Malware Analysis Report

2025-08-10 21:29

Sample ID 240527-w56smaee45
Target 7a18df5aef160c71704b69051e66aad2_JaffaCakes118
SHA256 9940a141454c31ec5515ae24ea24b9bf9fbb63b56098e4002ccf0f7c6cedcf46
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

9940a141454c31ec5515ae24ea24b9bf9fbb63b56098e4002ccf0f7c6cedcf46

Threat Level: No (potentially) malicious behavior was detected

The file 7a18df5aef160c71704b69051e66aad2_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-27 18:31

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-27 18:31

Reported

2024-05-27 18:33

Platform

win7-20240220-en

Max time kernel

144s

Max time network

147s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7a18df5aef160c71704b69051e66aad2_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{50B08971-1C57-11EF-8F92-565622222C98} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 906cde3864b0da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e3fd71f5bad490439e1f70ee18eb992900000000020000000000106600000001000020000000f7d727f7a4dfc1fdb0e7f464edb45e8ee39013adf1fd367bec69db4e79f3ed5e000000000e80000000020000200000008ccb6244e6527e9b51663c42f3fa6f00d840498d638b25105f027f1db6bb515720000000d78dbaba6d594dee4142c16a1d5e2e1787da9970b2cddb3db0721a8af3fdd7ec400000004759fa391cc0d30c246f50c4cc2aed056b278bc3359f21e5aaec428cb0ddbed91e907779e1e863e306928c04de7d33178b0a167242c1da19c18aecff49b7cf77 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e3fd71f5bad490439e1f70ee18eb9929000000000200000000001066000000010000200000002c14f2919c873271ebc13e5e3f0d854a15a218190c914cfe1cd50c5880b95fbc000000000e8000000002000020000000d2870daa2fadf71b43211707b75832f789f4e7adfb247ee188b9be4f7ee2e46d9000000002f619a8e720f79b82d40305e84830d71299cc7f1d2628e5eaf3b62c3487f763d89ed4ef03b1090af612bafa01c319218aadaf71eeb354e817d2666db1d4397a3958a170aea1594909dc039d446449e792729707e410b73a1cc5b9221faa8ae565b566a4f98fcda00e441dfbfdd1e383eee6c2ecc2480346e91ca7f07a5b20452341215545fee1a0f14fe591a6ac8d8d40000000226cd4fd7bde5ec30a0e5c0f40684504b09ee4aa16a4405274ff9809803693b0f5dbbb07288f673a7d51e6a45a220b1df2d946032dc8f7709d172c735da94944 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422996549" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7a18df5aef160c71704b69051e66aad2_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2872 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.blogger.com udp
FR 142.250.179.73:443 www.blogger.com tcp
FR 142.250.179.73:443 www.blogger.com tcp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 weddingringcentre.net udp
US 8.8.8.8:53 kevinkok.com udp
US 8.8.8.8:53 wedding-splendor.com udp
US 8.8.8.8:53 www.mazaldiamond.com udp
US 8.8.8.8:53 weddingringspix.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 weddingsetsrings.files.wordpress.com udp
FR 142.250.178.142:443 apis.google.com tcp
FR 142.250.178.142:443 apis.google.com tcp
FR 142.250.179.73:443 resources.blogblog.com tcp
US 192.0.72.30:80 weddingsetsrings.files.wordpress.com tcp
FR 142.250.179.73:443 resources.blogblog.com tcp
US 192.0.72.30:80 weddingsetsrings.files.wordpress.com tcp
US 172.67.182.57:80 wedding-splendor.com tcp
US 172.67.182.57:80 wedding-splendor.com tcp
US 13.248.169.48:80 kevinkok.com tcp
US 13.248.169.48:80 kevinkok.com tcp
FR 172.217.20.193:80 4.bp.blogspot.com tcp
FR 172.217.20.193:80 4.bp.blogspot.com tcp
US 172.67.133.132:80 www.mazaldiamond.com tcp
US 172.67.133.132:80 www.mazaldiamond.com tcp
US 192.0.72.30:443 weddingsetsrings.files.wordpress.com tcp
US 8.8.8.8:53 www.mike-kestemont.org udp
US 216.37.42.186:80 weddingringspix.com tcp
US 216.37.42.186:80 weddingringspix.com tcp
US 172.67.136.86:443 www.mike-kestemont.org tcp
US 172.67.136.86:443 www.mike-kestemont.org tcp
US 8.8.8.8:53 apps.identrust.com udp
US 8.8.8.8:53 apps.identrust.com udp
BE 23.14.90.73:80 apps.identrust.com tcp
NL 23.63.101.153:80 apps.identrust.com tcp
FR 142.250.179.73:443 resources.blogblog.com tcp
US 8.8.8.8:53 mizonpost.co.cc udp
US 8.8.8.8:53 resources.infolinks.com udp
US 172.66.42.247:80 resources.infolinks.com tcp
US 172.66.42.247:80 resources.infolinks.com tcp
KR 175.126.123.219:80 mizonpost.co.cc tcp
KR 175.126.123.219:80 mizonpost.co.cc tcp
US 8.8.8.8:53 x2.c.lencr.org udp
US 8.8.8.8:53 x2.c.lencr.org udp
BE 23.55.97.11:80 x2.c.lencr.org tcp
BE 23.55.97.11:80 x2.c.lencr.org tcp
US 8.8.8.8:53 weddingsetsrings.wordpress.com udp
US 192.0.78.12:443 weddingsetsrings.wordpress.com tcp
US 192.0.78.12:443 weddingsetsrings.wordpress.com tcp
KR 175.126.123.219:80 mizonpost.co.cc tcp
KR 175.126.123.219:443 mizonpost.co.cc tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab170B.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a178069e9a0be6d31f116ab6f5142535
SHA1 ac631c40a5d44ef02eededd9e4c7e5481af6940c
SHA256 0c0ab0ea294ccca626f8f3859523376f2b8227f21c9d01714d2065fb1048d4cc
SHA512 16a61776f0199789b6ef0b7316967fe1f02ccfc316a4061c9236942d815bf95162379d5ee8502656f8325cec605f5ce03c87e4187d641829fd12a6d61d33a0ad

