Malware Analysis Report

2025-01-18 00:12

Sample ID 240613-qv6f8avfkk
Target a5d1984a027698ff19295381a004f21d_JaffaCakes118
SHA256 942ea37ce652ef0dee9c9132aa757ddf54a1d23a6f0e96c11de4dd57cbd31b61
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

942ea37ce652ef0dee9c9132aa757ddf54a1d23a6f0e96c11de4dd57cbd31b61

Threat Level: No (potentially) malicious behavior was detected

The file a5d1984a027698ff19295381a004f21d_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 13:35

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 13:35

Reported

2024-06-13 13:38

Platform

win7-20240611-en

Max time kernel

145s

Max time network

150s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a5d1984a027698ff19295381a004f21d_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E0258B71-2989-11EF-968C-FEBBC6272832} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000007e4c2de9837949d82152775a71828f4210f177985ba670b591f40fc8a2406091000000000e8000000002000020000000af76b2f877407da486eb3b6fff44ceb908a18944a867ed2433a8ce130f8fe44a200000005341dd0c987ae3bec06fc9fddc95749a0fe502528ebaf3b9400a2b334d11ed024000000084d477e06f0a3ae77080f07d7ece40378b05e3462a2535a777da9a11d2a1bcaa74df48a009eb51851d66047dd1ee4d2e292c38887bb8084b0c9f529f1231d72c C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f0d77eba96bdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424447631" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000003f24aa694bd1b466382e7124a580880de3bcc12e9abf224c7a0ac6d711f5acdd000000000e80000000020000200000000b4a2fbfe948b4321c876ac9213cebfc3b67e08c9458a4dd4a8ce948ab07dfd2900000001eee1ab18bb4e386f25506de4606f828c22221b9bc46a40cf33a5bf9215a4a1b764cf82c6ebd174b23f73b0322d5736024dcf426f4de5d84f520f71d032294a4a433a14779ff33fbac9691b45cc29dcc80d02a0fcd6e2a6f70d49307d2d83f6315400ca2ec7edf6dea1eb312d413a415e3636ff85f45dcb171cab6093189fe6944371c88ccf71bfc64320d60defb0f0240000000607d89c6c1c9f9cc3dee2b1777a1e98a4ad33f952fa9a8085cc85f5e7a70944786e0742622b22f09bff5e3fee71f1a765c18eadba5d5ee862b697843d6e0e30c C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a5d1984a027698ff19295381a004f21d_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1704 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 weloveiconfonts.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 platform.twitter.com udp
US 8.8.8.8:53 lh6.googleusercontent.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 media.wiley.com udp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.200.10:80 ajax.googleapis.com tcp
GB 142.250.200.10:80 ajax.googleapis.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 172.217.16.225:443 lh6.googleusercontent.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 172.217.16.225:443 lh6.googleusercontent.com tcp
NL 151.101.36.157:80 platform.twitter.com tcp
NL 151.101.36.157:80 platform.twitter.com tcp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.187.202:80 fonts.googleapis.com tcp
GB 142.250.187.202:80 fonts.googleapis.com tcp
DE 185.116.245.25:80 weloveiconfonts.com tcp
US 8.8.8.8:53 yourjavascript.com udp
DE 185.116.245.25:80 weloveiconfonts.com tcp
US 8.8.8.8:53 apis.google.com udp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
US 13.248.169.48:80 yourjavascript.com tcp
US 13.248.169.48:80 yourjavascript.com tcp
GB 172.217.16.238:443 apis.google.com tcp
GB 172.217.16.238:443 apis.google.com tcp
DE 185.116.245.25:443 weloveiconfonts.com tcp
US 104.18.35.31:80 media.wiley.com tcp
US 104.18.35.31:80 media.wiley.com tcp
US 104.18.35.31:443 media.wiley.com tcp
US 8.8.8.8:53 apps.identrust.com udp
BE 2.17.107.226:80 apps.identrust.com tcp
BE 2.17.107.226:80 apps.identrust.com tcp
US 8.8.8.8:53 x2.c.lencr.org udp
BE 23.55.97.11:80 x2.c.lencr.org tcp
DE 185.116.245.25:443 weloveiconfonts.com tcp
GB 216.58.201.99:80 fonts.gstatic.com tcp
GB 216.58.201.99:80 fonts.gstatic.com tcp
GB 216.58.201.99:80 fonts.gstatic.com tcp
US 8.8.8.8:53 developers.google.com udp
GB 216.58.201.110:80 developers.google.com tcp
GB 216.58.201.110:80 developers.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
GB 216.58.201.110:443 developers.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 4.bp.blogspot.com udp
GB 142.250.180.1:80 4.bp.blogspot.com tcp
GB 142.250.180.1:80 4.bp.blogspot.com tcp
US 8.8.8.8:53 zamovhack.blogspot.com udp
GB 142.250.200.1:80 zamovhack.blogspot.com tcp
GB 142.250.200.1:80 zamovhack.blogspot.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 172.217.169.3:443 ssl.gstatic.com tcp
GB 172.217.169.3:443 ssl.gstatic.com tcp
GB 216.58.201.110:443 developers.google.com tcp
US 8.8.8.8:53 blogger.googleusercontent.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.200.22:443 i.ytimg.com tcp
GB 142.250.200.22:443 i.ytimg.com tcp
GB 142.250.200.22:443 i.ytimg.com tcp
GB 142.250.200.22:443 i.ytimg.com tcp
GB 142.250.200.22:443 i.ytimg.com tcp
GB 142.250.200.22:443 i.ytimg.com tcp
GB 172.217.16.225:443 blogger.googleusercontent.com tcp
GB 172.217.16.225:443 blogger.googleusercontent.com tcp
GB 172.217.16.225:443 blogger.googleusercontent.com tcp
US 8.8.8.8:53 minimag-themexpose.blogspot.in udp
GB 142.250.200.1:80 minimag-themexpose.blogspot.in tcp
GB 142.250.200.1:80 minimag-themexpose.blogspot.in tcp
US 8.8.8.8:53 i879.photobucket.com udp
HR 65.9.189.89:80 i879.photobucket.com tcp
HR 65.9.189.89:80 i879.photobucket.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
HR 65.9.189.89:443 i879.photobucket.com tcp
GB 172.217.16.225:443 blogger.googleusercontent.com tcp
DE 185.116.245.25:443 weloveiconfonts.com tcp
US 8.8.8.8:53 lh3.googleusercontent.com udp
GB 172.217.16.225:443 lh3.googleusercontent.com tcp
GB 172.217.16.225:443 lh3.googleusercontent.com tcp
DE 185.116.245.25:443 weloveiconfonts.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 cb85f3fcf86ef0de7ef258539cae87de
SHA1 c73288fff07885a62f8c7033b348863ed3b8cad1
SHA256 7430a96d94b1faa5363b7656b323ffa416fd262e0405e498bb143dc93443963f
SHA512 dc152f2e8c8f7e316e84f7a1f3996e02c08d582d6d0e40b8bf7171e359ea952a80b7452e56690b30fe98b4655d4744e8529a930449ef1cd853e377f86294b2d2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 aff026b8fa754863279beb9937b2bde6
SHA1 790e6d94a2f3d4ed2cae79f5b879828d67dfaa69
SHA256 882ed68875842422d13be46284b9ee5e919a7dfa85ba323ded7d29b5ee88c08d
SHA512 67f7d3a5e59e43ba1e9d62c9bb1ee1d89df59c90ead062e86e2cad3d1d016e50a6b48aecc22efc3842883780a5ddcf9d2816c1479319ef12a69b1d67a00f2e71

