Malware Analysis Report

2025-08-05 16:07

Sample ID 240526-edjqcaee85
Target 743dacafeba9ee9872be7478aa98c9f1_JaffaCakes118
SHA256 e336c99d837a14f6f71fc9d42583ea439bf4f1d9e43dfe7de28bb35a29d9c082
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

e336c99d837a14f6f71fc9d42583ea439bf4f1d9e43dfe7de28bb35a29d9c082

Threat Level: No (potentially) malicious behavior was detected

The file 743dacafeba9ee9872be7478aa98c9f1_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-26 03:49

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-26 03:49

Reported

2024-05-26 03:51

Platform

win7-20231129-en

Max time kernel

141s

Max time network

145s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\743dacafeba9ee9872be7478aa98c9f1_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422857232" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f09cc9df1fafda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000843284b0ccda334a99de2626dc5410d40000000002000000000010660000000100002000000055ea7c6cff206a7a036919353a19d0adfd12da55655c01893fe6b5c430829aea000000000e80000000020000200000005ba58d6bff4aeed9c0fb2db3adb74d37f14e7881ccaaffc1106e293d5a590c7420000000d47c2e060bdd4862f690954f99dfb68f0d3f6d5a61b5a0aff0fbd9ba3703e2e240000000f4d3fc5706928329aa08971d8cc39931e9a0aea6f584cfa747346bf2e3a8dd51c1158292934064653ebf3ebc7dec0151d0c1ff3cb92be48f6d6b92b7b0993d9c C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000843284b0ccda334a99de2626dc5410d400000000020000000000106600000001000020000000ea9230521f4f6f75af488c1689de75ff41cab79dce7aaafe73481c81586bc190000000000e80000000020000200000001b2e361311d8677d647d7ffb2669dad170336d9e9d517d5bb5305510a95c70f690000000375a4e5db191c6266a9b6a488c26301541931319bc49cfcd84204d2493ba3ac0c8ad0d4253dabdb0c7d00e5596dbace8a770a32045274fb02df9f88805f338429b296d8a7c01e12cd38084d1c986e58ed86db64cc82029b76744b7703e04f1561994981b19ec2635ca76fb97ddb17b18fc38b935b71739ce33fb9571f8fda7c6cf62827c83d997904755d58193d581374000000064eab4969d72ef09cfe03bdabab12e5626961c2beb4c3adab752e1b363d6a3772ae414816a0c03ed5a2d73faffbd0de79cbabcf8d3dcbf1b849b223cf1511cdc C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F1E11CB1-1B12-11EF-8857-46361BFF2467} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\743dacafeba9ee9872be7478aa98c9f1_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2884 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.sunwestemb.com udp
US 8.8.8.8:53 logic-c.biz udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 profit-in.info udp
US 8.8.8.8:53 b.hatena.ne.jp udp
US 8.8.8.8:53 x5.tuzikaze.com udp
GB 142.250.187.234:80 ajax.googleapis.com tcp
IE 18.66.171.114:80 b.hatena.ne.jp tcp
IE 18.66.171.114:80 b.hatena.ne.jp tcp
IE 18.66.171.114:80 b.hatena.ne.jp tcp
IE 18.66.171.114:80 b.hatena.ne.jp tcp
IE 18.66.171.114:80 b.hatena.ne.jp tcp
GB 142.250.187.234:80 ajax.googleapis.com tcp
IE 18.66.171.114:443 b.hatena.ne.jp tcp
IE 18.66.171.114:443 b.hatena.ne.jp tcp
IE 18.66.171.114:443 b.hatena.ne.jp tcp
IE 18.66.171.114:443 b.hatena.ne.jp tcp
IE 18.66.171.114:443 b.hatena.ne.jp tcp
JP 202.228.215.70:80 x5.tuzikaze.com tcp
JP 202.228.215.70:80 x5.tuzikaze.com tcp
US 8.8.8.8:53 www.kuehne-physio.de udp
US 8.8.8.8:53 internetmaailma.net udp
PL 89.223.93.84:80 internetmaailma.net tcp
PL 89.223.93.84:80 internetmaailma.net tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 ocsp.r2m01.amazontrust.com udp
US 3.162.148.27:80 ocsp.r2m01.amazontrust.com tcp
US 8.8.8.8:53 b.st-hatena.com udp
US 3.162.140.81:443 b.st-hatena.com tcp
US 3.162.140.81:443 b.st-hatena.com tcp
US 3.162.140.81:443 b.st-hatena.com tcp
US 3.162.140.81:443 b.st-hatena.com tcp
US 3.162.140.81:443 b.st-hatena.com tcp
US 8.8.8.8:53 ocsp.r2m02.amazontrust.com udp
US 8.8.8.8:53 ocsp.r2m02.amazontrust.com udp
US 8.8.8.8:53 ocsp.r2m02.amazontrust.com udp
US 3.162.148.27:80 ocsp.r2m02.amazontrust.com tcp
US 3.162.148.27:80 ocsp.r2m02.amazontrust.com tcp
US 3.162.148.27:80 ocsp.r2m02.amazontrust.com tcp
PL 89.223.93.84:80 internetmaailma.net tcp
NL 23.62.61.97:80 www.bing.com tcp
NL 23.62.61.97:80 www.bing.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NNAM8252\post-5398[1].htm