C:\Users\Admin\AppData\Local\Temp\Tar1895.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\Local\Temp\Cab1982.tmp

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\Local\Temp\Tar1994.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9c4b2da1e0610e4033dbcfcf7582873b
SHA1 c085d0853fe2ad8454dfc4f00fbda04b53487c9c
SHA256 081478f0df270715c8301f7f525c6bb6d1da3d3b1f5a8917b280d5a319489b8e
SHA512 4a60c8840670afa04a33b400598012dc81a6fa178100b7aea60c87e35a57140aebd57d986f9cf310db6f9e3b039603dd5768578e9d92a6cba64d329a9adada74

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 814b63363d369241fd688ff4d39f8a7d
SHA1 13686246c7e4b56ead04aff421c6e217fb159968
SHA256 7af862ee6b176b2a8e1173b13aed864c4d7f7727c547ab48281399b61ce1a93d
SHA512 5df1f1285ef2242ba0ef45b183699dbfefcc768ee7c317ad92d5e83fa8e00967a8109be685888ed22b7ee8725a6c5983c131d7bf681c90246457020b94e3edb6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ee6e0266563f1b90d3be3856b82a1da0
SHA1 fd626b0a450d7cdb7f63e6a41e27a4670758d314
SHA256 e9bcddd2fe7744a68251d6aa13ec423d1ee9da9c48f6fbc184716d5a4999dcf3
SHA512 c4031beea4147e27c370779787bc522d11be0f52011caf163d413019fe0a43d521bf47ae19e4d5f88173e250c18854015ea2df9c6e07c5661fd3223f7acbf370

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3e0eebf000e00c6ee211cd2993f2bae0
SHA1 b8b17d51b311b4d2a385d6c4bdcc69459f90c9e2
SHA256 95f9cb7de235da0f2189281ea2fb996f854d4487bf5736eb5ec18c842fba81b7
SHA512 00067cd8cad8e8b1c4fdd2cf8ddb692da81863620cbaedb2c4516da118327987686427bb3561cac2d5f10ff0ff01866f8a7c9dafb02b07fc5ad96939299bdc71

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f7c30892fe2aeaba898d7b1835b1568f
SHA1 8da47b875a12d5178be0b73dfa5e21ed1bc4663c
SHA256 73b986066c0c764dee869b35c703b3c7cff191e16fd9e1300adb578030ef623b
SHA512 e22a30928008ebf9c7b8611f7b44d4eafe48a0aa974bccca94f200dc942f2101cf9f4acc5cdaac66d1d64c9928cf299c2643da926340bdd3b5fb99750a0a1154

