Malware Analysis Report

2024-10-23 17:25

Sample ID 240510-psafbsef5y
Target 2f202b71bb455a16e350bbdc381b9f49_JaffaCakes118
SHA256 f189ec6804cbe3d33876eb9d0d6bc0e6e8ca7de842bce9a92877d2136c623181
Tags
socgholish downloader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

f189ec6804cbe3d33876eb9d0d6bc0e6e8ca7de842bce9a92877d2136c623181

Threat Level: Known bad

The file 2f202b71bb455a16e350bbdc381b9f49_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

socgholish downloader

SocGholish

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Modifies Internet Explorer settings

Enumerates system info in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-10 12:34

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-10 12:34

Reported

2024-05-10 12:42

Platform

win7-20240215-en

Max time kernel

128s

Max time network

144s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\2f202b71bb455a16e350bbdc381b9f49_JaffaCakes118.html

Signatures

SocGholish

downloader socgholish

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009b106788dea7af4d98683a8983feb7c600000000020000000000106600000001000020000000eaf5357a2e37f5e5e20acaca078644928a411f8b52ed4bc58d7b90ed94e19ce0000000000e80000000020000200000008674cb57776e26034b15e91ec481bed0d2ff809e1ad00d88ce7755e507548bb79000000040d9f232e2a23b8ae3d8c7ac0ac54c350d161de8081ecf0aa2efc02ed727e170508c1e31f9f22cc7cf9f5699d569db2091adb3d12d3d11cab550c78e71a60662944a1df02e503e1db7e7d6df60a3d7eb35e72ea393ab0e251e0dda091c1b1d4bcc54f07b488f94fbf000a28ccb4c5d0e3b68c20b78208c6b84042e4bde761736948021ddd6dbdad6e61368e53f33cde6400000003c9fbe37366f77b829391de150668a86dbabd664957ccf46dd5d5d8718ac6fde8d41f42a3930729b0bf7c697387b48e094bdd3496cc0ce3fb80b996a298cb54d C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009b106788dea7af4d98683a8983feb7c6000000000200000000001066000000010000200000008b6967a96b7dba5d7ad95bf819a455c9128876e184234c36d97f4dc472176765000000000e80000000020000200000004bc5a517fb8a9b5bf0d73281f0e9a5b47bbfe0a7eb21d57b2e42c1266e06df6c2000000079adac91b87535ad2cf9d43e23c1178bab91805f79e032a7a1c74927464b89a340000000cd6761ed7bc7a5c8d2ca244643f7e9e5e65ead92ebe88705340cb136216a96340c6925d9c901a1f0706faa4dcab9d8ae578afaf519afe5d23e7ac23550b322e5 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6E9E56A1-0ECA-11EF-B20D-42D1C15895C4} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c0dd5849d7a2da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421506675" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\2f202b71bb455a16e350bbdc381b9f49_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2220 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 widget.bloglovin.com udp
US 8.8.8.8:53 www.bloglovin.com udp
US 8.8.8.8:53 lh6.googleusercontent.com udp
US 8.8.8.8:53 bloggernetwork.e-tailwebstores.com udp
US 8.8.8.8:53 yourjavascript.com udp
US 8.8.8.8:53 greenlava-code.googlecode.com udp
GB 142.250.200.9:443 resources.blogblog.com tcp
GB 142.250.187.225:80 2.bp.blogspot.com tcp
GB 142.250.187.225:80 2.bp.blogspot.com tcp
GB 142.250.187.225:80 2.bp.blogspot.com tcp
GB 142.250.187.225:80 2.bp.blogspot.com tcp
GB 142.250.200.9:443 resources.blogblog.com tcp
GB 142.250.187.225:80 2.bp.blogspot.com tcp
GB 142.250.187.225:80 2.bp.blogspot.com tcp
GB 142.250.178.10:80 ajax.googleapis.com tcp
GB 142.250.178.10:80 ajax.googleapis.com tcp
GB 142.250.187.225:80 2.bp.blogspot.com tcp
GB 142.250.187.225:80 2.bp.blogspot.com tcp
GB 142.250.187.225:80 2.bp.blogspot.com tcp
GB 142.250.200.9:443 resources.blogblog.com tcp
GB 142.250.187.225:80 2.bp.blogspot.com tcp
GB 142.250.187.225:80 2.bp.blogspot.com tcp
GB 142.250.187.225:80 2.bp.blogspot.com tcp
GB 142.250.187.225:80 2.bp.blogspot.com tcp
GB 142.250.187.225:80 2.bp.blogspot.com tcp
GB 142.250.187.225:80 2.bp.blogspot.com tcp
