Malware Analysis Report

2025-03-14 21:57

Sample ID 250110-wdtzra1mbx
Target JaffaCakes118_ea510997ca1bfcb1cf122f451fdcea81
SHA256 cd2e888b16b1451e0191da857ee8a3a5edc6250a87abfa96e105b63b5df901a9
Tags
google discovery phishing
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

cd2e888b16b1451e0191da857ee8a3a5edc6250a87abfa96e105b63b5df901a9

Threat Level: Known bad

The file JaffaCakes118_ea510997ca1bfcb1cf122f451fdcea81 was found to be: Known bad.

Malicious Activity Summary

google discovery phishing

Detected google phishing page

Legitimate hosting services abused for malware hosting/C2

System Location Discovery: System Language Discovery

Browser Information Discovery

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Suspicious use of SetWindowsHookEx

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-01-10 17:48

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-01-10 17:48

Reported

2025-01-10 17:51

Platform

win7-20240903-en

Max time kernel

144s

Max time network

143s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ea510997ca1bfcb1cf122f451fdcea81.html

Signatures

Detected google phishing page

phishing google

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "21" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "21" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bfdb4e0a71107746b636003226ae4a79000000000200000000001066000000010000200000002a7d25869e21aeb4a96e6d4dd93172643dda9a484a6ddcfe312c6348f5e3c3cc000000000e80000000020000200000005e0600d29d7b41e9326dd3ad9aa0dc42163ca4e296eb518beea7744d1939d185900000001f3663b5e8813c10cd9c26f2bda01bc1a3a2c39c155349129315409c364df256539ea194636461c3353328dfc7236edc118f8ce34fa6f6ed369eddb5d704614368655005347e145bd05eb7e22333b77c3a8a1263ac291cb2144dc7cf365ce315b13bda54b02da4ffe09b73138e76c4f8cb31c8863fbbe874a1ac13a53f94bcb4a90ccfcf23916a1ebf7bf0aa947dc37d40000000239e8c3392642e205d34f97657ccb5c75f3267bbb4215b7ce55586de569722be782d8584218778526606e3d3923891d4657cdfa2bf728e73a6ef5a5415abcdf4 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "442693195" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 6054f0058863db01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{23F6AB31-CF7B-11EF-9081-4A174794FC88} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com\ = "21" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bfdb4e0a71107746b636003226ae4a790000000002000000000010660000000100002000000090623fff769cdb94179b307403bd884180f56b985fbc42407ba1c0a35820c7bf000000000e8000000002000020000000f0ff24ce8101f93882de7b50fff4c8ad4999b91d1741de01b0c16a09b0c14ad7200000005d8ca456b6fdd59c316f9cfce492b8d215a197e46bf2870a4fb742d9db6cd477400000004cd3f2a3d4f21b36d3508d162829fe1444a059e480af31b164bd925e609b5b061865b12ad914e6a504974f54e7cbfb10c63a7bf9108f4d529dd2f62cd1883f0f C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ea510997ca1bfcb1cf122f451fdcea81.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2340 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 imgs.sapo.pt udp
US 8.8.8.8:53 sites.google.com udp
US 8.8.8.8:53 static.addtoany.com udp
US 8.8.8.8:53 img2.blogblog.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 platform.twitter.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 goo.gl udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
