Malware Analysis Report

2024-10-23 17:23

Sample ID 240828-prlrzazfjj
Target c6dbb2d23ad8026cedeeaece3b1f8770_JaffaCakes118
SHA256 8bc2b313d0bc9073be7690aaae6f506d66947980d4c80836cf6b5bd02c8be5e8
Tags
socgholish discovery downloader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

8bc2b313d0bc9073be7690aaae6f506d66947980d4c80836cf6b5bd02c8be5e8

Threat Level: Known bad

The file c6dbb2d23ad8026cedeeaece3b1f8770_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

socgholish discovery downloader

SocGholish

Legitimate hosting services abused for malware hosting/C2

System Location Discovery: System Language Discovery

Browser Information Discovery

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-28 12:33

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-28 12:33

Reported

2024-08-28 12:36

Platform

win7-20240708-en

Max time kernel

134s

Max time network

135s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c6dbb2d23ad8026cedeeaece3b1f8770_JaffaCakes118.html

Signatures

SocGholish

downloader socgholish

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "431010296" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C6171F01-6539-11EF-A839-E6BAD4272658} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c6dbb2d23ad8026cedeeaece3b1f8770_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3060 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 tahasafeer.blogspot.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 sites.google.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 img1.blogblog.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 lh3.ggpht.com udp
US 8.8.8.8:53 lh6.ggpht.com udp
US 8.8.8.8:53 lh4.ggpht.com udp
US 8.8.8.8:53 lh5.ggpht.com udp
US 8.8.8.8:53 geoloc3.geovisite.com udp
US 8.8.8.8:53 blogergadgets.googlecode.com udp
US 8.8.8.8:53 lh6.googleusercontent.com udp
US 8.8.8.8:53 lh4.googleusercontent.com udp
US 8.8.8.8:53 img2.blogblog.com udp
US 8.8.8.8:53 feedjit.com udp
US 8.8.8.8:53 www.tvquran.com udp
GB 142.250.200.33:80 tahasafeer.blogspot.com tcp
GB 142.250.187.206:443 apis.google.com tcp
GB 172.217.169.78:80 sites.google.com tcp
GB 172.217.169.78:80 sites.google.com tcp
GB 142.250.180.9:443 img2.blogblog.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
GB 142.250.180.9:443 img2.blogblog.com tcp
GB 142.250.180.1:80 lh5.ggpht.com tcp
GB 142.250.180.1:80 lh5.ggpht.com tcp
GB 142.250.187.206:443 apis.google.com tcp
GB 142.250.180.1:80 lh5.ggpht.com tcp
GB 142.250.180.9:443 img2.blogblog.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
GB 142.250.180.1:80 lh5.ggpht.com tcp
GB 142.250.180.1:80 lh5.ggpht.com tcp
GB 142.250.180.9:443 img2.blogblog.com tcp
GB 142.250.180.9:443 img2.blogblog.com tcp
GB 142.250.180.1:80 lh5.ggpht.com tcp
GB 142.250.200.33:80 tahasafeer.blogspot.com tcp
GB 142.250.180.1:80 lh5.ggpht.com tcp
GB 142.250.180.1:80 lh5.ggpht.com tcp
GB 142.250.180.1:80 lh5.ggpht.com tcp
GB 142.250.180.1:80 lh5.ggpht.com tcp
GB 142.250.180.1:80 lh5.ggpht.com tcp
GB 142.250.180.1:80 lh5.ggpht.com tcp
GB 142.250.180.9:80 img2.blogblog.com tcp
GB 142.250.180.9:80 img2.blogblog.com tcp
GB 142.250.180.9:443 img2.blogblog.com tcp
GB 142.250.180.9:443 img2.blogblog.com tcp
GB 142.250.180.9:443 img2.blogblog.com tcp
GB 142.250.180.1:80 lh5.ggpht.com tcp
GB 142.250.180.1:80 lh5.ggpht.com tcp
GB 142.250.180.1:80 lh5.ggpht.com tcp
GB 142.250.180.1:80 lh5.ggpht.com tcp
GB 142.250.180.1:80 lh5.ggpht.com tcp
GB 142.250.180.1:80 lh5.ggpht.com tcp
GB 142.250.180.1:80 lh5.ggpht.com tcp
GB 142.250.180.1:80 lh5.ggpht.com tcp
GB 142.250.180.1:80 lh5.ggpht.com tcp
GB 142.250.180.1:80 lh5.ggpht.com tcp
GB 142.250.180.1:80 lh5.ggpht.com tcp
GB 142.250.180.1:80 lh5.ggpht.com tcp
GB 142.250.180.1:80 lh5.ggpht.com tcp
GB 142.250.180.1:80 lh5.ggpht.com tcp
GB 142.250.180.1:80 lh5.ggpht.com tcp
GB 142.250.180.1:80 lh5.ggpht.com tcp
FR 54.36.176.112:80 geoloc3.geovisite.com tcp
GB 142.250.180.1:80 lh5.ggpht.com tcp
FR 54.36.176.112:80 geoloc3.geovisite.com tcp
GB 142.250.180.1:80 lh5.ggpht.com tcp
GB 142.250.180.1:80 lh5.ggpht.com tcp
GB 142.250.180.1:80 lh5.ggpht.com tcp
GB 142.250.180.1:80 lh5.ggpht.com tcp
GB 142.250.180.1:80 lh5.ggpht.com tcp
GB 142.250.180.1:80 lh5.ggpht.com tcp
IE 172.253.116.82:80 blogergadgets.googlecode.com tcp
IE 172.253.116.82:80 blogergadgets.googlecode.com tcp
GB 142.250.180.1:80 lh5.ggpht.com tcp
GB 142.250.180.9:443 img2.blogblog.com tcp
GB 142.250.187.193:443 lh4.googleusercontent.com tcp
GB 142.250.180.9:443 img2.blogblog.com tcp
GB 142.250.187.193:443 lh4.googleusercontent.com tcp
DE 51.89.7.154:80 www.tvquran.com tcp
DE 51.89.7.154:80 www.tvquran.com tcp
GB 142.250.187.193:443 lh4.googleusercontent.com tcp
GB 142.250.187.193:443 lh4.googleusercontent.com tcp
DE 51.89.7.154:443 www.tvquran.com tcp
GB 172.217.169.78:443 sites.google.com tcp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.180.1:80 lh5.ggpht.com tcp
GB 142.250.180.1:80 lh5.ggpht.com tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
US 8.8.8.8:53 r10.o.lencr.org udp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
GB 92.123.143.168:80 r10.o.lencr.org tcp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
US 8.8.8.8:53 accounts.google.com udp
IE 74.125.193.84:443 accounts.google.com tcp
IE 74.125.193.84:443 accounts.google.com tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 2.18.190.80:80 crl.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 543a35893a20bca3ab859e6019359079
SHA1 93786d950d053189a8ca5520f3f09ed7627c1b96
SHA256 fd0327d7a6a516e83ff00de678ccadd7dccee28dcac9e2b044b19692aa7470f4
SHA512 942ecb3eace9ad6ae8d94dedc2cb8fab2db61bdb0c3ba482df1613b2ffb4e50f3b7bb272be23113adc8a928d911c63d2d54cbcdb4b110e295ba0764051fd3553

