Malware Analysis Report

2025-04-03 14:22

Sample ID 241210-2c7r4sxlhj
Target debf9eee0a49acad9d989314a32c05b4_JaffaCakes118
SHA256 e91ccda039692ae875d78a4c77d10c4efbdf3f56c684ddab9bd3b2b0e3bc5089
Tags
socgholish discovery downloader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

e91ccda039692ae875d78a4c77d10c4efbdf3f56c684ddab9bd3b2b0e3bc5089

Threat Level: Known bad

The file debf9eee0a49acad9d989314a32c05b4_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

socgholish discovery downloader

SocGholish

Socgholish family

System Location Discovery: System Language Discovery

Browser Information Discovery

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Modifies Internet Explorer settings

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-10 22:27

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-10 22:27

Reported

2024-12-10 22:29

Platform

win7-20240903-en

Max time kernel

144s

Max time network

145s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\debf9eee0a49acad9d989314a32c05b4_JaffaCakes118.html

Signatures

SocGholish

downloader socgholish

Socgholish family

socgholish

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "440031508" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{EA4AE511-B745-11EF-A444-523A95B0E536} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\debf9eee0a49acad9d989314a32c05b4_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2528 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 bloggerblogwidgets.googlecode.com udp
US 8.8.8.8:53 netoopscodes.googlecode.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 ankiitpatel.blogspot.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 kona.kontera.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 img1.blogblog.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 www.feedburner.com udp
US 8.8.8.8:53 nwidget.networkedblogs.com udp
US 8.8.8.8:53 cdn.printfriendly.com udp
US 8.8.8.8:53 s7.addthis.com udp
US 8.8.8.8:53 feedjit.com udp
US 8.8.8.8:53 static.networkedblogs.com udp
US 8.8.8.8:53 w.sharethis.com udp
US 8.8.8.8:53 passets-cdn.pinterest.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 code.helperblogger.com udp
US 8.8.8.8:53 widgets.outbrain.com udp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 scriptabufarhan.googlecode.com udp
US 8.8.8.8:53 www.dmca.com udp
US 8.8.8.8:53 ads.lzjl.com udp
US 8.8.8.8:53 feeds.feedburner.com udp
US 8.8.8.8:53 www.blogrollcenter.com udp
US 8.8.8.8:53 s21.sitemeter.com udp
US 8.8.8.8:53 www.getrank.org udp
US 8.8.8.8:53 track.bloglog.com udp
US 8.8.8.8:53 cdn.wibiya.com udp
US 8.8.8.8:53 adf.ly udp
US 8.8.8.8:53 ads.clicksor.com udp
US 8.8.8.8:53 resources.infolinks.com udp
US 8.8.8.8:53 shuttle.sharexy.com udp
US 8.8.8.8:53 www.luminate.com udp
SG 118.139.179.30:80 www.linkwithin.com tcp
GB 216.58.204.74:80 fonts.googleapis.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
GB 142.250.178.14:443 www.feedburner.com tcp
GB 142.250.179.233:443 img1.blogblog.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 142.250.179.233:443 img1.blogblog.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 216.58.204.74:80 fonts.googleapis.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 142.250.179.233:443 img1.blogblog.com tcp
GB 216.58.204.74:80 fonts.googleapis.com tcp
GB 142.250.179.233:443 img1.blogblog.com tcp
GB 142.250.179.226:80 pagead2.googlesyndication.com tcp
GB 142.250.179.226:80 pagead2.googlesyndication.com tcp
NL 108.177.96.82:80 scriptabufarhan.googlecode.com tcp
NL 108.177.96.82:80 scriptabufarhan.googlecode.com tcp
GB 142.250.179.233:443 img1.blogblog.com tcp
GB 142.250.178.14:443 www.feedburner.com tcp
NL 108.177.96.82:80 scriptabufarhan.googlecode.com tcp
GB 143.244.38.136:80 cdn.printfriendly.com tcp
GB 143.244.38.136:80 cdn.printfriendly.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 2.18.109.60:80 widgets.outbrain.com tcp
GB 2.18.109.60:80 widgets.outbrain.com tcp
GB 142.250.179.233:80 img1.blogblog.com tcp
GB 142.250.179.233:80 img1.blogblog.com tcp
GB 142.250.179.233:80 img1.blogblog.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
NL 108.177.96.82:80 scriptabufarhan.googlecode.com tcp
NL 108.177.96.82:80 scriptabufarhan.googlecode.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
