Malware Analysis Report

2024-12-06 03:27

Sample ID 241028-p553rsxmck
Target 79bcf5380e83d3054c98a180aff67563_JaffaCakes118
SHA256 a59cb5331ead2128296d3674da0c40f1382c55dd3bf015367879e74423781a1b
Tags
socgholish discovery downloader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

a59cb5331ead2128296d3674da0c40f1382c55dd3bf015367879e74423781a1b

Threat Level: Known bad

The file 79bcf5380e83d3054c98a180aff67563_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

socgholish discovery downloader

SocGholish

Socgholish family

System Location Discovery: System Language Discovery

Browser Information Discovery

Modifies Internet Explorer settings

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-28 12:55

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-28 12:55

Reported

2024-10-28 13:19

Platform

win7-20241023-en

Max time kernel

144s

Max time network

146s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\79bcf5380e83d3054c98a180aff67563_JaffaCakes118.html

Signatures

SocGholish

downloader socgholish

Socgholish family

socgholish

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a907cc1344750743988d8bab481dbfbf00000000020000000000106600000001000020000000c74f3ad3d9a03a412a24916cb500e2c51a7b16d29f30247fce7abcb9f718a73a000000000e800000000200002000000066d352bbf6843d260798448199e1b31286797240de6ee58cac8c2fa3b57ef19120000000502ed61c8397bfa5d212f255605ead22808141740b715b0cd4bcda304720a4a3400000008c8d7894180f4cb99dfa2cfb8d6c7ebc6e1fcaf1fe125ee1d5115418dafe7af8dbf0c05906d9176f1a74a43c1f04e1e316513d0893cf0f1ba8b5cc38b6002607 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E3218611-952E-11EF-A9E4-DAA46D70BA31} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "436283276" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a907cc1344750743988d8bab481dbfbf000000000200000000001066000000010000200000009380ac186b78ea4ef2dcdd4462bd60b4ee9ff7e44c62b7fd2292fd43ee85e4bd000000000e8000000002000020000000220ed67b91244a815e48e289b6253b4a344c8c3fe7053b4c2fc602f5125e15829000000036bb4e7bd053ccc815dccf88653fc127894512950484d467173e6e96d9653d84c85d8231b86158f525633836a8923a2b86338ac7866b6931e9f7412d3732a0affc5c74123396ca46a611d6bec825e1c5902fc2508454b73a758ce26fbd501cbb457777918a816ef0e3e7ebbe42700c75a47a198cadabe4490a9a62cbc41bc7863bd82431f6add226b60298e5aa6dff63400000004624c46c00d76c9d689f1450bcd6b585484adce15e7241e447fa7146726ec2d060e6a17f6afe959030780b0279e36255a00ef93ca3cd827d99e66b0f6ba15326 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c0706feb3b29db01 C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\79bcf5380e83d3054c98a180aff67563_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2076 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.blogger.com udp
GB 142.250.178.9:80 www.blogger.com tcp
GB 142.250.178.9:80 www.blogger.com tcp
GB 142.250.178.9:80 www.blogger.com tcp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 img1.blogblog.com udp
US 8.8.8.8:53 iwebgator.com udp
US 8.8.8.8:53 smilecampus.blogspot.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 s7.addthis.com udp
US 8.8.8.8:53 twitter-badges.s3.amazonaws.com udp
US 8.8.8.8:53 img2.blogblog.com udp
US 8.8.8.8:53 www.linkwithin.com udp
US 3.5.27.27:80 twitter-badges.s3.amazonaws.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
US 3.5.27.27:80 twitter-badges.s3.amazonaws.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
GB 142.250.178.9:80 img2.blogblog.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
GB 142.250.178.9:80 img2.blogblog.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
GB 172.217.169.66:80 pagead2.googlesyndication.com tcp
GB 172.217.169.66:80 pagead2.googlesyndication.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
GB 184.26.134.46:80 s7.addthis.com tcp
GB 184.26.134.46:80 s7.addthis.com tcp
GB 142.250.178.1:80 smilecampus.blogspot.com tcp
GB 142.250.178.1:80 smilecampus.blogspot.com tcp
GB 142.250.178.9:80 img2.blogblog.com tcp
GB 142.250.178.9:80 img2.blogblog.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
DE 91.195.240.123:80 iwebgator.com tcp
DE 91.195.240.123:80 iwebgator.com tcp
GB 142.250.178.9:443 img2.blogblog.com tcp
GB 142.250.178.1:443 smilecampus.blogspot.com tcp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.180.3:80 c.pki.goog tcp
US 8.8.8.8:53 o.pki.goog udp
GB 142.250.180.3:80 o.pki.goog tcp
GB 142.250.180.3:80 o.pki.goog tcp
US 8.8.8.8:53 www.blogblog.com udp
GB 142.250.178.9:80 www.blogblog.com tcp
GB 142.250.178.9:80 www.blogblog.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.9:443 www.blogblog.com tcp
GB 142.250.178.9:443 www.blogblog.com tcp
GB 172.217.169.36:80 www.google.com tcp
GB 172.217.169.36:80 www.google.com tcp
GB 172.217.169.42:80 fonts.googleapis.com tcp
GB 172.217.169.42:80 fonts.googleapis.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 2leep.com udp
US 8.8.8.8:53 www.avalanchers.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.151.35:80 www.facebook.com tcp
