Malware Analysis Report

2025-04-03 14:24

Sample ID 241214-tcqvlaxjdz
Target ef8c489aa69327094f8a8508af065451_JaffaCakes118
SHA256 dd5b4ab215e44263b79618777042999101fff36b954a987152d94679c6e8fc23
Tags
socgholish discovery downloader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

dd5b4ab215e44263b79618777042999101fff36b954a987152d94679c6e8fc23

Threat Level: Known bad

The file ef8c489aa69327094f8a8508af065451_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

socgholish discovery downloader

SocGholish

Socgholish family

Browser Information Discovery

System Location Discovery: System Language Discovery

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-14 15:55

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-14 15:55

Reported

2024-12-14 15:57

Platform

win7-20240903-en

Max time kernel

141s

Max time network

145s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\ef8c489aa69327094f8a8508af065451_JaffaCakes118.html

Signatures

SocGholish

downloader socgholish

Socgholish family

socgholish

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C62FC2E1-BA33-11EF-976E-62CAC36041A9} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "440353569" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\ef8c489aa69327094f8a8508af065451_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1680 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 www.intensedebate.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 www.bloglovin.com udp
US 8.8.8.8:53 ambassador-api.s3.amazonaws.com udp
US 8.8.8.8:53 www.bhcosmetics.com udp
US 8.8.8.8:53 ad.linksynergy.com udp
US 8.8.8.8:53 images.julep.com udp
US 8.8.8.8:53 images.brandbacker.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 greenlava-code.googlecode.com udp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
US 52.217.226.9:443 ambassador-api.s3.amazonaws.com tcp
US 52.217.226.9:443 ambassador-api.s3.amazonaws.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
FR 142.250.179.98:80 pagead2.googlesyndication.com tcp
FR 216.58.214.169:443 resources.blogblog.com tcp
US 192.0.123.246:80 www.intensedebate.com tcp
FR 142.250.179.98:80 pagead2.googlesyndication.com tcp
FR 216.58.214.169:443 resources.blogblog.com tcp
US 35.212.67.244:80 ad.linksynergy.com tcp
US 35.212.67.244:80 ad.linksynergy.com tcp
US 192.0.123.246:80 www.intensedebate.com tcp
US 35.212.67.244:80 ad.linksynergy.com tcp
FR 216.58.214.170:80 ajax.googleapis.com tcp
FR 216.58.214.170:80 ajax.googleapis.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
US 104.26.2.87:80 www.bloglovin.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
US 104.26.2.87:80 www.bloglovin.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 142.250.179.78:443 apis.google.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 142.250.179.78:443 apis.google.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.214.169:443 resources.blogblog.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.214.169:443 resources.blogblog.com tcp
FR 216.58.214.169:443 resources.blogblog.com tcp
NL 142.250.102.82:80 greenlava-code.googlecode.com tcp
NL 142.250.102.82:80 greenlava-code.googlecode.com tcp
US 104.26.13.230:80 images.brandbacker.com tcp
US 104.26.13.230:80 images.brandbacker.com tcp
US 104.21.52.129:80 www.bhcosmetics.com tcp
US 104.21.52.129:80 www.bhcosmetics.com tcp
FR 216.58.215.33:443 1.bp.blogspot.com tcp
US 104.26.2.87:443 www.bloglovin.com tcp
US 8.8.8.8:53 www.revolutionbeauty.com udp
US 104.19.147.50:443 www.revolutionbeauty.com tcp
US 104.19.147.50:443 www.revolutionbeauty.com tcp
US 35.212.67.244:443 ad.linksynergy.com tcp
US 35.212.67.244:443 ad.linksynergy.com tcp
US 35.212.67.244:443 ad.linksynergy.com tcp
US 8.8.8.8:53 c.pki.goog udp
FR 216.58.215.33:443 1.bp.blogspot.com tcp
US 192.0.123.246:443 www.intensedebate.com tcp
FR 216.58.215.33:443 1.bp.blogspot.com tcp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
US 216.239.32.178:80 www.google-analytics.com tcp
US 216.239.32.178:80 www.google-analytics.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 developers.google.com udp
FR 142.250.178.142:80 developers.google.com tcp
FR 142.250.178.142:80 developers.google.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
FR 142.250.179.99:443 ssl.gstatic.com tcp
FR 142.250.179.99:443 ssl.gstatic.com tcp
FR 142.250.178.142:443 developers.google.com tcp
US 8.8.8.8:53 ocsp.r2m01.amazontrust.com udp
US 8.8.8.8:53 ocsp.r2m01.amazontrust.com udp
FR 13.249.8.192:80 ocsp.r2m01.amazontrust.com tcp
FR 13.249.8.192:80 ocsp.r2m01.amazontrust.com tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 88.221.134.83:80 crl.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
GB 95.100.245.144:80 www.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab9F6D.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 abdb730a06104969b7a660d11721e01f
SHA1 2332d561c62d52593e593a909e5dd30ea41686a2
SHA256 b7ab30778840a1088f6805c42b3950cd980f0b50a6f87a5f9cc9ca0946c8697e
SHA512 f2ee053cbb05f25e9a3cb2252d9e2ba891111bc39a132fbb891dd945bd25c27e5b1f255dc8a11f65273ba65c80e07e27c87ffcc5e1e30289406b8f279542fb03

