Malware Analysis Report

2025-08-10 21:21

Sample ID 240527-nsvwlaba24
Target 7907785cfa5f16ad67944397fdd5b88a_JaffaCakes118
SHA256 8da348b723c8c0f65ef31590dac22998fe16acb840684dc49a4e93db0502ec7b
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

8da348b723c8c0f65ef31590dac22998fe16acb840684dc49a4e93db0502ec7b

Threat Level: No (potentially) malicious behavior was detected

The file 7907785cfa5f16ad67944397fdd5b88a_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of WriteProcessMemory

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-27 11:40

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-27 11:40

Reported

2024-05-27 11:42

Platform

win7-20240221-en

Max time kernel

144s

Max time network

151s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7907785cfa5f16ad67944397fdd5b88a_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage\cbox.ws\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e99512288f5f834dbab720c7a605e846000000000200000000001066000000010000200000007440d945e81d6bd6b293efa0580a5640284e271252385f23ff925ffdc1b56b24000000000e80000000020000200000005ef18c7773e5552fe3836c81c5c4b70aeba5836025443cceee553b25d1563a5120000000e8e7044ca72e93f0409302e5cf8f436dc88fed4e9652e10516f80e9b23e9d47b400000006530315cffd3ec150f33d17910d46ee0c1875e00d99f854c77535915125d04da0a055fc292a610d6054bab9cfad838740b0a13be40bd01e49ba744f7b9cf7bad C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e99512288f5f834dbab720c7a605e84600000000020000000000106600000001000020000000f5e7e59a0ac3e5ca7f7fb205bc16cba86b36126844c274326fd61e1a828985bf000000000e80000000020000200000001e344bc64e6828f230d1208532240ece18c1af0d40c3b311e529407623db314690000000994fddd467357fccd68bb2280f42a922bf2f4016b899556627820069fb96e621f7fbf24b4d014943a1d8eecd2636ac69eb83735962f64a17ab150d6e1818bc0394a66012f93416fa957cd81e0c003738b70fb147799b5e15f58fb3758323a2c05d54734c307a7935695b03459034c30bdf415811dd5b221c94df6dee8b665106a96129059198fbffd11a10c9456936b2400000004a431a01cf7ea8846d07fdca5d69f56b78bd3d4eda694441e2f3f21c5ee7308bd324a71a2db2bd4b2ce871dfda3c6b74482e9e532e9d2494f62f1507b11ea4cd C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422971883" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage\cbox.ws C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 80f7bfb62ab0da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{DEA9DC71-1C1D-11EF-9C59-EAAAC4CFEF2E} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7907785cfa5f16ad67944397fdd5b88a_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2108 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 lh4.googleusercontent.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 www.entertainmentwallpaper.com udp
FR 172.217.20.193:80 3.bp.blogspot.com tcp
FR 142.250.178.129:443 lh4.googleusercontent.com tcp
FR 172.217.20.193:80 3.bp.blogspot.com tcp
FR 142.250.178.129:443 lh4.googleusercontent.com tcp
US 8.8.8.8:53 i.imgur.com udp
US 8.8.8.8:53 www.jesus-is-savior.com udp
FR 142.250.179.73:443 resources.blogblog.com tcp
FR 142.250.179.73:443 resources.blogblog.com tcp
FR 216.58.215.42:80 fonts.googleapis.com tcp
FR 172.217.20.193:80 3.bp.blogspot.com tcp
FR 216.58.215.42:80 fonts.googleapis.com tcp
FR 172.217.20.193:80 3.bp.blogspot.com tcp
FR 172.217.20.193:80 3.bp.blogspot.com tcp
FR 172.217.20.193:80 3.bp.blogspot.com tcp
FR 172.217.20.193:80 3.bp.blogspot.com tcp
FR 142.250.179.73:443 resources.blogblog.com tcp
FR 142.250.179.73:443 resources.blogblog.com tcp
FR 172.217.20.193:80 3.bp.blogspot.com tcp
FR 172.217.20.193:80 3.bp.blogspot.com tcp
FR 172.217.20.193:80 3.bp.blogspot.com tcp
FR 172.217.20.193:80 3.bp.blogspot.com tcp
FR 172.217.20.193:80 3.bp.blogspot.com tcp
