Malware Analysis Report

2025-04-03 14:23

Sample ID 241215-tcvhsayngs
Target f4b32d2c25dd31a2ab3eff82b699d13b_JaffaCakes118
SHA256 69731f06b9620b32e820325d74ef9c51682ae7fd1254b25ef4e65c4ec4218a6c
Tags
socgholish discovery downloader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

69731f06b9620b32e820325d74ef9c51682ae7fd1254b25ef4e65c4ec4218a6c

Threat Level: Known bad

The file f4b32d2c25dd31a2ab3eff82b699d13b_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

socgholish discovery downloader

SocGholish

Socgholish family

System Location Discovery: System Language Discovery

Browser Information Discovery

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-15 15:55

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-15 15:55

Reported

2024-12-15 15:57

Platform

win7-20240903-en

Max time kernel

143s

Max time network

145s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\f4b32d2c25dd31a2ab3eff82b699d13b_JaffaCakes118.html

Signatures

SocGholish

downloader socgholish

Socgholish family

socgholish

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "440439991" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d4dd4eac47cd6c48a39dc9c84c3034e8000000000200000000001066000000010000200000009dbe053b635caaa17e6f7df477c629dbe64af7b6c501baed35098bf8e42626c4000000000e800000000200002000000044461b96c240315856a93b70541dafb27cc806a852e457359dbf06639397f15c90000000e6d3ec4dc9a9527c3d282263dd2b0575d5d14057982836f5e0d78d6e4dcb9a095b8b2e239bdd99f1bfca845f09cc6d38831996f1114d53b1bcfea426dc880c336c3dbb0cd0c779302b4f4bc79b879e43c2bcb2c5e433fa8ed137c90fd8aaf833b72024c7310fc6442058f9d0f8b10e355dff023772e7120760494feb362e9973b51b802c06454020fb67c38b77fea65140000000e93591c0d952b4455f1fef2be65983835d2e7a2375242177f2f8874fbb1e9f07b5342f464b88a2072037d23e876865fa79f9dd87970f8b436b3e97aacb492d97 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F8F261F1-BAFC-11EF-86C1-D60C98DC526F} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 80fe6bd0094fdb01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d4dd4eac47cd6c48a39dc9c84c3034e80000000002000000000010660000000100002000000037fc92b14e7efe05978fea95f137d53df84c73e08655a6b0ae3cc11d73512828000000000e8000000002000020000000953db1e26d9412bdf1a8526423d1e5edafb996d1700eb66ec6a5c6552352a65920000000cc06c46282a122e8829886f5a65a7f307358e32e032137db56998640d389a48240000000bc710a8531bf3096233e6165c63924146b77c44e683efe82da1cd1c14e54af0cd5a000eecdba3dba94c91d6468db2cb13472a6f6b59dfc38a35b0b345269498e C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\f4b32d2c25dd31a2ab3eff82b699d13b_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1928 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 scripts.chitika.net udp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 data2.whicdn.com udp
US 8.8.8.8:53 lh5.googleusercontent.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
