Malware Analysis Report

2025-01-18 00:13

Sample ID 240613-qy9ytavgpp
Target a5d69a49cb30c6dff150ceb597020f2e_JaffaCakes118
SHA256 b422489c260a3f72a0344baac7039095ef1f66cbc13ffbc3a8e064f511154a99
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

b422489c260a3f72a0344baac7039095ef1f66cbc13ffbc3a8e064f511154a99

Threat Level: No (potentially) malicious behavior was detected

The file a5d69a49cb30c6dff150ceb597020f2e_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 13:41

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 13:41

Reported

2024-06-13 13:43

Platform

win7-20240221-en

Max time kernel

148s

Max time network

149s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a5d69a49cb30c6dff150ceb597020f2e_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e6b07494761e3e4281760317192074010000000002000000000010660000000100002000000071cf71c25b8b2702bd4b72155f6ff20c09b7ef4419a1eb48485cbd78f3f2449c000000000e8000000002000020000000b42e825a7dea1d5a5ea83a48600fb2c4d3f1fb65a697d308f854738d82009b3990000000a0ff77cf0bc3b12d0896522b09fa9f604c5126d092ea0f24a795e775bb2ba901a6e5b8cdcf347831a11fe1834094df43ca3cb6be976ef9b9a2ca43a8491b6f444058bdf48fa4220c19805a463a3a3d19c41f9adb8e7937fa49dc259d057ff5a6282cfe86d85c0ab616f976c89aa4f086635f9f1e96a8c8069ca508faf144abab2b34899632ee63391e3b536a0495a6c5400000003f14e5141b96bd934bd5eda1805d37e4848e10061b8ee811a908d439d9c9f46585d6320e4b7d98981d0e6225b325f71d3e448ee4bda161de49b377794b32cf0d C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0ea567697bdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e6b07494761e3e42817603171920740100000000020000000000106600000001000020000000590f5cd5598089369b089a7b340a7b2448531a3677df0d648c7992a70511b64d000000000e80000000020000200000004c9b2adc7ca2d0e6ec53714f880eb97681a8475950b8412ce0d8dfdd479439c1200000009c3b4ae2884a9c7e135c351ba6a9fc9ba0b621399d9e4808300c21f6174652bf40000000694ee8a3aeacc660ce9a759c2d085ee05616e75233e470bf92ddb1fcbc95728fcaa03e6d368c4cfaca0bd03a979c6e8ae8cc7b590a3bf6d6e2313fd97c0fd77c C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A0462541-298A-11EF-B0F4-569FD5A164C1} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424447952" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a5d69a49cb30c6dff150ceb597020f2e_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2192 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 images.neobux.com udp
US 8.8.8.8:53 www.mmadsgadget.com udp
US 8.8.8.8:53 www.businesswireindia.com udp
US 8.8.8.8:53 img1.blogblog.com udp
US 8.8.8.8:53 lh6.googleusercontent.com udp
US 8.8.8.8:53 kona.kontera.com udp
US 8.8.8.8:53 icons.iconarchive.com udp
US 8.8.8.8:53 www.clickfair.com udp
US 8.8.8.8:53 resources.infolinks.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 www.downlinerefs.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 cdn.adf.ly udp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
US 104.18.176.121:80 images.neobux.com tcp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
GB 216.58.204.74:80 ajax.googleapis.com tcp
GB 142.250.178.9:443 img1.blogblog.com tcp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
GB 142.250.178.9:443 img1.blogblog.com tcp
GB 142.250.178.9:443 img1.blogblog.com tcp
GB 216.58.204.74:80 ajax.googleapis.com tcp
GB 142.250.178.9:443 img1.blogblog.com tcp
US 104.18.176.121:80 images.neobux.com tcp
GB 142.250.178.9:443 img1.blogblog.com tcp
GB 142.250.178.9:443 img1.blogblog.com tcp
GB 142.250.178.9:80 img1.blogblog.com tcp
GB 172.217.16.225:443 lh6.googleusercontent.com tcp
GB 172.217.16.225:443 lh6.googleusercontent.com tcp
US 172.66.41.9:80 resources.infolinks.com tcp
US 172.66.41.9:80 resources.infolinks.com tcp
GB 142.250.178.9:80 img1.blogblog.com tcp
