Malware Analysis Report

2025-01-17 23:29

Sample ID 240603-qjrhxshb27
Target 91ec3d99a84a6b51da5d439b819dbd1b_JaffaCakes118
SHA256 38e051091e455b1c35e025a8a01cc30f066ea6c38d0ca7882b677a54e3292482
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

38e051091e455b1c35e025a8a01cc30f066ea6c38d0ca7882b677a54e3292482

Threat Level: No (potentially) malicious behavior was detected

The file 91ec3d99a84a6b51da5d439b819dbd1b_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates system info in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-03 13:17

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 13:17

Reported

2024-06-03 13:20

Platform

win7-20240221-en

Max time kernel

143s

Max time network

149s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91ec3d99a84a6b51da5d439b819dbd1b_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{ADEDFC91-21AB-11EF-AFF6-E61A8C993A67} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "18" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com\ = "18" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "18" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000050601990868bd446880a5754f8b1782a0000000002000000000010660000000100002000000039c072eb39a0e327877423c066fbcb5a33316dae969bb03dbd33063b87cb0cfd000000000e80000000020000200000002b45661f65cbb1cde3d4add117ee95967703c6d21e98fa9cce5fea5df5f2c08220000000e89fd542ae50b6de89b9998b3e9dc6fffceec23a232bc46a83ca37d7110b38ee40000000fcc52654e9103e531f54450288ca33d6f5c834c3946040b4b68fa09a0fdbf743d5b951209f27026394cf068eb0747632f72e456828e3104dda3a2ad097362688 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423582541" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000050601990868bd446880a5754f8b1782a000000000200000000001066000000010000200000009fdf82f005a36f53b062508a16f277f96024b35cdbd147ef02fe509f2e4191f1000000000e8000000002000020000000aee86c4218c2d0aa2cf72dcbcbe45a3520cc3e43e7d40130a891b9136aa1fee8900000008733cff1c01751b8458eb13154d4975921c250ae408ac45de46defd83508a4eb3529a6b16add832719ed2cb577b8f5bb1a88bdbc8a95bab3f44a1ceb35d042b88349d8cfb4cd03f3a989c22674f791b3406859d99f12fa517c7cfb3afb36d1689e4375b4d5237db22e5a6c3e90080b9cc2aee5de5e17e3157c603ade5ebeef7a194e06b55b0d93e228a870e7a36a6a9240000000b5e9589d851806238bfa4a84416cc87a628d124139e9bc0e50ef8433fcab286b306f3de914f0bffdae377e880386113899efc3520c5a164757752af3db9bf5b0 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 20183e85b8b5da01 C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91ec3d99a84a6b51da5d439b819dbd1b_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2240 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 i155.photobucket.com udp
GB 142.250.180.1:443 4.bp.blogspot.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.180.1:443 4.bp.blogspot.com tcp
GB 142.250.180.1:443 4.bp.blogspot.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.180.1:443 4.bp.blogspot.com tcp
GB 142.250.180.1:443 4.bp.blogspot.com tcp
GB 142.250.180.1:443 4.bp.blogspot.com tcp
GB 142.250.180.1:443 4.bp.blogspot.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.180.1:443 4.bp.blogspot.com tcp
GB 142.250.180.1:443 4.bp.blogspot.com tcp
GB 142.250.180.1:443 4.bp.blogspot.com tcp
GB 142.250.180.1:443 4.bp.blogspot.com tcp
GB 3.162.20.24:443 i155.photobucket.com tcp
GB 3.162.20.24:443 i155.photobucket.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.180.2:443 googleads.g.doubleclick.net tcp
GB 142.250.180.2:443 googleads.g.doubleclick.net tcp
GB 142.250.180.2:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 fe0.google.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 219a0f7de1969f401a6f850ecfdb5d5f
SHA1 45abaefc1f4e8aff976197ef04d3f0f359ff36bb
SHA256 c6526adcedaca88973482f5c0cdbcb0eb1b8f315856da33b734ada72bb7f1c93
SHA512 46731c5e7739dd4dab7ad2dc95017e170d447274e51840e5905923231c91adc673abca13b7062982476d376ad694c29c29f0d7d37d7fce20626859260b914e9d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 13ed5e0369cedc64c8437eb9a493a981
SHA1 880053c91809fef7b2a3d688143f554d5a05c0bd
SHA256 3560614f2f62c19498d2ad6c3b9fa8f232883167479de05e924a5a3ab19a8454
SHA512 18b3c940a3b722b58c476af4141ab987ed9f7557c1e52f3f20548b2c209abd67c943761d22e20ed59c36d69f8cd911285aff7efdf2d20f51c35cad62932aefa0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 c9328c7c31416f4345a31ab29273d5d3
SHA1 a11e3c7150520417962011a29726faff33307618
SHA256 27b6c81a36ab7b8a82f9a7d5116554d79f363efbe62487a780cc43dcc939f868
SHA512 024a81934125174a5917b5a96a445c471df6dae85a4c367d2010c1940a89dab5eb3a3141d2b771fa6385e3b261434382b5ea3709e4bfac3b404cd351883b623a