GB 142.250.179.234:443 ajax.googleapis.com tcp
GB 142.250.179.233:80 img2.blogblog.com tcp
GB 172.217.169.14:443 sites.google.com tcp
GB 172.217.169.14:443 sites.google.com tcp
GB 142.250.179.233:80 img2.blogblog.com tcp
GB 142.250.178.14:443 apis.google.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 142.250.178.14:443 apis.google.com tcp
GB 142.250.179.234:443 ajax.googleapis.com tcp
US 104.22.71.197:80 static.addtoany.com tcp
US 104.22.71.197:80 static.addtoany.com tcp
GB 216.58.204.78:80 goo.gl tcp
GB 216.58.204.78:80 goo.gl tcp
GB 146.75.72.157:80 platform.twitter.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 146.75.72.157:80 platform.twitter.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
PT 213.13.145.243:80 imgs.sapo.pt tcp
PT 213.13.145.243:80 imgs.sapo.pt tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.178.3:80 c.pki.goog tcp
US 8.8.8.8:53 o.pki.goog udp
GB 142.250.178.3:80 o.pki.goog tcp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 172.217.169.14:443 sites.google.com tcp
GB 142.250.179.233:443 img2.blogblog.com tcp
GB 142.250.179.233:443 img2.blogblog.com tcp
GB 142.250.179.233:443 img2.blogblog.com tcp
GB 142.250.179.233:443 img2.blogblog.com tcp
GB 142.250.179.233:443 img2.blogblog.com tcp
US 8.8.8.8:53 accounts.google.com udp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
BE 66.102.1.84:443 accounts.google.com tcp
BE 66.102.1.84:443 accounts.google.com tcp
US 104.22.71.197:443 static.addtoany.com tcp
GB 216.58.204.78:443 goo.gl tcp
GB 216.58.204.78:443 goo.gl tcp
US 8.8.8.8:53 dl.dropboxusercontent.com udp
GB 162.125.64.15:443 dl.dropboxusercontent.com tcp
GB 162.125.64.15:443 dl.dropboxusercontent.com tcp
US 8.8.8.8:53 jqueryapi.info udp
US 8.8.8.8:53 themes.googleusercontent.com udp
GB 142.250.200.33:80 themes.googleusercontent.com tcp
GB 142.250.200.33:80 themes.googleusercontent.com tcp
US 45.33.23.183:80 jqueryapi.info tcp
US 45.33.23.183:80 jqueryapi.info tcp
US 104.22.71.197:443 static.addtoany.com tcp
US 104.22.71.197:443 static.addtoany.com tcp
US 8.8.8.8:53 bloggercomment.com udp
BR 45.152.44.151:80 bloggercomment.com tcp
BR 45.152.44.151:80 bloggercomment.com tcp
BR 45.152.44.151:443 bloggercomment.com tcp
GB 142.250.179.233:80 img2.blogblog.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 142.250.200.3:443 ssl.gstatic.com tcp
GB 142.250.200.3:443 ssl.gstatic.com tcp
US 8.8.8.8:53 developers.google.com udp
GB 216.58.201.110:80 developers.google.com tcp
GB 216.58.201.110:80 developers.google.com tcp
GB 216.58.201.110:443 developers.google.com tcp
US 8.8.8.8:53 resources.blogblog.com udp
GB 142.250.179.233:443 resources.blogblog.com tcp
GB 142.250.179.233:443 resources.blogblog.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 2.19.252.143:80 crl.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
GB 95.100.245.144:80 www.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
BE 66.102.1.84:443 accounts.google.com tcp
BE 66.102.1.84:443 accounts.google.com tcp
BE 66.102.1.84:443 accounts.google.com tcp
BE 66.102.1.84:443 accounts.google.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZKZ95V4R\plusone[1].js