US 172.66.42.247:80 resources.infolinks.com tcp
US 172.66.42.247:80 resources.infolinks.com tcp
SE 3.164.230.50:80 w.sharethis.com tcp
SE 3.164.230.50:80 w.sharethis.com tcp
US 172.66.43.117:80 adf.ly tcp
US 172.66.43.117:80 adf.ly tcp
US 13.107.246.64:80 www.dmca.com tcp
US 13.107.246.64:80 www.dmca.com tcp
NL 108.177.96.82:80 scriptabufarhan.googlecode.com tcp
NL 108.177.96.82:80 scriptabufarhan.googlecode.com tcp
US 151.101.128.84:80 passets-cdn.pinterest.com tcp
US 151.101.128.84:80 passets-cdn.pinterest.com tcp
GB 216.58.212.206:80 feeds.feedburner.com tcp
GB 216.58.212.206:80 feeds.feedburner.com tcp
GB 142.250.178.14:80 www.feedburner.com tcp
GB 142.250.178.14:80 www.feedburner.com tcp
US 3.226.99.248:80 www.luminate.com tcp
US 3.226.99.248:80 www.luminate.com tcp
US 104.21.16.1:80 cdn.wibiya.com tcp
US 104.21.16.1:80 cdn.wibiya.com tcp
US 3.140.13.188:80 code.helperblogger.com tcp
US 3.140.13.188:80 code.helperblogger.com tcp
US 54.205.192.227:80 www.getrank.org tcp
US 54.205.192.227:80 www.getrank.org tcp
CA 199.21.148.89:80 ads.lzjl.com tcp
CA 199.21.148.89:80 ads.lzjl.com tcp
US 13.107.246.64:443 www.dmca.com tcp
US 8.8.8.8:53 publisher.linkvertise.com udp
SE 3.164.230.50:443 w.sharethis.com tcp
US 104.18.1.75:443 publisher.linkvertise.com tcp
US 104.18.1.75:443 publisher.linkvertise.com tcp
GB 172.217.16.225:443 4.bp.blogspot.com tcp
US 8.8.8.8:53 www.tealdit.com udp
US 8.8.8.8:53 www.turbify.com udp
US 172.67.174.110:80 www.tealdit.com tcp
US 172.67.174.110:80 www.tealdit.com tcp
US 18.209.96.19:443 www.turbify.com tcp
US 18.209.96.19:443 www.turbify.com tcp
SE 3.164.230.50:443 w.sharethis.com tcp
US 8.8.8.8:53 www.hugedomains.com udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 172.67.70.191:443 www.hugedomains.com tcp
US 172.67.70.191:443 www.hugedomains.com tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
US 172.67.174.110:443 www.tealdit.com tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
SE 3.164.230.50:443 w.sharethis.com tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
SE 3.164.230.50:443 w.sharethis.com tcp
GB 142.250.178.3:80 o.pki.goog tcp
US 8.8.8.8:53 nirav07.110mb.com udp
GB 142.250.200.14:80 www.google-analytics.com tcp
GB 142.250.200.14:80 www.google-analytics.com tcp
US 8.8.8.8:53 books.google.co.in udp
US 8.8.8.8:53 www.blogblog.com udp
GB 172.217.16.238:80 books.google.co.in tcp
GB 172.217.16.238:80 books.google.co.in tcp
GB 142.250.179.233:80 www.blogblog.com tcp
GB 142.250.179.233:80 www.blogblog.com tcp
US 8.8.8.8:53 www.printfriendly.com udp
US 172.67.73.115:443 www.printfriendly.com tcp
US 172.67.73.115:443 www.printfriendly.com tcp
GB 172.217.16.238:443 books.google.co.in tcp
GB 172.217.16.238:443 books.google.co.in tcp
US 8.8.8.8:53 ocsp.r2m02.amazontrust.com udp
US 8.8.8.8:53 ocsp.r2m02.amazontrust.com udp
NL 18.238.246.206:80 ocsp.r2m02.amazontrust.com tcp
NL 18.238.246.206:80 ocsp.r2m02.amazontrust.com tcp
CA 199.21.148.89:80 ads.lzjl.com tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 2.19.252.143:80 crl.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
GB 95.100.245.144:80 www.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 4749d0b2a517aafefa04526340706ba3
SHA1 8579b207f71b2d3b586552a1dd5df5c2b650adac
SHA256 3ef7a479f0b495fc70640902cad90a387aff9a7c52b2c8f570814be9be25302c
SHA512 48fcdfec945063e1ba9a99f16c1bc8b4eec5c5208bfa7032e39bbddbaad78f0cd5db172e0ee21641f5aa6933f80fa2a9c2bf286e93c8c4ce63c905eea668205c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 58a16cf511e309ce5dd1eb21e31fe798
SHA1 b221e46f9179ad5d7c8896299affc104d79b1fbd
SHA256 b5388f304f72f49a83fae081d0dc701dfff9db743cce0d2af1471d70b5476e1d
SHA512 df0f8c4b1e8a87566ca94714c375c0ff6a6e1d6adf6844fe54f01d257ca88bafa66a9241a22f57ef2376e3be085663f3a76ae7b5352bda9e5ac34769e20c005e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 627c5cbe29b4f8dbfe8065c79027d980
SHA1 b36f622d10dac6faef05400f77bdb45997c9b050
SHA256 3955a852acbd2e1e25ce3f8325ac7f819a48b59410882fbf8e2ad04e41809028
SHA512 d53f3182aed583185bce3f30a97f550724f7394316881abbbed4e6eac9013844b634330521ab73b88fe3c6602c24bd19f98fbe07182f7e629170eb8dba23b1b4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