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 da6966ca5c666d8080197287588ef9cc
SHA1 1d563b68db87686022b0ba382dcb63179538a2fa
SHA256 11245dadbabc07be60b65a933d6e9447e1f59e4241548656dbfc6de17ead4e29
SHA512 70601b97200c59b58e7dac88c53b15807412023cece909987c05801d248bc144c8572b149b8f6d1f15dc6fae7a341e24cb202acaca93e240211ccd5fc710d9f1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

MD5 e935bc5762068caf3e24a2683b1b8a88
SHA1 82b70eb774c0756837fe8d7acbfeec05ecbf5463
SHA256 a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d
SHA512 bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 b6cd25a3817b0b541a53d36d46523c1b
SHA1 432cea1820281f91b96960780613157e98e129ab
SHA256 9d2303a292e76376d4e1e46f50821b44c8983347367fb37729888b73a9535105
SHA512 dcdfbafc58882d407be36e178aa75325dac46de076b5cf291c8000244bfdeb4a68d0225913eca436e7a6b67b1a5855f18fc6db529d8caf38a7ec377ec8e64f86

C:\Users\Admin\AppData\Local\Temp\TarA02D.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 41b4b7860bdce6d63305d704416e3933
SHA1 c4bf2040d1731929ff13752ce867ee7caa7c603f
SHA256 37bafcc9343b05a75c747bf07a70657433c1d9a09e2264f1bbb45819128804b1
SHA512 b6030730d9525f538d8343dd291347a267040bd267bf283da9aec830e3eb94608dd83ae11474facd9ffb1128d36c984e58d9383f3fa22ab9da2dbd51576cf5fa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7acbf08fea839ebabec161305de475b9
SHA1 8176ee220e9c7e11b4df522a091921074307a599
SHA256 d93ccabd93233471edbaf494a863aed48c5a4eb47e5ba5e55cd603f6d74918ce
SHA512 50388ce65c1e4b52a08171055f415537d5b2ba64851f5c6d28ecd52728c64ebd92cf39c3178ec911034a79bd432701330a7b6f6ab62a1e63c8551231797bab6b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7ebe756ca424a389f874fd79c5228c86
SHA1 0be61966bfda314d8f712a13fc77c5dbde10028a
SHA256 a1ac07f4431c9f8c389a8c80dec6ed2f9f852d03beefece0797f92dfb1522743
SHA512 63ea673a79718472beb0d350dbfa0b55c7c52538c2e625b2f966087edabd5bb7c53ef1e83f0498dc198857c089ec3b538b77a5f3cc969bd0177dcb60284b9c12

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0968A1E3A40D2582E7FD463BAEB59CD

MD5 285ec909c4ab0d2d57f5086b225799aa
SHA1 d89e3bd43d5d909b47a18977aa9d5ce36cee184c
SHA256 68b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b
SHA512 4cf305b95f94c7a9504c53c7f2dc8068e647a326d95976b7f4d80433b2284506fc5e3bb9a80a4e9a9889540bbf92908dd39ee4eb25f2566fe9ab37b4dc9a7c09

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0968A1E3A40D2582E7FD463BAEB59CD

MD5 824eeb632d548407964f626e707aee77
SHA1 b70e86ca220a947de760084bac52518d7b1a141d
SHA256 ef541af44dc809bcb6ade8e15d9595d14900d784e9f3a95da3c5b9662f1e8794
SHA512 590417e880401afb086f95a361c97492045f2491f85e0f84884c2532a612b08cd878f44cba5126d2549762eb3301faba75280c43625dfa97edde5c0dbfd847fd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

