Malware Analysis Report

2025-04-03 14:22

Sample ID 241210-hn656ssnbr
Target dd85088dc2deb7bd5b58c92943cfb150_JaffaCakes118
SHA256 e544729af41ffbd4ad735fcc73fd8b2097e86f7bd845d2be226e0f4554471297
Tags
socgholish discovery downloader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

e544729af41ffbd4ad735fcc73fd8b2097e86f7bd845d2be226e0f4554471297

Threat Level: Known bad

The file dd85088dc2deb7bd5b58c92943cfb150_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

socgholish discovery downloader

SocGholish

Socgholish family

Legitimate hosting services abused for malware hosting/C2

Browser Information Discovery

System Location Discovery: System Language Discovery

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-10 06:54

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-10 06:54

Reported

2024-12-10 06:56

Platform

win7-20240708-en

Max time kernel

142s

Max time network

137s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\dd85088dc2deb7bd5b58c92943cfb150_JaffaCakes118.html

Signatures

SocGholish

downloader socgholish

Socgholish family

socgholish

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e00af987d04adb01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000cfe2bb2a427e6a44aeae20a27146dc1800000000020000000000106600000001000020000000a634db2c4ea672c537d0edbc80af9fe56b45fe32505f3ab1c09ab35a9ec66623000000000e80000000020000200000000e6bd39af43e34c58ae67bddf6063f4caac459ff8484ef01910b3ae45957fa3090000000cc165ea95f424bd8dbf387e1a6fc6530a0460b943d1e5db4b78b814a03725712219f90fb460f48d6d597baa61d36893624770d0940cf9e956758fa0783581eac381cf9c4dbea8783af78ab0c7931b01f274e80a9fd350bdae035d7565b53183b56bbfb9e8f771fbfc17735ab2316c8923d18b6029ec4c71bc3a037a1011f79a2793c0225fcc59ccee0ac65a18caaef64400000003aacc3d8a2e9ce020931941897276f7f2380595221edd0c6e3bef7efd07357a7541dc5b0527dc30385309c2696ec366aae4fc70645c672cc11864e74cf5d3332 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000cfe2bb2a427e6a44aeae20a27146dc180000000002000000000010660000000100002000000065a4ee3b175e20e3bf7a3fbaaa866109392b058bf2932930d69ec30f29ccfecc000000000e8000000002000020000000eddcbfc65806a8322f3c664137095255743b0ef7540686e0d2a7ebebb718f5ad20000000a6f2d606ee682807048229fe31249e7a58f03ad2501af4e63ea50f260e8d189540000000e20696443b9cc5a30922549d17315ce450ca5566ae62e7e580c849de51f950a1931435a7b1e744d62af24d47771ed933475647d1dcaeaa2b87f03cbda5851ec3 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "439975511" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8AAFAEB1-B6C3-11EF-B5D6-4625F4E6DDF6} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\dd85088dc2deb7bd5b58c92943cfb150_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1716 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.blogger.com udp
GB 142.250.179.233:443 www.blogger.com tcp
GB 142.250.179.233:443 www.blogger.com tcp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
US 8.8.8.8:53 bloggeradsenseo.googlecode.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 abuiyad.googlecode.com udp
US 8.8.8.8:53 yourjavascript.com udp
US 8.8.8.8:53 w.sharethis.com udp
US 8.8.8.8:53 im79.gulfup.com udp
US 8.8.8.8:53 im69.gulfup.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
NL 18.239.83.77:80 w.sharethis.com tcp
NL 18.239.83.77:80 w.sharethis.com tcp
US 13.248.169.48:80 yourjavascript.com tcp
US 13.248.169.48:80 yourjavascript.com tcp
GB 216.58.204.74:80 ajax.googleapis.com tcp
GB 216.58.204.74:80 ajax.googleapis.com tcp
NL 108.177.96.82:80 abuiyad.googlecode.com tcp
NL 108.177.96.82:80 abuiyad.googlecode.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
NL 108.177.96.82:443 abuiyad.googlecode.com tcp
NL 108.177.96.82:443 abuiyad.googlecode.com tcp
NL 18.239.83.77:443 w.sharethis.com tcp
NL 18.239.83.77:443 w.sharethis.com tcp
NL 18.239.83.77:443 w.sharethis.com tcp
NL 18.239.83.77:443 w.sharethis.com tcp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 s08.flagcounter.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 lh4.googleusercontent.com udp