MD5 e935bc5762068caf3e24a2683b1b8a88
SHA1 82b70eb774c0756837fe8d7acbfeec05ecbf5463
SHA256 a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d
SHA512 bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DDE8B1B7E253A9758EC380BD648952AF_86F2A83F54EA52E2D59C5D2EE00149B8

MD5 712ed3bbe0f67a8a9458a6066aeda522
SHA1 701d16ce47affb7b269d50a081df5d42bda19fc7
SHA256 3d6d90987e164931f7a6ca178434a4d13f48f852096ba8ea6f62ded09f5b0556
SHA512 936f9ddb20db5ce4d5dd12a55ebb2948dddfb4e2a6ca4b20c12d7cefbd638c0710f4e01ca339192bd7313563ac032dfb7bed8bb498fc08396904aae560b2a70b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DDE8B1B7E253A9758EC380BD648952AF_86F2A83F54EA52E2D59C5D2EE00149B8

MD5 75de656defd632840ee6280b13d5ed66
SHA1 7d5df0a1f158fbdf43a19e767707acc86466b367
SHA256 05984f0b5fc82e4ae6ec1f40cc3085d7258959abd51f707b1ff340086dd7d6ce
SHA512 bc2aba609ac0a4a774bdb071fa3814a0ebfa364399fbabb352c26e09b40c05782c769f01c46ab354a6db11960d7137bbb5e69d100401b0e6668ee237e6812f1b

C:\Users\Admin\AppData\Local\Temp\TarAE2E.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\Local\Temp\CabAE2D.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 34159356aa5d078b3a194935695505fe
SHA1 53bc2edaaa6d60bc472616c3675f56fd0a3e2609
SHA256 16bf10aae095196a6fc6e43bb92dfbd091c3962338648080f0fb974fcf6f92c7
SHA512 89c55a0aea002cdf3b01e65d43e087f58507fc98644cee96ceda5ce22eeb36c99e94917b74e77a41f0e3c7887f030b4083a07f26e4dbbc8b28d78037baec0522

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c892af121b93332cc4f49df95b313580
SHA1 97e0445e8b9b7b8fb5b21486b74d2d359c481d98
SHA256 901a993ae588bc92274c27f3cd7c0c0148fd95de274673c1df1489ee8dba4469
SHA512 abf2d35410f893aa0ecbb5a19edc59668d76d26e4946609c485fbefbe097b89c2576cffc5c6fb6a6b1941a99c441c83c211459fc2a0fbbfb10f248fc54fa09e6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

MD5 55540a230bdab55187a841cfe1aa1545
SHA1 363e4734f757bdeb89868efe94907774a327695e
SHA256 d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512 c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

