Malware Analysis Report

2025-04-03 14:24

Sample ID 241214-p3gmdstqdp
Target eed7a454e530b4a01e858baeec510732_JaffaCakes118
SHA256 062bf094865566c71201fd0e9ad5533af69209b51e356f837f5a3fc63b2fd5d7
Tags
socgholish discovery downloader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

062bf094865566c71201fd0e9ad5533af69209b51e356f837f5a3fc63b2fd5d7

Threat Level: Known bad

The file eed7a454e530b4a01e858baeec510732_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

socgholish discovery downloader

Socgholish family

SocGholish

Browser Information Discovery

System Location Discovery: System Language Discovery

Suspicious behavior: EnumeratesProcesses

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates system info in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-14 12:51

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-14 12:51

Reported

2024-12-14 12:53

Platform

win7-20241023-en

Max time kernel

140s

Max time network

148s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\eed7a454e530b4a01e858baeec510732_JaffaCakes118.html

Signatures

SocGholish

downloader socgholish

Socgholish family

socgholish

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "440342532" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{14393C11-BA1A-11EF-AEB0-FA90541FC8D6} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a907cc1344750743988d8bab481dbfbf00000000020000000000106600000001000020000000d437f640d5253945e2edf3f7442c22bcdd690ee72a750f24241f9b28d7fc9f02000000000e80000000020000200000001e59db91a2d619f69739c82492e7eeb017da821af8558ab36a6967ff7313568690000000c2c63347163984827c5d6d8674d095253db388581986793aebbd63f60a9ccaccea1789c9641b1f20b1fe09b20c6250f108ac655c7baec22f023580e6a52188ee568570785f0ac8075475cb93025672eb632116cf133b4943eb400e5d5e1c7e205ea79411e617acd43ff0bd21e78ad248a77b673c38953917f99a51bf9d4a8f184877eb990c0aff0b02f98d77b7a20f5140000000f36af67f18bf0576c1613c41f3322aaa3af7214ae2e5c8450c5d1812603f004763a03715e0afed2d69d1cd1f7b0eafd3c009020ae8434d94a46d6230cf22b741 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0611cef264edb01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a907cc1344750743988d8bab481dbfbf00000000020000000000106600000001000020000000f64bd435cd7dbb3773f5b4c46ee23646b0e157373c930869c6140164ae5a6c30000000000e8000000002000020000000d015b7e794a76f87943f624677e469e6ae054f50c6602e185066f2d083d3d5d820000000de0c9c6ac0076ed9cd542e8faf803fafc006fb5013a7f821252a22d018c0b1724000000066ed2e4508f6eadebf54907b7c6cbce592393d265f382dce35b9dd66a6d17c9f2d8dbcb35022b9c5ab18e77d721bbb97c95b82d1316b5d7fab0f4d44ed6d4477 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\eed7a454e530b4a01e858baeec510732_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2404 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 bit.ly udp
US 8.8.8.8:53 scripts.chitika.net udp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 lh5.googleusercontent.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
US 8.8.8.8:53 lh6.googleusercontent.com udp
US 8.8.8.8:53 lh4.googleusercontent.com udp
US 8.8.8.8:53 apis.google.com udp
FR 216.58.214.169:443 www.blogger.com tcp
US 67.199.248.11:80 bit.ly tcp
FR 142.250.179.65:443 lh4.googleusercontent.com tcp
FR 142.250.179.65:443 lh4.googleusercontent.com tcp
FR 142.250.179.78:443 apis.google.com tcp
FR 216.58.214.169:443 www.blogger.com tcp
FR 142.250.179.65:443 lh4.googleusercontent.com tcp
FR 142.250.179.65:443 lh4.googleusercontent.com tcp
FR 216.58.214.169:443 www.blogger.com tcp
FR 216.58.214.169:443 www.blogger.com tcp
FR 142.250.179.65:443 lh4.googleusercontent.com tcp
US 67.199.248.11:80 bit.ly tcp
FR 142.250.179.78:443 apis.google.com tcp
FR 142.250.179.65:443 lh4.googleusercontent.com tcp
FR 142.250.179.65:443 lh4.googleusercontent.com tcp
FR 142.250.179.65:443 lh4.googleusercontent.com tcp
FR 142.250.179.65:443 lh4.googleusercontent.com tcp
FR 142.250.179.65:443 lh4.googleusercontent.com tcp
FR 142.250.179.65:443 lh4.googleusercontent.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
FR 3.162.38.122:80 scripts.chitika.net tcp
FR 3.162.38.122:80 scripts.chitika.net tcp
US 8.8.8.8:53 data3.whicdn.com udp
US 8.8.8.8:53 data3.whicdn.com udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
US 8.8.8.8:53 themes.googleusercontent.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
FR 142.250.179.65:80 themes.googleusercontent.com tcp
FR 142.250.179.65:80 themes.googleusercontent.com tcp
FR 142.250.179.65:80 themes.googleusercontent.com tcp
FR 142.250.179.65:80 themes.googleusercontent.com tcp
FR 142.250.179.65:80 themes.googleusercontent.com tcp
FR 216.58.215.33:80 4.bp.blogspot.com tcp
FR 216.58.215.33:80 4.bp.blogspot.com tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 3.162.38.122:443 scripts.chitika.net tcp
FR 3.162.38.122:443 scripts.chitika.net tcp
FR 3.162.38.122:443 scripts.chitika.net tcp
FR 3.162.38.122:443 scripts.chitika.net tcp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.221.35:80 www.facebook.com tcp
GB 157.240.221.35:80 www.facebook.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 www.google.com udp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
FR 216.58.214.169:443 resources.blogblog.com tcp
FR 216.58.214.169:443 resources.blogblog.com tcp
US 8.8.8.8:53 www.microsoft.com udp
GB 95.100.245.144:80 www.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 abdb730a06104969b7a660d11721e01f
SHA1 2332d561c62d52593e593a909e5dd30ea41686a2
SHA256 b7ab30778840a1088f6805c42b3950cd980f0b50a6f87a5f9cc9ca0946c8697e
SHA512 f2ee053cbb05f25e9a3cb2252d9e2ba891111bc39a132fbb891dd945bd25c27e5b1f255dc8a11f65273ba65c80e07e27c87ffcc5e1e30289406b8f279542fb03