US 8.8.8.8:53 lh6.googleusercontent.com udp
US 8.8.8.8:53 lh4.googleusercontent.com udp
US 8.8.8.8:53 apis.google.com udp
SG 118.139.179.30:80 www.linkwithin.com tcp
FR 142.250.179.65:443 lh4.googleusercontent.com tcp
FR 142.250.179.65:443 lh4.googleusercontent.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
FR 216.58.214.169:443 www.blogger.com tcp
FR 216.58.214.169:443 www.blogger.com tcp
FR 216.58.214.169:443 www.blogger.com tcp
FR 216.58.214.169:443 www.blogger.com tcp
FR 142.250.179.65:443 lh4.googleusercontent.com tcp
FR 142.250.179.65:443 lh4.googleusercontent.com tcp
FR 3.162.38.66:80 scripts.chitika.net tcp
FR 3.162.38.66:80 scripts.chitika.net tcp
FR 142.250.179.65:443 lh4.googleusercontent.com tcp
FR 142.250.179.65:443 lh4.googleusercontent.com tcp
FR 142.250.179.65:443 lh4.googleusercontent.com tcp
FR 142.250.179.65:443 lh4.googleusercontent.com tcp
FR 142.250.179.65:443 lh4.googleusercontent.com tcp
FR 142.250.179.65:443 lh4.googleusercontent.com tcp
FR 142.250.179.65:443 lh4.googleusercontent.com tcp
FR 142.250.179.78:443 apis.google.com tcp
FR 142.250.179.78:443 apis.google.com tcp
US 8.8.8.8:53 data2.whicdn.com udp
FR 3.162.38.66:443 scripts.chitika.net tcp
FR 3.162.38.66:443 scripts.chitika.net tcp
FR 3.162.38.66:443 scripts.chitika.net tcp
FR 3.162.38.66:443 scripts.chitika.net tcp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
US 8.8.8.8:53 themes.googleusercontent.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
FR 142.250.179.65:80 themes.googleusercontent.com tcp
FR 142.250.179.65:80 themes.googleusercontent.com tcp
FR 142.250.179.65:80 themes.googleusercontent.com tcp
FR 142.250.179.65:80 themes.googleusercontent.com tcp
FR 142.250.179.65:80 themes.googleusercontent.com tcp
FR 216.58.215.33:80 4.bp.blogspot.com tcp
FR 216.58.215.33:80 4.bp.blogspot.com tcp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.151.35:80 www.facebook.com tcp
GB 163.70.151.35:80 www.facebook.com tcp
US 8.8.8.8:53 accounts.google.com udp
GB 163.70.151.35:443 www.facebook.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
FR 142.250.179.67:80 o.pki.goog tcp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 www.google.com udp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
FR 216.58.214.169:443 resources.blogblog.com tcp
FR 216.58.214.169:443 resources.blogblog.com tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 2.19.252.143:80 crl.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
GB 184.25.193.234:80 www.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 527a5ac66c4f5929c4e4948c37fdfd40
SHA1 42840645301a1f29ef707964be0bde19fd1c9d14
SHA256 441c5ec8d9c116b656403e62d63f31b692e4c88e709b4b84f078d283441d96b1
SHA512 2aecb0595e38f076a24a693ab4feb1edbbd2cd38e2478203bdd479e25559bab13473595354d29b42f48df63508cb19a13dfdd91dcecf31c586181517b979a0db