US 8.8.8.8:53 www.kirsle.net udp
US 172.93.107.85:80 s08.flagcounter.com tcp
US 172.93.107.85:80 s08.flagcounter.com tcp
GB 172.217.16.225:80 3.bp.blogspot.com tcp
GB 172.217.16.225:80 3.bp.blogspot.com tcp
GB 172.217.16.225:80 3.bp.blogspot.com tcp
GB 172.217.16.225:80 3.bp.blogspot.com tcp
GB 172.217.16.225:80 3.bp.blogspot.com tcp
GB 142.250.178.14:443 apis.google.com tcp
GB 142.250.178.14:443 apis.google.com tcp
GB 142.250.200.33:443 lh4.googleusercontent.com tcp
GB 142.250.200.33:443 lh4.googleusercontent.com tcp
GB 172.217.16.225:80 3.bp.blogspot.com tcp
GB 172.217.16.225:80 3.bp.blogspot.com tcp
GB 142.250.179.233:443 resources.blogblog.com tcp
GB 142.250.179.233:443 resources.blogblog.com tcp
GB 172.217.16.225:80 3.bp.blogspot.com tcp
US 138.197.203.11:80 www.kirsle.net tcp
US 138.197.203.11:80 www.kirsle.net tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
US 8.8.8.8:53 service.objectembed.info udp
GB 172.217.16.225:80 3.bp.blogspot.com tcp
GB 172.217.16.225:80 3.bp.blogspot.com tcp
US 8.8.8.8:53 lh6.googleusercontent.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
GB 172.217.16.225:80 3.bp.blogspot.com tcp
US 138.197.203.11:443 www.kirsle.net tcp
US 75.2.37.224:80 service.objectembed.info tcp
US 75.2.37.224:80 service.objectembed.info tcp
GB 142.250.200.33:443 lh3.googleusercontent.com tcp
GB 142.250.200.33:443 lh3.googleusercontent.com tcp
GB 142.250.200.33:443 lh3.googleusercontent.com tcp
GB 142.250.200.33:443 lh3.googleusercontent.com tcp
US 8.8.8.8:53 www.facebook.com udp
IE 31.13.73.35:80 www.facebook.com tcp
IE 31.13.73.35:80 www.facebook.com tcp
IE 31.13.73.35:443 www.facebook.com tcp
US 8.8.8.8:53 my-tqarob.googlecode.com udp
US 8.8.8.8:53 www.elahmad.com udp
US 8.8.8.8:53 04pro.blogspot.com udp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 cdn.adf.ly udp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 104.21.18.65:80 www.elahmad.com tcp
US 104.21.18.65:80 www.elahmad.com tcp
US 172.66.43.117:443 cdn.adf.ly tcp
US 172.66.43.117:443 cdn.adf.ly tcp
GB 172.217.16.225:80 04pro.blogspot.com tcp
GB 172.217.16.225:80 04pro.blogspot.com tcp
NL 108.177.96.82:80 my-tqarob.googlecode.com tcp
NL 108.177.96.82:80 my-tqarob.googlecode.com tcp
US 138.197.203.11:443 www.kirsle.net tcp
US 138.197.203.11:443 www.kirsle.net tcp
US 138.197.203.11:443 www.kirsle.net tcp
US 8.8.8.8:53 im79.gulfup.com udp
US 8.8.8.8:53 im69.gulfup.com udp
US 8.8.8.8:53 crl.microsoft.com udp
GB 2.19.252.157:80 crl.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
GB 95.100.245.144:80 www.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
GB 172.217.16.225:80 04pro.blogspot.com tcp
GB 172.217.16.225:80 04pro.blogspot.com tcp
GB 216.58.204.74:80 ajax.googleapis.com tcp
GB 216.58.204.74:80 ajax.googleapis.com tcp
GB 142.250.179.233:443 resources.blogblog.com tcp
GB 142.250.179.233:443 resources.blogblog.com tcp
US 8.8.8.8:53 sites.google.com udp
US 8.8.8.8:53 tqarob.googlecode.com udp
GB 172.217.16.225:80 04pro.blogspot.com tcp
GB 172.217.16.225:80 04pro.blogspot.com tcp
GB 172.217.169.14:80 sites.google.com tcp
GB 172.217.169.14:80 sites.google.com tcp
NL 108.177.96.82:80 tqarob.googlecode.com tcp
NL 108.177.96.82:80 tqarob.googlecode.com tcp
GB 172.217.169.14:443 sites.google.com tcp
US 8.8.8.8:53 o.pki.goog udp
GB 142.250.178.3:80 o.pki.goog tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 173.194.69.84:443 accounts.google.com tcp
NL 173.194.69.84:443 accounts.google.com tcp
GB 142.250.178.3:80 o.pki.goog tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab99E1.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar9A9F.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e100d6efb45e3983c689e79f177a069b
SHA1 b66420bb9eae1542a18fc457109df109bc5ab219
SHA256 9cdd279ce8cbe8bb3882ca27a860c20224ee1157eb365a0485ea0c14beeeee50
SHA512 cc9a1c04db6f81042af5b6cce0b4281866fe403444afef997497eec0873b141e9396157235204c9c8791225652fdd3d05d4d982544a35420f25d759d019eaaef

