Malware Analysis Report

2025-06-16 07:07

Sample ID 240602-bdz6jsdh72
Target 8c6635c9f0d5f3c7b7b01864ad0b3524_JaffaCakes118
SHA256 00e8bdae831e0075c9dca60083543b35206d43b3c954649c70d2edf7fabd23b6
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

00e8bdae831e0075c9dca60083543b35206d43b3c954649c70d2edf7fabd23b6

Threat Level: No (potentially) malicious behavior was detected

The file 8c6635c9f0d5f3c7b7b01864ad0b3524_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Enumerates system info in registry

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-02 01:02

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-02 01:02

Reported

2024-06-02 01:05

Platform

win7-20240221-en

Max time kernel

150s

Max time network

154s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8c6635c9f0d5f3c7b7b01864ad0b3524_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C8ABA8B1-207B-11EF-8C47-FA8378BF1C4A} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423452045" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8c6635c9f0d5f3c7b7b01864ad0b3524_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1300 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 selectairconditioning.com udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 8.8.8.8:53 webcreations907.com udp
US 104.17.25.14:80 cdnjs.cloudflare.com tcp
US 104.17.25.14:80 cdnjs.cloudflare.com tcp
GB 142.250.187.202:80 fonts.googleapis.com tcp
GB 142.250.187.202:80 fonts.googleapis.com tcp
US 50.63.125.1:80 selectairconditioning.com tcp
US 50.63.125.1:80 selectairconditioning.com tcp
US 50.63.125.1:80 selectairconditioning.com tcp
US 50.63.125.1:80 selectairconditioning.com tcp
US 50.63.125.1:80 selectairconditioning.com tcp
US 50.63.125.1:80 selectairconditioning.com tcp
US 23.91.66.187:80 webcreations907.com tcp
US 23.91.66.187:80 webcreations907.com tcp
US 23.91.66.187:80 webcreations907.com tcp
US 23.91.66.187:80 webcreations907.com tcp
US 23.91.66.187:80 webcreations907.com tcp
US 23.91.66.187:80 webcreations907.com tcp
US 50.63.125.1:80 selectairconditioning.com tcp
US 50.63.125.1:80 selectairconditioning.com tcp
US 50.63.125.1:80 selectairconditioning.com tcp
US 50.63.125.1:80 selectairconditioning.com tcp
US 50.63.125.1:80 selectairconditioning.com tcp
US 50.63.125.1:80 selectairconditioning.com tcp
US 50.63.125.1:80 selectairconditioning.com tcp
US 50.63.125.1:80 selectairconditioning.com tcp
US 50.63.125.1:80 selectairconditioning.com tcp
US 50.63.125.1:80 selectairconditioning.com tcp
US 50.63.125.1:80 selectairconditioning.com tcp
US 50.63.125.1:80 selectairconditioning.com tcp
US 50.63.125.1:80 selectairconditioning.com tcp
US 50.63.125.1:80 selectairconditioning.com tcp
US 50.63.125.1:80 selectairconditioning.com tcp
US 50.63.125.1:80 selectairconditioning.com tcp
US 50.63.125.1:80 selectairconditioning.com tcp
US 50.63.125.1:80 selectairconditioning.com tcp
US 50.63.125.1:80 selectairconditioning.com tcp
US 50.63.125.1:80 selectairconditioning.com tcp
US 50.63.125.1:80 selectairconditioning.com tcp
US 50.63.125.1:80 selectairconditioning.com tcp
US 50.63.125.1:80 selectairconditioning.com tcp
US 50.63.125.1:80 selectairconditioning.com tcp
US 50.63.125.1:80 selectairconditioning.com tcp
US 50.63.125.1:80 selectairconditioning.com tcp
US 50.63.125.1:80 selectairconditioning.com tcp
US 50.63.125.1:80 selectairconditioning.com tcp
US 50.63.125.1:80 selectairconditioning.com tcp
US 50.63.125.1:80 selectairconditioning.com tcp
US 50.63.125.1:80 selectairconditioning.com tcp
US 50.63.125.1:80 selectairconditioning.com tcp
US 50.63.125.1:80 selectairconditioning.com tcp
US 50.63.125.1:80 selectairconditioning.com tcp
US 50.63.125.1:80 selectairconditioning.com tcp
US 50.63.125.1:80 selectairconditioning.com tcp
US 50.63.125.1:80 selectairconditioning.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 50.63.125.1:80 selectairconditioning.com tcp
US 50.63.125.1:80 selectairconditioning.com tcp
US 50.63.125.1:80 selectairconditioning.com tcp
US 50.63.125.1:80 selectairconditioning.com tcp
US 50.63.125.1:80 selectairconditioning.com tcp
US 50.63.125.1:80 selectairconditioning.com tcp
US 50.63.125.1:80 selectairconditioning.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 50.63.125.1:80 selectairconditioning.com tcp
US 50.63.125.1:80 selectairconditioning.com tcp
US 50.63.125.1:80 selectairconditioning.com tcp
US 50.63.125.1:80 selectairconditioning.com tcp
US 50.63.125.1:80 selectairconditioning.com tcp
US 50.63.125.1:80 selectairconditioning.com tcp
US 50.63.125.1:80 selectairconditioning.com tcp
US 50.63.125.1:80 selectairconditioning.com tcp
US 50.63.125.1:80 selectairconditioning.com tcp
US 50.63.125.1:80 selectairconditioning.com tcp
US 50.63.125.1:80 selectairconditioning.com tcp
US 50.63.125.1:80 selectairconditioning.com tcp
US 50.63.125.1:80 selectairconditioning.com tcp
US 50.63.125.1:80 selectairconditioning.com tcp
US 50.63.125.1:80 selectairconditioning.com tcp
US 50.63.125.1:80 selectairconditioning.com tcp
US 50.63.125.1:80 selectairconditioning.com tcp
US 50.63.125.1:80 selectairconditioning.com tcp
US 50.63.125.1:80 selectairconditioning.com tcp
US 50.63.125.1:80 selectairconditioning.com tcp
US 50.63.125.1:80 selectairconditioning.com tcp
US 50.63.125.1:80 selectairconditioning.com tcp
US 50.63.125.1:80 selectairconditioning.com tcp
US 50.63.125.1:80 selectairconditioning.com tcp
US 50.63.125.1:80 tcp
US 50.63.125.1:80 tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\TarE92E.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 34ff4c8beb72e787d2c7596aaa1cae57
SHA1 669a3deeb56f15d4f93d8968508781b4f56ba987
SHA256 9e22916bd11af61c7fcb65c70f381439860be504fab539e023051409b5e81f2a
SHA512 fd23549fe54698b602a494a5412ad8603270520015b27bf45d30d490ce1e7c37d410d9e561b3a9630e8c3ca469b114d2506ffeaa43b1cfeb4f7b7367d7dbc02c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c6156a81bff6bcab07c50844edbf5f77
SHA1 19f0e47447fc1a80d6a3b7a6be50c6312463b69c
SHA256 bcfa320a799d2d77675de8fa438490af82fd82d358da2efc7b0119059c364679
SHA512 f71d59a582ca980446d1907168b9946c404b4b0f3ac91778478be501934d54812f380b99358df65c1b4fcf8241d4db025abdf5f7262d0eb27bcf4d7de9b0430f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 752253aedef1d09e74e1d7e8d126c6fd
SHA1 e8d747f86b5e0f353a3e202e6f2f88d2449715b5
SHA256 cf19e480911e3e12587f804391786d85eb2fb53e6cc0fca8b8d752621cea2541
SHA512 3d1451a101d66a716980e36f20775daf49715bfddc5af03edab0551f9a36389ff351b2b54e604f4fabb711579d86488e06ed6d3d78d00e353f0ef16c9c5198cf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7354a20c94835d2c52162e4f815ba227
SHA1 e10af28f83cfd5556f1b1480240ed061567bc2b3
SHA256 a5bc706831f2d50351906b91dea3d866d75989d7013d291a43c5596e8c6250c8
SHA512 db643138b0cd9280a445a0108923cc44ae9aaffc9e3fd4634bf315dd83bca1dc739eaaeaf15b25d5c89a211ebccb3e1223e8c55f74fb24604f18ef0eb746f5cf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ac6c6336568c78c1ba5bc2b136a308ae
SHA1 8739fc92b7cd699cc2872ff927f6bbf33b2bd3f1
SHA256 5711297cced849102abe2f930f485c2df6fb80480e4699089f71bc79628ba22d
SHA512 b722d5e82a7f22126ecc59d5f1d71f1b76a81b57e907fd7978d5da1a86b5bfdbb158fa02c5ef3cb2f5e4404e23a41685ffab9f62efd7ff619d740db4d7e02339

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b638944c5a5a29affa69d24939cd83bd
SHA1 0a5da434d3c00b2d19860fb4ad432bee144dbe65
SHA256 71a860907fda1ad8e72a0cb3cc55f092127afd6eb1fd1261fbb6f5545a4e2ed9
SHA512 3821fbd37135b9d45e1ec8b717fc5fea400a5db69823b3d759e680dd0950f33421b4232457842b2cb912ac453e0f31adf171e4720468f890bed375574b2d6b11