MD5 876bf84fc770a0f1107bcad5ffd2e1de
SHA1 2f4042fc8da15e416e2e3d132646e4b7dcbebbae
SHA256 d4f8446d1217c58878c92bbffab4e6e424249eb41c6e39cd39f8639fbf830115
SHA512 48cbfd61e1fc40b7c3d0f901c42d95437001751727b39d4cac4bef0b64bf271eb0c1cb9f3f4424defb007c3c37fdf7189f481c38a7806658bd98a175912a908a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

MD5 55540a230bdab55187a841cfe1aa1545
SHA1 363e4734f757bdeb89868efe94907774a327695e
SHA256 d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512 c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0d8f6264f2ff405b0da4731deac703f0
SHA1 30fdc76ab8d20735ca552fa4ab690fef501f1099
SHA256 2fcaf9e33b9f6093f8e6e710f6e4287b93210cf6fe2fb3d791cfd10d1265cf70
SHA512 1703a3fcf7c63fb4a0a542af824bb1b9dbabc0c676dd2cb053c2928e3e784d642e69a78a18d424736531c72be586f4a9d84ac3fec0c8b825102fa681d97e66bc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 26b9b69031dc0ca79c70233d90049e1c
SHA1 904057a19e3176bbf877a977351d512b64985a1b
SHA256 cb968e7577e5aded027eb05703cad5f05d5fbf1bd9ba6356e3cbbf950c2526b4
SHA512 d3c3689982fb65e28161c1e4e32d5d6000acb92024ed38c27e3bc7c497d441c04d6de03d65c5dbf7a37ad54e7bc28410e3f10ca5c91396a95be3194c2885baff

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 334f47bf8de168af1516f28da1cfb755
SHA1 e87bc3caea432c836b0bb407dc3451954a2a91fe
SHA256 d6d568ff18cc0cd0247fbef09a47e60a81af51b7596ab8199e13cf8f6e042a5f
SHA512 7dacf31c2ba825c21885f26839b7eaade088e8e0e81167d292d2bd3b380d50c22ecb5b7cc230e17444fb677571bd12777c0b638968ee5d2cacf1f06a24cb544d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e45400de48ec10079c3cf0abe910d772
SHA1 6bed609900fad6fb30604c127d4cda36183c6b12
SHA256 67b10c5015491d3b0521f1b2ed5c8cba2ece886647cb9e2bcf02e0a947b1701c
SHA512 bbaaa4f3ec234a499f0060b76f9d47d7008298f2f50b2de0f9814efa83faafc3910e82ac21905f855a504ebc7b4a28317ee77b97b89e5b86364a83d957b01ec7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E

MD5 c880206fa21fe7f383888d8ebb9c4df3
SHA1 2d8ea6d5c6f9f6d8b6bff1b77f05bd03a2a195f3
SHA256 4d3e4db91f79127555c6d6b031daa1d9cc29cce491d48bf0a9b561ac929084b9
SHA512 1f524c86f014cb049c26dabd42e68e6ba983ad2e45353ee71a3a87c23b28b823614846418ae87f79419bd4da0d731ca30790df4ef1a62bcb902c28d04a118e27

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 84363e04bad2abf0513a229b73e239c1
SHA1 ff31acdb57f7a3d668546659e9ac8a86350f938a
SHA256 024da3cf0bed10b96ecdb069eca6fecca68e4d55dc3e15437fa2d2945f2ff6fb
SHA512 6d6efacffc96bd26375e536fe4e1f04ec494a65871a5dbda1512780781d8962b60cd2e06150c83a94af9199ae29450d2fd8fab0e6573c733be75a3091d0eb4ac

