Malware Analysis Report

2025-06-16 07:24

Sample ID 240602-fgefgabf4v
Target 8ceecc6102bef8591a9f8d5217675753_JaffaCakes118
SHA256 debcf71b890ef4760849633214fbd8b33efb84eaed4cfde2c4282c853497b9d2
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

debcf71b890ef4760849633214fbd8b33efb84eaed4cfde2c4282c853497b9d2

Threat Level: No (potentially) malicious behavior was detected

The file 8ceecc6102bef8591a9f8d5217675753_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-02 04:50

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-02 04:50

Reported

2024-06-02 04:52

Platform

win7-20240221-en

Max time kernel

135s

Max time network

135s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8ceecc6102bef8591a9f8d5217675753_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000928cdb9d3a3378408453ae08ab0ef5bb00000000020000000000106600000001000020000000033c433cfa1a03d124ead9483f3b5d6fa783ac14906c4d8c2726472fbe82a00d000000000e800000000200002000000038529b696132d140b73ca0536ff6896c57606318de871ded20b2bd8da229f60f9000000065b83533b17dca9a19bb77b4a29c38d72397a52480458c082212e5b7395e815820e1d8878b67c03645ba039488cdf1435eddba5bca4317adb288abca08eec2f32003e46a86e656f1b73f9cf2edae634bee0bcf2ab9387bdd9525f6abc6cf958fb04a0f12a358d3bf75aa88321e0501c2edb2ec00e7fc794b3ea831fa505543c1271b9ab7a522eca22a228f3bade5757c4000000098d2e2fcda3bc7299163bc7e08b2391577bbd272de53ab1790c94db4dc60b5070e769c7eed015884931b23e45a230833611568335d2953ea62b49f8c9c030f7e C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423465695" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000928cdb9d3a3378408453ae08ab0ef5bb00000000020000000000106600000001000020000000084a28cbf07c2e1e97a081968838f3629ec007e3e79c7bacc1c607fdca97d44e000000000e800000000200002000000030f435de78995217e2344040f5ce29fd9237f6d9d4db9d29c16409e0d03508142000000060fe3f95777e98600ba2dc252efef998773127ae948ca37521fb99ed10ce4aab40000000d7f202c45429634197874df0eaa6f2090f7746681e5195641d0713011a6b43241600b10d7320400f79eddd4b45a7e01726a5f5c28c6f1d71b2b14b34aae9fd0e C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A0E0D6A1-209B-11EF-AFF6-E61A8C993A67} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 7040327aa8b4da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8ceecc6102bef8591a9f8d5217675753_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2700 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.aimshospital.co.in udp
US 8.8.8.8:53 code.jquery.com udp
US 151.101.2.137:80 code.jquery.com tcp
US 151.101.2.137:80 code.jquery.com tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:80 www.aimshospital.co.in tcp
US 107.154.168.198:80 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751

MD5 822467b728b7a66b081c91795373789a
SHA1 d8f2f02e1eef62485a9feffd59ce837511749865
SHA256 af2343382b88335eea72251ad84949e244ff54b6995063e24459a7216e9576b9
SHA512 bacea07d92c32078ca6a0161549b4e18edab745dd44947e5f181d28cc24468e07769d6835816cdfb944fd3d0099bde5e21b48f4966824c5c16c1801712303eb6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4e2fc8d07473205f5f3a23c32a067357
SHA1 2128d94d5043fc3bf289ec0481d438e3773aafdb
SHA256 fd4b905c56b4d174b8a453338da2a24f33e2ae28aaf0cea6e76bc0d1f2537785
SHA512 347b83831c7f193053f2a13f91c40afa08a03d598c00e5a972c595744049a1e1ac68951e06a18eb29872a21eb4df085a7ca59e83c82d4a82d19ec6c40aa9218a

