Malware Analysis Report

2025-04-03 14:22

Sample ID 241212-t7k8laslcm
Target e7509e4e327215dbe8de7b22039a639e_JaffaCakes118
SHA256 b82d29ee10181209c5e02e6fe11ca4ed4bef4a35120ab64d2fee20aac6616595
Tags
phishing socgholish discovery downloader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

b82d29ee10181209c5e02e6fe11ca4ed4bef4a35120ab64d2fee20aac6616595

Threat Level: Known bad

The file e7509e4e327215dbe8de7b22039a639e_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

phishing socgholish discovery downloader

SocGholish

Socgholish family

Detected phishing page

System Location Discovery: System Language Discovery

Browser Information Discovery

Modifies Internet Explorer settings

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-12 16:41

Signatures

Detected phishing page

phishing

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-12 16:41

Reported

2024-12-12 16:44

Platform

win7-20241010-en

Max time kernel

142s

Max time network

150s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\e7509e4e327215dbe8de7b22039a639e_JaffaCakes118.html

Signatures

SocGholish

downloader socgholish

Socgholish family

socgholish

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{033E9401-B8A8-11EF-80AB-7A300BFEC721} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "440183595" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\e7509e4e327215dbe8de7b22039a639e_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2368 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 farm5.static.flickr.com udp
US 8.8.8.8:53 farm4.static.flickr.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 img1.blogblog.com udp
US 8.8.8.8:53 synad2.nuffnang.com.my udp
US 8.8.8.8:53 i844.photobucket.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 referer.org udp
US 8.8.8.8:53 twitter.com udp
US 8.8.8.8:53 pipes.yahoo.com udp
US 8.8.8.8:53 kunoichi.info udp
US 8.8.8.8:53 www.kuizikel.com udp
US 8.8.8.8:53 pr.prchecker.info udp
US 8.8.8.8:53 s10.histats.com udp
US 8.8.8.8:53 feedjit.com udp
US 8.8.8.8:53 www.google.com udp
FR 52.84.172.83:80 farm4.static.flickr.com tcp
FR 52.84.172.83:80 farm4.static.flickr.com tcp
FR 52.84.172.83:80 farm4.static.flickr.com tcp
FR 216.58.214.169:80 img1.blogblog.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
FR 216.58.214.169:80 img1.blogblog.com tcp
FR 216.58.214.169:80 img1.blogblog.com tcp
FR 52.84.172.83:80 farm4.static.flickr.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
FR 216.58.214.169:80 img1.blogblog.com tcp
FR 216.58.214.169:80 img1.blogblog.com tcp
FR 52.84.172.83:80 farm4.static.flickr.com tcp
FR 216.58.214.169:80 img1.blogblog.com tcp
FR 52.84.172.83:80 farm4.static.flickr.com tcp
FR 216.58.215.33:80 2.bp.blogspot.com tcp
FR 52.84.172.83:80 farm4.static.flickr.com tcp
FR 216.58.215.33:80 2.bp.blogspot.com tcp
FR 52.84.172.83:80 farm4.static.flickr.com tcp
US 104.244.42.65:80 twitter.com tcp
US 104.244.42.65:80 twitter.com tcp
FR 142.250.201.162:80 pagead2.googlesyndication.com tcp
FR 142.250.201.162:80 pagead2.googlesyndication.com tcp
GB 13.224.81.90:80 i844.photobucket.com tcp
GB 13.224.81.90:80 i844.photobucket.com tcp
FR 216.58.214.169:80 img1.blogblog.com tcp
US 67.227.215.171:80 pr.prchecker.info tcp
US 67.227.215.171:80 pr.prchecker.info tcp
US 104.20.2.69:80 s10.histats.com tcp
US 104.20.2.69:80 s10.histats.com tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:80 www.google.com tcp
NL 190.2.139.23:80 kunoichi.info tcp
NL 190.2.139.23:80 kunoichi.info tcp
GB 13.224.81.90:443 i844.photobucket.com tcp
FR 52.84.172.83:443 farm4.static.flickr.com tcp
FR 52.84.172.83:443 farm4.static.flickr.com tcp
FR 52.84.172.83:443 farm4.static.flickr.com tcp
DE 64.190.63.222:80 referer.org tcp
DE 64.190.63.222:80 referer.org tcp
FR 52.84.172.83:443 farm4.static.flickr.com tcp
FR 52.84.172.83:443 farm4.static.flickr.com tcp
FR 52.84.172.83:443 farm4.static.flickr.com tcp
FR 52.84.172.83:443 farm4.static.flickr.com tcp
FR 216.58.214.169:443 img1.blogblog.com tcp
US 104.244.42.65:443 twitter.com tcp
US 104.244.42.65:443 twitter.com tcp
US 104.244.42.65:443 twitter.com tcp
US 104.244.42.65:443 twitter.com tcp
US 8.8.8.8:53 crt.rootg2.amazontrust.com udp
US 104.244.42.65:443 twitter.com tcp
US 8.8.8.8:53 crt.rootg2.amazontrust.com udp
FR 3.164.163.87:80 crt.rootg2.amazontrust.com tcp
US 104.244.42.65:443 twitter.com tcp
FR 3.164.163.87:80 crt.rootg2.amazontrust.com tcp
US 67.227.215.171:443 pr.prchecker.info tcp
FR 3.164.163.90:80 crt.rootg2.amazontrust.com tcp
FR 52.84.172.83:443 farm4.static.flickr.com tcp
US 104.244.42.65:443 twitter.com tcp
US 104.244.42.65:443 twitter.com tcp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.178.3:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
US 8.8.8.8:53 r10.o.lencr.org udp
GB 23.56.238.90:80 r10.o.lencr.org tcp
US 8.8.8.8:53 blog.kuizikel.com udp
US 8.8.8.8:53 www4.shoutmix.com udp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
FR 216.58.214.169:443 img1.blogblog.com tcp
FR 216.58.214.169:443 img1.blogblog.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
FR 142.250.179.99:443 ssl.gstatic.com tcp
FR 142.250.179.99:443 ssl.gstatic.com tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
US 8.8.8.8:53 www.microsoft.com udp
GB 23.46.73.244:80 www.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NT668XG4\4570062032_112786f013[1].htm