GB 142.250.200.9:443 resources.blogblog.com tcp
GB 142.250.200.9:443 resources.blogblog.com tcp
GB 142.250.187.225:80 2.bp.blogspot.com tcp
GB 142.250.187.225:80 2.bp.blogspot.com tcp
GB 216.58.204.74:80 fonts.googleapis.com tcp
GB 142.250.187.225:80 2.bp.blogspot.com tcp
GB 216.58.204.74:80 fonts.googleapis.com tcp
GB 142.250.187.225:80 2.bp.blogspot.com tcp
GB 142.250.187.225:80 2.bp.blogspot.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 172.67.74.169:80 www.bloglovin.com tcp
US 172.67.74.169:80 www.bloglovin.com tcp
US 13.248.169.48:80 yourjavascript.com tcp
GB 216.58.201.110:443 apis.google.com tcp
GB 216.58.201.110:443 apis.google.com tcp
US 13.248.169.48:80 yourjavascript.com tcp
US 104.26.3.87:443 www.bloglovin.com tcp
US 104.26.3.87:443 www.bloglovin.com tcp
GB 142.250.200.33:443 lh6.googleusercontent.com tcp
GB 142.250.200.33:443 lh6.googleusercontent.com tcp
IE 172.253.116.82:80 greenlava-code.googlecode.com tcp
IE 172.253.116.82:80 greenlava-code.googlecode.com tcp
US 172.67.74.169:443 www.bloglovin.com tcp
GB 142.250.187.225:80 2.bp.blogspot.com tcp
GB 142.250.187.225:80 2.bp.blogspot.com tcp
GB 216.58.212.195:80 fonts.gstatic.com tcp
GB 216.58.212.195:80 fonts.gstatic.com tcp
GB 216.58.212.195:80 fonts.gstatic.com tcp
GB 216.58.212.195:80 fonts.gstatic.com tcp
GB 216.58.212.195:80 fonts.gstatic.com tcp
GB 216.58.212.195:80 fonts.gstatic.com tcp
GB 216.58.201.110:443 apis.google.com tcp
GB 216.58.201.110:443 apis.google.com tcp
US 8.8.8.8:53 snapwidget.com udp
GB 216.58.201.110:443 apis.google.com tcp
GB 216.58.201.110:443 apis.google.com tcp
US 104.26.9.123:80 snapwidget.com tcp
US 104.26.9.123:80 snapwidget.com tcp
US 8.8.8.8:53 developers.google.com udp
US 104.26.9.123:443 snapwidget.com tcp
GB 216.58.212.206:80 developers.google.com tcp
GB 216.58.212.206:80 developers.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
IE 209.85.203.84:443 accounts.google.com tcp
IE 209.85.203.84:443 accounts.google.com tcp
US 8.8.8.8:53 apps.identrust.com udp
GB 216.58.212.206:443 developers.google.com tcp
GB 216.58.212.206:443 developers.google.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
US 2.18.190.81:80 apps.identrust.com tcp
GB 216.58.212.206:443 developers.google.com tcp
GB 216.58.212.206:443 developers.google.com tcp
GB 142.250.179.227:443 ssl.gstatic.com tcp
GB 142.250.179.227:443 ssl.gstatic.com tcp
US 8.8.8.8:53 x2.c.lencr.org udp
BE 23.55.97.11:80 x2.c.lencr.org tcp
US 104.26.9.123:443 snapwidget.com tcp
US 104.26.9.123:443 snapwidget.com tcp
US 104.26.9.123:443 snapwidget.com tcp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 104.16.79.73:443 static.cloudflareinsights.com tcp
US 104.16.79.73:443 static.cloudflareinsights.com tcp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
IE 209.85.203.84:443 accounts.google.com tcp
IE 209.85.203.84:443 accounts.google.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
IE 209.85.203.84:443 accounts.google.com tcp
IE 209.85.203.84:443 accounts.google.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_F82FCC341F124F6AC9D153F6ECE89FFA

MD5 642cb32ecfbeb79808c125857e05f6b1
SHA1 99f34e016349eb62dd311aae1b7a628909f2b0a0
SHA256 94d8f16b82741f839b6fdf123cd02209cfafec153a631bb4b1888ad21858ceb2
SHA512 0f4ec8738f4b36d9593da676e7f60e8c979df82bb5469762f4950bf327b774a44f02fcd157d26ddab6a61008d5818f135ae50a06613e24a95b42628cdddfa6b9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_F82FCC341F124F6AC9D153F6ECE89FFA

MD5 172831834ea62b24f27ae09586544041
SHA1 1bb2f6eb9c319fe96051c9a7db6cc4b882912471
SHA256 c88fedc9c4ce58c474cbda40048f9c60ea139d81438401ca3f9f38de59e57319
SHA512 ab2e156cf49e575074aabec3dc76df497408755944acb34ea9a67f85eb75bfd1fc4eb898b445cab38d6cfb799288668ca6ca9338422de9d774264dffcda4de44

