Malware Analysis Report

2025-04-03 14:22

Sample ID 241210-xgcejstnft
Target de2c71f234305c8908e97f61d6043b7f_JaffaCakes118
SHA256 923882897185988e67034900d6325160061d458dfa12e2368b7e38d61c62547b
Tags
socgholish discovery downloader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

923882897185988e67034900d6325160061d458dfa12e2368b7e38d61c62547b

Threat Level: Known bad

The file de2c71f234305c8908e97f61d6043b7f_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

socgholish discovery downloader

SocGholish

Socgholish family

Browser Information Discovery

System Location Discovery: System Language Discovery

Suspicious use of SetWindowsHookEx

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-10 18:49

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-10 18:49

Reported

2024-12-10 18:52

Platform

win7-20240903-en

Max time kernel

150s

Max time network

146s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\de2c71f234305c8908e97f61d6043b7f_JaffaCakes118.html

Signatures

SocGholish

downloader socgholish

Socgholish family

socgholish

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 10306959344bdb01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005215a5066491ef45b05baa347490449000000000020000000000106600000001000020000000fb04840cc0380701d5057211c377fa3f39b5cbb2244e3c032f74cf82ef7aa969000000000e8000000002000020000000519a1cf64c916bde6198fd52b5175a9c6029ef891d5e13f6882d348f97765ccf20000000cf17142c641dc2f4ff7ae20a188788b01785565db3f715d56dd996fc16d5b19a4000000066d103ab46c5ea3a3b5538f7b493e912c0edf2f4f07148ac87b4f28d824fe32413c66cf5c355000cddc4ddb868ef4606f417f9e28c656a12685e2cd761fd96c3 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005215a5066491ef45b05baa347490449000000000020000000000106600000001000020000000cb85bbf0dd2b5ba026c6cf63f09231b92308ee48ea4b74e0488a5d2db988b0c0000000000e800000000200002000000009f5422722d1ac6df75c29a9ef95adce8851a1a184e5ed7068a81718d56dce5690000000f0c3e6ea2cce78f9a45eb6c4e725bbaa1b7ad97a0418cdf265d5a5b1fe736c930d97fa0ecef98b979da7877092488323e0db1648150f8c4e1baae70cc4e5ff5d0958a4aeb547b9208a4065ce16e9bc578e3be9051f701acfbf051fc3b61e524d3c6b1f6ce3a97ee4dbefe547057e37e094f1e1bd04113a039518fea52431820e83ae8dce73ac8c1df7e57a92fe774c2f40000000cc3280bd462ab3fe790b9abbb4c8dabb44431197f9b40a3c7fbf8b382b9cea73f475c3490b4007710875ba8d32340759fdf146e509b126e2800b9319a78a0efb C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "440018446" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{81EB26B1-B727-11EF-A0C2-62CAC36041A9} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\de2c71f234305c8908e97f61d6043b7f_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2840 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 dl.getdropbox.com udp
US 8.8.8.8:53 www.yourjavascript.com udp
US 8.8.8.8:53 api.ning.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 imageshack.us udp
US 8.8.8.8:53 h2.flashvortex.com udp
US 8.8.8.8:53 img1.blogblog.com udp
US 8.8.8.8:53 dl.dropbox.com udp
US 8.8.8.8:53 s7.addthis.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 lh4.ggpht.com udp
US 8.8.8.8:53 lh3.ggpht.com udp
US 8.8.8.8:53 lh5.ggpht.com udp
US 8.8.8.8:53 oloblogger.googlecode.com udp
US 8.8.8.8:53 img9.imageshack.us udp
US 8.8.8.8:53 farm6.static.flickr.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
US 8.8.8.8:53 www.boober.com.br udp
US 8.8.8.8:53 www.morgadao.com.br udp
US 8.8.8.8:53 i53.tinypic.com udp
US 8.8.8.8:53 www.tedioso.com udp
US 8.8.8.8:53 img16.imageshack.us udp
US 8.8.8.8:53 www.mundoseo.com.br udp
US 8.8.8.8:53 ji.revolvermaps.com udp
US 8.8.8.8:53 img192.imageshack.us udp
US 8.8.8.8:53 yorgan.webs.com udp
US 208.82.16.68:80 api.ning.com tcp
US 208.82.16.68:80 api.ning.com tcp
GB 162.125.64.21:443 dl.getdropbox.com tcp
GB 162.125.64.21:443 dl.getdropbox.com tcp
US 208.94.3.18:80 imageshack.us tcp
US 208.94.3.18:80 imageshack.us tcp
US 13.248.169.48:80 www.yourjavascript.com tcp