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 77597b073492226b14f56bf381bb6f1f
SHA1 ffb6c7dc91cd85a74f527efc260f83d053fcd9b2
SHA256 985f55970dafce4adc7284a1f77ed467bf4315dfa0f4a7520a058d52f908fdf3
SHA512 c55c3794f482256c927636f113b379f305b52ad51d8f9365185e85559d98ac41f439bd84cd4a222c5a8de79ee7e1fd5c9f06cc36d5d8ea2ae2d92aa56f8ea6f2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9db6521c81a23bec0dd8474c6d449b7c
SHA1 f5b26173f7aee25f79b77b214a1a33633abff897
SHA256 d04d5acf5e23a4fff939ec8f106a6657894b15faae2a8c6bd2e9263aa8e2bc4a
SHA512 066b1f84062c48aad3bcab7fdb383be75d5a3f00f0a02037b7dfe9cc296f62528d3a48a19ea588a6b8707dcf16c21bb9ce2f8feab64349a88ddda2d7d3464d31

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 1e152dcb3e90db0b796a13523e82b8a4
SHA1 90eb5d0b45998c27db283bba02daeda2b0daa374
SHA256 70bf1c63086e045979d713a5a2bcde9fd301f45d97fd2851a218e5e3669627cf
SHA512 bb7143d359037997d694ccf30b3bd63184a6b73ec9b7926a3111168c9262e557324002538547f5b79a263ab269c08d4841921acd99602479a463b27a1eabfb65

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dba6faf7fcafa2f8f6930f5d0d3ff1d0
SHA1 7e66d43361e0093187b7b3e2e4d4a5b4f26883de
SHA256 15170b68eee5549e193060a49a50cb9b6c9d965e454eee3148e6590aedd2a0d5
SHA512 f84c2f52bbbe1b8814b726439250e9de92a10cccb94906334c4663d9b951665f5d027c90fd13ef740361daa26fabea8bc6d4bd66225da944906cd52889397ec1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 8e607d4315e3d31b9618f586fedf8d98
SHA1 69dd9f125b8fe4cd8b10c0509d176813751b68fc
SHA256 b3a52eb31fa33e9c78330f7d0073e5c8768fd00ca51a56496a2829d82072f1d0
SHA512 064c0352572e2d6c72b260d862e2bc0733beb188cd7bd4555c64a96c99fe2a6af6650773ba51bed897c222d2e3d005a52b7d03f1e6c61df5ca571b63240c5ad3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 69737f1be8b5c71a859d92780ac67245
SHA1 6c5de4d360010a186f56452d89420e2e2f474786
SHA256 b017baf7bb82bb9eb05f63f6bed50fdb1f08ae4e7bcfcd8a5a6eea058460cad6
SHA512 278927a93d05f1615022938740b9e9c22c798d5b5482dfdbe1d077fe75c015010de06b92dced7c90c95a05f42a29e48d7078845c8636ab2b4faee7c0423e2dcb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bfe168e53efc1be9240423f6dd05c0ed
SHA1 082c135ecc74717d4bbe2299e4ff33ce681690e9
SHA256 114b42b9fdf7b4fef8967ecafdec10d23e5ca7eb14cf2aecb3bf757e2825b6b6
SHA512 3046e6f26df5c2844da8a3ee521965513b7ef6d2266892d4b0968207e8442ee105005ac7fba606f4e132858fda6ed1c354994e2ec8eafd179850b3a845e71be6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 458d27b33f0fb8e82e6e45c1b0bcaeac
SHA1 0eb29af934c423e5b0f441f62658f7a3eb529c56
SHA256 d0e25120007d151cf817e28daf3a9fcbb6a570b351ca2992ca30e10485c9fc33
SHA512 58038c310d2fc30d78106adbf4513b063273bd769ad55e9957a0f3591ad74a4b08ff822dd85aa406ffd1b48e3d1a4c3e2cc3bf08aab22b2cb04ad5c31ef0c6b6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b4d8efeba1a0778000f7ecf1e1a199fd
SHA1 6e326da2b8f9b0841e53cf291e92990d0d9e5636
SHA256 db7e176dc6eeed7bce6605a8d3345ed98feb44a41845526569f5c1ddf7f3541c
SHA512 1ed71f82f4833b6baca4cf135d0d088a8bbfe897ddb887dae94e143ac6712dbfdf7b2542a77de8f8aa14f10ce9bb388001d1173897b3d5e040066ac2cc83f941