C:\Users\Admin\AppData\Local\Temp\Cab649F.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 e50107e3379b6045d58577a06a98f23f
SHA1 4f1f9a00517ffc6b91077d9130d208ea0dc26ee0
SHA256 ef6823db26b999c82cb8499e4454d4cf693ccba337a2264c05ceff55547bae72
SHA512 f65359471bfd69428a64c85277c51e931084e62fde983e5fbb9dcb3c90de042460041fd82749488f4c4a8f15204f7aa172bc1162b42179ba31e7ebe5fe5271c3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 c2fe4d2783f44725b1cecf1c17fa94d9
SHA1 ba07bf35d8479056f6cd679bf252ea50bc16e9fb
SHA256 37e546fc32769122693519d9fbf23f4f0e141a8df2063bf8a9ff8df53701f8ab
SHA512 6fa6af235e9781f2e12b125c9ed8658d5e14af8c40a8a95b5afb1432b1c610484afce2860d97395382572d7fd0e489ee7b239c025d3aad3f71d44b21622c35b5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 8ac9bcf44efd1c1b0b27ebbac59584f0
SHA1 9454a759fb464082c888ad58aa1605833615ba01
SHA256 f9bb8e26195cdeb38da0abc4b36bc1ba5913fd1f8e2a47ef14f890d85f6d9164
SHA512 313773557e953c5ae35c1199b5f04d60d6dd2abf664f56c681b087c55a11d95832c4034775039a1cf5c6fa36bf06b3fb6551f77ce6eb49124e96e6500a5adb90

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 20384f2f47a2e1dc7fd623d1e94377a2
SHA1 5ea69bbc6c38b39531c722ea0a198d4855d9e792
SHA256 02f57ef5901d26e09a74c76287e485ee53259dc54e64410b29ca2edd68231212
SHA512 29a0b2c344871c9becfe7e91edc0f7071ef6d9b73c36faaf5175ac39ea0ad42e336c85ec5764b503c059e9a31f11fb5d6c6cfb8a232383a8560dd45173a6dbf7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DACC52A1882A05AED14688828CFAE295

MD5 29b466f02ab2e3d58ef4816bfcf9b6d0
SHA1 7700dc453bb3f5d3ed96e68f4755eb40d17f290b
SHA256 23221ba9165aba12df541ca232118a602fcb5ccd267f60aed59ffab002f94d49
SHA512 26dbd4367f77fcf386caf32f7831da60ba54c5b4df0435b0a47a2d8c113dc121a728652c91a20450d2b01650e5ae4a8d7b7c9df806a40eb4b72474e55d2f92ac

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DACC52A1882A05AED14688828CFAE295

MD5 a4c3e4b3f212ccf9719236eaa8f728be
SHA1 e017a18974a9969ca60ca2499ac54b464d91a2ef
SHA256 0641546fbe6a6bf201d918796cf5efa992632208053037f369a6173cc2afd39a
SHA512 c4c229eec604f4022ab0d439eb8b95bbdbb554d809d4571745957f0da5dc740e4ecb13757273b9dcf9f431a5b1ca40d53a539e2ccfaadbf7c161dba6b8b2734f