FR 172.217.20.193:80 3.bp.blogspot.com tcp
FR 172.217.20.193:80 3.bp.blogspot.com tcp
FR 172.217.20.193:80 3.bp.blogspot.com tcp
FR 172.217.20.193:80 3.bp.blogspot.com tcp
FR 172.217.20.193:80 3.bp.blogspot.com tcp
FR 172.217.20.193:80 3.bp.blogspot.com tcp
US 8.8.8.8:53 upload.wikimedia.org udp
US 8.8.8.8:53 mureo.com udp
US 8.8.8.8:53 www.goth-witch.webspace.virginmedia.com udp
US 8.8.8.8:53 encrypted-tbn2.gstatic.com udp
US 8.8.8.8:53 s7.addthis.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 hanjs.googlecode.com udp
FR 142.250.179.73:443 resources.blogblog.com tcp
FR 172.217.20.193:80 3.bp.blogspot.com tcp
FR 172.217.20.193:80 3.bp.blogspot.com tcp
FR 172.217.20.193:80 3.bp.blogspot.com tcp
FR 172.217.20.193:80 3.bp.blogspot.com tcp
FR 172.217.20.193:80 3.bp.blogspot.com tcp
FR 172.217.20.193:80 3.bp.blogspot.com tcp
US 199.232.192.193:80 i.imgur.com tcp
US 199.232.192.193:80 i.imgur.com tcp
US 199.232.192.193:80 i.imgur.com tcp
US 199.232.192.193:80 i.imgur.com tcp
FR 172.217.20.206:443 encrypted-tbn2.gstatic.com tcp
FR 172.217.20.206:443 encrypted-tbn2.gstatic.com tcp
US 50.28.73.186:80 www.entertainmentwallpaper.com tcp
FR 142.250.178.142:443 apis.google.com tcp
FR 172.217.20.170:80 ajax.googleapis.com tcp
US 50.28.73.186:80 www.entertainmentwallpaper.com tcp
FR 172.217.20.170:80 ajax.googleapis.com tcp
US 13.248.169.48:80 mureo.com tcp
BE 173.194.76.82:80 hanjs.googlecode.com tcp
FR 142.250.178.142:443 apis.google.com tcp
BE 104.68.81.91:80 s7.addthis.com tcp
BE 104.68.81.91:80 s7.addthis.com tcp
US 13.248.169.48:80 mureo.com tcp
US 13.248.169.48:80 mureo.com tcp
US 13.248.169.48:80 mureo.com tcp
US 13.248.169.48:80 mureo.com tcp
US 13.248.169.48:80 mureo.com tcp
BE 173.194.76.82:80 hanjs.googlecode.com tcp
US 108.160.158.67:80 www.jesus-is-savior.com tcp
US 108.160.158.67:80 www.jesus-is-savior.com tcp
US 108.160.158.67:443 www.jesus-is-savior.com tcp
US 199.232.192.193:443 i.imgur.com tcp
US 199.232.192.193:443 i.imgur.com tcp
US 199.232.192.193:443 i.imgur.com tcp
US 199.232.192.193:443 i.imgur.com tcp
NL 185.15.59.240:80 upload.wikimedia.org tcp
NL 185.15.59.240:80 upload.wikimedia.org tcp
NL 185.15.59.240:443 upload.wikimedia.org tcp
FR 216.58.214.67:80 fonts.gstatic.com tcp
FR 216.58.214.67:80 fonts.gstatic.com tcp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.151.35:80 www.facebook.com tcp
GB 163.70.151.35:80 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 www.buzzbuttons.com udp
US 54.209.32.212:80 www.buzzbuttons.com tcp
US 54.209.32.212:80 www.buzzbuttons.com tcp
US 8.8.8.8:53 www7.cbox.ws udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
US 8.8.8.8:53 lh5.googleusercontent.com udp
US 108.181.41.161:80 www7.cbox.ws tcp
FR 142.250.178.129:443 lh5.googleusercontent.com tcp
US 108.181.41.161:80 www7.cbox.ws tcp
FR 142.250.178.129:443 lh5.googleusercontent.com tcp
FR 142.250.178.129:443 lh5.googleusercontent.com tcp
FR 142.250.178.129:443 lh5.googleusercontent.com tcp
US 8.8.8.8:53 accounts.google.com udp
BE 74.125.206.84:443 accounts.google.com tcp
BE 74.125.206.84:443 accounts.google.com tcp
US 8.8.8.8:53 static.cbox.ws udp
US 172.67.201.54:80 static.cbox.ws tcp
US 172.67.201.54:80 static.cbox.ws tcp
US 172.67.201.54:80 static.cbox.ws tcp
FR 142.250.178.129:443 lh5.googleusercontent.com tcp
FR 142.250.178.129:443 lh5.googleusercontent.com tcp
FR 142.250.178.129:443 lh5.googleusercontent.com tcp
FR 142.250.178.129:443 lh5.googleusercontent.com tcp
FR 172.217.20.193:443 3.bp.blogspot.com tcp
US 50.28.73.186:80 www.entertainmentwallpaper.com tcp
US 50.28.73.186:80 www.entertainmentwallpaper.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5DKX8QD5\Narsha-mustchoose-image[1].htm

