Malware Analysis Report

2025-03-15 04:05

Sample ID 240827-rfb5havalc
Target c52492c9cf6985abc1648ae3d01be898_JaffaCakes118
SHA256 baa1ca0359b2368438a546c34be4d7c84082327a820777f29ca8958dd9e6bdb0
Tags
discovery motw phishing
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

SHA256

baa1ca0359b2368438a546c34be4d7c84082327a820777f29ca8958dd9e6bdb0

Threat Level: Shows suspicious behavior

The file c52492c9cf6985abc1648ae3d01be898_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery motw phishing

Mark of the Web detected: This indicates that the page was originally saved or cloned.

Browser Information Discovery

System Location Discovery: System Language Discovery

Suspicious behavior: EnumeratesProcesses

Suspicious use of SetWindowsHookEx

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-27 14:07

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-27 14:07

Reported

2024-08-27 14:10

Platform

win7-20240705-en

Max time kernel

145s

Max time network

150s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c52492c9cf6985abc1648ae3d01be898_JaffaCakes118.html

Signatures

Mark of the Web detected: This indicates that the page was originally saved or cloned.

phishing motw
Description Indicator Process Target
N/A https://3d978.com/ N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002f8e41e3384fa749ac47329e409d990900000000020000000000106600000001000020000000df40a7c1b3159569bf6d06d4447b61a2c5509dbf035bc7c8a9d06a6b970d6e5d000000000e8000000002000020000000e701ec6294492dd615a5010e51088439a7342c26ccf4f88a7c6628aa848c860320000000143ec675d328becee94bd0f3e5fba19de03850b59cb003c08d0a35a695a020ee400000006c2bd4d1351aad969747abfee5b032ba2583a268d9895656db2efed32abeeb8a384d8203978b48a3c9deeb476f3e65e35646581963c8df2f96436f9def5378ac C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{BA7610A1-647D-11EF-B552-FA51B03C324C} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e01ef4a78af8da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002f8e41e3384fa749ac47329e409d990900000000020000000000106600000001000020000000d8c3c9b4a1ec865f7af30c9fe2c114e807bb1c8b8ddce79809832376065d5c47000000000e8000000002000020000000628ef44384baa7b45746a9a7a638ed7da401776055d44defecdf0666455d2dce90000000a88ba3aa3dbc9d1cc00975bc14a47dbf6bbc7f8c396f08b4d455791fcadac0ab28a982a6c367df7f8c4cbc6f75dc17bb91ceccac2131a65936620779b7bf120baeaa8ba02f423ac2c55bf1f9c696b09b0efc08445e4b89d5be21fd361ff61a0a12e9eb045d1b519db931f6e6e3615862a382e74b9e996ef8b2daed6c20aa4a11849dea48c094dc71cda63b593121eaed4000000020a4d52731056d0a1dd206911c398b3f283ff64a9fd2c429732584be03c55837aaf3ac0ea22f80b07566f19a43f4d49c3c24d5ddaccfc3fafe6ffb92223ac1af C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430929533" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c52492c9cf6985abc1648ae3d01be898_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1856 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 porschebahn.files.wordpress.com udp
US 8.8.8.8:53 hudsonterraplane.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 up.autotitre.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 cdn2.worldcarfans.co udp
US 8.8.8.8:53 www.4wheelsnews.com udp
US 8.8.8.8:53 image.lowridermagazine.com udp
US 8.8.8.8:53 img.photobucket.com udp
US 8.8.8.8:53 www.v12-gt.com udp
US 8.8.8.8:53 www.fahrzeugbilder.de udp
US 8.8.8.8:53 www.blogmotori.com udp
US 8.8.8.8:53 www.bpa.cz udp
US 8.8.8.8:53 forums.aaca.org udp
US 8.8.8.8:53 www.cartype.com udp
US 8.8.8.8:53 storage0.dms.mpinteractiv.ro udp
US 8.8.8.8:53 i1220.photobucket.com udp
US 8.8.8.8:53 www.d4u.com.ua udp
US 8.8.8.8:53 www.porscheperfect.com udp
US 8.8.8.8:53 partsbyemc.com udp
US 8.8.8.8:53 www.bestcarimages.com udp
US 8.8.8.8:53 www.digital-autos.com udp
US 8.8.8.8:53 www.carspotting.de udp
US 8.8.8.8:53 www.auto-power-girl.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 192.0.72.31:80 porschebahn.files.wordpress.com tcp
FR 142.250.179.105:443 resources.blogblog.com tcp
FR 5.196.173.73:80 up.autotitre.com tcp
FR 142.250.178.142:443 apis.google.com tcp
FR 142.250.179.105:443 resources.blogblog.com tcp
FR 142.250.178.142:443 apis.google.com tcp
FR 142.250.179.105:443 resources.blogblog.com tcp
FR 5.196.173.73:80 up.autotitre.com tcp
FR 142.250.179.105:443 resources.blogblog.com tcp
US 192.0.72.31:80 porschebahn.files.wordpress.com tcp