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dbcbfcf42d67bdb342a78ab925dcc8db
SHA1 3e3e0269baf368886a84b9b34393855d72faaaf3
SHA256 f4abf1e1b3fd0d5721566003feeaaadf20630de4206a5540b5fc54d9d217f571
SHA512 571fd2d94fffe7616fc4ed76c85ee81f52ce3230e3df33b6a26710ed36385970783f2ffc332a6313294d6059cdbecf025d85461be343d750bc081abd852ac098

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 097f6c6b62e56d20c5847ab9edf2aaa5
SHA1 d878cd6266b4c798930300ee4c7e68f85d17363c
SHA256 cb27d1618395e57e7de215a3f9e48d4c1903a1864a1a52646dfdf37bd38bd6a2
SHA512 9a2e75f83d9bc073b58042ab1debe4fd0453b6591548dc2259e61c6743c5866b42e4da2a4edc0e3bd6ac446dcd3578151f71baaaef9113c178646de3cbdd6f54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e582d25bbb8cecb11eae149b630a114f
SHA1 c6fc084dcff230ffec316e7dd896aa6d6307b2f9
SHA256 942a94eedc90b157f9ea227975913e0608f1da3fc4c3d204b801208e2c7bdc35
SHA512 c92ef1fcf625dbeb66fbec52376ee1ccfa559b58b7e0af96e687a5c3b356d21b09d7dcb6cdcfdb44e04266bcf9c9545b3702436c53de9a1c0cb85e971b74cdcf

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UQFHO95Z\plusone[1].js

MD5 2693cd35d818b48f4cd562c6abe0db29
SHA1 131c844eb658219966c722b60cc12c8a542ebe06
SHA256 911fa262008c6ef2bcf8448ad83a5aa8129c39355b98d957f5c7dde2babf9b7c
SHA512 4f692bd49811addfe89d14b156fed6513f04ec4be2629086a8b66ddcd6e7b8b7df149fa017173824c30f7492c2320a3d7b9c0344d5e1f7074742558125654f1f

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\39GEHZPO\jquery.min[1].js

MD5 10092eee563dec2dca82b77d2cf5a1ae
SHA1 65cbff4e9d95d47a6f31d96ab4ea361c1f538a7b
SHA256 e23a2a4e2d7c2b41ebcdd8ffc0679df7140eb7f52e1eebabf827a88182643c59
SHA512 cc92cf5a9b3a62a18af432fdffb81b76da84e2f43ce3c7800a919c10809118d0611e29a47f103ff3df18a54d5331bc5f06ef4771dc406cc763b30ff2a66a3e81