MD5 2e4a448a27b8a58d75f607c7bdcca6f2
SHA1 31cf764c6c2240148eaaa2b9816e1219a273d0bc
SHA256 d3696859f3485d8aa6f8a4d0054d64fc1ee614e57725221dd1c97b930f02bc3e
SHA512 09ca4d8b6a0fc653490921befcb3d752e150ac9abf24d1fdd49c9453fe2baf969b76433a45121451ef642ea3f73f9c62871cdde5e07976ffdc03ee5200e4d35a

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S8GI6B9B\cb=gapi[1].js

MD5 b103bb58d9e7cecaa60bdf377d328918
SHA1 0f094c307bceef833a64f408d2f749a10f79de44
SHA256 81dcd274347bd909cf132d3c8bcc9924e41921c33eca07fd6fe5e2a59ca4f5b7
SHA512 b1a4fa329b76df7c861771e1dc36749155895dff623cd916811f2af8c95f3bcf9fe75a3b9a56833f066a227444982ff4883459e24f7eead79b521c2ffdcaa844

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZKZ95V4R\recaptcha__en[1].js

MD5 19ddac3be88eda2c8263c5d52fa7f6bd
SHA1 c81720778f57c56244c72ce6ef402bb4de5f9619
SHA256 b261530f05e272e18b5b5c86d860c4979c82b5b6c538e1643b3c94fc9ba76dd6
SHA512 393015b8c7f14d5d4bdb9cceed7cd1477a7db07bc7c40bae7d0a48a2adfa7d56f9d1c3e4ec05c92fde152e72ffa6b75d8bf724e1f63f9bc21421125667afb05c

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\NHVCFNXP\www.google[1].xml

MD5 a67e0d63906fed861ad28d781558b427
SHA1 843a5247eb6b1936d3c5182c03e1b362974a12cb
SHA256 ebeeb6147c97cf08487d6a638d3ed1eef1f6442c5dcdd1d8b91e44a0adbc9950
SHA512 25660504f7d402b8c4677b391474e904768b88a3f262429f574bdfc020f127272235b93e99e8dffaaa43fd0ccf531c11ded633aa623811f7d490546e4e994540

C:\Users\Admin\AppData\Local\Temp\CabAEB.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\TarAED.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2b8ef441a3b33e7adbcd6e7029af0ca2
SHA1 b9aefb463d9216641a5ac6cf93170bb4bd72a625
SHA256 a3ec6925f973a27a5055c6fd408aae1b4f1593a2a2b95186d16096fd3fd88425
SHA512 723d9e3620c4551e9d760f3b5baf88fcf264bc9885ad6870fe1713dcbb41fd288c32773196fea26003400d167dd15c1d97d2b03d594f67ba72ec8241a79633d1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c6c5aa9729d107cf6a0c56ac2a86a856
SHA1 b4738eae6d1c9471decd1271ec413af4ce28dc2c
SHA256 9994d8109ac999df99dd2c2f77636bff96915bf29fa152a4c02287ec2ed37871
SHA512 6aa955178e21bce6f522739d5932c0d2b299078c8b45ba3a3e485e7db74b95b21e88c30ce92fc5f387bd3bfdcdce5f6cabae95ce373817e388098ff9200e4062

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0be07facf0b813cf5dd8b8242465417f
SHA1 95a598c0d0493472ff1628d5d84814b3733cf0fb
SHA256 e9bbf6cfc290a505e691b0576456e350cedc4731d4219cd46583838f909c3b9c
SHA512 c2916b0efefbf4a1f3a0f0d7e46013e7d83d06cafdddaf6595431b5e6789ae5d1a8fc685754fa7b8a5119d89bf027c70ea525e264654468cc3bb6b8cc5ee3435

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 02e858146c2e7dfc31818aaa792b1695
SHA1 58588e871beaf8a14b38bb35a42f4d9655c9cac4
SHA256 32cb7a4086606db1a821ddcbe7cb2d05bc57afc121e04f80b2578cacb66ba94d
SHA512 5e714342102c9a1d650decc738df120f749c4614333e8b5047b7e0c2601e8386a4fdb08e4e8eeee066823df4d7e252512b42edcc1a00e8a2789935589ead32ac

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bfd78d69b4d59e87bca775ce993d6c21
SHA1 22504f145f92beb95a981d2f174c53b2ea00b77e
SHA256 74d169771532da4f4cacd1636d1622e03c73f7406285787a4f612066dce08a34
SHA512 0ce4d9ce1a0e1b50918ebf396f282f7fa4be517fbbfd0fbd15f63a169a5c85c4efef76a0e506ea1ccedb72d6214823bc7dc4421903460778ffcaac1cacdb5d4f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 995c3bd5050170fd06689ac8c22b7ec1
SHA1 170eec5f077b6e7352df7aadd8b0aa25c9ce20fe
SHA256 4970de04e965c23467eadd94b0eb24112ab8080dc74ee4374aba45ce6791ca31
SHA512 1a9e38d1d143e3f8d8e9dd2543f8b155f682261cb46431d0151750107e39b69660c7c4600ad32c0a80ab2a388c99be8b70a9225ef951f9322bcbc4f998fc2bfe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1722cd0ee8195ddbab2369f2128aaaf5
SHA1 e1cc93f2527ddc41aa3566e0da7fdabcab0735df
SHA256 dfe654b85f412617967b4a787714ed18e078aac8d4988fac91d7b2c1430bff85
SHA512 1ad6e0c28ce1682121303698809f00f615be7426efeac817edabdbbb69df6975795ef37735a4817eca337606947ca4dc95fdd3882dce5391ee3107e02334f16e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 130a441a9af46285039985e66bb01cbc
SHA1 9262634ec7a68e90211b580db986aa7269d0ea08
SHA256 648d660b288d0a36e937acbcbd70936a754f46c4e4208a589a5ff31d4b0d8419
SHA512 65605bdea988964af2b2905bc10c851d52ebd9917a074c1f20615bece0ac82cd8bd1496db85c0f9efbfcc98f7a639baabe5b96adef08aac86eb20c847581adaf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2c320778f79fba4121d48928ce725053
SHA1 839fc6e4b28ee48d55656ea5d6222c7c3a735143
SHA256 fd1b7609ef8e50dd047de511c84c914dfe474fcef528b098fd1efe21b5f7ff1a
SHA512 3d0d904362dd44e224b71cc402754fd675634c379c9235639362ff7532936a8267054158633b69db51d7e5a5ba4feb3a367376e15c6bc2854ed200c70dd98732