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\902LKC6A\platform_gapi.iframes.style.common[1].js

MD5 7ef4bc18139bcdbdd14c5b58b0955a67
SHA1 afe44fd9a877f81a3c36f571c0fc934324c6cbd7
SHA256 192bc707852c5986f930528442d88a79e5bcf4513aacc2b722a3c5e964501838
SHA512 6c2920e80e4d5059588a32f75bc2b5dcc19f8d68224c0935d74f9fbf49476ca5b1ce43c279768f3d36871dfcec39f36db3fcad559c2f93cc540154cdbb04dec2

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OOWQLMJV\cb=gapi[1].js

MD5 4d1bd282f5a3799d4e2880cf69af9269
SHA1 2ede61be138a7beaa7d6214aa278479dce258adb
SHA256 5e075152b65966c0c6fcd3ee7d9f62550981a7bb4ed47611f4286c16e0d79693
SHA512 615556b06959aae4229b228cd023f15526256311b5e06dc3c1b122dcbe1ff2f01863e09f5b86f600bcee885f180b5148e7813fde76d877b3e4a114a73169c349

C:\Users\Admin\AppData\Local\Temp\Cab22AF.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_527BC5AE70FADE67FCC98047A960E62C

MD5 a722f5ee6355970a9321b38b23b4e01e
SHA1 8b385afe003535c400d318e98901b0b647805cf5
SHA256 90dd2a96520d7031d65b599e608d63ff446e0e4052e2d959756bfd451c094b8e
SHA512 640e84c8a92d640d888d6416c920d4be973518d776c4d94c0ed67a03be11fe5ca5f49bad0f0a22b83a841ff944c14886ff29a7ac5ae5693121683b21e65e8b01

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_527BC5AE70FADE67FCC98047A960E62C

MD5 4ffafe74e18b35157300d55ed615d63d
SHA1 a47a9e20b9a960f70ef43b836a44354a065117a2
SHA256 c04d6aa42dc433d78c6daa9d4104c7f98efa6db66013a70ae9d7763e92675dd6
SHA512 91c1169bff92737ebfd68429b71cd871c6a1b812588ec4e432833ebb39950f31213f52f3db620009d92f4b3d3734ef25e850e3ee2955d9b290e03ddcf5f90410

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\Local\Temp\Tar2B9C.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e5d52d25927cab8c3eb14e9d40f309fc
SHA1 764e0540e96f4f5508b77c80a4b93e7b38e49c79
SHA256 ab8b57da54fb3229c195dca80b91a9b75f54a34a3a92b363983b971d2af83488
SHA512 18d4290d656c4748bdf51e47f139b1a0aed27bded88a341c7ac260606f962de7fc23e2895d50d849a36a86068035e3d569f59f3ed6ce92378164d0a63f269c44

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IFGNZ1XG\analytics[1].js

MD5 575b5480531da4d14e7453e2016fe0bc
SHA1 e5c5f3134fe29e60b591c87ea85951f0aea36ee1
SHA256 de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
SHA512 174e48f4fb2a7e7a0be1e16564f9ed2d0bbcc8b4af18cb89ad49cf42b1c3894c8f8e29ce673bc5d9bc8552f88d1d47294ee0e216402566a3f446f04aca24857a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 962ff5cfa5bf871be71b00184758cbde
SHA1 f38c733f178f5dad0c0fabb2df4d6bf3c1cb9a6c
SHA256 d491e6c18ff0b25e9295ee9f596b3869efb5432b374333a87b824bd863cfd930
SHA512 766a5bdd7bdfeee994f83a23c47bbd956e95292b041410a5a888aca5947dfa032d35d984c4679707c1dc380b6c1f6ee797ddafb7adc496baf1f2fc35be62bb1a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 af118fc15ee7ad6befd69b953341e5f7
SHA1 3418bd8e9612e0b3c338892ec85814fbfe74e9b4
SHA256 d272b8ea96191b426a522892ac2023ea879f78c8b209b0a7481945fcb34eacfc
SHA512 64cf731a62e93682efb94150fee4a8dd41b71d8df11a0d5613f20f879daed6cb9827e345d12ee4e2c60dc99fe8e11aca2ef34aadcd6cb8850d15cbfb383091ed

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 121a332bd6035c3761ed42b63b6bc609
SHA1 0d121f42cfac887df6c451365bef8cf84227a763
SHA256 e4ac1c02f127e84f006c48e8937a1219f1cc10a68057f0666582fe395a8a6b6a
SHA512 3b8c074208ad3d9ea73eb9a8c9df7fda427707b8448f307ecbd15a0ce5d5b8f37e904088e560a18591f465c1acb86fa13bee1cab6a92093302150a520b281f29