MD5 f5d40b7259645010f9a248858ad14178
SHA1 b3051d17a6ec8c9e166bf09a62b48261ab86957b
SHA256 7f5007068d2b56ea9735e2490d60cff2e72cae312024ac1f6c91158eba47d05d
SHA512 1e82bc2d067f726670b3e6054d73e57868f6e7c50eb979696bf927daeef699f2d8f8de201e8252b86b0e9f86dc69e5037fc9fa08ef6c271b033f29d4f0f4c1aa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

MD5 55540a230bdab55187a841cfe1aa1545
SHA1 363e4734f757bdeb89868efe94907774a327695e
SHA256 d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512 c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3bfe24d3e2f5f6803b33f52796ad66f1
SHA1 1bf93b48693f916b32dca6da536f058ddcb9b637
SHA256 76886218251c45f491d6a80ddb9468811a2a4a5c78722c7a43f6291ee5fa9257
SHA512 69d091b52864f4d4ac2de3b52594dfada6d76681492d2346ddd6c81ee88f39cbb34a1dbf1d5e76d47074f1a4e8417a15aa2e3dd94b1a2816e9b3875483d10c82

C:\Users\Admin\AppData\Local\Temp\CabE93.tmp

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\Local\Temp\TarE96.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a389162fc87df15b3365d5db6d3e2c3d
SHA1 dd4d49d02129f660fda8c152e3862a7b96329fee
SHA256 3aa3e4eb89397bd6cb722e2e514ae38e0ef16adac9b9bf4426433b9652f44fdf
SHA512 5e8b9f4690cf17644756aa8e1726dd3fcf2fc90d99def93c5109a140e7393579956dc5fcaa9d6b14395fe6c6c2dcefa6a704738c2da4747a2bcc126fbb0ef93b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 65004ddc7eaa84f7a181bff42175871c
SHA1 6de5583067e582a3f23062944b555f3cf1637ece
SHA256 0685ad7103f446214ce456c0e90507da8d47a1bd0d78fa819e9d45be2d57e78b
SHA512 d854fe2ec8a8a784a685c3e5bc232274220c7f790d6051cfe46bf7eaa5f946e7ffc9a4a7f63e6edb449b75386f3a9a701c75bc85f5c78830bd53cc4f6b6456a9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 75aab7021afee87067deb8c6d94cf9ff
SHA1 55075f83593e721587a4e06d3c721f61b0c1ff66
SHA256 2461b32c8b6f458aa4adb1360a4ec1ba2c97dcf069964119a4466539845b98f3
SHA512 a9e96a78ed4ecf3ae599c1e31c44439944878d9af0ad271bd1ba01ac019d29c347d53a885833708f18e96ba2ece0be8c1e6db81401cf5141200c6b89dc126ab1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