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a8c8a687eb81bbc2ab7b050b4bd49582
SHA1 2ef784b1f41bd292a3f923586eaffd1a31f3513e
SHA256 dedae318fe157d513012688b440be013a0dae58633d8774c0b0eef12ced8f824
SHA512 92e80f34df52e35a3efcb57bfe6c11394bc6753dce41150d3d2e1eac5e17ec23b0accff7cb9d2cd8c14bc1d7a0030f92eb0c13f302b5a769a5e34dce84dd9e1e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d293b6207598b455d882c25b754316f3
SHA1 db08985936576a7575b09c11f8245c08fb96a64f
SHA256 0faeeb25aafb352a919684944a9195e1b013f7ca1b0efc551ae053395e80c088
SHA512 1218f6c4f80d4017defdd8e24aa8f310174a49227d4a110184708a9c379e520c89968b5afe7e192945f4d89a3f023f5a8398a6c0a7eebeca61a761280f31f0fc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 93fac7d4c0f8fd03191cf3bc3fd6c518
SHA1 d71cae61bedc5ebb22fc2ea413a3f0ec4ba6285b
SHA256 dc87712e55e3b4eff3a1fcd5985355d29d61d3b1276eb3436d0a20d9e2d8cb90
SHA512 206d065997a3a874a8118687ef42c4ad06b859e8a2ba7d73b98507a1e051221ab953a9be941297419eca076c8b73be460216b4f60c92a96d7e55ff293395b3c7