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1f2bed0be74964271c95bd5cda10a80d
SHA1 b2f9ef60decdcd3cf1d97a6a7bb9bc351f13cf34
SHA256 c2b6f8dfbb9902b7d8ecdd203946cc34096061cef1162131ae4f0ade4b62d9b8
SHA512 fddaefb014961b05ac0c94c4746ae4063925ef3ed18fd928a363b50c7bcfccd0a8c6b0df980862d30546e317888f2f9c3a8e633ee28388a330aa0bc9832091fa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0058ecfb49d040e613782784be0c0c84
SHA1 da3e701ec3836a92f1b2ec2a6978f076c87aadf3
SHA256 74209ff357b42b35d4f4184dcd12cdaac0f77976ba251899da4c8a5feabfefed
SHA512 fafadf6a573b86a43b4e6c68bb1104a48b3fd55c52bbadbf183b4e19dcf1dd130a2f344ce5f2903ff89b7a075462473afcbb706dd3234c04afb9d0c678cb1a7d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 825751e92159ddc1ad1abb30ceae7b7f
SHA1 fca6166a55f33c0e41c5ed0ef8758dd9b87f3a6c
SHA256 582b66a5f16e9f97c201ffc579b1c7ad7f5b479ed764606ed3d721ed43db8f12
SHA512 1af16bfa444b737c1fb102a971e6f2fc947032c610c81ee834862cdf73a34e3909ddb7d65bbfb5b28f50c3d89a2c5c5788c54c80c63cfa34d3a08718104ed121

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 32730fa853ef9abc9f168f08224a9cea
SHA1 15641b0488f71df4f56ec6daad8a3e403aad3188
SHA256 3ca1f38e2678d18797663d234bceefc7733e88a6389dde1f2f01a74835a8a210
SHA512 281661d8c7c3b1a7148a9aa10d16ca71b7bc6e466da8b874b3bdcc3a703522998eb43413d3a09661abe9a234c4e327e26d1f135e003515a0e55de9277c68760e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dcce4305710ad3c7fab394afdab91276
SHA1 1b38570a99299a202dd38b0e0f4be8f6ea7c1169
SHA256 430caeb926e3eb3090032fd8d000f5bcc93846d10898d613a72ab0fb6a2f7161
SHA512 3bd706740ad760dabb36c63a4c39c93f85221bdd4500af43a5e9f1d563afc26cbcafdf7046259dd78b73c0433d1d0ef00a9716bb9f539db0caea89f7a0bc1d3c

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZOGPI1N2\plusone[1].js

MD5 3c91ec4a05ec32f698b60dc011298dd8
SHA1 f10f0516a67aaf4590d49159cf9d36312653a55e
SHA256 96b335b41362fd966c7e5e547db375ef0be7dcb2aec66bf3646782eeaed4b2cf
SHA512 05345e754b39e9f83514bc3e14b52f3cbf321738fd7d973da55db99035b11b4152fedce2c203eb34376cc9e18571db514ff9fbcb4174a2dd7cca7e439cd25944

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1fe9b710447f10bfe3241fb8a9dd5ab2
SHA1 078f2c9ed150cedc3220481880110af3fc4c1e63
SHA256 b2733fc513b93af6d95bda656abebe33e467c52438752dae7a2accd109325f97
SHA512 89dcc61ad84accc208d144e1ebaca8a515778d5a05430e87e125d895dfdc50de529ef3cf64fa60c06e639171b6792b0ba946b0acbc47c0112a1e586471b3f3ea

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d72352d3a6d093cad665202f3e56ff38
SHA1 84a8dcb42e153d2ba38f14b1e05746010a34aa65
SHA256 a97eac18cb5668fc7af7b3a1b293690602ba0489066ccff09bef30b7f09a7e34
SHA512 c52e5d61af323b6af7bc6b9271fbb40c5d5b09f3ede22f46dd4202571209918ac80fec9a8a46cbd902605e488b7764e5fd69253ce12e81da87d46ad8ee8b5c38

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 68d00d073c984a6d0bd33b1e1c2be86e
SHA1 0632451e52cd6998366ce566a755d556b6a871f8
SHA256 bca8404f43c40631b08999a8e9b7759789470868e4ae3c138edc5fe57a8e2391
SHA512 518a9b36a6c9d4b66fef44b220f20875fc47c181eafb986fe7cdc63e6c88a66d8dc638a58debc18288bba285574aff0b51488da19bed0bf976506303e1731c99

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0cf62119e8224728fd76e422bb743973
SHA1 dc012ae43d871861875a406db792eb4543af1483
SHA256 c5da2b573a6ef58ae11de18e0bcdbfcb011473f56474e3202a5fe38269517d2f
SHA512 0792bd0d88d4c0c4119e7502102570876f06e433627db5916aa3da4b4162401144985abd024b58ec07da798fe658c6f70e9c753541d6a29205b023881acb0919