MD5 da65dcc01a1f2bc2a682206821df64a6
SHA1 aba0e3083a3439ec727a7732c5e259c2da1a574d
SHA256 c11c1e112e501696a6e0b1080687916dd24ae00ca4c8768ea6c70c2b973ba097
SHA512 8dd6346cc9dba462a426a384a6e2dc6c04629f5651556d1e961aea1707e48a356cb1bafbf40e96791233a6aeae664eff755abf9aa912c97974465e5b5d3a73aa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d3cfbfc27361a87fcffa813903422a52
SHA1 a4fb46f3bbb9d0a386e806e684218e2e7c66075b
SHA256 ee21576a530ff1d957387e0ab87de14dde77055ccd083ffc96238f25ce8e7306
SHA512 0f5cec084d500abfae8cafc7dadd58c8fa94026036dba5149b4eeebe1252fc6292c58e7cd988eaa3ebec51afecbb7860c7f9e609abc32ffa06285196fb9c6fc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 90e979c0fc8427da4dee4dbc6c33ffb3
SHA1 1d5d7fbfcd1427b526477d537fe3c9e5abfce575
SHA256 e69f6a42db63cb1524cceb21e717006ffa9adab58565d14a44d96296a892c8b0
SHA512 a8ab33650dd0a182d30e57fd70249ac3bfdbe2c198b6e1d74ba8a5b40afdb932e3646f8afcabc500189f4e3f4ba96d6868affe1159fe41f0a4a7f5930416cce4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9cecc81c4b2c9f7c33ea004ca215da0f
SHA1 7996429ea63eb6d1358a79beedfe5368701e2d0f
SHA256 dc4aad32da25df80b7aa33d007bd4175fd6f613e45b256563055e77046223393
SHA512 f8920e2d85a2e57c4bfa4d8c6316bc73be4ff3d1d6bc3f52547b1cfd6dfa567ac5ef2636638ef4d489d8afd94f3d3e560a279aa9c1d1b6dada3a70e553be170b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

MD5 877bdc60b03e0e0f2ade0b687d86056c
SHA1 7d3f972cf2750742251b53f73400d3bf1c60d8cc
SHA256 d686d7e12163372af81e145c228b4ef53776296d80ea1fef7e50fd0dbdb4b71d
SHA512 47029ac3f1ef7ba3569a415a875e9ae05cb469b85c10d4f981edceec243338676c347f5fb9609ba4078c01ec7be053a934f8bfb1e613360254a36d4f444637a6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

MD5 8f2b1b610262c774fe67f9a8df9e2625
SHA1 7dfd3dff9ce9a613f7ed46af6fb10b48ed9ddc48
SHA256 07423cfd283dd1c1630ac0553f0f01e43cd5ba57ad1c4655ae744ed52e704742
SHA512 fb7faeab62748ce735623a5ab92428f1a2e6b63423ee1f213df484929d8180d5a47ff563377293b60ca0156b97e7a0ec20560b4b0346299d9a4b820ff8c97264

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_B5D3A17E5BEDD2EDA793611A0A74E1E8

MD5 db688abb1532358d0aeff35a32db1dd4
SHA1 43b96d8c6facf03a7c7d581e5a2386664dd1a75f
SHA256 b0176a0869a5ea840cdc637946d52c8f7f3bb5ce8ff098af4bbf514a55644605
SHA512 b0e72ea81f652186041bc0fc201b2329483388618941c3734aaecb79d3f383ec76df432fe769f6755ac486824e5784cc1872cd8e2798c2cfac5236703d190528

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_056B48C93C4964C2E64C0A8958238656

MD5 9bab704b8da17fc23f8536a0b97ad334
SHA1 a32371780d57092d6057035bd0c3e8c9825dcf2f
SHA256 0c3ef994922dde83c7d50ae8127e1f2ae19670d52a87fb9398fff3a4e46bbfa7
SHA512 4df236cdbfdfb8445545f2b90e3d273c89d484d280bafbd968ae26874240ffa23c6021eab2ff37a98be00d633aef01a0e60a6983e948fb01421e2a3037d30701

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_056B48C93C4964C2E64C0A8958238656