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-02 01:02

Reported

2024-06-02 01:04

Platform

win10v2004-20240426-en

Max time kernel

145s

Max time network

144s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8c6635c9f0d5f3c7b7b01864ad0b3524_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4244 wrote to memory of 3252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4244 wrote to memory of 3252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4244 wrote to memory of 2820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4244 wrote to memory of 2820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4244 wrote to memory of 2820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4244 wrote to memory of 2820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4244 wrote to memory of 2820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4244 wrote to memory of 2820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4244 wrote to memory of 2820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4244 wrote to memory of 2820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4244 wrote to memory of 2820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4244 wrote to memory of 2820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4244 wrote to memory of 2820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4244 wrote to memory of 2820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4244 wrote to memory of 2820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4244 wrote to memory of 2820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4244 wrote to memory of 2820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4244 wrote to memory of 2820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4244 wrote to memory of 2820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4244 wrote to memory of 2820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4244 wrote to memory of 2820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4244 wrote to memory of 2820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4244 wrote to memory of 2820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4244 wrote to memory of 2820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4244 wrote to memory of 2820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4244 wrote to memory of 2820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4244 wrote to memory of 2820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4244 wrote to memory of 2820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4244 wrote to memory of 2820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4244 wrote to memory of 2820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4244 wrote to memory of 2820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4244 wrote to memory of 2820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4244 wrote to memory of 2820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4244 wrote to memory of 2820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4244 wrote to memory of 2820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4244 wrote to memory of 2820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4244 wrote to memory of 2820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4244 wrote to memory of 2820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4244 wrote to memory of 2820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4244 wrote to memory of 2820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4244 wrote to memory of 2820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4244 wrote to memory of 2820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4244 wrote to memory of 716 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4244 wrote to memory of 716 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4244 wrote to memory of 3772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4244 wrote to memory of 3772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4244 wrote to memory of 3772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4244 wrote to memory of 3772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4244 wrote to memory of 3772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4244 wrote to memory of 3772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4244 wrote to memory of 3772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4244 wrote to memory of 3772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4244 wrote to memory of 3772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4244 wrote to memory of 3772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4244 wrote to memory of 3772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4244 wrote to memory of 3772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4244 wrote to memory of 3772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4244 wrote to memory of 3772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4244 wrote to memory of 3772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4244 wrote to memory of 3772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4244 wrote to memory of 3772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4244 wrote to memory of 3772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4244 wrote to memory of 3772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4244 wrote to memory of 3772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8c6635c9f0d5f3c7b7b01864ad0b3524_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdadfc46f8,0x7ffdadfc4708,0x7ffdadfc4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,2123535115962275325,12591182233538141075,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2044 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1996,2123535115962275325,12591182233538141075,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2420 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1996,2123535115962275325,12591182233538141075,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,2123535115962275325,12591182233538141075,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,2123535115962275325,12591182233538141075,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,2123535115962275325,12591182233538141075,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1268 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,2123535115962275325,12591182233538141075,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2640 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,2123535115962275325,12591182233538141075,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4192 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,2123535115962275325,12591182233538141075,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,2123535115962275325,12591182233538141075,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4772 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 selectairconditioning.com udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