GB 163.70.151.35:80 www.facebook.com tcp
US 76.223.54.146:80 www.avalanchers.com tcp
US 76.223.54.146:80 www.avalanchers.com tcp
US 104.21.29.45:80 2leep.com tcp
US 104.21.29.45:80 2leep.com tcp
GB 163.70.151.21:80 connect.facebook.net tcp
GB 163.70.151.21:80 connect.facebook.net tcp
GB 172.217.169.36:443 www.google.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 163.70.151.21:443 connect.facebook.net tcp
US 8.8.8.8:53 ssl.gstatic.com udp
US 8.8.8.8:53 m.facebook.com udp
GB 163.70.151.35:443 m.facebook.com tcp
GB 163.70.151.35:443 m.facebook.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 142.250.187.227:443 ssl.gstatic.com tcp
US 8.8.8.8:53 www.zaparena.com udp
US 8.8.8.8:53 www.yousaytoo.com udp
US 8.8.8.8:53 www.blogflare.com udp
US 8.8.8.8:53 www.zimbio.com udp
US 8.8.8.8:53 www.getfreebacklinks.com udp
US 8.8.8.8:53 www.mynewblog.com udp
US 8.8.8.8:53 www.top100add.com udp
US 8.8.8.8:53 img.britishblogs.co.uk udp
US 8.8.8.8:53 g2.gumgum.com udp
US 8.8.8.8:53 simplehitcounter.com udp
US 8.8.8.8:53 stats.topofblogs.com udp
US 8.8.8.8:53 blogginggratis.org udp
US 8.8.8.8:53 www.blogtoplist.com udp
US 8.8.8.8:53 www.bloggernow.com udp
US 8.8.8.8:53 www.india-topsites.com udp
US 8.8.8.8:53 www.topblogarea.com udp
US 8.8.8.8:53 www.topblogging.com udp
US 8.8.8.8:53 www.ontoplist.com udp
US 8.8.8.8:53 www.freewebsubmission.com udp
US 8.8.8.8:53 www.sonicrun.com udp
US 8.8.8.8:53 www.blogtopsites.com udp
US 8.8.8.8:53 img1.top.org udp
US 8.8.8.8:53 www.blogrankers.com udp
US 8.8.8.8:53 www.blogratedirectory.com udp
IE 54.246.152.167:80 g2.gumgum.com tcp
IE 54.246.152.167:80 g2.gumgum.com tcp
US 74.208.47.213:80 www.sonicrun.com tcp
US 74.208.47.213:80 www.sonicrun.com tcp
US 209.90.91.147:80 www.blogrankers.com tcp
US 209.90.91.147:80 www.blogrankers.com tcp
LT 79.98.26.232:80 www.yousaytoo.com tcp
LT 79.98.26.232:80 www.yousaytoo.com tcp
US 54.87.82.0:80 www.blogtopsites.com tcp
US 54.87.82.0:80 www.blogtopsites.com tcp
NL 212.8.249.233:80 www.bloggernow.com tcp
NL 212.8.249.233:80 www.bloggernow.com tcp
US 8.12.18.87:80 www.ontoplist.com tcp
US 8.12.18.87:80 www.ontoplist.com tcp
NL 185.182.56.134:80 www.blogratedirectory.com tcp
US 172.67.155.157:80 simplehitcounter.com tcp
US 172.67.155.157:80 simplehitcounter.com tcp
NL 185.182.56.134:80 www.blogratedirectory.com tcp
US 74.208.47.213:80 www.sonicrun.com tcp
US 74.208.47.213:80 www.sonicrun.com tcp
US 104.21.23.102:80 www.topblogging.com tcp
US 104.21.23.102:80 www.topblogging.com tcp
US 104.21.65.154:80 www.getfreebacklinks.com tcp
US 104.21.65.154:80 www.getfreebacklinks.com tcp
US 104.21.56.47:80 www.mynewblog.com tcp
US 104.21.56.47:80 www.mynewblog.com tcp
FI 65.21.240.245:80 stats.topofblogs.com tcp
FI 65.21.240.245:80 stats.topofblogs.com tcp
US 52.86.6.113:80 www.zaparena.com tcp
US 52.86.6.113:80 www.zaparena.com tcp
US 8.8.8.8:53 revuwire.com udp
US 162.215.117.222:80 www.top100add.com tcp
US 162.215.117.222:80 www.top100add.com tcp
US 172.67.155.157:443 simplehitcounter.com tcp
US 104.21.56.47:443 www.mynewblog.com tcp
US 8.8.8.8:53 js.gumgum.com udp
HK 47.75.130.169:80 img1.top.org tcp
HK 47.75.130.169:80 img1.top.org tcp
NL 18.239.18.60:443 js.gumgum.com tcp
NL 18.239.18.60:443 js.gumgum.com tcp
NL 188.116.45.164:443 revuwire.com tcp
NL 188.116.45.164:443 revuwire.com tcp
US 8.12.18.87:443 www.ontoplist.com tcp
NL 18.239.18.60:443 js.gumgum.com tcp
NL 18.239.18.60:443 js.gumgum.com tcp
US 74.208.47.213:443 www.sonicrun.com tcp
GB 142.250.180.3:80 o.pki.goog tcp
US 8.8.8.8:53 www.hugedomains.com udp
US 104.26.7.37:443 www.hugedomains.com tcp
US 104.26.7.37:443 www.hugedomains.com tcp
NL 18.239.18.60:443 js.gumgum.com tcp
NL 18.239.18.60:443 js.gumgum.com tcp
NL 18.239.18.60:443 js.gumgum.com tcp
NL 18.239.18.60:443 js.gumgum.com tcp
US 8.8.8.8:53 e5.o.lencr.org udp
US 8.8.8.8:53 e5.o.lencr.org udp
GB 2.18.190.73:80 e5.o.lencr.org tcp
GB 2.18.190.73:80 e5.o.lencr.org tcp
US 8.8.8.8:53 r10.o.lencr.org udp
GB 2.18.190.73:80 r10.o.lencr.org tcp
US 8.8.8.8:53 www.paypal.com udp
US 8.8.8.8:53 gelgit.tk udp
US 151.101.1.21:80 www.paypal.com tcp
US 151.101.1.21:80 www.paypal.com tcp
US 151.101.1.21:443 www.paypal.com tcp
US 8.8.8.8:53 www.paypalobjects.com udp
SE 192.229.221.25:443 www.paypalobjects.com tcp
SE 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 www.zimbio.com udp
US 8.8.8.8:53 www.blogtoplist.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 209.90.91.147:80 www.blogrankers.com tcp
US 209.90.91.147:80 www.blogrankers.com tcp
HK 47.75.130.169:80 img1.top.org tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab6318.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 921674020faba8819db0802e86246f8c
SHA1 484b6d58994b41cc85d258cb8390ece8252f4568
SHA256 97a5585a3711fdf5571e988c24915ecbc452683e650dfe99c85c10a10926a634
SHA512 eda8f5266245be1ebcd04b4a784f240d18306eea18355fa2cece85d0e6db24d5c5fedab6c5d72ca1643717002f460f42f6f741216fba217401e681c2a5a18c2d