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bc0fc46aa5dc5cc7323be16468a884fb
SHA1 740cec804eb90ebd30ce8f21708f31f06d256828
SHA256 2ba3daecbcbbfd54838ce57840a45fcb96705b88c756d651286ed918b069f601
SHA512 3c24f1d61d35fcaaa5cfdac53e7d5bcad7816985fafef02e97f3899496c4b19f8fb46c92406784c4bd0dd3fee88f96a1b819bcddae0510bb1dc730d7b9ca156a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 25782351eb04be2c61d01e4a9390d3c1
SHA1 f6d2e4f3a3268d42127b5956b58ea9000921d8c9
SHA256 b15eeead37a699ec014b1ace2b4747ab49a0e18668bc9c0ba8beb8589ac69d0b
SHA512 4d14149b7fa7c511c3ef2c43d7f10c43e305c557b5a9404dd3c633ebde0d471855f831ce9dacb9cba97b761c466cd23331ef6a22c69fac9ad2d92754f2383eb5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e100e2da10fe57dea9e07db336829d23
SHA1 3d038c71e687011b665e9ea61dcef8ac9414027f
SHA256 7fdedddf5c7e8238ebc0b2502cbad07c20081d83902284291f18660900d7778e
SHA512 bc7ba78b7f51fe6f1f5fa83f7144df07d022c7c9d4c8cab8fea0d21f89d5e738c05b8cabd1f99f481519bcbb9e1b2c7b4f510d1d9b0bbd50165255bd93a0276f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ee429978f3367a5c0d968ba6493c5879
SHA1 d2af23fe3b8354835db02e1770e3448842121b6b
SHA256 ec7a8603e4363bda6890af186fa6bd5e919da0c9d7febd8af1a1bbab3b69fd1c
SHA512 9b6f60c5aa5074ffb12fc4a1381c18f72c20d42749a4032743404bbf554f80088ba7c0944bb0d1c3cfd5ede0f43c26dde009fa715303cee4cb8abd34a2298d6f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0f49fd40d309344fbd54df3a4b73fd79
SHA1 6d59a2ba43ea7475b6adbd3682f8b8f8be42e0b9
SHA256 b554f486d9ad34d47d5cd5f888587129aff404fa3082aacb13d694a458bf5ed3
SHA512 eb7311ac11ce6dba0ea56afdf211a2420dfb7420a1d4a5164b8a4c87c3c2ecbb40eff6965155d9b6fd86a2dfe4b5e461e4e5cb51745a65ec4d86fde1815f38cb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9b041fc3cc629c763e8c1117f616af13
SHA1 a7308f4a3acfd15658ddeea6c7d34f4757d1ca8f
SHA256 2ebfdd57a8aa9bbc9bec47b62c8759f970e9d5af5cb3cef0489007aef9981a4f
SHA512 617f0831cebef2da1fdd30c331ec70f8cb75c050978c6286527d9cce3c4c5aff6dfabe07686f90f92370c49851563b34e920a06358792bffa8c975397d7e4070

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bd7f3442070d4da32a18b15826421213
SHA1 ece471ce88767283737c41d9afe4037aae4b2acc
SHA256 33ad0c9f5a153a7159c3a711215cfbeec0bd201799d1f3eaf06c173c8b7ec245
SHA512 d71473a8d195f40e37e18e2c7b37e8559c609f2e91d3389c594d3befc4d9ecf71989cc2fb7c8ff4fabd1d63a6eb0e6db15ee7aebac4896cdd650bfc401d6c091

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 311df71e80e5e3c406a4a8a02947bb09
SHA1 dcb3ea3b86ec98b681d9ff57caec9828344668f9
SHA256 500af5f6889496795c2b020f85dc258ced6325b3e478775b7f412bf4062839b9
SHA512 b35de42bdbc0d7d24a466e7bd2f40cc2f5bd5457771f50e28dd193ff8f6cc2a866a744e63da8b544ff50265f9eb08a625482669db35405b73e439ddbaad69e9b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5a52430d9d0a951bbf5e8a30ff41b4c5
SHA1 82c6a5ca6ed87a9e3c387dfaa9a1bf73eb33d37d
SHA256 e4a55bf7d2e519f8ab3d15599df7c54e939ff785eae6370449af3dab2ad9e2f6
SHA512 1796fc47709f912b1dc195b88101613e3dc970346dc813cc2e0eb9fb08aeeea41e8ccba4f291aec1e5d16bc076688a50ac13fce8d5751c5e75a72d35cc4feb9e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 75c83fc7dcd59da0c50fc62f634568a9
SHA1 c7381ebc7be67608ef2687b0eb91e5cab163dcc8
SHA256 f3bf305801b717d43db71a7da3373227aef317af09f5dfa9b7ffa64bd8f219bf
SHA512 7cacd86dbf2b6c4b5b2462cf710468fb94afdc44fd16d480947afed7fba045c762367def5a6e0a8dc55f75ea8c32868c159c4a06582fb4c477bffc52e33c0caf

Analysis: behavioral2

Detonation Overview

Submitted

2024-12-10 06:54

Reported

2024-12-10 06:56

Platform

win10v2004-20241007-en

Max time kernel

148s

Max time network

150s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\dd85088dc2deb7bd5b58c92943cfb150_JaffaCakes118.html