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 10c415e2167bf7d433078a7f748bcd3b
SHA1 c1eaac164bbeada6604798cfdab7429d347038dd
SHA256 45c54dd08a6c149ce3ae8777fa07635e6d3546a521c79fa096938331451dbc1d
SHA512 c2eead18b433afb9b42d389f50d7b5a652fa4b355ba14078b90758779680a73781f1e54110cb14a5247a6580b693cc93a8fdb460c5c199f935a46b14117cd560

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7199c40de6018602302c792afbc0ace0
SHA1 d1dee023c60f04444c46df8c86da2bd5fb16e8fd
SHA256 46cdb208c0f956c06e65fb21371784a0ce1542209b773aaa6ab0a2371eb9d35e
SHA512 b4f667ab5d5a86160c643d6fec09357b7a0b98dd1c8c65ca7d7275ac43cb4bf30be17b6bbe9b382531c295c434f74125ba17c5aff7d04443a9c39cb3f9dffdba

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fb2e8f4ab87cfce7b3c61e5f5418b43c
SHA1 2aa818d06f5b2e212ba10f40be9ba58b46559ac8
SHA256 dd9e9e52651129def3ef229205a6bfb0d98dabde4be20e37bdf41328b0f7fbc4
SHA512 25cd58c36465217d25ef9b50822441b2db5433297222d5b677d4c539d7cb0d0f5db9a0135cdc902cf66f70a969e4c1a4cd62beafc8a7dc68fd02716252085a9b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 91c8dbb9d1a023327f3034b903a1ed30
SHA1 7677b0da286b65eeb316613090d214a86b299c6c
SHA256 7f4a5bd8fe4d49d0a1e081700d76492e57d70d8853ef071d1cad71d37955047f
SHA512 79efd0d658a59051b803cd1e2c9777021bbdd61534c2829344e16bccef863d3aa39d5f5f773fb10a138e01d280ae81ea7776234384a0eda7dde5b16f02c3e457

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6f4a336fda8ff95afe78e9d1a6419433
SHA1 2fe2cd43b275f7844e73a71e1d0ecab60706b4df
SHA256 f4ae4fe8dca90e1d89473e3ae61796d08a1dd5a32ec0b47c4ce374b615b1b4b6
SHA512 9a02fa3f7e021e445e9a74d92a7a9dd875dc1b90f69dc858ab3efc64e6916c51b05d357ca1b377d157e03b305ab2a07d3aa5532f14150330e9b36e50ac23db76

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 94f166fe2834137f89b715f962213316
SHA1 72ea8bb00f7a2f48026ccfa10e244c260e529e37
SHA256 5a1833c6f8f8e59158417abdbb2adf37f30bef07e50db7d5e31618217f50ceaa
SHA512 085a6b74eef47ab074eb053482c52410446beeebda999960264b9ea804b22e6edf380e12a0bb562126969176f9c9988e8068d922615700dac70e6e70059a6a33

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 26d659822fd06d1c2a94f58496724fb4
SHA1 2e63154a8c783a375a4c9c48fcb6ea5b077873bb
SHA256 340603542a5fb8311c261cf3b5092237a176e326d07582c1cb4aef21252d9a83
SHA512 e0291f48a80422997c0a824c603e8c85694a0afb4493c71ded88050157d61b092e7559ab8ad8f73bbd7ee218c4b73e300edca417eb9a01e72e16d4a3e219f53d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d02e4dd557b021fb93b125d11757c2e1
SHA1 867559d660bb774bf1ee2ebf03090581c7e73ecf
SHA256 2f346152161133b8e9744a71a197554b70a5d1b066ff2f7af6982d5f777de305
SHA512 ae3a6b40445d903758a6760af7bfd388d568f6e13269b02b6186eca54942138d34d403e97f3b7c0bf42a397cf313e958d23076479013483388b0834af04dda5f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a3b9a6c47e6af867ae142c57f7533db7
SHA1 c60f919333ad2352d935572e02cb26688a485bde
SHA256 8a8f9b67a3408e04685c9c9e7717ebc102beda6ab4b749f15fbc1a4036c5dff6
SHA512 3e104aa048fa1ef266812b84b90966c84f80b656833091da58193ee9d6b650b8474a36a9099b56c1421c27c89da268e665a59825440637a5ae398e3ac910f2fc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6d8752f9e6ff2f24c43861ef2468cdeb
SHA1 c6f300f96ce4ca8617fba8b9fc082eb090258b79
SHA256 ede45c0f1de09730f005532e20b49879e977aec93787f377cbf856abb75e3732
SHA512 43a55b1df2b919be903e4a83ebe2a98c28aab0e683429b2773b2975103b06842c47faa49283e3d2656f57945de10fb8feaf6743d5e60b1a826f021f20d995594