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 663ee07c8807871ba2db8d0d18d624e2
SHA1 1a80120a888b4d4e2a9ff793345e568dad0ccb17
SHA256 a02f82e2b2020c8b7e114d4e36c73dd5257a6e087d7ab0d982aa82ad14f0fe1a
SHA512 03aaedffebebdba19a50115dbc63ee775593b4d4e05b6ed5cb403bf3efdd791f3e781a8d881da8de003801159c9ed9d0dc5c36589d03dde17f9c9ce37f2e10a6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 19505bb31c79cc1a7db2996333def5bd
SHA1 60430231312b7beb8dba1f58370a7af8d559fcfb
SHA256 583a644129508f37946dc725c9d5c11756b1b34787987bd3746477a0b5bcf4c2
SHA512 f7e2659a83eee5d4d4e843d83b86afd9f0d96c1e75f8014c129fc80d8459f5f19793e0029ff0fa86fb41fee090c522243c9639b2a8548331cfcd5c9c49bac5be

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

MD5 e935bc5762068caf3e24a2683b1b8a88
SHA1 82b70eb774c0756837fe8d7acbfeec05ecbf5463
SHA256 a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d
SHA512 bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 519b04a93360ed8627ca39533aa14004
SHA1 18f0c5b08502979bb03fadb480ec5a7e16259866
SHA256 3cb07a3b9bc18c704b88a8caa11149670739db71adf64b839c85fa6d84176bd6
SHA512 aabc4bfce8b856e96741cf024751b2e514c1de43202f9394ecdd0a2a853d2bd4e49f4ce903ebb40c61069f5f829b50eb1c123b759ebf232d5a33add56f81c770

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 678ee727c9c7e3cbf82991bb0dc242f2
SHA1 1b49b33697b6c7795288bf86f2be0253a300ceff
SHA256 09e2cafde89d24057fe2297ba019f4c68acb1beab55b6c3c9da897f8f77ad51f
SHA512 f04c90b2a70a4d208bc5a59fc86c853b59e9ccc95b27ff0b321ffb896b455ba17c8189a4605a7040716f4eb5518e80120929dacc6f702d636c371a27439ea127

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 bf5e0a4dc4cebb2b65be1c53bc6384d1
SHA1 a09e3c97f9e7b76a912b1b837ac04ca8e9b047f3
SHA256 a0705e3a314a1878e987a8e1f9d35837577671b2e6967fca9fa82f865325b955
SHA512 6eb6627d2406b0e03f74cf56fb0aefcc826b915c2ddc67de5620eadfe7d5c3a90ad7fa71c2947c97fb46e4c52b9a0d0d35e5b316acbb4f702fcf1d02cc9bc0c4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B3513D73A177A2707D910183759B389B_147AB4536A182B9FCE88E194D59F3B22