US 104.21.235.214:80 icons.iconarchive.com tcp
US 104.21.235.214:80 icons.iconarchive.com tcp
US 104.21.94.63:80 www.businesswireindia.com tcp
GB 172.217.16.238:443 apis.google.com tcp
US 104.21.94.63:80 www.businesswireindia.com tcp
GB 172.217.16.238:443 apis.google.com tcp
US 172.66.40.139:443 cdn.adf.ly tcp
US 172.66.40.139:443 cdn.adf.ly tcp
GB 109.68.33.18:80 www.clickfair.com tcp
GB 109.68.33.18:80 www.clickfair.com tcp
US 69.16.230.42:80 www.downlinerefs.com tcp
US 69.16.230.42:80 www.downlinerefs.com tcp
LT 93.115.28.104:80 www.mmadsgadget.com tcp
LT 93.115.28.104:80 www.mmadsgadget.com tcp
US 8.8.8.8:53 apps.identrust.com udp
US 8.8.8.8:53 apps.identrust.com udp
US 104.21.94.63:443 www.businesswireindia.com tcp
IE 2.18.24.10:80 apps.identrust.com tcp
IE 2.18.24.10:80 apps.identrust.com tcp
US 69.16.230.42:80 www.downlinerefs.com tcp
US 69.16.230.42:80 www.downlinerefs.com tcp
US 69.16.230.42:80 www.downlinerefs.com tcp
US 69.16.230.42:80 www.downlinerefs.com tcp
US 8.8.8.8:53 x2.c.lencr.org udp
US 8.8.8.8:53 router.infolinks.com udp
US 8.8.8.8:53 x2.c.lencr.org udp
BE 23.55.97.11:80 x2.c.lencr.org tcp
US 8.8.8.8:53 accounts.google.com udp
US 172.66.41.9:443 router.infolinks.com tcp
US 172.66.41.9:443 router.infolinks.com tcp
BE 23.55.97.11:80 x2.c.lencr.org tcp
US 8.8.8.8:53 3.bp.blogspot.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 www.facebook.com udp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
GB 163.70.151.35:80 www.facebook.com tcp
GB 163.70.151.35:80 www.facebook.com tcp
US 69.16.230.42:80 www.downlinerefs.com tcp
US 69.16.230.42:80 www.downlinerefs.com tcp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
GB 172.217.16.238:443 apis.google.com tcp
GB 172.217.16.238:443 apis.google.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 172.217.16.238:443 apis.google.com tcp
GB 172.217.169.67:80 c.pki.goog tcp
GB 172.217.169.67:80 c.pki.goog tcp
US 8.8.8.8:53 developers.google.com udp
GB 216.58.201.110:80 developers.google.com tcp
GB 216.58.201.110:80 developers.google.com tcp
GB 216.58.201.110:80 developers.google.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 216.58.201.110:80 developers.google.com tcp
GB 172.217.169.3:443 ssl.gstatic.com tcp
GB 172.217.169.3:443 ssl.gstatic.com tcp
GB 216.58.201.110:443 developers.google.com tcp
GB 216.58.201.110:443 developers.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 216.58.201.110:443 developers.google.com tcp
GB 216.58.201.110:443 developers.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 216.58.201.110:443 developers.google.com tcp
GB 216.58.201.110:443 developers.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 e2e3e3d43ebba13682f6643dc4c8e1cb
SHA1 1ba75251d91d995b545397698193747767ac2ea5
SHA256 d845a38913868a9b0d05dd34844bd4f97459b494f4f6163e32a267b2b9abcc4a
SHA512 f4ddd79afb5fff4b7a337d7de816a2e1e9c782f055b5e57cdf00d9d2de6f411a578ddae854ae1034c78d52a111f7c10dc964c145e4a14bff47d29d20e749d1e1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 cb85f3fcf86ef0de7ef258539cae87de
SHA1 c73288fff07885a62f8c7033b348863ed3b8cad1
SHA256 7430a96d94b1faa5363b7656b323ffa416fd262e0405e498bb143dc93443963f
SHA512 dc152f2e8c8f7e316e84f7a1f3996e02c08d582d6d0e40b8bf7171e359ea952a80b7452e56690b30fe98b4655d4744e8529a930449ef1cd853e377f86294b2d2

C:\Users\Admin\AppData\Local\Temp\Cab19D9.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ce13cbd3b1fbd263e9ee5257c5dfc981
SHA1 b7724e48b07939b85637dbc431c93332667dced9
SHA256 b7945def55736667fa69e052b4b9464557acec48b4069cff8e46755990e166ed
SHA512 fbc4ace4d4dd0bb927e449007c1d7709b96000794579087daa1cc3569998dea24151c88431abeadfa89b022ce662b4e736dad257e3e3addc30bac19aaa6e5983