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 e2c6c3189b65830e461f1df2480de2d3
SHA1 f4d759a2431f92e61b53beeab4403d54d56954b2
SHA256 62ece4dfbc5d5c905f46ab8fc77722b3624c8d3c8d9c25e6bf136541bf87fa60
SHA512 e3be67235e94db8928f3237ecac458aa1748f125865d73f17de6c3bbe694e5bceb352284c0e53c6c0b787c680bc9971f56a4f6af3e12cc6ea6e36b86d1ed15fb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

MD5 e935bc5762068caf3e24a2683b1b8a88
SHA1 82b70eb774c0756837fe8d7acbfeec05ecbf5463
SHA256 a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d
SHA512 bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C02877841121CC45139CB51404116B25_1866E19A9EA470E8F26D259D51C89BDC

MD5 309825480198111ff53be041837e2b1e
SHA1 6ab37f6840a7fab0dc4b126e6c1a5d5f2ca0b028
SHA256 65df77ab4de13e3c62a153e9d105878fcb5faef619194a4bea127a55000d8c52
SHA512 22051aff8da4af08c2f746c925a4457119835a538a8a6b5bfeb52dd61143bdbdeb47a671a3ae68a53f28ce4b4a1abd69f7b9eb32a9f6f2c20f50f619e142c40e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C02877841121CC45139CB51404116B25_1866E19A9EA470E8F26D259D51C89BDC