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 50a6c3f252b83f230a87f7140ec04dfe
SHA1 82e36a5644205a802189ba410e62790f0f19dc0d
SHA256 e77268c38ff20c47079eec801116650b106c5d71787c2564864eba171fcb5ccc
SHA512 a7cd5b2a23683a6d8843beeed4b6649ad976f55267cdedc343a7eebaa4cea34592d389e45ceb0100ee78ff2af868f82ebc1db0d12d7b9a7549884f484f0a50f6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 11beb7b082c84e12e6c201294eea260c
SHA1 b0c0fb9a417f1db9a892bebada6dd0561ac0cb28
SHA256 ea210add5342ed4b0d22e635ca4517f448a934d1913fc598171bb21b2b2d15a1
SHA512 a5386b3bcc4e3bcaef361b16dbc54e7b20515fea5167a7ce00cba7d97d4b37f5464de29ca1e26b95d1cf19d9f28db984b1c862fbc1e7bf7f34d2a5febd467cfa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

MD5 e935bc5762068caf3e24a2683b1b8a88
SHA1 82b70eb774c0756837fe8d7acbfeec05ecbf5463
SHA256 a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d
SHA512 bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 be69c0fc1840944cb1310d66d78eea33
SHA1 a345c5822ce4570acebba726453fa776c2e3b1fc
SHA256 f6f4a1cc80f47876aedcefe06774cf49c3791ca7a09c41a7e320300810dfe3e1
SHA512 079382febe2229c9857eb44fcd1000bf0f1f0b9a554b1b963550b2719cad1b9a35427cb1c728a64e02aacde557becf6c7e44cdd2fc46b15856dec40874b42db5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 e16c2df9b0b7a51613bb1604efa711d8
SHA1 1c12290a28238efefc3030f800ff1023d38b6255
SHA256 2a8906b05fb2b0027f3f0517c4ea22d3eb7c5b138e9530574db668b2c917eb2f
SHA512 96ce8ab5cfe409d6891b2c6bd1deb0f02c8abbbeed529d2ee148f749754a749a66922be5fd84bb01b059e63bf682a36911e449eeef6e2340a105092fa8f29ea3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 3b13062259d2b7a9101e54a055d4a085
SHA1 864a0490b687e4a64ac9c742c06818f7d99c3aa5
SHA256 6fe104ae2cc0ba44403c1fd7f1b03a19ef1763f0862ac7a5b3633d4dab20a2bb
SHA512 c72db8d63424f60928621e2b4f4c74855a56d74d85a5f5c07e03cbe22e2d5867147a65f68b005cf60d56a313044baa82d309b93a56278ffdceed6aae83d653b8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C02877841121CC45139CB51404116B25_1866E19A9EA470E8F26D259D51C89BDC

MD5 15ff143d93579737eae3b60d8f9b0b78
SHA1 90916b9598bff4fdcaf39e611f80aef422caa226
SHA256 01f9a20bc4dcce96849f152be25902f8b78dfffadb764c9d13919e9342049467
SHA512 b7a22c84e4f6b6462048e17aaf446077d14662489c592d85a9ef4f6bd86f8d912060008f69cf8b9b762d6f9b44f2e865e6deca6fbf4864ee4bf0648445956ecc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C02877841121CC45139CB51404116B25_1866E19A9EA470E8F26D259D51C89BDC

MD5 eee631c5d08d5e000e5618314d49218f
SHA1 4a1bbe4f5bb3c6044999af6ff0cce78159017374
SHA256 e6b74327de738e85eaf915d4bcb623b5adadbde4dbe42704da50ba2cafc53842
SHA512 a76b22741ec03c6d79ceddb7100d21c096164300db84ee9b6fd6c95f6a4dba6aff9b2e61b10b4c79845f4aa0085b2649936233cf3d5f4d05eb485f66a611447d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C02877841121CC45139CB51404116B25_1866E19A9EA470E8F26D259D51C89BDC

MD5 9ddfcd55a56ea25af671c4aa4373946e
SHA1 e7f190d7ddb7b91819131659b5ca22495aa8f56c
SHA256 8317e33ff65a5f3805d4665291a0ea94b79ac7688d998810a780fa6d4673421c
SHA512 f69165b96b5eed703ef2c0e2cfa18987f893de1ea03fc44fb8669bd06c5e3d59b196a405b299dccd7c0528a0b281223585fff0aeb0cf77936c89e48037b993cc

C:\Users\Admin\AppData\Local\Temp\CabB01F.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\TarB0BE.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9cf0e10917de4c95c7c1be4bad100b1e
SHA1 37970cd1c88954908f32f3d1e9852179dda11b68
SHA256 cd0d1c5f1d3a70844962e1e98d71958bd4c62eea547f9f1aabe25da4f65960cb
SHA512 b5e122b6039332b9dd06183a9ac26630e608cfb00b28037be49c1a29ce498b1ef05e65079e83873e39d9a44393b8af3d09df50e6c2874eaa6f3f965714ea021a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9d50ccd7002fb491488d455b7239c6f5
SHA1 9b1c1095b72bb9c2ecd5a1c081981313b438eb98
SHA256 b459794641b002c9a02afeee2bcd6fd56c0c7ee7f67390b9c9c71e0368b8e7f5
SHA512 cdfa5b87908180951eb6ed1336a19076377464848c7ff6d4b2e3e447c89fe05b4daa73cd578bc2e143a8594d91c63e04ba1d914e6b1c8a9cda0d03af37b1bf45

