Malware Analysis Report

2024-10-19 02:45

Sample ID 240826-fcqypsxclk
Target c24e42ea9b6872fee74429c72a81e830_JaffaCakes118
SHA256 47af150d1cad62718c53aac9cc57fbf9a7a377bab28c3c303c1a02adb8efb58d
Tags
socgholish discovery downloader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

47af150d1cad62718c53aac9cc57fbf9a7a377bab28c3c303c1a02adb8efb58d

Threat Level: Known bad

The file c24e42ea9b6872fee74429c72a81e830_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

socgholish discovery downloader

SocGholish

System Location Discovery: System Language Discovery

Browser Information Discovery

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-26 04:43

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-26 04:43

Reported

2024-08-26 04:46

Platform

win7-20240705-en

Max time kernel

143s

Max time network

147s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c24e42ea9b6872fee74429c72a81e830_JaffaCakes118.html

Signatures

SocGholish

downloader socgholish

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CD8B5511-6365-11EF-8A22-66D8C57E4E43} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000082ebb0b9d6f3f0458e93e15bd38f268f000000000200000000001066000000010000200000007b66b4217bc680b669545e854b57cb526f89b84241f46ce48b01ed56affed014000000000e8000000002000020000000b9b4e7a7560214324d125278b16416e2b240b5cd2ac3296a15c5e852f61a011020000000b498979ced1c5dcad19ae05c51f28ed5707a29f96c18ea0f1023fd52ea9ecc31400000007058c196e949e78ee1e1575b33a8b32773cb76b91a50e2f5068951d56092f139323b7d433109896cd61d02f7726cc367d9e1c2217d344a10458f6bc78fa7cb26 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000082ebb0b9d6f3f0458e93e15bd38f268f00000000020000000000106600000001000020000000b07d0a9a14f199effa5f293f85ae18c2306e6628eebe8d28274e8c66df04bf91000000000e80000000020000200000001b4e6f3267c2b0e1814a5d1dd99dcfed476a40506164fd4ab3f0e8636c3cfe2b90000000d3638fb2e319625d3317472333b647d0a9bed738a202f7d69c2b2d6a7cb50dc6bcfe3e11d1423a03e78016f5d72dccdec9392b1c4831e6a2eadaa7ccfe90bbdd7c081605219c9fc6f0ae94ce5388c6d95dca086d6b335ae82ffb49fa20aaacf1b9bc08f10218d73b1f850a539241ba68525a99efd197ca05ebdac245e798c65d4667710dfa7e96d7713e00c33082cb854000000066c50198b190e2829c0fec5171fdc80d9cc2a13d9f01aa153baf28fbf660096993a91e833975f342c048c9503d818539d5d346989d8162a5c4930f7fbfc37eb8 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 303110c072f7da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430809304" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c24e42ea9b6872fee74429c72a81e830_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1752 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.blogger.com udp
FR 142.250.179.105:443 www.blogger.com tcp
FR 142.250.179.105:443 www.blogger.com tcp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
US 8.8.8.8:53 o.pki.goog udp
FR 216.58.214.163:80 o.pki.goog tcp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 i284.photobucket.com udp
FR 142.250.201.162:80 pagead2.googlesyndication.com tcp
FR 142.250.201.162:80 pagead2.googlesyndication.com tcp
FR 142.250.179.105:443 resources.blogblog.com tcp
FR 142.250.178.142:443 apis.google.com tcp
FR 142.250.179.105:443 resources.blogblog.com tcp
FR 142.250.178.142:443 apis.google.com tcp
FR 142.250.179.97:80 2.bp.blogspot.com tcp
FR 142.250.179.97:80 2.bp.blogspot.com tcp
FR 172.217.20.174:80 www.google-analytics.com tcp
FR 172.217.20.174:80 www.google-analytics.com tcp
GB 216.137.44.119:80 i284.photobucket.com tcp
GB 216.137.44.119:80 i284.photobucket.com tcp
FR 142.250.179.97:80 2.bp.blogspot.com tcp
FR 142.250.179.97:80 2.bp.blogspot.com tcp
GB 216.137.44.119:443 i284.photobucket.com tcp
FR 216.58.214.163:80 o.pki.goog tcp
US 8.8.8.8:53 www.blogblog.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 media-cache-ak0.pinimg.com udp
US 8.8.8.8:53 images-blogger-opensocial.googleusercontent.com udp
FR 142.250.179.97:80 1.bp.blogspot.com tcp
FR 142.250.179.97:80 1.bp.blogspot.com tcp
FR 142.250.179.97:80 1.bp.blogspot.com tcp
FR 142.250.179.97:80 1.bp.blogspot.com tcp
FR 142.250.179.97:80 1.bp.blogspot.com tcp
FR 142.250.179.97:80 1.bp.blogspot.com tcp
FR 142.250.179.97:80 1.bp.blogspot.com tcp
FR 142.250.179.97:80 1.bp.blogspot.com tcp
US 8.8.8.8:53 media-cache-ec0.pinimg.com udp
US 8.8.8.8:53 www.bloglovin.com udp
US 8.8.8.8:53 www.teacherspayteachers.com udp
US 8.8.8.8:53 img1.blogblog.com udp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 i281.photobucket.com udp
FR 142.250.179.105:80 img1.blogblog.com tcp
FR 142.250.179.105:80 img1.blogblog.com tcp
FR 142.250.179.97:80 1.bp.blogspot.com tcp
FR 142.250.179.97:80 1.bp.blogspot.com tcp
FR 142.250.179.97:80 1.bp.blogspot.com tcp
FR 142.250.178.129:443 images-blogger-opensocial.googleusercontent.com tcp
FR 142.250.179.97:80 1.bp.blogspot.com tcp
FR 142.250.179.97:80 1.bp.blogspot.com tcp
FR 142.250.179.97:80 1.bp.blogspot.com tcp
GB 151.101.188.84:80 media-cache-ec0.pinimg.com tcp
FR 142.250.178.129:443 images-blogger-opensocial.googleusercontent.com tcp
GB 151.101.188.84:80 media-cache-ec0.pinimg.com tcp