MD5 df729746065a64bfb9b6adf2608a5f61
SHA1 68167d1d08d77eb8fbff7f3640317a9a4eecfb9d
SHA256 1654b40dc232a5fdb28be776b7cb5ab2e56b636962826ac79d5f7eb3850d3412
SHA512 9dcda72c7103bac9c0a63cec282552de6a765395febac080d642b24748e44d424047b08557927035a1eb594154c48c72d19325cbfb6ea9240b5214f3f61aa3f2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 40252c21a90591c5c679ab728ab0c0c5
SHA1 81fc5548e6c8bb6ef1c810bbe66b2f961d379519
SHA256 8fc0805e7b5be54bde1fa2cf635dc3bcef1b5ae350236205045fe0dcafc93f29
SHA512 e6343ecade91671ae3326d548d17c972cca1395e33a607fceb480f4a89abcb1dd34506ac6af3c10c4d695215e3090b796ad2f3f846f8c22f348481b060249467

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e474cb3d6778972620d285edb92a8f56
SHA1 b877dbfee5df25cf4f520cb19c2dbdfd50ab63ab
SHA256 0349bea696a354bc921b31080562ced62f06a1400cc7e1d8bdb174bfc61543f1
SHA512 9b491d2d59af330cfdbcded5a269560970b03c0d06ffc39f617bf95b95fbf316c0a8cdfa8ace74ba667dee6c331f534ad0c6bf833a3b0d4c259940c6101183ca

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8591c17ceec8c95f9dde6316a77a6d30
SHA1 d1f0b57c42e0a4c81d1c0c9b1ea3e2596268700f
SHA256 f6a75b51158fd9c9dc6d334d8739b0c22fd3043adc1e796ac80e5a612d62394a
SHA512 0ace95814bb0971cd148f2ac7846fdaded57c488249864fc02482b98e582dcc4bf55303fd99b33fda7eddfdccd19f8d39ad2d4c62ebea9b235450215c1777e21

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9689df5518b38b98b92d3808e5cb287e
SHA1 41805ff7bdd6117586a4419224f5e2c13b95dd2a
SHA256 325a10b4893f9c0fcd3363f00ab507f51c9a98dbc687752c48b142e595efb954
SHA512 a74ef1969202c03f930709c5437a7733a15eb3e4a0071f366268bce4d1aea882099138fce418995d96530721e14ba5a857bbb390a131d1086b87e45a81be258b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 0b3b3a8d9f7e1c71a24960d5fae4763c
SHA1 5d9a615294d43f6ea92686a28d357c3332bd77d6
SHA256 9eb7af792fbad1168d9f5f34389be441680111b4f9f17652f18af7d115ecc224
SHA512 7232cdf2f44bd8cf53448a1d39ed1bc2c4ea7e94e03730c02813c6da67fddf2374ffcecee55f5a6c0d82f0cf7c3b280132a135e5c60a563487cec856e4f06ec8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 884078edda49867673898bbb0feb565f
SHA1 fc54e01aed8fa461fa27afdf859e7c6c64ff75a2
SHA256 4cd677eb685074f7cf38b1fec7b75a682423e0616c68a09c5bb7a35008021f79
SHA512 6d7e2d1b593ad62f4a5c465aadda2439f6d7d2ae8d967096188fe7462abaa406a4648e2190ecbbdb5eb098a6a55947ae4d085f48b8c00fd877cb495ecf975d1f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6c1e612d3b41b72622e3e3ed98ac4548
SHA1 b0c49b9962780bc4ba689990c13d0811c353babe
SHA256 f9f2905e6dee98ce5788dbdd91e144c0743bfc23fcbe60fe1a23943d3606b378
SHA512 e1d2f27df1467582f834284e805348289fe8079129e10000c4564f5e2974d09acb056b038e8921beb5cee4792445fe4402217d38b76c7b1adfa3d400fb3c88e1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 c313dcf9b565ddaa3a4605b63fd9a730
SHA1 da2cc7b2b32f57a6df2ee23d3b89e92e58fd8826
SHA256 f0ab18ed4e81dffdd313268800ca7e256bbe84a4adb43c7ce28fa547f1b3d334
SHA512 a2bcc08acb7fd1f11e8cda584e3b22f1cf6adfb9d15e7de3c6e2c3eba27927db3dfd6081dd081c783997a6d62eed2b82a17ec47d7264da2829ca97e5addb201c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3ad1e9ee489dc44e95621051c4e09ef7
SHA1 92dd8291ae858fe73ab30b81deb394c5efa06d01
SHA256 25326c50981297ab2d2ce0c2dbba9feaf550ffa39d19b35a620ec1d165d8ad6f
SHA512 fffc2dbc87fecbf0ea419463ad7792d97f779bc4980ca11ae00fe7e2f9f592707421582d936381c073d18dffa98507243a7aba289708e6ad4a03119648117d49