US 13.248.169.48:80 www.yourjavascript.com tcp
GB 142.250.178.14:443 apis.google.com tcp
GB 142.250.178.14:443 apis.google.com tcp
GB 142.250.179.233:80 www.blogger.com tcp
GB 142.250.179.233:80 www.blogger.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
GB 172.217.16.225:80 lh5.ggpht.com tcp
GB 172.217.16.225:80 lh5.ggpht.com tcp
GB 172.217.16.225:80 lh5.ggpht.com tcp
GB 162.125.64.15:443 dl.dropbox.com tcp
GB 162.125.64.15:443 dl.dropbox.com tcp
GB 162.125.64.15:80 dl.dropbox.com tcp
GB 162.125.64.15:80 dl.dropbox.com tcp
GB 162.125.64.15:80 dl.dropbox.com tcp
GB 162.125.64.15:80 dl.dropbox.com tcp
US 38.99.77.16:80 img192.imageshack.us tcp
US 38.99.77.16:80 img192.imageshack.us tcp
GB 142.250.179.233:80 www.blogger.com tcp
GB 142.250.179.233:80 www.blogger.com tcp
US 38.99.77.16:80 img192.imageshack.us tcp
GB 172.217.16.225:80 lh5.ggpht.com tcp
US 38.99.77.16:80 img192.imageshack.us tcp
GB 172.217.16.225:80 lh5.ggpht.com tcp
GB 172.217.16.225:80 lh5.ggpht.com tcp
GB 172.217.16.225:80 lh5.ggpht.com tcp
GB 172.217.16.225:80 lh5.ggpht.com tcp
US 38.99.77.17:80 img192.imageshack.us tcp
US 38.99.77.17:80 img192.imageshack.us tcp
NL 18.238.247.73:80 farm6.static.flickr.com tcp
NL 18.238.247.73:80 farm6.static.flickr.com tcp
GB 142.250.200.33:443 lh3.googleusercontent.com tcp
GB 142.250.200.33:443 lh3.googleusercontent.com tcp
NL 108.177.96.82:80 oloblogger.googlecode.com tcp
NL 108.177.96.82:80 oloblogger.googlecode.com tcp
NL 18.238.247.73:443 farm6.static.flickr.com tcp
GB 162.125.64.15:443 dl.dropbox.com tcp
GB 162.125.64.15:443 dl.dropbox.com tcp
GB 162.125.64.15:443 dl.dropbox.com tcp
BR 186.250.202.56:80 www.mundoseo.com.br tcp
BR 186.250.202.56:80 www.mundoseo.com.br tcp
GB 162.125.64.15:443 dl.dropbox.com tcp
US 104.21.23.156:80 www.morgadao.com.br tcp
US 104.21.23.156:80 www.morgadao.com.br tcp
US 8.8.8.8:53 crt.rootg2.amazontrust.com udp
US 8.8.8.8:53 imagizer.imageshack.com udp
NL 18.239.83.100:80 crt.rootg2.amazontrust.com tcp
GB 88.221.134.152:443 imagizer.imageshack.com tcp
GB 88.221.134.152:443 imagizer.imageshack.com tcp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
BR 186.250.202.56:443 www.mundoseo.com.br tcp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 img30.imageshack.us udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
US 38.99.77.16:80 img30.imageshack.us tcp
US 38.99.77.16:80 img30.imageshack.us tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
US 8.8.8.8:53 e5.o.lencr.org udp
GB 88.221.135.105:80 e5.o.lencr.org tcp
US 8.8.8.8:53 viniciuspaes.com udp
BR 186.250.202.56:443 viniciuspaes.com tcp
BR 186.250.202.56:443 viniciuspaes.com tcp
US 8.8.8.8:53 e6.o.lencr.org udp
US 8.8.8.8:53 e6.o.lencr.org udp
GB 88.221.135.105:80 e6.o.lencr.org tcp
GB 88.221.135.105:80 e6.o.lencr.org tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 8.8.8.8:53 www.baixandojogosgratis.com udp
GB 142.250.200.14:80 www.google-analytics.com tcp
GB 142.250.200.14:80 www.google-analytics.com tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 2.19.252.157:80 crl.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
GB 95.100.245.144:80 www.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

MD5 4cf59e9edc7be9b6056187494294fd70
SHA1 dcfc37051d38957871d2d8dbbae170d02da0a8bc
SHA256 b448d6acafbda1c9f22c5230831a8f59c46fe04b016c8a2a9d05376b056a5973
SHA512 b4af40b293c9d7f7d93c2b428bbf479ef91b88e4eb988802eeed39bcd3c7edfaf79d3ad7be4004cd5e9c75aca480e757c93da651507ce8ad7e25466ac00d64c5

C:\Users\Admin\AppData\Local\Temp\Cab6827.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MPUI9R2R\jd.gallery[1].htm

MD5 e89f75f918dbdcee28604d4e09dd71d7
SHA1 f9d9055e9878723a12063b47d4a1a5f58c3eb1e9
SHA256 6dc9c7fc93bb488bb0520a6c780a8d3c0fb5486a4711aca49b4c53fac7393023
SHA512 8df0ab2e3679b64a6174deff4259ae5680f88e3ae307e0ea2dfff88ec4ba14f3477c9fe3a5aa5da3a8e857601170a5108ed75f6d6975958ac7a314e4a336aed0