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3a6be21c74432e2d35905a0631ce47b0
SHA1 9b9b845a5f363be87cc4c5344ceba16df693e751
SHA256 a35f9d5a0f3682bb2c68c98cec77f0b6a5a3ce2a00a7f3cd317145f850ad5422
SHA512 82d84d272225c94fb582307222aac060997ea333e5072a430f039db289a80857d528214ec8b8f346691940ad9a48d715f177beead347ee2fa03393f054f3a6e0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 57b506951d21c7b6223ededb9ddd92c5
SHA1 3d50aad2b6d0a7c456885d86e336601566d6dd86
SHA256 89e935123b4353db472405b1208595eea776af3d034c007167851ad956ff8b6f
SHA512 285c9f60641fa410ed2fb633113c662602b3701289d550c7cd447758d5572db80aab7710feacffcecbc6bdcfe59d71fff21a32157fc351b1cd05fe8d46e6b13e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7c8042108c00ad450a027d28856f62f6
SHA1 c7e9c7438ee64b8c8f85b4aa2d67cb373e82095e
SHA256 7b0caa92809f4a5dec9bc093e5130ef24fbf77c69d6b3340a6fb61ecd4c3c917
SHA512 5c25c05c759bc7424a39b51318a38c67b1382cadc0fd7f1807b7aef4209310a92fbc686c3b900fc8629d105b987b3bc8c59aaac12bdbc7a6aa7aa63ac3228a41

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0a512eae5ff3523ce4b98d7b6dfdb08c
SHA1 93587c6cfb0d41e1aa30d6f044e78887ca3ab237
SHA256 93052b9e8788af030071b082879d97d8075f9ae8877bceddbff3cc1d4a0c1a07
SHA512 e37fc9337891b0c0d9fea46777f5e57d864d90345ad158fee831af93d776365ec056018419006d1527f57539c5f34edada562aad3a761a33b04260f6463a7818

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7ae21f84acb637fcd813ac50a36fe9e3
SHA1 2b6b6d6101e5aa83357ef8bcf59e7216e9a2e326
SHA256 b53a6503932156a0bfb25b992384bcaf675f09bbdeeee7fa3f313674bb6ce04b
SHA512 f4a6e4c63f49626d848528a72846015fac218b3d69e75d21e8f39dbc898954b122285bd0dcca3066bd9e4602357583a31fc1d38ee89a472e10641216433f46aa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fb4bcbc0670bbac20ed49237281cd43f
SHA1 50abab0de516fb441f42a6e1b3b5d030e678061d
SHA256 51dc59479e97d660ef783d30dbe451d880df550937a66e9e4f745586e87083bb
SHA512 ac13092ffd1cff7f060503b1758446b3d0f7d70f6634a00e2adf452b3ad7f130afff92c7bec444b8979527fd66e979f6efb079da55d4d57306d008417c20b97b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1305093e3dc527689424ba808098db5b
SHA1 04d306e3b4d5c0cc42e23d37a9395217742ee4f4
SHA256 d9e353e3b54d288fede03378c938055cc6c65113a7b6e6de5873141294c35571
SHA512 ea1655be532636c89a25796770f7737834c64dfb36843c25577a9ef2c6544d2b08d3728749eed3fad14349bbdf267846e987d905ab33a377eba2bac353330313

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 0cadc51891f801670b65f2a6466e5a49
SHA1 a5d7f864c8405bb7ba051a28cb48c4dc8dad143f
SHA256 c00fc0da95e12a9a3abef191b25172f077b151cfa0afef1a85f734a9fdbb1bbb
SHA512 ca8205a15ce7034e7cf04d3915e649008bc5df5e9bbde535d7f3d831a7e461cde0b82659752fb0c5b4f53c0790b3b39e36cbdde7f0bc29bd599aecee33010b71