C:\Users\Admin\AppData\Local\Temp\Cab8C0C.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 0ef056f3ba2d86515ec3966978509407
SHA1 215e0fe0d3eb62ef0b06230fe106fefaa04ff795
SHA256 17da734828fd0474c93057ebaa01a6c69ac58b26943230f4a05745e3b0a671f8
SHA512 cde99983e5680e0fdcb6299a3c97289235d3468d7c9f23ecf2792d5f95488ca46da09902e024d263532c615b141e62f08c092afa759f03ea0cbc707e585498a2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 0f3cdd55f8d1bb896dadbcd6e0e8e32f
SHA1 ca87f2938a2c6642d6e3cff5a41994c9a08f6b7d
SHA256 d0f604f2ef3907325929c04360f0062caa804cd3be2897d6fea2605e3f6da4b7
SHA512 a87cc77c6daf6fce017bc5c7c68e0d4c9df85e82a3bb19e82e7bd2c936e146d44b07ffa91e3816b3361029d80cbd81c3c27a95fce732b512dc45c015bc22bf60

C:\Users\Admin\AppData\Local\Temp\Tar8D37.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\Local\Temp\Cab8D48.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar8D8B.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 08584a0fe9eea8012863726d8641a8bc
SHA1 edc8538fcc513e4b07380d548d0fae51b73716fe
SHA256 92a457420c363527737a667ef4fc8a4f2b5545b805ad8a77d737d1a101fa34d9
SHA512 dd4e3b686c16dc70d51b9c3b39bea883fa910c920e56a650d8f358c778b2620bb1790286ec353177f4f4c37446fb927192c564677a76e4af2c7c61b109c1f891

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_1DE53A40D87952CFC53E36A93B17FF42

MD5 7492d35ad49dfbe46f01dc01c7af70a3
SHA1 cb20561751b1b306c8cd3d8fb9ddb66efba6c8d6
SHA256 68e1f6d45ebac9608a34dd41a0c53fc731905d21fe953608cf858d0f6c5897e6
SHA512 b7b271a54867b0a1133bce09e7166cc19287877f8180759057c220f6a462a3e79a7a239ea1e727006f184a696c476b79dd9589f1a610f4d63418c7b88ce3be8b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_1DE53A40D87952CFC53E36A93B17FF42

MD5 c2b06f1eb916ff81cc40db4683e42685
SHA1 92f8f8244b5f0d1c677a8e853cbdbadace06e949
SHA256 e74c480335b4cc15cd1d8f2960431e7d08fb03cdb4c0f7852347bd1850c167ad
SHA512 84cd0b90bc3bc2f48c35bd041f125ec94e23cb3f1e677dd4564a181b0eb0df1723d8adf8072036ff0692bff322106f7a3b0386a5f48ecae25ffb6ec9298ddc22

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0493e5e6f5ae76e7814acdfcfb391c9d
SHA1 6d5ea423c1ed4b2eb01e89b2c6e4f3287639e399
SHA256 9550110cfe89a86dbda2be8e21ce93989096c1b85d603daee62f1fda63ecfc3a
SHA512 753623170ecbab9893b644ba79d8c8a4f99711c41f7f9553062b453512d68a316d509756171dace17e485e1be616e86e9a7295fdc7e46e6330f1ab0f63f1aa7d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