C:\Users\Admin\AppData\Local\Temp\Tar634A.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7ae0487d2b194668a3a61ba7c051247f
SHA1 0c26e4574954dcca61085ad19b4a085da093fe00
SHA256 e8129dfc03ba4ef4d40b3f3b0aec698171562606513467345602fa06cafe0196
SHA512 a328983f4f034cfe3b4ff28ea7c3e3e9b3ffd4916142f1b7fb3e906f107bd3fd224ccf9535157cbf9866e1867d4c2a09088e56bac6e0d4a5f3126b6fbc71794a

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7BQ20K5D\f[1].txt

MD5 d92b1a84db196dd0a2351625478b612d
SHA1 230f1ce487d48df0a117380ddd0dcf303928eca1
SHA256 86a40dd10580aef67fb6a603566207d843ce533adbf0496135f8b554efd1e55f
SHA512 11572b8e67c9612fcfc3c8a26edbdc67ad14a7cec55da725292bcd37f9b224ba874eddf112c99c3574860c13268eead561fb6422dc253488c80f912587fbe72a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 286f1fa4fdf5483ad887454d60b95912
SHA1 de65ac7f547f5ec57504347ccd0a6ece2c746c3c
SHA256 221026985ce5fa0d41cecb6f7c66ac3c497a7cdd856e8bf52743bffa378ea764
SHA512 fdfac74ef5db6634d40c71377c1f7b4ac81839e4cd93c9f014338dde466012e42914e579f791f8f383f5bdede4d87ebae0fb0dfbb904ae0206756d8b252b7e77

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 10328b1f8fdb2ae306da44556ef2b335
SHA1 0e5c3d2d6a746c2bf7eaeef9987876a65d09dff2
SHA256 09da80206fa77e05d0581243657ae39800a11bcc4f6cee7288b0ec6939a61834
SHA512 ee9dedcb613f67e68c7e9aff2a329b8fcc5c29ba8e70ee2b48e643c4bc940641555ef3764c96b2673a0e1bef55c96597a043c8f8ac1c371c5e92c0bc102211d8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0db688a151b54d91d0f0ecc349be3c9a
SHA1 194c2cc963b4d558220e14f3c25cad05dc7e24a9
SHA256 ac5b20434c38880e065adb405bacf5c73838b02ae469786d932f4e6ffef1cbce
SHA512 14216a1f2eef0b97d84a21fac0118b04ed9341f08edf3184eeda3dccc5ca99224472a28c05dda58a409dabb79bfae48d152a051887c6ca1e02220a7a5d9d88b1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3d9aeb7c4934f64bf9288f32b89a89bf
SHA1 8027e9e7a52ad1fa31110e96b749e966643089de
SHA256 fca7427e11e2f7c7a66bfbf4972ae0409cfa80ec41ae85cbabbe3a120cffb717
SHA512 7236b5c573c0875fb525989b66530e3080fd03ccaedcbbe05f1c5897c9773b799f46ee2119352ae2313745479e0033831593178c647efdbdf6f8944c9c94ce4f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b4359e59ba2945646e8d73ff12a197eb
SHA1 eb8f91c7a930c3d11d2e1736872b295513edaa50
SHA256 200d6f301de555d9ad17a09779b6d4e7f324c6bca11db392bbdbbaaae3f3b13f
SHA512 06e2bcecdfa0a0ecfbce8aa61d5ad4c6f7ef27148768398d5fb4abf140b87835d830dd872fb3d5bbf452bf793b5c8b26f3ebf276bf2e9842565e190cd56b6329

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8f21b03c79adf89577244bf4296914af
SHA1 01bb45370e2c4c11916223bd55514fa55efcbcdb
SHA256 5cdfa9dc2bb2c95fc3269f167e86cb783021903ba40464f61a0dd225c59949e6
SHA512 0f302d9825942fecf33b3a057bc50228aae417d0d31f89702f36757688f7ab477c9e25e879cca4280e23cabdda1da89651c9f7cacd95f8ddc99ec35fefa61e5c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 19e30cb051fa5016fdacc51ab92d62aa
SHA1 93a5585ba33a859fb9d119a7d331017f8bc6a3f0
SHA256 d3645ed9e5bead2799847c53bd6ec986e9afe3703bb18ffb348e2dbe71f076c3
SHA512 9168394de266f5afd721bed846d3b9747704fbf129144a75fa49307ab30fff8a0d55df8c3dc353cf635eaec5c1683f8aecfb07ad97692533628576171a764f14