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f2bbc9a69b87bbae542507954f306b8f
SHA1 faab2b62cdc021d221b515614597889c7f435165
SHA256 c173f378a64149aaa326ff676d3577dbf75dce49edff90131fc283255c00989e
SHA512 13db4eb034548d204f4f3ba8e1881b0f60af1d0da2195e9eaf65cc248a2ff34dc5477b2ab9ab8ced3f3e7aeb22a6a1ebbba5c5d1da88e4435e62380a6bd558c6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5ee937f2668c423f646417df222079ec
SHA1 5684567caca43976adf126b45706dbcbb499431a
SHA256 927d4efe0d736a880829717abe7616b3c3cffbea42514db8f2cfed647079a084
SHA512 7187cd3f1618b7dad879d7a0f445c30503351b06bdb2dba32427350bf113018c545fd138322be9b20d376c74133a2a9585e71e85b5782854d40b37fa16ed49fb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 6522c3352dcc4b6ff7b1606236328c8f
SHA1 8294adb6c178bac4fef4e2bcfca2e1f9cc9e9447
SHA256 0b5a872ff1e97eebac2992620f1601fdb1688dea91219f56819bca83482645f4
SHA512 357b3eb311d92f72229518d1b7d536f790cba6c85e884b09f523e842f6a2fff7758ab60729900ef80ec5c0a999d1a71754341e3bc1f32e87cbe17a1559bb7dde

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ea8eb9cf7dca6805fc4d8c5d332cdd2d
SHA1 02184974f0320a2c85cea4e81b5e4675bdc09635
SHA256 4c305aa608af53916da4f50f0f096844db162ace394477294062f4617677cefc
SHA512 c241286447387d1fa0bd6bf3a8970cead1c8490a7c3f748209e30f44775b10bde2b262d196756601aea0f5614ac294c6ee5487f8baad17db0e589f22fb5fe39e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 779ebda5fa7397f1e6b6c1251dfbc8d6
SHA1 c9fb0167b7538b1c15ee340c1c5def6e8f2483ab
SHA256 28e63c2649de60ef46061d5efff1dd9a881d378f91ee0b2b2e7cd3922e2b14a2
SHA512 2139e33429ebcb8d767277140106a42dd0054502afe9d02da173612425c40f6f978642d769213377dcf217ee7843605d4064eac3bc20f0d3feeb43a13a85cf23

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2eb69730c8e62f6c6e5a2c40bec01841
SHA1 0dc79a7cbbca2c3b40f2af7352b82f55bac8fdb7
SHA256 f8cbe792618264af18ab1282e601804af9f25a16c417171c267c078aa257092f
SHA512 be9603b14ad77663ee41968dc556a6caf01718be7054a079b7a11bc12c92b8c74673d8eea340fdfc8f7ecf0fe6b172fdbdce741b34096d161d4e9ef71dc33836