C:\Users\Admin\AppData\Local\Temp\TarBC12.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\Local\Temp\CabBC10.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\TarBD31.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6d66cf42c9b651bf6f7fcf03b86ccfd7
SHA1 6516b8f436d4a040d4391af61e34c51cd5f863d3
SHA256 9b5be957e27798f1fab9cc8b5e7632f86b48ec215f1fca50a16534aecdebd84b
SHA512 243f92058e1158a1bac4fac544672169c0efb495ac8b51751551818b6d6f5f4acae30ed1fed96866df52d53d612565e63f8dc8574fb1d0f4f101f745f2a649e9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 af4a1408fcce55d83a4d8c49133e044b
SHA1 74374f4c08005bba518f1ec83526f2de3aeb13c1
SHA256 faf5102e4410a065f48640d09020eb06cafb18191f6e4ee78d78ec238f6876c5
SHA512 d10d07a09e74802c10ece2b58663092ce12b51980deb3f8f4be8ddc5eb54334d07c6fd6663ccc25627dd0b03a39bc07cd1a9c2e88830d40120798b084686d583

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9f01f9fc0347d27d603e0334d51ea375
SHA1 0c198356f28755b1b65c57ea6128b0ec65fe093b
SHA256 cafeee58e3036d78c2445a948133d732970c8b1a3feb2d38f7fea82d64175eb0
SHA512 02714da4619e70ca052dce934895c8eb6dd966f89054cda7830dd65c9b43134cec7ec8b32a9b9286c7b89cd30ffe9c1d5488a2d7895f8ee4c67573789ae21416

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ddeabbb2733921408fdd66e6cfd590a4
SHA1 1bda9e5725dc4db8bf624a7805b9cbf499db4f67
SHA256 12b27c13d77c280e1e393b19d5b07844ca68be28fce6369cb8e86994aec73afd
SHA512 41da66954cf3e8ae077753a1a3cb85c092c4bed1d651def89e58231ccdd49e4aaeb794cf219730b955a9660b80e03414eb32a66f32db6d50e4a019714692d2df

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7d8552d70cfd976e94ee782307ab5088
SHA1 94c926129a2f2350bcbe4a4a66cbc6e0968e16d2
SHA256 b67c06bf699bca0f6b5e89be580936656e82f514d21ce3e777217b9b5bc3e14d
SHA512 75ae9695d7fe62843c2a0cb577c4244358cec3a8cf72a01c6c66a9f87d5d60a48f742254f801d1aab75ef9fd2a45423dfdd3a4954b6b414fdf0713537dcf1bf9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4664748bb18d29c562955144ebd0f526
SHA1 2a5d5df8fdf73fe6a4f46308a56c11dd37669ab4
SHA256 6c9c7e5302c343cfe2e76a4cc8b90721442c7a180121e3f55db0d71823637999
SHA512 4a56949c35a7226028cee0a468c4420525ed722d3bec98acc4b4554c4a4e71f21d9859d44c4ba74705cab4bbb74baf637b4fdc7813adf3cc4e2cecc93a35c06d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2805ee21f5610113d25521103c97a2e5
SHA1 677db2fb3e9d732d586f8135888de929e99f7c8d
SHA256 263eb5e48941187ef18381a1c570540b672d2051a62e18f2b8514dd870cf5dd5
SHA512 2ac48aa749f9e245b7fef30ea2c23e1191f48d6a119d7af7cebad545a488a53e5bcc3ae42ca5606a9e2094b09dcd2e05328df2a9227fe6d9e8dab8c6bf36a457