MD5 a0684de3cd4bde4104e2578a51bacb62
SHA1 f5e4750948be6c18ae32acdff5fab91b0c04566d
SHA256 fae3201a994589425f7858bde12e0eac3bac0dba57b0b4f3fe1da48c0c45180c
SHA512 2bc0012a8304e9771ceee29e0334bdad5ea732f54306cfe5ea1bfcbbc1955105b01bd3520ea7e557bfa326f800d2cb9ceb31994bed444b6cb019435710d4f7d4

C:\Users\Admin\AppData\Local\Temp\CabC0C2.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\TarC170.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c535abd7704a48ce7379f13893444f5b
SHA1 dc8b4c5710a419882594ea505a3536ed48cbceae
SHA256 96ea929b68b0a222007a522f6e3b3c9c7e1ceb91c28a5f52f529cb272a3ce11b
SHA512 7678bded595d58542f53789673c8644eff58efa9baa67f62b0b660e11933a333974ed2471185751d503d824dc51f3835367c862d504c042563edd5b9af4ef38f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 70e1980c32ed28b90886b038ccbb6fa8
SHA1 7a5e958fab30b902be25a4d1a3a057fde2831ab4
SHA256 3598c556ba336e4cda7936c8dcd3cd4c65647e9e8cc1f14680dd0c568dcc9c92
SHA512 46968d265dc3efcee14980bf337da75cc28f2620cfea2e54008218d7f228f176759b9c7b6ff3a3b1206cd9d2141ecdec4c5810f98a5cb159334321754b7f4f79

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ebd1a14fffa349b62fca3087a0b4fe21
SHA1 9772992febcdbdc670c4a2c03658be2dc8657263
SHA256 4913c7b4a7d285f707e9e2c4066abe0b2da5b9d6f203d27c5ce73d42976108bb
SHA512 00cd587f20d0395678cff7fc8eadf63203cd447c0bdd275e01c298a12cdb290dc3f14e75537bb76873ffabe6289a22a96532aff3c8eee02927bbe6e0877faa00

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ff03bac6ab2034bcfecd9fc3b01b0a6f
SHA1 fa01b6b6308ae5cdbaa449a87c6fdaa010101828
SHA256 10fe2dbbc1336c9a4a6d2dcc0a1bfe2eb8881a375e2e44cabcbd73604973ea3e
SHA512 aa218a931633aed256b6b742d817ecbe8e97d7aa1db1b85ece496c8b3f5f1f04da1af5c2893472182386482ed03bb048f9c65b540ea3f991008aebff4837753f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 64e9e4ce8cc3715c48b8f96a8cf40f1e
SHA1 b5ad790c445f09925d8ee07829845a87d64dd010
SHA256 ee37e0c0d56c5a6ad22ae5cbc776a0dc2caf275ac4551b7f2aeccb854e3476f0
SHA512 bcf1b864e7ab21a22e46a4f12f23a22568d2e4a2cbdf7f13df3a11863b73bd2316fd52fe8439e438f7017cbac9ad405ea9520c911a1693bffa7c6fea7a9bfe0a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0dde823e367173d40be35026c88b82a9
SHA1 bdc5394821a0f384c3c5f5e6c387de6a01c39e04
SHA256 a41e06e07b5a5184067bf8104d33cc908173ddf6f1d95be46bbfa0680e0fb302
SHA512 38bb9128af0b89cb8ccf96fc1f24e560d249c3999401577e2f0a57d841598943b0eaacdc5ec10728eba0e35f68827b9f55453b5ad5855c1a87f8187b81e0cb51