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c574976e476a9cd4a87c5f9245ecfaf2
SHA1 250bc799718408ee93d229d49ed691d6fc389e7a
SHA256 9a66278b59ee7be5efa51fad9b4d71640bc0cff25809f7831a5530e997c66921
SHA512 0c3542245ada2ecad7fd7fc5fdf31f1ef3da6c701033fda1bdab9887aa78532dd247db4f82fd660b1fb85e8b9e4d4d177da4b03573c71c230ee35d5aa5cd435b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 18004377d6b884ebe56f7c66125e6262
SHA1 9ea64a67db16f75f27a2747e02d53e6dd555200f
SHA256 ee6e88f6e9d71c7b496accad4b9ba148891cf476866ed26c4971eb8a2dc7a0c4
SHA512 9babdb24244adad4bdfc66bc58e3208f06b9b9961ddb0c8555b6e8237f8f0000de784489b03373924edcad256fc99f0f805ae0b92352e66aae87682c5656d7e9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 299823c70579831ac3b291afdaf1043d
SHA1 419914a18f9107b2c4d7347b348443819e51bbe0
SHA256 0eb2c87222efe5a472976fffde4e0f9812be0d442cbe3ac8012c44de782bf3d5
SHA512 30cbf3fff5bca3f4b80575cc99a48f34452b9e6d2668bd3e588b6d640b5cb90b52278aaa3293f0292c6e76cac1ecc9c47bb810a7b602c3c862553758db4a2413

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 90424304c06c1eb37e08218d5a9ff113
SHA1 510dfa74fd9d2dbdb3cdee61f4bb2b269c883224
SHA256 b4116315ab9b9b8c9a753ab43a41e857f9008b6024c9c5c72c2815feeda8be93
SHA512 9ca3c1bab5f6a7299e9f1859e98f8e613308a476e1f825961be5d416acaef2f93f0a613b8739c4ccafe93579187dd9ee493cacce4c2e55ecbbf1145b91b09eaf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fb7c483cbe392d264dcba63725179403
SHA1 b75455938390a301507f8d668627db9e279b66ea
SHA256 49d6074fb1f0017ec0f7012881c13c208b0a13a4de1609180a514748d6cbd3d0
SHA512 e7ace9013358e03f0ed0180c3c8fb2e0c70d17ed7366d876b6c41f8c9c424803b7833cc3f4c4098294a5e58c004976c6c4a9f754d9bfd4128b34d9f6ee4606d8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 da90bd0706e0a734979dc405de492fe3
SHA1 1c126b67f0233998aac77a395a7a5c9e45681af3
SHA256 695e0df91b8e994ef2ffb21e329868253a250eb612b8a01978abdd68ca39bd17
SHA512 f4c0936e33c00db72d83eaa577cb3b3944eb7b893af8bfcc65a533864718422f85b119143c059dd46152e398ec827c6af502068112454dbea3341e79f7b91dbc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b14efe91c7ce43daef3ffd71e57bed39
SHA1 d3caa112966d76f76f2655842be8fe76580ad83f
SHA256 a9a70a8e731badc651447af91819ef179282205eb4add6360704611861f066b9
SHA512 2130daa3b2b25e74cce5f3085b028cfc9f0cfb4deaa05b041d24ebdcb20843115060793a3af8a8a40348e5379dab16c21978c36cb72637b48c2a99ee3c17380e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 20155a4d494a518d2e5c14147051173f
SHA1 db2d6a70b4de4b02de0175f8991e637c5f67650f
SHA256 ae67b7cd457b955cefa03bd4d974ef170ed5104564d7d533fb84cbfd1da8cabb
SHA512 16bfab5d4f524f3b18faac6ec26eebb44a119a4a387a239275148efcc4ee972a38bbb7ed1dd32945821b2af6fed18ad13a97968059b3c9a8ec086561a38f0177

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 afa851f3e0f9c99cbfbad0030dffc22e
SHA1 c764343384d6d1185b6ee7ae5b0c9632b2d976ca
SHA256 625d27b2e512d2e8a1e16a04c44b027c824479921beb18dd30abc652c6eb45f4
SHA512 0920f2948db33da3151a47550bd1452a600b1f35795c8465a2c050a800797f36deb15fc8ffd9ff93788b46695c5bf6b00e49ddb9a379527cc20820b3b138e0d7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 04bfbc0aeb205bcea91579ad1cf05cb4
SHA1 c0b25b41cfb1f0d4b4e1757cf4a914f5ed7b7f91
SHA256 1a3e190182afed412fef77c3fb66882d3d5320bc2707a4e1499cd8ec17d48e0e
SHA512 368ea8d2b009ccb89818b18e07cdd8be53fec0284967d56e2d41b5a6ab3b98237f81e8dea7a9473af72b38b415c37d7a9b604780faea9a879bdf5e95a0944f00

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cee05290179df63e627dc767ca5a0ad3
SHA1 95219c4a396e77e20293c6a54c937e7e28564210
SHA256 960549e63d6f646867123dabaa07299ee468e92a746693bdd3b908a7721e9e95
SHA512 49f1c99471bbd3ec13230266b3cd92a887e478b4b77d39f120a1e6519eea898aa9c0da0db2136529237e3af4031f2fbb337cf0ef12f1ecea36db3a96d20d6617