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 d2fd3e604a8007cd1fe667dc218a64f6
SHA1 045b61a185671c239fe42b9a416949be6bfb9ff6
SHA256 26f9d197005d3f74cf6c0231e3599cbe99576354c18a1a899084e022541931b7
SHA512 0c143ce270fcbb06fae243296be291f2bc4b462130dc816d1d49c6c7df60509ea8f8445ded376eb0dcdde9967e039c1105f862f9c5048e8ed456288f5e764b81

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6ea6912c71e7de60f68eae8e765efa8d
SHA1 b2d69ad00693a037c83ee412ace23bde9349dd2a
SHA256 773dc56c0b06c7f2de94cd9d2e1bf0981262e23fbfb9c77f8052c2ee159f448d
SHA512 4e88a5e007377d94a7489e7c76bec6aa24551c20eed253430ae5f3914be6de9c49419631a98d4aa6f891ba4e28ffb16a62af10ea28ebe1830cf4f3787831b6ec

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AS91FDNI\2254111616-postmessagerelay[1].js

MD5 c264799bac4a96a4cd63eb09f0476a74
SHA1 d8a1077bf625dac9611a37bfb4e6c0cd07978f4c
SHA256 17dce4003e6a3d958bb8307bffa9c195694881f549943a7bdb2769b082f9326d
SHA512 6acd83dfd3db93f1f999d524b8828b64c8c0731567c3c0b8a77c6ddcf03d0e74ee20d23171e6ceac0c9f099dce03f8e5d68e78c374da2c055973f6ac2db4e4f9

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AS91FDNI\rpc_shindig_random[1].js

MD5 2a64803c4545d283d7a51e71f82a64a0
SHA1 d1e190bc4ab6a900cddff5891650f5ddc390e9db
SHA256 0a5518064275c2fba33ba69c84f584819aafdc9faa0ce3689c8687fc41f58ed1
SHA512 82bd924261272ed025d4938d7e7d5ccd9c6ebfa571b1b6816bf56341ebb70ef9faee807d83ba491a2ddea86e795780ce097fce4957d432d3b44497f5e6e16576

Analysis: behavioral2

Detonation Overview

Submitted

2025-01-10 17:48

Reported

2025-01-10 17:51

Platform

win10v2004-20241007-en

Max time kernel

149s

Max time network

150s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ea510997ca1bfcb1cf122f451fdcea81.html