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1a21e050b0248d17278b599712e7984b
SHA1 5d9f97b051188a1ffd373edc9d7a5c46bd2b436e
SHA256 6fe9a26840c5369f9a8c1be8fe85e989fdb90f312b3b6b5651425b9bafbe6942
SHA512 5b8e1c22d0e207943e28e799eeae999931aacb9036c95c5ccb781bb8f2a0f16ca96968fb2653a047512ba071ee902734519acd092573303757fb86fe507278e4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 96c4a8db3a9d8323f256a781e58ab21d
SHA1 5ffde550ff1bd3db14c6eae79382d0a655290288
SHA256 d6259f567eaaa13b1ab7472b3f3ed55a77a8cee4848bc732fba33aa67fb5d841
SHA512 d6c19b21ef2bcc10e82bb8eed2b3b0813e994c3c425bff47a27aa9cac9d0ae6193b77947013a27f344c56dc412acc1ef69dd321ed9166b0876cbb7d6846a99eb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7f5b04299dad470a0dd58334df86a8e6
SHA1 643b91ad03a5d37c3cc151844e29bb81d7c7147d
SHA256 8ef38b07ede0b5844f49ac55f60402680d907198b0a58c6a28adec86dc91fc0a
SHA512 05db9ca33105e81f4c141326fdf4e5b9fdcde9016cb2108e47154a1d563899c236806cec9cd1247f242edb47ffa02d41b358add429a23286450e52787f5b57a5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 15de5a159e1b926ce1eabe2d1739e37e
SHA1 c5d57060ec445587f768fdf6ef2ced28c91df821
SHA256 5fa41db81243ac6040c6a13867e4f404a1d2c9e4aa1a18f54dcac340dd96e66e
SHA512 15e1aff6888966e78f7503596e16c01054fd82cb8aba34703210689dc9c9f90d190269b640fb48bf175fdef48c4d87e0d196725e737c2b4829d872f679be6ce1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7b6dc12f24b32c74d70cc0ec09ae82a9
SHA1 93f4436dd7c591e3822553be86acd34da6660410
SHA256 ea03a9d1a57adf417d1a3a05a24be16620353c23f93375d58e9ab5b055ea779c
SHA512 ec91711c6fe13bcd901436c6772db2d97f38647fae37a7794d2af648c146b24edc2cd2cc51b707f91ee9bf97882daf35585a9be79045c4e64102e168f38df0ac

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1ac478a6ae8ed4251b93019bf51ef0f0
SHA1 0a1792395b9bf08af4c87ff9782dbc113217133d
SHA256 a9106dfd30e3acff20b96d63155c6b0a6049ad77f4c7522f0c38e4a756448c89
SHA512 10c23cd9cdfba1c731a76fea4849feaf4ed36d075c46abb26b7af05f833a8a680a5a4851e4ecf2a30a2005effd678b68fb8a83b46596442d95665816d55f2e92

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5bd0f4a279d05f1214029aaaedb0cbfe
SHA1 6f1504b3b80ab8eeac4ec48e080a3ea8085b1986
SHA256 e5a3b9908d447533da9898c14266ed680cabf4765319f1221da997feba78f8d2
SHA512 8300994d2315791e1a6efc417eaeef4cf634fc8bea1f56baa99ae7ea70f9fb901f7401be1a26597dc0c799b4c48c0450cfebebbe1b31b75f5c73434356129507

Analysis: behavioral2

Detonation Overview

Submitted

2024-12-10 22:27

Reported

2024-12-10 22:29

Platform

win10v2004-20241007-en

Max time kernel

145s

Max time network

149s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\debf9eee0a49acad9d989314a32c05b4_JaffaCakes118.html