MD5 f5d40b7259645010f9a248858ad14178
SHA1 b3051d17a6ec8c9e166bf09a62b48261ab86957b
SHA256 7f5007068d2b56ea9735e2490d60cff2e72cae312024ac1f6c91158eba47d05d
SHA512 1e82bc2d067f726670b3e6054d73e57868f6e7c50eb979696bf927daeef699f2d8f8de201e8252b86b0e9f86dc69e5037fc9fa08ef6c271b033f29d4f0f4c1aa

C:\Users\Admin\AppData\Local\Temp\TarCF82.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\Local\Temp\CabCF83.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DABA17F5E36CBE65640DD2FE24F104E7

MD5 c6150925cfea5941ddc7ff2a0a506692
SHA1 9e99a48a9960b14926bb7f3b02e22da2b0ab7280
SHA256 28689b30e4c306aab53b027b29e36ad6dd1dcf4b953994482ca84bdc1ecac996
SHA512 b3bd41385d72148e03f453e76a45fcd2111a22eff3c7f1e78e41f6744735444e058144ed68af88654ee62b0f117949f35739daad6ad765b8cde1cff92ed2d00c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

MD5 eec96a36b08884f49ba34f6ef60d76ff
SHA1 8438e4d695a9a27feb1dc1b69ff30278499e33c0
SHA256 06f1d0acc2e9874d96a3df20f17dcdd20256e90169ece876b942100a965bd906
SHA512 51f3be95a1cee0503af0baf3128d7eab22cdac3e29c438dac0b6055b668176fe85381c8ef5b65e0d86de301cbef1a97d8e15f3cfd3341b4a3cbaf9defc9ef1bf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

MD5 55540a230bdab55187a841cfe1aa1545
SHA1 363e4734f757bdeb89868efe94907774a327695e
SHA256 d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512 c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DABA17F5E36CBE65640DD2FE24F104E7

MD5 845bd33695fe02874147271da12d276b
SHA1 cefa7278dff1d833483609cee39b3531a5d282d6
SHA256 752b2a860cae1aa599f2acaa6c9ede2e8b37094e5dce61a647dd916840347200
SHA512 1fb0f87046c896977c3b7ae96e2ba3a1a56e1679aa8a1740a8295967d7371f385005d8d241b7ca3f5fb9d175e6ed7cca33098a601cc343271daf221e11b49278