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 72f819f25114d7f28d31554f4f0881e4
SHA1 171f8d2645a3ef55d6401217d74740a3c6f79f1c
SHA256 c0e93fe50a4d5d6cb10c2d2576c547b9a9e7cd55545e28546b0ef72429f154c5
SHA512 1dc0242dd2f6b71707b570e655d8a58f23fa9a2930e38cb9e39811b1e11a56df8c1982e3f21f9bb22429936314bb86c04eb7cf05c707d73e32738aac8917a61c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a2314bd4ba52d8a8bbcdf4771667fa8a
SHA1 649495dcc2a23a7bb66c8a1ff7c4c1b599bc9c1d
SHA256 54ea0fa48400d805d9dcfefc5cf4312a389d69159fb58fd344d4113629900d30
SHA512 a8668efdb201035b06b4aa40502d1cb4b04b2bec93459062ae1a5335a7e035e6f0bdc0aa5fd1b212def49d655db8be2c6ab4f23eb888b1e42f5361327ba179d3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d9968c0c1ac28734894e7f7c81f272c5
SHA1 a07a4b1ab423cfb20f82ffbeb494f9c815f957e9
SHA256 9c98ce737455c8187632865bf245074df2e6bf14649925f9fca46022960ff2ba
SHA512 b7f59698f09c8c1c538af425d0c66830e24ed3c6d3f7186774f623d1e5fa4f49adf3ed007b646064d212d0f2bfbf1d78cec9976f45ebe474b4bab01381a93a3d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 b67f88032d1f4e9e1404f6dec63aaae4
SHA1 a0cc3a3e5a075af58639ffafe2616e2d679cabc8
SHA256 80bd6e731f64d1f480e3352335c918d621def8328e02b2acaa8ea67934ccd41d
SHA512 38cb3b108eb7a862ce350ddb5f01f81c091026b461b25b16ae4863a1c7fae8a7a1a537bec3173d5cc141f27781ec62d8f89f2a67e64141b81906b877a0f8b0cc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9301ec3be0c7c93c6d8ed2dfd71bddc0
SHA1 a07b7a02eff45b6103cf7451ba5485565bc4cfec
SHA256 96396aa892b59fcbeb1ea1e60a57de785486e1e4dc7e33ba15d37dc7d63ba7db
SHA512 c2cc5f7dad5eb64cd0849a04b1f048e92b5f8c9df1e7eeba9494468d2310f94376ee8c91a8e27563413a3da78987259f10126e111397df5004c4d56297e6190b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 17d19cb9d820da9425a10b30ab9ab856
SHA1 09282f31230a7f499d2527fa354befe4369e4913
SHA256 d4b9ffc02dfa81d1d6ab87b3e5ff004dcacc7debbd4f88c732de0e134465f74b
SHA512 33791aca9014f036dc0679a16689acaef29011b50b125eaa7d23b10712f18684791be0abfb8b736a20705f7519ea6ab46a1fbcfd273720a122525e0f889677d5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cff9541923e0978cdd35b1497fd5fee4
SHA1 6c0581dbe766cf109721d006546844ce6c7bc6e5
SHA256 9e44cbd5a2472fc9c05ed44e374157fa5d60678ea8cfaea9211b7b10c7c8fa40
SHA512 bd9d78164a5a9c5ab14436e475f0cef1150e831beb4d9a53c780adb55c546c1374703e650659c6d54993983622b4d79c85599771d18498a85c28c4c151789c48

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f399325e6e071f3fda8a75afe1aabcd7
SHA1 b887e4ce92159aedae565cd7e29ba999d80ca94b
SHA256 352d72182895ff77d32f39636423f1232ea2427dac8c5969764e7485bc448ebd
SHA512 65a3a52dc098ff6f3b6839f1ebc3d518b435a8c38a6cb46c9b629ff728730eeefeb8b00d1c2fa70d493154dca71d6994ee46b1264af8475823faf991678b9d5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 12126bcc7609027c8958905eeac8fe31
SHA1 9e1bd401f34ee87600aa2f6b71fc6f7bee122e1e
SHA256 49341772cb51f4429b3d013a17e115e9868578dd6f5175b345aa970cbc75168f
SHA512 170c89550f23900243567109c8aa072ffd1f11a48b7c5993bfcd07e8f4d4cbcce53f188ac07d0d5f5680346239c002124439ca30a20f81b3b0cf7394fe5a1f93

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 fabff728c834d99536c604095eacd3f2
SHA1 8db2ef4216ce00345949b2f7909bfdc9d4eb1036
SHA256 0d19824cffd8f6d975b31feede7e93c7af856b5c4edf9df99decace5df8adc1a
SHA512 b8097689b1cbcd39f35a6f87d904ad8904fb6deb7df2ad8895562ee676c391e018c7a433f503b897577856373b4a61207aba61a5ed0c38a7e5ab3f6086459199