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\Local\Temp\Tar1A3A.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 03ef554e96ea4c4a8d5ea06e50069f52
SHA1 3022f6e0341f78a6269fc70b2d6bf425dcdd09fe
SHA256 b59ead6fee13da7a3ce58451371eb3894148898bf509795efe1270d054571a45
SHA512 9038281a044c6c105d5378ef84d40bce77ec813060b3740c5440e6b4159c11e98bef09fa957ecc8647347bd328268d1f48996d785c09eb92fc1f44685122427a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DACC52A1882A05AED14688828CFAE295

MD5 a4c3e4b3f212ccf9719236eaa8f728be
SHA1 e017a18974a9969ca60ca2499ac54b464d91a2ef
SHA256 0641546fbe6a6bf201d918796cf5efa992632208053037f369a6173cc2afd39a
SHA512 c4c229eec604f4022ab0d439eb8b95bbdbb554d809d4571745957f0da5dc740e4ecb13757273b9dcf9f431a5b1ca40d53a539e2ccfaadbf7c161dba6b8b2734f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar1ADC.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dd696f21aa6935dc9cee909d594be369
SHA1 20cc3040de1c32fe4d095202a8e975a9d82aed03
SHA256 2997fa80ae76aa5095b1ed18b1a489271f8ea63b1cb9614658e17081ea78a78e
SHA512 11fe4b1c44489502bd144db2f3e50501dc7bc1528d9149b5a073e2413c8c9da464875b6ee43df693e4dac3d984fbbbadcabfb708eace8236b41de58ac9173da0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 54343ccf050db77785c3be5f74a6c20d
SHA1 b18a3b61fe8a75eddb58b094c81e2b606a003111
SHA256 a08ed0f94f5383039d511811394b50db523eca6206845b86774cd4e7cd1f0a6e
SHA512 29f04232b2f680c19c7498a335afb4ebdcc17d1fb1fb194018dd7c524dc8d1c37022db053e7e15fc90d2fb92bdb6b29e6158fc5db9c65fa3e711542653624ed5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c4298e74f24a981e85967c6fe6c0e4ae
SHA1 6baf27ee2a87d056cd3c5324a364b97cff254810
SHA256 ec156bb267e9e28588ba42295a1d24853653e67224ca45b0ac51b947dab72cd6
SHA512 532a499b15fff78b1a92bfc545f429e875c03132c37c069619c9abacbc34e5502da155b0e5a998c2239bbc53834d62547cbbdbf3fd78cc2582c727e19d3a8910

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5OCCPTL4\cb=gapi[2].js

MD5 0fe383a7ddb9bbaefc3105b3297f5583
SHA1 f80c9d789f251909c7560bd91a9e1b9a10c26362
SHA256 d7ad4aad4e48174c30ef21fc32c9380659d2c99a5c39680e10ed9752139d8683
SHA512 31de1f59377bc76e5d602d02273867ce750bbbccb7edc8f2803c0188002ecae6752ac3ec31c2108e64b0d871b01e6a8a06711969dc68bd9823303def0e7c1ee4

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B1014REI\EWHGBGX5.htm

MD5 dc9b8d1f7c692d045a1091abf9ed60b7
SHA1 3ca5b9ba7dc4440d083bbd5cd0884e86454949d0
SHA256 706738928ef9a15c69466aa33ab5fc3c85bc59ab513242b9a77f640c5c0b20f3
SHA512 a3fa1611d1c6b54089067f86ff1a92a2b16ffff9b98511856917011a90a4dd2b8d936e855454baa2a2ad6ec523b81f43271b6bcd8c6be7e7462f45b16f3ddb6d

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EDQW9R5V\errorPageStrings[1]

MD5 e3e4a98353f119b80b323302f26b78fa
SHA1 20ee35a370cdd3a8a7d04b506410300fd0a6a864
SHA256 9466d620dc57835a2475f8f71e304f54aee7160e134ba160baae0f19e5e71e66
SHA512 d8e4d73c76804a5abebd5dbc3a86dcdb6e73107b873175a8de67332c113fb7c4899890bf7972e467866fa4cd100a7e2a10a770e5a9c41cbf23b54351b771dcee

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5OCCPTL4\httpErrorPagesScripts[1]