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4836e91eb60799b8e18cae0e0d42aaac
SHA1 4f94bad854df84a9a055d90c4dd9cc923a17a474
SHA256 7121ab8ec5d01bba3e57b5c3c738ef6fc31f0b5a99931e709cdfed8377e3c888
SHA512 2c19234f80966f9fad7a9a215011e20e3f58531a91f2bf2c948d3cd3ff6fb9ff8208c9a53cd9418e4a66ce8bac45819149ffe4eaac36a49dc4d1b045e6dcfef8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7d1a011644ac836a1cd6e3391dafa507
SHA1 52ac3b1a3e9f622bea1a581cb598be27e9af8461
SHA256 c81644308248c6740013c022691dc656584bf56f76c31b0bac9fd0bb0703bd88
SHA512 a0de053d0ce7b1dc2c57db747507503102f33168082f923b7ad98c403c6f853f32f19d6a321b6554bf6a77a63e2de7ae03c82ec95f537332adb1ab38b91ee9b7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 87a6b093f399e25a842f844e5e9d8710
SHA1 7f604b01afc678a54fd26a74d936b16e32551ba9
SHA256 dbe55e8630a0e09dd5650316e6aa2cbc1f34d4e04c18c28a5323ca8de61ac213
SHA512 68907b0b5b31ba34a32107c531b22029f4d5e10fd5c4df6feaff2b52dec1c0e6701284608ae4a40b6a58c23e6e5561810da93e12ac52cee3f2575bb7a1af21e9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dbea452272df1aa94625b19c66985019
SHA1 c03f821d43dbef51c51ec1f0c288bd7d261857bf
SHA256 711332940d53715982fa69e32a136c8923868c6e2fbbefda08b6069af33e828d
SHA512 3b3770ee6389e186f98869e36b63d5e7182c185919f63af4a2d2f53cb0ba41cd81ffda4b1ec27e4b7ed38b5d410c59f7433757eb4a25626063ea4b445cd54869

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 76472bacfd7bad3bb9e1402a66bbd9da
SHA1 ba61bcb80203a630f206706cdc42725c0893350f
SHA256 3fe31274c11f134d9a96386aa97e0787fc47cbbb5a91c31ea1e664632dc4c69c
SHA512 e72a670b27319698af90192f41194cedaa6144e7c00c7e19de16c912649c2ef0cfc33b9107af2e00327524be0b6629bf6c0019c9f3ef828f30951b13688d872a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 baaa21ff4bbd4640fc2a61dd8a63a444
SHA1 97369044fceb56f8795714e3faad3692d20b85d5
SHA256 8958a17d1ca6094dff2959621f368296f1b924f5b2939698ae0477fa67d07096
SHA512 f6ee92c0b37bc8c57301e0261fd6a67294d8d6269e9444efe5f1e0a0923f7420b823289580fdb12efcfe430da51c0ca35ccc831de143ee9c3d6f9363524f99ff

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7217923c4c1a488fa25335cde883430e
SHA1 0dd1cd4c491072ca6472457868020b45f3001f2c
SHA256 2b03ba4523d4b5815138dfe1b82e8ad3401745dd119fc37a74f090ddcf05a8c4
SHA512 1e8b85f63f75af2ffcfe00e0b2ce078ae45fdd77647945e6e3482184d941dad9c4fdfb9a5b2836ca1c766a6ae7a73bc17049953a756f8937329a0587e68ba67e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 abc03e59f77e977918ebd149298987a7
SHA1 84cb6c00d08a45e5fb55d26b7c86a96984e54fa1
SHA256 e51bbf52c77bee21589295f613212c58231ff76253feb60f741153436d4ba7b4
SHA512 d8ee71afadc471424102c014a120df4e30372097cd938fae8a6c386cbf733f748456914cf73295229e9daade3407ea45a16ff6beff934ce3313fe5f4829f5266

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1debb91f1bda83e9ea4c3c89d4929c9f
SHA1 a9c59c677acaeca40d11a2a7e7ccc9a0813ca0ef
SHA256 14bb6694e5324ddd77c6eb0e3f77b814647649691e254b299ce09acdb8193d22
SHA512 75c1bceff547b8e44a1d52274d085ba2f018ed06326b71a83b4e345bc85d240072d9312ac68b1a8e1b3aef04cdf021e9123509438aa445f1ab198a5e0feff8ee

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8b875bf5196af06df45e916b45f74674
SHA1 14d4c9b9faed083ac0cd2d403d9fc1ac1063c7f6
SHA256 1825935b9ae2b24d5f03a515ded8e316c5c2abf543503d1784cf8d0f6ea142d0
SHA512 b5ddb7472884e9452e882399f6a53e8535db93d86a761d5e010120c2833ecd24de6bedcc636f442ff396616c39a70144ec5a2548475d21df25d92a55acc0f890