MD5 c0f75fb60403ed2582678ada821f9f80
SHA1 a137e522bab1e94f3fe21ef000d1d246982b2f65
SHA256 b265a5b5aef887bba17be1c7222245f9fbd061f6bd4d04a5416d8255404af029
SHA512 53db89897ddac8f5369b54817d1544975d594e69d123aa08125f89bc67f74b4156644a66c96684c2d6f632851d626f3e548f6939ff9d939a7aba6a18d1d3036e

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W30V78K6\00000[1].gif

MD5 07fff40b5dd495aca2ac4e1c3fbc60aa
SHA1 e8ac224ba9ee97e87670ed6f3a2f0128b7af9fe4
SHA256 a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
SHA512 49b8daf1f5ba868bc8c6b224c787a75025ca36513ef8633d1d8f34e48ee0b578f466fcc104a7bed553404ddc5f9faff3fef5f894b31cd57f32245e550fad656a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 75d4bb898b7546cc53e28bc12da49faf
SHA1 fb32ef1ee2c88095cf555e59468ec182289e59cb
SHA256 9bb88a0b745a0f99522f845dc387cbed9c65de4b625ef7b8b28bc170431f0c74
SHA512 aa04c55471c7d7103d8b3d5a226a4d0ef7c336111bdf68083c3a5e71f92e88c96a0b2ad9b2fe89a27bd7b1d04f5f9f088f094b09bc4a6e91bbdf8dac8e338035

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d190735a9920b2a6c5d5800f5400cfcb
SHA1 c471d4611a384c8ec2239cefb639ef51a40dc940
SHA256 675236caf10e564dfb2124093edef3a67debdca42d95ba34b0a83a52f19bf25a
SHA512 aae6a23e3ea5064968883de811d938680531b34782f5e98e2acbbd802d7d63c9b0f95998e0bfafcbe2ac15b49d60e09212889937fc482532babda93468300f94

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 de443c09cdff9babcf210601e1fd3f65
SHA1 77e4656fa71a034d7929332c0cc4d6959ee026af
SHA256 74438316a4e8abf00e15a8b240a9b012676e3f9d102b01050a61a8c23c0983f7
SHA512 bf1d9d7770bb5722beb75c424175bb6bc2c27e1da4190ad59d3babf457912e23aa507cc0b38bd0a414d2a567e9780c149ea7ac5c7766147b2dbd7b98e1d25f05

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 06c1066b898c3fb76e5db7ec300aeede
SHA1 a763c4d3d62091e865c9faad5561ff24294f4907
SHA256 b3f019a139189b19e8ce417936c18972ce6aa71c17491a74b3038663cf4dc487
SHA512 eb46b794fdea67a3c2b7c6ef9aa29d04d64b9f5ba94f288a106d2ea1258ca284c3a15138fc4e9e1bb344df36bfcb6dc5d8b121ec45733e6f94ef14bdb601b5ed

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0a67abd8435f299e552323bbbd8f5fd7
SHA1 dd5b550c7ab9b25bc655382ef1a3491e1002f1a5
SHA256 9c23b85d8c109913d716e2b8d9c7219b760a0199a4dcaff35bd19f1bdea9f769
SHA512 b8e95c5247f2e1588b8685b35cd5ec2a227beb7a0275d934895a961a668db5a30f46c959f4508d3d944fdd20e187aaac61f4663cd07856365c396f3665461ddb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ebad1aca9db822c1f33b33188705a456
SHA1 d66dda45dcfb763ab4287e83461d1ffa184c76cf
SHA256 78c12213ad69ff2092828e8d9ff3ae6693de7028ae1ac931345b8f7ffcd87081
SHA512 ce2a5ee42a35c9a9c5773130c788ed878869a1e3f0513df3096c111f046c5ba4caf49020db8355bd9c69b64a475238baba4bc41b5c24f17e5b08759561db57ce

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7e23f79efa56ef02bb190158456eb11e
SHA1 7529aa5005b757fc90aac33692578de51beb9948
SHA256 88039b6e6b3d0589fd449153fa369c3ffb68b0398cf6de385626c0a04455a29f
SHA512 534661144c4b9bd6a637fdded24be762538cc7325ece6f686cc335732a367cf5c81a37dded4502e4340e7b6a390d528b14a40e275f948baf130c27188720c450