FR 142.250.179.97:80 1.bp.blogspot.com tcp
FR 142.250.179.105:443 img1.blogblog.com tcp
FR 142.250.179.97:80 1.bp.blogspot.com tcp
FR 142.250.179.97:80 1.bp.blogspot.com tcp
FR 142.250.179.97:80 1.bp.blogspot.com tcp
FR 142.250.179.97:80 1.bp.blogspot.com tcp
FR 142.250.179.97:80 1.bp.blogspot.com tcp
GB 151.101.188.84:80 media-cache-ec0.pinimg.com tcp
GB 151.101.188.84:80 media-cache-ec0.pinimg.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 172.67.74.169:80 www.bloglovin.com tcp
US 172.67.74.169:80 www.bloglovin.com tcp
US 172.64.150.27:80 www.teacherspayteachers.com tcp
US 172.64.150.27:80 www.teacherspayteachers.com tcp
GB 216.137.44.17:80 i281.photobucket.com tcp
GB 216.137.44.17:80 i281.photobucket.com tcp
FR 142.250.179.105:80 img1.blogblog.com tcp
FR 142.250.179.105:80 img1.blogblog.com tcp
US 8.8.8.8:53 i.pinimg.com udp
US 172.67.74.169:443 www.bloglovin.com tcp
GB 216.137.44.17:443 i281.photobucket.com tcp
FR 142.250.179.97:80 1.bp.blogspot.com tcp
FR 142.250.179.97:80 1.bp.blogspot.com tcp
FR 142.250.179.97:80 1.bp.blogspot.com tcp
FR 142.250.179.97:80 1.bp.blogspot.com tcp
FR 142.250.179.105:443 img1.blogblog.com tcp
FR 142.250.179.105:443 img1.blogblog.com tcp
US 8.8.8.8:53 www.lauracandler.com udp
US 8.8.8.8:53 www.google.com udp
FR 142.250.179.105:443 img1.blogblog.com tcp
FR 142.250.179.105:443 img1.blogblog.com tcp
GB 2.17.209.65:80 i.pinimg.com tcp
GB 2.17.209.65:80 i.pinimg.com tcp
FR 142.250.179.97:80 1.bp.blogspot.com tcp
FR 142.250.179.97:80 1.bp.blogspot.com tcp
FR 142.250.179.97:80 1.bp.blogspot.com tcp
FR 142.250.179.97:80 1.bp.blogspot.com tcp
US 172.64.150.27:443 www.teacherspayteachers.com tcp
FR 142.250.179.97:80 1.bp.blogspot.com tcp
FR 142.250.179.97:80 1.bp.blogspot.com tcp
FR 142.250.179.97:80 1.bp.blogspot.com tcp
FR 142.250.179.97:80 1.bp.blogspot.com tcp
FR 142.250.179.68:80 www.google.com tcp
FR 142.250.179.68:80 www.google.com tcp
US 160.153.0.164:80 www.lauracandler.com tcp
US 160.153.0.164:80 www.lauracandler.com tcp
US 8.8.8.8:53 www.theorganizedclassroomblog.com udp
US 8.8.8.8:53 bp3.blogger.com udp
US 8.8.8.8:53 bp0.blogger.com udp
US 8.8.8.8:53 i1197.photobucket.com udp
US 8.8.8.8:53 i149.photobucket.com udp
US 8.8.8.8:53 theblogfrog.com udp
US 8.8.8.8:53 www.teachpreschool.org udp
US 8.8.8.8:53 greenlava-code.googlecode.com udp
US 8.8.8.8:53 ss.webring.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 edublogs.org udp
US 172.67.153.124:80 ss.webring.com tcp
US 172.67.153.124:80 ss.webring.com tcp
FR 142.250.201.174:80 bp0.blogger.com tcp
FR 142.250.201.174:80 bp0.blogger.com tcp
IE 172.253.116.82:80 greenlava-code.googlecode.com tcp
IE 172.253.116.82:80 greenlava-code.googlecode.com tcp
US 34.172.164.229:80 www.teachpreschool.org tcp
US 34.172.164.229:80 www.teachpreschool.org tcp
US 8.8.8.8:53 webring.com udp
US 8.8.8.8:53 teachpreschool.org udp
FR 142.250.179.97:443 1.bp.blogspot.com tcp
FR 142.250.179.97:443 1.bp.blogspot.com tcp
FR 142.250.179.97:443 1.bp.blogspot.com tcp
FR 142.250.179.97:443 1.bp.blogspot.com tcp
FR 142.250.179.97:443 1.bp.blogspot.com tcp
FR 142.250.201.174:80 bp0.blogger.com tcp
FR 142.250.201.174:80 bp0.blogger.com tcp
US 50.57.249.146:80 www.theorganizedclassroomblog.com tcp
US 50.57.249.146:80 www.theorganizedclassroomblog.com tcp
FR 142.250.179.74:80 ajax.googleapis.com tcp
FR 142.250.179.74:80 ajax.googleapis.com tcp
US 67.205.57.36:80 theblogfrog.com tcp
US 67.205.57.36:80 theblogfrog.com tcp
US 104.16.1.23:80 edublogs.org tcp
US 104.16.1.23:80 edublogs.org tcp
GB 216.137.44.17:80 i149.photobucket.com tcp
GB 216.137.44.17:80 i149.photobucket.com tcp
GB 216.137.44.112:80 i149.photobucket.com tcp
GB 216.137.44.112:80 i149.photobucket.com tcp
FR 142.250.179.97:443 1.bp.blogspot.com tcp
GB 216.137.44.17:443 i149.photobucket.com tcp
GB 216.137.44.112:443 i149.photobucket.com tcp
FR 142.250.179.97:80 1.bp.blogspot.com tcp
US 104.16.1.23:443 edublogs.org tcp
FR 142.250.179.97:80 1.bp.blogspot.com tcp
US 34.172.164.229:80 teachpreschool.org tcp
US 34.172.164.229:80 teachpreschool.org tcp
US 67.205.57.36:443 theblogfrog.com tcp
US 104.21.3.96:443 webring.com tcp
US 104.21.3.96:443 webring.com tcp
US 67.205.57.36:443 theblogfrog.com tcp
US 8.8.8.8:53 www.theblogfrog.com udp
US 67.205.57.36:443 www.theblogfrog.com tcp
US 67.205.57.36:443 www.theblogfrog.com tcp
US 8.8.8.8:53 download.adobe.com udp
GB 92.123.140.146:80 download.adobe.com tcp
GB 92.123.140.146:80 download.adobe.com tcp
US 50.57.249.146:80 www.theorganizedclassroomblog.com tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 92.123.142.59:80 crl.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\CabB1C4.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\TarB2A2.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 42fce49e70b2b5ff0ef2771e3c686a52
SHA1 1c2d99db79145599e0e939b8b2c8d7d0ce8313e3
SHA256 c465e0cf16ead3e0cb0a263785b1f77fa15ec38cc11db24adaded7b5041dd426
SHA512 4c24fe2d1e3bcd96735e254d7d9496db4f421b7a47e59300f3d9a0a5466c76f4f949c136a20262e6cb727f664aac735692eed0d60831d4fc69acb123fc16a718

