Malware Analysis Report

2025-04-14 00:21

Sample ID 240603-kplxqshd7w
Target 912bad0c1ac9274edb113e0c584dbf45_JaffaCakes118
SHA256 37de223c972d2b92e40174fa8c3bade399d917e2f72c838e18acd6b24b74f437
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

37de223c972d2b92e40174fa8c3bade399d917e2f72c838e18acd6b24b74f437

Threat Level: No (potentially) malicious behavior was detected

The file 912bad0c1ac9274edb113e0c584dbf45_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-03 08:46

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 08:46

Reported

2024-06-03 08:49

Platform

win7-20240221-en

Max time kernel

147s

Max time network

147s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\912bad0c1ac9274edb113e0c584dbf45_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a484adf003699f4eb214e693ec045386000000000200000000001066000000010000200000001439ec824301f7f43867d5237510df83f6eaf7df32e6c9f0f0ff2e60aafedf77000000000e8000000002000020000000d5df9ba7069f3ee6e0cdc9fc91c20997e05414723659c2fdece3ce94ff8342ec20000000a0904fa7d75882cdf1a3165baf30a9beb096015c464409e40f3bdd8e4a44253f400000007c1a778621e4825b354421e9fc600d0ec58097c0039444df991f9f52d19dd86761c5533242d74621f9e5409416cdb6e512235ab510bab0407c75cc0554eb7112 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CA7EBFF1-2185-11EF-8E71-FA8378BF1C4A} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 205c5aa092b5da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a484adf003699f4eb214e693ec04538600000000020000000000106600000001000020000000d330d41b8a6ea151e4f73adfff01a9448b05e6a594eb8ec9a2c9075facde690f000000000e8000000002000020000000d86a299bdf22226f9b8b40d144e483f849dd64a63839551cf74c06a6847ff933900000004eb14f874b1571a2b77c6de0efa85ce4d3c53e0acc3d21973f54430f2bf9aefab6d10cd7995c09b7da283bbb8d49ab208f86390ed6b57046953e0664e51aace427d0f0757408feb13feb306f309e613e8ba5f348eacb046cba0e5607dae1c87103ac029ec975e502c4d7cb79f2a8249f9046212b991c21a30e150d300ff74f4015dadd53e17e4a2a543c7bce1a58594640000000caea0b67305bb804d41f804b52e25e28280bc3f0e6332ca9fae1e0f31be67f9c950c6882c65d57ebdeb4d622c907f62bb58e47096f56e8a22f0ac1cb680cc56a C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423566266" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\912bad0c1ac9274edb113e0c584dbf45_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2236 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 apis.google.com udp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.187.202:80 fonts.googleapis.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.187.202:80 fonts.googleapis.com tcp
GB 142.250.180.1:443 1.bp.blogspot.com tcp
GB 142.250.180.1:443 1.bp.blogspot.com tcp
GB 142.250.200.14:443 apis.google.com tcp
GB 142.250.200.14:443 apis.google.com tcp
GB 142.250.180.1:443 1.bp.blogspot.com tcp
GB 142.250.180.1:443 1.bp.blogspot.com tcp
GB 142.250.180.1:443 1.bp.blogspot.com tcp
GB 142.250.180.1:443 1.bp.blogspot.com tcp
GB 142.250.180.1:443 1.bp.blogspot.com tcp
GB 142.250.180.1:443 1.bp.blogspot.com tcp
GB 142.250.180.1:443 1.bp.blogspot.com tcp
GB 142.250.180.1:443 1.bp.blogspot.com tcp
GB 142.250.180.1:443 1.bp.blogspot.com tcp
US 8.8.8.8:53 maxcdn.bootstrapcdn.com udp
US 8.8.8.8:53 jqueryapi.info udp
US 104.18.10.207:443 maxcdn.bootstrapcdn.com tcp
US 104.18.10.207:443 maxcdn.bootstrapcdn.com tcp
US 45.56.79.23:80 jqueryapi.info tcp
US 45.56.79.23:80 jqueryapi.info tcp
US 8.8.8.8:53 themes.googleusercontent.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
GB 142.250.179.234:80 ajax.googleapis.com tcp
GB 142.250.179.234:80 ajax.googleapis.com tcp
GB 172.217.16.225:443 themes.googleusercontent.com tcp
GB 172.217.16.225:443 themes.googleusercontent.com tcp
GB 172.217.16.225:443 themes.googleusercontent.com tcp
GB 172.217.16.225:443 themes.googleusercontent.com tcp
GB 172.217.16.225:443 themes.googleusercontent.com tcp
GB 172.217.16.225:443 themes.googleusercontent.com tcp
US 8.8.8.8:53 pesagennn.blogspot.co.id udp
GB 142.250.200.1:80 pesagennn.blogspot.co.id tcp
GB 142.250.200.1:80 pesagennn.blogspot.co.id tcp
GB 216.58.201.99:80 fonts.gstatic.com tcp
GB 216.58.201.99:80 fonts.gstatic.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 fbcf65bfab171e4c157bcfcb336cd044
SHA1 134ddfe576a5102dd9d2ce63fdc919e598c8fa3c
SHA256 694d06e6866b15728b10eafa7168ca06804540453a6c650b2bb46ffa287b2b6c
SHA512 c22c2d1789b71870fdff3c076ae2e28ea9632b590530c093dea0fd5142d801822811aa2a55672b7561c58b04fef05a5c21822d82d327f8cc55bf69097015d783