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 b7719e4c1933604f3cee30e75b615b09
SHA1 75ff42b810b5b85b4d65a279c6d3ddd4fbcce2cb
SHA256 4910abea783ddaf5a888f4d3d681d0fb895ae2ccf24a7bed892e135a40aa5fd1
SHA512 213ed002764dc6d4e3ec054bc32dde5f0a89b464cce053c1ae9feed68565b3ba556f3382001a170869084083bab55555dcbab1052bdce983ec4103411397eb9a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9e0de45b5302593f9902ff9451a5bf90
SHA1 f3451cec8dfb7033cc0fc796423a8a63eaeefebb
SHA256 68f4d883b7b27e8577176280956d90b82b65e68bf0a82d8560f732906354295b
SHA512 0621d47011f8da16553ac8512640ee8e47f2be32c3c09dcda810a945a8ebf84c060db73cbe4cb6dba03dc4a7297310714044ebcc4a4220221b6ff9130f7299b4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5399925139c1343e5d5465b43b05caa4
SHA1 7ff11024181e989fb9f059a6ca50d2fb12db34db
SHA256 a2c0f5ead29e1e162268e9c18cb14987ad73bb78ff682988bfd7b01653046a0d
SHA512 a43c1607ff2999ec64eed9471fc59b520cef1cc00374b58f06bc29d11e51da87f685881a6fab7f8218aefa028e77f23d3ea8194aabc17056db4a67183aa7d6b2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 54346949ee7eb8496bca4e83e2537daf
SHA1 daf3dd4977cf75a8f14a651723c5d90f368c9ea4
SHA256 452a83d4ef8532e194ef5ba25a0ac4421e46edba3f6a19a697ab471fea7ceeb5
SHA512 3cb3a2cb0c5be3826b0422252a3be293a3f5edad62c363aea824d92903793b71deb11fff8bcc1a481cacef1bd191bbf1d2b1d5c3aa7dde07b52fe7d5ef8adcb1

C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

MD5 da597791be3b6e732f0bc8b20e38ee62
SHA1 1125c45d285c360542027d7554a5c442288974de
SHA256 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
SHA512 d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 da4a83c01b387e681564bbe31c51df02
SHA1 bc1179ef3af3ab9ffd02e8ab6a26058e9ebbec43
SHA256 2696602f69f2b299f3075af86924cc8e6edd302bcd1c06c346c2187141e9de9d
SHA512 b58da1f4b080aead544414b59489fa627b277a461f83ad8ec7e593f5ba5c3bc241481219d544082bf9712dda2394cdd274179eadcebe3f5e7adebc5720eb03f8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 149d34a66f5b34e55d7aaf0cdbeae294
SHA1 226ef96eee83e453d29751720ecb26d8f61d0bb8
SHA256 a1fb3303b295ed5f22146c9fea20bcd7bec08b6fde8ae81c6df02455538a931a
SHA512 0da6907655f0eea9cdc81ffc69d9ca5807bc48580dee2f581e606ac54b6143dfac2eda2fcabbbd32b3ca97e1faa5ac3a7a359f11bc51b5689468216cf99bc29c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a61de968fc2dfe5affa67076580bc6e2
SHA1 93bfaec49e7d03c7d242055790fa4cf8886c2731
SHA256 0e600fa116e4b29194689f88189961afdf072a07bd84ee7e2a688811c95d8c71
SHA512 827eb760267d1ea5f45a49181676753cd24e386dfd397d4fb1b833bb3c683a801422334ffd759a9c515e9246962e07a4d8190c622503cbc41edf2d9155b34938