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c8b4c80670598746cff889756ac23fbe
SHA1 24729a93691d053ad619aa2160955366c8783c17
SHA256 ee88dce39fbddf34a2499152e2c23911643ccc5622f498971ac43314d52cbfba
SHA512 83a3179432a194aac8fbb16ca802748a546f53389fcc6798fe4b42fab674cf8ea22ecb5be4d57cd225b8daed7a91cf4d4db746599951c67abbd53b3a451a7783

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 6bf066d07415003b248ec37473f0af1b
SHA1 9028ba1d17d18a17996c8b7ea13e44a91938a876
SHA256 7d46406a910d840c1e222e74248681c383595eff94f36a134cc3ad8f218e0462
SHA512 077dd664c0aebd589310b2ab66a413873335f31682ffab57dec7871bd39c8ff1eeb3d4e14e1a9f7387cd64028049cd0066f8cb04cb427de0d456bdb3bc14d359

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4e23af14794200a18dd5dff594e7bfd0
SHA1 29cd7ec5db147c5ef42002c1aff454c3f6413b66
SHA256 d6e332db270543f3bbf831bc6f81e09d481b0d199acfe0f3e140179961972734
SHA512 827f523d3edcacb000035f9bd92b3dbc54cfe15fbad0b684dfa17cde8b75092ec355e1c3622abd85a36fd90885156c2a8f08277d6bc1eb2db46e9161db0db67a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f47e6b74ec0eb5f7049b5c0557e97850
SHA1 1f5ba39c0ff5782c14dc73c4537892de1416ceb8
SHA256 82395b745ca9bdcc98ee2d66ae9d5e62c0dddb0784f84d16a3edffa448e9146a
SHA512 838a87a116323544da91225ee1d92fb2fed62a92d2f92ea997ff35a6711ed905cc86c8ae62ff52d78ec11c3f940351102920b68e1c66e2cc6368c0968286a35a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8f2bb51216485ddc236c4af424bdcd07
SHA1 e0c616d1247cf659cf250d532fcbda9042079473
SHA256 0147d07be359ff2f3a93d4061be49914b6907aeef660dba24e5958fe8c5b04b0
SHA512 b29a36d179842e32cc8c7a3559b282d18aa3b1ec9d550584443e926f4edb6301ef3def634b8ccf52aa8b2972530f919ef6b4fedf1087f4dda31acc69f62d30b8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8c82e47a814971ef9ebbccd919a11653
SHA1 a5fd3ff2dcddbf98102f85707f5b70cd1cdbcdab
SHA256 2b15dcf0d1c81b684c5a5332a8efd00103b57dbe56149598b3a470ef5896b346
SHA512 512716887994ee536755b49ec5d98c4eeb95eff840d4f39aac796ac53a2252cac7c0b938eb980fc38042b2cf085c2204fe40c2d0b1a0e2d5178619deb2226a28

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a7e5cb225321f919877caa74387627f0
SHA1 8bafdc59cb46ec14a15c4f861a322408d075af29
SHA256 236ba8693c39f2ad5e8677cbfb8588bee5fdac2fffc1a6f94059714c64d42fa6
SHA512 eee6e4ad4578e285a6be4160a6b940ad14d0a0661d672b283201c34499fc99c889d703c86a49979963311f883df358166cb29d5bbcab85efa230ecffad978509

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f8dcf884b11b863e0a7fd63e002330c8
SHA1 b1eca708546b192b1f7ba46bde7b69387a8a054d
SHA256 d7afd601cab037e59b134aae52b838c45742e4367a6a3d0f4f4ea443f5e8230b
SHA512 c86af283fea82f29177ccd5cd589c1620fb3c52d215d5f48dab00c1d32adb961869387187fe0ffb405c5771b2fcc8e36de8a587f035d6ae73d5592cd0711c624

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 d038bed6892e8efd3d78bab5486f2ef8
SHA1 ac23681c180bf36308142b77c7f34911c32c5752
SHA256 99b33bcc6387d70fd045b689acf233edec265f7c58a97c50703c34afde5f8a8b
SHA512 5d7abcacabbdeef72d748a0dd0613028604e806a3028da3079ca32d6c4caf45919a2ad4a4dd1b481cd7d0cc9fe96b2ad37dbd1f7840e7782ce6711e104176321