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 2a267c8371f84045236028d9d98b0988
SHA1 689e34bfc1f5b0d068c4ee62baca3e32f2a8e2f8
SHA256 3e6148f5d2f700962e4ca856d369cf61329d27095aab4081997a69c337194f4a
SHA512 7da74e5c2144e31887d70c62f623a0271b33153f0be825828f006ecec9fcb7d1f006249171b2b6746953cec27ce3ef159f980919e2b7ac996ae64d2519938e5c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 095286df021742ea864e730691994fe0
SHA1 63e7dd865b1e307341de758816727b0b0d14cb6f
SHA256 00585c8f8d804b8236f8ef51d518f5be103aa897146c36a2124d5dc127d8cab2
SHA512 640a7bbb9b36598cfdfbc76c6121441da12345393f88e7a3f7e8e80cf010f8e1f83ee7fcd53cbb17435acaaaba26ac358c5cdb8edab3eb4eb8dfff89e128f75a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 b5f83cc4c2081f22944bc3268bb5348d
SHA1 566c78ce7120feb689af11ced61a1e27949cc6cd
SHA256 637e298891179f566ee338d9375b016907f2115ef2526b12a79b5b21b82d3685
SHA512 215250b3fecc88f0f96ea4d877580a2b126067425276c72664a496a90967c0941e5806d6249db73c35bb3599f9e7dfe390f4a630a36dc08a174169982281fad5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 1c69cd943f9c7561ed0720c96a2260c4
SHA1 fafa3b914a571a8ae71042e240e9aaefc3cdcac4
SHA256 ceafae352d98000bda6dd4f878ab58922abd4303336f1601790e448cf294595c
SHA512 f3f8516c805af216b9c5138b5c79adf8e1148f9d0636ddaa6329617c0d22885d906cb41cc3b225241790bbdfd931b10ed18770a4064babf800c8f407a57d0ae6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 a791e1223d59b939e62d8e80310f361d
SHA1 27e3a580953176a71c222b194de1661fd992ee2a
SHA256 7e293124e71c97f0e200dd0088b3b61161214b0acf634a7445cffa5ccd35c750
SHA512 9b7bd3c530f894cf4658c8ee59ddd97ddcc2e056034269255cd86f5d1bb2a28c769c762fe0374f9e43c3591adde7249da24d87f70cee1d3e9726063f22852fd2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 c5477f244d988b27fe8a53c2e803316f
SHA1 7cc4bf48adde7baa9f8a96b5eaff1e45139647b0
SHA256 a3271a2bec74eeb59f8004b65a39e3c15167fc9fdb0ce03394e611a7f724f276
SHA512 c43de596ae7019d9e1ae1f9896c2d2689a5e5ddf2b8715deae734bdb8808686b8d3e0bc8e99e3da52b9a5aa9a08e7f2b93aaa0e593764203565e4937952c0d41

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_1DE53A40D87952CFC53E36A93B17FF42

MD5 8aa56624cf9ccaba9a7aaef5a252dbee
SHA1 4babacdff0cccf75aec971ffa0ce7c07ab24beb5
SHA256 4163f6b54ce3d12823d8e761efb6394e91a3b0c0762b4879d6709c252de4bcab
SHA512 67162d8bf4b03ef092d709a8b26e418228bda2bb10c2961d1c66f7a87366e1bb87c99c3251094b107cf38c9afbb4156d645c0970c7540b7c4efaf441764c05aa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_1DE53A40D87952CFC53E36A93B17FF42