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3f864ea28b42f9450fe31912835d9fc4
SHA1 1ee24f74b525ddaca551ce44709a2a047b4cb4ed
SHA256 a46ff56989f62c340753ace3a217eb13b5946dd4ee25c35be8b003c1a905376f
SHA512 7ab6761bacf3fa26cda4a8b4c79ee4015bec1f1ca5e0d6545116910b221e43fd1586556fae0e0beeeca23aa3773c234b81217d26735ca7757c680fdfaccb971c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3a74b1419a0ae87dedebccf328e2faaf
SHA1 6c41c0f29a2c9351d6c7aeb6c877a2b04a9a27c0
SHA256 8e29a4f6db08f8182c324cdf971d31633fcc8ff08c473cd74857d67144642945
SHA512 fa345c8cdfe5e5b787c127dded9e4f7eb3216310595b48febc863529836105f23f77d778c760e13fb4466fe51c8133f3c4ff0fbd76d143e9d4a4e49159f8c647

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ef2ca74ab71748aeed624f9ba0a7d10b
SHA1 3dd69d54d7c822da5fbf56167fe9ee0a7b3fabfb
SHA256 24bfc9708b75c8afda55262137476c61c0c39b68d15c3c92c704782b5cb5d97f
SHA512 2f3710c6f451637b8e17390b8af82c8a1b81c1c7e1d1a3c7f98abcf73cb57d475329e93354209076aecb377f8a76d4a7f2d979f23fcad69f590c2c06ca04c750

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c23479036e4a516fa0978a8226ab2307
SHA1 f56ded5fe22f1141a6a360e36c035f14bb8b7812
SHA256 82a5908f73cecbd867e47b20f0611b500bd2aff5a3ff4f743bf357a42822564e
SHA512 36394af82d7b5b2551c4842e3fc9fdd5ae0da8e4dc81259ca8bda45dbf00a06382db9c6213f8937ad8b0d86f90bba1809aa74ca33f89dcb0a2e09ab1990232cd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e974883d8db5f0fb29380f7b04d363a1
SHA1 dd3780c2ca1e0c161487445486b47fabe56b9a6a
SHA256 7adb4320005e95f6c9ed490108b12f32f5664013e5134d08a2d0515d33e3be4a
SHA512 c49f2418d547d5262977c03dd0d7e4dab1c47681264f56ba601e8dc7dc48525022f96be7a1cba1ac8a8fc718ee5cb69788c0e2c3da4590b3eb72de74e1933bd6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b8238ca0403605c578f617c37a2fe6c4
SHA1 a4b8ebce919796e2d93aa196f68c5a0dbec802fd
SHA256 eb55c04205d6e4b420e3b1706689f107ecdde74ecf1d5e4a76ba3e5a88dbfeb1
SHA512 5f677f5f954886dca9c8ed68ba8c147dc6ba6d9ef55195cff53ebbd4fbc6bd8a1b44bec435d3cf8d1e865f2b80c86a6d6f473c6662eabb3788a816cb468a6b0f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4f939fff3da97bf6b785c22be0c39a3f
SHA1 8ff64a1d0964500c746c142af9642c8403bbc5e0
SHA256 98961441be090580784d6a2ec8fec5ed9336b25be3bd1340d56c97d5c6685560
SHA512 563f3ad79cd865855cb1bba1edbd0a531a956ec7d8127a145326b75ec107f6ec3ff8135db74a2a3ed28868857624f06db326f04b24ab284e96ece830468211cf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9a8f190e5e6b85a03991fe3b1f2195b0
SHA1 b46154deb9a69804541cd1786c51a9630999ecbd
SHA256 ede450236b42c8e859784f85228f0a228a82cd393dfc80bb7423dc8664cec104
SHA512 6b631a8f37dac3bf3ffe9773385a6bdfa75a0e0177df164a454b23259285a503709d285084165626e839350ab3e3f157151c8a815756d90b3c4f67d6d72fa159

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 583f68fcf73e46009219c4b7bfbf3792
SHA1 a51d42998415abe67212c72d6c60203f0bfecdd0
SHA256 28721a570bb2d959975c38227118caa03267bba91c9b7e895faf2e6ac0755b6e
SHA512 e0c8b55d94db8c78515578147241c2f5e215bb708864bb84e10dbfab059a808a5e440d109f025f03da43d7b6c6a4608fc83e92767d705b33c2548bc2d34ef5d7