C:\Users\Admin\AppData\Local\Temp\Tar659D.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1be563354302cc1235b1ec87f97b2230
SHA1 993def261c7192c3546feb8681167a4b724a0907
SHA256 0076bc403c60093a899f90f47bc4a3aeca7a22cc8368c2f21681a4534a519633
SHA512 3bc5f59a66f0d2eb9f96f6801aac314e25817c66bdb63b9112579da201b08b92b1f716c8e15ea02efee84165b5242206c93eadcb2735f65ea1247b11e2c51d8e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\54A67440506C68A6EB378D31F6EADB06

MD5 5bfa51f3a417b98e7443eca90fc94703
SHA1 8c015d80b8a23f780bdd215dc842b0f5551f63bd
SHA256 bebe2853a3485d1c2e5c5be4249183e0ddaff9f87de71652371700a89d937128
SHA512 4cd03686254bb28754cbaa635ae1264723e2be80ce1dd0f78d1ab7aee72232f5b285f79e488e9c5c49ff343015bd07bb8433d6cee08ae3cea8c317303e3ac399

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HWTP8BNA\platform_gapi.iframes.style.common[1].js

MD5 682c26af19b240f98d2cb951721fa54d
SHA1 18e58b652c7f82a55ab4b1910693686049e25d62
SHA256 96428f0f585a874c185d560538ad83ebfad0365d760fcf9fcefe80add9e3c980
SHA512 078aeef086271b7f9cf0f6e3a1e7908d7e38465a1a7a4de6f2a785147e9130551a2995e80600824da9341d58e5425d4505518e90eea9ffe1c64f4f41825a9660

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3JK00ZJ\cb=gapi[1].js

MD5 f9255a0dec7524a9a3e867a9f878a68b
SHA1 813943e6af4a8592f48aeb0d2ab88ead8d3b8c8b
SHA256 d9acfd91940f52506ac7caeffea927d5d1ce0b483471fa771a3d4d78d59fda0d
SHA512 d013be6bfc6bcf6da8e08ed6ff4963f6c60389baa3a33d15db97d081d3239635f48111db65e580937eb1ea9dc3b7fc6b4aecb012daeee3bf99cfebf84748177e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_253AFFEBDDD932C2C90532345D896F24

MD5 f09e0dc17550f6c9b1854ddd7f548e73
SHA1 7932e0f81fee76ef5b268ad0e2fc2b6108c61783
SHA256 78709857683b8f0d7d24584a4259a5488fc43a93584eaa9093db30b91a460916
SHA512 788972481bf7b2af66290a926408095fce962b58e342aed5f9ac3a548941f870f62fc50031c8f60c66f4c2e7880c4da219eefbcace6fbf5fdd5331d081cf412f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_253AFFEBDDD932C2C90532345D896F24

MD5 e5661df1c2757db3e9426a31644ad2f4
SHA1 5a3acc2b41719eed4c36b8fdba3d38347eca2147
SHA256 442e4345163a2ab681cb4fce3c9ff3c3cdcf8d8fc0d7597f1b02b22f1b738002
SHA512 b2e908b108ab22025bfa26d33aeae2b320a812c064a701a2d4be7c9b5a2c44fb75022eed440ceaf6ca32f3cc5eca19b3ef3f1b23b5db19b7ffab8bcc848f5135

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HWTP8BNA\55013136-widget_css_bundle[1].css

MD5 e3f09df1bc175f411d1ec3dfb5afb17b
SHA1 3994ec3efe3c2447e7bbfdd97bb7e190dd1658f9
SHA256 1a2eca9e492e3a21e02dd77ad44d7af45c4091d35ede79e948b7a3f23e5b3617
SHA512 16164d66d452d7d343b1902fe5b864ffdee42811ee90952cbfe9efa9847c58c0403f944c8e29db2bc2384ccd516b629cb8765e5e51de37da6efd75962cf82530

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 10f4484ee25bccf031be55f1d7755dea
SHA1 eec512109faa5a4a6977897db831bcb20170055e
SHA256 2cc40002080621bd536f4c980a38d46feae4383ca92ddcd85eaf5be41f4ecfcd
SHA512 82de7c5dbf57406f38bddbc3cf1371cdc7c6c96f185bdcbe94685d4bcbb3db1373e0b356a2699d027987d656fcc5990cb4b69045ac779cc096cb816f0be0cf44

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bd73e6518c9dedc8106e94d0cafb59ce
SHA1 3777b9ccc6ec6b21a07b833c87efe9b404768a1e
SHA256 0599bc7c30f3cdc4d3769633513ab86d9ff54c42dbe14b90781fa2a8899c3508
SHA512 feabbf03dff2d6738c91e59ffd6f2342924f4c7aa690f67d25bd721a5c7d60c42815c154587a701fcb250f1e6fa80127bfa50954e8410c8f155e54c7a2ebaab3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\54A67440506C68A6EB378D31F6EADB06

MD5 db836f673815b99efeb73981418952b2
SHA1 d1af388f8292369cfaa417fec258ea583dd42175
SHA256 e3a000592a19ddcfe9484dd8daaa39e3cfd2c6771c055854854af69f43956f3c
SHA512 4965f277bc07294dcbfc638fc4b20692d5612e5a2dc103e9418f3e5e325b423852c8da072a4a906b9eeeacdcdee1d19fc2f64ee9b7c0acdbd1292596d1be0731

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c99f74fb2fe87e16d879746c03201bd7
SHA1 dc237e4cdd767985575e466983b6da842147f5de
SHA256 d2e7a18e78e3e1aa1f70093f7f7384605aa4802a9733b5f2cf6896cf4fdd2ebb
SHA512 0f154008ddafeec3bc704535855f4652b3b18aa9e9bdd8699047d9f5fc80cb7499d20872d3cf030570e3f890fb3eea28061d27551e4fd0d5d616eb2cf9ec0b31