MD5 55540a230bdab55187a841cfe1aa1545
SHA1 363e4734f757bdeb89868efe94907774a327695e
SHA256 d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512 c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3c1c4a6a541aa41ff018a2157011b885
SHA1 e0064d0e38a6042e415e7c4b95e1cde1167e2c18
SHA256 a1ea2b575f992f33b843052360c1073e2160d084335d9b111a864b0915c0bb7c
SHA512 6ca0a74c1ad322e32a2a3fcfa7793a43b40c61ad8c50679e1e23119d2f0dc2d5320dc627f3be5aefae650545cc92906265542b626bdbdaa68f81d258776dcad8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

MD5 7324c7e1d67e4e2e0a35506109685c3c
SHA1 4ce4f7c3979f8f9bbe486ec9a0702ca99a66cf90
SHA256 cce3bc6abee56a4e4c28349a1ddf535f8f4536280214639b8346ae52d8717c9f
SHA512 0b3690d2c17360715c7e48d95963b80ac15912fd102ff594149df692883ddc52aa8670d4aaed3d185ba4a970c5efec2057c2ecf7225b8cab4596cd1615402b9c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 329333d8d3acccb68766e73961a9db31
SHA1 88b411bcda61cf432afff0bba34e1b87d81938e2
SHA256 7676f4bf3ff736657a83d2fc5ee3e8c4b83edea3f6d09a1febc120ac52cfdb7e
SHA512 b8b584f1a20f0c2e8f695db06898a12f2d3f0999b2e51d22b48c2afbe99c9e83ad80405ef5ab1cb1cb0da8fcc6b698021a7c57ba634050f8f280520d6ad720c7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 696b35b5ef7d44d6dc6bc4d8c01762a4
SHA1 3cd2c58a5406df6658b8519aef63972e3899910c
SHA256 c402faeb3e3fc53a84dd504efc7dae56304cf710316c62d2ea88900368c2fe46
SHA512 104e83298f4991fc668aa6e16b9c7eba9580f0d1569cc86c4eee14a5e201f802a3d1dad22039d65bb63222ded1abbe87f0b351f8c76b9dd3fbf482accbc3970b

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L9PN2QMY\f[1].txt

MD5 94804e450d1f5464f3ea74f8e31d068d
SHA1 101a69476bf5d31ac29797e4345a00c65a8019f7
SHA256 bbd458dafe470e3c50014fb7f73cff4cee77951215126ca3769c454daf04dc7b
SHA512 612c1526328ec2b01c6b5f93c126842bb7cf171cdaa6246e3bc166a1003690742d00a4404f1643ca57004f4e5203f4db27d15ab2f0b86feeec5a43bddaf004ad

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 17ab5106b60334bc51862a0108cec488
SHA1 42c6a268315f19e20aab6fa32935eee9b71652e9
SHA256 0579d1eaf370f2e0c3b0bd6fd6a97ab8bedfca2bf7c6afcd89ac0bf3b825c7fd
SHA512 be52642fbf2fb8ff520ad7c2c0b90021626ef864fa29320b25f1fe302f841d66ec89b48ca15a1afb51be8322e2d42563497ae5be6a0e2b0747307be3b2f06b3b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 a96dce32e587817a7bbf9270237df506
SHA1 b7501eeb27eb8cf5a6c0a0a843db9b800e873d0a
SHA256 4ecaf8527d4ce1af0c9b5c0a833e7f5f2d441b36beba5e70999527ebd9b575c7
SHA512 79389812d89eefc211e9e0352d496752e87d78b8964731e086ddfa54afa80caee12a26e7f8c48d79aaf343c3d8a57233188c0aa427e122fde43f788fc85cbf50

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5DKX8QD5\analytics[1].js

MD5 575b5480531da4d14e7453e2016fe0bc
SHA1 e5c5f3134fe29e60b591c87ea85951f0aea36ee1
SHA256 de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
SHA512 174e48f4fb2a7e7a0be1e16564f9ed2d0bbcc8b4af18cb89ad49cf42b1c3894c8f8e29ce673bc5d9bc8552f88d1d47294ee0e216402566a3f446f04aca24857a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0678101c77be93661780535348414d6b
SHA1 880d6718c1a2f5d39054601dc97ffc28b0940fde
SHA256 61dc826c27fbcfebdb7c7f2bb9398aae5c695d36de535730d40d0160c6e066ef
SHA512 9d8d4e598abaf24fa377ee76768141167bce0955a98ee535a4fe82ced1f1db46c81e7d54072ef36d4eea48662deafb5693cd4550f7d94980163afcc6474f3959