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1c6afa89d69618893812e5cb1f8a78fa
SHA1 5a0ef971932f708c405ed14a632cccec5a82d2ba
SHA256 4e8a9522bf428f40b30baf15281918d6481c274722bee3931715895b3db73a26
SHA512 1ffb28fa6292a05203d1f44fb33a544193b7451f057e5cbb5cf84922cf3db23b6529020bfdd39afcf9dac6f122de24d64ce14ea18f7589b742f582533f5f73f3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1eba34c52fc4adc125b2e3b052e2c210
SHA1 6613a334563f0af2634102c65e65f7e8613318c1
SHA256 77fecd28042222c741ed98c13446c332d4423b512bb286fa2656b84140960ea7
SHA512 156cb502f32493d4905d426b65538d917eb2ada5b503e66c348c48117c0952ff8cd79e69df025391cfa374f703e4e17d11aa859daed11df2182615d27e2cf91b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c9456c424b15df528bb89eb99116d0b1
SHA1 9c910431a286a52e99d81be5ea1dea8ca4e792c1
SHA256 eb8961e05716980c9e302433b3c02f4e9e605e65eac5eb8af9f803da3cb0fc44
SHA512 14641b9735f3441c3710ac3f9e5bf49797dfbe4209a917d5abe717772b7904cef50030bdb48d5fae0f756b812b22b30d0780d9e09a751e52b1ff6d78c36e9c9d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b63ade8a260a67b62a0d2bde170a9bef
SHA1 26bd19be016f8ed73367a4b935e5deb6934bce51
SHA256 d99b92204703d69876336b0deb507dd47b5f85ca97d21644b4e0b0f8dc86103f
SHA512 4a2b288d966eb18b6769fa410a6a05f0ba9bd4264009c44ea3c24cc0b6051b2103cb71a8c0314f7a7d270e49067aa489caf28c67e726b261627a06ad51cb5dd1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 103887cc9e0a141f839629c43a7fb038
SHA1 7d76edb901ff3c6aef2b3e35cd28c1f65a3cc247
SHA256 abb032875b658f92660ce7beee20aefcfa5ad3cab87a226e9290a98e6f098efc
SHA512 ce7ce9209b1b6663a155fcc7957f6c8594c380a3b51863bcf1402b9d34c1a10fbe7da402916639be6abc3c6b04c1d72518fed4b7198b6269d17ca5f403ee9e26

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 050de8e9ce5fecc0bf42b7568418ef4b
SHA1 41135194dd3988daff0179395ebd8593042f02ff
SHA256 b296b09205f91422bf0a6951edd0f4a20ff86713e6d4adae123ff10fbfed9e03
SHA512 fad90f4741d94940bcbef5266a440e1fdc6e18d6bc3a70bbffedd6619a7ec5f48fbd73289a7f2e986a387e06a7412cae6f8bd8a5cb2a80193ae4faad629bed07

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 d3c0b1e3d4376344af54266a1f195943
SHA1 0329670922dbd0783b7cc5d551ebecaa8786d86e
SHA256 e360cd05761d45fe9a4218f39d70b7e6871248b45297f9785da34ee013582cfd
SHA512 74281736d75ac868d0ec152b3439bbbc7fa7d7f055dba6808f562ff22b0e22a40a2349ee76619a228ef71cf06124226313d131a2fe657703e81c503485dd1412

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0190c41150a509fa86a16041dce6853c
SHA1 006ebc56314afe484fb14e2cdc1e70e794a3d0c6
SHA256 b79131adc1193a163411a3edc8872d2a3743a6eecafba9706a39e8c00480c195
SHA512 ce180e4b16ae955f188f642fad198107abbd10ce76facde57eea243c67f3365898659710b223968e5aeb7b30b0b2d60cf862a4b35d272889f9406f0badf5ace2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8ed03ac8d276662bc5d546641af9e32e
SHA1 292c0255c54a44d29b94271eef50bff8f248db32
SHA256 4b0d9e0434a7b60b4d1e87426b784f380f2af66eefb7e092e3827fde2023829a
SHA512 723c6fe3aa5eecda73d882c5d5c39f4124b7e48c0e75a3483a3fd54c7b3c9b34ad4c0a8a7d4239d3f48788b65f8e3e056c3f41cd7da8a9ef4e18bbbed6997aef