MD5 3f57b781cb3ef114dd0b665151571b7b
SHA1 ce6a63f996df3a1cccb81720e21204b825e0238c
SHA256 46e019fa34465f4ed096a9665d1827b54553931ad82e98be01edb1ddbc94d3ad
SHA512 8cbf4ef582332ae7ea605f910ad6f8a4bc28513482409fa84f08943a72cac2cf0fa32b6af4c20c697e1fac2c5ba16b5a64a23af0c11eefbf69625b8f9f90c8fa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_0E84AD23AC2E74B30DEF739614C7EB94

MD5 530d936a440b642de41d60af0ab26136
SHA1 5523c38ed5f1036ff8e28d541476daf16b63b18e
SHA256 af2cf2f19048012f8e6096afab99c0124ce61ba1f131084ab793ab5886ea623a
SHA512 4bc36ccbe7ad43813e175c027585a1ae07c68185e6f903d6608591e9c4b626cad2d097fc16ec3ae94a7d6b8838a05b772f64519b26d4db67cff9da6a0b22a664

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_0E84AD23AC2E74B30DEF739614C7EB94

MD5 973f736f8cf3a76a706569a13e255ab5
SHA1 907efc37bcf13ac56a6c52547cec8424e742a00f
SHA256 d80b32b856a74b7506965f8a96c6a99fad266a5ee32ce0034e15e8a4f2c0b919
SHA512 41ffbf2d1f143940ddfc0d4fdbc1d4c148c5efad57591f4d6cba1575eb65109fb4272523d247ac3abb2ff618b7e182ebe60756d298e30302001987c4acb1c70c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e7429a29c1d36940e904917dbb97c023
SHA1 620c9a16a54e39a949ed803bd473e4818c6093c2
SHA256 7456e208820b1f847e02ac5b186e4bf2ae184966cc285072ae2cc3726c463778
SHA512 5d674708215a9f9fde09deec21089e688bf33b5844e20fccf82c71ab4944e89883f5d9c229ec5d567487837fdc3e86d391ef74fa1203ba2154d1c200581718eb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 176150f6b74afd339df991897f4fe82b
SHA1 1198a2a32bacd53daa567d53d1f4e822bd826ca7
SHA256 88ee4bf4761f237e3ebdd5b62af7abadedbeaa0a9b18040e85aa73465691a074
SHA512 d45529227ac949132bc372eecbddaf07b60dfaf5f427fc1eef655940393c2a85f53ce37497294e589fa596482ec6891025f704ccd3d6c66f2daa0059d57fd2d0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 65bf62b26d0d32492a162564f65069dc
SHA1 60ac21fb39613d4c7c698be8e8f377223460837b
SHA256 cac477bdf6025a091941ebd5be2350ed6c968ab630f81861c4b029749748eb15
SHA512 c53f377e391cc74217724b885cf4fd538d8d4167386a9de00c0fbb4e4947fc10b21546aaf4d539473fc09548519792461ea59a69b4a9511be61daafd6d6e3029

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1d8c91b389714f55eafc4d89300e36ff
SHA1 9bd11c3e42f7e9fe3dc762b1c037b57d918536c1
SHA256 ff26904ace24c2faa16c8c50c8064316fea472b7642928af3cc84666bf7be357
SHA512 943ea1cedb251cb90573ffafc27d052c3d4daa5b70bd46e4bd52a2aafa5c21f6a7b4d12e237b73dd7d7c56307e678567a5e8f7255fa5cae1a5a5d1b389ca653d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8a9307e338d0c866edffa8f16c4462dd
SHA1 dcd78929e136c74f4a0a94461ea0bf0053b6f864
SHA256 0e95ce0cd59f7f16e6566b9518499678b7008d1bb04eafd027abf35ee44be673
SHA512 c732b47a1217e1f3da61f38454844b4508dd1c296de3e36a41ac0a4bef24d7c9bc57bb5b7d7773f440ad068b7a37da286216090aa80d3ea993f6c650e17378e4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8704d7977656db49df883a3d861cf34c
SHA1 084624e97198cc75bf91a1702baab1497c1627b0
SHA256 c9d79b89fcd24bc74369a42b28313baba052a476dee61daeb6fe9708806c92bf
SHA512 05d8a1c8989e5eb8ad012d4a25466597eebaf600a97cd4c85be1c690addc644824ca674db2532f7b13affb3419feae79def3d2629e8b21c811cbde765b4e4d83