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BVY7RUMW\f[1].txt

MD5 e4bf7412481d9f54b6819b519c46995a
SHA1 cfae1bb7e881bda936701c00b8c429c4f51d112b
SHA256 54d4a01f2955f252240d780cc061c06e71adcf0d7302526070286afdd6aa8dc5
SHA512 425ffea7a1db31aa0b35690f1cf84563a8f4432e07c33aa5dc84b976689ed1ce8027f4e644a4650070e68212091cc6feef736e6bdfb240f38b9c89217983422d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 da9a6fbb2f4daeaf9033faf0b8d23dab
SHA1 e4f6b896d139c8e658b3cb4d85f5ab2eb9ff69cf
SHA256 3cb41a841c4f71c7d3b2ff7ae82a068ad16169a31b1214ed2e34cc511a02576a
SHA512 eaec6fd86ceeb66bef1f39c834093a5e6068c3c65cf2d522e8d35940439e663b0e1dcaa83ab4c07994b461a22e4d509486c4c53f05d7636771027231ab7159b9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 d6ffe1cea41d0720b6a2a6a51d6e8ebe
SHA1 9ba0ff8b10a309fbb211eecf2ca977ee78f28ece
SHA256 e2b741e811f5fb48d60164beb1f02c51f7781f95892967acf5690c306a70bd76
SHA512 6753b4737aab46d591c4d782c9c4089fa07c87a7c525498c79b87f620d608c71616e0ad773d8dd7e0621ad92ad17722ac4bec5fd1e2713b0bb8083bf568bb11c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 68f30bc77b1aa2a199f3aa9f184e05b0
SHA1 80f71ea88a11494d76eb0852fb1f9e4836fd76ad
SHA256 463b921def4b41ade0635cd9d74abbdc6903dd19930eff81a69fabe7ee178315
SHA512 fbe913a33fe7b75760dad346605788885ee4166d6353155039e898489307b370fbd97c95c6aeb340da58bfe02369913f2eeed5d33aeae2bf9f5f63adc2a59544