C:\Users\Admin\AppData\Local\Temp\Tar68E6.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7f5916c0fb8b5edb684a267e5751691d
SHA1 91dafe75698622abb08156528555c6f1adfd038d
SHA256 07a71cafca67027a47730c28de4685b6f7fd738b9a44e9c864740dd1a5d05bac
SHA512 9da8f7a9266704e3abb6483d3954cd5fa224814dd1e28967d23464ba0f908f32a55a6d7d5d643aebcf7db76c981d79b8b5aeacd2278d6e958b4e03bb0d4afb28

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MPUI9R2R\plusone[1].js

MD5 2693cd35d818b48f4cd562c6abe0db29
SHA1 131c844eb658219966c722b60cc12c8a542ebe06
SHA256 911fa262008c6ef2bcf8448ad83a5aa8129c39355b98d957f5c7dde2babf9b7c
SHA512 4f692bd49811addfe89d14b156fed6513f04ec4be2629086a8b66ddcd6e7b8b7df149fa017173824c30f7492c2320a3d7b9c0344d5e1f7074742558125654f1f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8a37e898a8f71d996ca82411e868db65
SHA1 23497726a74a136b023754b3e60c2b15a53f23b7
SHA256 7787ed40399a3358948466f3f1637191d5475b0d34cf6a660a6eafd85be60f25
SHA512 f4b782b60e1102a7ddcad6e917882d0e1d5637e9ee0f09d0733687e89f4773b8b19db6fac9bc5d9aa855357109352122d494d1c32b6d0b9538de023d7c03074e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f0b3cee88731114b2370d1de39f8220e
SHA1 bd8db6a8e0a3eed948f6325f2177cd0e848c2c5f
SHA256 731536a02b5f5d84dbd049c84be70cf26b34d229ac866bda8f142b7cb75ea22a
SHA512 cc99ee74c96b4859ae755e0da373b9bcf31ea276621024f557046b26e28498be8104566aad6c0892d9e2fb31e0465f47be70787c745349a8582ae913f18bfea9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2385b70f84ae428dd2729c8e34ce98fa
SHA1 c4babc9a5c744066263a30df9f82e1eebd354cea
SHA256 1fe42b1669c75901c15c46fe8467b6504697822755571c2811ffa14e5f44c5db
SHA512 3a5527130800c7ba33eef9566d2cb78ccaa2ca139a9da4c125ea97566abd2a88254e7fa7ef8c6ab3fcea918432baf1edc5f936b69af1d75ad27e31b632d73723

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 935ef68411ce7bad39848a334038b311
SHA1 9831d45b526f2ba181c902daa7d059bd1ec8559d
SHA256 a73f26b04e53f091ac82541ee257ed4dbe3e6379d3905ede6502147f484f1da6
SHA512 1ccc0ccb0ed5060645a32df764967a4d9467301e90bc211834114b47298c8786e9d3d9947ea23dfab42675d608545e3d9df4fb15514c9c8d4036aa33a6258492

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 60ee57f0d841347bbe18adabda6c166b
SHA1 fadc8e901e31f813af0ebcab31c7b61dedc764a2
SHA256 73a92a432d8e0eeeb4a1344bb167b10729ce1df4eb82626593035c26aa219010
SHA512 192a8530ea84f3e63dd15bf379b0a4c6421611b6bd0be4693de29d9970076858ad7be280605fff849e31c662f780ea85f94d0108b28863535604e857cd677a2e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5e41885ec576cdb9f279684d4b8882f5
SHA1 6f5cf0f45a9ae0ad1ff927dc31cfe743a4e71620
SHA256 56fe00dd32bb05523e7f23e7caf3ca612c3acdcb36c016d9a385695d19d63cc7
SHA512 f4470d8f6e22d78670cc50eb05a1b034e0fa3219b8c5051d0d407aaefb191e15f9a0762b7c142121f41e8813300e0c8c5c3b72894010e697ed485a50f8ff0333