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 af31ed941c9e8f6aa20a78dfe3d3b581
SHA1 c630454fa85463c6ab546fe0cab27d7ea002aed4
SHA256 587f71663d4370177e1602f958273ad85ec32c4334a3d899d8fb70c47d3f6109
SHA512 83b6448ae395913c8b85d4f27f0f931cb626e737b04c2209d1a51f26166d728c4aaeb240da720ce62ad725988ec7182d8bfd7a1999e3735ac6f5bdb5c259c4ef

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

MD5 ca22b24925d629641254dd8c30dacaa3
SHA1 3194cbce708f46d509d04cc2d4dbc7c47ca518f2
SHA256 6f9d4f78c423ae6e7aae08ae7c49f12713f9bd203d796f7ad759017a35010981
SHA512 737a25d724b0de590ed386337a4a82443cce6adcab40b85645ab6f7f245f8966307591e79cf5a7d0c4ea8516abd365b5b7678e38b8e2f382b5ce8874ce88c13f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

MD5 460367e478a0cccff982d1d7679a0946
SHA1 9626c92018ba4e6b93eecca53adae55c317200c6
SHA256 7490ee52cc557cae42876ab5d0937f9ebfabfd7398daeb9ca4161d152756a6aa
SHA512 1d42ef9ecc078a55e8178028b24bb5ecc0a0e14425de685643317476daf0dc1c6031b597acf4242bbb7cd7ec6f802b1432a3554f917a08ffee2c06940c79ebc7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

MD5 a03b4690b38140060d96d11c78591bd7
SHA1 ace420c78689d58cc5d0045d5bd5bc3126e3290f
SHA256 5ea5962a68b94ebe3377dc7e4ab92e5e3ae944a0922421de03469f13c6637283
SHA512 724ffda4649a57f1b6a3277a6e2ac9716a82791bd6f86aa741e4084351ba514b4982295abb11db7f04da90f2a3dabe0bd7a3952b3c0edce89b6498effa494b03

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

MD5 834e643f0ce22de4691f7f5c445a4f43
SHA1 1a00aac9e17ec843a9324facabb6885fde814121
SHA256 0909894dcfed2da6916d1cded6a3c5e9d6dec97ce39c00b39746d64a85774f27
SHA512 d602c64e642a087dfea38b9baf953c2d48528c1e5b0a36a867327d08198ffbf04bd1510d254d163ebb2a48073b14a22f7cc3700c906e7ffcf7360697c029475c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

MD5 6454f7766eeebd15bbd16033249aae39
SHA1 7709b9bbc8a300fe05399408eee78fe763d86a23
SHA256 3535dc5f8d3f7b097f23546b9355a7890d8168499e83d32806c486159a5123e5
SHA512 083e21237585df21bb0af45d3e45a50b6f2fa36073383d125247fcafdfa1bf223d8e0038784d34d5e97971f946c0895eebd1fcc7fca1f6cbb11e9edb333df4f6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

MD5 58ae4c1eaf1a69ec4dd45b0b8be06325
SHA1 7a3435be3bf8dd60bd000f635cbf1ca5858083d2
SHA256 107917d484659c6f50827aa89fe9823fe5bbcb1813606ee8425f27a01b33c988
SHA512 4166ee7d5c01ecf8dce6b5b653036e661b6782d65b670902272f6d33af5e8b90b162b108a67408294c34e15c7b69fd4dc78403f90baf89b1279e8b5fcee90b71

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_056B48C93C4964C2E64C0A8958238656

MD5 0f04ae9131693f3a11dab97997b140aa
SHA1 f91680e327b11042a54db1da2b21e7893586a271
SHA256 4664f2b2fe0bcca24674a0b505b1cab23161f3c84786fd8a6ae9b1356c59c613
SHA512 a61d8a188e4d759036e04f1e087e48cda5abd808c1b328056b76f26c748cd5b37db1c7ba727e6c69413c14f0199417dba34c2822f84acd1f8ccba9c5978d7428

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_056B48C93C4964C2E64C0A8958238656

MD5 47d6e73eb1d45597a8d7db6e4217963c
SHA1 3b4c34fc54d76f009c459289158c142a6c67aca9
SHA256 94d494cd55c14400b878de9ade92f26d60b0db2b79cfb5ab3244cffd7aa2b8db
SHA512 389efe575614256393436f347da6d116b423ecf700614a50b37aabcf406e7eb32e6015b245099d66facee42557c67f15a448f6f9d92d8f492e064eb2498a5b5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_056B48C93C4964C2E64C0A8958238656