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7fc6508c7aa55f0e1dba140b81455087
SHA1 9114f0415458060a54c9fa415952ccee933e95a4
SHA256 c4c969b409d82a1e752df67245ac2401bdb293e114c6c638b23c91202b1c542e
SHA512 75d221e11f578aa632d7ea384a164f441b2d7dd11d7448d66fd5963bc87a4f834d97650d0f0c46980ad6c7b6b88c7ccfea386e14f39f3945783abed4b51e94c3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4c460b2b6615d328c824f1fd419286f5
SHA1 89d8297c1ad2323b229dbd3d7b953ad7d928fed5
SHA256 79ce848925fedb60e4a9c3f7181e3ab2f49d2d554c8116fab68dfb69c5802d88
SHA512 fb64091c22dc1037a9b0db43d95c1f8280c45ad93af2873984512217503f4e6fce4d51f4d5437a8d69cc87fdc661eaf293f69f689ff671e317b3f320846b3ca3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 efbd1311e38082d873dc4d5b777c5ef3
SHA1 c2cc14a3d159fd8489b89e4ef69e92b82c4c5094
SHA256 196ae1369c5f0c8381b06369abcc3efa9bc7217a82d763d7be3a498491f23b57
SHA512 3e62be553f82fbb8a97b333d3e55b7ca86478af973e3e258753f45983d727fb8a43950b9c545098366e8359d01c2bbb82b7701c73ce6aba427985877a5f1948f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d93fcba72870f4455bc0a31a4f95c9c9
SHA1 46232212333a59c7c3088f178ebae7eadb4c51dc
SHA256 c7f74aa31fe09b15ac7f67d553ecbc1d29d94b5c48f3a651026a4440c1fa3e78
SHA512 7986adffb752f9712b7877eebace580fa22b412d5a86473afd7fe825a697a3273fc284fd4e8fdf946110097a1fed421ad3aa5b88e735e62a4058903b670b3478

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3c917921e9dd68bacc4090166c644e18
SHA1 b3b6870b0f4d99a120bd2ae2ad662bbf31ec4048
SHA256 d3e84fed1a5fb6ab63106ebcb942e658a1da66a4cbe40e2b114b203cf2a1321e
SHA512 74cfddc351ee75d254cdc3c423c616e41575c11bbc7d1bafcb13cfebeb708db87c2427da9c79b6fa438a2b921147d9d068185281137e4def9ecc02f4436e6370

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8442e23d6b0435b83d64417fe2da7c75
SHA1 5391917afd31d0478e96f23a59869ad0721e2f45
SHA256 e090767794f1b09d80de5a1cccff305c3dbdc1978d19d396e455c46a26991604
SHA512 8539b49cbef0a72de4272d1b6fa7a07955a5181b1139a8377706ff5cb5803efe377ca107d4e95f41ce94ba7ba908d7b478f847c390103efed116c80de01c4aa3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 96130eda9e15e6f1de7e44849e4ee830
SHA1 f8cd81080a90f2db3cdab1a5d30579f2a8ff2c35
SHA256 0db4af242444b5c477241055c2aa51cec3f7ad869f475e48d02bce934bcea693
SHA512 a9f30b750fc6d75f9afa4814743121ca8e8bfbc28be7b770988dde083e4eda92df506554933c86054b8d83f803b7cde7bc513a6340ccd730eae56023795e44d3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9b92fd1494575740c46eb86a05cf2812
SHA1 63cfe8ce7f9cc21d74a31c5fa0df309469f2c503
SHA256 577a011a6f769ef112cad5d5eff92825926abde617e26c09e839f4ad69aca530
SHA512 3881368cdbb87e920b6e9e3c299b8a248459b7c515722ec5eaa42eb2528534dfd17cbae9375b63df632dfe30ab5119a92235bc07626e2186a909279ca679065c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ce3dab16bc0b2afcfb7af9b0d5de85e8
SHA1 a4fa5b47b9d92b8ad63bef1e3ecd1ee4329f689e
SHA256 5bff6732c7c7b692b676ff8d5d9ed391c26f9dd539423bc91df1e0898d125c4d
SHA512 9b5681e07beedf7cb73eb54cd5e16add111b2dab2a8818dc47247ebac82b0c275aaf7407469db390e78e2c0261d150005aa817062959b318a3ab2a0712861f01