Signatures

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3940 wrote to memory of 3924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 3924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 4204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 4204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 4204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 4204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 4204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 4204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 4204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 4204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 4204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 4204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 4204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 4204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 4204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 4204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 4204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 4204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 4204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 4204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 4204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 4204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 4204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 4204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 4204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 4204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 4204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 4204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 4204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 4204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 4204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 4204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 4204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 4204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 4204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 4204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 4204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 4204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 4204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 4204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 4204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 4204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 740 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 740 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3940 wrote to memory of 540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ea510997ca1bfcb1cf122f451fdcea81.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcd71646f8,0x7ffcd7164708,0x7ffcd7164718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,7635636603849877626,16630841737301062038,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,7635636603849877626,16630841737301062038,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2504 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,7635636603849877626,16630841737301062038,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7635636603849877626,16630841737301062038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7635636603849877626,16630841737301062038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7635636603849877626,16630841737301062038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7635636603849877626,16630841737301062038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7635636603849877626,16630841737301062038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7635636603849877626,16630841737301062038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7635636603849877626,16630841737301062038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2956 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,7635636603849877626,16630841737301062038,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6348 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,7635636603849877626,16630841737301062038,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6348 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7635636603849877626,16630841737301062038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2548 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7635636603849877626,16630841737301062038,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7635636603849877626,16630841737301062038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4076 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7635636603849877626,16630841737301062038,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1196 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,7635636603849877626,16630841737301062038,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2972 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 sites.google.com udp
US 8.8.8.8:53 goo.gl udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 netdna.bootstrapcdn.com udp
GB 142.250.179.233:443 www.blogger.com tcp
GB 142.250.179.233:443 www.blogger.com tcp
GB 216.58.201.106:443 ajax.googleapis.com tcp
GB 216.58.204.78:80 goo.gl tcp
GB 216.58.204.78:80 goo.gl tcp
GB 172.217.169.14:443 sites.google.com tcp
GB 172.217.169.14:443 sites.google.com tcp
GB 216.58.204.78:443 goo.gl tcp
GB 216.58.204.78:443 goo.gl tcp
GB 216.58.204.78:443 goo.gl tcp
GB 172.217.169.14:443 sites.google.com udp
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 233.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 106.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 78.204.58.216.in-addr.arpa udp