MD5 a7ecbc2350f865ba628321fe4db99afa
SHA1 8ecc3390d51a29965bc8c0aec9e72cea5d56a09e
SHA256 1b7329926351cc80b79ce93d7c97015dc69a434a8cebcf47b83fcebaff83895f
SHA512 7dd3969a18063d0cbed330ca1fa28277d6ed639964cb4b50f755f5c7cad87ffbc204d948b9ff629ad420ef995c5ac850742db1804eb16a910fafc218c483870f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B3513D73A177A2707D910183759B389B_147AB4536A182B9FCE88E194D59F3B22

MD5 9f265e06a118520f1445b1f3c87c2283
SHA1 b20f16c38bdf90f23e46b7f4a5c942fe48133e6c
SHA256 b2114c1ed72f0e2c406fd28dcb88ea23e13f37adcf58c5e550486b26bcdf494f
SHA512 322a5f5e6c46b362b7bb378b0be13e410c8dcad6f5c9179431e0bb014149567d10799adb569813bf9cc9cbc92ca66eefad6ba5221c1811c4dcd75da6a597e601

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C02877841121CC45139CB51404116B25_9CE832D646FBAFC5C4ACFC523FDD84AD

MD5 a2a476fd95372aa08ad3bca5364999a8
SHA1 5b58e3d84cd3cc6012101fedf1b6fb374a38d93e
SHA256 b63440231c1586de8e869c43019ca20fa304674345829f265f684dd2d926b536
SHA512 7f35abab4365aeb633c71a51c3e9a7eeb12a4c76b11944023dfde2231e5f5e5f452c7a4232e5936749b73ee2e3e3e613e8a99ccf440aec038104c734d3acbad6

C:\Users\Admin\AppData\Local\Temp\CabA785.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ae11a0969e29b5bab919a67845bd6090
SHA1 e76efb94a02933d9d62422eee55a865efca14a37
SHA256 b37dfb6a5872442e6b7cfe965a1df666dbb3d2b88525b443d3afc02fd2466676
SHA512 5da97cb531448f0ac9ef723eab6c2d878064de96866c4f01ed2a3659ab77e837a4262fffdf8f275494461c2a188aa47ec789f49b3da9c124aefe00ed8031ca08

C:\Users\Admin\AppData\Local\Temp\TarA798.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 d45ba69d19c91016f16a5aa08f82840e
SHA1 147c13845aec941c8c121f8956ebfe7a5b20342a
SHA256 d4b43b916c29376f2e8a479667347980ae1ccdf85dafb88404718df12c293ad8
SHA512 0d9a9ca6a63af6c90d2bd90a4ffa49f187a434d61e701827e9f7798bb29f51483447975410e55808bbb0f63a94a5931ad72c989a143b1013502f9945bcfc0246

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f6885d5135b273a9da24d2c52661b29d
SHA1 2f5244f964ccfa34cd4c8c7268eff8bd5fe38939
SHA256 6afd50670e6e213130ec75821f7672f5ec4af372eaf06ffd2647611692b6caa0
SHA512 8c6ca4b12e04c4d96b0a6ca691db4231dac856bb476a1e2d5986a650fdd4a8f2f045ccc4fc158706869e1c70d846e8266c85e7c539248b3b378f3c8e4429d0c3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bce157109433e40dd9598550f4561f8a
SHA1 e832201c54ab664c5d666e5443ddb513addcf7dd
SHA256 3944ba857532fc298d9a8db04940278630f64e0da9791307c5f63104c29d49a1
SHA512 97fab6b57fa72fbd57ed60efc6922515c9401874704facdf7834067ecb6385a667b9dacb142721b462b465a5ae85df5ad08d50412bd54a531fabc005669f78cd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b70d350a847df2aa4f72893da7c189c7
SHA1 9f98f0041199abe6b5c8348800c63e1a8d4b3b6c
SHA256 8d8360fa353ac0033c8da7dd1c180b578a6c92c8bef558e34fc36274a40100ed
SHA512 99ec68e45c15ef357c2a99911c2800b51d3bf99ba174836cf754d36ff5a0b58d5516ad604648a10a47a6d9b56120502b60b3d2a95e69aa5fadf0d8bf946d0eb9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4b1e252f4477833ad99bcff28d59dcfe
SHA1 06090c7b8452be389e85d7492dbe9485b051bbda
SHA256 1dfb1b9894c7bf1aa35ef0c8abb72b517a14ceec93ccae9c6fcb667de5318520
SHA512 f32877fce2aa9ccd6d3afe36b20c499d65878490b75941eeeb18fbfe0d76aa697a531851929bb553a8a74cff78c6fe6f0e1ac1b2ed6b22e356c32e2017efde10