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-26 03:49

Reported

2024-05-26 03:51

Platform

win10v2004-20240508-en

Max time kernel

148s

Max time network

150s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\743dacafeba9ee9872be7478aa98c9f1_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2844 wrote to memory of 2148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2844 wrote to memory of 2148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2844 wrote to memory of 2680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2844 wrote to memory of 2680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2844 wrote to memory of 2680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2844 wrote to memory of 2680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2844 wrote to memory of 2680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2844 wrote to memory of 2680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2844 wrote to memory of 2680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2844 wrote to memory of 2680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2844 wrote to memory of 2680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2844 wrote to memory of 2680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2844 wrote to memory of 2680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2844 wrote to memory of 2680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2844 wrote to memory of 2680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2844 wrote to memory of 2680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2844 wrote to memory of 2680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2844 wrote to memory of 2680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2844 wrote to memory of 2680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2844 wrote to memory of 2680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2844 wrote to memory of 2680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2844 wrote to memory of 2680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2844 wrote to memory of 2680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2844 wrote to memory of 2680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2844 wrote to memory of 2680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2844 wrote to memory of 2680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2844 wrote to memory of 2680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2844 wrote to memory of 2680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2844 wrote to memory of 2680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2844 wrote to memory of 2680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2844 wrote to memory of 2680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2844 wrote to memory of 2680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2844 wrote to memory of 2680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2844 wrote to memory of 2680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2844 wrote to memory of 2680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2844 wrote to memory of 2680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2844 wrote to memory of 2680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2844 wrote to memory of 2680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2844 wrote to memory of 2680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2844 wrote to memory of 2680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2844 wrote to memory of 2680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2844 wrote to memory of 2680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2844 wrote to memory of 3084 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2844 wrote to memory of 3084 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2844 wrote to memory of 2700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2844 wrote to memory of 2700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2844 wrote to memory of 2700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2844 wrote to memory of 2700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2844 wrote to memory of 2700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2844 wrote to memory of 2700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2844 wrote to memory of 2700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2844 wrote to memory of 2700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2844 wrote to memory of 2700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2844 wrote to memory of 2700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2844 wrote to memory of 2700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2844 wrote to memory of 2700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2844 wrote to memory of 2700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2844 wrote to memory of 2700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2844 wrote to memory of 2700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2844 wrote to memory of 2700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2844 wrote to memory of 2700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2844 wrote to memory of 2700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2844 wrote to memory of 2700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2844 wrote to memory of 2700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\743dacafeba9ee9872be7478aa98c9f1_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb93be46f8,0x7ffb93be4708,0x7ffb93be4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2244,4950256671731458102,2191079514045698867,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2252 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2244,4950256671731458102,2191079514045698867,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2244,4950256671731458102,2191079514045698867,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2632 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,4950256671731458102,2191079514045698867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3164 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,4950256671731458102,2191079514045698867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,4950256671731458102,2191079514045698867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2244,4950256671731458102,2191079514045698867,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6032 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2244,4950256671731458102,2191079514045698867,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6032 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,4950256671731458102,2191079514045698867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,4950256671731458102,2191079514045698867,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,4950256671731458102,2191079514045698867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4528 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,4950256671731458102,2191079514045698867,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2244,4950256671731458102,2191079514045698867,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5088 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 s.w.org udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 www.sunwestemb.com udp
GB 172.217.16.234:80 ajax.googleapis.com tcp
US 8.8.8.8:53 x5.tuzikaze.com udp
US 8.8.8.8:53 internetmaailma.net udp
PL 89.223.93.84:80 internetmaailma.net tcp
JP 202.228.215.70:80 x5.tuzikaze.com tcp
JP 202.228.215.70:80 x5.tuzikaze.com tcp
PL 89.223.93.84:80 internetmaailma.net tcp
US 8.8.8.8:53 logic-c.biz udp
US 8.8.8.8:53 b.hatena.ne.jp udp
US 8.8.8.8:53 profit-in.info udp
IE 18.66.171.109:80 b.hatena.ne.jp tcp
IE 18.66.171.109:80 b.hatena.ne.jp tcp
IE 18.66.171.109:80 b.hatena.ne.jp tcp
IE 18.66.171.109:80 b.hatena.ne.jp tcp
IE 18.66.171.109:80 b.hatena.ne.jp tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 234.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
IE 18.66.171.109:443 b.hatena.ne.jp tcp
IE 18.66.171.109:443 b.hatena.ne.jp tcp
IE 18.66.171.109:443 b.hatena.ne.jp tcp
IE 18.66.171.109:443 b.hatena.ne.jp tcp
IE 18.66.171.109:443 b.hatena.ne.jp tcp
US 8.8.8.8:53 x5.tuzikaze.com udp
JP 202.228.215.70:445 x5.tuzikaze.com tcp
US 8.8.8.8:53 b.st-hatena.com udp
US 3.162.140.94:443 b.st-hatena.com tcp
US 8.8.8.8:53 70.215.228.202.in-addr.arpa udp
US 8.8.8.8:53 109.171.66.18.in-addr.arpa udp
US 8.8.8.8:53 65.140.162.3.in-addr.arpa udp
US 8.8.8.8:53 94.140.162.3.in-addr.arpa udp
US 8.8.8.8:53 asumi.shinobi.jp udp
JP 202.228.215.61:445 asumi.shinobi.jp tcp
JP 202.228.215.62:445 asumi.shinobi.jp tcp
JP 202.228.215.63:445 asumi.shinobi.jp tcp
JP 202.228.215.64:445 asumi.shinobi.jp tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 asumi.shinobi.jp udp
US 8.8.8.8:53 platform.twitter.com udp
PL 93.184.220.66:445 platform.twitter.com tcp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 platform.twitter.com udp
PL 93.184.220.66:139 platform.twitter.com tcp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 9.179.89.13.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 612a6c4247ef652299b376221c984213
SHA1 d306f3b16bde39708aa862aee372345feb559750
SHA256 9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a
SHA512 34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