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 837d87de71b3175f0ac594d541bbcb83
SHA1 1fb42a8d71d0f7e11ab5b0604a19ce8248434072
SHA256 545e42d44c10add1fd98a63d73e772266836adaeb6014d01201f017f822d8f57
SHA512 2f8f145a93e103de3f69f025b73a6e48cd3c6f336fe0ae48faa8a90e14a1b8a51bf633e434f9e2664bc7433b47c14e2506ef5f79be9332ab6973dd4c746896e0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6db4bbc2d5276571f16b39796a34dc0d
SHA1 6071c341de87bac3a7a526aabe5927dff21532d8
SHA256 f9032f2a44e2e0a3102e7abe5190a3e12b410a482a43bdab5a79eb981e31da9a
SHA512 b732ae575c6f257d6a630d27f63bc25f36b8c3a5839d62b5f4714585ea6d11b3e3d3238a27db939774c01088cbcbc0e4f2c0477fae76195b3bf7dda5266358bf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 806adbe1502a8e1fe3cdcef374197568
SHA1 c1feeddf30d9e8b7938b2e9700933d020d009a0d
SHA256 557dc6c44b6e3cfc42bae1a6bd2a425ebec071caa9b0f297345438536ea627cd
SHA512 65e50f578b3035a5a061c8ce95c14ef5c60a39cb142427ada09f3fa005a1e273a052431b35d9659b2dae1ffd232ce98b6f3b593644e96d0f1a6a1f51bc780945

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 51985ae7bbbbd941aac116858f39a304
SHA1 99069b7480fec3f1ef385508997cd74732133016
SHA256 3257a27aad61ec7586864f053b577055efde647532beb44b4901f86cb43e67b7
SHA512 22d74efeb831fc63fddb81fe4deb115da4b9fb2c7f26fd4c1db032ba90f46965bcb2b33d28507d6f84d100331ceb94a7deef0162b0557bdd132473c44edcb1e3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 131102b605b3f0f5e964404d2a000714
SHA1 aee06c66f6b7400825ac9113cc414e97c97c7e81
SHA256 97a104bf567472d1de78e04a04d90ae0872a9ff3adc46d69ad8d4d78d9b4b7a4
SHA512 a6c9b2c41f7efcc79df600a80f6b97701fc0447a632885d3dac8b80aaf9c5d6cd041fa31fd8e9ecda8ad74fdfebe2b65b29a639fa6bf988c8582f0ccc184e0d3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bcf88df2be621d8149272ca6cb1bb1bd
SHA1 dbaf3d80161bf190305fd678682e25cd9de38222
SHA256 3f01569917cf8ecf9f56a0a76b6ebd535384cfff9c189b6eda58daede0acbca6
SHA512 af7fb8934ade66551e28b51f047c48c841ef4736a799076fe8cbd42ee447355127567b97c467829894c34b53eea60a16fd60a60db21e1a6f91039fbd14e6d567

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a322d77291a2e35877945dbf039e2c95
SHA1 b430702e825e64520d19ff1e782b4f1a020bc9e5
SHA256 6370f9878d9cbb73b9f2903125d4a267e7d25a0e9e0e112d97b5e6e399bee3d9
SHA512 7ce08989627da73c8a48ed66eebd4421b7585c5b8e14aabd8b569988fcde9200ef4f3f340d4937d5de61d5c86ffb5f16bdc2218987833a3353f8b6bc47682a2f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6a68d3aec945152c555ea6840b470a9f
SHA1 5b04da36a2d417da46b6d7fd33868744d340a176
SHA256 59b4a292f5b2b061ac47ace164540c74b1866d0ab78d63a6650771b9f86a6c86
SHA512 ac0650b665d2ab28744af9066f9c77f1180cb12916dd11f7f5a3d14f85f3801868feb938c0879dd23923aa3af8bf1f1d0aef63444fef7e7deef666dc06b377d1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0b459348590a91e5a7e0e10b3716e0c8
SHA1 6d575c0e26b667d736d4395116e340ead503b1ee
SHA256 57c86337f2a519f70869f141642cd4aabfdb308ffb9b991d9d6cd982cc1e60cc
SHA512 34175044fac6974fbafb6c8371141c9aca461bab8e2e3df2e066edc26819d7835234883a176165450c022e5647dc1cd8fa5789a32ca2826f3ed0a2ed88e41a77

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4ab953f395a33488c39682d0f9dc284b
SHA1 cf7c6c4ad391105579e6f99be8e941a0d08fddcd
SHA256 3a365b826ff26c30fb14c4aed776a5a09e435447aeb04d97b3913bdde60828eb
SHA512 775640a9f32592b06263bdd09233bf688b1ac535554cce3dbf369e9f2b868ba345115b49a87f49a99f0c52afbe74f1d3371fa8e64c7e873eb48f0eededf3ee69

