f5099763b470d4dd0fa3
SHA1 22aa1ce8a0c20e7a0bddce6afe7f440c5ac69136
SHA256 1177a3d76e77530f781d25dfac7f6cff5a105a9477c95f601f024ebb061e8a06
SHA512 3e2a5bd69722fe38cfb24a44d3c74bfaa1e3947c991c20240b94c41e650891bf75a183d3d44c6af4cb99879d8066a6e1484afc44b24adde89aa879764f2d8cb8

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-29 20:40

Reported

2024-10-29 20:42

Platform

win10v2004-20241007-en

Max time kernel

148s

Max time network

152s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\7cabbec80790ca5bd501a5210258d921_JaffaCakes118.html

Signatures

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 876 wrote to memory of 3876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 876 wrote to memory of 3876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 876 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 876 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 876 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 876 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 876 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 876 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 876 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 876 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 876 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 876 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 876 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 876 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 876 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 876 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 876 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 876 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 876 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 876 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 876 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 876 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 876 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 876 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 876 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 876 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 876 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 876 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 876 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 876 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 876 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 876 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 876 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 876 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 876 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 876 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 876 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 876 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 876 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 876 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 876 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 876 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 876 wrote to memory of 4252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 876 wrote to memory of 4252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 876 wrote to memory of 1840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 876 wrote to memory of 1840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 876 wrote to memory of 1840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 876 wrote to memory of 1840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 876 wrote to memory of 1840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 876 wrote to memory of 1840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 876 wrote to memory of 1840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 876 wrote to memory of 1840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 876 wrote to memory of 1840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 876 wrote to memory of 1840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 876 wrote to memory of 1840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 876 wrote to memory of 1840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 876 wrote to memory of 1840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 876 wrote to memory of 1840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 876 wrote to memory of 1840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 876 wrote to memory of 1840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 876 wrote to memory of 1840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 876 wrote to memory of 1840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 876 wrote to memory of 1840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 876 wrote to memory of 1840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\7cabbec80790ca5bd501a5210258d921_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff80db246f8,0x7ff80db24708,0x7ff80db24718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,3542252167159687729,6007001737836693459,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,3542252167159687729,6007001737836693459,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2180,3542252167159687729,6007001737836693459,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2704 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,3542252167159687729,6007001737836693459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,3542252167159687729,6007001737836693459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,3542252167159687729,6007001737836693459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,3542252167159687729,6007001737836693459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,3542252167159687729,6007001737836693459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,3542252167159687729,6007001737836693459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,3542252167159687729,6007001737836693459,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6052 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,3542252167159687729,6007001737836693459,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6052 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,3542252167159687729,6007001737836693459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,3542252167159687729,6007001737836693459,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,3542252167159687729,6007001737836693459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4136 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,3542252167159687729,6007001737836693459,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,3542252167159687729,6007001737836693459,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2016 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 www.instantonlinecounter.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 feedjit.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 resources.blogblog.com udp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 lh5.googleusercontent.com udp
GB 172.217.16.233:443 www.blogger.com tcp
GB 172.217.16.233:443 www.blogger.com tcp
GB 172.217.16.233:443 www.blogger.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.200.46:443 apis.google.com tcp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
GB 142.250.200.1:443 lh5.googleusercontent.com tcp
US 8.8.8.8:53 lh3.googleusercontent.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 lh4.googleusercontent.com udp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 3.bp.blogspot.com udp
GB 172.217.16.233:443 www.blogger.com udp
US 104.164.25.193:80 www.instantonlinecounter.com tcp
US 104.164.25.193:80 www.instantonlinecounter.com tcp
GB 142.250.200.46:443 apis.google.com udp
US 8.8.8.8:53 70.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
US 8.8.8.8:53 233.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 9.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 46.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 1.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
GB 142.250.178.9:443 resources.blogblog.com udp
GB 216.58.201.98:445 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 163.70.147.35:80 www.facebook.com tcp
NL 173.194.69.84:443 accounts.google.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 30.179.139.118.in-addr.arpa udp
US 8.8.8.8:53 193.25.164.104.in-addr.arpa udp
US 8.8.8.8:53 35.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 84.69.194.173.in-addr.arpa udp
GB 172.217.169.36:443 www.google.com tcp
NL 173.194.69.84:443 accounts.google.com udp
GB 216.58.204.66:139 pagead2.googlesyndication.com tcp
GB 142.250.200.1:443 lh4.googleusercontent.com udp
GB 142.250.200.46:443 apis.google.com udp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 142.250.200.3:443 ssl.gstatic.com tcp
US 8.8.8.8:53 36.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 3.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.27.10:443 g.bing.com tcp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 drleemind.blogspot.com udp
GB 172.217.16.225:80 drleemind.blogspot.com tcp
US 8.8.8.8:53 225.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.187.206:443 play.google.com tcp
US 8.8.8.8:53 206.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 73.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 193.108.222.173.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 13.179.89.13.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 443a627d539ca4eab732bad0cbe7332b
SHA1 86b18b906a1acd2a22f4b2c78ac3564c394a9569
SHA256 1e1ad9dce141f5f17ea07c7e9c2a65e707c9943f172b9134b0daf9eef25f0dc9
SHA512 923b86d75a565c91250110162ce13dd3ef3f6bdde1a83f7af235ed302d4a96b8c9ed722e2152781e699dfcb26bb98afc73f5adb298f8fd673f14c9f28b5f764d