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5f5429bd01aa39c6e02db6368c7f7109
SHA1 953aa04adea8bd24b84624ddbf7a641fbda3b282
SHA256 7b30db0713db52c7d41895957319d85b711732d3979881510f6336211de5722b
SHA512 e757c23fb5465d361e9380082492e72a406ff5c45d5826b6da321884c57262fcff1715bb54d6b9645c8a5e6b9e2c22ab777bea381d248933e3e395b9b8fc2427

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1b24d661d3cc9754ec0b490c9a094cfd
SHA1 482b4c06f118ba7a585a20886bfd13a96e0d25a7
SHA256 e1bb037aaede00d8cc78dbe5eae58d202175a415c9590214c6e03d141e8e206b
SHA512 4bb68f388b83410b66cf208ac0d25ab73e4e2b04491760f6faca89cc0b97b3d6ad700be499f5e1fb2da720e1343ff2cd3e5f8281278b55b97d5d95bf06a102a9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 55282be91768f00f0b2e03d592cccef2
SHA1 e7b82959d402f9cb0228d9fd0414749526bd14e7
SHA256 325c17575f138035be36e73b1fe87c844a0b428ac66a7eb519ab18e4587291a5
SHA512 4a381e0e79e89d72eb81b3f47291b4c28046bf1e5c471436afe73fbc30fa4100d846c9e41d014052edc2487d7048a696bc5d8f308e2228cc7955c8bc0ab80600

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4dcb8219c8ae054ee1efa8ed076e1e35
SHA1 310248e39ea53edeb9380ffa84568296a5a2dd41
SHA256 d3b4f8b0fe2534a24f77b93c44562994918250d95c667ec2e14231bf3fd8b30f
SHA512 7f17ffbd57094d001a64fedb2c58ed8a9d6c4d9ef03b2fb8117f8de7ccfaa140638a4791835175e180f97eaff0f30a3b40a1022e067f826b8f607e14b69e9d7d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a3852eab78a07ac0adb1a976c50e1975
SHA1 ffdcd699bbdf545b97bce7f0df500a5bd2830f28
SHA256 0b67b59aeab911f02e71a47f3f441ddc27a98d8962839ce1d218baeaa50e3296
SHA512 03d6cddfff88bd8a251ecc9a0839caccffdb0c82d93b23fd3f6c053e5a2815fa48e70cc26b3bc61f41669edb5e41c3010f82152cd7e59c71be0399a65c80c78b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1f9e4afe105b42b819faf914d6edf036
SHA1 46458015e633e1641f6566e34a27cc3193b4ce22
SHA256 e3befc4a97d0752ed0c267facec5377af84282c1b0fe0de18686048d5dd8e22d
SHA512 2ec30042ee5ded85b4e7182802333e03e7acefb1445457f67e727a1440c92964ff1cc11c9922896497692287a3854b70ba388867eef33d6a5c113525aa41efa4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b156df2e077275ba49a6de7a6be82cbf
SHA1 3255a505ce3e100f0f6c84a3fad55d33768d3e71
SHA256 56b7adabaafe309c3606c19991ab450a4ff6f92c4ef4d05e008172105a11c87a
SHA512 44f8b85c7216befe6fd5133e54d5a46173eb3b6c49677d0ac5a20469e1410e2c178e81879eebeb3135951466bffe07f65e93112f0613e6d3d84f6f724bc949f9

Analysis: behavioral2

Detonation Overview

Submitted

2024-12-14 12:51

Reported

2024-12-14 12:53

Platform

win10v2004-20241007-en

Max time kernel

147s

Max time network

151s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\eed7a454e530b4a01e858baeec510732_JaffaCakes118.html