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b67b26e0ea4ca556bb399f9958bccf64
SHA1 0c65b5a1f278969806d0bb0696f05b991da2cbda
SHA256 5e4340667ad020d3bec04aad39b80ae796594dbd3b0e0532081eaa53faa98bad
SHA512 228207e67e527adcd83aa0694370b810a1d8c7b942f137f1652114959c88bc64bf6f9690259244df843546537a6466ca6eb935efbf4952776b78e5fe1757e7d4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1a35e82e4e1db4fdb97ed9cae85ba17a
SHA1 7b0bf399681619e0734420707a34fc4cf106a235
SHA256 64d8864eb62120d1864197a879afbeccc49cad0785d9d0115c43a83459112c49
SHA512 bc7fbe10098264c075dab882e912a5a4a97747b8d7d81d7f06687468c27ff8c0256e11c493876fe920be683243ec5209860ed958e0f4db69db7800036f415ec4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d4f7f021eb317ad1ac26123be089488c
SHA1 a45993cc714f5ad244f436569aa7a83b697e2ba4
SHA256 4886a8191dbb221616a54052e4bc319c219c64fe8da1b69f49cf13e0556c70a7
SHA512 dd8f94972d43a03f90b41de1062e329aea1d6bcd903963a7a21b431cd323b3fb4e629213859ead429c7a0afc4c54949b95de5896941428d9a9a71fa3faa58ad0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d0f48c3881997661c91b1111a30e7cfa
SHA1 02ef6b78b302a77df5124eda2e360d0706ef43cd
SHA256 6aef428ffb0a71c30cbe6718b6a9a531662be40cc80fb5e9307571cf810a2b9e
SHA512 0c09414133ba28df672b81ba83fc249fb560fcf82dfbb130b13f4ea5f9e7709ac710dd735943b133544c947406ea4be41581830d5206f5ef9bb14f192957ea48

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a1ce2d6de51e019b0d4ca82c4f5c7741
SHA1 cf1c645c68db9a41d186f3c08a58db4ebb8a193d
SHA256 404e3bd36deceec4ecb21eddb0f3a13eb4ace5258a6ab4ad548baf6c2318cdb5
SHA512 5ff2c2b7cbcdea40477c1d912685abc6d2100254725be2a2199eb1bdca20519c7515b5b09d1349e111a0486984e82f7b0b7bd204e6abfebf9913e5a61d8db514

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fc315a3f24f1258ba9e35a000a1ed33f
SHA1 044057c5b44a99bbf891bcd0aaac09b7cb464a26
SHA256 f35b4549ba5d6e7e741dc59cc644fbe7177d0257f88974dade8c43b8b05c6db2
SHA512 accec8752fbb35703b339c895451382eb21a80c2ec724098b04e0750e34316a52ff3ba895a0ea2592d095c42602a4bab1676bef087b8f769cb3fabaf34f019c9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 de735d767070d5d0d579ffe8845f3353
SHA1 2462f0dc8890cdc952e63f2f6a15f8d6ef65f020
SHA256 394fca727b6090db92f014878d26d9820685787a9b9df18b1537324f4006968b
SHA512 afae560ddf86ecc72cc0678ee9306ef5110f9facdabef1090e98919dca59b4793379a0739d3c54a64d722272c86734e1dcab7041db1208f48a67077c38bbbfb7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6eff6ed8eb058a17526c3a9fc57b9b81
SHA1 37d15fa420520c458a8500cb70f88bdc2b805548
SHA256 1133c0855d8cde57e1249ce6c5f4840c767d60094d06106caf58e0b081d5c367
SHA512 c15ea646bf6233f5d63fc0edc3f05bacd09a2facd3b3935877511c272fa239e91f13919d1fbaf49f46e1d123a67fd8fd639512c4b6d64660dc8416f3e1409299

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0924f1001e04f5ef481a78765f793be5
SHA1 0598a19b65e2c504b2fbad9f785b88471b304b04
SHA256 fef365c70eab58ab6a39ab98e689105ef01fe5d87852d89b47eb6c831c50c7cb
SHA512 aa72316c4777a4236ef0d54b45102d835411e1cf558a5b86d577ca0cef763227acdc20508de25a2696b5010f0abb79bbf1e3fd4fdc949f29fa1a8832245c1743