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d209ad36dc69958808d6883d4518c201
SHA1 949445eef86a83475066b11a60ef8f5ef1b5d13b
SHA256 00c95a78131d31047ee6be2f66451e367f412b7c09f6525a18b81c4b7fab630e
SHA512 e1ee4ac959d441b9c05da53f7f4dd29e87b02096a21658ba318b679ece7de837e13a8f74740d5c19a5c4fa2db27095f0f0699abd90282359c859878cd23c67b0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1a135c63b473d048157ad2059db9fb21
SHA1 4679e03f21cafe05c097e79f52aa1168b5686ed4
SHA256 bce899d63b0ea2f3fe6618240418f943f52bda5f50d1a57be3d1c8ee199bd37a
SHA512 09ae190bd2e1e2fff1c579bae65f6e27c174936e2c276390ed71dec5157c4c222b28c51c89605751d19aceefd139768b68e8e66aa647e9986e65f4473ee2d1b7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 48b122b26e9ca423eea587637193c095
SHA1 b19060f8b2c0ae8dd4b300dadf04571aa216f2d1
SHA256 e8d521c2d6f4fc2b5f7a8a91b7f44deab7dd489126c32acb5af5002beda211c0
SHA512 8f4954418720847d8b8364305ae10a2af38c94edc7476ecf35a15e96afffa54e5720d3c4f8d25e7060ddddfe373ece302ed2941013144445c2faac8c1fa8459e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 709420e49590de9b706234a93ed4dcc3
SHA1 261b1bfbf8b94fa7e236d02af1c9272d51f1113d
SHA256 a830bc5d49fd4ed9d589aefb1ae77bd865c5d28b6f6d8c51ea0252c591e89e94
SHA512 7a694522e2d58d204951de102ce4f462617bda993272e48b59789b4a0d5dda0b4822a870066c972be39ad9a3292aed0f77581a4a1e3017d29fb71e511a66e838

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 756f5ff27604b0dfda606157bea08252
SHA1 489c3afcd5197140fc4774314e25a3f510a2a011
SHA256 5deda066ba7dc70834cb9d9870b942253c31c5dfba3437b6505e8bbb57f79301
SHA512 fc6b338c9ce6ef76f1eec29a6ae3907e2f006d64c458a2c791d5e616450f2fb1f20b27b197423d12e42a23d157f1674a9e7bc487665200a3a5d8df8f4e0265eb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dc27017a822d7015a30f335d475e10e7
SHA1 dcdbde1c3d70af1a8decb8621c7d13afe2646a40
SHA256 326e40538d9408c85a1d53db0661d489ae029dc604181f4136a54c8d2aecc925
SHA512 0100c5abd97b706815533f25e3b050711c45c03deffcb1dc0e7488a7a15572e9bba070884b7a126a6967b1f13388eea9f333c0b267098b56bdc2aed769137e37

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 537c86d8c93ae5d5c0bd360ea6417b83
SHA1 8b570431e50b118d2129b2d5020d2d6001762f3c
SHA256 5d0c51614e92bf760bcf301e5fa5f5b056964fee44bb0e455d060373cef2e131
SHA512 993fbb4b7fb5966f683b188f02e07b4b092232b9a0f0d49c5620028b0a05f5196f375c4c3b3c742de20477b7c14fe41548011d3897c6ae164306ed977b387eb3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 866725f4dc6856e3909564793f5a49da
SHA1 b817eaa7e7e508a38c906dfa980d0d053f76faac
SHA256 eeb66deb80811bef7466e81c400d4e27c6cde92dcccbdad5a27aad985b27f108
SHA512 a9cb19fc636c4318c0d6389f6bbf74d27e8ab32ca1c370b2c62aadbf2d474c4c23a2738ba36ef6c1898e36cba12290c380472bf813f8f3137f68605ad1f49875

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b43e49f739f9eb06e3f9764c15538b1f
SHA1 53c19aa6e6e6fc4ab45be1866439d20292d33522
SHA256 a696b73a5da8aff1b2fbabef1bb9fc4a9c451dabb10d8d4cd17eacf12b012faf
SHA512 e10e15af77654787d53216ec07c0200be8b686ae1215236833ee9d0dc2213e85edd0bc4589fe3926429cb277007e185cee936027effd1d185c7615d4b82322cb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e418ddd11efa7c76b5f3caa24008be32
SHA1 7921b5c7369083846d735fc129e787ec4b09b6f0
SHA256 e83ed833025f4ee53bc88e83fe0405e56f3f3ac575ffcded8d2428c45d430fc6
SHA512 36e1fdb211c65bb483660ecbe1b36b4ea2f677184b396d2c94d18597063b0c5f34831b7d6b51cae09d01129b6aef61d4a85d42e7e5dc017a2b9ffe8ad53f6bc8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4a4940d49628243b1c5baf1cdfa17b94
SHA1 1cbf14cc1d9d5f62dfd35faf57a2c8e2a4ee74dd
SHA256 ab190e747a8403b197b0521fa51aeb6815cb006ea9c9797013f7e14a1c6c200c
SHA512 c09b8915541a56a1da2d9dd3f13e04b7bbe79f954fefb3613798e92d6b9e8e0be9a7f52461d071b81373dd7505d8411024058550316e4d1b444f0a45aca19fe9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3e16e3ddde5f54693cbc39f833d6491e
SHA1 f66f7c42c2f48cb0ee6c193aa08f5ab38ffab70e
SHA256 02d830590317c23f8d689d9389ec2ba7a0c1771f19294ddc24aad453d20eca3a
SHA512 ff5e9956d126678d70182811ff60fc45403c454a4e8d1d68b3be04d32f2d0b485a0cf7d42a0b47b41346c133b9a758ee811151aa9b0acd580d22011473215db7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 42d3f225683ca0b152b0f4ac8a666c28
SHA1 70997ab7e7c0fee09640ceb4643646f449456e29
SHA256 25a6845e14cca8fae71bfc1d54903ff3e81cdee43b3f8a3afd9ce197904539f5
SHA512 be29f44ca423aeac93eb17b3b972335777126b3ce77ad661800fc779c733345649a325daa950d430ec66808e606839193a54c2c5c4b87797d6dbe19b6ae3d393