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dc81079ada327e2c9f73b919ed0c947f
SHA1 f437a262d14e363cc4d3d6a7832906cd2db1cf92
SHA256 2b6084f23a0f8e703aaffa4a7b1a4077366cd571bf4000aa9dd0c7394a926c6a
SHA512 c921c3356fcef8893e777d78c92148fe5ddbe1116cc083997b5ae6f238e7101fd7c49261a90d52d87f6b8e7f0d4feddae50fb80590a95935f9991f31f19d7a04

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 09fe27cea8087fba30c4d851a06df775
SHA1 d1c187d10be560f5ed97795452d5482407e9fbeb
SHA256 c681e168870c443e3171f53238a1e5fe12b5953eb467fd7bf60786b420539aeb
SHA512 780fc0b9109600b6c38e6acee455db7bc6e5a975078a8f912f195cda29826122e00ef5276cebbad336dde4cc1aae9783937f9561f3c82121f385844bdf89600e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a5c805543787f284dd2acb0bdc44a529
SHA1 e106cecca73b84def001225c1477553c7807e397
SHA256 89e11a73dc10e4edcb0ffbfbeb51aba3663807d0ccd176ff3a226bed95b395e1
SHA512 ff6415a3491d1d2b6ce3611073a584f27469f77d907a4f23ada496c2a891ed2a894464e5b81e281e5d1bc81e511f28c669d777ab2bd5a3ab0529cf50b76181a3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a0ee001aa0d6b884fdd879213308e045
SHA1 48ddf1298464c96e8ca605f2d5e17758aa5cd645
SHA256 8a090970291fae5f33c9864cc4d613b3e9964c10f7ef470b3106b774a187e2a3
SHA512 de9749fa6dfc6072d47ed367fdda65953b2d3bedf3925a2c5d3c53d41cc9933f6f9f9446dfda1fb8db403cf7eec59e8e1d1610bbc975470a761849f51e911299

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9d3966c5270a9da02df229c7b7b413cb
SHA1 cc276d06a1ac4759457426ede2b011b39bb35cb3
SHA256 2a834ffa815e0596cb961ca1a4a132926f8279e6c35e84bdf6d459eb7ca1571c
SHA512 16278b1ef4a0e2a2ef59aee9b118d20accbce96197fe797153d452d1f56dd1bf8828393011fdb0c6f1118d7c24d36d6e918872da4cc30c91532bf4c6812c76d6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 f8687fd413508d929d815dfabec08b19
SHA1 8e73e941693b11e4e0589fa3676094694c674302
SHA256 325aa511bfadccd8ca875ce49f078b247013321b442d9ba74e20e28a41508f2b
SHA512 e1de54a0e3a25c08074c3500ba378707ca2d2526f8a2f747f554d4720466a2ef30a4710e7f78293406944bc6e7eb90dbb1778de52b53c3f670953ca452fbf72a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1c360519e0830804a4c86fecec5af622
SHA1 7645c1f22a12ca60d9bf844aaec13fc4b6eda968
SHA256 82bdcd017bd317d8956e1033423723524d43d8f4df0d95174547070f1120ce33
SHA512 51f6badbece6829f2efa43da59f57f6092ead44559865e470cbf4f96930039f512f8cd6df99e0f95c924b08dddd4a8b7a1add828a58f10bd27f15e5f6ab7ed5a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 13c7e3f6a0297d5a0fb41fd308c1e5f9
SHA1 ee6086c6e050bcdf6cb0c05b067e6a45d0ea0409
SHA256 25849c670309e44196d573683708d2facd3ba721fe059420fa60e5dd5cc5fcba
SHA512 f75b7c4bc466cfc6431e8df88ba69284e7420a16dc291b6a25e1272dab0f7cfe95702c8dfd8c71c96a886a0db4b2d8b64f342fe66a94c63acde0635e7204c46c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5d18f45f38d4e8799693631c8c7937a0
SHA1 2a59b0a2d9240616dd1e6bcddef5961467fc415e
SHA256 0386eebb801e07701bcf5a40bd793c779742633318611fc838597659a2839d03
SHA512 f6ca3cbf874038ea3e9ff5aa6a4fdfdeb8f7025d1e73864e62945bdfa9d6cd915ce2e04bc58583f5ec998aa70074a31b63e5f1437feeded72cc46f38d7678940