Signatures

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5048 wrote to memory of 1920 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5048 wrote to memory of 1920 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5048 wrote to memory of 1564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5048 wrote to memory of 1564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5048 wrote to memory of 1564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5048 wrote to memory of 1564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5048 wrote to memory of 1564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5048 wrote to memory of 1564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5048 wrote to memory of 1564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5048 wrote to memory of 1564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5048 wrote to memory of 1564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5048 wrote to memory of 1564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5048 wrote to memory of 1564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5048 wrote to memory of 1564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5048 wrote to memory of 1564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5048 wrote to memory of 1564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5048 wrote to memory of 1564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5048 wrote to memory of 1564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5048 wrote to memory of 1564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5048 wrote to memory of 1564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5048 wrote to memory of 1564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5048 wrote to memory of 1564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5048 wrote to memory of 1564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5048 wrote to memory of 1564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5048 wrote to memory of 1564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5048 wrote to memory of 1564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5048 wrote to memory of 1564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5048 wrote to memory of 1564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5048 wrote to memory of 1564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5048 wrote to memory of 1564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5048 wrote to memory of 1564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5048 wrote to memory of 1564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5048 wrote to memory of 1564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5048 wrote to memory of 1564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5048 wrote to memory of 1564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5048 wrote to memory of 1564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5048 wrote to memory of 1564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5048 wrote to memory of 1564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5048 wrote to memory of 1564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5048 wrote to memory of 1564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5048 wrote to memory of 1564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5048 wrote to memory of 1564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5048 wrote to memory of 3080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5048 wrote to memory of 3080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5048 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5048 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5048 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5048 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5048 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5048 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5048 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5048 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5048 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5048 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5048 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5048 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5048 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5048 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5048 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5048 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5048 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5048 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5048 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5048 wrote to memory of 5060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\eed7a454e530b4a01e858baeec510732_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffec00246f8,0x7ffec0024708,0x7ffec0024718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,4581601687180007076,17751054098378084635,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2184,4581601687180007076,17751054098378084635,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2184,4581601687180007076,17751054098378084635,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,4581601687180007076,17751054098378084635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,4581601687180007076,17751054098378084635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,4581601687180007076,17751054098378084635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1808 