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c4349dd73008c5585acabad0c75aead4
SHA1 15c8af158e22505a0933e04f679e19c47c3c1b12
SHA256 84f3374f61e537f31d781090be7cdbb435f91ade9c3b8b5cc5e7b92ba6a5f9d0
SHA512 2734b947a37f4c726b8a9679b8108d3e0da39e9ada0613e68f935f8cb9107d95f06352c058d1a0e02de2b30c5c1e589c4af0408aaf599f3df1d592831e00b240

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2c5416eedc59cb124e3539b63354f6c3
SHA1 cec263a469649702ea61246b16f316b77162607b
SHA256 97a7f1e773e7b4bdad8660c346c7d846d22eb936292d6fb73775860a4213dabe
SHA512 aad486d42e7812b7c4432a0ab10cfbde689c63e6abd35a06cc055e98f6302b3e6b629efd6f9a27fa9d2cd2d9598c66b7be2c82966e4f8262aa7fa6933cc57224

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0ea37b72600f5980b550c7a318f14185
SHA1 8f3a77eef18c0b4bcc8dcde1c2e6089b05ffc37b
SHA256 72b9b1f861b4fea3747731d0653794f34a3931013c0960dd722fd8135e0ba36a
SHA512 2a563214f862fc7a8bb6813b583079b2f2a35eba08e2b4c77128ca294cdaa818c9665623f00a332e46fbed38416e94be8e3a9fca76aebb84ef520ea786a88e39

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f80c8d8f1068cebdcb6633393f175029
SHA1 5ff38a8b74c9d9944a6148347c3d22db46eeee4c
SHA256 2c91784eca78865b37f68a241a122a48140d81819fd6668d28ad22a83f22d584
SHA512 3c8775da11ef9a03657a62f0d633075549e975c9ea0190aa1e68d877c5e6e1537fd60c51b6a57c6fb278a1098f939c94b0aedeb21a64dd1e4a411eea27d6e4fb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 94b86a4227f197809b6e8028c85aab69
SHA1 a45040bbe7c65a25c1bddf3c316e2cbe56ba13f0
SHA256 8a9d547596bd1f4a2b152c45e358eae9028395145a51ef46ec77101b947d960e
SHA512 f7251552adf7f20c5e85fbd18609078decca235c7e2c99b4427031911985dcd9a6442b0a7e24fa310303d6c7ff621477dba84776f44dc9c5f38e9150896c35ff

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8be4f9618407cf1a4d18eba9c8ab3346
SHA1 012bcb1fa39885fd4287c27871373036ccd865b0
SHA256 49558be19955d652e8d191e5cca7c828faa7472b5051c504d2ded71aa619e670
SHA512 2689ef52e25308f879c209a906f6daac2d87e096d9763063df3654a1a71dd24a94ef3f2fe034aba30599b093e8f49390b1dd2e5a5aae807dfdbdbf574559e7b3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d5b6bc411b789f4ef8a1003619f4f969
SHA1 25d0d45e1a693a3103d23047c81ce83bc1ae0ea1
SHA256 14fa780f6d66122781ea84cc7c487a822e995f35b09698cc0eb4b786a02228f1
SHA512 cf6d23df9c5dd92eb17c3de40a3c930b5a3d40d061d67666cf8101f02ff471aa1f134ca9b73eab97d4cdd0974443f2cd04bd07a66f5eff3a231b91a5688a3772

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 14834e1483fec9af9c6683e53ec900bb
SHA1 fdbb70145191d991e37b4e5b8053671ba210ecbd
SHA256 86b42df13cf376517aee7f8e8c14f2786825073181046efc13029f203c78b0b7
SHA512 9dad338b47ae8aa4f053bfc599e060f68dd009b6dc42b9702855bba2265c6aa7a839ea659409a0a9fe36548cfbc2dcc39edaf1f1ac4474dfb9a13a0d441b6f84