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ad8babb627cf998260e31c778e53adf3
SHA1 70721f081d2f83c6cb3cf61fb386fd8a3bf1bf0f
SHA256 72df18d6c3b172df6f2025112cb202027a6478c6331cae7eb186b18986d3b935
SHA512 34eb9944a95a20042b959c5291ac68d82e5418afdefd7bcc8005d3c2cef80b640ec51994b2d637b07ec8e7ae6a56318c1a477fd9f12210becf64eec404ffc33d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a2e420557b116020e59b1fe6bfbf939b
SHA1 4432681bfc9ff419efbaae9c829608bf3bc45bab
SHA256 ff6a369384829470c628fafeb2849365bf85c1ee70595ceeb716cbb66076d1ec
SHA512 c7c99d5e65f9eef6c9c1fa06feb3beb9072a3360358e4871888f1815874f037bcc21849d18358985207a516bc75ee80d35adef9410b1a41cd2aaea5e62c3814b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7471f462502d2a3786e7425b986ff7aa
SHA1 8cc6d265a3e71ff49c286a66f4b9ed2311946f0d
SHA256 dfcca12008493936f26f42b635b02779fc59f5c052572a8585d8e9c29924f4a6
SHA512 45bbd12b570b74375a1e178963e3b0f854d1b2bbe75070f1447d300437c12014f33f6e120ae87b72f3bd99ec9843cdbe5ea52a5b49bc7d183472a83b27b2575b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2290c3130ee6bfe4e3a0b592fce755e3
SHA1 8582c0deea717c22dccfc0561dd9be3eef19bcf9
SHA256 d9bc3307cf3c3daa075aa449edeffe84ef84eda0550a3cf1a6f78a362dc9ad92
SHA512 4ad119933cf6c25184f2e4797b96700a3e8ff83f17e953523f155a815b9da698f24d7df3eb561623618780d09c43f69e397f3b42464200661a3d31e22edfbc36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c6f0e379308aefdf8e306815c48f183f
SHA1 4a1a29c0cf33590ebf1c062da721da51fcf5dfd3
SHA256 053ec40d1a99548f70d91ad46f840b540a2846f669175d1b8c917ee558e7bde6
SHA512 cc801320b018485ba84e9c2d724f4d7000148647b14abfba3119467a5c805ca8936ea058263585cbf4c19960fc65d4d48bcf9994d8754b33663689f3ae4e72a9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 b5bc4e667cca773c6b1999eb12b6d2c1
SHA1 93d6fc53914df1699bf543442903319ea33c9cca
SHA256 9c5f293a7da879490594592750040e608497e8d05e744dfc2f85a9977dd3706a
SHA512 e2e7d3013e31375ec6e898fb737746f16a86ca1294f1621af9e98aca0f3ad5723d9e6d2ab23d02a761fde0513ec5d9cc23da73790cd17e4eb144432860f83794

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1a6d34bda142c85cdb0f49f40215f471
SHA1 2719a7a2a48c032967caabeb52a0fa3c6a3c17a4
SHA256 ef02962d1a3f0e43a88916c82c8ac5fbb65bb0701a362a7b48806ecb40e3e438
SHA512 bf7b86ec5995055c6e41590d20775076d8fde795f5de69782c90a6ac684c68c4f44c9b5fe9e65b6a0d5b916d0c5fd5be0e5b205debccebe8af2d8644c9e6d73c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6d9ff892809386d45311ce0f76e3ed84
SHA1 2533d7cc7a7b553b1eb51c1c60445b74e621357c
SHA256 132ff45d81f01e0652c18bed69de000b72ebbbbff3bf0d46ca9a2e0967033064
SHA512 a5f5c2b6f55259f72f367846bec264daa771b7f6a1a2a77f9e9987c2fc90f943e7a4a33466c76bf85b030d3ec390c587e3103906b534bc9f91282f935b16cce6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8ee0e01a998d5babe07745687a19a96e
SHA1 7c4588291c5415715b3160083b36da86a9708b0a
SHA256 45e464f1d9a1e02f695dff908c19c2aa57b36e208e1e85a896e69e32e3b01a37
SHA512 32f9541d0c2b326a51fabd5bf7c681661b3880d98661c3cb7588f48ef9d0a2332a36528c3e8714f47805b5eaee8cad8eca75fb0544c3049110edbc5af62c15a0

Analysis: behavioral2

Detonation Overview

Submitted

2024-12-10 18:49

Reported

2024-12-10 18:51

Platform

win10v2004-20241007-en

Max time kernel

148s

Max time network

150s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\de2c71f234305c8908e97f61d6043b7f_JaffaCakes118.html