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ee844e4f67a59d7848b5ce9bbdffc2f0
SHA1 c7cdff189138675fd63119c19ada3af1903f14b8
SHA256 afe86f76285e3e2432303435bb6c975086deadfc02e7fcabc31635e60d5532c2
SHA512 e8fb49a5b4886cc2892fd25fde33b426fa2c57f388703de746af299b63ee6136461fcdbc8b897734804020b97cf9df561754938b7363b619773b2364252de9e0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5480555001d31bcf781580398722d0cb
SHA1 522a5bc1be5398a1a1f5719a28e72c6051c844fb
SHA256 8c1aeb108897544c64c2b43f78995b681644989d5e13224eb494661c1fceacfd
SHA512 996d780b50c790ee05124f47df1c1a40d536a05e545456f8fccda4361ce3c5f26cb24c34fb1e2bc83ff43024145eb8af40b665a0f71bbbadcfec85fed260c3f6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bff1e147b0221f926a3dc46f4c1548e0
SHA1 a93672f29f82bbebc7a810d84e547d69d049fc67
SHA256 39f4bdbd73263b74b1f7e24723e94b17163b083e12a018a70bf2b9617c9f8dc1
SHA512 1734ab9aad2bec3f6d9288010264ac4b29b0d7ac1fd9cdac4485077c8db5a26b52a18a8c11e12bfcd0078d8be7b983907e36b98017accef915f8e39dd436205b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7c03e5bea64e834a6e3a90af93bd0f6c
SHA1 375e349156cfda94113c4f6db248f03873d46077
SHA256 ec1cf546aa83e88c79fcabde6e1a117e33505bca5e5575fe07e30d5cc498be89
SHA512 bee02b81efb9929ef69da0dfca65e1f7ccef166780a62fcd7af4703cc3d23347aa837a026b888cdd8d19b6a3bab66622ed3b4c4cfeb281b4c10b4034cd8b6e12

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0552d1048b7d445f836dd1600eeb06a2
SHA1 80ae66d82adc79ca2adcd3d198c8b48911bbf019
SHA256 0dce23af8981e5087cf4b487cc173e5c97c172747d5c200c268d45217c2c2a66
SHA512 bf7f8162e9007f0716f092a957096728bc49b2f5c6651d86383c982735d60696cee92e60186950c54eaa0f77b8c0d10720073dd93563e24a0fab7a7f647f549a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 daa19554042cfd951ac603bfac9a12da
SHA1 eb05c3da11838f56b6b50f4d16d2835a8b3040dc
SHA256 6bbf7d0d5a7c6410e182ad4e2539ee01b1d347c937fe7cff7f3413d106143433
SHA512 7a5e3333baa6481b506f52c5f2040b2149a7763651f9ec55de45d7ceaa1c8ab4abd4fe8446751c0275d98bc6a40b0c832ee6d794d41ef1928b6181d5daa7403d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c997345761f837940e40727558d25449
SHA1 a794181af115dab337ee5691033fbb233559b248
SHA256 3976e64ffa0d32e413bae6e31be571f8e530bd1884060ab78e49c9439525ea9d
SHA512 90cc98c71fa92d1889c03d0714bfb8f67ac82c3a9e89a53bf45ccd371fd594595f4ef33d2eefa60145ffcba389ff6fb8d7d2fb26920b45001dbcc66ebc49c833

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 aaf41cb4256ae3e4827a9f7fe7f20c96
SHA1 1a2383195edb4e95a69cd4208ff61aea79858625
SHA256 c1abb9373536100bf6be67fa47f7bcc41cf7902704f6bc0d6e9ead3cad4b1625
SHA512 84b6a44a4d5eca07b637d2a08cf5e04a5756870c64c55638335d63da4a5af1af363ec7b473a34be0335e1bd6c5b2b270b01462281e73678a7376e47fe3b7a31b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 297cf3936c27a7341d9dfd219c328e62
SHA1 c6135b7594c12295be0d3221b0458e92d6020b97
SHA256 456cacc739d90c940d2cdde9c3364a9b7323432c39f0cee0cb0606f42ab6475a
SHA512 85a11184196d60a332fea088ddecb03818230f198c2ee2eb661705bec50bce56c342941c2da428e8c8a42ba49d6959424332fc22322293ae80ca2fd622d8c12d

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z5LT06Y3\3604799710-postmessagerelay[1].js

MD5 40aaadf2a7451d276b940cddefb2d0ed
SHA1 b2fc8129a4f5e5a0c8cb631218f40a4230444d9e
SHA256 4b515a19e688085b55f51f1eda7bc3e51404e8f59b64652e094994baf7be28f2
SHA512 6f66544481257ff36cda85da81960a848ebcf86c2eb7bbe685c9b6a0e91bca9fc9879c4844315c90afd9158f1d54398f0f1d650d50204e77692e48b39a038d50