GB 142.250.187.202:80 fonts.googleapis.com tcp
US 50.63.125.1:80 selectairconditioning.com tcp
US 50.63.125.1:80 selectairconditioning.com tcp
US 50.63.125.1:80 selectairconditioning.com tcp
US 50.63.125.1:80 selectairconditioning.com tcp
US 50.63.125.1:80 selectairconditioning.com tcp
US 50.63.125.1:80 selectairconditioning.com tcp
GB 216.58.201.99:80 fonts.gstatic.com tcp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 104.17.25.14:80 cdnjs.cloudflare.com tcp
US 104.17.25.14:80 cdnjs.cloudflare.com tcp
US 8.8.8.8:53 14.25.17.104.in-addr.arpa udp
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 50.63.125.1:80 selectairconditioning.com tcp
US 50.63.125.1:80 selectairconditioning.com tcp
US 50.63.125.1:80 selectairconditioning.com tcp
US 50.63.125.1:80 selectairconditioning.com tcp
US 50.63.125.1:80 selectairconditioning.com tcp
US 50.63.125.1:80 selectairconditioning.com tcp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 50.63.125.1:80 selectairconditioning.com tcp
US 50.63.125.1:80 selectairconditioning.com tcp
US 50.63.125.1:80 selectairconditioning.com tcp
US 50.63.125.1:80 selectairconditioning.com tcp
US 50.63.125.1:80 selectairconditioning.com tcp
US 50.63.125.1:80 selectairconditioning.com tcp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 50.63.125.1:80 selectairconditioning.com tcp
US 50.63.125.1:80 selectairconditioning.com tcp
US 50.63.125.1:80 selectairconditioning.com tcp
US 50.63.125.1:80 selectairconditioning.com tcp
US 50.63.125.1:80 selectairconditioning.com tcp
US 50.63.125.1:80 selectairconditioning.com tcp
US 8.8.8.8:53 webcreations907.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 player.vimeo.com udp
GB 142.250.179.238:80 www.youtube.com tcp
US 162.159.138.60:80 player.vimeo.com tcp
US 23.91.66.187:80 webcreations907.com tcp
US 23.91.66.187:80 webcreations907.com tcp
US 23.91.66.187:80 webcreations907.com tcp
US 23.91.66.187:80 webcreations907.com tcp
US 23.91.66.187:80 webcreations907.com tcp
GB 142.250.179.238:80 www.youtube.com tcp
US 162.159.138.60:443 player.vimeo.com tcp
US 8.8.8.8:53 apps.identrust.com udp
GB 142.250.179.238:80 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
NL 23.63.101.152:80 apps.identrust.com tcp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 187.66.91.23.in-addr.arpa udp
US 8.8.8.8:53 60.138.159.162.in-addr.arpa udp
GB 142.250.179.238:443 www.youtube.com udp
US 8.8.8.8:53 themes.webcreations907.com udp
US 23.91.66.187:80 themes.webcreations907.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.187.214:443 i.ytimg.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 214.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.178.2:443 googleads.g.doubleclick.net tcp
GB 142.250.178.2:443 googleads.g.doubleclick.net udp
GB 216.58.213.6:443 static.doubleclick.net tcp
US 8.8.8.8:53 6.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 152.101.63.23.in-addr.arpa udp
US 8.8.8.8:53 2.178.250.142.in-addr.arpa udp
GB 216.58.212.202:443 jnn-pa.googleapis.com tcp
GB 216.58.212.202:443 jnn-pa.googleapis.com tcp
GB 216.58.212.202:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 f.vimeocdn.com udp
US 8.8.8.8:53 i.vimeocdn.com udp
US 8.8.8.8:53 fresnel.vimeocdn.com udp
US 162.159.138.60:443 player.vimeo.com tcp
US 8.8.8.8:53 202.212.58.216.in-addr.arpa udp
US 34.120.202.204:443 fresnel.vimeocdn.com tcp
GB 146.75.74.109:443 f.vimeocdn.com tcp
GB 146.75.74.109:443 f.vimeocdn.com tcp
GB 146.75.74.109:443 f.vimeocdn.com tcp
US 151.101.0.217:443 i.vimeocdn.com tcp
GB 146.75.74.109:443 f.vimeocdn.com tcp
US 151.101.0.217:443 i.vimeocdn.com tcp
US 8.8.8.8:53 204.202.120.34.in-addr.arpa udp
US 8.8.8.8:53 109.74.75.146.in-addr.arpa udp
US 8.8.8.8:53 217.0.101.151.in-addr.arpa udp
US 8.8.8.8:53 226.21.18.104.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 50.63.125.1:80 selectairconditioning.com tcp
US 50.63.125.1:80 selectairconditioning.com tcp
US 50.63.125.1:80 selectairconditioning.com tcp
US 50.63.125.1:80 selectairconditioning.com tcp
US 50.63.125.1:80 selectairconditioning.com tcp
US 50.63.125.1:80 selectairconditioning.com tcp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
US 50.63.125.1:80 selectairconditioning.com tcp
US 50.63.125.1:80 selectairconditioning.com tcp
US 50.63.125.1:80 selectairconditioning.com tcp
US 50.63.125.1:80 selectairconditioning.com tcp
US 50.63.125.1:80 selectairconditioning.com tcp
US 50.63.125.1:80 selectairconditioning.com tcp
US 50.63.125.1:80 selectairconditioning.com tcp
US 50.63.125.1:80 selectairconditioning.com tcp
US 50.63.125.1:80 selectairconditioning.com tcp
US 50.63.125.1:80 selectairconditioning.com tcp
US 50.63.125.1:80 selectairconditioning.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4dc6fc5e708279a3310fe55d9c44743d
SHA1 a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2
SHA256 a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8
SHA512 5874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 c9c4c494f8fba32d95ba2125f00586a3
SHA1 8a600205528aef7953144f1cf6f7a5115e3611de
SHA256 a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b
SHA512 9d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0e3813de7db04ba0ce838902ef8b9bc8
SHA1 642bdc44f67090279665efce725187fda98bb51d
SHA256 dada149c1bcc53d1213b7bf5fd9f15aa100baed14c6277fe220f974856bdc7d3
SHA512 7a0670711a59f3e32977c83a945849d4097e0ad01859e89c92106b5204997eea61b6f8df3d2a6900d3b179849228331b3dc710b8dbb0466f62278cd4c88ef027