Signatures

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2328 wrote to memory of 3576 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2328 wrote to memory of 3576 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2328 wrote to memory of 2636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2328 wrote to memory of 2636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2328 wrote to memory of 2636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2328 wrote to memory of 2636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2328 wrote to memory of 2636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2328 wrote to memory of 2636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2328 wrote to memory of 2636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2328 wrote to memory of 2636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2328 wrote to memory of 2636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2328 wrote to memory of 2636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2328 wrote to memory of 2636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2328 wrote to memory of 2636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2328 wrote to memory of 2636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2328 wrote to memory of 2636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2328 wrote to memory of 2636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2328 wrote to memory of 2636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2328 wrote to memory of 2636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2328 wrote to memory of 2636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2328 wrote to memory of 2636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2328 wrote to memory of 2636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2328 wrote to memory of 2636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2328 wrote to memory of 2636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2328 wrote to memory of 2636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2328 wrote to memory of 2636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2328 wrote to memory of 2636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2328 wrote to memory of 2636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2328 wrote to memory of 2636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2328 wrote to memory of 2636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2328 wrote to memory of 2636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2328 wrote to memory of 2636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2328 wrote to memory of 2636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2328 wrote to memory of 2636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2328 wrote to memory of 2636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2328 wrote to memory of 2636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2328 wrote to memory of 2636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2328 wrote to memory of 2636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2328 wrote to memory of 2636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2328 wrote to memory of 2636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2328 wrote to memory of 2636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2328 wrote to memory of 2636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2328 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2328 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2328 wrote to memory of 3128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2328 wrote to memory of 3128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2328 wrote to memory of 3128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2328 wrote to memory of 3128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2328 wrote to memory of 3128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2328 wrote to memory of 3128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2328 wrote to memory of 3128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2328 wrote to memory of 3128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2328 wrote to memory of 3128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2328 wrote to memory of 3128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2328 wrote to memory of 3128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2328 wrote to memory of 3128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2328 wrote to memory of 3128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2328 wrote to memory of 3128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2328 wrote to memory of 3128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2328 wrote to memory of 3128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2328 wrote to memory of 3128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2328 wrote to memory of 3128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2328 wrote to memory of 3128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2328 wrote to memory of 3128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\de2c71f234305c8908e97f61d6043b7f_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xd8,0xe4,0x7ff9264246f8,0x7ff926424708,0x7ff926424718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,1245987055719654657,11059568392797162288,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,1245987055719654657,11059568392797162288,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,1245987055719654657,11059568392797162288,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1245987055719654657,11059568392797162288,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1245987055719654657,11059568392797162288,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1245987055719654657,11059568392797162288,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1245987055719654657,11059568392797162288,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1245987055719654657,11059568392797162288,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1245987055719654657,11059568392797162288,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,1245987055719654657,11059568392797162288,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6424 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,1245987055719654657,11059568392797162288,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6424 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1245987055719654657,11059568392797162288,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6384 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1245987055719654657,11059568392797162288,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,1245987055719654657,11059568392797162288,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6248 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 www.yourjavascript.com udp