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 abfdd6ab1458fc4fb107b05b1fb6cb62
SHA1 cec3169b197b47b53ac16aaaecc291c72ab62b2e
SHA256 fa4326e35d5dc0c1f89c89cdce0e94413d4cccb64bfe79d554e1f7da7e9b7148
SHA512 4ad74a5850b154f976e9f4d6b17d29dc241738b90a51fb9837f4437e2921bdabdaf8fff0cb30e62f8591aac455f6d76131a0dfd288f4b762dfb0223bef0efc07

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b3a594c1f016195ba3d817fedea32421
SHA1 7bbd8f5d3f56fb58600b3af9bff56beb13635b2b
SHA256 0972b58d0febc66d95c35c5df42be898b9d415897750931988b311c9e47dce70
SHA512 0c13aee347ad7f7c3830a30128934b7477ad796332e8c860315bce3a2adf85b0effc881847842538651eb2101c1f01968148bae017910ad3bf52076c2a5349d1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6d717bdc03bbbb6c32b9a179a8504f89
SHA1 9b115d5c98611b06c1f84c44db050f13c5577f8b
SHA256 8004373a03aec257774188240ba9a203400124db3e02404987ec18a9bdf0da76
SHA512 a7b37d6a8260f2d29ed477533cc379452138e5cb649ff89d7ea100a1f34661d8f971307314ac70562e208f089b8deb9e33360e0710d345e80b25792107d3a51b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 797f922eea710769619f0597f9c6377d
SHA1 cf532cc5dc23ef02ff2afeb809415aefa5138f47
SHA256 92e575f0dc2bfad2fe54f6e9a1e03f7dd591393496a571d2a51fac4c09a781d1
SHA512 777824f1a38ba4cde663748c7e21d19a9396dd158bd5f9a4c8c7f030add7866df0c5fbfbdc664c164eab1328172f6e24234c4f198c3ebb21a3b10157f7bd7913

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-02 04:50

Reported

2024-06-02 04:52

Platform

win10v2004-20240426-en

Max time kernel

148s

Max time network

152s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8ceecc6102bef8591a9f8d5217675753_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3772 wrote to memory of 1356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 1356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 4784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 4784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 3544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 3544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 3544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 3544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 3544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 3544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 3544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 3544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 3544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 3544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 3544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 3544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 3544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 3544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 3544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 3544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 3544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 3544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 3544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3772 wrote to memory of 3544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8ceecc6102bef8591a9f8d5217675753_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffe4ac46f8,0x7fffe4ac4708,0x7fffe4ac4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,14402507218605232272,362446853459565975,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,14402507218605232272,362446853459565975,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,14402507218605232272,362446853459565975,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14402507218605232272,362446853459565975,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14402507218605232272,362446853459565975,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14402507218605232272,362446853459565975,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3160 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,14402507218605232272,362446853459565975,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2712 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,14402507218605232272,362446853459565975,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1260 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,14402507218605232272,362446853459565975,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1260 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14402507218605232272,362446853459565975,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14402507218605232272,362446853459565975,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3584 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14402507218605232272,362446853459565975,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4180 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,14402507218605232272,362446853459565975,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 code.jquery.com udp
US 8.8.8.8:53 www.aimshospital.co.in udp
US 151.101.194.137:80 code.jquery.com tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 137.194.101.151.in-addr.arpa udp
US 8.8.8.8:53 240.143.123.92.in-addr.arpa udp
US 8.8.8.8:53 198.168.154.107.in-addr.arpa udp
US 107.154.168.198:80 www.aimshospital.co.in tcp
US 107.154.168.198:80 www.aimshospital.co.in tcp
US 107.154.168.198:80 www.aimshospital.co.in tcp
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 104.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
GB 216.58.204.74:443 ajax.googleapis.com tcp
US 8.8.8.8:53 apps.identrust.com udp
NL 23.63.101.153:80 apps.identrust.com tcp
US 8.8.8.8:53 14.25.17.104.in-addr.arpa udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 153.101.63.23.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
GB 216.58.204.74:443 ajax.googleapis.com udp
N/A 224.0.0.251:5353 udp
US 151.101.194.137:443 code.jquery.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 maxcdn.bootstrapcdn.com udp
GB 142.250.187.196:443 www.google.com tcp
US 104.18.10.207:443 maxcdn.bootstrapcdn.com tcp
US 8.8.8.8:53 maps.googleapis.com udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 207.10.18.104.in-addr.arpa udp
GB 142.250.187.196:443 www.google.com udp
GB 142.250.200.42:443 maps.googleapis.com udp
US 8.8.8.8:53 42.200.250.142.in-addr.arpa udp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 104.18.10.207:443 maxcdn.bootstrapcdn.com tcp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 91.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 www.aimshospital.co.in udp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 107.154.168.198:443 www.aimshospital.co.in tcp
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f53207a5ca2ef5c7e976cbb3cb26d870
SHA1 49a8cc44f53da77bb3dfb36fc7676ed54675db43
SHA256 19ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23
SHA512 be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499