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7dc959be449b1a9dbd276704cb8c0088
SHA1 6bbd681db4f902b3569310343a8f5b4e4ab36c15
SHA256 16f6f2e4ba5be5b9151e2beae8fb18fd019ba2913b5a1245934c468366c38623
SHA512 dec1bdabb4491893deb0cb48dcac612bdc60843e3a7d3caf32561297943c72ea9de07bf7daa8c8b10029a6e86a14579ee49f4344e8be24b75c06ca96067d9cda

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f7b8c7766ebb0596fba602f5891ad185
SHA1 e021d9d16dace13370feb93ac5caa9dfe7df15f5
SHA256 a0c61b97644c89e6582253db071c8af91b98a6895ea3fc29577dc5b257d15ed3
SHA512 8c06810c8fa03898408092222164b7f12f13f9f285a39517f5cb88bf316b60e27124c2e322acc75db9dfc1caa2c3eb19eef30c523bc24d2a9678a52569c2661f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 44b32f03b7b40f17afd0c016301746b8
SHA1 525f3ad93652c4573c31d3d9a3af788b26f77027
SHA256 a0e5daddbf2bd44c2864184cc207e74556a36148e8d42c46b0199a57b10dccc4
SHA512 15777765d52030b0397dc787351ff68139ae6892f8963609eedd5bceb719d8be7b50bea59801f601cbf6e208db0d476cfee08da90ffb18c8bf3200cbd96e12b8