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 89c4ba9e615163629c1efc2b2d6750ef
SHA1 fc3c75340d35280a377060741012c23736ca106c
SHA256 ead3054c983d39130a3eca40a7b6a12fbac3c2e40f2413681fffc6b9dbacdcff
SHA512 5a5089fd05d8e8708508c0542afd7764a15ced0c5ab3434452f6e7563163da1df28c9d9c039b2e4e01a486cdf5692b45b2df2014e04dfcf3fca18e950418eae9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 9491d2ff2ba23c0bf568a8c7b49fcc2a
SHA1 bd582c11c7ed8bacc915ad40bd548e71cf21d659
SHA256 753551f5828f3612389b7ff23a91e14b34c97153a5827bd295b3a7d27f5d2967
SHA512 bd5234ab1e0ba2628fd979ab005b503050548120e51fbb813e0f01cd626b44985a032a3cd2f2e6cdaa0a07379650c50d99121b141288f346313cc0e530779e74

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d5ff606fe662e810fb4e6660179d9050
SHA1 5f9e843984ee4e2be254f5053ebb87b111ce20c6
SHA256 c4bc712e698f5d694375a09ceb6471344092dcc787ceefd522584ab52862e4f1
SHA512 4fea4d5da89faa9804fda9afa82b792439a730d3b888faa41b0be32ed2ecadb69857537f5913a037557f16e97d084d88fc987e2bed1f788aad75eabc5d7b1543

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f2e517afdfe61a2572543ed7ad28137d
SHA1 05d6d503c7ff7eaf97d4385fd1729067028ca98c
SHA256 2c545f6f8fed2d4cd29d4d1aa5b32a618e072646a942351c1752f96fa4318a45
SHA512 fca5d948c547f0df29eb1cbf3530896811e2ec1c19ed530ef14dbbb540503ad044b5c15b1f4bd1352a92c402e1ae1959ecd6b128dbf3b47ef0e05417d084f7ba

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 94071828c62d971686cdbc63f65b7eab
SHA1 536f3bbb95d81fcf4b5518e636c1db31a9d43bfe
SHA256 324029741f15f3ad7df604cc496dfe0a9c020ac8c9c19f7e4e71e392631fb504
SHA512 838dfa8590a004dfd59df9f4b53b1faa305a1720c8e5a6eb24de72e3c55584bcd5e796b4af6d4dfdd3ff482080b2bb9577613a402c2da765713020d481f2c445

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 484e400a242459b072b83c809c415435
SHA1 35e3a06a43f741de7008bcca184c6c89cae3cf84
SHA256 824eb0dc9af043f10eea0b4d8915f41dc1e16303be339743cbbc9c2ffa642e1a
SHA512 ca81e2bce60f27e1bc10ffa6ebb02742976436c656a693c227e382e43a0df7f3582de5f6b081457c825ea8ff853c5b4c73eac092829c270d7fae0b29116b23c5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c2c6464d3a210f5a3ef46d15a79cf3c0
SHA1 2ef6d0467380116c306e53227ad9e93fb4882696
SHA256 809257bc12adddc7df59fe35a1132388368014cfc3d429492934b951c8f80cfa
SHA512 743ed4fd942b9c1e1fcff14d3846c7a4a25497e2dca97e02be394112b284eac869138c98ed353342af269917ebefd9c0a8bf389bf561c27e9bb2cf069f1df1a9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 64f1c96d202c9f13b4732c7bae4ebc75
SHA1 398e445180ffcbb12ee4c7a8ad285fa63f4da41c
SHA256 cc21181b4ccb1be267494eb95a372b7ee0273e2a610669a383f6c0570f7d9a8b
SHA512 5483c988dfded446d7aa426d7a791f5b5bec71098042b1a7856307eaec1d506d4d372b5f94b9fd440a776dd0e19f6669782623cac62207d5deac9db57cc8eab0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 aaa12a510a6ba58b9ae8b393be3639b1
SHA1 7e23611375df8e4aedca6fc0d55e2f3553b0131e
SHA256 118172a8e28db429ec475e6d1d0b37b8faf8375a2c76a78ed4d860814a1178af
SHA512 3753e5eb025d1df183d98958f0487b8806b817da7ddf7cea29bf1603f09d40c181b642ebbed8fb76db3a2bf11d343eb75c624d8a778050646fbd97c47f83eeee