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3JK00ZJ\rpc_shindig_random[1].js

MD5 6a90a8e611705b6e5953757cc549ce8c
SHA1 3e7416db7afe4cfdf3980daba308df560b4bede6
SHA256 51fdd911dc05b1208911b0123aed6b542e9d9f04c94d7504c63d89ca259ef679
SHA512 583636571c015af525cddd5b8dc2ac9964aba5a7a9b0acd3908e4aeb4c2ee74cdfaabe49b0aa13d7b142748542426864e91e88e90d7f73bc647f0bfecb0ff7bd

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 13:35

Reported

2024-06-13 13:38

Platform

win10v2004-20240611-en

Max time kernel

149s

Max time network

151s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a5d1984a027698ff19295381a004f21d_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4268 wrote to memory of 1352 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4268 wrote to memory of 1352 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4268 wrote to memory of 4828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4268 wrote to memory of 4828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4268 wrote to memory of 4828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4268 wrote to memory of 4828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4268 wrote to memory of 4828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4268 wrote to memory of 4828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4268 wrote to memory of 4828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4268 wrote to memory of 4828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4268 wrote to memory of 4828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4268 wrote to memory of 4828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4268 wrote to memory of 4828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4268 wrote to memory of 4828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4268 wrote to memory of 4828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4268 wrote to memory of 4828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4268 wrote to memory of 4828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4268 wrote to memory of 4828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4268 wrote to memory of 4828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4268 wrote to memory of 4828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4268 wrote to memory of 4828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4268 wrote to memory of 4828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4268 wrote to memory of 4828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4268 wrote to memory of 4828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4268 wrote to memory of 4828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4268 wrote to memory of 4828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4268 wrote to memory of 4828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4268 wrote to memory of 4828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4268 wrote to memory of 4828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4268 wrote to memory of 4828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4268 wrote to memory of 4828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4268 wrote to memory of 4828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4268 wrote to memory of 4828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4268 wrote to memory of 4828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4268 wrote to memory of 4828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4268 wrote to memory of 4828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4268 wrote to memory of 4828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4268 wrote to memory of 4828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4268 wrote to memory of 4828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4268 wrote to memory of 4828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4268 wrote to memory of 4828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4268 wrote to memory of 4828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4268 wrote to memory of 3820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4268 wrote to memory of 3820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4268 wrote to memory of 3864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4268 wrote to memory of 3864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4268 wrote to memory of 3864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4268 wrote to memory of 3864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4268 wrote to memory of 3864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4268 wrote to memory of 3864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4268 wrote to memory of 3864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4268 wrote to memory of 3864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4268 wrote to memory of 3864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4268 wrote to memory of 3864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4268 wrote to memory of 3864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4268 wrote to memory of 3864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4268 wrote to memory of 3864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4268 wrote to memory of 3864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4268 wrote to memory of 3864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4268 wrote to memory of 3864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4268 wrote to memory of 3864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4268 wrote to memory of 3864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4268 wrote to memory of 3864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4268 wrote to memory of 3864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a5d1984a027698ff19295381a004f21d_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb750746f8,0x7ffb75074708,0x7ffb75074718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,3230549542447032003,4854056465652063631,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,3230549542447032003,4854056465652063631,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,3230549542447032003,4854056465652063631,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3230549542447032003,4854056465652063631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3230549542447032003,4854056465652063631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3230549542447032003,4854056465652063631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3230549542447032003,4854056465652063631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1268 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3230549542447032003,4854056465652063631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4848 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,3230549542447032003,4854056465652063631,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5436 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 maxcdn.bootstrapcdn.com udp
US 8.8.8.8:53 weloveiconfonts.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 104.18.11.207:445 maxcdn.bootstrapcdn.com tcp
GB 142.250.187.202:80 fonts.googleapis.com tcp
DE 185.116.245.25:80 weloveiconfonts.com tcp
GB 142.250.179.234:80 ajax.googleapis.com tcp
GB 142.250.178.9:443 www.blogger.com tcp
DE 185.116.245.25:443 weloveiconfonts.com tcp
GB 216.58.201.99:80 fonts.gstatic.com tcp
GB 142.250.178.9:443 www.blogger.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 apps.identrust.com udp
GB 172.217.16.238:443 apis.google.com tcp
BE 2.17.107.226:80 apps.identrust.com tcp
US 8.8.8.8:53 yourjavascript.com udp
US 13.248.169.48:80 yourjavascript.com tcp
US 8.8.8.8:53 1.bp.blogspot.com udp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 9.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 25.245.116.185.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 226.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 48.169.248.13.in-addr.arpa udp
US 8.8.8.8:53 platform.twitter.com udp
PL 93.184.220.66:80 platform.twitter.com tcp
US 8.8.8.8:53 lh6.googleusercontent.com udp
GB 172.217.16.225:443 lh6.googleusercontent.com tcp
US 104.18.10.207:445 maxcdn.bootstrapcdn.com tcp
US 8.8.8.8:53 maxcdn.bootstrapcdn.com udp
US 8.8.8.8:53 resources.blogblog.com udp
GB 142.250.178.9:443 resources.blogblog.com tcp
US 104.18.11.207:139 maxcdn.bootstrapcdn.com tcp
US 8.8.8.8:53 media.wiley.com udp
US 104.18.35.31:80 media.wiley.com tcp
US 104.18.35.31:443 media.wiley.com tcp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 66.220.184.93.in-addr.arpa udp
US 8.8.8.8:53 145.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 225.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 31.35.18.104.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 2.bp.blogspot.com udp
GB 142.250.180.1:445 2.bp.blogspot.com tcp
GB 172.217.16.238:443 apis.google.com udp
GB 216.58.201.99:80 fonts.gstatic.com tcp
US 8.8.8.8:53 developers.google.com udp
GB 216.58.201.110:80 developers.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
GB 216.58.201.110:443 developers.google.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 172.217.169.3:443 ssl.gstatic.com tcp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 84.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 2.bp.blogspot.com udp
GB 142.250.180.1:139 2.bp.blogspot.com tcp
US 8.8.8.8:53 3.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 cdn.chitika.net udp
HR 65.9.189.125:445 cdn.chitika.net tcp
NL 142.250.27.84:443 accounts.google.com udp
GB 142.250.178.9:443 resources.blogblog.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
HR 65.9.189.92:445 cdn.chitika.net tcp
HR 65.9.189.108:445 cdn.chitika.net tcp
HR 65.9.189.60:445 cdn.chitika.net tcp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 cdn.chitika.net udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 tags1.eclkspsa.com udp
US 67.228.194.247:445 tags1.eclkspsa.com tcp
US 8.8.8.8:53 tags1.eclkspsa.com udp
US 67.228.194.247:139 tags1.eclkspsa.com tcp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 zamovhack.blogspot.com udp
GB 163.70.151.21:445 connect.facebook.net tcp
GB 142.250.200.1:80 zamovhack.blogspot.com tcp
US 8.8.8.8:53 blogger.googleusercontent.com udp
GB 142.250.200.1:80 zamovhack.blogspot.com tcp
GB 142.250.200.1:80 zamovhack.blogspot.com tcp
US 8.8.8.8:53 platform.twitter.com udp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 i879.photobucket.com udp
US 8.8.8.8:53 minimag-themexpose.blogspot.in udp
GB 172.217.16.225:443 blogger.googleusercontent.com udp
BE 151.101.8.157:443 platform.twitter.com tcp
HR 65.9.189.76:80 i879.photobucket.com tcp
GB 142.250.200.22:443 i.ytimg.com tcp
GB 142.250.200.22:443 i.ytimg.com tcp
GB 142.250.200.22:443 i.ytimg.com tcp
GB 142.250.200.22:443 i.ytimg.com tcp
GB 142.250.200.22:443 i.ytimg.com tcp
GB 142.250.200.22:443 i.ytimg.com tcp
GB 142.250.200.1:80 minimag-themexpose.blogspot.in tcp
HR 65.9.189.76:443 i879.photobucket.com tcp
GB 142.250.200.22:443 i.ytimg.com udp
US 8.8.8.8:53 syndication.twitter.com udp
US 104.244.42.72:443 syndication.twitter.com tcp
US 8.8.8.8:53 twitter.com udp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 1.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 157.8.101.151.in-addr.arpa udp
US 8.8.8.8:53 22.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 76.189.9.65.in-addr.arpa udp
US 8.8.8.8:53 72.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 13.189.9.65.in-addr.arpa udp
GB 163.70.151.21:139 connect.facebook.net tcp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 www.blogger.com udp
GB 142.250.178.9:445 www.blogger.com tcp
US 8.8.8.8:53 s10.histats.com udp
US 104.20.18.71:445 s10.histats.com tcp
US 104.20.19.71:445 s10.histats.com tcp
US 8.8.8.8:53 s10.histats.com udp
GB 142.250.200.34:445 pagead2.googlesyndication.com tcp
GB 172.217.16.226:139 pagead2.googlesyndication.com tcp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 56067634f68231081c4bd5bdbfcc202f
SHA1 5582776da6ffc75bb0973840fc3d15598bc09eb1
SHA256 8c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4
SHA512 c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784