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-27 18:31

Reported

2024-05-27 18:33

Platform

win10v2004-20240508-en

Max time kernel

149s

Max time network

151s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\7a18df5aef160c71704b69051e66aad2_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1976 wrote to memory of 3380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 3380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 4600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 4600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 4600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 4600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 4600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 4600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 4600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 4600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 4600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 4600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 4600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 4600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 4600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 4600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 4600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 4600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 4600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 4600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 4600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 4600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 4600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 4600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 4600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 4600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 4600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 4600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 4600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 4600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 4600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 4600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 4600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 4600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 4600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 4600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 4600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 4600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 4600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 4600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 4600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 4600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 4088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 4088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 4088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 4088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 4088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 4088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 4088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 4088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 4088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 4088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 4088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 4088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 4088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 4088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 4088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 4088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 4088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 4088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 4088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1976 wrote to memory of 4088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\7a18df5aef160c71704b69051e66aad2_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa5bce46f8,0x7ffa5bce4708,0x7ffa5bce4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,7085685601641719592,16403380852987669380,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,7085685601641719592,16403380852987669380,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2600 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,7085685601641719592,16403380852987669380,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,7085685601641719592,16403380852987669380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,7085685601641719592,16403380852987669380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,7085685601641719592,16403380852987669380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,7085685601641719592,16403380852987669380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,7085685601641719592,16403380852987669380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4836 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,7085685601641719592,16403380852987669380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6628 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,7085685601641719592,16403380852987669380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,7085685601641719592,16403380852987669380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2096 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,7085685601641719592,16403380852987669380,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1320 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,7085685601641719592,16403380852987669380,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6724 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,7085685601641719592,16403380852987669380,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6724 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,7085685601641719592,16403380852987669380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6692 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,7085685601641719592,16403380852987669380,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6952 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,7085685601641719592,16403380852987669380,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6476 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 weddingringspix.com udp
US 8.8.8.8:53 weddingringcentre.net udp
US 8.8.8.8:53 wedding-splendor.com udp
US 8.8.8.8:53 www.mazaldiamond.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 resources.infolinks.com udp
US 8.8.8.8:53 kevinkok.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 104.21.13.243:80 www.mazaldiamond.com tcp
US 104.21.75.212:80 wedding-splendor.com tcp
US 172.66.42.247:80 resources.infolinks.com tcp
US 13.248.169.48:80 kevinkok.com tcp
FR 142.250.178.142:443 apis.google.com tcp
FR 142.250.179.73:443 resources.blogblog.com tcp
US 8.8.8.8:53 weddingsetsrings.files.wordpress.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
FR 142.250.179.73:443 resources.blogblog.com tcp
FR 142.250.179.73:443 resources.blogblog.com tcp
FR 142.250.179.73:443 resources.blogblog.com tcp
US 192.0.72.31:80 weddingsetsrings.files.wordpress.com tcp
FR 172.217.20.193:80 4.bp.blogspot.com tcp
US 192.0.72.31:443 weddingsetsrings.files.wordpress.com tcp
US 8.8.8.8:53 www.mike-kestemont.org udp
US 104.21.80.250:443 www.mike-kestemont.org tcp
US 216.37.42.186:80 weddingringspix.com tcp
US 216.37.42.186:80 weddingringspix.com tcp
FR 142.250.179.73:443 resources.blogblog.com udp
US 216.37.42.186:80 weddingringspix.com tcp
FR 142.250.178.142:443 apis.google.com udp
FR 142.250.179.73:443 resources.blogblog.com udp
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 243.13.21.104.in-addr.arpa udp
US 8.8.8.8:53 themes.googleusercontent.com udp
US 8.8.8.8:53 212.75.21.104.in-addr.arpa udp
US 8.8.8.8:53 247.42.66.172.in-addr.arpa udp
US 8.8.8.8:53 142.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 73.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 31.72.0.192.in-addr.arpa udp
US 8.8.8.8:53 193.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 250.80.21.104.in-addr.arpa udp
US 8.8.8.8:53 48.169.248.13.in-addr.arpa udp
US 8.8.8.8:53 apps.identrust.com udp
US 8.8.8.8:53 mizonpost.co.cc udp
KR 175.126.123.219:80 mizonpost.co.cc tcp
FR 142.250.178.129:445 themes.googleusercontent.com tcp
NL 23.63.101.153:80 apps.identrust.com tcp
KR 175.126.123.219:80 mizonpost.co.cc tcp
US 8.8.8.8:53 router.infolinks.com udp
US 8.8.8.8:53 weddingsetsrings.wordpress.com udp
US 192.0.78.13:443 weddingsetsrings.wordpress.com tcp
US 172.66.41.9:443 router.infolinks.com tcp
US 8.8.8.8:53 accounts.google.com udp
BE 74.125.206.84:443 accounts.google.com tcp
US 8.8.8.8:53 186.42.37.216.in-addr.arpa udp
US 8.8.8.8:53 153.101.63.23.in-addr.arpa udp
US 8.8.8.8:53 13.78.0.192.in-addr.arpa udp
US 8.8.8.8:53 9.41.66.172.in-addr.arpa udp
US 8.8.8.8:53 219.123.126.175.in-addr.arpa udp
US 8.8.8.8:53 84.206.125.74.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 8.8.8.8:53 www.google.com udp
FR 216.58.215.36:443 www.google.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 themes.googleusercontent.com udp
FR 142.250.178.129:139 themes.googleusercontent.com tcp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 8.8.8.8:53 36.215.58.216.in-addr.arpa udp
NL 23.62.61.155:443 www.bing.com tcp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 155.61.62.23.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
KR 175.126.123.219:443 mizonpost.co.cc tcp
KR 175.126.123.219:443 mizonpost.co.cc tcp
US 8.8.8.8:53 cc.cc udp
US 34.222.63.225:443 cc.cc tcp
US 8.8.8.8:53 225.63.222.34.in-addr.arpa udp
US 34.222.63.225:443 cc.cc tcp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 use.fontawesome.com udp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
FR 142.250.179.74:443 ajax.googleapis.com tcp
US 104.21.27.152:443 use.fontawesome.com tcp
US 8.8.8.8:53 pcp-img3.cc.cc udp
US 3.162.140.105:443 pcp-img3.cc.cc tcp
US 8.8.8.8:53 229.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 152.27.21.104.in-addr.arpa udp
US 8.8.8.8:53 74.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 42.215.58.216.in-addr.arpa udp
US 8.8.8.8:53 226.20.18.104.in-addr.arpa udp
US 8.8.8.8:53 67.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 105.140.162.3.in-addr.arpa udp
US 8.8.8.8:53 79.140.162.3.in-addr.arpa udp
US 8.8.8.8:53 pcp-img1.cc.cc udp
US 8.8.8.8:53 pcp-img2.cc.cc udp
US 3.162.140.53:443 pcp-img1.cc.cc tcp
US 3.162.140.53:443 pcp-img1.cc.cc tcp
US 3.162.140.53:443 pcp-img1.cc.cc tcp
US 3.162.140.53:443 pcp-img1.cc.cc tcp
US 3.162.140.53:443 pcp-img1.cc.cc tcp
IE 18.66.171.48:443 pcp-img2.cc.cc tcp
IE 18.66.171.48:443 pcp-img2.cc.cc tcp
IE 18.66.171.48:443 pcp-img2.cc.cc tcp
IE 18.66.171.48:443 pcp-img2.cc.cc tcp
IE 18.66.171.48:443 pcp-img2.cc.cc tcp
US 104.21.27.152:443 use.fontawesome.com tcp
US 8.8.8.8:53 53.140.162.3.in-addr.arpa udp
US 8.8.8.8:53 48.171.66.18.in-addr.arpa udp
FR 216.58.214.162:445 pagead2.googlesyndication.com tcp
FR 216.58.213.66:139 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 140.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 www.blogblog.com udp
FR 142.250.179.73:445 www.blogblog.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 www.blogger.com udp
FR 142.250.179.73:445 www.blogger.com tcp
US 8.8.8.8:53 diamondsheartnecklaces.blogspot.com udp
FR 142.250.178.129:80 diamondsheartnecklaces.blogspot.com tcp
US 8.8.8.8:53 129.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 17.173.189.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4158365912175436289496136e7912c2
SHA1 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59
SHA256 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1
SHA512 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