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 52436c10f3043e900b93a778ae611603
SHA1 5333dd7d9a6f482a0f6780d23e6175cb1c3118d1
SHA256 63cc12287f8093d38cedce9c6e8cb8d7e111c5eece3260b7bbc509a62560bfae
SHA512 647346f8b031a8bd44591dd07160e24cf6b8c47880d5056a510b4a290dfac114a3fba7fedeac526818cbb9730625caf0ec4015a5e71323303912898e6e5fe72b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 986a4f9ce3edbb522565d7939b205ccf
SHA1 1e4b8a1c4bd57d9cea0597c4603e740d0b0db273
SHA256 68a24a68c7665fa64dcf913c19b7c10ebcd79284007b908e873c94cd92e61e72
SHA512 c5a17875b74bc95e89b4ead29b529e4a3d2ac3e37a6378a76e02610d37b0c537593b85062dcdb7150de142e07bd3c0cfe686702a9178dd18c461401c9434e624

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-28 12:55

Reported

2024-10-28 13:20

Platform

win10v2004-20241007-en

Max time kernel

149s

Max time network

153s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\79bcf5380e83d3054c98a180aff67563_JaffaCakes118.html

Signatures

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3420 wrote to memory of 4732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3420 wrote to memory of 4732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3420 wrote to memory of 1128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3420 wrote to memory of 1128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3420 wrote to memory of 1128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3420 wrote to memory of 1128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3420 wrote to memory of 1128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3420 wrote to memory of 1128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3420 wrote to memory of 1128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3420 wrote to memory of 1128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3420 wrote to memory of 1128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3420 wrote to memory of 1128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3420 wrote to memory of 1128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3420 wrote to memory of 1128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3420 wrote to memory of 1128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3420 wrote to memory of 1128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3420 wrote to memory of 1128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3420 wrote to memory of 1128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3420 wrote to memory of 1128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3420 wrote to memory of 1128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3420 wrote to memory of 1128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3420 wrote to memory of 1128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3420 wrote to memory of 1128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3420 wrote to memory of 1128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3420 wrote to memory of 1128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3420 wrote to memory of 1128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3420 wrote to memory of 1128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3420 wrote to memory of 1128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3420 wrote to memory of 1128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3420 wrote to memory of 1128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3420 wrote to memory of 1128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3420 wrote to memory of 1128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3420 wrote to memory of 1128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3420 wrote to memory of 1128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3420 wrote to memory of 1128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3420 wrote to memory of 1128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3420 wrote to memory of 1128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3420 wrote to memory of 1128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3420 wrote to memory of 1128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3420 wrote to memory of 1128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3420 wrote to memory of 1128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3420 wrote to memory of 1128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3420 wrote to memory of 3744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3420 wrote to memory of 3744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3420 wrote to memory of 4308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3420 wrote to memory of 4308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3420 wrote to memory of 4308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3420 wrote to memory of 4308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3420 wrote to memory of 4308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3420 wrote to memory of 4308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3420 wrote to memory of 4308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3420 wrote to memory of 4308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3420 wrote to memory of 4308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3420 wrote to memory of 4308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3420 wrote to memory of 4308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3420 wrote to memory of 4308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3420 wrote to memory of 4308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3420 wrote to memory of 4308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3420 wrote to memory of 4308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3420 wrote to memory of 4308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3420 wrote to memory of 4308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3420 wrote to memory of 4308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3420 wrote to memory of 4308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3420 wrote to memory of 4308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\79bcf5380e83d3054c98a180aff67563_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb91b646f8,0x7ffb91b64708,0x7ffb91b64718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,3297773014622857508,12824740663570449117,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2040 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2024,3297773014622857508,12824740663570449117,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2408 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2024,3297773014622857508,12824740663570449117,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,3297773014622857508,12824740663570449117,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,3297773014622857508,12824740663570449117,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,3297773014622857508,12824740663570449117,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,3297773014622857508,12824740663570449117,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,3297773014622857508,12824740663570449117,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,3297773014622857508,12824740663570449117,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,3297773014622857508,12824740663570449117,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,3297773014622857508,12824740663570449117,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2024,3297773014622857508,12824740663570449117,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4692 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x4f4 0x49c