\??\pipe\LOCAL\crashpad_4268_GFLGHSORZGZNCSWS

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 81e892ca5c5683efdf9135fe0f2adb15
SHA1 39159b30226d98a465ece1da28dc87088b20ecad
SHA256 830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17
SHA512 c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 260f443e1e8a4093ca2bbf04b0a7660f
SHA1 48677ea6d9f7847e22385f2e2aece0d59d6c95b2
SHA256 f0305f061deea09f01d42ac0a9f9c80bf7f3e1f0b46b541183f1531d00b3a742
SHA512 e7fc7e1f38499c49674bcaa4292f7ca50974c93e0bfd4bdd38529b296c8706f3f966bb0a235dea6a72851d34be46a6779564ef1cdcf00ac5675c252ce53b5f88

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 eba02e08c984a10e757018dc3d388e7c
SHA1 d8ae8a098fcbfc565f96dc93e53396c7a453a0e1
SHA256 cc88386546678513da0d49ebbc36e87ac3ebc4be7ebd9ff033d84bc152295600
SHA512 aae6bbf403f075eaad09f075da3f0ace207e091cd71f3b3e6fb89dd67fd152040fe3ba236c426adde74f4b7232e6e55ba4bdc52da448e3a48248f18cbd95d85c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 efb7b87e10c2b8702ba4057a0564409e
SHA1 da0f6b41ad6f44ec5e7ae368cffabff91cca1c30
SHA256 081c821548b70bca5d6435619930fcf6ffff470af15f89917ae24f12178fb074
SHA512 f452aad895e9fdfba8401f02f6a5b27f0e49181b78174bfa5aaa50e19701ef0ee3659142237b9438102fee1f8dc8bf9b853c5cace698e9b01f683acfc99c4387