MD5 7492d35ad49dfbe46f01dc01c7af70a3
SHA1 cb20561751b1b306c8cd3d8fb9ddb66efba6c8d6
SHA256 68e1f6d45ebac9608a34dd41a0c53fc731905d21fe953608cf858d0f6c5897e6
SHA512 b7b271a54867b0a1133bce09e7166cc19287877f8180759057c220f6a462a3e79a7a239ea1e727006f184a696c476b79dd9589f1a610f4d63418c7b88ce3be8b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_1DE53A40D87952CFC53E36A93B17FF42

MD5 9d0aa3765a86fa9de15761dc6c1be6bd
SHA1 9a44a9633107fbab8c3a8a178cf0dba8164905a4
SHA256 7d92afcda714830a46e74ae793e00653b22c419f764defaf2c05c72e16409767
SHA512 6d3f1773454ede9d433f29bfb18b927cb46d02645fd1da555093fa4c2b29d9d00468c72c677b84257182047d35e8d6c272d0f292ecd220965888f9c8700628a5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_827A2BD464611B5891D523F77B43FEB1

MD5 3cbd995f8bc61a3669d6dccec2391d8a
SHA1 39e5903bb99f1d045f6b0c2429b43ea8e2d551da
SHA256 d302d7266945490d5d06e91e1c2557830688004c572f39343357dfd57ada50e5
SHA512 6335e0e9db04d46564a47818a02c3ed714ee705dbc70ecadf252f2813ef62ed14bf739ea545d69e3214d21600a2d9257013545ab3bd7eeba17fe1fb07b2a22ba

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_1DE53A40D87952CFC53E36A93B17FF42

MD5 6d1b909b34e20eaf90d62099a46d9d37
SHA1 4dd24a2e011d237bc18f1b47f596f9d48785cc59
SHA256 2b3813ba814a95bdf50990688db5c39cd6e11f089c717293034628e6dfc8a5ed
SHA512 5dadc7c4cba388fb5a0c98b3c3e73d8e1a44234476925ddc50c43da4e4de72b349eeb4b0a810912fed2e6efc8290db50c4d9649adf15c9d7b22075da7fb31f32

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JB8Q1DZR\plusone[1].js

MD5 53e032294d7b74dc7c3e47b03a045d1a
SHA1 f462da8a8f40b78d570a665668ba8d1a834960c2
SHA256 8076b082eadf0cab4a8823dbd7628a0b44f174c17b3221221c0e31e7c60307a2
SHA512 fe263fe86aea2ba1b86d86305650cdeee45cd1f7b4339f9d4fb81db776b78abedccd0ae77262f45d579751daa26f81385354b3d126fdb5577036e9dd1db33276

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_6B69C29B30EAF4FCF9E240B3D6A77FC9

MD5 d15af181df28a93d3dd0ec8748e1fd4a
SHA1 a3f4ca80c6c94c21fba95801b8171186374fe808
SHA256 897c589d175c21601455adee18069f1ff0b0701b57d11a3f3fc1b13c2f9bea6a
SHA512 5dd966491348ba2d0095e208233340e0638421f0314363534e8e97dc1688dfef943c6185b47e52133d83ef7f23a4a624c0cffb89d6ecee6d57fcd4400e708bb0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_6B69C29B30EAF4FCF9E240B3D6A77FC9

MD5 41278ef854f074625b8f0dc7bbf36f69
SHA1 53cfcdea5ab98b3e50480b0dec0bacd3914bc0fe
SHA256 2cff09892c9991f9f4f33c239cb12192a70c3629d4469ce7c4619587c58fb4f8
SHA512 a2879b06c1ba3af930eb08da260344fad7c8c6a0173c887cbb8295e8931ee3aeeb0867068c421d987594718efc4e4553c45e8db95c52397fe1864eba53afeecf

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JB8Q1DZR\MNUJONVV.js

MD5 67e216a27dda24bdcb086c2385b0cb99
SHA1 17141c80f5d32bec3691c5ab24741d8b7dd5f0c6
SHA256 9dc433b2142d3ba0803fcffa53f19d34da26996d20c829df6d694bc887325dd7
SHA512 802319543dc64cb011bc2684004e878a842b73aa55e4da1141ccb8650cbf42fabbf2b46c730760bbfcc7a140e11700244b9f5da78bafe9fca7ec7825c12b4255