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 3ede992180cddd893445475ba094d727
SHA1 c2ebb998043bab87ef57b1407c777590d12156b2
SHA256 97176aa8d28b0f643b14a44992397e39fab6d3abed3003a0c530c3e72f296bd9
SHA512 f9b3c9cfa86aaf3cdb19b00157c02f0ef70f46aecc4fc1ec495745590fc050aed2ecb9bf9ea20835d7e1d564229feafc475196670019c2f0a64ebe5b36a8ed2e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ea0cecf0a8bbea60b06110e1fe9d139e
SHA1 72e8fe8f4cd99fd8ca44a699d39abbf311004596
SHA256 3d35883d3adcfb74dd6765b8ce837d49637f89062cb0820a306c6e132a66adae
SHA512 32fd112d3a657940a2715cb4094dfb54b46c6d9a93c6474e101db41f0669038df406baa3635c93cf304312d5a09226671209c9a6fc133f0287f16362605341e8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 65dfdbf2b7278ebebe28212675a972f0
SHA1 e2e9f185420f8ea4f12554d2109c84ad8f610217
SHA256 ff2347718ea6f4abccdbbf705c4f954bd61caa3b71592cac15b90b9cf8a14bef
SHA512 77374041625f33d673eecef11f9471e124132248c6444755ff9e1757d5af9a12eaf25bf75f27955de4338ab65e66d77d32aea3f9a8be1d2bd1a628512ecb513c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 153bb0ce7640c67558988425561edd81
SHA1 5dd38bdfd919ed5f141d703b36752f98388e09d9
SHA256 1e33cf382fb0e4817cd3bef02488c2457fc89d7cf5f5793a750dd373b2b718a4
SHA512 9342ab387e78b08c16e19ddd7b876c779a2d71d8da13f78ab26ef3db895138d485bdc9551ff0406169071b6873135b93a19df63d06119d2dfcdb9027d37bb824

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 aa6eb615c9f3983e00f848653de1f7f7
SHA1 bad98541f41d28242c062ceb9c9dbda59109a51a
SHA256 13a2bd2c8faf3d3743a22ea81f1a219999da6a9ba06cdffb683a4f3daf35a2e5
SHA512 83b90b1ae30ca16ea04dc5ef93ec6b77b97ee328fe9e9661bcbd61ccfab8cf270d87f34248638f345d0426b322e3314a2052fb1348b98021a8626de50dc72aed