MD5 b9f184967d31b3fff5176b8654ed9706
SHA1 234f6c5f2a5c2484abe9712a7d1d2ac958b6bcdf
SHA256 c2b318279c3af68d53729a6e800a7b652e8177703c68179ca3284c526449367a
SHA512 a701fba57cf804a260a044add801b020b7c353661b9610b2dea826a2c0360eae9dc4542f6d853227886688955e875b1ffcfcfb8783bab6fab83f79c84f4fbfa0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3d2ff6e35e36e8a83e52554c23255a2d
SHA1 b270fde7a4187c9a9fb140a51fbb419968af4b49
SHA256 13b20dbdbcd198e31f05a3fb4897a9e6eafd6b711220f550e2581ab073dffdf3
SHA512 cb0f37920dc1b8f88f0534499c96942e4b32d55d772d1dfdbf6317b83555b3960e31034a82b129afec23de6576c5670bea01df16ec09c0a71bf04c833c2863a8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 17fb52384872099e06cb325f61fdd097
SHA1 913dcfdbeee907ce1a4a34159801d5cde36b0d4d
SHA256 558e9e419f47125b70db7a021461146f77e75c6b126e58833c6a629f93c49c35
SHA512 fb46186ebb4ff832d8509abc2d18a08384cca790671ca344b53ee4f30cede6ecc1043a92e192885666473ab25fd86c01e0a662d1f86dff409d1dac3e4789b0ba

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8111ca6de70e8dd1650979fc0d624e03
SHA1 7ce15b1f1961dd01adb9dace0645aafd6006177c
SHA256 eed58005d5e0ec7cd8ffa30824175c4af6ae2a8696fb9b1f631249975ddd209d
SHA512 39eab7a0d280c27735956f254aa9f7f940c203d804ea65dbe779a1c9787695df2f85ca886c519c8b2111adeac786b30ee555c56f5152528a931749d7afebefe0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8cb0357eaf63dc7f006d1bb1553282b8
SHA1 f026522807fca52364213fd670724ac68719858a
SHA256 05e3daf4fe7bb837ca1d82800a0adf20c7fc77ae3d87a45a48dcdfa633299a3f
SHA512 ad32ec30177b7ee08a94e3e039b198571ccd3aaadc69abded645d43ec2542f3bf79adb57f25a9ba185b7af5c8c1432e024833b0d5638d378a933d7b01af69a38

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9b41b298c397946ee00737d989ca9b94
SHA1 be24e462916d8fa8bb6abdc64eec096fec109cb6
SHA256 ff8a7383c6b305655e1272741a0a2488d5d64bcfec007c60962a3f46b9de5df2
SHA512 cd3836c77f835ec9c8ff49852cfe3e9fba470713c2e08f334b9f396cd307d64852590bbcceb0f12e93dcc40149079cb46d1b5c46f6cab69a821cd38bf4900d5f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7663382716f41768a25586a6ebd9c02d
SHA1 78ea567ebe15cc840e8a28b73490a61cdc373f76
SHA256 cc3179f06ed27cffebeef437a0828d16601c7fd30ad4f4d88d5b78eba6df7412
SHA512 1de780ce8385f1c6b790e0efc7124b114980469264ab9c7704850a6a72ae2a53e24a43957c07b9fe028c8bbb76f01d3139bcf4a454642a962593f1bd48cf5b61