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5a9904b926a215f22c8a8a44e301e54c
SHA1 3eccbb5251bd049d425552ec64aed7353c5029fc
SHA256 cb2bd549166fda723b8e6044066693a6043c43818306564a267400fb15fc4126
SHA512 4ad9cf5fe67abafc9f946c73c2f10ca7a6a6dec9df593c4344dc4af13a806f4d5071061a95c2d99b4a16b2c3aabf75cf8694dc69c250dc19b22fbc036e677c64

C:\Users\Admin\AppData\Local\Temp\Tar27D0.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\Local\Temp\Cab27CD.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar28C0.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b684e532f4a175afc3b874d9de8820ac
SHA1 0f603e368b7f5bf1daede48ff6242947ea1a0b77
SHA256 9dd38a413746c5a2247c4882ba12811d912b56527b326567863f657c45538b4e
SHA512 4dd78c985f53291a4f5dcd021d5c1a5fd568e447a5390c0472223c527657e026d763b30df35c80aadce5c5d0b2d2537c52ba953db3d68d354f228d93587ad340

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 06d33133455de07c51308f094fdf19cb
SHA1 3f565089e8344de4a5f9c6172921c69e83d98da6
SHA256 0279dedaa05160b11c6e15777b93a0027205df897bedfd0f29635fc57af45577
SHA512 5314f47b9f84d8efab9914b4e25bd38fb6036f4e96680313cab660314ac3754a059bb41943f40ecdd968a19eec3993ac71f1d8bc4afcb36e09d93baee5529e52

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2e2758e62ec18ce3ec907f21399ac8bb
SHA1 2b4f8b8ad1afd056dd4e375d57d57800a8b53d0d
SHA256 53d7169873d742ecc44ed1f0cf3bedda677f293d098119d3f102b931311b57aa
SHA512 84dadf3df48f28f6de90049176feada051c37e0a9d9b72d3055f391e075c2fc9191f962ccf67c0e7f4d8259416b4bd8e31fa955d4f20c553adac2eb82d2f98b3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bd0279c8fcab83faeee1e30112d5d39b
SHA1 201f0490966b231204748ef8e317f1257b2e5f33
SHA256 ef2a58145f7f4d66b6fea35fc7f72d688eeb05163dcb35e165dc37471de21343
SHA512 59341a9a6c13607ad864090c7ce552c8f40a3d8f2a89da6b635505fd62d9799ef15dc4d70efdbc62b98ea2b2b99b1aa52f26744c91e3cfc92f639d90500ce168

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 124d67e102892c92e225e93948af865a
SHA1 6f6906276cbd270ec48085927a8d5e88d814f317
SHA256 64ff05dfaa3b765ac8d431ca4a4d2e5b27cd005eb066e03de408ff89e75d61d9
SHA512 9366f4e202900d32c878ef6712e065def0165f935f50d110da751c5103f4cf5ccdec77c44b2cf76ef9217432304d911f9f3536398aefe8d91eaa880156397cc0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c9dbc2f98c538dd03791c4e47d283034
SHA1 9927e9f7b1fff9669cc6a588cc1972ebf916f75d
SHA256 cdbf39fb8a9ea4ee9ba267ee0c1158d4facf7d443dd9f5402d94a564476253f2
SHA512 99ffd7e39f8c199a05d4faa320712a71c132ed141187670418e0c6ba86a25fbebba638728d9db8aaa8450d79d556409e0d7d13147fee59895676f850a99c7d96