\??\pipe\LOCAL\crashpad_2844_JNBAZEYFGGGERYXB

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 56641592f6e69f5f5fb06f2319384490
SHA1 6a86be42e2c6d26b7830ad9f4e2627995fd91069
SHA256 02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455
SHA512 c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f270c81dca5852b8914f86d1216ea991
SHA1 93d21328fcc2e85eaf7ac5500db5261b3c1d4478
SHA256 d55fbb31b7b15f9b45ea9d09d3dc788eab0e87aa467b9e271fb369d907ffda91
SHA512 1467f2c771ba842dfb5075e03837cbd0471090ff733f0a896c41f095af3f31351970271cd4f008c96dc59831d7a0ed9de67f1856b3716ca3ec83b181efe6bf41

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 decd77f0c1d0f901ce087c6ea4aa04a5
SHA1 1eb164f411410cb5cfd2041623a8227cfb64a448
SHA256 dab3957540c4b88c552e7ede72acdcd85e73003102bded4ac121fc13cec54165
SHA512 4f1357e8bcee4969e69df87a3fbdd2e6b8570769d3bae0e34adf9b8d5bbbce60757855689f2f6214078c82fa4231ac0b36ee08e0745d1262dfff150f45d2875c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f01873e1a51f3f1790b1993a52ae672a
SHA1 1d54de77770a8f6cd7f653a00dc65296e9811877
SHA256 6b54681e1f624a9ec19326d3fe718b148435a7f722952a2c75b2d45ae1bfc0e6
SHA512 cc80672e4a800ca23dd6d94101a31b74770b211ea7e4a799031da32d739abe3647926d450ab2df5af417f7a28316e450f8217614171150020be8297b3f99dccd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 c9e5d886e6e9a28640c9b133f55c0b54
SHA1 6b8c17cb5691319c22408169e2683aa942ea9b26
SHA256 8c1b85b2a9ccd207d25154cc250f1d33c787caea6d10f405dec2ac10bb7af8a9
SHA512 c05fe590fd7b94b92f839b50c436231ca9d3202f5e4212e83348c47fbdbeda38db81d8e86aa28ea15c78e89cf9d4087c857b1f2e2f3cf44bd90a6771da9c710b