Signatures

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 868 wrote to memory of 2836 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 2836 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 1260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 1260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 1260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 1260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 1260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 1260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 1260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 1260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 1260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 1260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 1260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 1260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 1260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 1260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 1260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 1260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 1260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 1260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 1260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 1260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 1260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 1260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 1260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 1260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 1260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 1260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 1260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 1260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 1260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 1260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 1260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 1260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 1260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 1260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 1260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 1260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 1260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 1260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 1260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 1260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 4052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 4052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 1992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 1992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 1992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 1992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 1992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 1992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 1992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 1992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 1992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 1992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 1992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 1992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 1992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 1992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 1992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 1992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 1992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 1992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 1992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 868 wrote to memory of 1992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\dd85088dc2deb7bd5b58c92943cfb150_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9264246f8,0x7ff926424708,0x7ff926424718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,11154575564306303035,1718326814350951529,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,11154575564306303035,1718326814350951529,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,11154575564306303035,1718326814350951529,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2912 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11154575564306303035,1718326814350951529,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11154575564306303035,1718326814350951529,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11154575564306303035,1718326814350951529,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2260 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11154575564306303035,1718326814350951529,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1944 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11154575564306303035,1718326814350951529,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3744 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,11154575564306303035,1718326814350951529,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3096 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11154575564306303035,1718326814350951529,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11154575564306303035,1718326814350951529,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3748 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,11154575564306303035,1718326814350951529,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6796 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,11154575564306303035,1718326814350951529,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6796 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11154575564306303035,1718326814350951529,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6172 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11154575564306303035,1718326814350951529,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11154575564306303035,1718326814350951529,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4168 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11154575564306303035,1718326814350951529,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 yourjavascript.com udp