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a19eb1580e79d0d671ec398ba5221a36
SHA1 e8943222bdb323fdf6ca38ab4a99b967e2c4597c
SHA256 377769e22cfa70c159766c20c703efaad83f0b32b615f98c8f03ccdfeda98430
SHA512 39b20e4372a3b56e641079c639031a4587a29cd736f283db4aaf1646160ff8edad11c65de05457403807e9aa8e9e0461fdf36b8153cf80d214c13ed9c327563a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1c482fa378d48a62788459c1c12743b2
SHA1 aeb12eb66e2322c81fe6f24206582b3768cf8edd
SHA256 ffb4d49cc6e579e80289258569e65683465362db95d5cf08b3ed3b9942219a2f
SHA512 41dd5215e0e2ea1f1f87e6d2196707375ab2e79fa4ca240445cbd2d0aa16eac0088f40a724b636bd9d8a7676a4102b57ed079cfc2af8abcf579cd824f70ddb7b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 24f5719180e3760486e29192c342dadc
SHA1 40fcb1fe49182584d15a94e8489367563b22a35d
SHA256 8c1f66cb6f3c7e13480258746086e24178faa9ae242465a0f061b7816df1223a
SHA512 9818aaf00d720476e32de98f45d3432a7c1e5456240edc3b94b1ae913ff9b11c1c35c5f5671364041dd1ddc727de60404f3b0f9f00dd3f9da5c76c3b5a0f9eca

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d8322edbdbde20df87f5567f7cdb8c7d
SHA1 fe12ecba445abc252876e699f1432cf7d6c0d8aa
SHA256 6e8f6cf270eb28462e042ad9618f32a54fcfe3a46c7a9ff09ed9f2a249e82296
SHA512 95d0db5849d93294fa805ad0b34e40fa0ca873bc38769ccac873000259309424a7d0d10cd3e85b4d765c5cb454cb9a2021b108b78fdd9b7a9d2558a35910b6ea

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8a8b21e75a416a894a682be697395251
SHA1 497bc76d42d7c1c881a54a8002cf353d31ffd04a
SHA256 d15f47013e3cb7fed2d11b62ed06c5f78b3f3c89a00c9714ec839364381f283a
SHA512 05f73861fea3565559a983f01da5e079dea1675a8b30b9f56b854f7049eeb9f4f37364badd569acd7ba32d0564a456f66cf9257a4daacd8b1ddf91ff200facf0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 54f498a5631ddebebc9a47bf06482fc8
SHA1 e06849f5f4189fe10b4df305b58e9953b4cddb76
SHA256 15f22fe37cb241de004bf7a4fbd0c4f62f04c23e4fdc2b0d2cae38b41cc1fd57
SHA512 b258a529aeb2a7cbce0286816380f45c1a74f208c5bf132907b1744ecf7042540ec6222a7fbc640bed37fcecbc17f53555ae6f929a7840164240415910cb429b

Analysis: behavioral2

Detonation Overview

Submitted

2024-08-28 12:33

Reported

2024-08-28 12:36

Platform

win10v2004-20240802-en

Max time kernel

140s

Max time network

144s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c6dbb2d23ad8026cedeeaece3b1f8770_JaffaCakes118.html