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 edea82509f22ed927cd7deb453a31830
SHA1 0db9ae3797aa7a187a1f0ffbb170439bf0be0b3f
SHA256 c6c9e5054cea0bfe36a45e28f71b32571a0affd2975c676ecd718d4edd57167d
SHA512 98dba7d163d5b8f30cfda8e3b46a591c4014e84282cebc41306297c738cf8b43dbed18ee96ee33d39cf099c203ce30b6479377c5ad930477030b3533659619b5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c9c272fc16ac4206ec98f82a210731d7
SHA1 ba7657d03a49ce7f8131b7f2347491d5f51ed2e0
SHA256 6b0509d1327c13a3a1efb78220fea63d5aa20125a925f4a84601ac792bf204a7
SHA512 bb7e635e656722c428a29d19f16de1ccd5e248f046ea8490d3d5dcbf7afd191263bd1aad6f42da61ce68e13af54c9475e503b1fe27aafd0045c3f87f7e6a1b5f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6fb3ce9c919f68cbe7e99c7cfe7f09c4
SHA1 04a126622e3b17fd8bf7217489a9cfa80b5d679b
SHA256 150c6179a9614d4cb3d45958e01e1d6a248996ce18f9834c8d16e9b22e353b1d
SHA512 88e62dce975f101f45ea903a2037aba82a85786f8b846605425d75e11eacf4d8d2d0df23d566283d1001855692762c80a8fe311ce0500d875103014ac1c7c03a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ad27ef2fb8b1b53613e9fef827e89d0d
SHA1 709751983d79efc299998737d22a9828f2f04888
SHA256 bd955e32f4d9b3b0787fda7728a13b27e55077104e046abef627d95286236043
SHA512 d11c493672239cdf0010bd8ab169b1df8bdf8fc43c155131621c2c71c4307b3bfae6075a8b3879c534eee9bd1b8f5632393ea2989b5a75fd73c6008388c60381

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3NPBB818\3604799710-postmessagerelay[1].js

MD5 40aaadf2a7451d276b940cddefb2d0ed
SHA1 b2fc8129a4f5e5a0c8cb631218f40a4230444d9e
SHA256 4b515a19e688085b55f51f1eda7bc3e51404e8f59b64652e094994baf7be28f2
SHA512 6f66544481257ff36cda85da81960a848ebcf86c2eb7bbe685c9b6a0e91bca9fc9879c4844315c90afd9158f1d54398f0f1d650d50204e77692e48b39a038d50

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3NPBB818\rpc_shindig_random[1].js

MD5 6a90a8e611705b6e5953757cc549ce8c
SHA1 3e7416db7afe4cfdf3980daba308df560b4bede6
SHA256 51fdd911dc05b1208911b0123aed6b542e9d9f04c94d7504c63d89ca259ef679
SHA512 583636571c015af525cddd5b8dc2ac9964aba5a7a9b0acd3908e4aeb4c2ee74cdfaabe49b0aa13d7b142748542426864e91e88e90d7f73bc647f0bfecb0ff7bd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9e7561cceacee0e15c694e06a51aee1e
SHA1 b26e7a751b39bcabd9aeba22d4cb9371098f7d34
SHA256 0d0008566ff1d05009cfb039c4638ed366e915f8b16e53df295225f03a2127ba
SHA512 bba251c74fda72fdbfdbb8bbe4c5cb09ffce13b4bdfdce4deee44799da2318f4ef9a1ff13f5d720ddc19f2a246dc49cf6ebadf42ca9011291e04eda62c55e527

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 99e31b2d203392be5216156b7033d23e
SHA1 6e3bbc4a41d6235938f8351de7c2051a46bb2641
SHA256 353a6a0fbc350dddf00c80a37727b5ee4a6d6b241ffbabb99991df61810cddef
SHA512 319b513efb788b3631bd731f6a84f94a84e17bdf2fc1da0e3922e520a74b97adf1200a19d92441ce970eeb53ecdb3aad0cea314bc7e2c736e663f1889002f140

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 89c727c3b2bfae0f5d423a2e699e9d5d
SHA1 a4ec7c73bba92646266f18a0466f6e892eac535e
SHA256 422ad68996c4f1220e15aa25744485e057728c161fbf7cf82be27c201b92e6a3
SHA512 ee5378850a30dd77a87dc14f67bda1848f2122a4220eb2c6b9070072cc21d0b50212e01243d910c6a6950a52b3678e7b2564e096a6ad764e04b5691f9b23c748