GB 142.250.179.233:443 www.blogger.com udp
US 8.8.8.8:53 img2.blogblog.com udp
GB 142.250.179.233:80 img2.blogblog.com tcp
US 8.8.8.8:53 imgs.sapo.pt udp
PT 213.13.145.243:80 imgs.sapo.pt tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 104.18.11.207:445 netdna.bootstrapcdn.com tcp
GB 142.250.178.14:443 apis.google.com tcp
US 8.8.8.8:53 2.bp.blogspot.com udp
GB 172.217.16.225:80 2.bp.blogspot.com tcp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 243.145.13.213.in-addr.arpa udp
US 8.8.8.8:53 241.66.18.2.in-addr.arpa udp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 platform.twitter.com udp
GB 151.101.188.157:80 platform.twitter.com tcp
GB 151.101.188.157:80 platform.twitter.com tcp
US 8.8.8.8:53 netdna.bootstrapcdn.com udp
US 104.18.10.207:445 netdna.bootstrapcdn.com tcp
US 8.8.8.8:53 static.addtoany.com udp
US 104.22.71.197:80 static.addtoany.com tcp
US 104.18.11.207:139 netdna.bootstrapcdn.com tcp
US 104.22.71.197:443 static.addtoany.com tcp
US 8.8.8.8:53 1.bp.blogspot.com udp
GB 172.217.16.225:80 1.bp.blogspot.com tcp
US 8.8.8.8:53 3.bp.blogspot.com udp
GB 172.217.16.225:80 3.bp.blogspot.com tcp
GB 172.217.16.225:80 3.bp.blogspot.com tcp
US 8.8.8.8:53 225.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 157.188.101.151.in-addr.arpa udp
US 8.8.8.8:53 197.71.22.104.in-addr.arpa udp
GB 172.217.16.225:80 3.bp.blogspot.com tcp
US 8.8.8.8:53 4.bp.blogspot.com udp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 www.blogblog.com udp
GB 142.250.179.233:445 www.blogblog.com tcp
GB 216.58.204.78:443 goo.gl udp
GB 142.250.178.14:443 apis.google.com udp
US 8.8.8.8:53 jqueryapi.info udp
US 45.79.19.196:80 jqueryapi.info tcp
US 8.8.8.8:53 themes.googleusercontent.com udp
US 8.8.8.8:53 bloggercomment.com udp
GB 142.250.200.33:80 themes.googleusercontent.com tcp
GB 142.250.187.195:80 fonts.gstatic.com tcp
GB 142.250.187.195:80 fonts.gstatic.com tcp
US 104.22.71.197:443 static.addtoany.com tcp
US 8.8.8.8:53 csi.gstatic.com udp
US 108.177.98.120:80 csi.gstatic.com tcp
US 108.177.98.120:80 csi.gstatic.com tcp
US 108.177.98.120:80 csi.gstatic.com tcp
BR 45.152.44.151:80 bloggercomment.com tcp
US 8.8.8.8:53 196.19.79.45.in-addr.arpa udp
US 8.8.8.8:53 195.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 33.200.250.142.in-addr.arpa udp
BR 45.152.44.151:80 bloggercomment.com tcp
BR 45.152.44.151:443 bloggercomment.com tcp
US 8.8.8.8:53 120.98.177.108.in-addr.arpa udp
US 8.8.8.8:53 151.44.152.45.in-addr.arpa udp
GB 142.250.179.233:80 www.blogblog.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
US 8.8.8.8:53 developers.google.com udp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
US 8.8.8.8:53 accounts.google.com udp
GB 216.58.201.110:80 developers.google.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
BE 66.102.1.84:443 accounts.google.com tcp
BE 66.102.1.84:443 accounts.google.com tcp
GB 216.58.201.110:443 developers.google.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 142.250.200.3:443 ssl.gstatic.com tcp
BE 66.102.1.84:443 accounts.google.com udp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 84.1.102.66.in-addr.arpa udp
US 8.8.8.8:53 www.blogblog.com udp
US 8.8.8.8:53 resources.blogblog.com udp
GB 142.250.179.233:443 resources.blogblog.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
GB 142.250.187.196:443 www.google.com udp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 22.49.80.91.in-addr.arpa udp
US 8.8.8.8:53 connect.facebook.net udp
DE 157.240.253.1:445 connect.facebook.net tcp
US 8.8.8.8:53 connect.facebook.net udp
DE 157.240.253.1:139 connect.facebook.net tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.179.238:443 play.google.com tcp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
GB 142.250.178.2:445 pagead2.googlesyndication.com tcp
GB 172.217.16.226:139 pagead2.googlesyndication.com tcp
BE 66.102.1.84:443 accounts.google.com udp
US 8.8.8.8:53 whos.amung.us udp
US 104.22.75.171:445 whos.amung.us tcp
US 172.67.8.141:445 whos.amung.us tcp
US 104.22.74.171:445 whos.amung.us tcp
US 8.8.8.8:53 whos.amung.us udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 platform.twitter.com udp
GB 146.75.72.157:443 platform.twitter.com tcp
GB 142.250.179.233:443 resources.blogblog.com udp
US 8.8.8.8:53 syndication.twitter.com udp
US 104.244.42.72:443 syndication.twitter.com tcp
US 8.8.8.8:53 twitter.com udp
US 8.8.8.8:53 157.72.75.146.in-addr.arpa udp
US 8.8.8.8:53 72.42.244.104.in-addr.arpa udp
BE 66.102.1.84:443 accounts.google.com udp
US 8.8.8.8:53 14.173.189.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 7de1bbdc1f9cf1a58ae1de4951ce8cb9
SHA1 010da169e15457c25bd80ef02d76a940c1210301
SHA256 6e390bbc0d03a652516705775e8e9a7b7936312a8a5bea407f9d7d9fa99d957e
SHA512 e4a33f2128883e71ab41e803e8b55d0ac17cbc51be3bde42bed157df24f10f34ad264f74ef3254dbe30d253aca03158fde21518c2b78aaa05dae8308b1c5f30c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 85ba073d7015b6ce7da19235a275f6da
SHA1 a23c8c2125e45a0788bac14423ae1f3eab92cf00
SHA256 5ad04b8c19bf43b550ad725202f79086168ecccabe791100fba203d9aa27e617
SHA512 eb4fd72d7030ea1a25af2b59769b671a5760735fb95d18145f036a8d9e6f42c903b34a7e606046c740c644fab0bb9f5b7335c1869b098f121579e71f10f5a9c3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e0bdd0ca3ba846b2107e315f533854dd
SHA1 d6f2ded795b0974b31375ce71004b3bc4a702b67
SHA256 3870538f716ca5b4f28d5d2e4b216a24813360f6b4c2071959e1b633ba602173
SHA512 47f9d45d2d54fcb7fc1d69c16e6e5bc41acc3f99597011aac817b293f95e32dbb83d93c684fc485a2b217c0b338723b5cc7c11c137231014f994d9386d592910