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2fb3fe7dfd0befbefd382a98dee4c2c1
SHA1 e673ed6a63ac2967cc1441fc597e6429e5c2ee7a
SHA256 1b66ba549a5514579c85a47ea0788aa7dc45bde420fe4da55a3c271c868c9643
SHA512 753faac65640ec82bf157718fa98ae3898b752fc671513c8fa3866c64533d46254f1c2cca5dcfdbb785a4b414b2e49e76be5518e74e11449e179690f8f6738ea

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 7ee98e8057d6be2560a74b24fe7f2a69
SHA1 64c8bb39094b9e597ec9c5482a49149bafeafd2d
SHA256 3518a7b260b39f949713e4796bfd5275a923ef1cd29b0da342c85aebc7b93f3b
SHA512 378a14a86f884d6b59e130c672e72f5a79ab52461fed5f50696d1b2bbd4397856207c276caf7e76d322b3dd5c147567446f0c623effeee2fe32190681e3314d9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4b334460e0d3f7c531a1924660da1426
SHA1 5a19d1e90ce6be4abfe30bdace87b24df7c1f8e4
SHA256 0a54a5e7195ff92557279ddfdf74e381e791472ea59b3c4df695e184e881ff8f
SHA512 1ded094ddc84af1656fdbbe9b099a0eaf2963bc0fd4b773c17ff198f1139fcb2fe3f8aed140a9e3341a972b43ff8eb1adda42623cf7819f159ddbfc108d561d3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 9e92e93ae1fd7d5ed69f4a3d6c890c6a
SHA1 28bebf94e9a22f5c6a1fa8bbeafb7ab4f06790c9
SHA256 9f5838340c4399afb2cbcf0f75c72cad96095963377248ac3795d5f4c24b3511
SHA512 124781b73ba28ad6600b6644e2aa2b676af4b5f8b2d5c56269efd48ad3fd70b0ce24dfb57b55df292ab89a8925c43f8c8e81dd948d7f5f672fab065281787df3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dff41b49cce361b0e0516e333c890f3e
SHA1 4c3fd767ba9b6502675720d44621f741bf208592
SHA256 39b629490d6f17c80b99ab762d29c21d2e4e014603be48797dc1bcbd19caadbe
SHA512 c056ea0d0cf9a1975c3d4a6398856423b7f604acb8f71f2598d534b26f1d6f601effda214cd812305a70edb88c369232311ebd42e1bfee96172a8c06a14e1970

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5612403667840b7fb2cf5130b30bc8ca
SHA1 8a1177a372f716d6bc9f5c7aecc54a210b388ad8
SHA256 9cabd7ae85947cc2582b445b09f50f1b0a2702285ccd00a5ce6d9a1203eb7d2d
SHA512 b3a5ee9f8ad2c53f2a01ef711d2b251de6f5d8b634913067752f8480da68ff4f8eb8dfb476d8aa75ef37820912050aba8bc2ad291a728380d3b81391244354cc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 493c8578c01f287759352c39c3347ccf
SHA1 58872c91ffe94bc59ed9162aa840a95936dd7ec0
SHA256 b26e5dcab171fcd6d73b7e765c3977da4f1af8dd5fb1517f55869a727666362b
SHA512 6b610592a9df7d11c33ccdef592ac091dcc917d93bf294000d0dba3b9fce5420a58074f2c97116e8f7b380fdffec45373b483aabefdf8b86df2ac4aa96b0f76f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7b8ef664eba5f31c820011c14e6f1c17
SHA1 8dbe8ef9c88173379114add14cd04dbc681f9205
SHA256 882d4352d716483928f59803c9e5ba6d2674f45a749c1f9dffee201aeb2080e9
SHA512 c84c08ca3d3321735c77acbab362a23366d828b395a7fec00daa829f20e15dfd1610a2d30d425c5cc203c7f57a5cbf8d85b041ccb84932db1cab2a6ea8e711e8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e196a19d717d645ba777f573e5eed948
SHA1 a3915bbc2c0e1219a1ba14dd9b97cf36ccbf6d74
SHA256 bb6d9bcded6ff28dc496efe24d20e2c73aa57a0fd6ec1a5d6ef874f4203c843c
SHA512 4e0e67e4bb562e217c8a70ded6bb08fe8234a7934ff38724053f841a4b0f0e3531edb8ad398ce576e6b10ba9b70c397252827b5cb63be655ee54f251c1eaee69