Signatures

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 412 wrote to memory of 4316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 412 wrote to memory of 4316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 412 wrote to memory of 4988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 412 wrote to memory of 4988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 412 wrote to memory of 4988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 412 wrote to memory of 4988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 412 wrote to memory of 4988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 412 wrote to memory of 4988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 412 wrote to memory of 4988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 412 wrote to memory of 4988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 412 wrote to memory of 4988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 412 wrote to memory of 4988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 412 wrote to memory of 4988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 412 wrote to memory of 4988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 412 wrote to memory of 4988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 412 wrote to memory of 4988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 412 wrote to memory of 4988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 412 wrote to memory of 4988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 412 wrote to memory of 4988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 412 wrote to memory of 4988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 412 wrote to memory of 4988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 412 wrote to memory of 4988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 412 wrote to memory of 4988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 412 wrote to memory of 4988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 412 wrote to memory of 4988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 412 wrote to memory of 4988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 412 wrote to memory of 4988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 412 wrote to memory of 4988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 412 wrote to memory of 4988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 412 wrote to memory of 4988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 412 wrote to memory of 4988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 412 wrote to memory of 4988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 412 wrote to memory of 4988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 412 wrote to memory of 4988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 412 wrote to memory of 4988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 412 wrote to memory of 4988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 412 wrote to memory of 4988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 412 wrote to memory of 4988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 412 wrote to memory of 4988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 412 wrote to memory of 4988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 412 wrote to memory of 4988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 412 wrote to memory of 4988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 412 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 412 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 412 wrote to memory of 3200 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 412 wrote to memory of 3200 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 412 wrote to memory of 3200 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 412 wrote to memory of 3200 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 412 wrote to memory of 3200 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 412 wrote to memory of 3200 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 412 wrote to memory of 3200 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 412 wrote to memory of 3200 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 412 wrote to memory of 3200 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 412 wrote to memory of 3200 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 412 wrote to memory of 3200 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 412 wrote to memory of 3200 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 412 wrote to memory of 3200 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 412 wrote to memory of 3200 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 412 wrote to memory of 3200 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 412 wrote to memory of 3200 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 412 wrote to memory of 3200 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 412 wrote to memory of 3200 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 412 wrote to memory of 3200 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 412 wrote to memory of 3200 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c6dbb2d23ad8026cedeeaece3b1f8770_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9feca46f8,0x7ff9feca4708,0x7ff9feca4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,7616105502884929632,7061424087975555759,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,7616105502884929632,7061424087975555759,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,7616105502884929632,7061424087975555759,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7616105502884929632,7061424087975555759,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7616105502884929632,7061424087975555759,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7616105502884929632,7061424087975555759,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7616105502884929632,7061424087975555759,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4568 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7616105502884929632,7061424087975555759,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7616105502884929632,7061424087975555759,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7616105502884929632,7061424087975555759,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2580 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7616105502884929632,7061424087975555759,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6152 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7616105502884929632,7061424087975555759,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6408 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7616105502884929632,7061424087975555759,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6772 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7616105502884929632,7061424087975555759,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7616105502884929632,7061424087975555759,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7616105502884929632,7061424087975555759,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6412 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,7616105502884929632,7061424087975555759,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7868 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,7616105502884929632,7061424087975555759,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7868 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7616105502884929632,7061424087975555759,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7464 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7616105502884929632,7061424087975555759,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7328 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7616105502884929632,7061424087975555759,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4080 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7616105502884929632,7061424087975555759,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7096 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,7616105502884929632,7061424087975555759,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6680 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 tahasafeer.blogspot.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 www.blogger.com udp
GB 142.250.187.206:443 apis.google.com tcp
GB 142.250.200.33:80 tahasafeer.blogspot.com tcp