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,4581601687180007076,17751054098378084635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1856 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,4581601687180007076,17751054098378084635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,4581601687180007076,17751054098378084635,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4844 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,4581601687180007076,17751054098378084635,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5988 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,4581601687180007076,17751054098378084635,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5988 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,4581601687180007076,17751054098378084635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4640 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,4581601687180007076,17751054098378084635,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,4581601687180007076,17751054098378084635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5940 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,4581601687180007076,17751054098378084635,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 netdna.bootstrapcdn.com udp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 scripts.chitika.net udp
US 8.8.8.8:53 www.blogger.com udp
US 104.18.10.207:445 netdna.bootstrapcdn.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
FR 216.58.214.169:443 www.blogger.com tcp
FR 3.162.38.66:80 scripts.chitika.net tcp
FR 3.162.38.66:443 scripts.chitika.net tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 crt.rootg2.amazontrust.com udp
FR 3.164.163.90:80 crt.rootg2.amazontrust.com tcp
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 66.38.162.3.in-addr.arpa udp
US 8.8.8.8:53 169.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 30.179.139.118.in-addr.arpa udp
US 8.8.8.8:53 90.163.164.3.in-addr.arpa udp
FR 216.58.214.169:443 www.blogger.com udp
US 8.8.8.8:53 apis.google.com udp
FR 142.250.179.78:443 apis.google.com tcp
US 8.8.8.8:53 bit.ly udp
US 67.199.248.10:80 bit.ly tcp
US 104.18.11.207:445 netdna.bootstrapcdn.com tcp
US 8.8.8.8:53 netdna.bootstrapcdn.com udp
US 104.18.11.207:139 netdna.bootstrapcdn.com tcp
US 8.8.8.8:53 data3.whicdn.com udp
US 8.8.8.8:53 lh5.googleusercontent.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
FR 142.250.179.65:443 lh3.googleusercontent.com tcp
FR 142.250.179.65:443 lh3.googleusercontent.com tcp
US 8.8.8.8:53 38.201.222.52.in-addr.arpa udp
US 8.8.8.8:53 78.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 10.248.199.67.in-addr.arpa udp
US 8.8.8.8:53 lh6.googleusercontent.com udp
FR 142.250.179.65:443 lh6.googleusercontent.com udp
US 8.8.8.8:53 lh4.googleusercontent.com udp
US 8.8.8.8:53 65.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 code.jquery.com udp
US 151.101.130.137:445 code.jquery.com tcp
US 151.101.66.137:445 code.jquery.com tcp
US 151.101.194.137:445 code.jquery.com tcp
US 151.101.2.137:445 code.jquery.com tcp
US 8.8.8.8:53 110.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 code.jquery.com udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
FR 216.58.214.169:443 www.blogger.com udp
US 8.8.8.8:53 connect.facebook.net udp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 4.bp.blogspot.com udp
NL 157.240.201.15:445 connect.facebook.net tcp
US 8.8.8.8:53 themes.googleusercontent.com udp
FR 216.58.215.33:80 4.bp.blogspot.com tcp
FR 142.250.179.65:80 themes.googleusercontent.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 33.215.58.216.in-addr.arpa udp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 connect.facebook.net udp
SG 118.139.179.30:80 www.linkwithin.com tcp
NL 157.240.201.15:139 connect.facebook.net tcp
US 8.8.8.8:53 www.facebook.com udp
NL 157.240.201.35:445 www.facebook.com tcp
NL 157.240.201.35:80 www.facebook.com tcp
FR 142.250.179.78:443 apis.google.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 157.240.201.35:443 www.facebook.com tcp
US 8.8.8.8:53 35.201.240.157.in-addr.arpa udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 resources.blogblog.com udp
FR 172.217.20.164:443 www.google.com tcp
FR 216.58.214.169:443 resources.blogblog.com tcp
US 8.8.8.8:53 84.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 164.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 themes.googleusercontent.com udp
FR 142.250.179.65:445 themes.googleusercontent.com tcp
FR 142.250.179.65:139 themes.googleusercontent.com tcp
US 8.8.8.8:53 www.blogger.com udp
FR 216.58.214.169:445 www.blogger.com tcp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
FR 216.58.214.162:445 pagead2.googlesyndication.com tcp
FR 142.250.179.66:139 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 mileycyrusus.blogspot.com udp
FR 216.58.215.33:80 mileycyrusus.blogspot.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 d22073dea53e79d9b824f27ac5e9813e
SHA1 6d8a7281241248431a1571e6ddc55798b01fa961
SHA256 86713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6
SHA512 97152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413