US 8.8.8.8:53 w.sharethis.com udp
US 8.8.8.8:53 bloggeradsenseo.googlecode.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 abuiyad.googlecode.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 13.248.169.48:80 yourjavascript.com tcp
GB 216.58.212.226:445 pagead2.googlesyndication.com tcp
GB 142.250.179.233:443 www.blogger.com tcp
NL 108.177.96.82:443 abuiyad.googlecode.com tcp
GB 172.217.169.74:80 ajax.googleapis.com tcp
NL 108.177.96.82:80 abuiyad.googlecode.com tcp
NL 18.239.83.44:80 w.sharethis.com tcp
NL 18.239.83.44:443 w.sharethis.com tcp
GB 142.250.179.233:443 www.blogger.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 04pro.blogspot.com udp
US 8.8.8.8:53 my-tqarob.googlecode.com udp
US 8.8.8.8:53 www.elahmad.com udp
US 8.8.8.8:53 sites.google.com udp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 tqarob.googlecode.com udp
US 8.8.8.8:53 im79.gulfup.com udp
US 8.8.8.8:53 im69.gulfup.com udp
GB 142.250.178.14:443 apis.google.com tcp
US 8.8.8.8:53 lh4.googleusercontent.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
NL 108.177.96.82:80 tqarob.googlecode.com tcp
NL 108.177.96.82:80 tqarob.googlecode.com tcp
GB 172.217.169.14:80 sites.google.com tcp
US 172.67.180.182:80 www.elahmad.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
GB 142.250.200.33:443 lh4.googleusercontent.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 s08.flagcounter.com udp
GB 142.250.179.233:443 resources.blogblog.com tcp
GB 172.217.169.14:443 sites.google.com tcp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
GB 172.217.16.225:80 1.bp.blogspot.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
GB 172.217.16.225:80 1.bp.blogspot.com tcp
US 172.93.107.85:80 s08.flagcounter.com tcp
GB 172.217.16.225:80 1.bp.blogspot.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 134.130.81.91.in-addr.arpa udp
US 8.8.8.8:53 233.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 74.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 44.83.239.18.in-addr.arpa udp
US 8.8.8.8:53 82.96.177.108.in-addr.arpa udp
US 8.8.8.8:53 48.169.248.13.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 83.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 225.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 14.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 182.180.67.172.in-addr.arpa udp
US 8.8.8.8:53 33.200.250.142.in-addr.arpa udp
GB 172.217.169.14:443 sites.google.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
GB 172.217.16.225:80 2.bp.blogspot.com tcp
GB 172.217.16.225:80 2.bp.blogspot.com tcp
GB 172.217.16.225:80 2.bp.blogspot.com tcp
GB 172.217.16.225:80 2.bp.blogspot.com tcp
GB 172.217.16.225:80 2.bp.blogspot.com tcp
US 8.8.8.8:53 lh3.googleusercontent.com udp
GB 172.217.16.225:80 2.bp.blogspot.com tcp
GB 142.250.200.33:443 lh3.googleusercontent.com udp
GB 142.250.178.2:139 pagead2.googlesyndication.com tcp
GB 172.217.16.225:80 2.bp.blogspot.com tcp
US 8.8.8.8:53 lh6.googleusercontent.com udp
US 8.8.8.8:53 cdn.adf.ly udp
US 172.66.43.117:443 cdn.adf.ly tcp
US 8.8.8.8:53 30.179.139.118.in-addr.arpa udp
US 8.8.8.8:53 85.107.93.172.in-addr.arpa udp
US 8.8.8.8:53 117.43.66.172.in-addr.arpa udp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
NL 108.177.96.82:80 tqarob.googlecode.com tcp
US 8.8.8.8:53 ws.sharethis.com udp
US 8.8.8.8:53 l.sharethis.com udp
IE 52.31.109.99:443 l.sharethis.com tcp
GB 142.250.178.14:443 apis.google.com udp
US 8.8.8.8:53 4youpro.googlecode.com udp
US 8.8.8.8:53 99.109.31.52.in-addr.arpa udp
NL 108.177.96.82:443 4youpro.googlecode.com tcp
NL 108.177.96.82:443 4youpro.googlecode.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 translate.google.com udp
GB 142.250.178.14:445 translate.google.com tcp
US 8.8.8.8:53 translate.google.com udp
GB 142.250.178.14:139 translate.google.com tcp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 86.49.80.91.in-addr.arpa udp
US 8.8.8.8:53 connect.facebook.net udp
GB 142.250.178.14:443 translate.google.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.147.35:80 www.facebook.com tcp
GB 142.250.179.233:443 resources.blogblog.com udp
GB 163.70.147.35:443 www.facebook.com tcp
IE 31.13.73.22:445 connect.facebook.net tcp
US 8.8.8.8:53 accounts.google.com udp
NL 173.194.69.84:443 accounts.google.com tcp
US 8.8.8.8:53 35.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 84.69.194.173.in-addr.arpa udp
US 8.8.8.8:53 connect.facebook.net udp
IE 31.13.73.22:139 connect.facebook.net tcp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 themes.googleusercontent.com udp
GB 142.250.200.33:445 themes.googleusercontent.com tcp
US 8.8.8.8:53 themes.googleusercontent.com udp
GB 142.250.200.33:139 themes.googleusercontent.com tcp
GB 216.58.212.226:445 pagead2.googlesyndication.com tcp
GB 142.250.178.2:139 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
GB 142.250.178.14:443 translate.google.com udp
GB 157.240.214.35:445 www.facebook.com tcp
NL 108.177.96.82:80 4youpro.googlecode.com tcp
GB 142.250.179.233:443 resources.blogblog.com udp
GB 142.250.179.233:443 resources.blogblog.com udp
US 8.8.8.8:53 www.facebook.com udp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
GB 172.217.169.14:443 sites.google.com udp
NL 108.177.96.82:80 4youpro.googlecode.com tcp
NL 173.194.69.84:443 accounts.google.com udp
GB 216.58.201.110:80 developers.google.com tcp
GB 216.58.201.110:443 developers.google.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 142.250.200.3:443 ssl.gstatic.com tcp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 3.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 ws.sharethis.com udp
US 8.8.8.8:53 torchsadrain.blogspot.com udp
GB 172.217.16.225:80 torchsadrain.blogspot.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 36988ca14952e1848e81a959880ea217
SHA1 a0482ef725657760502c2d1a5abe0bb37aebaadb
SHA256 d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6
SHA512 d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173