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e5c8918ab51d68538ca76b6ba66d306c
SHA1 0f6183f0e501428036334bebf02e9e501c460916
SHA256 849e7872ff666ed393910fa0d68405c5e5ab3d525524e92dec42abfa3987b92a
SHA512 61e7a53b448eff8cd82c04638f795dee04f199ffd9b3cc79e65b40e26da4fce538678b662f2b14d07c7073e3938b78e18c08d5abf33537b9f342b50212969bf6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 66415ae50b45c1c0d6d00618039fdaf6
SHA1 0cc152fa370b1a794956081330d5834339c2e536
SHA256 4044b8fd9677f001a8605455b1c51574248ac8784b971be8a3679ad6d7588ab0
SHA512 5246c4ce868e4ee05cf51c7b16976d7b7c8cb41f67fbb7148170a92dcd310e6b7678868220fbb60bfc2a4cd86c153d6ce7d65529220ee2c383bc63fb10b9917a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a4a3b1bc2731f706d2e0df339952efa9
SHA1 bccb237bd75f368c4ff071b33929763f83ae0776
SHA256 b5797e5cb0bfefa33a3bf805147878aa61833d4a12acf511fc3cb0f8bed7412a
SHA512 9c4cb7161c7c20dc6645879c0d222b2bcd6d937313145beecb9624ea24ee399bffafac2d3a94e25712aa688e86e998a0eb2746318e097d4c3f58dccb3742f15f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c79f52394974f58caddaab580f5c1803
SHA1 74ef8908e9dd528f44ce6ad6fb5c3aea222c5bc1
SHA256 494f83b19fa7a2509054df98d6dfeb312fd27ec1c3694b6c665c7dbd511283b6
SHA512 f8a2b9f2b044cfa908673212f63dc3f35846f380512c93bb4380dca4b06be302c54d15fd2d202916277409294f7b2867bd1d0853d8a6262f8b80ce93fed30b9f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 3da225b8f2d31f44e93b54c2d99b2424
SHA1 9dce786586a66ccd57b1a6591153d59c637d9c33
SHA256 6811ad4aee4e16d5f9b9c182298f5ad33f53332ddd682f8de9623ec0972be464
SHA512 43ace666d19fdc091cbdf75ef06622ac85714f61ccb92a725e67ca034c79f2de76ede563cb991607e8247a69abaf4b4438f9e4ad86a37ca7c37a9e3d1faaac47

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cd51ecdb5b6c2a078c5eb16f3c857159
SHA1 4330efe1a266cd5fc1840a7135e2e51476723658
SHA256 792993e210301ace942ce0c0dd08d328c53ec66ebeac6bec424c18d15776308b
SHA512 9c6263ff8a4c0c322fed0cf1446e7e0178dcabe7299984c02a87c06156d21ee80f4102a1aa734e7fed1a3e7c9ca1267a456d52f4bd72fa9f3eb8ff12a74fafa9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 77ac1cf5fe47f2167c13ef57979ad9fb
SHA1 6ba8a55c416e6fda904ae9ba20c29dd210c98819
SHA256 72ab601e0508e552e89296ec2734840ea7f4d6b86af2a999b4f157c43779b8b6
SHA512 286ac070c6ef34f7fd21b131d8589a7c9bc1bba6bcadd5879d570dd243fd840b8db8310ee468b8573193edc76cf6c11afcc89d82da34c2077cbcd9ced1092e1e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fe7b6f54b3610275a1b9f4748d86244a
SHA1 4da854091a3480026f9c4149b38b450e0a85b4df
SHA256 b47c6bfa5c668b6f6f07b590f3f07cad28390d73d5313900c7eddd657003c9ff
SHA512 2b618c245e3eb3eba0197ee7c9d7fcb131cfc46c4a54a2517232a9bfb6b526c24734a977621d2d6d476e09fec57a887e5e9c3a423a4aa849ec32738556cb3149

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d295faeb77e8a70ec78d22ccee7d6ba9
SHA1 e5fa4422630b4fe80c8246aff6406c87da7033d3
SHA256 a8cc67f524c81ed552d969f11bb83bf6f36b57cb4d7b594d7506e15334e5b9d1
SHA512 bad1a481eafae781910c955d6a1c4cc917b94c56a10376b568249975b618266e866a430a83628023cf221c54521b884fcc3cbc858b7f856fd1212688800cdda8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 6ba602efb56224d61ad64ebc5923d69e
SHA1 14b4337deadb0e2a53aaadd6ab0ab186d61451d5
SHA256 fe91e75060df0505d5a91f331d6a3419029996aae8af9db2f3e23403679d8b11
SHA512 9b376d88e313a15dd02449bebbbdb85b24f2c30b89f9bebc8697e6a249d65211bdd726630c8cf53df8177c5fcd90cbe48cba3509a5218c3a37511b7a69eeeb48