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5216c0686f6b510086320ef001a54a50
SHA1 70878a26c6371340ce604ae5b288501037612828
SHA256 becc7d80576041a9f1133f5518b2326780974706bd54cbb2aad6a69f175b119b
SHA512 8b7eacf97e75c3202e93bad2a890236612e0edec2e20690cccc5a32c98ffc75414a74b670a96a84f5374d23ca2d83b1689fc56d0ac11f16efd9135d223969f34

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9c4d83eb9b8d4393207e461e8182f64e
SHA1 533cdde3d8268ff73c20d06486f0d03dda00f3a4
SHA256 d2ed08563173c9a5de0bf6e045080f2c84348908524e80aa7a40700fdd03c599
SHA512 e85e489b795d7e3c7b4625b14650b2bb0dedbc7131a284084cfd6e08722dd83e63558b5418d0531b225e2e60374777586b2e82180f61c5cdd081a127d9b7bcf6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 defd49c5989c804ec359e1e34861ce62
SHA1 66ee90ad516d6b65aa7e7ecce9cd2f4a377e8ec5
SHA256 1abb222f3475b395cc2ef86db727e28eb6c67638a2fc47b25684eb0ec7589632
SHA512 88339917c20fed81f7dab03c51c94a9e8d82da0f8ae6782d8b4dbaa1a95b35d99215b3545c7ab66bf98d951131929e44cd87385f205e2f386dde8294b487acaa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 81ce645fda065cbf731092859d0f4cbc
SHA1 09eb4f9fbd8808cae3bfc5fe7b598475f8d0f44a
SHA256 e7fd28a0987fafe08bb582d8180c811a82edce7b2a7a889de4588b7522903ce2
SHA512 7e5048171001270c75396c5fc868e0962d3206fde632bb027911d46bd910b4b98b47edceaa75e298720bef1ecda969c46dd5bc0eac21a7b2d48a2b6a91fdcfc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6f77594e662575b88d7f8f2de108ed8b
SHA1 c957cb6a4075e3f50086452b9c30aee88f84350e
SHA256 561815f4fad70b1c7217d7b53dcd18d7af180d9105764fdcf7a35866210359fc
SHA512 5abfb3837dda9747406f8fa7ea33dbf450df15694842b89abc2c85c2ee056656c18e361748f5a5fe98a0e934399cc7d636b96e7cb005860a1372595197a39e37

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 3333da5a8e965509b973b5df3222a105
SHA1 170d520598af9227d5e1306b7ee98ee148aadf53
SHA256 dc23a873898452d209fdd3741c60cb27846c832957b61868779f9ab97105076d
SHA512 88d798efdb6033e3215f6741b4f35b01713060056f45a4bfc0fa72233a116eb49d558ebaf0a2e3f83b4ec7bf35c7042324f2e0db75df4db72835d97e6265bbc8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0fe8245a48b863c69ed05ff7751e266f
SHA1 98d6fd0e2028546016477fc44eb1a1ce6ccead44
SHA256 d90a45bc23e233643f2b481c706a7933be7c8ea7e040965655e78eb025de491c
SHA512 5d8fc76219b68ea2442f68fc2b27b1990c4b99218a853f3c2efcbeafc8d0188af6099a8b78fbd63907ae1b6b52e89cfef474c3c5cf9f43441ef3e090c6d4181e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9e18524077c4493c2554c46dfc328f1c
SHA1 16fe8916e9b0de276981bfe97a6cb47b311fb259
SHA256 796b907ef8df7306bd8d5928a220423387107f41bfca880747aa5eee609dd5ce
SHA512 4c750e9f589b2fde5122e1a0eee1759719cb76df9bb32556bd75dfea18cf4c58bfaaf43f29a8393afa60f1824d8f3124099befd8743a157d58556cf4381ec296

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 42152434d592367ac5306c4d88122286
SHA1 665cc5bfca84b119c21e6edba6d8acc563f5213b
SHA256 abc204bfec1d2d95bfb35dd3d11dbccddc0a645843f379be3f7e87e761000daa
SHA512 1d9634dece83433f19e27ad44cbf240f7198ad874d8a651b7907871c5201b55b18c9c7c9c29bb24ff1f957a7a22816fdfdbceb36f197cfac6c0f64790f7c853f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f3b6576e2ececd8e2ac630b1bc694288
SHA1 ca18dd269f91b62f14e5b2f361910d9a1bda0a63
SHA256 37c39a16cfcc06ecbd24469eeb6826910a80425c4ad9179a8644a19ce113cc9e
SHA512 a04d7ab6c8999efaae998e0d9884afbaf4161d6b9b5a99aa239854e6947371e596cf0efef2a4bf43ffa6083322bf019c80f135e80ce5e23176cacf95510d1c37