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 61f8e7fe6604856a8f91d2d11bdcb048
SHA1 527e1f1585b3a593b6f97a04ed821120893ca24b
SHA256 edcd6b81fd890f0d837838abc45d1c9b2e13c5696fc098f239e6c9b2b451cc56
SHA512 32893d096c752a30ceb6e19274ff06e5dda598ca2a6af861e7aed315c6ff5d204a956b1b197a792900c0ab154a200233a25e8b7d28855259411472ddaffa6eef

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d25ba0dc07717410f95f3ceeeb22790c
SHA1 f3cef1af2fdd9ba448640bbad4adfab73603884a
SHA256 0c78bdd592f4b92961f18b8e2b462638d125912221df2428e3d3b47c3c57a619
SHA512 00da40d7fbc67f03d0cdb10258f57d7e2a9ba1d52b3728a672f096f92afec21902f09c6b40525852e4e271393064d2654c8c37c3fb4524778b5d2080a2b4f9db

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 be9492fbe02e71c39ea8d4cc88d65c8f
SHA1 62750d5caaf4ad2edc2dd02ba272602ad8f10ba5
SHA256 cf0fb817bf416f214bc23605e92148c0991208dd5bd427d59fd9f66b901f40bd
SHA512 a68a01a75e889fbd38c157db306602c72d4c15124b7ecfac3784e7be24bff6f94fb6581dcf355d72d63c24c7c7b50efd5ae3a034635741201920983970a93d17

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 70c4f1ff133c5f160ba4ba95f8b8047b
SHA1 1442367e59b1453f82eb1d889913178c8865d6f4
SHA256 1f90cc3118c34111a87d7bd25266e9602ae63fc7f9ce32ebeb66b5e6d56b6481
SHA512 254340dbc20b62a08fbe5b35d4e411acf32995a9d180dad805c18b6885d36095b663c479bb916f754ea18fe0527a198ff22fc4b22463b30da86f858b403bceed

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 065d0f884291b817a96211e82acadc2c
SHA1 803d0d6f160d9d28b4f72775b6324d212cbc8cea
SHA256 f4acaa0203859853f31fe90a1e234fd10accf381f3d6ff52e28b2babfe39a8c8
SHA512 c7e76649570e286b1b6b43edf5df8b445af4fd5bd1413e17979c5c71affcf4385b9deffb33c7c872aa1b5c9a5a67ad585ed791ee06a9430feb076a32f21a91b8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e1168d4845a807039110f41a35812fca
SHA1 89a230d85bab161aeb1e26c244665bf154471786
SHA256 e356e86d985bb9f9769acb8a28707a19f40c384f970e2835503dbf45eaeb3b7c
SHA512 59a967d91da96ba4a803a415dc3a1bda741070667e4bf418514a4ab87305a943b9a80d467ae835c4601760cf2107c83cbd30cba1ac7ff23f5f88ee8e34ced7b0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0f072d872289dee57d617b649d991682
SHA1 f24a0366a60432d3ba163bd2c8151bb89d69246f
SHA256 16725d9607ea527d1a215bb6945496d0100e45b9856fd403d06ddc169f2105d3
SHA512 efee01fc0dd2eb746bcc56ae0f07d07307507c0b4354d6b4f882cdf30941665fd2a567db2111ecab4120606688908f3e2234777ff6e9d2b00883c784de52ba74

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OOWQLMJV\3604799710-postmessagerelay[1].js

MD5 40aaadf2a7451d276b940cddefb2d0ed
SHA1 b2fc8129a4f5e5a0c8cb631218f40a4230444d9e
SHA256 4b515a19e688085b55f51f1eda7bc3e51404e8f59b64652e094994baf7be28f2
SHA512 6f66544481257ff36cda85da81960a848ebcf86c2eb7bbe685c9b6a0e91bca9fc9879c4844315c90afd9158f1d54398f0f1d650d50204e77692e48b39a038d50

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IFGNZ1XG\rpc_shindig_random[1].js

MD5 23a7ab8d8ba33d255e61be9fc36b1d16
SHA1 042d8431d552c81f4e504644ac88adce7bf2b76f
SHA256 127ffe5850ed564a98f7ac65c81f0d71c163ea45df74f130841f78d4ac5afad5
SHA512 e7c5314731e0b8a54ab1459d7199b36fc25cd0367bc146f5287d3850bd9fe67ba60017d79c97ea8d9a91cd639f2bc2253096ce826277e7088f8abfe6f0534b63