\??\pipe\LOCAL\crashpad_3772_ODBDIHHZEKSLSJDE

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ae54e9db2e89f2c54da8cc0bfcbd26bd
SHA1 a88af6c673609ecbc51a1a60dfbc8577830d2b5d
SHA256 5009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af
SHA512 e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5fae07ad935c8dafc21a0fdfa65a0746
SHA1 babd8b12cf2e9c155873beb5ffa7787a6794c5ce
SHA256 f70e4d03003c638b56c14177baefd923fa81426465ef8edb23f3e19d169ce158
SHA512 d6838864f577e443c86df7c197a70f603a453319a681f3e217027eefdf32380160501e428e33262d538fda6f1702001cf807bbecf664b5c3325a8a2d561a85ee

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

MD5 63c541481031303056eed255949f002d
SHA1 e6ba8fec21f4e6789076e4678f6327bff58bab99
SHA256 abed17da104188f92c39961f2d0ab6e1291fe52b6e19ac03f34a9ce36260da9b
SHA512 bdeb2b22f64ea25c6f97960a927637856f0f6bb9375a75c9a69a70cdc8a544e1fac24cdde3e4eccc9c31501fcbddee6a3b96f44294916cc848516b6406e7a5b4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 8614e13d9a476c2c6357162320b59e95
SHA1 346e0de5ea423b4d1f5db7f330c69fd78a70d778
SHA256 f87d4f6b46dd12eedc45e6c36800572809dd227ad1a9a472b7ae22920c3c0903
SHA512 8f84161d1179e382588a61f34057350cdc06345c3a01eacb6de4072e5af55fe1b028367e1f69f4370de2cb85ad3c466a79f40ffc9ca8f392f7546aaad6a5cdc4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 cd750350cb568bc30d4d5e1aef0cb2ac
SHA1 682d60fe8b4206e4db9740bb08c486c70215fc1d
SHA256 29dbfa142932e96747ce55278548f7372bc0b9d293268dd6d2227fc47920514b
SHA512 e59e565a19b8c5e23cd8d53b844dcf7344c6e3bdb7a7e4ec9d03352ebd21ada5c78bc4afcfa591e20cead16d515dc6ac219f0aedaceae10a1f88c1061bf7b48c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

MD5 4448c084e6bff94f33e577d2faffebb5
SHA1 ea666727d443c4a829cdd0896797cc47c57c2156
SHA256 51981e9e6b3ac190e91a0ceb81e0549095188cca45ae59df7a85bacb3259c323
SHA512 ef1c8013b4df5875b42e4d671d6f1ead50e09be0e2a9512c41fd8ecb8f1dde69cdcddd294d1925be362e7aa2bcd06c4e03f2279fac573018714331f35b22c0f6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f