MD5 e89f75f918dbdcee28604d4e09dd71d7
SHA1 f9d9055e9878723a12063b47d4a1a5f58c3eb1e9
SHA256 6dc9c7fc93bb488bb0520a6c780a8d3c0fb5486a4711aca49b4c53fac7393023
SHA512 8df0ab2e3679b64a6174deff4259ae5680f88e3ae307e0ea2dfff88ec4ba14f3477c9fe3a5aa5da3a8e857601170a5108ed75f6d6975958ac7a314e4a336aed0

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U8A9A2DI\Screen shot 2011-07-12 at 3.09.34 PM[1].png

MD5 5290675221fb33c424df93fe19249379
SHA1 f8b89b7a25c6bcde767272243acfebbee331e545
SHA256 587b3b00f7a583ddc1559e8e4f94b9aaaf835761ff73ac8ea51329d66540c1b1
SHA512 12053a4b421d825b078742e1c8a48fee99a5e587588cc3189e3ecec8400c928485769a724dd554f712a46bfe22037ab71fda8f4ae875b4f8f4c6b4963a8083f7

C:\Users\Admin\AppData\Local\Temp\Cab9CBC.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\Tar9CD1.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 09f9d5ca92f18b5ab7314beb19ee745c
SHA1 fa8c99ea55344e13e4bc97ab01affb12e3ea90d7
SHA256 4a2a085c3f5d615db6543f3af93c63831d09cc7a3bd274348a0e3b3a0a276ea5
SHA512 27de6231d3eecfcb179e056e1e9198e7f94309f44c96d8e0e7986d5fb2df67a63cccb2e52c2f63c4ee0bbaad05472f9a62b5b9c9086f014a5ef1232ca24a7111

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 2b79576931f7278028f9fcc700d932d2
SHA1 84f199382ad7efa564324e559dd9d0586d518fd7
SHA256 990697f2eed9d44971a4eaeec7c0ddd2822c683683bec33dff51ac1fcc07b059
SHA512 1aaef7b8a3e8e5e9dbcca8daadef4951b1467d76c4a3cfb39328c5dc21431bf68bfb1660ba403a755504e2611f864a27847a08a5d3dd6b63c7489d230f99ec24

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 988d5a94220dcf5340ca7cf2c9706f01
SHA1 e78f1788a9e1059738856ffb37567ff7b3444385
SHA256 e4fa369c6ba809a05f5e8827e6b70ddc02838c100d2b5fa99ac3ef93858879ab
SHA512 c47c1e967d840c7e00b2a706a286d03764d038d146e79aa9ab6d6dfdf079b26e37a4e85010469b3a77670a7dd27046a58c0817ce8b32c8eb0b365dbed8877ece

C:\Users\Admin\AppData\Local\Temp\Cab9EAC.tmp

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\Local\Temp\Tar9ED0.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dcc1aeeb4ebb906e6dfbd9b4be1201e3
SHA1 d358a882f1c89ed2f32301f02c02ae7e71f98766
SHA256 1c5d136a4edb92b9e3e873e39b7708d96b8f50d5ecf1d2791a1f10976d331126
SHA512 d1cd4ec3be84c114e480278f9d368d40411abe3da1899be37bf132ab17ad8cd1d6a31baa11db6ae7d52681a1333db9cd8e106b046ba44d4ff4476c9c13ad67d9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6e91f56431e73da996566ff324c4c32d
SHA1 70527437f5b329124b99ca34344074453f62494a
SHA256 3f7162678034bab0b6fb7157d2f9825aae9c581118d5294eef564be8cf142bba
SHA512 9b29409a2306ddc3dbdbbdd460aaaec2b40937d1b8cff3b3d15096668864f47dd159f8ad5ae991f64996e034a8739d85ca524ea2acc90a6908d26dc95cd7ff35

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 334314c996925b64557f2b07c067269e
SHA1 f661d30f30f6184c9b7b77186369c3eb7c0f2ea1
SHA256 e10b4a33ee09923108061a0cf2c9356e230396fb0394a43e2391191de0b4cf8d
SHA512 8bf31458eb1a3b536a0b69529f7700abf366d0a8cd2869833afd13c72841dc657cb35328452e40071e1b4185472561241de62281aa0fc23a07dc1fd60a36980e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d06f33e432ea0ac87a562fb5576dac6d
SHA1 3c9f29d945d44e1712830b5d56cf59d72b5b41da
SHA256 632fcdf05235115cdc7001a41ed5035f0bc374d7b67b6581a752813059806f56
SHA512 55b1414098131570c3d8021ba75cab8d412768ef81e66eb607be02abcec96bb344cc723dd85f68052e71551f04f32ab4aef66e6c9f9df080578a31791df4ffb1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_02C4C6ED250727F9B08935C0A9565568