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ddfcb513a8fb7471159bae22a2004541
SHA1 5eb9b91c7c82f8ad6f58b5c9bb4cee99dee6591b
SHA256 0da274a8c3e775f268b977af12c6ab1fea1eae4225e3627b7c1fb27c6b158236
SHA512 86e24a33c05413b71e066034d7e078a338df8fd5ee91755b46c0b58d437063df79fffa70f859d4758c1e47036107cebf1d67af72f2bd93d336c4880cbc058019

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-10 12:34

Reported

2024-05-10 12:42

Platform

win10v2004-20240508-en

Max time kernel

148s

Max time network

160s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2f202b71bb455a16e350bbdc381b9f49_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2944 wrote to memory of 644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 1012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 1012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 1012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 1012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 1012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 1012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 1012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 1012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 1012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 1012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 1012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 1012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 1012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 1012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 1012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 1012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 1012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 1012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 1012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 1012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 1012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 1012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 1012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 1012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 1012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 1012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 1012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 1012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 1012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 1012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 1012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 1012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 1012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 1012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 1012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 1012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 1012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 1012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 1012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 1012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 1276 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 1276 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 2524 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 2524 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 2524 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 2524 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 2524 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 2524 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 2524 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 2524 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 2524 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 2524 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 2524 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 2524 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 2524 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 2524 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 2524 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 2524 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 2524 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 2524 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 2524 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2944 wrote to memory of 2524 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2f202b71bb455a16e350bbdc381b9f49_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8591c46f8,0x7ff8591c4708,0x7ff8591c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,16177454861529731637,17542392869782613955,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,16177454861529731637,17542392869782613955,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,16177454861529731637,17542392869782613955,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,16177454861529731637,17542392869782613955,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,16177454861529731637,17542392869782613955,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,16177454861529731637,17542392869782613955,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,16177454861529731637,17542392869782613955,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,16177454861529731637,17542392869782613955,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4356 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,16177454861529731637,17542392869782613955,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2492 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,16177454861529731637,17542392869782613955,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6200 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,16177454861529731637,17542392869782613955,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6476 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,16177454861529731637,17542392869782613955,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6476 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,16177454861529731637,17542392869782613955,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3060 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,16177454861529731637,17542392869782613955,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6488 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,16177454861529731637,17542392869782613955,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,16177454861529731637,17542392869782613955,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 69.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 maxcdn.bootstrapcdn.com udp
GB 216.58.204.74:80 fonts.googleapis.com tcp
GB 142.250.200.9:443 www.blogger.com tcp
GB 172.217.16.234:80 ajax.googleapis.com tcp
US 104.18.11.207:445 maxcdn.bootstrapcdn.com tcp
GB 216.58.204.74:80 fonts.googleapis.com tcp
GB 142.250.200.9:443 www.blogger.com tcp
GB 172.217.16.234:80 ajax.googleapis.com tcp
US 8.8.8.8:53 apis.google.com udp
GB 216.58.201.110:443 apis.google.com tcp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 9.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 234.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 widget.bloglovin.com udp
US 104.18.10.207:445 maxcdn.bootstrapcdn.com tcp
US 8.8.8.8:53 maxcdn.bootstrapcdn.com udp
US 104.18.10.207:139 maxcdn.bootstrapcdn.com tcp
GB 216.58.212.195:80 fonts.gstatic.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 104.26.2.87:443 widget.bloglovin.com tcp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 8.8.8.8:53 yourjavascript.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 8.8.8.8:53 greenlava-code.googlecode.com udp
IE 172.253.116.82:80 greenlava-code.googlecode.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
GB 142.250.200.9:443 www.blogger.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
GB 142.250.187.225:80 4.bp.blogspot.com tcp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 8.8.8.8:53 87.2.26.104.in-addr.arpa udp
US 8.8.8.8:53 82.116.253.172.in-addr.arpa udp
US 8.8.8.8:53 30.179.139.118.in-addr.arpa udp
US 8.8.8.8:53 1.bp.blogspot.com udp
GB 142.250.187.225:80 1.bp.blogspot.com tcp
US 13.248.169.48:80 yourjavascript.com tcp
US 8.8.8.8:53 3.bp.blogspot.com udp
GB 142.250.187.225:80 3.bp.blogspot.com tcp
US 8.8.8.8:53 2.bp.blogspot.com udp
GB 142.250.187.225:80 2.bp.blogspot.com tcp
BE 2.17.107.107:443 www.bing.com tcp
US 8.8.8.8:53 225.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 48.169.248.13.in-addr.arpa udp
US 8.8.8.8:53 107.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 resources.blogblog.com udp
GB 142.250.200.9:443 resources.blogblog.com tcp
GB 142.250.187.225:80 2.bp.blogspot.com tcp
US 8.8.8.8:53 www.bloglovin.com udp
US 104.26.2.87:80 www.bloglovin.com tcp
US 8.8.8.8:53 lh6.googleusercontent.com udp
US 8.8.8.8:53 bloggernetwork.e-tailwebstores.com udp
GB 142.250.200.33:443 lh6.googleusercontent.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 33.200.250.142.in-addr.arpa udp
GB 142.250.178.2:445 pagead2.googlesyndication.com tcp
GB 142.250.180.2:139 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 142.53.16.96.in-addr.arpa udp
US 8.8.8.8:53 lh5.googleusercontent.com udp
GB 216.58.201.110:443 apis.google.com udp
GB 142.250.200.33:445 lh5.googleusercontent.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 developers.google.com udp
GB 216.58.212.238:80 developers.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
IE 209.85.203.84:443 accounts.google.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
GB 142.250.200.9:443 resources.blogblog.com udp
IE 209.85.203.84:443 accounts.google.com tcp
GB 216.58.212.238:443 developers.google.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 142.250.179.227:443 ssl.gstatic.com tcp
US 8.8.8.8:53 238.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 84.203.85.209.in-addr.arpa udp
US 8.8.8.8:53 227.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 lh5.googleusercontent.com udp
GB 142.250.200.33:139 lh5.googleusercontent.com tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
GB 216.58.212.195:445 fonts.gstatic.com tcp
GB 216.58.212.195:139 fonts.gstatic.com tcp
GB 142.250.178.2:445 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
GB 142.250.180.2:139 pagead2.googlesyndication.com tcp
IE 209.85.203.84:443 accounts.google.com udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 snapwidget.com udp
US 104.26.9.123:80 snapwidget.com tcp
IE 172.253.116.82:80 greenlava-code.googlecode.com tcp
US 104.26.9.123:443 snapwidget.com tcp
US 8.8.8.8:53 apps.identrust.com udp
US 2.18.190.81:80 apps.identrust.com tcp
GB 216.58.201.110:443 apis.google.com udp
GB 142.250.187.225:80 2.bp.blogspot.com tcp
GB 142.250.200.33:445 lh5.googleusercontent.com tcp
GB 142.250.187.225:80 2.bp.blogspot.com tcp
GB 142.250.187.225:80 2.bp.blogspot.com tcp
GB 216.58.212.238:443 developers.google.com udp
GB 142.250.187.225:80 2.bp.blogspot.com tcp
GB 142.250.187.225:80 2.bp.blogspot.com tcp
GB 142.250.200.33:443 lh5.googleusercontent.com udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 104.16.79.73:443 static.cloudflareinsights.com tcp
US 8.8.8.8:53 123.9.26.104.in-addr.arpa udp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 81.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 lh5.googleusercontent.com udp
GB 142.250.200.33:139 lh5.googleusercontent.com tcp
US 8.8.8.8:53 200.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 73.79.16.104.in-addr.arpa udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 theragerwagerblog.blogspot.com udp
GB 142.250.200.9:443 www.blogger.com udp
GB 216.58.201.97:80 theragerwagerblog.blogspot.com tcp
US 8.8.8.8:53 97.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 131.72.42.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 439b5e04ca18c7fb02cf406e6eb24167
SHA1 e0c5bb6216903934726e3570b7d63295b9d28987
SHA256 247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654
SHA512 d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