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0611c873e37ecc872ab84a8652c71cd5
SHA1 0cd78ba5bddff12665defaf79d63ed3fdd18e5fe
SHA256 36c5c275564b32f47c63a93ebc7406c0b52e0f7886d1ee90fe7d2d4283802c82
SHA512 d94a527e62842f4d0ab5756262811f2ec1c9bba5737df1cb5d51d9f5fdd6a6a8eb7314f7021c6a2bd1295a84a4a7b0283e7900e64721357a0e7191272cc2f23e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 72987882dcde6a98e3e61503d163c2d3
SHA1 1888eb372c22f1a56fc6e087098f173b7394e959
SHA256 fc79112468dd5ff7157b9444849889601dfe9e9db426c6d9ff93e39eacbb2f1b
SHA512 a5f653493a0b268a66696c5b4a62be7c9300f9bcd1dce11df839989417e1ec5b7e2d4ce9a13ed6abd2d63ef7989d56a5eb09a9516b8e72108325f9d1504a89df

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4c0f4f59110d826270e9e8e616f588d5
SHA1 77276512e5155fa5411bef4fb653c0df298c34b2
SHA256 a97bde1ee20d595306c1ccfcc55c5757cd74f40e7abe5e969df24d981bff44ba
SHA512 83a0069d1ffbfda45085d479ddd54f2bd45dcf44e66c0b6a772421f6e9469a99c830684ffdf915ef40c389e83d2b5f63ab70a3f8bdda819798dbbefc231b47b7

Analysis: behavioral2

Detonation Overview

Submitted

2024-12-14 15:55

Reported

2024-12-14 15:57

Platform

win10v2004-20241007-en

Max time kernel

145s

Max time network

142s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\ef8c489aa69327094f8a8508af065451_JaffaCakes118.html