Analysis: behavioral2

Detonation Overview

Submitted

2024-12-15 15:55

Reported

2024-12-15 15:57

Platform

win10v2004-20241007-en

Max time kernel

147s

Max time network

140s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\f4b32d2c25dd31a2ab3eff82b699d13b_JaffaCakes118.html

Signatures

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 652 wrote to memory of 4852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 4852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 3840 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 4588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 4588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 4588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 4588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 4588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 4588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 4588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 4588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 4588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 4588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 4588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 4588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 4588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 4588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 4588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 4588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 4588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 4588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 4588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 652 wrote to memory of 4588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\f4b32d2c25dd31a2ab3eff82b699d13b_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcbdc846f8,0x7ffcbdc84708,0x7ffcbdc84718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,10282990220838726305,14777594842895134568,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,10282990220838726305,14777594842895134568,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,10282990220838726305,14777594842895134568,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10282990220838726305,14777594842895134568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10282990220838726305,14777594842895134568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10282990220838726305,14777594842895134568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4568 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10282990220838726305,14777594842895134568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1804 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10282990220838726305,14777594842895134568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1228 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,10282990220838726305,14777594842895134568,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2920 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,10282990220838726305,14777594842895134568,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6096 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,10282990220838726305,14777594842895134568,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6096 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10282990220838726305,14777594842895134568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4828 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10282990220838726305,14777594842895134568,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10282990220838726305,14777594842895134568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4176 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10282990220838726305,14777594842895134568,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 scripts.chitika.net udp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 netdna.bootstrapcdn.com udp
SG 118.139.179.30:80 www.linkwithin.com tcp
FR 3.162.38.67:80 scripts.chitika.net tcp
FR 216.58.214.169:443 www.blogger.com tcp
US 104.18.10.207:445 netdna.bootstrapcdn.com tcp
FR 3.162.38.67:443 scripts.chitika.net tcp
US 8.8.8.8:53 crt.rootg2.amazontrust.com udp
FR 3.164.163.59:80 crt.rootg2.amazontrust.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
FR 216.58.214.169:443 www.blogger.com udp
US 8.8.8.8:53 22.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 67.38.162.3.in-addr.arpa udp
US 8.8.8.8:53 169.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 59.163.164.3.in-addr.arpa udp
US 8.8.8.8:53 30.179.139.118.in-addr.arpa udp
US 8.8.8.8:53 38.201.222.52.in-addr.arpa udp
US 8.8.8.8:53 apis.google.com udp
FR 142.250.179.78:443 apis.google.com tcp
US 8.8.8.8:53 data2.whicdn.com udp
US 8.8.8.8:53 lh5.googleusercontent.com udp
FR 142.250.179.65:443 lh5.googleusercontent.com tcp
US 8.8.8.8:53 lh3.googleusercontent.com udp
US 104.18.11.207:445 netdna.bootstrapcdn.com tcp
US 8.8.8.8:53 netdna.bootstrapcdn.com udp
US 8.8.8.8:53 lh6.googleusercontent.com udp
US 8.8.8.8:53 lh4.googleusercontent.com udp
FR 142.250.179.65:443 lh4.googleusercontent.com udp
FR 142.250.179.65:443 lh4.googleusercontent.com udp
US 104.18.10.207:139 netdna.bootstrapcdn.com tcp
US 8.8.8.8:53 78.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 65.179.250.142.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 code.jquery.com udp
US 151.101.2.137:445 code.jquery.com tcp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 110.179.250.142.in-addr.arpa udp
US 151.101.194.137:445 code.jquery.com tcp
US 151.101.66.137:445 code.jquery.com tcp
US 151.101.130.137:445 code.jquery.com tcp
US 8.8.8.8:53 code.jquery.com udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 181.129.81.91.in-addr.arpa udp
FR 216.58.214.169:443 www.blogger.com udp
US 8.8.8.8:53 connect.facebook.net udp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 themes.googleusercontent.com udp
FR 216.58.215.33:80 4.bp.blogspot.com tcp
FR 142.250.179.65:80 themes.googleusercontent.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
IT 157.240.203.2:445 connect.facebook.net tcp
US 8.8.8.8:53 33.215.58.216.in-addr.arpa udp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 connect.facebook.net udp
SG 118.139.179.30:80 www.linkwithin.com tcp
IT 157.240.203.2:139 connect.facebook.net tcp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.151.35:80 www.facebook.com tcp
FR 142.250.179.78:443 apis.google.com udp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
GB 163.70.151.35:445 www.facebook.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 84.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 resources.blogblog.com udp
FR 172.217.20.164:443 www.google.com tcp
FR 216.58.214.169:443 resources.blogblog.com tcp
US 8.8.8.8:53 164.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 themes.googleusercontent.com udp
FR 142.250.179.65:445 themes.googleusercontent.com tcp
FR 142.250.179.65:139 themes.googleusercontent.com tcp
US 8.8.8.8:53 www.blogger.com udp
FR 216.58.214.169:445 www.blogger.com tcp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
FR 142.250.74.226:445 pagead2.googlesyndication.com tcp
FR 142.250.179.98:139 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 mileycyrusus.blogspot.com udp
FR 216.58.213.65:80 mileycyrusus.blogspot.com tcp
US 8.8.8.8:53 65.213.58.216.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 61cef8e38cd95bf003f5fdd1dc37dae1
SHA1 11f2f79ecb349344c143eea9a0fed41891a3467f
SHA256 ae671613623b4477fbd5daf1fd2d148ae2a09ddcc3804b2b6d4ffcb60b317e3e
SHA512 6fb9b333fe0e8fde19fdd0bd01a1990a4e60a87c0a02bc8297da1206e42f8690d06b030308e58c862e9e77714a585eed7cc1627590d99a10aeb77fc0dd3d864d