Signatures

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3428 wrote to memory of 2836 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 2836 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 1988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 1988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 1988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 1988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 1988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 1988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 1988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 1988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 1988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 1988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 1988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 1988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 1988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 1988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 1988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 1988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 1988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 1988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 1988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 1988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 1988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 1988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 1988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 1988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 1988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 1988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 1988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 1988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 1988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 1988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 1988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 1988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 1988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 1988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 1988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 1988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 1988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 1988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 1988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 1988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 3180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 3180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 1364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 1364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 1364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 1364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 1364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 1364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 1364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 1364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 1364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 1364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 1364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 1364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 1364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 1364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 1364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 1364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 1364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 1364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 1364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3428 wrote to memory of 1364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\debf9eee0a49acad9d989314a32c05b4_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe772746f8,0x7ffe77274708,0x7ffe77274718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,11815272723026618934,15156788872477842753,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,11815272723026618934,15156788872477842753,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,11815272723026618934,15156788872477842753,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2920 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11815272723026618934,15156788872477842753,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11815272723026618934,15156788872477842753,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11815272723026618934,15156788872477842753,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,11815272723026618934,15156788872477842753,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1852 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 netoopscodes.googlecode.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 bloggerblogwidgets.googlecode.com udp
US 8.8.8.8:53 ankiitpatel.blogspot.com udp
GB 216.58.204.74:80 fonts.googleapis.com tcp
GB 216.58.204.74:80 fonts.googleapis.com tcp
NL 108.177.96.82:80 bloggerblogwidgets.googlecode.com tcp
GB 142.250.178.14:443 apis.google.com tcp
GB 142.250.179.233:445 www.blogger.com tcp
GB 142.250.179.233:443 www.blogger.com tcp
GB 142.250.179.233:443 www.blogger.com tcp
GB 172.217.16.225:80 ankiitpatel.blogspot.com tcp
GB 142.250.178.2:80 pagead2.googlesyndication.com tcp
NL 108.177.96.82:80 bloggerblogwidgets.googlecode.com tcp
GB 172.217.16.225:443 ankiitpatel.blogspot.com tcp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 233.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 225.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 2.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 82.96.177.108.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 195.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 kona.kontera.com udp
US 8.8.8.8:53 nwidget.networkedblogs.com udp
US 8.8.8.8:53 cdn.printfriendly.com udp
US 8.8.8.8:53 s7.addthis.com udp