\??\pipe\LOCAL\crashpad_1976_APDDFPMYNICBAONM

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f26203309b55e31fb154503d19ff4d3f
SHA1 a460d727c16b073f7c4fa3e38346f518faa4cc07
SHA256 ef5f56fa9d195620c04660babdacc8ca1f38321926ff051369034911cfe381df
SHA512 91671bcd3920b52510e6fd36737c11c86e7dc90c396caa99db3357d7e2487f349f4d1b217742d3f97002686c6c57214081e9685184e2e3a66180649ffa0b0551

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 466dc4a83aff73300093e3ad4273c0b5
SHA1 dba08050075eec029da611aaf3db46d425109080
SHA256 f12d41420d77a028be653ba764f2acfa5f554adbe74425bd7997159c4d0f8461
SHA512 e1ffe1f8a2d4b7836259d9beed4a07e2c5cddf1a1facf80795712a99fa78d7adab173d24c9bc67f2e94489491f21628d5432fe443ec0f920d42e26e1aabddbcb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 27140c7267124ffee9cd20f7206073af
SHA1 afe4f532a111f93c1f16a3f0b68877ec042ad345
SHA256 b84402d6a51f2a367d0b7d4d4c4bbb47de04f37da4103703035d1d12b48bdb89
SHA512 1083b62b1e6a6e2c0a6e12a2808e4b211781002524bbc03c546701a6007d48cd4967d78c184db5b6c2b0a1e6f3f32b55933ef4f2e3d28ef75bdbfbb900f7b165

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 f45152797fb50d45b7bca4a44881b559
SHA1 c140f44c4bf35b94e3e9263bac4ed0a5e9699375
SHA256 5e2567c1a974ead8a416a5d588d779776cb500d8f06d51725b8138c400c6361b
SHA512 2150d8e1e74a8503e6db1ab1b28cd68d55536658061a9ba6e3f2536001d9ed07e5973060851053c1dbf9d16b28e55474e01fab499b1493a63c859b17c4aa467e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 87fb80e2a24d26f7b419bb7e50c7eed2
SHA1 40f1b423aeb69993f2308634a7e8c5ea46e898ac
SHA256 81a7b6cce777146fc12210a114ef003e3d58c29f7765ef5f00e4e5d19e045849
SHA512 7a446f8c6a66ccc10858e70007c36d596e059b6e9d506e46a9a0cc58af68e898bf1b9465b42df90948d2ec6c68152169770d57cf9a6cd2812af44fad63cdadb4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a4c9aaabd571f57cb3f3c8f6b23b4db0
SHA1 9606bcded65474cdaf2ee64f51b86078e6674451
SHA256 fd825471eb41123b5d03dd7862b6bd2e1f143a7b5d668702c781f56bc0b40300
SHA512 cfc4a58fd1d69d568045927d2cf467b18dcdea343b05374b2b6cea778574a592924fbcfb06d7155323aaac41e787c790369437bf6d9dc46d8d8971f6f8e5f66d