\??\pipe\LOCAL\crashpad_652_IJAECYAPOHNOSXQV

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0a9dc42e4013fc47438e96d24beb8eff
SHA1 806ab26d7eae031a58484188a7eb1adab06457fc
SHA256 58d66151799526b3fa372552cd99b385415d9e9a119302b99aadc34dd51dd151
SHA512 868d6b421ae2501a519595d0c34ddef25b2a98b082c5203da8349035f1f6764ddf183197f1054e7e86a752c71eccbc0649e515b63c55bc18cf5f0592397e258f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b6779516fbc58cd4f26941f32d5a510b
SHA1 0463a4c361e67f923976d26c99c74fa2c19cfc78
SHA256 032ad5283e1761a1226b248f1d2cf9bad46c087267e364439a7b8a436eb404d1
SHA512 a9955f7c141bc05c425977339bbfa275fce1dd9109c24ac350c1d5d2bcd6c0dc480791ccf4ac3814675c2a42c8eb50f627ca536d16ccfc0834b14d7d496b2189

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a78ce6d58c1a41f0f69a0dccefc19603
SHA1 88923fcd19e9af7d1e80d996547c5e96cc6c0b28
SHA256 6588f65fbdc225e1235e55872ea167d8d3b27b3329b4b7129fd2d8cb99f67f3a
SHA512 59f52cccef54fc1b7d05dce4f5154b3cc4192e8e3694815192c1baea738b27d838c32ac27e6c2926dee0af43551a81df9d5cf460613dda215a778e628ddbbf47