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cea804cda9851f273bc26973acd1060b
SHA1 118d0b54138ad028b819e84856df88fa8adc923e
SHA256 046e2d1cc162390b7d51c867d15862990120ec660a4bab84d245e1df2adca5b8
SHA512 3b1968062166862239696c141af9c4131b1c87f4ca232544efbbb97c43be36d99570301e198b66efa04b5d454fe5342e7b5234cd35e11f95ed6a9cf6ce2681f4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b6d08b22c96e0a9a20e1021fd12d3769
SHA1 57066638a3ad98e33247350f8d563757b50cdcf7
SHA256 a7917a93e15be942bc14c02c90cf085bcb3ef2463ce93a745e582f85e6934395
SHA512 a2f7dfcf07fda42872f8b0839d8afc804b00603594f3e93fe9e6574884ea0480ac68e48c3042c2dc2815b9adf335327f0f9fbfe1846744014768de3893463bc3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 f07c7416361047458bdfd0dc0763fe54
SHA1 eb096086b0ca8d99132e5feeaa17fc29b990c35f
SHA256 4f22754be666bf770b1b422b1373bff29cbc3076c7d2fac66bff2dcf4c263200
SHA512 ef6584c7b39a1d1d8e5cff2165f6c5a87cbef721907667b8fa3285c7dc4b7c75521ed36b69566afbd6c7ed7a84b884586808c5f191d52ada14d975a8da30e6a4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 16c60fe270c7cf65cf5de8ebcfba8687
SHA1 f235b03dc547f52eccc81052689c205b72212e9d
SHA256 5fe1b795dd0242b35e84324d4099721ce095c124fe958c350c502622ad1ce13a
SHA512 38bc1324438c4b3a3418de2c52a6a511c72906d31da4b585e84660905ada8e7034fe37ab2577e901c11f8975150e3de49abddc870d5b9c87d5924df7f1095a3a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 37a8c54c01182734e973a6a168be6077
SHA1 927ddcafd9ceb70befc268aa96426cf2024f2868
SHA256 518894267906c0cabf1065156baa9851bde12656e80e4fde0562b75e4a8dbe8a
SHA512 06a2961e0b7d7e52dcb66f6f986b72537aac382bc6c64dde5a05b0cc6c2e1835cdeb107401de5b5f27e71ac75616f8d05fcb72ac40d070d91d98ec21242d48f6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3208b072138fc2c6b66d4c33d98adae0
SHA1 170e791c9ae2dc9bd9fdeefe41c7aa178041d811
SHA256 0f9be75482bd4fac243a4a7a7f1ca6ea82f7bed3363a608733c4e9ff1d023389
SHA512 329d9c5fa6d04c921d906041271eeff0aebdc4c310d0590455915f712069c3d46bdad365923d0725fe41df2b937905805dd9bbc4789d612fb57d366dc977c7f3

Analysis: behavioral2

Detonation Overview

Submitted

2024-12-12 16:41

Reported

2024-12-12 16:44

Platform

win10v2004-20241007-en

Max time kernel

145s

Max time network

150s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\e7509e4e327215dbe8de7b22039a639e_JaffaCakes118.html