MD5 75b84c254994f72d803e27dc39841cee
SHA1 799aa6038ff35814fea6d356ae1ca994010a2af0
SHA256 ab6ea28729591b2fce275d1bf706826979fc1e887d8c8aa1b3ee6850e979e26d
SHA512 93ef7fe5e3ee54840e64e6e70730745678abcfd921219bf78da4de4eac7120d2e22d1642e5590afb7838653a7a5c55d2dfbdd3965db27cb79fa9f547ea3798c1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 af400deeba4bf60726946add991aead0
SHA1 31527b43950301cda36b8ce01fb3f18700c28720
SHA256 363c1d0e46b3976fbdf53f4a73e59b08575d4a18cfd6bd8c68086718ace588f7
SHA512 d351fda0ad1013bb7c7175a2418d3b18714171ecee0c247a5af9dc9b8effa51f4d2e0c257cc4f2c2cf5657b86660f194779905fd80f724b08c1275b1e6a8b4f0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_02C4C6ED250727F9B08935C0A9565568

MD5 cac0a77f490ef634ee3f784965a27a27
SHA1 fc127f386353650f0eb678ed39454b1b11dba9f3
SHA256 0d7f888d84c207c669deaf195abe4237b9b1a5042dc46558938c4432e57dfd18
SHA512 21ca81f437d6f2e02f21f912dac76c9975df83af405b7e2ae6c805401e9089a0b58c8b5b4f07c4e5ace55b932e2cde1395b8dc2e43525ac5d2c796342f62d8c6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D

MD5 8ef2a3a478dd342556249ec38f93113c
SHA1 1923c8ceb3a5dfffc75cd794d24781cdecc135df
SHA256 1cb0c0113bf9195e4fe620d52692dae4f11d72c3fc03bdda0a58acb05d193f0e
SHA512 bb52645e1d85cc4762f01db8f8f0586f165a0d4867246d72af118bdf248eb4244a7c2aee2de557d703d8827857a5305e733b323bddba22ea3c4f01e3f0b21c3a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c3706445bceefd757d1158fcc6f4731a
SHA1 fedbb77f9887a91ea5a5ee7bb134a04055810bf2
SHA256 19359a24ba9b5520442e1b4519471763a05169b7d2188c44297c7a0989f57f66
SHA512 4578a2e77e88104026955ac9a533a1a3e7d5396b9c6ae8f416d588b7722d3157f843254d67258117b92a844aa11181ec5fc1d9ffc207e4195061fba33d8afcd7

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5DKX8QD5\platform[1].js

MD5 e66acfdb2f1dfcff8c6dba736dd4ab6d
SHA1 36026360b6c8d750488ef2c739e04969f8c5bcd7
SHA256 742841b3cf614dd55ce486a7335018bd1992c4d05ef74b45a0781318075a99f3
SHA512 113b6e50ded2703cb7a484a66250a38d74833ab9a994dc54042abc95500fe7405f9e5f384186c15bf392c613420a19108482d279776f6e2fd00245b8bd892fbc

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U8A9A2DI\cb=gapi[1].js

MD5 4d1bd282f5a3799d4e2880cf69af9269
SHA1 2ede61be138a7beaa7d6214aa278479dce258adb
SHA256 5e075152b65966c0c6fcd3ee7d9f62550981a7bb4ed47611f4286c16e0d79693
SHA512 615556b06959aae4229b228cd023f15526256311b5e06dc3c1b122dcbe1ff2f01863e09f5b86f600bcee885f180b5148e7813fde76d877b3e4a114a73169c349

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b90f6c117bd43dd2ba5f39f1e82961a3
SHA1 507de8cfde6507cb2b891e34856bcbadbf096c76
SHA256 8267eac30a430888def8747ce7e21f641e3d5964e4bc53da92d6e46a7de6cc72
SHA512 9b290488af24047c026155f2f9d9cd60008f0c4af79ae5aff22658758f5d4c67d9f9150a5fc12564449c5b63ebe84044b2756cbda3ba6c288e3e529873dd143e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ec7e973619afbd8b4ef47079ba40919a
SHA1 da57911bc11b659bc829d17f4ec46705de456e69
SHA256 22ef2525de52047a928614c30ef6afc9eda2cd368b4270e10005c161b592ea24
SHA512 7bf0c07b69b160eb93e3fbd74566150f09795ecfb9f091350d96041faa3296670cc078aa271ac92c52ddb80d6fda0500320a894004e5dd76915025487ba21c84