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,3297773014622857508,12824740663570449117,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2180 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,3297773014622857508,12824740663570449117,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1008 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,3297773014622857508,12824740663570449117,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6492 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2024,3297773014622857508,12824740663570449117,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5964 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2024,3297773014622857508,12824740663570449117,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5964 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,3297773014622857508,12824740663570449117,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6396 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,3297773014622857508,12824740663570449117,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6488 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,3297773014622857508,12824740663570449117,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4100 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,3297773014622857508,12824740663570449117,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6324 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,3297773014622857508,12824740663570449117,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7024 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.blogger.com udp
GB 142.250.178.9:80 www.blogger.com tcp
GB 142.250.178.9:80 www.blogger.com tcp
US 8.8.8.8:53 iwebgator.com udp
DE 91.195.240.123:80 iwebgator.com tcp
US 8.8.8.8:53 smilecampus.blogspot.com udp
GB 142.250.178.1:80 smilecampus.blogspot.com tcp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 9.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 123.240.195.91.in-addr.arpa udp
GB 142.250.178.1:443 smilecampus.blogspot.com tcp
GB 142.250.178.9:443 www.blogger.com tcp
GB 142.250.178.2:80 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 s7.addthis.com udp
US 8.8.8.8:53 www.linkwithin.com udp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 2leep.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 img1.blogblog.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 www.blogblog.com udp
US 104.21.29.45:80 2leep.com tcp
GB 142.250.180.1:80 2.bp.blogspot.com tcp
GB 142.250.180.1:80 2.bp.blogspot.com tcp
GB 163.70.151.21:80 connect.facebook.net tcp
GB 142.250.180.1:80 2.bp.blogspot.com tcp
GB 142.250.180.1:80 2.bp.blogspot.com tcp
GB 142.250.178.9:80 www.blogblog.com tcp
GB 142.250.178.9:80 www.blogblog.com tcp
GB 142.250.180.1:80 2.bp.blogspot.com tcp
GB 142.250.180.1:80 2.bp.blogspot.com tcp
GB 142.250.178.9:443 www.blogblog.com udp
GB 163.70.151.21:443 connect.facebook.net tcp
GB 142.250.180.1:80 2.bp.blogspot.com tcp
GB 142.250.180.1:80 2.bp.blogspot.com tcp
GB 142.250.180.1:80 2.bp.blogspot.com tcp
GB 142.250.180.1:80 2.bp.blogspot.com tcp
US 8.8.8.8:53 twitter-badges.s3.amazonaws.com udp
US 8.8.8.8:53 img2.blogblog.com udp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 www.avalanchers.com udp
US 52.216.211.217:80 twitter-badges.s3.amazonaws.com tcp
GB 142.250.178.9:80 img2.blogblog.com tcp
US 13.248.169.48:80 www.avalanchers.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 1.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 2.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 45.29.21.104.in-addr.arpa udp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 30.179.139.118.in-addr.arpa udp
US 8.8.8.8:53 21.151.70.163.in-addr.arpa udp
GB 216.58.204.66:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 www.google.com udp
GB 216.58.212.196:443 www.google.com tcp
GB 184.26.134.46:80 s7.addthis.com tcp
US 8.8.8.8:53 www.facebook.com udp
SG 118.139.179.30:80 www.linkwithin.com tcp
GB 163.70.151.35:80 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 66.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 42.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 196.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 46.134.26.184.in-addr.arpa udp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 217.211.216.52.in-addr.arpa udp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
US 8.8.8.8:53 apis.google.com udp
GB 142.250.200.10:443 ogads-pa.googleapis.com tcp
GB 216.58.213.14:443 apis.google.com tcp
GB 142.250.200.10:443 ogads-pa.googleapis.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 10.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
GB 142.250.187.206:443 play.google.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 video.xx.fbcdn.net udp
GB 163.70.151.12:443 video.xx.fbcdn.net tcp
GB 163.70.151.12:443 video.xx.fbcdn.net tcp
GB 163.70.151.12:443 video.xx.fbcdn.net tcp
GB 163.70.151.12:443 video.xx.fbcdn.net tcp
GB 163.70.151.12:443 video.xx.fbcdn.net tcp
GB 163.70.151.12:443 video.xx.fbcdn.net tcp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 12.151.70.163.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 68.209.201.84.in-addr.arpa udp
GB 216.58.212.196:80 www.google.com tcp