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 88a4962d935b8b0e0be52858f0b9d4f5
SHA1 a333ec8c55af52d9c2945bfd07ababf1f419ed96
SHA256 1339d4b3aeb50b04730b05ce48a55b008607ac70341e08efc6052edc470132e0
SHA512 72ab4f4ad0e0794358e7bd678d97027e0cef40b91ebd3e4f21de5832f219febadb7a8f4b1506f47afc3455fd166174a6e79eb6734d4fd0992a56c0a3fbf9571c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8b702fe25a971f55d3dda3206aea8f61
SHA1 3065462fdf12206f85f8d25a1a7940e32c4d21e5
SHA256 72716fa7c381443434fd0eb41bd3b7b6fc88ff19b5756280531b3f804545a2b6
SHA512 f8505634ce25e2794d3f8a7d876f39ff1c902c78f2031542017be7b028c51d63ef194fb52258184d9d12861c08caa74da1fd810271805b900b2840f875f4c74c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c920b9a12aefc4e9716cbc0106e47dbd
SHA1 2a61b7735958c416dcb882d4f3ea7a723d53537b
SHA256 10069d477e7ad244e53194bb63526ca63a91286b04b8536cecb218a51c712894
SHA512 11be76c59361728c7f1f146dca608386e4996d12b8123acf2bf8da0d351901b0246431c51ce5871535c5bb65ba5ea7dcac1e678d8aaf16bfa3aa79305a0a7b7f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d4de7345936d5fdba30493d2e36c8118
SHA1 c43403b25bc8639216cf0387db760f3a718f6887
SHA256 8fcdbd64340553b47dcc1c36e69b0dd938ce29328bb98e74e3b76ab754509272
SHA512 c72b7e130d8c643800b46262cd9221ebb744ee3bcaafdd28362483aa10af4e809c07ee08c32ce15a99b121c215003b4b8d12716513edac144bd0adaefe5012f7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 51ab952ad241d0ccd6a3d2dee824463a
SHA1 3cf5c13f5bd1be93e4301dd0355fef3f59351552
SHA256 d540aca45c4cf4b28d98b2ec2dd71955abf3b3e9043698d3623d3f45918cf85f
SHA512 982e7f1d9516db37aa9a492216231204461e3bc6e904fdb19ecc32de144483d44e1ea4c69eed10d52606959194be69ea16bf115c17bd044cd245e0d9435599b8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9d14db60b72ed766ed452f271ecb7e1b
SHA1 003c1e51b6509f7e197c4dfd97eda1fe7340103d
SHA256 5464e2ddb871961008efafe4a4ced10178fc919755130e96514affe6cefd6ed1
SHA512 b77c81e38108572c4155305db7a321d91917e6c87306886bd2accdbb729f8fbd8fd4462e674813639e576acdf420446331e768d1c38dcd9d63633d4a6451fcde

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a4685d4c8a37643502d12e0864a184aa
SHA1 da04c73dade41c702fef5ed291eccd19ab5a1f68
SHA256 37343338f7643430ac0359d4944e1f5e678e62956a47865bb5b5cd5d7280490c
SHA512 d71bef22a76783b353ebb28a5cb036f9065b421bfdf826d896989de553c94129be290a90ac6fa965d6f4a78da7d6094aa68d7ec109665304088acf422eaf13a7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ba6c7cb67055e954300c7f2b5d4d23b7
SHA1 ffb80ad66023a5c93dba564fcbc7785ef26c468e
SHA256 7b0dee15cc35660e362accbe1a93214a8e0ab87421e6d6657348ba3de80ba13d
SHA512 31b8de401635c16703c5ed9f9b57654a8f6968cd7ac3457eb6e6fbcaeea3dc6bf0b6c0e1799111dca35d0c21e33e2362ff33aae3dcf3f9a7947db5e9c4730349

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 59bf08a549fb6aab39fadd911a317bf8
SHA1 827c901116e163cbd66000b80ac77bee3677afe0
SHA256 7c1c0fb405cdf99305ce63569c554f9786c01ffd8e0403bb0c630856cd29bedd
SHA512 fc49f86141872ae79db4e3c9f9cd198fd9a085239b41ad8dfa09e80792acf60dd0f2d931be8308ea7a3d719fa8ab2ee8e7b6357cd27732b693d957b6d04e46ae

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d40f053c2f714ba9c6c75974d0690408
SHA1 cf3fd986b919a4c3de77543336c37b3648a7815e
SHA256 00c8c90eb9650809a133429264655a25726535d1ec150a580dce9783027c753f
SHA512 6b8554c2d98851c42977f8a6d9e10c0dd8f1de3c4eaebfe1bdffc66247392edf9f91c511256b860f20ea799f2e2de6b03a49b6445a4372873af84f50f034ee0f

Analysis: behavioral2

Detonation Overview

Submitted

2024-08-26 04:43

Reported

2024-08-26 04:46

Platform

win10v2004-20240802-en

Max time kernel

145s

Max time network

148s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c24e42ea9b6872fee74429c72a81e830_JaffaCakes118.html