\??\pipe\LOCAL\crashpad_2944_QSALESPCSRSSLKZA

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a8e767fd33edd97d306efb6905f93252
SHA1 a6f80ace2b57599f64b0ae3c7381f34e9456f9d3
SHA256 c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb
SHA512 07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2dcb375c3ce0a3741ff0edee3f891441
SHA1 ee5d9fb21be71196b0cf495e086ef5a6884626d7
SHA256 96f642c1c1e2fe62f39dcd7304d76585bfbf1b91c8fb3f6995d5d7f1a1be5639
SHA512 f1e9d16c741672ce0e400055229abec9ec232962e7129167a0d006fa980caa08d19353ad02d2ac41df17431d88d58b1ea75c5f3bcc8941ab747d0d267951576d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 65b4503203078ec5025954b9ce3a5c41
SHA1 fa233df60c8084188736547f2bf02f47f1411392
SHA256 80284f43acdae678a0cd2cdb4d9797a677773fb62109129c8c46b86e7e776689
SHA512 d85dd321a18ee17b3bd390180a08f91303817ca893d5af774c5a45abc13ba3d528ef121a0e94692207747da000129334c0d2e522c78bd53547be13d967e8b47c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d554fe20bf55889f922a9c19a62d6c61
SHA1 8c008dd12aecfb3774dbb5dc09cb2a7463642ea2
SHA256 bbf4ca1e2bebf4762e4aa33cbdc23d1d3a8c6afc6bfff8c41a1ba310281daa5f
SHA512 2bb5065bf72bacd69a944443d613c3cf360f0de8c761f2393c1f31e1779b12f7ec7f0821ff87aad14d31c5e71c101bdb57546549193b837b63ae5e2f55edbed9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