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5bc6a17629d688840df72b7014d6918b
SHA1 602cc712efc03a6453ef8f4bed17e97358bcdda5
SHA256 2be65eaae03ee5f0928aab65c7e8cdafca5f4888249a72be222b1d53f72c5c65
SHA512 464f8018b59025bbe11810a380f3221240012138b6e38b07be6f97d14f6d851ed2ecae31dc0ccd84a8e2eb590251f0eff77935fa3d004fca21326ee165b7000f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 facfd17ed9f95e6649caad882dc97999
SHA1 5564cd4e416c2345512813e5d89022ff3f460535
SHA256 41119a20ed52120e18f8b6c3430d5b9b9e6b9050a3933b8cc19c1976b5112918
SHA512 084765465c37cb0f7a38159a18badb63a1e252f38d82c4c55ed6cd5cf7258eee84144c256a5a480d465694a50c0f3282e4189507ce5a5ccc4b100cd8b8ab04a9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 94d3fdb20e261d165869b9863869ad5c
SHA1 5b42b7c9feb7d371e0c1c61a0136a130e66bdc32
SHA256 7d76309150e2f8b67a1b840400d74ccdfab84076817a1722d5874a9c18a70ef5
SHA512 4f6b3c8cd4bdd6fe08b5fea60912b74a4bbe653b283e7fea5b37edf307d173a8fa45dbab3537df6e8337cc35e173564e5dd0f2b252b20a22e56250192aea770b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e7224713e324657bdf125ccca1e0ca66
SHA1 f9cd38570d13c864edc123ab6658095ae20ff125
SHA256 57e6d0edc8a301f3534314b4c769ca27d5897131a7f830830160bacc5c38a38f
SHA512 f03b28a3ad974511054095e9190c64e925dd8fd7a353c78c9f204c712c3fe8c3119a26b0a7f24c9a9ec6b58c5128cc216417795a8f4766f904d0e88e9b3bc042

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ca8f7b3a1b4102e768bb7c1217065f96
SHA1 24cca4f334300235c35485552fccf69afefee95f
SHA256 9c284e358937b77b425925afa856f0598f08de69b4f75b02ea368eedb478e5af
SHA512 3a67ce448ba4238a4b72668bdf0a6fdae411dc75ef0df803d800dbc3a1ac24e59d7074e0945e3036421eacb0c3ca69494415e1c6d3679752c46de25a195eb13a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 380bdf2ae842c6ef47119976354497e2
SHA1 3ca3bd4428f79478cee1d29ada037b221f507fc6
SHA256 4b869172d270306f399ef096a88565fb2ef0d2a47f6cd88f016b91bad5a1eb7e
SHA512 dc52aaef1c78c19056b7c3aa79edfae77db0f4aef4c010396aa96b5113236ca5eca1bb5224a4e1e2b2b5ced3da65886a285406832b8e977a56ad62acf9d4178c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2658eab5cc0c21f7c8416011d1780985
SHA1 1f8a79136253a8e970917e4f730726810a7702d2
SHA256 121881dd43a77524ac588477a6896d8ad9b7146c9f1aadb2bc75dabb0e1794e2
SHA512 6b85ca3540e11d896ec03be90dbaf48fbcc70a4b219656379a5853221019a6dd8ee16efc48fccee9398874b6c6876f8411ad30ddb3b3edc90f60b367b4289d5d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 2540fe7929eeb2a90b3f7214acd1d38c
SHA1 ecc3483e500c9679146555b244d59526d311945b
SHA256 01e592651937fd4ed81bad53a5bd2f1024c4ea5c02fc114b89e7f862c5447885
SHA512 6a581643952619c7f1ac254e53230089e4376c7e0deaea52847dc7d301230e10c683c154e608af01db26beabf9fb51c01442598f348b6ab5e1dc425a052a02af

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 aed8a724bc622496c49996f7c5139d68
SHA1 dd0fa1813b2a44ca73f12f63d1d068d70ef9e62f
SHA256 a46be844e8495b2682c1b23e617df08338ef6b85600fa769f4a458b7a6b450cb
SHA512 5ae08003b268fd97e8dc57eff97c5feae1555b52b7a2639db38059cc5849175a338c0af73068e6b8e736d8b427bbb8d9b2426d667deafeaa8ffcf0e908d93ed0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 339817538977ab6050dee40d2b095024
SHA1 3a13a92ddda46d045845d88ff9aa208ead6d6da0
SHA256 da2f97d03650deca74bb430ec86d7da0c2393a58eac7fd511bfa0626fd073153
SHA512 93ccd704039b5e1b444acabb16fc5651f9672c94ff972503bfbffc33930cabdd7f7f2afa9882e10ae367e9d9b8ba633854fd3adb3162612955b70de55ccdb897