US 8.8.8.8:53 api.ning.com udp
US 8.8.8.8:53 dl.getdropbox.com udp
US 8.8.8.8:53 apis.google.com udp
US 13.248.169.48:80 www.yourjavascript.com tcp
US 13.248.169.48:80 www.yourjavascript.com tcp
GB 142.250.178.14:443 apis.google.com tcp
GB 142.250.179.233:445 www.blogger.com tcp
US 208.82.16.68:80 api.ning.com tcp
GB 162.125.64.21:443 dl.getdropbox.com tcp
US 8.8.8.8:53 dl.dropbox.com udp
GB 162.125.64.15:443 dl.dropbox.com tcp
US 8.8.8.8:53 h2.flashvortex.com udp
US 8.8.8.8:53 s7.addthis.com udp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 oloblogger.googlecode.com udp
SG 118.139.179.30:80 www.linkwithin.com tcp
NL 108.177.96.82:80 oloblogger.googlecode.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 ji.revolvermaps.com udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 21.64.125.162.in-addr.arpa udp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 180.129.81.91.in-addr.arpa udp
US 8.8.8.8:53 48.169.248.13.in-addr.arpa udp
US 8.8.8.8:53 68.16.82.208.in-addr.arpa udp
US 8.8.8.8:53 15.64.125.162.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 82.96.177.108.in-addr.arpa udp
US 8.8.8.8:53 yorgan.webs.com udp
US 8.8.8.8:53 imageshack.us udp
US 208.94.3.19:80 imageshack.us tcp
US 8.8.8.8:53 img1.blogblog.com udp
GB 142.250.179.233:80 img1.blogblog.com tcp
US 8.8.8.8:53 imagizer.imageshack.com udp
GB 88.221.134.185:443 imagizer.imageshack.com tcp
US 8.8.8.8:53 30.179.139.118.in-addr.arpa udp
US 8.8.8.8:53 233.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 19.3.94.208.in-addr.arpa udp
US 8.8.8.8:53 www.blogger.com udp
GB 142.250.179.233:80 www.blogger.com tcp
US 8.8.8.8:53 lh4.ggpht.com udp
GB 172.217.16.225:80 lh4.ggpht.com tcp
US 8.8.8.8:53 lh3.ggpht.com udp
GB 172.217.16.225:80 lh3.ggpht.com tcp
GB 172.217.16.225:80 lh3.ggpht.com tcp
US 8.8.8.8:53 lh5.ggpht.com udp
GB 172.217.16.225:80 lh5.ggpht.com tcp
GB 172.217.16.225:80 lh5.ggpht.com tcp
US 8.8.8.8:53 185.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 225.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 img9.imageshack.us udp
US 38.99.77.17:80 img9.imageshack.us tcp
US 8.8.8.8:53 farm6.static.flickr.com udp
NL 18.238.247.73:80 farm6.static.flickr.com tcp
NL 18.238.247.73:443 farm6.static.flickr.com tcp
US 8.8.8.8:53 crt.rootg2.amazontrust.com udp
NL 18.239.83.86:80 crt.rootg2.amazontrust.com tcp
US 8.8.8.8:53 lh3.googleusercontent.com udp
GB 142.250.200.33:443 lh3.googleusercontent.com tcp
US 8.8.8.8:53 www.boober.com.br udp
US 8.8.8.8:53 17.77.99.38.in-addr.arpa udp
US 8.8.8.8:53 73.247.238.18.in-addr.arpa udp
US 8.8.8.8:53 86.83.239.18.in-addr.arpa udp
US 8.8.8.8:53 8.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 www.morgadao.com.br udp
US 172.67.211.179:80 www.morgadao.com.br tcp
US 172.67.211.179:80 www.morgadao.com.br tcp
US 8.8.8.8:53 i53.tinypic.com udp
US 8.8.8.8:53 www.tedioso.com udp
US 8.8.8.8:53 img16.imageshack.us udp
US 8.8.8.8:53 www.mundoseo.com.br udp
US 38.99.77.16:80 img16.imageshack.us tcp
BR 186.250.202.56:80 www.mundoseo.com.br tcp
BR 186.250.202.56:80 www.mundoseo.com.br tcp
US 8.8.8.8:53 img192.imageshack.us udp
US 38.99.77.16:80 img192.imageshack.us tcp
US 8.8.8.8:53 33.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 179.211.67.172.in-addr.arpa udp
BR 186.250.202.56:443 www.mundoseo.com.br tcp
US 8.8.8.8:53 16.77.99.38.in-addr.arpa udp
US 8.8.8.8:53 56.202.250.186.in-addr.arpa udp
US 8.8.8.8:53 viniciuspaes.com udp
BR 186.250.202.56:443 viniciuspaes.com tcp
BR 186.250.202.56:443 viniciuspaes.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 208.82.16.68:80 api.ning.com tcp
GB 142.250.178.14:443 apis.google.com udp
GB 216.58.201.98:445 pagead2.googlesyndication.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 2.bp.blogspot.com udp
GB 172.217.16.225:80 2.bp.blogspot.com tcp
GB 172.217.16.225:80 2.bp.blogspot.com tcp
GB 172.217.16.225:80 2.bp.blogspot.com tcp
GB 172.217.16.225:80 2.bp.blogspot.com tcp
GB 172.217.16.225:80 2.bp.blogspot.com tcp
GB 172.217.16.225:80 2.bp.blogspot.com tcp
US 8.8.8.8:53 img30.imageshack.us udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
NL 108.177.96.82:80 oloblogger.googlecode.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.google.com udp
GB 157.240.221.35:445 www.facebook.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 8.8.8.8:53 www.baixandojogosgratis.com udp
GB 142.250.200.14:80 www.google-analytics.com tcp
US 8.8.8.8:53 developers.google.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 142.250.178.2:139 pagead2.googlesyndication.com tcp
NL 173.194.69.84:443 accounts.google.com tcp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 38.99.77.16:80 img30.imageshack.us tcp
US 8.8.8.8:53 ssl.gstatic.com udp
US 38.99.77.16:80 img30.imageshack.us tcp
GB 142.250.200.3:443 ssl.gstatic.com tcp
GB 216.58.201.110:80 developers.google.com tcp
US 8.8.8.8:53 84.69.194.173.in-addr.arpa udp
US 8.8.8.8:53 3.200.250.142.in-addr.arpa udp
GB 216.58.201.110:443 developers.google.com tcp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 dejovensparaomundo.blogspot.com udp
GB 172.217.16.225:80 dejovensparaomundo.blogspot.com tcp
US 8.8.8.8:53 182.129.81.91.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
NL 173.194.69.84:443 accounts.google.com udp
NL 173.194.69.84:443 accounts.google.com udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 36988ca14952e1848e81a959880ea217
SHA1 a0482ef725657760502c2d1a5abe0bb37aebaadb
SHA256 d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6
SHA512 d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173