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ec2b991807f55360436258424a62fd20
SHA1 50f35805a8ecc6c970c987c6eb666811367432e6
SHA256 637179591ddbe29f7c968c3cf148b50e7f50f1cfea099538a78cae868ddc07da
SHA512 e2450a61b369ba3a4cb1a010d1c8bb5a875f193f3662c6f0fde46e92bf70cf9a24929e7253b206b94cbf14bad7d08926ed043d621f92f099d8b6fd2fb479ddf9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 41d05a046ab920613600e33938d14eba
SHA1 f26e8bc9c0f24480b8f2fefe52cb3f20c31fe893
SHA256 b906fe49a5aff685f4fc26549807b813fb3f202628e355bd9b808781489c4798
SHA512 f961c4ddc1d7628948bf8195708334f26d37614f082b4098f9eeb98f31d5cf9c3c3c117c02cdd5d7fc614ef61ef73e51a2683355e5b1e690b0d08dc6dd0eafc8

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-03 08:46

Reported

2024-06-03 08:49

Platform

win10v2004-20240508-en

Max time kernel

149s

Max time network

150s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\912bad0c1ac9274edb113e0c584dbf45_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1692 wrote to memory of 2708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 2708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 1752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 1752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 1752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 1752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 1752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 1752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 1752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 1752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 1752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 1752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 1752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 1752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 1752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 1752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 1752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 1752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 1752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 1752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 1752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 1752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 1752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 1752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 1752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 1752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 1752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 1752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 1752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 1752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 1752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 1752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 1752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 1752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 1752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 1752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 1752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 1752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 1752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 1752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 1752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 1752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 2384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 2384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 1020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 1020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 1020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 1020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 1020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 1020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 1020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 1020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 1020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 1020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 1020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 1020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 1020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 1020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 1020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 1020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 1020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 1020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 1020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1692 wrote to memory of 1020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\912bad0c1ac9274edb113e0c584dbf45_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb611046f8,0x7ffb61104708,0x7ffb61104718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,9679782328629694364,3858594362724477422,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,9679782328629694364,3858594362724477422,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,9679782328629694364,3858594362724477422,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2760 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9679782328629694364,3858594362724477422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9679782328629694364,3858594362724477422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,9679782328629694364,3858594362724477422,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3216 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,9679782328629694364,3858594362724477422,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3216 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9679782328629694364,3858594362724477422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4260 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9679782328629694364,3858594362724477422,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9679782328629694364,3858594362724477422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9679782328629694364,3858594362724477422,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4084 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,9679782328629694364,3858594362724477422,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5988 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
GB 142.250.178.9:443 www.blogger.com tcp
GB 142.250.187.202:80 fonts.googleapis.com tcp
GB 142.250.187.202:80 fonts.googleapis.com tcp
GB 142.250.179.234:445 ajax.googleapis.com tcp
US 8.8.8.8:53 apis.google.com udp
GB 216.58.201.99:80 fonts.gstatic.com tcp
GB 142.250.178.9:443 www.blogger.com udp
GB 142.250.200.14:443 apis.google.com tcp
US 8.8.8.8:53 resources.blogblog.com udp
GB 142.250.178.9:443 resources.blogblog.com tcp
US 8.8.8.8:53 4.bp.blogspot.com udp
GB 142.250.180.1:443 4.bp.blogspot.com tcp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
GB 142.250.180.1:443 3.bp.blogspot.com udp
GB 142.250.180.1:443 3.bp.blogspot.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 69.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 9.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 ajax.googleapis.com udp
GB 142.250.200.42:139 ajax.googleapis.com tcp
US 8.8.8.8:53 23.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 maxcdn.bootstrapcdn.com udp
GB 142.250.200.2:445 pagead2.googlesyndication.com tcp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
US 104.18.10.207:443 maxcdn.bootstrapcdn.com tcp
US 8.8.8.8:53 jqueryapi.info udp
US 45.56.79.23:80 jqueryapi.info tcp
US 8.8.8.8:53 themes.googleusercontent.com udp
GB 142.250.200.42:80 ajax.googleapis.com tcp
US 104.18.10.207:443 maxcdn.bootstrapcdn.com tcp
GB 172.217.16.225:443 themes.googleusercontent.com tcp
GB 172.217.16.225:443 themes.googleusercontent.com tcp
GB 172.217.16.225:443 themes.googleusercontent.com tcp
US 8.8.8.8:53 pesagennn.blogspot.co.id udp
GB 142.250.200.1:80 pesagennn.blogspot.co.id tcp
US 8.8.8.8:53 207.10.18.104.in-addr.arpa udp
US 8.8.8.8:53 42.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 23.79.56.45.in-addr.arpa udp
US 8.8.8.8:53 225.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 1.200.250.142.in-addr.arpa udp
GB 142.250.187.226:139 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
GB 142.250.187.202:445 fonts.googleapis.com tcp
GB 142.250.187.202:139 fonts.googleapis.com tcp
US 8.8.8.8:53 91.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 s10.histats.com udp
US 104.20.19.71:445 s10.histats.com tcp
US 104.20.18.71:445 s10.histats.com tcp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 s10.histats.com udp
US 8.8.8.8:53 connect.facebook.net udp
GB 142.250.200.14:443 apis.google.com udp
GB 163.70.151.21:445 connect.facebook.net tcp
US 8.8.8.8:53 connect.facebook.net udp
GB 163.70.151.21:139 connect.facebook.net tcp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
GB 142.250.178.9:443 resources.blogblog.com udp
US 8.8.8.8:53 pesagennn.blogspot.com udp
GB 142.250.200.1:80 pesagennn.blogspot.com tcp
US 8.8.8.8:53 12.173.189.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 439b5e04ca18c7fb02cf406e6eb24167
SHA1 e0c5bb6216903934726e3570b7d63295b9d28987
SHA256 247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654
SHA512 d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