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 46cac808f345798f445ecf16bfcb727a
SHA1 4acabab1317090d120e12a0883f5ac41920a709b
SHA256 65f281d267f210821ec7a282d333193f13ac2b315d95c9390efa6197236b66d5
SHA512 8af9b1963eaea285dd09c62bf9955c024563c7d062e6f781d886ddcc78f347c346186911899bfdfa601ea51f4e0ef2c229d28c7693ca1858964487a6391f8688

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-27 11:40

Reported

2024-05-27 11:42

Platform

win10v2004-20240426-en

Max time kernel

145s

Max time network

142s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\7907785cfa5f16ad67944397fdd5b88a_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3316 wrote to memory of 1524 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3316 wrote to memory of 1524 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3316 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3316 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3316 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3316 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3316 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3316 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3316 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3316 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3316 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3316 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3316 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3316 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3316 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3316 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3316 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3316 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3316 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3316 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3316 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3316 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3316 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3316 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3316 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3316 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3316 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3316 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3316 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3316 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3316 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3316 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3316 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3316 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3316 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3316 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3316 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3316 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3316 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3316 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3316 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3316 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3316 wrote to memory of 3412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3316 wrote to memory of 3412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3316 wrote to memory of 412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3316 wrote to memory of 412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3316 wrote to memory of 412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3316 wrote to memory of 412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3316 wrote to memory of 412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3316 wrote to memory of 412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3316 wrote to memory of 412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3316 wrote to memory of 412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3316 wrote to memory of 412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3316 wrote to memory of 412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3316 wrote to memory of 412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3316 wrote to memory of 412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3316 wrote to memory of 412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3316 wrote to memory of 412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3316 wrote to memory of 412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3316 wrote to memory of 412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3316 wrote to memory of 412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3316 wrote to memory of 412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3316 wrote to memory of 412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3316 wrote to memory of 412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\7907785cfa5f16ad67944397fdd5b88a_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb327746f8,0x7ffb32774708,0x7ffb32774718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,13611916907405923243,14811298522326400417,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,13611916907405923243,14811298522326400417,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,13611916907405923243,14811298522326400417,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13611916907405923243,14811298522326400417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13611916907405923243,14811298522326400417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13611916907405923243,14811298522326400417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13611916907405923243,14811298522326400417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13611916907405923243,14811298522326400417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13611916907405923243,14811298522326400417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13611916907405923243,14811298522326400417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,13611916907405923243,14811298522326400417,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2596 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,13611916907405923243,14811298522326400417,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2596 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13611916907405923243,14811298522326400417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13611916907405923243,14811298522326400417,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13611916907405923243,14811298522326400417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13611916907405923243,14811298522326400417,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,13611916907405923243,14811298522326400417,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4856 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