\??\pipe\LOCAL\crashpad_2328_UAKFZAEDMBOWZCPR

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 fab8d8d865e33fe195732aa7dcb91c30
SHA1 2637e832f38acc70af3e511f5eba80fbd7461f2c
SHA256 1b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea
SHA512 39a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a0092ebe2d8f06b1a9b04429a0e5cfd3
SHA1 f0d4b83388018c4e3ad308a53b73d82d7ea2f359
SHA256 38c374986a704fe08814645bc7387d7fcfecfe2dbd9aa2164de82d72f80bd841
SHA512 422003938215353420e365aed2814fa77cfc113411ac306e5def562b106edd32cb981e3ed62e1ec89c610ecd2453eb164b5000919a7707c34044ac004339f580

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 061548a2698a05cab03e4768d24ae50e
SHA1 2c5d657f61397c541b65e24b45de8d40154ffc5f
SHA256 ecc6cc1e445a95fa6a2c4898d48696de2ae86aa4148706700ab1a3b7ab43ab0f
SHA512 5368f9d20047f0a0dafddfab7f7418fa6b368e2be1f33a48bc6dc0b80c5c25468392b203759150c6eec9846333b3a53cca6b8e6c5a72833951250756976fad27

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 cc77e7fedca849b83a0a5b8857b7c20e
SHA1 d7bfd6ce1f60b1c2dc75ebc75b60455d07f3a45a
SHA256 f506f27107d84c769c2f639c2b0f3d2faa5b8d5c43cd00841cc2c685381b099c
SHA512 e0cf405637250525f1e7a8bcb429cc9a9c4a03b20e530987118387f2bad9b5e31ccc18326863c4203753de18368c79211e23ec4a009d48b00214a688875b7e00

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f788ee4bcebc509957a46f794a356e60
SHA1 497559661a63326aea4f2aefb6ab4e825db992b5
SHA256 d31bf2697eb2ecf96492dd7fc7d5550490ccafee5512040c6a02f3a1f87ee9a2
SHA512 84cc4d3ac491e57807e195105c2455cd47da74ec1d68fe55cdbd3fc8fc08f9fb749d5413376e2421e8bd9d6c1f91d02f4b3be50b24dc1c8e68de6bfb06deee68

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57fb38.TMP

MD5 ba63d8e341202dd3c7ad1593296796dc
SHA1 f944b68b90a00dbb733bd3feb350e6223f7b59c3
SHA256 bffc1abe9b93964109f0426265a69401b9784f5c008920ae232effaa82ee0d55
SHA512 1a809cae83991ae1dacbc51994291fb455ce1a235f5757e0eb6683e07f68869382bb2c952074260a8cf9a6aff73004617f7ef2a93360994e2545a0deb5dcc1cd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 24e15dcce2c3f8903c66b75583138915
SHA1 03eb05bf9aba0446f302a3a23fcca32b7dcbadb7
SHA256 961482c7f28b0415a127760093e1f15fc59cff30b6e0cc18e7ec5c043bf53694
SHA512 184449f47fb75557e632d13ef44fc534ad8871bd08c75463ef9bbdc675a1cf21456db73e6023b6f13d4409f1f594037509ac6bdcefaf421e79bf89be98252a14

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 5ad672f5e6934c48f5f719d503d8ef1e
SHA1 7c0c7e7afcc0ea988635dfd1f73ccfceddce0323
SHA256 d7d12ffaa80e284446f147bee0797ed02928e3a269f125b9fc4516e036e497d5
SHA512 d009da43a641c5c9fb43d1cb5e7fff131fa3b901d732a343d297b8371dee464c8778a3c52016a759c8541d708304a4c9bec71f8497dfefdf0fbf0d0e05b04c5c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ec8ee070a3050d46610c867e745dafb6
SHA1 e5ea198827e66d333bc1b2be261a6e31a14c2113
SHA256 b43c67d55e68efb4bb881acf517de621d11a5582405574b373b26b6551c8f3df
SHA512 3cabe975d17d2558d174cf5fe1e903b03be31149242b058caaebbd88dc3f27a967a32f7573a46da59e5b574cecaeb85eb2300ebee32db69c3d4d4ef2edc46a3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 54d41e3202956c74d927584278b25fbb
SHA1 c32ee444ef00a0aff27a075c79068522ac6092c8
SHA256 bd5f3350008527f5f24dc95188d21630454d2b1c26d5d2eb476ebdc4f4b875f8
SHA512 38e7a1d7568e030588d1980f67c4fe14f7a469c69e98cd8f00225fa966511dac62fbe448882a4bcfe486b1c0ceadea9df3e787af3a0531c923ab63a9b84aebee

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

MD5 4b3121a05808b99aa6e0cc12924f77db
SHA1 ee5805bb76c384d1e1667aea2976bd2f4f94c7cc
SHA256 e4fea32bac89d9ad34b13a25b0b4da1321920b2c6be2cabb75ff91bf6109152c
SHA512 9b83d55691b41d2a45a542d163c1b6a47208969720ec1fd15233f29ddcef2243e79895cfcb008767f91b3d1cf3a6288248e8b1ec50027eb96db04cde56cb2605

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c3cff714a2ce8689ee2dccb8571af91d
SHA1 9b48e775de1957fc1b71dfcb9d1f322d05190b61
SHA256 2aa085117103e4ff29f4f667529b53f98525c575d56e59689272231c67bd5391
SHA512 7a2686e52a69d194e227b6eb5c879d182a4b560cb160c92552173a6ff1aee49aa560681f369f7c31925d3d37b042bf85d2d5f3806208694e7b53fb9642ca57d4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 d742a5f8bde70b113cfca01ba4e8519f
SHA1 c64064c3ec398bcd7733a6d32498d5339b15a623
SHA256 ad4b44b273b089a23b94a2d995f9cdc1b180ee448888014f97303a0f488fe276
SHA512 816c9f57b7cb065871b2af4c924b61d727367b523825a4af4dc9d0e8cf2f12b87bfb33e0b05cc00f94942678c7a912502a9fc649e0ba159922edd407daef1af8