\??\pipe\LOCAL\crashpad_868_TEKQWQPXGMLZYCWP

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 fab8d8d865e33fe195732aa7dcb91c30
SHA1 2637e832f38acc70af3e511f5eba80fbd7461f2c
SHA256 1b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea
SHA512 39a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 63a6e393e7158780c5c8dc3a7168f4fd
SHA1 3aff58698ee169ef71ded1bb1baf5c84efcfbfc3
SHA256 468e30b658f52671fb96237ef972b58e08a138092dadd277369d85422bce9958
SHA512 a5d01fa6effda5ba64a8ab378fe85465e193477ae98950a3e5b952e3c072080d9aa24aee67c0f1f0279ae52816f9691ab6a3b162bcc481c6872322cac7f2966d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\0c333cff-4033-48a4-b43c-e2ced78e6ade.tmp

MD5 ce5c866434ca7c034ceff1028bed9fdd
SHA1 64a8c57935eb7d163e505e0a99ae07c68c9d3ff7
SHA256 941d730d1a62048136bf249f5c492d78a4a5552a51a0c97a41992a8ce5972c7d
SHA512 6cf989d26efc93805985cdee85d7d334231b3f8f6e5b0a5012ee6b1267e772c60392b2db79cee76af69ba94c5ba4477feebd688ab51b75620cb0964f513a95e7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8e15074c0dab1bed5bd9f45c6b3896a0
SHA1 e65d0d9269d0db8fbdb61cb80bd6d8db6c519589
SHA256 d35f96a207547fb3167d1b45deb1a4f62d29ef0031e8464d99b37ef7b250ef19
SHA512 4f6f6f3a5b06fe402634ea0e044845501e5882d3628a8f44f865b9804d8bdb21dc194259f10db70754ba464ef905bd0896f975e36faacedefa0e8edf75b550cd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b03b5eb3c385f7577e91aa2d9c1a1c70
SHA1 e646ac4f5d0def4899b7f56e685f1bac96e925ae
SHA256 d110bf040b7981195db02fc4da1ac9002579418c216036edb7f555406b1f134f
SHA512 bedb28337eff34043c0594a49174b513fe07530674f9a2b7880f0316be050fee5481215141da99d68fe56188a1e4fce92f7b1658a825505c24fdcafb532baa74

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe585484.TMP

MD5 99a5b0c4d851ee6c7b01ca0f54363796
SHA1 fa671055d164d0388cc7c96e711b104900fbecb9
SHA256 17bd075eb24f938ad67f0826fed56336f7c0255a66f8264535b3f0ccc02b2ce6
SHA512 2641ba3284a075302e352c3d90ae65936ee7cec71f21c434739c52c873a8585173f156bcd40bdd1c2c03faac3d2904619a2fe82fcba8996d28c8656db7d6fdc2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 5721f966d3c80791e94daf43725320d0
SHA1 20a77232099de7a4f75a0ba6e3b023ca81197b8e
SHA256 29789360a34ef879f3ce8414a3b5440d17095dc6b45f00a344d99b318a29a8ec
SHA512 87f341ad9b06a5906a48a4c34f91c605f678ad90bdca3158884bb91dc9dfeebdaa9b8c00e1447e63bc8c179fad162ac8f41fcb0dd0f6308aa9962f5a87df805c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

MD5 4b3121a05808b99aa6e0cc12924f77db
SHA1 ee5805bb76c384d1e1667aea2976bd2f4f94c7cc
SHA256 e4fea32bac89d9ad34b13a25b0b4da1321920b2c6be2cabb75ff91bf6109152c
SHA512 9b83d55691b41d2a45a542d163c1b6a47208969720ec1fd15233f29ddcef2243e79895cfcb008767f91b3d1cf3a6288248e8b1ec50027eb96db04cde56cb2605

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 640fdcf56554df43d9e3b0233542e473
SHA1 30bbf9f38db9be4e30e1323f9c61e6e46af411b4
SHA256 6d9d954bbf7dd1af7ea43a3c9b8728cc0c1b8b3b91ed9a5c8bcbc768cf76585b
SHA512 e46cb263474879660112fca9b3b16d070626cbc7fc3834894653186c9602ae2184a5d074f7fa7c250d7971a32928a11e060bcd94730e40c960abfff083fbe85a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f7f577bd75a27691c5e49c9be07bcfe9
SHA1 9180147afb6aeed4475fec374af9b5705d19616f
SHA256 65523974ea8d3b445d0f4e932ee503b11298983b11488bb3cb4c5395064863c6
SHA512 e999191c932f984d297f1cb4a51f184b98e7690b41e9bbc6aa904b40e4d9b7a5165d06b94f42f1f783519e0cffaae0ec18138b09264516a6e81552b984df7dd1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 b4f2d5d12eeb6895c960d4bebad059ac
SHA1 fcb2dd926ed0ae0788845e433028075bf49db897
SHA256 20bdeaba0251db1f45a018730a7983aeb86e5c793bc56a4f32d465cec92d390f
SHA512 17d294fa646d8a1141b1878420e42a152467584f5d3823c5a7393b65a2ddbc5eddcadef3f8df3e657cf557337bbcde4941e3567b85f5cc7681837d060c538d70

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 0e39950c5941abb22f27e456c0324f85
SHA1 d9c36eecf4739452e579d35f094cf64684d596a5
SHA256 59315dd63b6b38d064f5ca641611145a5bbb1bef0aa2aa6b6bde700c44c32943
SHA512 df6cafda82d9897857e8671500c309a5e1cc8ce2d7a5af11bb7398932ef4f05c70ae11b5c6e86d6a6299d5e5f0dc04a38d13a5735494c856fcaf3d9dbc27f7bd