MD5 5e74c6d871232d6fe5d88711ece1408b
SHA1 1a5d3ac31e833df4c091f14c94a2ecd1c6294875
SHA256 bcadf445d413314a44375c63418a0f255fbac7afae40be0a80c9231751176105
SHA512 9d001eabce7ffdbf8e338725ef07f0033d0780ea474b7d33c2ad63886ff3578d818eb5c9b130d726353cd813160b49f572736dd288cece84e9bd8b784ce530d5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 d4a6d36a5fe6876042b5bd069ac32fa2
SHA1 f4401f780971004decb40120c3bf70e5fffb852a
SHA256 8636548941c63e0fe1d4cd8432d49db6316b6e91f2906be511b1ef60d53eb570
SHA512 0cf22ddba4461e46b201732f5bb6ca57bb9a84aca461be51f550728defc5be6e8a2405ee760d7400258d8b5901bfab85b35ca669724cba04864f7a597e6fdc12

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 d05f56d350ba4e767d0e77c8700f39e6
SHA1 c55ae6fed925f1b85293e64b32ce1143bfcbb7ba
SHA256 47ec788ef16be4faae719412314b07001f6e020a34a5e6f44affa02c138fb5ed
SHA512 b7147cef1c5aa5d0224ac1cbe484900dd21bc6c9513dc18d24d5282f29755ea2b25e3a3f4aa29845c16bf66d22a568f78097ea2abb771b315e4ae6170251735a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3d0d4018db429d34e02d5244b27a17ef
SHA1 dc837ef14915442f35e3090554743f394dcada4a
SHA256 6494786a5d04ef7ff987537de8206919d597796e05b1bd062f4d7445de7826d2
SHA512 6f8346d6a4b232079bd9e736be233cb0354ebac9b4cbeec80a168e66e0233fbc8b51bc65717bc86f8bdc968daaca8ccf884af8aa9313c1a19beb800c11a6def3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe592a52.TMP

MD5 86bdb30a2dc1e13c9fdb0840d3987349
SHA1 b200caaaf5924d90209d5c3d73de0bb90e772444
SHA256 2b9298cc7c91f17bdde727e7a5ba68cda3f3f229de227882bebec0af5a12acd2
SHA512 29fa99e09dde81d70da75759ed6f30cde1c26a66c6a20f0130ff3f9eb80f5cc09de9cf22baaf5bd2692791bedf3ba3cf1901fb2608897b583b39151b3d5b88b9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 67cf8b4fb27bfdbd0459aef244eeb22d
SHA1 bcbd836eed13cf2ad842026cef7d3c3d6f22b70a
SHA256 407d8439458c2b1aeb35ebed0f0e978c7864edf75d7537da8b8c02d171b86427
SHA512 4ed0a84af79b893875fbf6cb573f9313dc1bbba5bb9a74ea111160a47c090b0a727d02f96eaebb5578b918537c8532ad294d13cf503366eca9b8c2c96a5179d4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 32143e4dc6da34f2ecad86df0b8af4f6
SHA1 1a8688588511eda29ec25524293033ffba43aa07
SHA256 1248b910db483276764fa3c571a9135bb74aee91e3c541a31bb1f9f20fccb219
SHA512 9c4a896f86463007513c56a111f68e2e7afcb542643f4893fc8f889d7f7b3b933fc10a7be5fb24737f94470c4b8115e8ad2f28f4adec2be9d7c4b91022b6227b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 26b55ccc3b1ff7ce0a1c78565f45b856
SHA1 5933324a881672aa80e366b3d19b04203f2da575
SHA256 ce690c790b55d093250fede1ebcaa75c055d6ff4f28907c882902cd86e6fd28b
SHA512 3f275a7507798c1c70a5cde5ac53375299a3577a8c898ba7990d0dda91b346545aca36b1b0da62102d8ef0f7033f978a2665f0f3133fa2c83483cdf4402f1d3f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 abf74146a4eb17af3904bf40d0d0b076
SHA1 8c8079e58ca61d11ecf6057bedd7fca35092b8de
SHA256 c9360369f2ae6e72266d23e369aac39304e4136b0c3fff158be5a4a1f474c154
SHA512 1e33d8bdb70db9436c7baf0a1deb676cb973b772e941d7cd10b0b83afacee0cc1bc645391e7966942caec8ded72e7fad856fae7397b2282721cbfc7b79b45f01