MD5 09e30e67ca25aa583c05f19321e8b234
SHA1 1efeacb77f0ef26138c7e20592c292d1dd11fba8
SHA256 d2ac8137cba526264203387c802ff4e853f8e4e832591ca5d8b2efaa0a921ef4
SHA512 be1e87545c2e98291d2e0385e510c62d5ca4e9c6558a49694385800bc7d9764af31f89f26b34ae4ad028ccbccd794d33082bbd17a1455bfb525007571880791f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b5b5170019abe271_0

MD5 f6266b5c28de4f35697713360aca13a9
SHA1 b10cd53438888dabe27385f4cff38f9ac4193f5a
SHA256 79f07ef9ece4e3fb03c89f2eaf1783fd48fe462daafdab54f0987acd7b375603
SHA512 fc1a186bd26840112250bf79951a3ce2773c1f703ce0e75af49848cd5f8c2e36c5ef565634dcdb36e936072c40eb61385cf52df1e986ff39144a5025d3038320

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1781a43bfad24a04_0

MD5 2edb0077a5718296b28981ce95ee946e
SHA1 ad70be23338efe2062500f9b14d20d6a0279a19a
SHA256 d872433cecc5b0d7ca52bf0919536f962fbf94dcfb1691509733d4f223b74a1b
SHA512 915b3668b09c8447e17424414a5d7b360bd9fd4c02ff7fc050e00b9a7224a9ca8953611f40c0c191f76c41c8181238bd4857b59fb6be5caeba6026f78517d3ec

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7d614df08fd49bf4_0

MD5 2d237559c873dc79d0e6beddbd53b4c0
SHA1 92fcc8a2e42dad9d568cd72b8f2092a93292b162
SHA256 3fb6561582ddaabe4babeb77d9440446d95587c57920e3ddefeaf27e6bad7ced
SHA512 b866ed94fbcf6e20e18679162d172be0e8c826dbf4f1a9ab4f69e363490bfbd674d1e0ea22e27994df8fc2c373eea6e2b288887eb9853181cb4172586d4b1d19

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9c5e787d71194659_0

MD5 1beb39bccf6c827ed6d9691b1575fd8b
SHA1 7f4792f569912b93b995d402024823ec03c7be94
SHA256 e5469f195470a0e25592710f49a2703016f5861436837c353906088ae50803f3
SHA512 a53e35357b7a89040ec422a1cb8728e33c2cf75d467b2a0b3c250565aa440d08dc124c521296dc6bfdf46c08c8cee86cc5ab96e63d78e860eb98b9f541161a17

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000039

MD5 0ffaa226d575ce6728e4c90148b952f7
SHA1 532eb1fd31843ab68fc36293adf774c24b4dbcb5
SHA256 68a86b3d6d10ce4d8b4cd16e4dad0b76c535f844a92f985de6bdaaf7d6b2f8a4
SHA512 f7bc3ecea5c0e6012463cd6decc67b2b99e9540a73df747523d87ff4df9e36a7902e048b190b9e3881f95628e683d9c6d520d254cf6323d0205ff74bb5b93fbe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003a

MD5 411224e6a6e1ceed2810d48aee82898b
SHA1 485041fb0264e320500ae13f650eee6450453b18
SHA256 f37b97da617b3ed82acc725af90464da7191b5ad92c7a833c4a769a57943f204
SHA512 2610ea5e4202bd77b972c1a7717b2a2abc41848b2d6c6cbf719d7254d9337d08b96635e03af46f942ce799ba6570167324c21ddac4a53012530d1061d32fc9b7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000036

MD5 f998b8f6765b4c57936ada0bb2eb4a5a
SHA1 13fb29dc0968838653b8414a125c124023c001df
SHA256 374db366966d7b48782f352c78a0b3670ffec33ed046d931415034d6f93dcfef
SHA512 d340ae61467332f99e4606ef022ff71c9495b9d138a40cc7c58b3206be0d080b25f4e877a811a55f4320db9a7f52e39f88f1aa426ba79fc5e78fc73dacf8c716