FR 142.250.179.73:443 www.blogger.com tcp
FR 216.58.215.42:80 fonts.googleapis.com tcp
FR 172.217.20.193:445 1.bp.blogspot.com tcp
US 8.8.8.8:53 s7.addthis.com udp
FR 216.58.214.67:80 fonts.gstatic.com tcp
BE 104.68.81.91:80 s7.addthis.com tcp
FR 142.250.179.73:443 www.blogger.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
FR 142.250.75.234:80 ajax.googleapis.com tcp
FR 142.250.75.234:80 ajax.googleapis.com tcp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 www.facebook.com udp
FR 142.250.178.142:443 apis.google.com tcp
GB 163.70.151.35:445 www.facebook.com tcp
GB 163.70.151.35:80 www.facebook.com tcp
US 8.8.8.8:53 hanjs.googlecode.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 lh4.googleusercontent.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
FR 172.217.20.193:80 3.bp.blogspot.com tcp
FR 172.217.20.193:80 3.bp.blogspot.com tcp
FR 172.217.20.193:80 3.bp.blogspot.com tcp
BE 173.194.76.82:80 hanjs.googlecode.com tcp
FR 172.217.20.193:80 3.bp.blogspot.com tcp
FR 172.217.20.193:80 3.bp.blogspot.com tcp
US 8.8.8.8:53 www.entertainmentwallpaper.com udp
FR 172.217.20.193:80 3.bp.blogspot.com tcp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 www.jesus-is-savior.com udp
FR 172.217.20.193:80 3.bp.blogspot.com tcp
FR 172.217.20.193:80 3.bp.blogspot.com tcp
FR 172.217.20.193:80 3.bp.blogspot.com tcp
FR 172.217.20.193:80 3.bp.blogspot.com tcp
BE 104.68.81.91:443 s7.addthis.com tcp
US 50.28.73.186:80 www.entertainmentwallpaper.com tcp
FR 172.217.20.193:80 3.bp.blogspot.com tcp
US 8.8.8.8:53 i.imgur.com udp
FR 142.250.179.73:443 resources.blogblog.com tcp
FR 142.250.178.129:443 lh4.googleusercontent.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 73.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 42.215.58.216.in-addr.arpa udp
US 8.8.8.8:53 67.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 91.81.68.104.in-addr.arpa udp
US 8.8.8.8:53 234.75.250.142.in-addr.arpa udp
US 8.8.8.8:53 142.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
US 199.232.192.193:80 i.imgur.com tcp
US 199.232.192.193:80 i.imgur.com tcp
US 199.232.192.193:80 i.imgur.com tcp
US 108.160.158.67:80 www.jesus-is-savior.com tcp
US 50.28.73.186:80 www.entertainmentwallpaper.com tcp
US 108.160.158.67:80 www.jesus-is-savior.com tcp
US 199.232.192.193:80 i.imgur.com tcp
FR 172.217.20.193:80 3.bp.blogspot.com tcp
US 199.232.192.193:443 i.imgur.com tcp
US 199.232.192.193:443 i.imgur.com tcp
US 199.232.192.193:443 i.imgur.com tcp
FR 172.217.20.193:80 3.bp.blogspot.com tcp
FR 172.217.20.193:80 3.bp.blogspot.com tcp
US 199.232.192.193:443 i.imgur.com tcp
US 8.8.8.8:53 www7.cbox.ws udp
FR 142.250.178.142:443 apis.google.com udp
BE 173.194.76.82:80 hanjs.googlecode.com tcp
US 108.181.41.161:80 www7.cbox.ws tcp
US 108.181.41.161:80 www7.cbox.ws tcp
FR 172.217.20.193:80 3.bp.blogspot.com tcp
US 108.160.158.67:443 www.jesus-is-savior.com tcp
FR 172.217.20.193:139 3.bp.blogspot.com tcp
FR 172.217.20.193:80 3.bp.blogspot.com tcp
US 8.8.8.8:53 accounts.google.com udp
BE 74.125.206.84:443 accounts.google.com tcp
US 8.8.8.8:53 193.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 82.76.194.173.in-addr.arpa udp
US 8.8.8.8:53 129.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 193.192.232.199.in-addr.arpa udp
US 8.8.8.8:53 67.158.160.108.in-addr.arpa udp
US 8.8.8.8:53 161.41.181.108.in-addr.arpa udp
US 8.8.8.8:53 adf.ly udp
US 8.8.8.8:53 static.cbox.ws udp
US 8.8.8.8:53 bit.ly udp
US 8.8.8.8:53 www.cbox.ws udp
US 8.8.8.8:53 bonyet.com udp
US 8.8.8.8:53 garudasign.blogspot.com udp
US 8.8.8.8:53 j.gs udp
US 104.21.85.24:80 static.cbox.ws tcp
US 104.21.85.24:80 static.cbox.ws tcp
US 104.21.85.24:80 static.cbox.ws tcp
FR 172.217.20.193:80 3.bp.blogspot.com tcp
US 8.8.8.8:53 ohterbaik.blogspot.com udp
US 8.8.8.8:53 sukainfodunia.blogspot.com udp
US 8.8.8.8:53 tinyurl.com udp
FR 172.217.20.193:80 3.bp.blogspot.com tcp
US 8.8.8.8:53 www.ezynetwork.net udp
US 8.8.8.8:53 www.rizqikautsar.com udp
FR 172.217.20.193:80 3.bp.blogspot.com tcp
US 8.8.8.8:53 lh3.googleusercontent.com udp
FR 172.217.20.193:443 3.bp.blogspot.com tcp
FR 142.250.179.73:443 resources.blogblog.com udp
FR 142.250.178.129:443 lh3.googleusercontent.com udp
FR 172.217.20.193:80 3.bp.blogspot.com tcp
US 8.8.8.8:53 84.206.125.74.in-addr.arpa udp
US 8.8.8.8:53 24.85.21.104.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 mureo.com udp
US 13.248.169.48:80 mureo.com tcp
US 13.248.169.48:80 mureo.com tcp
US 13.248.169.48:80 mureo.com tcp
US 13.248.169.48:80 mureo.com tcp
US 13.248.169.48:80 mureo.com tcp
US 13.248.169.48:80 mureo.com tcp
US 13.248.169.48:80 mureo.com tcp
US 13.248.169.48:80 mureo.com tcp
US 13.248.169.48:80 mureo.com tcp
US 8.8.8.8:53 upload.wikimedia.org udp
US 13.248.169.48:80 mureo.com tcp
US 13.248.169.48:80 mureo.com tcp
NL 185.15.59.240:80 upload.wikimedia.org tcp
US 13.248.169.48:80 mureo.com tcp
US 8.8.8.8:53 www.goth-witch.webspace.virginmedia.com udp
FR 172.217.20.193:80 3.bp.blogspot.com tcp
NL 185.15.59.240:443 upload.wikimedia.org tcp
FR 172.217.20.193:80 3.bp.blogspot.com tcp
US 8.8.8.8:53 48.169.248.13.in-addr.arpa udp
US 8.8.8.8:53 240.59.15.185.in-addr.arpa udp
US 8.8.8.8:53 encrypted-tbn2.gstatic.com udp
FR 172.217.20.206:443 encrypted-tbn2.gstatic.com tcp
US 8.8.8.8:53 lh5.googleusercontent.com udp
US 8.8.8.8:53 206.20.217.172.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 platform.twitter.com udp
PL 93.184.220.66:445 platform.twitter.com tcp
US 8.8.8.8:53 platform.twitter.com udp
PL 93.184.220.66:139 platform.twitter.com tcp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 www.blogger.com udp
FR 142.250.179.73:445 www.blogger.com tcp
US 8.8.8.8:53 18.24.18.2.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 2.173.189.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ea98e583ad99df195d29aa066204ab56
SHA1 f89398664af0179641aa0138b337097b617cb2db
SHA256 a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6
SHA512 e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f