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 fb782cfc11eb5ae982c670d5a9d049c0
SHA1 d191777665c68c9f8cf158757e41f67ae881764e
SHA256 1935f48022812ffb42b0b1cedc0dbe2c310445bdefba466f660df938f42e89e5
SHA512 5109bb55ddccfe2cad9071aba6ab4eb1c61b824aeaf9bf301984e9f46ee37e2cb0154942c259b7eedb532d0c151f2749df4fb7b703111063e2295268a6463c5e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d4523e47fdc73fe34f569ea1f95dcef0
SHA1 e0bfefb2fe7e5c76449cfe112236585ddf1f0add
SHA256 ad7117d2df70745e68070425594790820a5f95931ef50a158361062b2f3d2cf3
SHA512 06a04a0098c05820b4a752346845e44998b244ea7f2631fbf498b535c8f8625a1e56534a45a4a8b6574aeb1c335aa19b9fac2db5692e745ec00f8858dc4f2dcd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

MD5 2ebfdbd309ee762211b4a2ac39708c4d
SHA1 b002922c672dbe1dd4caa02af24d0b1e7da616af
SHA256 54ae97d445b166859fe3ba6241b97abbac0aa0d158c72352b774d60ba3e81797
SHA512 d1687b7a6da07a72963c96a1e85661046d3d3c96f88445302afa09721fbe211a5fb8881ff14b346b0ebe8a20f5ced21979e9f58e256427e57b85d565bef17720

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

MD5 d79b35ccf8e6af6714eb612714349097
SHA1 eb3ccc9ed29830df42f3fd129951cb8b791aaf98
SHA256 c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365
SHA512 f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 707effb03394fcd33f70f7e34abc2c89
SHA1 f3a10e22fa13f756c2cff89f7dbf05a281311b44
SHA256 e9652d4102c5bb9e9ff528b3d4ff0081211b750b12fb36b6bdf1c6ade3d7b99a
SHA512 75a50d0d05e2ccfd9f46bde3f92ab716d13febc344d534cec7d914c3f2d504f327f08a032bc2f13059a44020628a73223fb3ac77ad4d0f234da79997d517afb1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582527.TMP

MD5 d87c4362100b2f9d08855d650b9d0ba7
SHA1 fc0addec45a863f0c9622d89902b8f62852f69b1
SHA256 7f8cea3f4b1524be2ea78abdaeadd7648d2486f032888e3a5ab4cbab98eed2ab
SHA512 4cb0add90b3becd700ba3f0ee6da8a61d32a99cf5d6d76702f5d176053c7119660eccb960ed21a24e02f6c6e644887d5767e0230912c894bf0903df95ad84677

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 fc877b8fb212780044b0ef6397272cbc
SHA1 7e67ceceff16133a15bee7d2740ec1b77ea2547d
SHA256 c26e97c5d76984d5a626d2abada9dc4292cc82478ca766d74b271a0d2fa69ca9
SHA512 7ef1deeed3cbfb3f35986d7917ebd6f1ef9d789c35cce2a6ed500a9e8594366272701bef7b91f7f834dd26e7d5e00aaea3078960aaaa97558503c1f8cec1f718

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 2db18a578baae37e6bd30bb80826f058
SHA1 13a8123c09a6cebc06eecf181d1c54e36d295274
SHA256 20dca466550bc8bdc3fb1667ed0027e5011784b87bb72f633162e92ca753a383
SHA512 ed353f847201b6927eeaa812007df6c9300a808ea0a4877c0154e2d461448113c6de10767d089e5aef33abcd347e42a27fbf5a4acc82ce0c4d229d8927f28eff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 7e391b8a002ed435ed5f6bcddc0c5ba1
SHA1 3777bed06bfcedd25624d8122af32d156b71d0f3
SHA256 403b8f743b6816f59b02ab2fa166396f4c8d2201382ad1ffe555716d7ae306ba
SHA512 45b70e6a72b48146884a952dd797a69fa2ffded12de94306ca47e4bacd0e142fceff2d380a657f689643832b4c2dc96f2760750590a0a784f9d656f771c71985

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 87b27d7d099d03540dc55eb3f730490a
SHA1 0f7a98deb9cd7484cfec56e563b6ded095539058
SHA256 5ba3cb55fd5c26202aac7894327266570cc79458f70a6c22f077500579263b80
SHA512 5b8bf28fc846c4827bf2c79588dfb8db0540409323ebeff13cf441b6b36c2a8a16e6ddaedd0bc07ec62328adc8c93349ab101418fcac0db131b01b0166f9631b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e8c65194e3b56bceae5fc56a9074e3fa
SHA1 dcc894748c57b19b45d2a448fcf19c3dbc269d1f
SHA256 7302f998c08bc1f152d78e4d73ca97ea06344a3976f4fbdcb584f55f5ea97385
SHA512 4e880f03c84243e7fb07cbb4c1168957d2db5dd2883172e94a7f95f66dca1f785bad62fd903ce5cbcbe9e513a89ba4923d7c867b10c407b951d3b0a9810a2791