Signatures

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1488 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1488 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1488 wrote to memory of 3852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1488 wrote to memory of 3852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1488 wrote to memory of 3852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1488 wrote to memory of 3852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1488 wrote to memory of 3852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1488 wrote to memory of 3852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1488 wrote to memory of 3852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1488 wrote to memory of 3852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1488 wrote to memory of 3852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1488 wrote to memory of 3852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1488 wrote to memory of 3852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1488 wrote to memory of 3852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1488 wrote to memory of 3852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1488 wrote to memory of 3852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1488 wrote to memory of 3852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1488 wrote to memory of 3852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1488 wrote to memory of 3852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1488 wrote to memory of 3852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1488 wrote to memory of 3852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1488 wrote to memory of 3852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1488 wrote to memory of 3852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1488 wrote to memory of 3852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1488 wrote to memory of 3852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1488 wrote to memory of 3852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1488 wrote to memory of 3852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1488 wrote to memory of 3852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1488 wrote to memory of 3852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1488 wrote to memory of 3852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1488 wrote to memory of 3852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1488 wrote to memory of 3852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1488 wrote to memory of 3852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1488 wrote to memory of 3852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1488 wrote to memory of 3852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1488 wrote to memory of 3852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1488 wrote to memory of 3852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1488 wrote to memory of 3852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1488 wrote to memory of 3852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1488 wrote to memory of 3852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1488 wrote to memory of 3852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1488 wrote to memory of 3852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1488 wrote to memory of 1088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1488 wrote to memory of 1088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1488 wrote to memory of 3280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1488 wrote to memory of 3280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1488 wrote to memory of 3280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1488 wrote to memory of 3280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1488 wrote to memory of 3280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1488 wrote to memory of 3280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1488 wrote to memory of 3280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1488 wrote to memory of 3280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1488 wrote to memory of 3280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1488 wrote to memory of 3280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1488 wrote to memory of 3280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1488 wrote to memory of 3280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1488 wrote to memory of 3280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1488 wrote to memory of 3280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1488 wrote to memory of 3280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1488 wrote to memory of 3280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1488 wrote to memory of 3280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1488 wrote to memory of 3280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1488 wrote to memory of 3280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1488 wrote to memory of 3280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\e7509e4e327215dbe8de7b22039a639e_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8b7e846f8,0x7ff8b7e84708,0x7ff8b7e84718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,8701766977310043271,17778158214730447297,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,8701766977310043271,17778158214730447297,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,8701766977310043271,17778158214730447297,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1384 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,8701766977310043271,17778158214730447297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,8701766977310043271,17778158214730447297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,8701766977310043271,17778158214730447297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,8701766977310043271,17778158214730447297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,8701766977310043271,17778158214730447297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,8701766977310043271,17778158214730447297,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5612 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 www.blogger.com udp
FR 216.58.214.169:80 www.blogger.com tcp
FR 216.58.214.169:80 www.blogger.com tcp
US 8.8.8.8:53 synad2.nuffnang.com.my udp
US 8.8.8.8:53 referer.org udp
FR 216.58.214.169:443 www.blogger.com tcp
DE 64.190.63.222:80 referer.org tcp
DE 64.190.63.222:80 referer.org tcp
US 8.8.8.8:53 twitter.com udp
US 104.244.42.65:80 twitter.com tcp
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 169.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 222.63.190.64.in-addr.arpa udp
US 104.244.42.65:80 twitter.com tcp
FR 216.58.214.169:80 www.blogger.com tcp
FR 216.58.214.169:80 www.blogger.com tcp
US 8.8.8.8:53 blog.kuizikel.com udp
US 8.8.8.8:53 pipes.yahoo.com udp
US 8.8.8.8:53 kunoichi.info udp
US 8.8.8.8:53 www.kuizikel.com udp
US 8.8.8.8:53 s10.histats.com udp
US 8.8.8.8:53 feedjit.com udp
FR 142.250.201.162:80 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 farm4.static.flickr.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 i844.photobucket.com udp
US 8.8.8.8:53 www.google.com udp
US 104.20.3.69:80 s10.histats.com tcp
NL 190.2.139.23:80 kunoichi.info tcp
US 104.244.42.65:443 twitter.com tcp
FR 216.58.215.33:80 2.bp.blogspot.com tcp
GB 13.224.81.73:80 i844.photobucket.com tcp
US 8.8.8.8:53 img1.blogblog.com udp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:80 www.google.com tcp
US 8.8.8.8:53 farm5.static.flickr.com udp
FR 52.84.172.83:80 farm5.static.flickr.com tcp
FR 216.58.214.169:443 img1.blogblog.com udp
FR 216.58.214.169:80 img1.blogblog.com tcp
FR 52.84.172.83:80 farm5.static.flickr.com tcp
FR 52.84.172.83:80 farm5.static.flickr.com tcp
FR 52.84.172.83:80 farm5.static.flickr.com tcp
FR 52.84.172.83:80 farm5.static.flickr.com tcp
FR 52.84.172.83:443 farm5.static.flickr.com tcp
FR 52.84.172.83:80 farm5.static.flickr.com tcp
US 104.244.42.65:443 twitter.com tcp
FR 52.84.172.83:443 farm5.static.flickr.com tcp
FR 52.84.172.83:443 farm5.static.flickr.com tcp
FR 52.84.172.83:443 farm5.static.flickr.com tcp
FR 52.84.172.83:443 farm5.static.flickr.com tcp
US 8.8.8.8:53 www.linkwithin.com udp
FR 52.84.172.83:443 farm5.static.flickr.com tcp
FR 52.84.172.83:443 farm5.static.flickr.com tcp
GB 13.224.81.73:443 i844.photobucket.com tcp
US 8.8.8.8:53 crt.rootg2.amazontrust.com udp
US 8.8.8.8:53 pr.prchecker.info udp
SG 118.139.179.30:80 www.linkwithin.com tcp
FR 3.164.163.59:80 crt.rootg2.amazontrust.com tcp
FR 3.164.163.59:80 crt.rootg2.amazontrust.com tcp
US 67.227.215.171:80 pr.prchecker.info tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
FR 172.217.20.164:443 www.google.com tcp
US 8.8.8.8:53 x.com udp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 104.244.42.193:443 x.com tcp
US 104.244.42.193:443 x.com tcp
US 8.8.8.8:53 65.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 162.201.250.142.in-addr.arpa udp
US 8.8.8.8:53 69.3.20.104.in-addr.arpa udp
US 8.8.8.8:53 33.215.58.216.in-addr.arpa udp
US 8.8.8.8:53 23.139.2.190.in-addr.arpa udp
US 8.8.8.8:53 83.172.84.52.in-addr.arpa udp
US 8.8.8.8:53 164.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 195.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 73.81.224.13.in-addr.arpa udp
US 8.8.8.8:53 59.163.164.3.in-addr.arpa udp
US 8.8.8.8:53 95.173.251.142.in-addr.arpa udp
US 8.8.8.8:53 51.201.222.52.in-addr.arpa udp
US 8.8.8.8:53 171.215.227.67.in-addr.arpa udp
US 67.227.215.171:443 pr.prchecker.info tcp
US 8.8.8.8:53 www4.shoutmix.com udp
US 8.8.8.8:53 s4.histats.com udp
CA 149.56.240.127:443 s4.histats.com tcp
US 8.8.8.8:53 statinside.com udp
US 104.21.57.149:443 statinside.com tcp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
FR 172.217.18.202:443 ogads-pa.googleapis.com tcp
FR 216.58.214.162:443 googleads.g.doubleclick.net tcp
FR 142.250.179.78:443 apis.google.com tcp
FR 172.217.18.202:443 ogads-pa.googleapis.com udp
US 8.8.8.8:53 193.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 30.179.139.118.in-addr.arpa udp
US 8.8.8.8:53 163.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 127.240.56.149.in-addr.arpa udp
US 8.8.8.8:53 149.57.21.104.in-addr.arpa udp
US 8.8.8.8:53 202.18.217.172.in-addr.arpa udp
US 8.8.8.8:53 162.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 78.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
FR 216.58.214.174:443 play.google.com tcp
US 8.8.8.8:53 174.214.58.216.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 d22073dea53e79d9b824f27ac5e9813e
SHA1 6d8a7281241248431a1571e6ddc55798b01fa961
SHA256 86713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6
SHA512 97152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413