GB 142.250.180.9:443 www.blogger.com tcp
US 8.8.8.8:53 www.linkwithin.com udp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 sites.google.com udp
GB 142.250.200.33:80 tahasafeer.blogspot.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
GB 172.217.169.78:80 sites.google.com tcp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 206.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 33.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 9.180.250.142.in-addr.arpa udp
GB 142.250.200.33:80 tahasafeer.blogspot.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
GB 142.250.180.9:443 www.blogger.com udp
GB 142.250.187.206:443 apis.google.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
GB 172.217.169.78:443 sites.google.com tcp
GB 142.250.180.1:80 2.bp.blogspot.com tcp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 img1.blogblog.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
GB 216.58.204.66:445 pagead2.googlesyndication.com tcp
GB 142.250.180.1:80 4.bp.blogspot.com tcp
GB 142.250.180.9:80 img1.blogblog.com tcp
GB 142.250.180.1:80 4.bp.blogspot.com tcp
GB 142.250.180.9:443 img1.blogblog.com tcp
GB 142.250.180.9:443 img1.blogblog.com tcp
GB 142.250.180.1:80 4.bp.blogspot.com tcp
GB 172.217.169.78:443 sites.google.com udp
US 8.8.8.8:53 78.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
IE 74.125.193.84:443 accounts.google.com tcp
IE 74.125.193.84:443 accounts.google.com udp
GB 216.58.201.98:139 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
US 8.8.8.8:53 84.193.125.74.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
GB 142.250.180.1:80 4.bp.blogspot.com tcp
GB 142.250.180.1:80 4.bp.blogspot.com tcp
GB 142.250.180.1:80 4.bp.blogspot.com tcp
GB 142.250.180.1:80 4.bp.blogspot.com tcp
GB 142.250.180.1:80 4.bp.blogspot.com tcp
GB 142.250.180.1:80 4.bp.blogspot.com tcp
GB 142.250.180.1:80 4.bp.blogspot.com tcp
GB 142.250.180.1:80 4.bp.blogspot.com tcp
GB 142.250.180.1:80 4.bp.blogspot.com tcp
GB 142.250.180.1:80 4.bp.blogspot.com tcp
GB 142.250.180.1:80 4.bp.blogspot.com tcp
GB 142.250.180.1:80 4.bp.blogspot.com tcp
GB 142.250.180.1:80 4.bp.blogspot.com tcp
GB 142.250.180.1:80 4.bp.blogspot.com tcp
GB 142.250.180.1:80 4.bp.blogspot.com tcp
US 8.8.8.8:53 lh6.ggpht.com udp
US 8.8.8.8:53 lh3.ggpht.com udp
US 8.8.8.8:53 geoloc3.geovisite.com udp
US 8.8.8.8:53 blogergadgets.googlecode.com udp
US 8.8.8.8:53 feedjit.com udp
US 8.8.8.8:53 lh5.ggpht.com udp
GB 142.250.180.1:80 lh5.ggpht.com tcp
GB 142.250.180.1:80 lh5.ggpht.com tcp
GB 142.250.180.1:80 lh5.ggpht.com tcp
GB 142.250.180.1:80 lh5.ggpht.com tcp
FR 54.36.176.112:80 geoloc3.geovisite.com tcp
IE 172.253.116.82:80 blogergadgets.googlecode.com tcp
US 8.8.8.8:53 lh4.ggpht.com udp
GB 142.250.180.1:80 lh4.ggpht.com tcp
GB 142.250.180.1:80 lh4.ggpht.com tcp
GB 142.250.180.1:80 lh4.ggpht.com tcp
GB 142.250.180.1:80 lh4.ggpht.com tcp
GB 142.250.180.1:80 lh4.ggpht.com tcp
GB 142.250.180.1:80 lh4.ggpht.com tcp
GB 142.250.180.1:80 lh4.ggpht.com tcp
US 8.8.8.8:53 lh6.googleusercontent.com udp
US 8.8.8.8:53 lh4.googleusercontent.com udp
US 8.8.8.8:53 img2.blogblog.com udp
US 8.8.8.8:53 www.tvquran.com udp
GB 142.250.187.193:443 lh4.googleusercontent.com tcp
GB 142.250.187.193:443 lh4.googleusercontent.com tcp
GB 142.250.187.193:443 lh4.googleusercontent.com tcp
GB 142.250.187.193:443 lh4.googleusercontent.com tcp
DE 51.89.7.154:80 www.tvquran.com tcp
DE 51.89.7.154:443 www.tvquran.com tcp
US 8.8.8.8:53 translate.google.com udp
US 8.8.8.8:53 112.176.36.54.in-addr.arpa udp
US 8.8.8.8:53 193.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 82.116.253.172.in-addr.arpa udp
US 8.8.8.8:53 154.7.89.51.in-addr.arpa udp
US 8.8.8.8:53 translate.google.com udp
GB 172.217.169.14:445 translate.google.com tcp
GB 172.217.169.14:139 translate.google.com tcp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 147.142.123.92.in-addr.arpa udp
US 8.8.8.8:53 lh4.googleusercontent.com udp
GB 142.250.187.193:445 lh4.googleusercontent.com tcp
FR 54.36.176.112:80 geoloc3.geovisite.com tcp
FR 54.36.176.112:8080 geoloc3.geovisite.com tcp
IE 172.253.116.82:80 blogergadgets.googlecode.com tcp
FR 54.36.176.112:8080 geoloc3.geovisite.com tcp
FR 54.36.176.112:8080 geoloc3.geovisite.com tcp
FR 54.36.176.112:8080 geoloc3.geovisite.com tcp
GB 142.250.187.193:139 lh4.googleusercontent.com tcp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 islamqa.com udp
US 8.8.8.8:53 www.islamway.com udp
IE 31.13.73.22:445 connect.facebook.net tcp
GB 172.217.169.46:80 www.youtube.com tcp
GB 172.217.169.46:80 www.youtube.com tcp
GB 172.217.169.46:80 www.youtube.com tcp
GB 172.217.169.46:80 www.youtube.com tcp
US 104.21.48.89:80 www.islamway.com tcp
US 104.21.31.28:80 islamqa.com tcp
GB 172.217.169.78:443 www.youtube.com udp
US 8.8.8.8:53 46.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 28.31.21.104.in-addr.arpa udp
US 8.8.8.8:53 89.48.21.104.in-addr.arpa udp
US 8.8.8.8:53 i.ytimg.com udp
GB 172.217.169.86:443 i.ytimg.com tcp
US 8.8.8.8:53 ar.islamway.net udp
US 104.21.13.253:80 ar.islamway.net tcp
IE 74.125.193.84:443 accounts.google.com udp
US 104.21.13.253:443 ar.islamway.net tcp
GB 142.250.187.206:443 www.youtube.com udp
GB 142.250.180.9:443 img2.blogblog.com udp
GB 142.250.180.9:443 img2.blogblog.com udp
US 8.8.8.8:53 developers.google.com udp
GB 142.250.180.14:80 developers.google.com tcp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.200.2:443 googleads.g.doubleclick.net tcp
IE 31.13.73.22:139 connect.facebook.net tcp
GB 142.250.180.14:443 developers.google.com tcp
US 8.8.8.8:53 253.13.21.104.in-addr.arpa udp
US 8.8.8.8:53 14.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 86.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 2.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 195.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 216.58.201.99:443 ssl.gstatic.com tcp
US 8.8.8.8:53 ar.old.islamway.net udp
US 72.52.116.66:80 ar.old.islamway.net tcp
US 8.8.8.8:53 static.doubleclick.net udp
GB 142.250.200.2:443 googleads.g.doubleclick.net udp
GB 142.250.178.6:443 static.doubleclick.net tcp
US 8.8.8.8:53 lh3.googleusercontent.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 142.250.187.193:443 lh3.googleusercontent.com udp
GB 142.250.179.228:443 www.google.com tcp
GB 216.58.204.74:443 jnn-pa.googleapis.com tcp
GB 216.58.204.74:443 jnn-pa.googleapis.com tcp
GB 216.58.204.74:443 jnn-pa.googleapis.com tcp
GB 216.58.204.74:443 jnn-pa.googleapis.com tcp
GB 142.250.180.1:443 yt3.ggpht.com tcp
GB 142.250.180.1:443 yt3.ggpht.com tcp
GB 172.217.169.86:443 i.ytimg.com udp
GB 216.58.204.74:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 6.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 66.116.52.72.in-addr.arpa udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 3.178.250.142.in-addr.arpa udp
GB 142.250.180.14:443 developers.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 172.217.16.238:443 play.google.com tcp
GB 172.217.16.238:443 play.google.com tcp
GB 172.217.16.238:443 play.google.com tcp
GB 172.217.16.238:443 play.google.com tcp
GB 172.217.16.238:443 play.google.com tcp
GB 172.217.16.238:443 play.google.com tcp
GB 172.217.16.238:443 play.google.com udp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
GB 142.250.180.1:443 yt3.ggpht.com udp
US 8.8.8.8:53 static.old.islamway.net udp
US 72.52.116.66:80 static.old.islamway.net tcp
US 72.52.116.66:80 static.old.islamway.net tcp
US 72.52.116.66:80 static.old.islamway.net tcp
US 72.52.116.66:80 static.old.islamway.net tcp
US 72.52.116.66:80 static.old.islamway.net tcp
US 72.52.116.66:80 static.old.islamway.net tcp
US 72.52.116.66:443 static.old.islamway.net tcp
US 72.52.116.66:443 static.old.islamway.net tcp
US 72.52.116.66:443 static.old.islamway.net tcp
US 72.52.116.66:443 static.old.islamway.net tcp
US 72.52.116.66:443 static.old.islamway.net tcp
US 72.52.116.66:443 static.old.islamway.net tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.179.228:445 www.google.com tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
GB 172.217.16.238:443 play.google.com udp
US 8.8.8.8:53 tahasafeer.blogspot.co.uk udp
GB 142.250.200.33:80 tahasafeer.blogspot.co.uk tcp
IE 74.125.193.84:443 accounts.google.com udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e765f3d75e6b0e4a7119c8b14d47d8da
SHA1 cc9f7c7826c2e1a129e7d98884926076c3714fc0
SHA256 986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89
SHA512 a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