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 92a9f29363d06d5db3bd557a23cf6c6a
SHA1 68442bcce4461abf05ba714d309aaf37814e0683
SHA256 9722680eefd7b2249d561db0123a482e1e2ad5640dca5eca7cafdc3e18e6b6a7
SHA512 b82287350ab717208b6fff4f911d2b1c7bef9f5370d0844f9166fc483e50c9e1e31c7c5e8736bb5908f4ab8963deafefa3340979c9540c7d8f20cc5a2de296d6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a77b8adc9aaa1ff0d0712929d81880c8
SHA1 c0880026df478fc0f339392f74106ff5c00ab225
SHA256 cf4eb74e2d85f74bf30eeb9ac943dc7ebe38ddfd6f43d6790ebf88289e241b49
SHA512 b30c46e0e73aee2e84bc2dcc78a7213ff81388c7d549721b6ccc6c38837dce45ff32a35cf13a281567f5c5f94f9d18db61ca17ba5f39e2cc104f007838752cce

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 4a68db41418b6202b7b21b1bf946455d
SHA1 22b987d3e498425f136d86121b38f65ed5f69908
SHA256 fa353bd3550593d4d1af48e706f13e46d0b3ed5cb07937a497978ba36e5b9631
SHA512 08afb19d43d3dfc20b387ed907c9df342d74182d6a1737f4a63c6b768cfd8c6367d7a0a4f55d96bb4ab772f4778c4dfe496be09d445633b0492b23d800e11ee3

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-03 13:17

Reported

2024-06-03 13:20

Platform

win10v2004-20240508-en

Max time kernel

149s

Max time network

151s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91ec3d99a84a6b51da5d439b819dbd1b_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4424 wrote to memory of 4196 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 4196 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 3456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 3456 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 3736 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 3736 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 3736 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 3736 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 3736 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 3736 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 3736 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 3736 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 3736 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 3736 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 3736 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 3736 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 3736 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 3736 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 3736 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 3736 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 3736 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 3736 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 3736 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4424 wrote to memory of 3736 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91ec3d99a84a6b51da5d439b819dbd1b_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc06ac46f8,0x7ffc06ac4708,0x7ffc06ac4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,4255250589120858584,1161485911195470063,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,4255250589120858584,1161485911195470063,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,4255250589120858584,1161485911195470063,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2480 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4255250589120858584,1161485911195470063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2816 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4255250589120858584,1161485911195470063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2824 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4255250589120858584,1161485911195470063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6044 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,4255250589120858584,1161485911195470063,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4892 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 www.blogger.com udp
GB 142.250.178.9:443 www.blogger.com tcp
GB 142.250.200.10:445 ajax.googleapis.com tcp
US 8.8.8.8:53 resources.blogblog.com udp
GB 142.250.178.9:443 resources.blogblog.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 1.bp.blogspot.com udp
GB 142.250.200.34:443 googleads.g.doubleclick.net tcp
GB 142.250.180.1:443 1.bp.blogspot.com tcp
US 8.8.8.8:53 3.bp.blogspot.com udp
GB 142.250.180.1:443 3.bp.blogspot.com tcp
US 8.8.8.8:53 4.181.190.20.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 9.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 2.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 34.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
GB 142.250.180.1:443 3.bp.blogspot.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
GB 142.250.180.10:139 ajax.googleapis.com tcp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 i155.photobucket.com udp
GB 3.162.20.115:443 i155.photobucket.com tcp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 104.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 115.20.162.3.in-addr.arpa udp
US 8.8.8.8:53 81.81.224.13.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
NL 23.62.61.75:443 www.bing.com tcp
US 8.8.8.8:53 75.61.62.23.in-addr.arpa udp
NL 23.62.61.75:443 www.bing.com tcp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
GB 142.250.178.9:443 resources.blogblog.com udp
GB 216.58.201.98:445 pagead2.googlesyndication.com tcp
GB 142.250.200.34:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
GB 142.250.180.2:139 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 feedburner.google.com udp
GB 142.250.187.238:445 feedburner.google.com tcp
US 8.8.8.8:53 feedburner.google.com udp
GB 142.250.187.238:139 feedburner.google.com tcp
US 8.8.8.8:53 marbun.googlecode.com udp
NL 142.250.102.82:445 marbun.googlecode.com tcp
US 8.8.8.8:53 marbun.googlecode.com udp
NL 142.250.102.82:139 marbun.googlecode.com tcp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 connect.facebook.net udp
GB 163.70.151.21:445 connect.facebook.net tcp
US 8.8.8.8:53 connect.facebook.net udp
GB 163.70.151.21:139 connect.facebook.net tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 2.bp.blogspot.com udp
GB 142.250.180.1:445 2.bp.blogspot.com tcp
GB 142.250.180.1:139 2.bp.blogspot.com tcp
GB 216.58.201.98:445 pagead2.googlesyndication.com tcp
GB 142.250.180.2:139 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 209.80.50.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 eaa3db555ab5bc0cb364826204aad3f0
SHA1 a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca
SHA256 ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b
SHA512 e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4b4f91fa1b362ba5341ecb2836438dea
SHA1 9561f5aabed742404d455da735259a2c6781fa07
SHA256 d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c
SHA512 fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 aeb01eb0405cd717bbedee6d0a3180c4
SHA1 278ba0b9bbc757dc0480f394abca7c2c6067e6ce
SHA256 fb96a2f17aefa53f53f1131522a98973e3c5af9043d1572b5738afb43436b2e3
SHA512 af10c2efe93f22bdcf5c0b9d21d682d7ea6e68207398e990fa56b7de3a6a094d4becf1d4888549271c6f831d6e9c0499c7e70ed0ffeddcbc0ee3c3ffa74f2fc5