\??\pipe\LOCAL\crashpad_1488_MXLALNNZLVWVIPGJ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 bffcefacce25cd03f3d5c9446ddb903d
SHA1 8923f84aa86db316d2f5c122fe3874bbe26f3bab
SHA256 23e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405
SHA512 761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3796b53db6e6856e69c32c10e960f15a
SHA1 0cfd07ca98326addaacb3bda7907694970691b5a
SHA256 59161ef4836cffdd5b996a455473dbdc6eff80cf5b8fbe47744c1cdbaf762b28
SHA512 3af51f03dc4860dec2544e55680846e263ed78286282595160704496396fd1369637fc6786674449cfabd2e897e663a4942f189e0dd61000af5345dcc7d0813c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

MD5 a7ca906723ee3af6fe381d5f21859124
SHA1 aed328a48f0bff29c20e014316968d74cd837ec7
SHA256 bf38069d594bd6d4639adac88385f8e8d014a6506ad1c59139842e8d409317fe
SHA512 8c320d8216ffdeec20f46a701cfdf20111d840ea81004288bffbd6f8b73eb8b243c81911387e543ee74d5c2206797e73d79d01785a95b55c84258287ee9dd1a6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 10c95582c6dc6f1909e25a6f64b85f55
SHA1 b971bb82b03413aee5839ef228cc99b725345825
SHA256 8014e3603dfb7b5d826afe36efc1618e31c3c679c9c364b09e3853402915f547
SHA512 94e26602c687c4879a7cdad9ca8c586b932754c98e4f576e2fd87e4bafa28180b3a54181da029387c316ef121ddfe44246da2c05e0d90919dd98bf810cb994bb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d20a36e47aceab44fbddb7db221594bf
SHA1 b8d96a9a0300ed4f3c2a2e0de1b5cf2a96e33f66
SHA256 61c291373d6b5817f8b6cdca81633f909977d7148f780af931f34aff6055f81b
SHA512 8f0c0a35a2e9fda02d3bcf4f75ab03222b1fa7fbf5645230a3558988d91f777dc78e23a0b2f993e07ae72b87c405edc37c091e5ac06ca0fdba0c8b7b3afd5036

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 8562d1d4a1e27eceec5212388b26a53a
SHA1 21f70ed7ed886e82be08c73e76e39e72ae4b9a7a
SHA256 0a1b70ff2e11880f7f7c1e5cc39d4aa0b47a27aa2ed38cfca2b343c4cdf2deee
SHA512 a42a1392dd3ced02bff42ce680a637b3a641f74c131e69631ac5fe507aa2a7af8bd26c2abd5c063620c9e8cd502b7f32738b52da0b3c94a1e713cc167ad60634

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 206b504e7ddfb4c17d27ee4dc397c65b
SHA1 ad865c575ca891bb3d37e8e45935312bd56f693c
SHA256 50384ead382a181fbdbf185e7b25120aed6926a22b6850dfd1468501b009538a
SHA512 fe6a0231f7bbaab5e6fba30b3c192a14e6e283f19a30a5afbedc49039c80d557f320df0be153e2bd4d1b372dbcf921be09b582273d113f14897c2b8d68fd780b