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6510084a339380d0379cbeb103061105
SHA1 e577c8d2fb17cc5e5268850a1ebc89aabd02972f
SHA256 bf9de37a82a744974b9caf222ab99dba0436591b846b5356f3341836d02c0ea1
SHA512 0a7f7cf5ba0334d9d69599822a1ff53e3d1af427fd7fcd39e7516395826d9dc98ff828303c9230ce50cfe9fd64711f4919e86538b24c98398c8ed9429a085a55

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8d001692b18bb6de0f0349a8da424a85
SHA1 effb8df0ebed68156e51630f78775258d30bcf58
SHA256 ec3fae2f2e0ff7595b5ead8db47d864c9c1ad3eb950388c9d083c520e10aff16
SHA512 02491d449809c152e44d7d3dc928ac3211d4ce6cb53f9d811e3e9445e7d4d1014eefc507eb664752f13b746402e99b11298cd58083a3651b2c1ec0a5ae498f2d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe584baa.TMP

MD5 73cb8f3082bddf6f066adaf779060240
SHA1 a5d725739221072d441cbfe82f35c8b2b9033a30
SHA256 08a4aae7a6e6694c846c3a253f8764330d739f9b4310ffe4ac626841108283f8
SHA512 b79c07c58689f291a6d786d60d13e15b949fcc7e0fca2e00216fe7ac13385a3e14e0a3cf649f3658aecab55f8e4f89674ec91f8b2c143311b0144e2097a0c804

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 0b6e7a859714b15885d0478abb3c1b2a
SHA1 72c28fc40ee86fa8a8109e57e39139218939d124
SHA256 a2df1901b6116eef3c79d3ef7fa176cea0773b50d8f90cd17aa6b4753d4b609b
SHA512 630ac2c42e0174a164771b152593643a894ec71446758c45cb39d1999fcd381cd49ca546c8015a84478d31f44eb73fb5b7caa3a900886f32c51c0fb5e5f8b9c2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 f6ede07d25d8c2ad089e835f6d701611
SHA1 862eb4a037b1d51a88c1917ef6881cd0f52f6da0
SHA256 2cd5f4f11ae6d447753da5e31a8d2aa34e3d7b26f7d6c01635cf58e11da68fa1
SHA512 0a37ee023c3ff10ee98c4ca7b3bc224052d633fcd18f40af5fe2d72af0e1bf1468f9a959714685d36530fb38e4f9deff039ef3e3a2368d2880b497301cb6c282

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 62bbe224a2e23a51c2a28fbaefe9e509
SHA1 2f2ce796ee88711abfd5923305c9585d50c9495d
SHA256 8030d9736780a5cf75121c26d324a95568a766bf606eb3a43fb9a3057b83e876
SHA512 d26b9ad63d1f947362ecd40f1119dc5c1a66c4ff3296d4954e777ac87e06eb7080619a8736b3eebd967dd7a3e219baae7cf5263f5dd5b3d67f38713464dfb457

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 eff6574fb3c39ee612e9198bb0e22232
SHA1 e4ad1d2f4e40e56283602d192918aca5f5e0f8f4
SHA256 d1d4659f2a694e233c033f36613e12093a65b6d6b2cb397e92071d49382105f1
SHA512 738982d1754c9582609283fdbe27b24299a0dfb29c847aa67694ff1e3eb2e9a2acc9eef171f0e630a050ae3dbd1e2d259d33fdd348f55bb7f41ae24f5bd42802

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 fe1dfb9ddd8a205d32ee37b32c0e1302
SHA1 8a2c815662c4718536aa33640578d3ba97e63aac
SHA256 78656fa92e6adc0f010c16db9cd1416f2946b1a0589a014366e81cce61e3e090
SHA512 a07f3879b6c0ffcb5b4c390c5e6d702ec2da83623fb941701ce3aa8ea0b62e79d47903e5ed315148a417d2285887d4e56ed150404f85c03a5b4facb56f169d61