GB 143.244.38.136:80 cdn.printfriendly.com tcp
US 8.8.8.8:53 feedjit.com udp
NL 108.177.96.82:80 bloggerblogwidgets.googlecode.com tcp
US 8.8.8.8:53 w.sharethis.com udp
SE 3.164.230.50:80 w.sharethis.com tcp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 code.helperblogger.com udp
SE 3.164.230.50:443 w.sharethis.com tcp
GB 142.250.179.233:139 resources.blogblog.com tcp
US 3.18.7.81:80 code.helperblogger.com tcp
US 8.8.8.8:53 50.230.164.3.in-addr.arpa udp
US 8.8.8.8:53 136.38.244.143.in-addr.arpa udp
US 3.18.7.81:80 code.helperblogger.com tcp
US 8.8.8.8:53 www.hugedomains.com udp
US 172.67.70.191:443 www.hugedomains.com tcp
US 8.8.8.8:53 widgets.outbrain.com udp
GB 2.18.109.60:80 widgets.outbrain.com tcp
US 8.8.8.8:53 a.nel.cloudflare.com udp
GB 2.18.109.60:80 widgets.outbrain.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 scriptabufarhan.googlecode.com udp
SG 118.139.179.30:80 www.linkwithin.com tcp
NL 108.177.96.82:80 scriptabufarhan.googlecode.com tcp
US 8.8.8.8:53 81.7.18.3.in-addr.arpa udp
US 8.8.8.8:53 44.230.164.3.in-addr.arpa udp
US 8.8.8.8:53 191.70.67.172.in-addr.arpa udp
US 8.8.8.8:53 60.109.18.2.in-addr.arpa udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
SG 118.139.179.30:80 www.linkwithin.com tcp
NL 108.177.96.82:80 scriptabufarhan.googlecode.com tcp
US 8.8.8.8:53 ads.lzjl.com udp
CA 199.21.148.89:80 ads.lzjl.com tcp
US 8.8.8.8:53 s21.sitemeter.com udp
CA 199.21.148.89:80 ads.lzjl.com tcp
US 8.8.8.8:53 cdn.wibiya.com udp
US 104.21.32.1:80 cdn.wibiya.com tcp
US 8.8.8.8:53 www.tealdit.com udp
US 172.67.174.110:80 www.tealdit.com tcp
US 172.67.174.110:443 www.tealdit.com tcp
US 8.8.8.8:53 30.179.139.118.in-addr.arpa udp
US 8.8.8.8:53 adf.ly udp
US 172.66.40.139:80 adf.ly tcp
US 172.66.40.139:80 adf.ly tcp
US 8.8.8.8:53 publisher.linkvertise.com udp
US 104.18.0.75:443 publisher.linkvertise.com tcp
US 8.8.8.8:53 ads.clicksor.com udp
US 8.8.8.8:53 resources.infolinks.com udp
US 172.66.41.9:80 resources.infolinks.com tcp
US 8.8.8.8:53 1.32.21.104.in-addr.arpa udp
US 8.8.8.8:53 110.174.67.172.in-addr.arpa udp
US 8.8.8.8:53 139.40.66.172.in-addr.arpa udp
US 8.8.8.8:53 shuttle.sharexy.com udp
US 8.8.8.8:53 www.luminate.com udp
US 3.226.99.248:80 www.luminate.com tcp
US 8.8.8.8:53 www.turbify.com udp
US 3.226.99.248:443 www.turbify.com tcp
GB 142.250.179.233:443 resources.blogblog.com udp
US 8.8.8.8:53 75.0.18.104.in-addr.arpa udp
US 8.8.8.8:53 9.41.66.172.in-addr.arpa udp
US 8.8.8.8:53 248.99.226.3.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
GB 142.250.179.233:443 resources.blogblog.com tcp
GB 142.250.179.233:443 resources.blogblog.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
GB 172.217.16.225:80 2.bp.blogspot.com tcp
US 8.8.8.8:53 3.bp.blogspot.com udp
GB 172.217.16.225:80 3.bp.blogspot.com tcp
US 8.8.8.8:53 img1.blogblog.com udp
GB 142.250.179.233:80 img1.blogblog.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 1.bp.blogspot.com udp
GB 172.217.16.225:80 1.bp.blogspot.com tcp
US 8.8.8.8:53 www.feedburner.com udp
GB 142.250.178.14:80 www.feedburner.com tcp
US 8.8.8.8:53 static.networkedblogs.com udp
US 8.8.8.8:53 passets-cdn.pinterest.com udp
US 151.101.192.84:80 passets-cdn.pinterest.com tcp
US 8.8.8.8:53 4.bp.blogspot.com udp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
US 8.8.8.8:53 84.192.101.151.in-addr.arpa udp
US 8.8.8.8:53 www.dmca.com udp
US 13.107.246.64:80 www.dmca.com tcp
US 13.107.246.64:443 www.dmca.com tcp
US 8.8.8.8:53 feeds.feedburner.com udp
GB 216.58.212.206:80 feeds.feedburner.com tcp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 206.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 www.blogrollcenter.com udp
GB 216.58.212.206:80 feeds.feedburner.com tcp
US 8.8.8.8:53 www.getrank.org udp
US 54.82.172.55:80 www.getrank.org tcp
US 54.82.172.55:80 www.getrank.org tcp
US 8.8.8.8:53 track.bloglog.com udp
US 8.8.8.8:53 55.172.82.54.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 translate.google.com udp
GB 142.250.178.14:443 translate.google.com udp
NL 108.177.96.82:80 scriptabufarhan.googlecode.com tcp
US 8.8.8.8:53 www.blogblog.com udp
US 8.8.8.8:53 nirav07.110mb.com udp
GB 142.250.200.14:80 www.google-analytics.com tcp
GB 142.250.179.233:80 www.blogblog.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 216.58.201.98:443 googleads.g.doubleclick.net tcp
GB 142.250.178.14:445 translate.google.com tcp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 translate.google.com udp
GB 142.250.178.14:139 translate.google.com tcp
US 8.8.8.8:53 98.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 8.8.8.8:53 1.bp.blogspot.com udp
GB 172.217.16.225:445 1.bp.blogspot.com tcp
GB 172.217.16.225:139 1.bp.blogspot.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:445 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 youtube.googleapis.com udp
GB 216.58.201.106:445 youtube.googleapis.com tcp
GB 216.58.212.202:445 youtube.googleapis.com tcp
GB 142.250.187.234:445 youtube.googleapis.com tcp
GB 142.250.200.42:445 youtube.googleapis.com tcp
GB 142.250.178.10:445 youtube.googleapis.com tcp
GB 142.250.179.234:445 youtube.googleapis.com tcp
GB 172.217.16.234:445 youtube.googleapis.com tcp
GB 142.250.187.202:445 youtube.googleapis.com tcp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 youtube.googleapis.com udp
GB 216.58.204.74:445 youtube.googleapis.com tcp
GB 142.250.200.10:445 youtube.googleapis.com tcp
GB 142.250.180.10:445 youtube.googleapis.com tcp
GB 216.58.213.10:445 youtube.googleapis.com tcp
GB 216.58.212.202:139 youtube.googleapis.com tcp
GB 142.250.179.226:445 pagead2.googlesyndication.com tcp
GB 142.250.178.2:139 pagead2.googlesyndication.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 37f660dd4b6ddf23bc37f5c823d1c33a
SHA1 1c35538aa307a3e09d15519df6ace99674ae428b
SHA256 4e2510a1d5a50a94fe4ce0f74932ab780758a8cbdc6d176a9ce8ab92309f26f8
SHA512 807b8b8dc9109b6f78fc63655450bf12b9a006ff63e8f29ade8899d45fdf4a6c068c5c46a3efbc4232b9e1e35d6494f00ded5cdb3e235c8a25023bfbd823992d