Signatures

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4496 wrote to memory of 4948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4496 wrote to memory of 4948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4496 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4496 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4496 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4496 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4496 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4496 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4496 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4496 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4496 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4496 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4496 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4496 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4496 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4496 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4496 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4496 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4496 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4496 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4496 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4496 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4496 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4496 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4496 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4496 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4496 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4496 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4496 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4496 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4496 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4496 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4496 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4496 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4496 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4496 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4496 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4496 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4496 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4496 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4496 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4496 wrote to memory of 2024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4496 wrote to memory of 2604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4496 wrote to memory of 2604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4496 wrote to memory of 1648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4496 wrote to memory of 1648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4496 wrote to memory of 1648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4496 wrote to memory of 1648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4496 wrote to memory of 1648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4496 wrote to memory of 1648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4496 wrote to memory of 1648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4496 wrote to memory of 1648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4496 wrote to memory of 1648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4496 wrote to memory of 1648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4496 wrote to memory of 1648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4496 wrote to memory of 1648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4496 wrote to memory of 1648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4496 wrote to memory of 1648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4496 wrote to memory of 1648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4496 wrote to memory of 1648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4496 wrote to memory of 1648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4496 wrote to memory of 1648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4496 wrote to memory of 1648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4496 wrote to memory of 1648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\ef8c489aa69327094f8a8508af065451_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xbc,0x108,0x7ff8bb5446f8,0x7ff8bb544708,0x7ff8bb544718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,942400955952365052,3342154232126106346,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,942400955952365052,3342154232126106346,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,942400955952365052,3342154232126106346,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,942400955952365052,3342154232126106346,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,942400955952365052,3342154232126106346,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,942400955952365052,3342154232126106346,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,942400955952365052,3342154232126106346,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,942400955952365052,3342154232126106346,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2244 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 www.intensedebate.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 static.ebates.ca udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
FR 142.250.179.66:80 pagead2.googlesyndication.com tcp
FR 142.250.179.78:443 apis.google.com tcp
US 192.0.123.246:80 www.intensedebate.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
FR 216.58.214.169:443 resources.blogblog.com tcp
FR 216.58.215.33:80 4.bp.blogspot.com tcp
FR 216.58.215.33:80 4.bp.blogspot.com tcp
FR 216.58.215.33:80 4.bp.blogspot.com tcp
FR 216.58.215.33:80 4.bp.blogspot.com tcp
FR 216.58.215.33:80 4.bp.blogspot.com tcp
FR 216.58.215.33:80 4.bp.blogspot.com tcp
FR 216.58.214.169:443 resources.blogblog.com tcp
DE 104.102.6.54:445 static.ebates.ca tcp
US 192.0.123.246:80 www.intensedebate.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
FR 216.58.215.33:80 4.bp.blogspot.com tcp
US 8.8.8.8:53 1.bp.blogspot.com udp
FR 142.250.179.78:443 apis.google.com udp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
US 8.8.8.8:53 images.brandbacker.com udp
US 8.8.8.8:53 20.49.80.91.in-addr.arpa udp
US 8.8.8.8:53 78.242.123.52.in-addr.arpa udp
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 66.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 78.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 33.215.58.216.in-addr.arpa udp
US 8.8.8.8:53 169.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 246.123.0.192.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 30.179.139.118.in-addr.arpa udp
US 192.0.123.246:443 www.intensedebate.com tcp
US 104.26.12.230:80 images.brandbacker.com tcp
FR 216.58.214.169:443 resources.blogblog.com udp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.214.169:443 resources.blogblog.com udp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
US 8.8.8.8:53 230.12.26.104.in-addr.arpa udp
US 8.8.8.8:53 www.bloglovin.com udp
US 8.8.8.8:53 ambassador-api.s3.amazonaws.com udp
US 104.26.3.87:80 www.bloglovin.com tcp
US 54.231.193.161:443 ambassador-api.s3.amazonaws.com tcp
US 8.8.8.8:53 www.bhcosmetics.com udp
US 172.67.199.136:80 www.bhcosmetics.com tcp
US 104.26.3.87:443 www.bloglovin.com tcp
US 54.231.193.161:443 ambassador-api.s3.amazonaws.com tcp
US 8.8.8.8:53 ad.linksynergy.com udp
FR 216.58.215.33:443 1.bp.blogspot.com tcp
FR 216.58.215.33:443 1.bp.blogspot.com tcp
US 35.212.79.71:80 ad.linksynergy.com tcp
US 35.212.79.71:80 ad.linksynergy.com tcp
US 35.212.79.71:80 ad.linksynergy.com tcp
US 8.8.8.8:53 www.revolutionbeauty.com udp
FR 216.58.215.33:443 1.bp.blogspot.com tcp
US 104.19.147.50:443 www.revolutionbeauty.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 35.212.79.71:443 ad.linksynergy.com tcp
US 35.212.79.71:443 ad.linksynergy.com tcp
US 35.212.79.71:443 ad.linksynergy.com tcp
US 8.8.8.8:53 ajax.googleapis.com udp
FR 172.217.20.202:80 ajax.googleapis.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 greenlava-code.googlecode.com udp
NL 142.250.102.82:80 greenlava-code.googlecode.com tcp
US 8.8.8.8:53 87.3.26.104.in-addr.arpa udp
US 8.8.8.8:53 136.199.67.172.in-addr.arpa udp
US 8.8.8.8:53 161.193.231.54.in-addr.arpa udp
US 8.8.8.8:53 50.147.19.104.in-addr.arpa udp
US 8.8.8.8:53 71.79.212.35.in-addr.arpa udp
US 8.8.8.8:53 50.201.222.52.in-addr.arpa udp
US 8.8.8.8:53 202.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 82.102.250.142.in-addr.arpa udp
US 8.8.8.8:53 images.julep.com udp
US 8.8.8.8:53 developers.google.com udp
FR 142.250.178.142:80 developers.google.com tcp
NL 142.250.102.82:80 greenlava-code.googlecode.com tcp
US 8.8.8.8:53 accounts.google.com udp
FR 142.250.179.110:80 www.google-analytics.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
FR 216.58.214.162:443 googleads.g.doubleclick.net tcp
FR 142.250.178.142:443 developers.google.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
FR 142.250.179.99:443 ssl.gstatic.com tcp
US 8.8.8.8:53 lh3.googleusercontent.com udp
FR 142.250.179.78:443 apis.google.com udp
FR 142.250.179.99:443 ssl.gstatic.com udp
US 8.8.8.8:53 233.38.18.104.in-addr.arpa udp
US 8.8.8.8:53 142.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 110.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 84.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 162.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 99.179.250.142.in-addr.arpa udp
FR 142.250.179.65:443 lh3.googleusercontent.com tcp
US 8.8.8.8:53 static.ebates.ca udp
FR 142.250.178.142:443 developers.google.com udp
US 8.8.8.8:53 195.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 65.179.250.142.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
FR 142.250.179.98:445 pagead2.googlesyndication.com tcp
FR 142.250.179.66:139 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
FR 216.58.214.174:443 play.google.com tcp
US 8.8.8.8:53 18.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 174.214.58.216.in-addr.arpa udp
FR 172.217.20.163:445 fonts.gstatic.com tcp
FR 172.217.20.163:139 fonts.gstatic.com tcp
US 8.8.8.8:53 25.24.18.2.in-addr.arpa udp
FR 216.58.214.169:443 resources.blogblog.com udp
US 8.8.8.8:53 www.blogblog.com udp
FR 216.58.214.169:445 www.blogblog.com tcp
US 8.8.8.8:53 www.blogblog.com udp
US 8.8.8.8:53 www.blogger.com udp
FR 216.58.214.169:445 www.blogger.com tcp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
FR 172.217.20.164:445 www.google.com tcp
US 8.8.8.8:53 www.google.com udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 443a627d539ca4eab732bad0cbe7332b
SHA1 86b18b906a1acd2a22f4b2c78ac3564c394a9569
SHA256 1e1ad9dce141f5f17ea07c7e9c2a65e707c9943f172b9134b0daf9eef25f0dc9
SHA512 923b86d75a565c91250110162ce13dd3ef3f6bdde1a83f7af235ed302d4a96b8c9ed722e2152781e699dfcb26bb98afc73f5adb298f8fd673f14c9f28b5f764d