\??\pipe\LOCAL\crashpad_412_SZSALRDJGINRSNKD

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 53bc70ecb115bdbabe67620c416fe9b3
SHA1 af66ec51a13a59639eaf54d62ff3b4f092bb2fc1
SHA256 b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771
SHA512 cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3acb4011f46645ea3c0daf4d6ef9ea1c
SHA1 d58c5c7af0a259713afbcec45427dcf571de8cf4
SHA256 bd0d6867783ebfa879c76a475844a67f4444b380f4b3913a038ff5cfc12911a7
SHA512 eb012826c6fac64604077bc751079c61c756c61f64b5a22e3b7ae623d4625f8f4eb0dd436775176dcd5089ea19dd612ea0df7e58434b30735b4ca23bddd08c47

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 9c0d0fe8826491fb40f37de0ed8730fd
SHA1 e35ee3c8a9497b2705ef39e8a141fde963eb3eb2
SHA256 e08420820c77b9f61f2d63e9cf985f380b69ea5dfdc284d9e3ad4357fb6111ff
SHA512 3f0778aa49b39cb47e312509a8eef99fede3dad05fbf9c1dc7a3b383c56cea32a2e220ebd0cabe7cff1e8c2bc406d64fdf12d2070508798cd0212c4ad5e44289

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\98267329-8747-43d0-8b57-0103b3273593.tmp

MD5 a453d8c58147219c0edf90afd7e3f89f
SHA1 d8d8e4c93e5322dc20a8a59c21962f8a5a201044
SHA256 9501d12ef56a2a1cb83d149bae14e0e82cc7cbb71d88e8ad5896314b55cbcd10
SHA512 2ca8cb800440328c2129ddb6de30b8fffc79bd88d5e00a651d91ebbfb1936f094e0933a27e6ecc29efa6953ef1cb13e62fa31baffcd53ef4d30926b722d579a8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b29e914e7baa0885e0bbf90d79afb22d
SHA1 44945e277bfe81c5816ea9ccc29918ec885108fd
SHA256 ea3a1f6dee9d8337e58bcad9ce6a7c8c45fa82e4539c8693210aed0fdf7242aa
SHA512 89feea64369e0633c6476a46e6ebafbb4cd4ee586563aed5fdea791095d3eeba57f453425213d49f5e82c51f3e7609c64fa03dde7c799a1aa012e00449a82047

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 0c637395c112e69183f51d94cfeae760
SHA1 e6df33f31690f14a3b520d37011d0c1d67d8768d
SHA256 96f0cfd17f3eb0e57cddf8eae3d485ac18df5601fe53ca3769388d488685910a
SHA512 33aa71ebf62f941e330d4be7ce2885cc51c2737f33d85d9172962de1045664043508e4f02ee9ccb28fb00c97a60e5565c4647df089e42cfa52347e8e79c21f27

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe583999.TMP

MD5 02b8c892e0001d92c09333ab80e11318
SHA1 0d0a1afe0b8c8e9efc51ca2f9a03178ee6f5be99
SHA256 484c6559969ecb98442ed08081583f6dbd4d45e84c02488cc0efd525e8f51055
SHA512 da6c456df802562e4bc321ec74bdea8357953cb28bc432ab5802b8c64b7f05457b11b2129d70a3590ec907253af277016c60c149e7d14fce76f65aacb7a4c0c9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000038