\??\pipe\LOCAL\crashpad_3428_HEJOUVHBQZFSSIAI

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 d7cb450b1315c63b1d5d89d98ba22da5
SHA1 694005cd9e1a4c54e0b83d0598a8a0c089df1556
SHA256 38355fd694faf1223518e40bac1996bdceaf44191214b0a23c4334d5fb07d031
SHA512 df04d4f4b77bae447a940b28aeac345b21b299d8d26e28ecbb3c1c9e9a0e07c551e412d545c7dbb147a92c12bad7ae49ac35af021c34b88e2c6c5f7a0b65f6a8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c6d06117f9b8601c6f654ab19ee904bc
SHA1 4318ecb893453e3fb6322b19dce500201617f618
SHA256 94fe52d7c005736073286099b35c262ea618a3d1049db4ec2f88b30482f809e7
SHA512 2cdc3e6076c76cb31173193c916a3ca133b1de4daba9edb7fe44016aeebf4637a3e97edf60ead1ba4ceeb90a807af885c02c3d1f492c7139376c5a72543509d6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 219d7b193c2a71adec306ea631c0705d
SHA1 36a028ccc3ae9fdf868ffc7998d1cad6c9a11701
SHA256 f00bbba536c6f3ee476d6d438cbc78359e3de98c28b1d5d46f3fc94aefc73bb8
SHA512 63a7012bcc2e55e97a6312d570904a149b2de201f0173323d4c56ae1289c128a3e5f2cba7dde9aaa50deb83a25812d9e22352e8c311dec4902cf8073d64ccbd8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d45ccb4c7b99173be288abc90cd8d683
SHA1 05791ddd5ceca38c2ae987a2a6545ee4d9ad65e3
SHA256 4ebb4bcd17c315cbb22a40dbdddeab846b78e613cf4bf16fd2b39cdb63231e0d
SHA512 e1fbf24dee43f829fc8a9e16f747181763835f9b05f88fff94e26e52ba0edd90a022020fa9a5a1389c90e1807e3aafef0489be896c25a4fb40d8a52ab47138e4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 d2185f286f35c40efa4f508229e51d4b
SHA1 7ea1630b46228e1c86219514828d74efbc26ed29
SHA256 4b52295554eaa394a607bbbc6a76ada2689996746dff9ab66dbbcdf5c6826284
SHA512 2e175672f22ff910744f05f894716333bceb24f42c491ce4e44ff06abfbcae89d0b6a16a4647fc54990a9a1f34cfc35115ac8f9aeee6144c93e4573f45f0b7bc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 f4c47e8f47a9b424bd6975cd3772c380
SHA1 69446bdf5893ab128351e0ca71751f8b5babc920
SHA256 5bb965c357f097674a5f37ef4309331e0f73d1cc39aea44cc991e2657c6f413e
SHA512 ad9ecbffcf06f6d69ef55dc26f7a697817cd4734abbb31299815eff07c19b9a5d692b33fcea0f694618e1188e17d7f1751ee8bbae4374323ce22c26309576e1a