Signatures

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3744 wrote to memory of 1892 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 1892 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 3972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 3972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 3972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 3972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 3972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 3972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 3972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 3972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 3972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 3972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 3972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 3972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 3972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 3972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 3972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 3972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 3972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 3972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 3972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 3972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 3972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 3972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 3972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 3972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 3972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 3972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 3972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 3972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 3972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 3972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 3972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 3972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 3972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 3972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 3972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 3972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 3972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 3972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 3972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 3972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 5100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 5100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 4512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 4512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 4512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 4512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 4512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 4512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 4512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 4512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 4512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 4512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 4512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 4512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 4512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 4512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 4512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 4512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 4512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 4512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 4512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 4512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c24e42ea9b6872fee74429c72a81e830_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb08a746f8,0x7ffb08a74708,0x7ffb08a74718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,14570058681298269736,14652582905125220123,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2216 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,14570058681298269736,14652582905125220123,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,14570058681298269736,14652582905125220123,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2712 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14570058681298269736,14652582905125220123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14570058681298269736,14652582905125220123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14570058681298269736,14652582905125220123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14570058681298269736,14652582905125220123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,14570058681298269736,14652582905125220123,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6220 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,14570058681298269736,14652582905125220123,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6220 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14570058681298269736,14652582905125220123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3936 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14570058681298269736,14652582905125220123,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3960 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14570058681298269736,14652582905125220123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4092 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14570058681298269736,14652582905125220123,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,14570058681298269736,14652582905125220123,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5808 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 assets.pinterest.com udp
FR 142.250.179.105:443 www.blogger.com tcp
FR 142.250.178.142:443 apis.google.com tcp
GB 104.96.172.192:445 assets.pinterest.com tcp
FR 142.250.179.105:443 www.blogger.com udp
FR 216.58.215.34:80 pagead2.googlesyndication.com tcp
FR 142.250.178.142:443 apis.google.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 i284.photobucket.com udp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 www.blogblog.com udp
FR 142.250.179.68:80 www.google.com tcp
GB 216.137.44.17:80 i284.photobucket.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
FR 142.250.179.105:443 www.blogblog.com tcp
FR 142.250.179.105:80 www.blogblog.com tcp
FR 142.250.179.105:80 www.blogblog.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 bp3.blogger.com udp
GB 216.137.44.17:443 i284.photobucket.com tcp