MD5 a0423f1305547bb6b8f5a4fb1a9fc2d8
SHA1 092dcf1fe57e6bb53821eb754e04188ee70602d5
SHA256 6add651cb411ed9ce9a17883c1522920a6ee3b4eb676f5b411e72d1a5e7de6e8
SHA512 b8487c60b40d332e562cc5d4fc7c515e3b3c2c82311700b788905754c1376ce6f0da650583545a4691d51f04ec5da0c0204997214d167c85b788d4c85236c4c3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000039

MD5 33a83c16527e4531fbfca2631f653674
SHA1 87a63514c262ba4bffc52d2ceebb3ca14353507a
SHA256 1156bb50a264543f6a9dc8922dd2c65d444c8bb11b3b18be95d5adff840b33b4
SHA512 f1dba28d0f81aa0894436ae7b4ba76a2e635f002f666d17d31b8b21500dc2321d7862ca8dcfd22e44aab4d1f33112c076dc95191c889546a40f9c6197cccbda3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 222564e1fd5a2e14474b5e3be33fc375
SHA1 ff57dcc1b4749d95e934bde11fd0562e81bd71eb
SHA256 34d349c054f5436992abf88a6a005cf6eeb4d71c4db2f3dd3d0fe29a83366827
SHA512 c15927e93cb5adcd92a0f08ab45f3f560bcb7a884e4b66b28590b441b61b0df6b55a78e08cc2bfa86eea64e3b646c0cc2b6fbbb9616aacf7874bfa8b7d9210c3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032

MD5 2b5dfb1918c67607a49e6f784b48797a
SHA1 a8830395cceb8de7687b3b751c6626546f307d47
SHA256 5aa5e0d95839092c4545fea0928eeffac76690e8adf533d97b600e97250dac8a
SHA512 eaab7c07e1dc33f43aae512b77a2217af2189aede83c97dc73f2be7a17da5b1a242f47c7bd272ab13c9513d837fce6ce0ed0114b27971543370413b2a9c5dcfa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 019ec53a080185a7e8c78b82786d3c6f
SHA1 667726b2158a57f230654fc756c35ccbf4dc1f0b
SHA256 75cdcb35b5469d7eab99f82f525c358e35e2edb91c9b7f63073e7371d64559fe
SHA512 ec2632dfb1bb39709cbbd21e12bbbe06d08293f1186bb8dac97a84c9449d113d542d3192e038c8e1be2f4d15e464194b016d684973d7232375756891877a7435

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 217c0a601d0ec0844637d710abba72e5
SHA1 561128861b7e41e7093dabf8efa5fff35e63db17
SHA256 abbd183595aaa600aea79079a5de3662fec5e2a99831c8aeb49e24ce4d8d9228
SHA512 d90c42189e7666208425eb264c5073eb0c55f3c73d679fe0a8b64b22667a4a59a28b6762a54796d62ac284d1b45c20164d1737bc31a53f6c6d01a0fc19be3e7a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 66749d987b5fd5acfcd4fbcb6f37f3dd
SHA1 4758a6eca7802280a548a95b0ae045ebcc565abe
SHA256 d2b61b3de200730bdd120e1b77a9fa06276236b1031660eed15d145a89029028
SHA512 a49c2ce891dc1d7673591ac4c004217e2b788846c5684e87d26ea4141bfdaa930b389113d1bcbe474e9ee711b127e264ff61837afdbfd25160bb6f65f67d5067

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 cf8fcf51d2422586000ce6ee267cb111
SHA1 bec48ee41febfaa9461d074ee1f71d12c4190729
SHA256 3d33001f729fed5e3d055805e3209cb0e2210885d40c37955c72918d52bf6b68
SHA512 1c86bee204be8b6e419a7f3bd92e2dbc7b04168c73aab7e7d3e2bc2715a0d21d51ca5c9a3a4fb92a12dc8fa5c555a6ac306a2d66939bc135f5e56601f3dd00c3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 88939777d016d654591c3a6b3837ba7c
SHA1 20fe748b50ae63354249cc1908acbb8f81f30799
SHA256 5585a728b542ebd510367cf687cdc73ad868ee8c063298ae81db46ade5d11a82
SHA512 1e8f07f1abfa250388c7f50a49950a0a1e012a0a940721f14a9e78d441ea80daa353eff17424c48e4580f69607a819b9de0321df3991367da7663caaef563327

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1eea1c2f924a2d0d9627b0d0b4f6efe9
SHA1 9c801bd1288e71c8ae54bbfb36ef92aecab98023
SHA256 2d32ce37761cd4c60adf239534dd30bfff124caa86ff01ed6826ad9cd5f317d8
SHA512 69d6e69c03acce182a90c8138e64824f1be3a5d79bac014dcdfeb7b799afd302bf91cfcd1ee8975d492d37494b764d7d2f41aaf2d4af253631159eea5985dc00