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 92ba4e97c05a5a4095a4e6c1c75a8efd
SHA1 c8ef216ae320af3fe259362da6f3bf54822ea7df
SHA256 1d8a62b9735c0747fe8e78a5860933e3620fcdea7874a2abcc184558cff045c9
SHA512 43d3095d0b45682c33573191d937d8030cbe31b64baa97b77a2dfd1c959ed51d1f88467117846dcecce40bb4c683a4c5e6bc7fcf63ee0ae273a2233cfe4128d4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c68c.TMP

MD5 f673f10dd2b8130e2579868704f90a5c
SHA1 6c280c75f45b3c86f5c36bb4fcd553443bd59f40
SHA256 fcdf1a1ded62a8bede1acbba4b7fb3da49f5e5baea19ad0da06db330a3232094
SHA512 6dc62b94cef3ebf1c05f6eaf2a5d447c33ac64b8e0624091cd470f2b8188999d29ab44b4a9086545b201865183e22255078ac166349bf2a40fd29f3d7455d3ed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 ba0909905fc62b0aa166c4aa1e023149
SHA1 c1f997f93ed93fd556c52e118f6b5f126bf75590
SHA256 ffa1fb7c8ea17fc9c65257d90c9397a214012bec9da4cd7ba6807e705ae4134c
SHA512 fb17efe57841cc57c5da18d0dcc0bcffdfd2cee8ced8c1e5fb8d471722480ea954c757e418ab25c3b03b706d3c563dff42b9fc8874009a14fb568765814a79e3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

MD5 23536ccfe05b737ae639fe63ee4cc435
SHA1 6d2e9822835dc3e6117a4d2addfc8f241fbdbc82
SHA256 6ae9edfc411ede03661a3d910fafddab3d6b313d1f4668dc8c5a84c5ab23a3ce
SHA512 f416e36b2322bbebd211fd1ea69c88883f00c7b00f14474a5fcce4a408840c0d1b0304eb8941509a38157d0583485f638959eb7d5b9ae668aa88c1d3eee8dd0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 786bfe480a33857bfb035b95fa9fc8ca
SHA1 7555c4ac72ccc1da5ce54862c6f0629c5bc63c58
SHA256 039b719ffa42131a734e94f156a60d020a369def67b3397bc255cc908eb0f170
SHA512 8c87b4488a5587c0b6d3c95c8482aff806736161347c1ab88cc95f19a329ffff85d1a3a1538e3550631feb4e609c7a5d0c1aa6002e92c69891c684aa9531cfc7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 7aeb7519424e871ea6227bfac611f55a
SHA1 d69734eb451d9411b534d4c14ccb262d76e5bed9
SHA256 de301682d66fe047e832d21c5b820930bd77e37b874e6170e80bb67d2e85a296
SHA512 9f7b2a2e10443591f1bdd0eab590e532c6005cec54528593447e3ab00cb374fe2c38d1829ff788205f6dd90c637cf78aa57878b7aea136ae77e19532b852510b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 37e42b1ba3d1a53511bd8e0a8bbcb29b
SHA1 0bcca84d614d68587aa482fab7f2d0372d8597de
SHA256 76a567754f48d27c88daeb40978ebae811673a9d848d2880de0daab52e80084c
SHA512 35b11012bed6cc40b1a6a40c28fe96436c0da32d808a867659c3bee8833887301dfeccbee9419d300c7bfa14455434bd6b032c245150200f72299d10ea657ab9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8167d2aa6b780e57093dd26eea49a2c7
SHA1 f0773bbc6b0153396195ef65ef357f078794b37d
SHA256 b7d99d8ea79b92f84801ca750db1ebb143f88f112b51c0e8a0d7cdbdf7de21b8
SHA512 29ab562e8777889b2c3e669f8be62a10443c1eee9106625c9c21f645589a59c278197fadca7b9fc79fededf561d157dcabe814f16da216593d4c607c1411fd8d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f11bf1402570cd5255b941cd67c7c0e9
SHA1 303a8c2606078758274258b0c036fdc91b5ca917
SHA256 14d0e8188fbc77050340e485e80bd5c737e8a006decadcfd2e8b7ecd01cfb12b
SHA512 7375970fb9447e26b9cda30d6a74f17e6fd4c004bb41e3bab61e3be64cb879a54669644c9fc5899864ca21743cc34655b1eaeb3e1eefe2d0ae512555a928893b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 a1324245cc86d15dd17e769c78bcc679
SHA1 887a672a251d5aa0555bb7ae07b20fcd71cb83b0
SHA256 0da5de95f22b23f7e715bf8ad12ba83d99aca857f0ea38070c51a64b1c5cbb69
SHA512 ecf818624ad431c5d5ff88f987ec903de1aff7dc8615b310d25fc1cae4e573badbe39ac1c6d8597280392d5631e24e1281b6186ecd9a509cad12bbd2df9a6b35

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 4290d8198f18d202b0c824248380d3fa
SHA1 9f6d4d7c7847bb764c759e0b43c51c8e51f97db3
SHA256 a411f4585a498375aade88340120cdec2119ea5a39ee55bba234c2d4e7043751
SHA512 c278d44aa284e326b1ef63557bad6ea65e9ffa16661e5838c7484f896b8388e147279a2a449f5400da10835274ded66a7ba2ffb9e9b54c311020d908726d37cc