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b34d71b275d46893_0

MD5 42fa18836f9b8a8b5b33a5866537eb57
SHA1 c6094006df423730c53a49aef9b352754dfd8a72
SHA256 08973011096a750e43828001a1e8c48f0733f4ff3c30d4dcf5091a20e3ffe0e4
SHA512 b92c9cb15335f9d610d6aeb04619ce3d525a1c42f685a51371faafbea29c56912e82e33cd35a89911792d91f5e09c81636af2c3273f2d18ab7a5bfe39a442c9a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\798d1749b4eac2e9_0

MD5 47139b3c25f028ba640dbfea6d7791b7
SHA1 9047075ba37dea5c32f8ee8d17b0815820812ed2
SHA256 d9489bbf104fd34b4cde07363e92b9a2f6082b924f9150dd32f21c8ab358b5fa
SHA512 88d2bcb06c816443193fc28f3e44133119dfde9bc154d8e3d1352a2040006130595c6edeef87d235d785d4009d6902bcb109ee13afe823a04e8fb1113fcef586

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8b21908d52b04d6d_0

MD5 5bb6a8a535565190b32d25569827e54a
SHA1 bc17262762a64e2f219fceda4d3f2a9f799bd841
SHA256 a77075c5288a3c41c4217a709226b8ae4b3ef2506ffb529c2949d398c31d97f6
SHA512 577a963fd14808fa8bf6a403591c2b4b6598e6b97e10564ad3debefd910716952008cb2df3f8cb565135bd142acef30abfa0a07e577f37515ad97bdfae529f56

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\95a14c257c32ead8_0

MD5 65be2fb9cd97e0a365b3318f4fa01e90
SHA1 def84c93c835095749abd42ed95ddbb7b72ab172
SHA256 4cebb5f90802be79694a3232555b602d8ce1a7df691bc5f6883e7632927d8cb1
SHA512 a452979e925c54e519da1548153fc0f1721797775a8e05794ba682a648154f7f8306e3c4b2cf85cdc4aec3bffa4dae02bd92c143a9ea06b55577fbd56dd69f06

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 c2a0ad61c8d8d9bdb61d624d723700c0
SHA1 334e13af1f439f9daa1c484ed16901f37a18dbc1
SHA256 07b12ae41c533731352150b1fdec303e41a438df04f43e749e5a8d8e928e803d
SHA512 2a01cbaf2c04b052a1a95e58bdcca9d00854f63bac4ffb4f5f540163f53230a6ab12213b9a5c02a3523cb1b263dabfaa755b38f630309538cab6b77cb395bca0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 9a8093f7ca040f7d1eeb8dec109cfcc9
SHA1 f978f2d7f315cd7a1dd1d9ab0c8b6ec09ca52d6e
SHA256 168a303c2adfc2a73b93af35d7a158d000aa07ed80698c456e1bc5a441d3b9a0
SHA512 fdb4f77de1ea9d50779a59f8dcccf232daf5848e94193e07b60522bf021a0ef842438c3e85f03c098d61dddf2062f02a2b7194a7eaa1346db6d0da42b9b1f4b4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 dd4a872dd7b6f47ed2a6574765baf41b
SHA1 53ef22614fc6f5287b06aa556b5ef86e840231de
SHA256 e9257a5f84f6a76da074ea5928fc5bba964ac63796077c8c03e329049098aeda
SHA512 72b7171d622eb1757b9c1a18189e5e06c241315f81bb69b3c34b3e61b9830f2930cedfba9dfbd73e12370f05f642168f3e4f3da927e6b488805f7398acf76867

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8287dc10cd88a235b943761293a62d2d
SHA1 31d01e05abad988ead1e0f7b928b3bedf32fcb5d
SHA256 ea2071273d91e627a772d0a560d165e4f13a814c391dc3231794b4370e230edd
SHA512 09881df7dbbbda4b64cad9cb1e2c57e16a34eeccff625005689d137bb259d11853401377e69391e0f1cc939e55f21c9b0539415cdd05bf7fd663b6262e2d31cc