\??\pipe\LOCAL\crashpad_876_RCKSQUVJZTDUMPBB

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 99afa4934d1e3c56bbce114b356e8a99
SHA1 3f0e7a1a28d9d9c06b6663df5d83a65c84d52581
SHA256 08e098bb97fd91d815469cdfd5568607a3feca61f18b6b5b9c11b531fde206c8
SHA512 76686f30ed68144cf943b80ac10b52c74eee84f197cee3c24ef7845ef44bdb5586b6e530824543deeed59417205ac0e2559808bcb46450504106ac8f4c95b9da

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2151cb605f82033c870bb6fe1d893f43
SHA1 5d80ccb75e0fb48a7deb6331d5bc6b557fb2d671
SHA256 749418a29ac18c03f28bf50d3c0b2fb982536229d19a722757299112d0150cf5
SHA512 cd6125a2f58566416230401a0bc1fd1f02d0c23699eefd5149f3203f41a9850fed67426d30572fe1b706ec51c76ca3dd1e9d09a49cb759a02c9862196e8fdc8e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

MD5 101f2295c59a6c129b95bb68093aed06
SHA1 12f5843daaf99bdb874dfebaf10660c54ede2120
SHA256 9b59525954d9da17ff56cac0c0cda55bb6c4df6b7550fe68565fe0d24a963ac7
SHA512 f5e54b7609a1884253f1d05d9245def95b3721e1163ddabb6d32f5b31f824a218c60533eef25a6f91d8ae6fa314128ae258fdc341cf9a4f36bf378e874b5277f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 3bab28f3b0ab0413848f4870be171c11
SHA1 94fa379e53dc9803a271161f5b2b3f21a496abe8
SHA256 08710579b3d62091792671fc48b735d108f089bc0f8f44d20132727f0eaeeb5c
SHA512 29758c851040b64d9a015c4aea0bdd80b80395ca781a0f23d52c6efe0c966da42119913d588768c27e2ebcd7b68f7f795976e5a011302026474dc5869f23a7a4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3e2cd36d63f5286a524f2b3a95edb3d7
SHA1 2dd717b38e875c1fff17241d8d8612a1f1dd9e44
SHA256 22f004f5209f7a29c7f10735e4be43494769b2dc087f1a2c20fb397a605c135d
SHA512 79397aaef17850cabbd340e78add0bde5c6ca6e8a580e2fea7b70014d5dad1f9944a5ce212d1f4c3a32076ebd86217a222b9c9da4076f8e064dc39682d20688a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 1378976282f1a5ac95403c9c5d0dd5c5
SHA1 8aca22e6db3b4ceefbdf3a940e1d6e5301c3a275
SHA256 49449ee1b904c8a0e9071dd7fd5830e9f5be76bee8f4da8b233d0c32b3eccf6d
SHA512 405cf1b428f3463dcd5b993100b835ffe424e3b5cd31c41bf24e31917171c4339af9bc686c382afb0bc99008e68c0c7925f0cca9755e2f4d02e4904dbcb5964e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d565f2eb2f02b44d89bbf257cf19c136
SHA1 10a18a34b605178b0d0fb30d2a5d65310930c927
SHA256 5b08a68fc9d2b8ab9787a187c8a76c4e43655fca4b6e939e6ad1bdb7156c8827
SHA512 c875ce773a9ca08d51125be7a49256e334799e41ded36be3de12d5561e8086c2b9cc506cc6ec190247a659cac43396f42d9bd292452e5e111a1f6f56d6b7f7dd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 145250477b36ae9e7954154409ce669d
SHA1 19c8ac8cd69649ca8baa996b2e50224536c1d5e9
SHA256 1d5dce8359e595b30d34774a0dcc0f1ceb620c90e92ebcd9e6dd9fcfb6d2a9e9
SHA512 e4c388168a298383cf8497f4cf75513dd24c240e5f185af518bb7395d5101b0d08eea86a3bbbe36d82fd085c08c7f855cf292e598b970a070f091960d3add348