\??\pipe\LOCAL\crashpad_5048_AQAUAHAYKNMGMDGR

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 bffcefacce25cd03f3d5c9446ddb903d
SHA1 8923f84aa86db316d2f5c122fe3874bbe26f3bab
SHA256 23e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405
SHA512 761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d379b596cef8c0b37467318bd2a8381c
SHA1 1ddf42cb32d61511215afc56d4d71ca649a8e139
SHA256 b1ba1fb7f1839f403c3a618b33c5c5e0e525bcdc829d5d37a91864fa4196ffaf
SHA512 1c5fccc1c297d5e020b8d21c3d208a5cd64bc1d69fc4030892f760b94d26ca84804062e86f0b1d514c1c88541bfd808c8d55793c6270877a31b5df641a51d687

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 936579ae02131f0dffb79b75ba9c55eb
SHA1 238168a1b52bac1bc7224c896f7d908fe7a65741
SHA256 ba96792b173df43c2bee069606476ea96672713119b6f329f697435e37dde73f
SHA512 ea6cea1c9c528206bc63ca91f0b86429afaff55334ac557099c7988c0f620311f0d341f4e78158ca6b4762e46b34013810253c29a8a0125ef10cca81a541a022

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 bf9cf486f470239ed2ec8a8dd974e4a1
SHA1 5b7d27b6072bb8acb696ab1f94afff1b67374235
SHA256 4e79e80c2455f25791169b9f302c96f8ca72febc949eae4a6a3e395d7ce5c2aa
SHA512 75bc3a6d4b4425705c7e24724a578ec4ec98e75b32efea9e377a32346bcb8ae63d6bc373c61a8be80196f39160181171263ce7c3ec5c8ad1a7c424d4921d5e55

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 428300ff7acc9aeb3f4eba784bb7a19d
SHA1 c76b46f5abe07abd7de80a5a75e54a6d177ba189
SHA256 42c224871c187d8bf81ff60c50fd46470575b3e5746e375f58eb9817dcd1a7c1
SHA512 d6e1191f6eaab198a76cb67741cd154b58f6661253717900132cf462476646a7c1fdf2ff7c0b98078f9b658209aedee3fea0c561ebc2163f4cc548793553b0f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 8a7b07dbcbeb582f6b2e32cbbe9f3259
SHA1 b338da9446b1fc8af7f123f0043dffb852e49a38
SHA256 dda80ec85c5d60b068dca5520bc9b72c592d0e1ac05626c97442442ba6212396
SHA512 1e6dbc78532ffe95f4bb1260ba4b57377c2cbb3953e2ed6d8fb266a6d21f4f69cc405e18337a8277d8460971a648c505d54bc87b420b3f35b939ef43e40512cd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe586abb.TMP

MD5 11c35392d9f3b17dfef409025d7b9d57
SHA1 2bdbb69872a4b04dd8e85517b91954d9c09af05a
SHA256 bf777871222d303f7be5c972d1b2d058e5a6c4973ac195f9cf006f653ffa201c
SHA512 6945eb4af16325dc9e5ad9ab8b32e174264e5c866f8688b681575a9f7983bfc3ff0961055b8ff9fd6110a9081ca7d1abdcf94620ae971e7e46206cc685734ea9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 07d7919795a891800480b7e75ea09995
SHA1 8bdf893edcb185005e9ad08117e54f74934849df
SHA256 618e14abd15feed600c88a9cc6e2404fc71e8fd82b699c0488600abf06c5cd88
SHA512 c2284f0b725e06efe4914b8340e9d3b0971c6ac955529daf6629358f85e8ee17b92e9ff856c09857fc7a9b815039462c06961634013ba1dfcb4ab71039c85077

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 535627b7535a983c0397d9b617eebaaa
SHA1 2d8f17613ca5ba09d64e8a7a6e07477892596960
SHA256 a578475450594ffa70f906f921141ac15b3c5bf6eace43fa82216b3ce6be2bb1
SHA512 d5998d5a20ff158b0921010c0e032d6fb538b754d52da04cb22d6746dec638e7a198953682df86f10cb02e8e53abbef35cd978500a791834e00e7bf8282e5af0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 02498a3ccf688dcd5939ac6669d6e1a7
SHA1 5ce81d7e833242ade69083c9c5d440bafed51c22
SHA256 7ffa1082594458326490ac53ff273eb8ced299fc5f36f8c139b3d075d76e2009
SHA512 12bb71b6c6cad5cd5ce3b9f61a316123e5a7f0fd8714afdfb4ac968402bc6959722b4403b9c4e49f22d09562b53cf7e20f483e4bcd5c2d4c2d7ad57e8024788a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 4b06da961dec9f975112d211b58c6c69
SHA1 728e950710668cb7c2c226a0888ecd32493be375
SHA256 31f2c7361e92b0869b038cc8f281011ffd41937f4fecd524a3182ac55ab5770e
SHA512 ef81c502a39345c9f4b2f0aebd2ea37e3b29dd73985151071705ac8798c5861ff46d4cf795b9b9a0add15a833da98a2dc1c1e567c7a82175fd040a11dc840058