FR 142.250.179.97:80 1.bp.blogspot.com tcp
FR 142.250.201.174:80 bp3.blogger.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 134.32.126.40.in-addr.arpa udp
FR 142.250.179.97:80 1.bp.blogspot.com tcp
US 8.8.8.8:53 105.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 142.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 34.215.58.216.in-addr.arpa udp
US 8.8.8.8:53 17.44.137.216.in-addr.arpa udp
US 8.8.8.8:53 68.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 97.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 media-cache-ak0.pinimg.com udp
US 8.8.8.8:53 images-blogger-opensocial.googleusercontent.com udp
FR 142.250.179.97:443 1.bp.blogspot.com tcp
GB 199.232.56.84:80 media-cache-ak0.pinimg.com tcp
IE 74.125.193.84:443 accounts.google.com tcp
FR 142.250.179.105:443 www.blogblog.com udp
FR 142.250.178.129:443 images-blogger-opensocial.googleusercontent.com tcp
US 8.8.8.8:53 i.pinimg.com udp
GB 2.17.209.65:80 i.pinimg.com tcp
FR 142.250.179.97:80 1.bp.blogspot.com tcp
US 8.8.8.8:53 assets.pinterest.com udp
FR 142.250.179.97:80 1.bp.blogspot.com tcp
FR 142.250.179.97:80 1.bp.blogspot.com tcp
US 8.8.8.8:53 i281.photobucket.com udp
FR 142.250.179.68:80 www.google.com tcp
GB 216.137.44.17:80 i281.photobucket.com tcp
GB 151.101.188.84:139 assets.pinterest.com tcp
US 8.8.8.8:53 theblogfrog.com udp
US 8.8.8.8:53 ss.webring.com udp
FR 142.250.179.68:443 www.google.com tcp
US 104.21.3.96:80 ss.webring.com tcp
US 8.8.8.8:53 ajax.googleapis.com udp
US 67.205.57.36:80 theblogfrog.com tcp
US 67.205.57.36:80 theblogfrog.com tcp
FR 142.250.179.74:80 ajax.googleapis.com tcp
US 8.8.8.8:53 webring.com udp
US 8.8.8.8:53 greenlava-code.googlecode.com udp
US 104.21.3.96:443 webring.com tcp
IE 172.253.116.82:80 greenlava-code.googlecode.com tcp
US 8.8.8.8:53 174.201.250.142.in-addr.arpa udp
US 8.8.8.8:53 84.56.232.199.in-addr.arpa udp
US 8.8.8.8:53 30.179.139.118.in-addr.arpa udp
US 8.8.8.8:53 84.193.125.74.in-addr.arpa udp
US 8.8.8.8:53 129.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 65.209.17.2.in-addr.arpa udp
US 8.8.8.8:53 107.39.156.108.in-addr.arpa udp
US 8.8.8.8:53 96.3.21.104.in-addr.arpa udp
US 8.8.8.8:53 36.57.205.67.in-addr.arpa udp
US 8.8.8.8:53 74.179.250.142.in-addr.arpa udp
US 67.205.57.36:443 theblogfrog.com tcp
US 67.205.57.36:443 theblogfrog.com tcp
FR 142.250.179.97:80 1.bp.blogspot.com tcp
US 8.8.8.8:53 a.nel.cloudflare.com udp
FR 142.250.179.97:80 1.bp.blogspot.com tcp
FR 142.250.179.97:80 1.bp.blogspot.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 67.205.57.36:443 theblogfrog.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 82.116.253.172.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 8.8.8.8:53 www.theblogfrog.com udp
FR 142.250.179.97:80 1.bp.blogspot.com tcp
FR 142.250.179.97:80 1.bp.blogspot.com tcp
FR 142.250.179.97:80 1.bp.blogspot.com tcp
GB 199.232.56.84:80 media-cache-ak0.pinimg.com tcp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
FR 142.250.179.97:80 1.bp.blogspot.com tcp
FR 142.250.179.97:80 1.bp.blogspot.com tcp
IE 172.253.116.82:80 greenlava-code.googlecode.com tcp
US 8.8.8.8:53 media-cache-ec0.pinimg.com udp
GB 151.101.188.84:80 media-cache-ec0.pinimg.com tcp
US 8.8.8.8:53 www.bloglovin.com udp
US 8.8.8.8:53 www.teacherspayteachers.com udp
US 104.26.3.87:80 www.bloglovin.com tcp
US 8.8.8.8:53 img1.blogblog.com udp
FR 142.250.179.105:80 img1.blogblog.com tcp
N/A 224.0.0.251:5353 udp
US 104.26.3.87:80 www.bloglovin.com tcp
US 104.26.3.87:443 www.bloglovin.com tcp
US 8.8.8.8:53 www.lauracandler.com udp
US 160.153.0.164:80 www.lauracandler.com tcp
FR 142.250.179.97:443 1.bp.blogspot.com udp
US 104.18.37.229:80 www.teacherspayteachers.com tcp
US 160.153.0.164:443 www.lauracandler.com tcp
US 104.18.37.229:443 www.teacherspayteachers.com tcp
US 8.8.8.8:53 87.3.26.104.in-addr.arpa udp
US 8.8.8.8:53 164.0.153.160.in-addr.arpa udp
US 8.8.8.8:53 229.37.18.104.in-addr.arpa udp
US 8.8.8.8:53 apps.identrust.com udp
GB 92.123.143.201:80 apps.identrust.com tcp
US 8.8.8.8:53 www.theorganizedclassroomblog.com udp
US 50.57.249.146:80 www.theorganizedclassroomblog.com tcp
US 216.239.38.178:80 www.google-analytics.com tcp
US 50.57.249.146:80 www.theorganizedclassroomblog.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
FR 216.58.214.162:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 bp0.blogger.com udp
FR 142.250.201.174:80 bp0.blogger.com tcp
US 8.8.8.8:53 i1197.photobucket.com udp
US 8.8.8.8:53 i149.photobucket.com udp
US 8.8.8.8:53 edublogs.org udp
GB 216.137.44.112:80 i149.photobucket.com tcp
US 8.8.8.8:53 www.teachpreschool.org udp
GB 216.137.44.119:80 i149.photobucket.com tcp
US 104.16.0.23:80 edublogs.org tcp
US 34.172.164.229:80 www.teachpreschool.org tcp
US 104.16.0.23:443 edublogs.org tcp
US 8.8.8.8:53 201.143.123.92.in-addr.arpa udp
US 8.8.8.8:53 178.38.239.216.in-addr.arpa udp
US 8.8.8.8:53 162.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 112.44.137.216.in-addr.arpa udp
US 8.8.8.8:53 119.44.137.216.in-addr.arpa udp
US 8.8.8.8:53 23.0.16.104.in-addr.arpa udp
US 8.8.8.8:53 229.164.172.34.in-addr.arpa udp
US 8.8.8.8:53 teachpreschool.org udp
US 34.172.164.229:80 teachpreschool.org tcp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 dtym7iokkjlif.cloudfront.net udp
GB 18.165.242.121:445 dtym7iokkjlif.cloudfront.net tcp
US 8.8.8.8:53 dtym7iokkjlif.cloudfront.net udp
GB 18.165.242.27:445 dtym7iokkjlif.cloudfront.net tcp
GB 18.165.242.44:445 dtym7iokkjlif.cloudfront.net tcp
GB 18.165.242.113:445 dtym7iokkjlif.cloudfront.net tcp
GB 18.165.242.113:139 dtym7iokkjlif.cloudfront.net tcp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
FR 142.250.178.130:445 pagead2.googlesyndication.com tcp
FR 216.58.215.34:139 pagead2.googlesyndication.com tcp
FR 142.250.179.105:443 img1.blogblog.com udp
US 8.8.8.8:53 ep1.adtrafficquality.google udp
US 8.8.8.8:53 rainbowswithinreach.blogspot.com udp
FR 172.217.20.162:443 ep1.adtrafficquality.google tcp
FR 142.250.75.225:80 rainbowswithinreach.blogspot.com tcp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
FR 142.250.179.97:443 ep2.adtrafficquality.google tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
FR 142.250.178.129:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 162.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 225.75.250.142.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 2783c40400a8912a79cfd383da731086
SHA1 001a131fe399c30973089e18358818090ca81789
SHA256 331fa67da5f67bbb42794c3aeab8f7819f35347460ffb352ccc914e0373a22c5
SHA512 b7c7d3aa966ad39a86aae02479649d74dcbf29d9cb3a7ff8b9b2354ea60704da55f5c0df803fd0a7191170a8e72fdd5eacfa1a739d7a74e390a7b74bdced1685