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 13:41

Reported

2024-06-13 13:44

Platform

win10v2004-20240226-en

Max time kernel

142s

Max time network

152s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a5d69a49cb30c6dff150ceb597020f2e_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a5d69a49cb30c6dff150ceb597020f2e_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=2488 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4068 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5616 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5872 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=6000 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --mojo-platform-channel-handle=6020 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --mojo-platform-channel-handle=6184 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --mojo-platform-channel-handle=6508 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --mojo-platform-channel-handle=6576 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=6852 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
GB 51.140.242.104:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 images.neobux.com udp
US 8.8.8.8:53 images.neobux.com udp
US 13.107.6.158:443 business.bing.com tcp
GB 142.250.180.1:80 4.bp.blogspot.com tcp
GB 172.217.169.74:80 ajax.googleapis.com tcp
GB 172.217.169.74:80 ajax.googleapis.com tcp
GB 142.250.178.9:443 www.blogger.com tcp
US 8.8.8.8:53 images.neobux.com udp
US 8.8.8.8:53 images.neobux.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 104.18.144.121:443 images.neobux.com udp
US 104.18.144.121:443 images.neobux.com tcp
SE 23.34.233.128:443 www.microsoft.com tcp
US 8.8.8.8:53 translate.google.com udp
US 8.8.8.8:53 www.mmadsgadget.com udp
US 8.8.8.8:53 www.mmadsgadget.com udp
GB 142.250.187.238:445 translate.google.com tcp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 www.businesswireindia.com udp
US 8.8.8.8:53 www.businesswireindia.com udp
LT 93.115.28.104:80 www.mmadsgadget.com tcp
LT 93.115.28.104:80 www.mmadsgadget.com tcp
GB 142.250.178.9:443 www.blogger.com udp
SE 184.31.15.40:443 bzib.nelreports.net tcp
GB 142.250.180.1:80 4.bp.blogspot.com tcp
US 8.8.8.8:53 kona.kontera.com udp
US 8.8.8.8:53 kona.kontera.com udp
US 8.8.8.8:53 resources.infolinks.com udp
US 8.8.8.8:53 resources.infolinks.com udp
US 8.8.8.8:53 www.clickfair.com udp
US 8.8.8.8:53 www.clickfair.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 kona.kontera.com udp
GB 172.217.16.238:443 apis.google.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
US 8.8.8.8:53 www.businesswireindia.com udp
US 8.8.8.8:53 www.businesswireindia.com udp
US 8.8.8.8:53 resources.infolinks.com udp
US 8.8.8.8:53 resources.infolinks.com udp
GB 109.68.33.18:80 www.clickfair.com tcp
US 8.8.8.8:53 img1.blogblog.com udp
US 8.8.8.8:53 img1.blogblog.com udp
US 104.21.94.63:443 www.businesswireindia.com udp
US 8.8.8.8:53 lh6.googleusercontent.com udp
US 8.8.8.8:53 lh6.googleusercontent.com udp
US 172.66.41.9:443 resources.infolinks.com tcp
GB 142.250.178.9:80 img1.blogblog.com tcp
US 8.8.8.8:53 icons.iconarchive.com udp
US 8.8.8.8:53 icons.iconarchive.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
GB 172.217.16.225:443 lh6.googleusercontent.com tcp
GB 172.217.16.225:443 lh6.googleusercontent.com tcp
US 8.8.8.8:53 www.downlinerefs.com udp
US 8.8.8.8:53 www.downlinerefs.com udp
US 8.8.8.8:53 cdn.adf.ly udp
US 8.8.8.8:53 cdn.adf.ly udp
US 104.21.235.214:80 icons.iconarchive.com tcp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 69.16.230.42:80 www.downlinerefs.com tcp
US 172.66.40.139:443 cdn.adf.ly udp
US 8.8.8.8:53 76.234.34.23.in-addr.arpa udp
US 8.8.8.8:53 104.242.140.51.in-addr.arpa udp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 kona.kontera.com udp
US 8.8.8.8:53 kona.kontera.com udp
GB 142.250.178.9:443 www.blogger.com tcp
GB 142.250.178.9:443 www.blogger.com tcp
US 8.8.8.8:53 9.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 121.144.18.104.in-addr.arpa udp
US 8.8.8.8:53 128.233.34.23.in-addr.arpa udp
US 8.8.8.8:53 40.15.31.184.in-addr.arpa udp
US 8.8.8.8:53 104.28.115.93.in-addr.arpa udp
US 8.8.8.8:53 18.33.68.109.in-addr.arpa udp