\??\pipe\LOCAL\crashpad_4424_BQBSVELDPBZOGPQX

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\0bd12cf2-ad8a-4878-b2c9-c69ae8247503.tmp

MD5 086343e379ed4a6e9dec849728176e98
SHA1 9b944f31842553b605e207954d10b3c42ce5f9af
SHA256 f17b1300d532bccbc0f8d9aea0bd0afa1c381239bc53b033be8563ebca82e5a5
SHA512 5e72d3bbcdba0fd7ed6a3cba5386da3b0396d378bddbdf9e2ad8c4b0846f3b43d17a0b60842eba70d485822466e3a44cc7ac014e23a2f9c9fa5336a3982181a1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 18533bfea1ef76c90908354fe49a1670
SHA1 4f34d6a32f686a2a1472f50473a05472b53be3ac
SHA256 ba34df0d2a96afd7095947ffff6288607669a4f404b199e387d6f1d09762e0a2
SHA512 d3214d72fea308c56eb0539e1c5e4ffe674871dee047cb23890f42b42d052b9e7d3286f6ec354c4b48ea8154e55daffea1ef1108b93010c9143612436a67fbbf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3832dcc3fad94b089c3e8093f99bbebf
SHA1 a1a5291bc6f7bd1cc93b0058f74f6219cae68586
SHA256 cc57f9d4f12133e967af956360e485543d2171ee8d4cd1c82a4d0f49aabd37d0
SHA512 9ca6c0cb8492654a6c8f556e083e01b012655f3c4744a872d2be34f024ad98d355732aa94c14040d12dc0e33a8eec60b4cecd21f6ae292b45175d90922f0db95

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c5f0.TMP

MD5 db08c6eabad6cd469d39e864ee5ba737
SHA1 61b2fd4b99991ffb5c33c498c5c7d5357ef01601
SHA256 a5a0f3535a58cabb960d65dacc4f5647d5728deb6cd389f343606033809ddb8d
SHA512 71f4b101aa11be4ebd203467b53dfa3e5cf37f257400adc85f47c0c9844e44711639f78f5d0ad301e16afa9fddee08a12a84e9915e6f58508591344ba3291a4a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 0104035a3a6ef09623a742cf3dff51ff
SHA1 e51ea12c0e119dd18b00135c508459cd344a6d7e
SHA256 5726f66e010836a011adda4c1bf282300cffc3b180c4b5c18d40b57478f6c3ac
SHA512 f6f34680ff016d75ab9e5f93d2628a1df020a4a2f14a2ec6afca342460b57e5b33519b0ad369a96a30b05cb9b3c5d457d3aa6c82f05ddae2007a8ad974fcf9c6