US 8.8.8.8:53 www.google.co.in udp
US 8.8.8.8:53 www.zaparena.com udp
US 8.8.8.8:53 www.yousaytoo.com udp
US 8.8.8.8:53 www.paypal.com udp
US 8.8.8.8:53 www.bloggernow.com udp
US 8.8.8.8:53 simplehitcounter.com udp
US 8.8.8.8:53 www.zimbio.com udp
US 8.8.8.8:53 blogginggratis.org udp
US 8.8.8.8:53 www.getfreebacklinks.com udp
US 8.8.8.8:53 g2.gumgum.com udp
US 151.101.65.21:80 www.paypal.com tcp
US 172.67.155.157:80 simplehitcounter.com tcp
US 8.8.8.8:53 www.blogflare.com udp
US 172.67.146.176:80 www.getfreebacklinks.com tcp
NL 212.8.249.233:80 www.bloggernow.com tcp
LT 79.98.26.232:80 www.yousaytoo.com tcp
LT 79.98.26.232:80 www.yousaytoo.com tcp
IE 63.34.190.112:80 g2.gumgum.com tcp
GB 216.58.213.3:445 www.google.co.in tcp
US 8.8.8.8:53 www.mynewblog.com udp
US 8.8.8.8:53 www.india-topsites.com udp
US 8.8.8.8:53 www.top100add.com udp
US 151.101.65.21:443 www.paypal.com tcp
US 8.8.8.8:53 stats.topofblogs.com udp
US 54.209.32.212:80 www.zaparena.com tcp
US 172.67.177.143:80 www.mynewblog.com tcp
DE 159.69.83.207:80 stats.topofblogs.com tcp
US 172.67.155.157:443 simplehitcounter.com tcp
US 8.8.8.8:53 www.topblogarea.com udp
US 8.8.8.8:53 js.gumgum.com udp
US 8.8.8.8:53 www.blogtoplist.com udp
NL 18.239.18.60:443 js.gumgum.com tcp
US 172.67.177.143:443 www.mynewblog.com tcp
US 162.215.117.222:80 www.top100add.com tcp
US 8.8.8.8:53 www.topblogging.com udp
US 8.8.8.8:53 www.ontoplist.com udp
US 8.8.8.8:53 www.freewebsubmission.com udp
US 8.12.18.87:80 www.ontoplist.com tcp
US 74.208.47.213:80 www.freewebsubmission.com tcp
US 8.8.8.8:53 www.hugedomains.com udp
US 162.215.117.222:80 www.top100add.com tcp
US 104.26.6.37:443 www.hugedomains.com tcp
US 8.8.8.8:53 www.paypalobjects.com udp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 8.8.8.8:53 www.sonicrun.com udp
SE 192.229.221.25:443 www.paypalobjects.com tcp
US 74.208.47.213:80 www.sonicrun.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 8.12.18.87:80 www.ontoplist.com tcp
US 74.208.47.213:80 www.sonicrun.com tcp
US 104.26.6.37:443 www.hugedomains.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 www.blogtopsites.com udp
US 74.208.47.213:80 www.sonicrun.com tcp
US 54.87.82.0:80 www.blogtopsites.com tcp
US 8.12.18.87:443 www.ontoplist.com tcp
US 8.8.8.8:53 img1.top.org udp
US 8.8.8.8:53 21.65.101.151.in-addr.arpa udp
US 8.8.8.8:53 157.155.67.172.in-addr.arpa udp
US 8.8.8.8:53 176.146.67.172.in-addr.arpa udp
US 8.8.8.8:53 233.249.8.212.in-addr.arpa udp
US 8.8.8.8:53 112.190.34.63.in-addr.arpa udp
US 8.8.8.8:53 232.26.98.79.in-addr.arpa udp
US 8.8.8.8:53 143.177.67.172.in-addr.arpa udp
US 8.8.8.8:53 207.83.69.159.in-addr.arpa udp
US 8.8.8.8:53 60.18.239.18.in-addr.arpa udp
US 8.8.8.8:53 212.32.209.54.in-addr.arpa udp
US 8.8.8.8:53 113.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 222.117.215.162.in-addr.arpa udp
US 8.8.8.8:53 25.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 8.8.8.8:53 87.18.12.8.in-addr.arpa udp
US 8.8.8.8:53 213.47.208.74.in-addr.arpa udp
US 8.8.8.8:53 37.6.26.104.in-addr.arpa udp
US 8.8.8.8:53 www.blogrankers.com udp
US 74.208.47.213:443 www.sonicrun.com tcp
US 8.8.8.8:53 www.blogratedirectory.com udp
NL 185.182.56.134:80 www.blogratedirectory.com tcp
HK 47.75.130.169:80 img1.top.org tcp
US 8.8.8.8:53 img.britishblogs.co.uk udp
US 209.90.91.147:80 www.blogrankers.com tcp
US 8.8.8.8:53 revuwire.com udp
NL 188.116.45.164:443 revuwire.com tcp
HK 47.75.130.169:80 img1.top.org tcp
US 209.90.91.147:80 www.blogrankers.com tcp
US 172.67.210.120:80 www.topblogging.com tcp
US 8.8.8.8:53 134.56.182.185.in-addr.arpa udp
US 8.8.8.8:53 0.82.87.54.in-addr.arpa udp
US 8.8.8.8:53 164.45.116.188.in-addr.arpa udp
US 8.8.8.8:53 120.210.67.172.in-addr.arpa udp
US 8.8.8.8:53 www.google.co.in udp
US 8.8.8.8:53 gelgit.tk udp
IE 63.34.190.112:443 g2.gumgum.com tcp
US 8.8.8.8:53 aba.gumgum.com udp
US 8.8.8.8:53 c.gumgum.com udp
US 8.8.8.8:53 gumgum.com udp
NL 18.239.50.48:443 aba.gumgum.com tcp
NL 18.239.18.60:443 js.gumgum.com tcp
NL 18.239.36.98:443 gumgum.com tcp
NL 18.239.36.41:443 c.gumgum.com tcp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 48.50.239.18.in-addr.arpa udp
US 8.8.8.8:53 98.36.239.18.in-addr.arpa udp
US 8.8.8.8:53 41.36.239.18.in-addr.arpa udp
IE 63.34.190.112:443 g2.gumgum.com tcp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 ep1.adtrafficquality.google udp
GB 172.217.169.2:443 ep1.adtrafficquality.google tcp
GB 142.250.178.1:443 smilecampus.blogspot.com udp
GB 172.217.169.2:443 ep1.adtrafficquality.google tcp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
GB 172.217.169.1:443 ep2.adtrafficquality.google tcp
US 8.8.8.8:53 2.169.217.172.in-addr.arpa udp
GB 172.217.169.1:443 ep2.adtrafficquality.google udp
GB 172.217.169.2:443 ep1.adtrafficquality.google udp
US 8.8.8.8:53 1.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp
US 8.8.8.8:53 26.73.42.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e443ee4336fcf13c698b8ab5f3c173d0
SHA1 9bf70b16f03820cbe3158e1f1396b07b8ac9d75a
SHA256 79e277da2074f9467e0518f0f26ca2ba74914bee82553f935a0ccf64a0119e8b
SHA512 cbf6f6aa0ea69b47f51592296da2b7be1180e7b483c61b4d17ba9ee1a2d3345cbe0987b96f4e25de1438b553db358f330aad8a26e8522601f055c3d5a8313cdd