\??\pipe\LOCAL\crashpad_4496_PQNCFKFPAQQXIVXU

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 99afa4934d1e3c56bbce114b356e8a99
SHA1 3f0e7a1a28d9d9c06b6663df5d83a65c84d52581
SHA256 08e098bb97fd91d815469cdfd5568607a3feca61f18b6b5b9c11b531fde206c8
SHA512 76686f30ed68144cf943b80ac10b52c74eee84f197cee3c24ef7845ef44bdb5586b6e530824543deeed59417205ac0e2559808bcb46450504106ac8f4c95b9da

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 33196a95961bb977feeb85618f0d88bd
SHA1 ed15ba5c401684520a1362f0b8b8147967df3945
SHA256 06a6ab72fb4f8c1dc955e59b7acc1c3c29e23e1c64f4d5ae9ab32bf37abaaed4
SHA512 5c583b65609073d8250cf2e69d630e915a61b918ef2a4eeaae34eefbc1fa4e401996bc168cf87ae301e35705b6feacac4a4b9d7e20f1d614ea029424a3d224a4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 785cdc93e0ad32d6f1e90b124111c732
SHA1 4e9997709e7cb69951f1363b38633a527d8ec8b5
SHA256 31956d55e8f47fe89c9277fcac57d1e881139faa16b7f4a4291f8ded1cba03ef
SHA512 24a8d8aad885e21fd59192d87b7532ac98afb6cb9454ed028faadd1a24ad6224c81e556f1e94b42244c8e870c99d2e43b4a09df09603d5c2e43b768fec471b87

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f254795aae65629bc505ce38cae795a9
SHA1 0b869a630e58e563d2af0c664980ff5594d5ccae
SHA256 195854f1f4ec69d0364c7851bcfb1b6b89f96509dca99b490c57a1e42720f992
SHA512 bb53a72f1b76e0fba81ef559acf9ede35c70d02a61ff3c1d76e902c4bb33c844b83bb7efe85270cddeafe5f3783c30f76d3083610cff130e298942cd326d4141

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 22362bfdbb2b425cd6e64cb4736e1093
SHA1 cc17b66c0700967c6810f9f8554e0c09402a69c5
SHA256 4a5dc44b2990b180a88203c117d5027f2ae7dab0394c40c3ee1d373b76a89c53
SHA512 48ed67f94e139b946905fd3f76f22bbab2a3d13c2a8ed9bddf656e86956b5aaff80b56c06962f274da9b4c0b0effe3bbb8e3af98515abdacc8484750259be11b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 78c6ef63070cfffca5a86333e3c1b736
SHA1 fcd6d885b6e7b6459a4546b9d5a76fb6c47d119b
SHA256 0e92488ec2a826dc78a5bf82620fe9c4ae1c0cac3184ca1dad3f4677df5cb2a2
SHA512 736eb8d69c9ff50c8b95f6870c9b6772db1274e99675f6ec8d9f0036d798d3d74e2e4c50d87055077e07fea7ab3d02c9e2d1d03a0b570ed6f77f6f523ce3272b