\??\pipe\LOCAL\crashpad_3744_AVDYSBXAIQTRQGQB

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ff63763eedb406987ced076e36ec9acf
SHA1 16365aa97cd1a115412f8ae436d5d4e9be5f7b5d
SHA256 8f460e8b7a67f0c65b7248961a7c71146c9e7a19772b193972b486dbf05b8e4c
SHA512 ce90336169c8b2de249d4faea2519bf7c3df48ae9d77cdf471dd5dbd8e8542d47d9348080a098074aa63c255890850ee3b80ddb8eef8384919fdca3bb9371d9f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\17b8d8ea-0d97-4ab8-a9db-f91d9dc87fc3.tmp

MD5 9cbd147234c95be28c23e9a2af14841c
SHA1 d6d477af9e054304a3861f10068b94faf1594aaf
SHA256 0fa14d82e573a4803630376da2a2d0331208197a5edd531c7550da629edba71a
SHA512 960ff7aa0db78bcec12670811b2ca5129f54f746376cac492833ec7a49b3136b32f8dc75d1fced2540c363fe1d816944f7e74596d1433c143f92119890561915

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d3156c9a83dfec6e1ca0ade06a35307f
SHA1 260f2bccdc686a489199d951c9bb34e573f59e96
SHA256 5ab07294a818398f4cbc4c223f1e1579bc9a83ac7fbc4fa8533b307619b9c7be
SHA512 43813a8e2080cd6b9fff124f54303bf139c86ca4e8770feeb45d35b50bccfb1ed10440acabff1d81230faf951dc525359a33b22ca148a35c3d4a607c45f8864e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 352eaf7893cddc7ded3c3956064b73f9
SHA1 631b14fa5caae0eca4695518d47e438f775930bc
SHA256 bbc94f2bd3e3194031be04d64b2efd642887e070ead21f56c909555fac476ebb
SHA512 0e149240545c0fa2ef838d1f22df460fcd231e4a4d9b7e7881dde36ff952f0b912ddb47e81e26fb228569a0f9d034804119214d771f794009fc3e7b7016f2812

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 35451b6bfe450203a93a352cec7da8a7
SHA1 57c247954ecab81c35f4f701cf1d577c3d13cbed
SHA256 1c72236e68d1baef1a52bf5354fe6d52b1ccd9fceb29003b85762aefc60a296c
SHA512 b60058b5a9c37739937add89e0474e1ec46568ad28886f0fc1a9bb0e5c56005762daaa98197301235c3bf70569c304c9fc1cee5d8e63c9ed7343035606dd9f4a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 bca15b3294c18bb17ef99e537bf603e6
SHA1 5e682feb2d89be18d94eb2a93c77032b2f827d5f
SHA256 954f80b68c1aa2d2070b2426b4ef882570df5e277e36f7e5d739ffb7fb920113
SHA512 f2e88c217fd79977bf028cebf817be0cddc177ef93731b28a5783f1e32ebd3c41b1f298f6a7385813451c9c70c4ec50a98eb37f886ffdc9c122358f974cda712

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 58a4e9cde63eddedc06bbf07ca24d629
SHA1 086d1ce4a9a54c4c272af67fdace20ad7e66e02f
SHA256 90bd3a8a33100a3ba677168fedb1c59f0ed3055fa5df5955efa19cc03f30da79
SHA512 6f07da05d6736b7279768ccdf6a93cb89a9054407852562c46dbb5e2bec5375db84ced9291045086334d6e2f1223a7de9ac159e6c84c71dcb6324c436c9f7a92

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b2552e800ef298fa27f528838ab87d43
SHA1 5b53c15cb81084cb802ae87d8b569052465336ed
SHA256 216a53ec0469b2a049866ab0f6497681393502c078cdc215cbde1e77d4e00769
SHA512 28845b82ba48b1343aad5570067a3a73f51c408c7a7b6ec7165779c926a0e61f56fae09c12ba3f4432aa105cfc2a262762b563240c35dd621ef79e43c034c52b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 3eed8315910717a30f8201e5dfc86bbc
SHA1 81023ed06b0025aa58c2698f009185cc7a67b5c7
SHA256 6e9bb5a13c007cab47a82f5485946096cd40620a5b606bd8d587a323547cd94e
SHA512 c95c2fd6bd35bbef162b26f617df402073276e091127e9aa19c26a587e8268e58645a1665817bca60328dcd5a78bbb6aa65173548e862369b95c561a71a5469f