US 8.8.8.8:53 214.235.21.104.in-addr.arpa udp
US 8.8.8.8:53 139.40.66.172.in-addr.arpa udp
US 8.8.8.8:53 9.41.66.172.in-addr.arpa udp
US 8.8.8.8:53 63.94.21.104.in-addr.arpa udp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
GB 109.68.33.18:80 www.clickfair.com tcp
US 8.8.8.8:53 74.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
GB 163.70.151.35:445 www.facebook.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 translate.google.com udp
US 8.8.8.8:53 router.infolinks.com udp
US 8.8.8.8:53 router.infolinks.com udp
US 8.8.8.8:53 router.infolinks.com udp
US 8.8.8.8:53 www.blogger.com udp
US 172.66.42.247:443 router.infolinks.com tcp
US 172.66.42.247:443 router.infolinks.com tcp
US 8.8.8.8:53 ww12.downlinerefs.com udp
US 8.8.8.8:53 ww12.downlinerefs.com udp
GB 142.250.178.9:443 www.blogger.com udp
US 13.248.148.254:80 ww12.downlinerefs.com tcp
US 8.8.8.8:53 42.230.16.69.in-addr.arpa udp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 84.27.250.142.in-addr.arpa udp
GB 142.250.187.238:139 translate.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 resources.blogblog.com udp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 13.107.253.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 13.107.253.64:443 edgestatic.azureedge.net tcp
US 13.107.253.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 247.42.66.172.in-addr.arpa udp
US 8.8.8.8:53 254.148.248.13.in-addr.arpa udp
US 8.8.8.8:53 105.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 64.253.107.13.in-addr.arpa udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.253.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 148.177.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 nw-umwatson.events.data.microsoft.com udp
US 104.208.16.94:443 nw-umwatson.events.data.microsoft.com tcp
US 8.8.8.8:53 94.16.208.104.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 apis.google.com udp
GB 172.217.16.238:443 apis.google.com tcp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.151.35:443 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 172.217.16.238:443 apis.google.com udp
GB 172.217.16.238:443 apis.google.com tcp
GB 172.217.16.238:443 apis.google.com tcp
GB 172.217.16.238:443 apis.google.com tcp
US 8.8.8.8:53 lh4.googleusercontent.com udp
GB 172.217.16.225:445 lh4.googleusercontent.com tcp
GB 172.217.16.238:443 apis.google.com udp
US 8.8.8.8:53 apis.google.com udp
GB 172.217.16.238:443 apis.google.com udp
US 8.8.8.8:53 developers.google.com udp
US 8.8.8.8:53 developers.google.com udp
US 8.8.8.8:53 developers.google.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 developers.google.com udp
US 8.8.8.8:53 developers.google.com udp
US 8.8.8.8:53 developers.google.com udp
GB 216.58.201.110:80 developers.google.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
US 8.8.8.8:53 ssl.gstatic.com udp
US 8.8.8.8:53 developers.google.com udp
US 8.8.8.8:53 developers.google.com udp
US 8.8.8.8:53 developers.google.com udp
US 8.8.8.8:53 developers.google.com udp
US 8.8.8.8:53 developers.google.com udp
US 8.8.8.8:53 developers.google.com udp
GB 172.217.169.3:443 ssl.gstatic.com tcp
GB 216.58.201.110:443 developers.google.com tcp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
GB 216.58.201.110:443 developers.google.com udp
US 8.8.8.8:53 lh4.googleusercontent.com udp
GB 172.217.16.225:139 lh4.googleusercontent.com tcp
US 8.8.8.8:53 3.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 20.231.121.79:80 tcp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 www.blogblog.com udp
GB 142.250.178.9:445 www.blogblog.com tcp
BE 2.17.107.123:443 www.bing.com tcp
US 8.8.8.8:53 123.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 www.blogblog.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 100.58.20.217.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:445 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 theamazing-worldz.blogspot.com udp
US 8.8.8.8:53 theamazing-worldz.blogspot.com udp
GB 142.250.200.1:80 theamazing-worldz.blogspot.com tcp
US 8.8.8.8:53 1.200.250.142.in-addr.arpa udp
BE 88.221.83.202:443 www.bing.com tcp
US 8.8.8.8:53 202.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 26.173.189.20.in-addr.arpa udp

Files

N/A