\??\pipe\LOCAL\crashpad_3420_LEYAWPROOLCLHTYC

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 56a4f78e21616a6e19da57228569489b
SHA1 21bfabbfc294d5f2aa1da825c5590d760483bc76
SHA256 d036661e765ee8fd18978a2b5501e8df6b220e4bca531d9860407555294c96fb
SHA512 c2c3cd1152bb486028fe75ab3ce0d0bc9d64c4ca7eb8860ddd934b2f6e0140d2c913af4fa082b88e92a6a6d20fd483a1cb9813209f371a0f56374bc97d7f863b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9f58359e1ee3648ce162b248b66e1e05
SHA1 0eca716963be07052b1a0047d23484858337ea56
SHA256 d6828113c4e9e68bb66803ecf53c33f3b757f84d614e2227020e03f6239a0a26
SHA512 87f841921ba1803dd07210022d28c0150cd0f8a096cae6262eabf716186175d67ca2df873b3c59dca92c46f32ee28a49221292bb43be2da561420284ee573d16

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 96e57e5dd3ed0211a433d16571922e2a
SHA1 53f74fe529652d1ba2713c6638b8f1564403c8a7
SHA256 abdcf61ed91b2d799e682c59b2b40dd004e276eab880bbc20b5f4131478374ed
SHA512 799ea066027d7ceab148ff3ba9a014389dc7184f9dad725388f311e6d173cff3cc2b9af19f827d37197f2f1908b0e50d162fa1b698cbfa74898b95225a3f1977

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2d3fa48454d9948d31ece2603c3fa9dc
SHA1 0e80810ac744cd7ef7e785d1b0834ba2a1b0545c
SHA256 bd399d6c548cfad60f5407e3a491004a085733091c678183022f9cb56ee04a80
SHA512 70a972fb231dff11317b772bc5c2e2b1b971260ce2b33a8148cd3fa516463b783532a1a3af9bde0c2097be5be17670d2f37a837fe6980954fecf8210ddf86e61

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 5e85f3fd356174dfa55e7bb72ee79346
SHA1 f6bf0e8511578d7395eeb1488e6bbc4dc69e30b0
SHA256 ab161e9da2b7abe27e2d9aa5b175b8038263a0058bb42e1246a6614368625c06
SHA512 7583246b97a4624baacf85ad0c4a705cfd7974611199206cc26101a3c1274ec8821c9bf7aff5e8a11bda3fa6c274a64139c58719e046b8fc8a1faa075c49537e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 fc1814265aafba298f9e635847698ca6
SHA1 085e763d6624a7fc15f04c934b1c355b1b42fa4f
SHA256 6dc2d9a3894a1da814ac11b49ab30383c025363dd703eea937f252eb9279fbdb
SHA512 5e9e381fb88d80ecc60fdc1f68397f1d8eebe1fa02682cacbf87dd363889fb3513931693ea193e6ac926ab5554031171e5810b9bbbddf9b1f9515cce9ef5ec42

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe583b00.TMP

MD5 9476fa2e2e72154c2deb699f2c666ddf
SHA1 8ce48c0ac8b3eada1312a9a6def197f916e21d8c
SHA256 73231d6a9fb0f8209ae8f758f8cc825e9a3c822e4f178c9eb49aefb7d8eb570c
SHA512 912d130538016e70df3da457a83249171618049303fc798a26f20fa24faa119dfe734c6bb0e60edbb3dd91ab5fe2c787bb91ef2c27168f9cde6d89ad989aaa9c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9e5dc03bb1859a506ab09c33d3ba4687
SHA1 1f818d8ec83b940472dbc75107c20c2bff26b9de
SHA256 9004278d7c314f2b177b63964d6fa3165722a7f04fb4ed034e8e828442128bab
SHA512 798a694ff6ef97d490728dfa808d69a9d617e466c740b9546a46cb1fdd44ba1ff948934c1ea3b2d26cecde1d35af703cdbea71c188079bdf5244eb7d6663ccd9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 73b864a2e05935d9d0c62e906a82057e
SHA1 91ba2916409f394ac9dad1c66513a5db215bdc3a
SHA256 b90034b92c8fa7bd5f060dd5e06f8192546474d45a461fbb157143ebf289c677
SHA512 f4d0ad0faa364c6dd57e0721e7773fcefecf3f2c26433add6d742f77ce450edbf1bbf77744560e8cefd1320164404c26e4b30cd13fa52e343970d9fb78137b05

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3f69cae1bdacdccff0f786309d6959b2
SHA1 b8949e0aea37c9a5391fc74164dc4c96de2c8a52
SHA256 6237637bbf0efded3be18b17bcf96e2ee7374ed833d6f6fa7695317ad96c24f7
SHA512 16e1eafc8515cc1ce13c3f56f7d617236b50db18353c569ae67bc957364a062609aee7ef1e1fe672b9d12d483fe8804a2f9bed6fd59ecbbe4e85999137bf880f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 8ea300a80b7c31c95b3d9e978bc23ac8
SHA1 d573873ee1a3172b6a0e7b1d21515fe8c5fe65de
SHA256 ff55e432e3ba4f72271d032f8c480ce09433ee386545647fda4143ce79721748
SHA512 d04ddcae592d5f54aa12b2820a18c6c116f31434be03c4e9a0e9e93231787a88639d809f08dc3ed5e0d31fe8dd62d704d75a1b0812e317635951cf014f48a4c6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 07f9605fb3d7f8df24d01915f5452fba
SHA1 a4814baf0beb558c6803122f2f3d2978964f3e24
SHA256 9303bd21e4ec79fdfe4b7a6870128cc599a07109a2041e6e3ccf40bc4c2ceaa5
SHA512 6ac40fa7dcb4a5611634a5e580fddd7f316e42724f6a40b1dac0dd49b87ddcd8adabada1dbfe489c9ed8d85b5f68be6eb22609ea8d44cebaf11ea126b6eb2344