\??\pipe\LOCAL\crashpad_3316_NKHLZZICFKEFFBYW

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4f7152bc5a1a715ef481e37d1c791959
SHA1 c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7
SHA256 704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc
SHA512 2e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8c6f812db09945d5720f75f430866458
SHA1 f680b3d3682157066f5a476d0275e6846ec36a30
SHA256 aff95d58f26ceb11a9a78b06dce15b294987e197671469cdae2d356997517c81
SHA512 c7717af26354f706afb5282180b08f8a68a67e89fd772105a808ed4a4f788275d33dc6b63908e5c10e0a30f5523b8f8ff7525985879df3ebf705356d47f54193

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

MD5 5290675221fb33c424df93fe19249379
SHA1 f8b89b7a25c6bcde767272243acfebbee331e545
SHA256 587b3b00f7a583ddc1559e8e4f94b9aaaf835761ff73ac8ea51329d66540c1b1
SHA512 12053a4b421d825b078742e1c8a48fee99a5e587588cc3189e3ecec8400c928485769a724dd554f712a46bfe22037ab71fda8f4ae875b4f8f4c6b4963a8083f7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 19c1b816820c1135aacced08a82ab409
SHA1 63639992bcb23f323e0d33908e3e5a36c135bfb6
SHA256 9a6267b656dd4c675d12824b4b71b36a5e1db62f10f7c486957f3db2fba27813
SHA512 25d7c4e98932b048b8ff303d27c927f6444f92295ff07f194081e79900bab6c8b161f248c7812fcfd8e400b5fca477308535ed9637df40f4d9c17580a4c6b164

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 243c6c4299a7659e930c44b0f9e3365e
SHA1 75753c3f91c319e9eb89569f86eabace9eee6041
SHA256 6251c0014251cb221503932faf3c01892f503cc9cf39d3632711bc3bf6e56f75
SHA512 6234ba08f1c7c421294e167a2297a71210cfce795d179a03f8f4bc6928ec64558ac5fea9f735132cb41545e234a71712b640718ee520dc08359ef5ca89b5f4e5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 375eb151467ae9cc1c7c0365ebea3cbd
SHA1 7b4ee000045cef5de717c12531d9a9361ac24cc1
SHA256 d6c21440b337dcc4061f2d4af0235a77f665fa5286805d93cdd777c9539b2464
SHA512 8fa3bbb353c53ff87b7e4d7924cde7f50ba47e421e1f66aebb93b12b9652b805d42c7c0a7d2bac13aa2cdbf8e763d84506ed44fd4263ac32d9159ae11c0b6edb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 937d24b91f163bf0c7b48339d70e0f70
SHA1 aa42b4be70aa1175fbe46d40ab35ee5755f5fb67
SHA256 224a7dbd149bd2b26b5ef3c0fdec6b0b14a45d689e1e5d8c20c416813859cc19
SHA512 efeb967ba45a0c6e90df919764acc73214a3f9d4f1597702407fdc93b6d0aabd7a5f8d21901abd57a8ebf616f1d670b0e30f789932a6c6a635bcb5fde0c99ae1