\??\pipe\LOCAL\crashpad_1692_RASORTTHTOVJOJCD

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a8e767fd33edd97d306efb6905f93252
SHA1 a6f80ace2b57599f64b0ae3c7381f34e9456f9d3
SHA256 c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb
SHA512 07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b9ac7cf6aeae3a288ec38480b8234c3c
SHA1 3c8869a3d3a5da8e3aca25698e339745e0aaab9a
SHA256 f06956529dea24cf6f7978e0533cd6e24ad7b4fd7d877bd549084a2475e9b907
SHA512 824a51feb155713308ba1df2a4559d1af43beed67e1d778c289d375f11c1d0fa688234c883fcbcaba1b5068e530b26cd493454775820ec272452016372699e5b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5711da5b5834fbbebfa28e20a4f098f0
SHA1 cd23226169081b84ac73df9de6c93da417c6b5b8
SHA256 6eadd4ca7695807f59764836424eb824deeee6e77c4ffcc2ab60fcd4927f5824
SHA512 c016770c5c84887e571f8aa0ba5ae2726e1d92f2558f747cfce3b0e96fb4639e7eb6747b4dd68e632c33cfacc2d52144a07090fe7a20bc79edfbbfbc5c7f183b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 cec41967029e0d0c47997823aadbcb85
SHA1 c679c461b052e755ffcd89873fd0a76e5b536097
SHA256 fd5315266353fe98ee2b5c524f2709170260a316115784f6d132260d145b9134
SHA512 cec604f932059981f1d825f8ef4cfa69eb46cd49d56be118e0114fd9db6aa51a0186735bb7afb4bf9e1784153928bef4fe7737b9d5178a5af38ae52c0858163d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 9f39af2ba8021da7ec914ac8e9668d8e
SHA1 8c9ea7ad1e3e877e9a114980b728e8ff916b0120
SHA256 d535bf7bbd4fa4d65049cb94c75880c40530efef54e88e521883125322595637
SHA512 1ae0257557e1b8290289f79b9f36f4095d32342618620247a99c58189edd18e3187c4e802ac6344e1ee8e0819beb7497e92c3c324f5b24e74c27de45783dd72a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e5949a0e34831759ba4ab591be2dbbd1
SHA1 5c854701a5ef8d72bed2152e7766487982b5eb6c
SHA256 463511c4e0e9e3d72ffd072c74958c93d5e0f5a9492ceac6f0325f44f2778371
SHA512 39d01aa5ccf7ce3c99d5c9310de286b49279dd4af9f3462984a15955fa066aa7785430c07633392f1b64f10168d373f891f3b028560f355070a6fd6e968e88f4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 fa862334178c53b83a81670f2c7f06c6
SHA1 af6aa8eaac094f4fbf4e800d2de1a2114335450a
SHA256 95b8e3fda660e4c10b079eab6911b8617688af83b6f6ca726012ae3d3d35b311
SHA512 a3c7352b34a2646ff418f40220de749ebb29252e6eb8b4fd97020b5ca625ff39f1fbd70f14b97effccfc9905e8b0c4b441987a30f6335b46c3d74947f971807b