FI 135.181.241.24:80 www.fahrzeugbilder.de tcp
FI 135.181.241.24:80 www.fahrzeugbilder.de tcp
DE 91.195.240.19:80 www.4wheelsnews.com tcp
DE 91.195.240.19:80 www.4wheelsnews.com tcp
GB 216.137.44.119:80 i1220.photobucket.com tcp
GB 216.137.44.119:80 i1220.photobucket.com tcp
US 52.218.181.74:80 hudsonterraplane.com tcp
US 52.218.181.74:80 hudsonterraplane.com tcp
US 104.21.25.101:80 www.v12-gt.com tcp
US 104.21.25.101:80 www.v12-gt.com tcp
US 129.158.222.127:80 www.bestcarimages.com tcp
US 129.158.222.127:80 www.bestcarimages.com tcp
CZ 89.221.213.39:80 www.bpa.cz tcp
CZ 89.221.213.39:80 www.bpa.cz tcp
US 8.8.8.8:53 www.porscheperfect.com udp
GB 216.137.44.119:443 i1220.photobucket.com tcp
FI 135.181.241.24:443 www.fahrzeugbilder.de tcp
US 129.121.5.170:80 partsbyemc.com tcp
US 129.121.5.170:80 partsbyemc.com tcp
US 8.8.8.8:53 cdn2.worldcarfans.co udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
US 192.0.72.31:443 porschebahn.files.wordpress.com tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
FR 216.58.214.163:80 o.pki.goog tcp
US 129.121.5.170:443 partsbyemc.com tcp
US 8.8.8.8:53 r10.o.lencr.org udp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
US 8.8.8.8:53 bestcarimages.com udp
GB 88.221.135.113:80 r10.o.lencr.org tcp
FR 216.58.214.163:80 o.pki.goog tcp
US 129.158.222.127:443 bestcarimages.com tcp
US 129.158.222.127:443 bestcarimages.com tcp
US 129.158.222.127:443 bestcarimages.com tcp
US 129.158.222.127:443 bestcarimages.com tcp
US 8.8.8.8:53 keywebtracker.com udp
US 129.121.5.170:443 partsbyemc.com tcp
US 69.162.80.58:80 keywebtracker.com tcp
US 69.162.80.58:80 keywebtracker.com tcp
FR 142.250.178.142:443 apis.google.com tcp
GB 108.156.46.9:80 forums.aaca.org tcp
GB 108.156.46.9:80 forums.aaca.org tcp
GB 216.137.44.119:80 i1220.photobucket.com tcp
GB 216.137.44.119:80 i1220.photobucket.com tcp
FR 142.250.179.105:443 resources.blogblog.com tcp
FR 142.250.179.105:443 resources.blogblog.com tcp
IT 31.11.36.9:80 www.blogmotori.com tcp
IT 31.11.36.9:80 www.blogmotori.com tcp
US 129.158.222.127:443 bestcarimages.com tcp
US 129.158.222.127:443 bestcarimages.com tcp
RO 93.113.11.219:80 storage0.dms.mpinteractiv.ro tcp
RO 93.113.11.219:80 storage0.dms.mpinteractiv.ro tcp
IN 46.28.45.167:80 www.auto-power-girl.com tcp
IN 46.28.45.167:80 www.auto-power-girl.com tcp
DE 64.190.63.222:80 www.carspotting.de tcp
DE 64.190.63.222:80 www.carspotting.de tcp
GB 108.156.46.9:443 forums.aaca.org tcp
GB 216.137.44.119:443 i1220.photobucket.com tcp
GB 108.156.46.9:443 forums.aaca.org tcp
IT 31.11.36.9:443 www.blogmotori.com tcp
GB 108.156.46.9:443 forums.aaca.org tcp
US 8.8.8.8:53 accounts.google.com udp
IE 74.125.193.84:443 accounts.google.com tcp
IE 74.125.193.84:443 accounts.google.com tcp
GB 108.156.46.9:443 forums.aaca.org tcp
US 129.158.222.127:443 bestcarimages.com tcp
US 129.158.222.127:443 bestcarimages.com tcp
US 129.121.5.170:443 partsbyemc.com tcp
US 8.8.8.8:53 porschebahn.wordpress.com udp
US 192.0.78.12:443 porschebahn.wordpress.com tcp
US 192.0.78.12:443 porschebahn.wordpress.com tcp
US 129.121.5.170:443 partsbyemc.com tcp
US 8.8.8.8:53 ww1.keywebtracker.com udp
US 199.59.243.226:80 ww1.keywebtracker.com tcp
US 199.59.243.226:80 ww1.keywebtracker.com tcp
US 8.8.8.8:53 www.google.com udp
FR 142.250.179.68:443 www.google.com tcp
FR 142.250.179.68:443 www.google.com tcp
US 45.79.0.147:80 www.cartype.com tcp
US 45.79.0.147:80 www.cartype.com tcp
US 8.8.8.8:53 cartype.com udp
IT 31.11.36.9:443 www.blogmotori.com tcp
US 104.21.25.101:443 www.v12-gt.com tcp
HK 154.194.141.92:80 www.digital-autos.com tcp
HK 154.194.141.92:80 www.digital-autos.com tcp
US 45.79.0.147:443 cartype.com tcp
US 45.79.0.147:443 cartype.com tcp
US 8.8.8.8:53 image.lowridermagazine.com udp
US 8.8.8.8:53 r11.o.lencr.org udp
US 8.8.8.8:53 r11.o.lencr.org udp
GB 88.221.135.113:80 r11.o.lencr.org tcp
GB 88.221.135.115:80 r11.o.lencr.org tcp
US 45.79.0.147:443 cartype.com tcp
US 45.79.0.147:443 cartype.com tcp
CZ 89.221.213.39:80 www.bpa.cz tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 173.222.211.50:80 crl.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 b9e7bf2ed18a6d830cfa58bb70fe42ad
SHA1 ced89b679d474a85c77314602abf8361a7bf895d
SHA256 858b45c98608b511b87d2786c7acb8f6de6a027e9dd840bcb675c8fe16b66fb2
SHA512 20283db73d9f00f5de9e81d6f437ff1d3e1f0d2e3a585626327e275e8b93d1644aeb3dead5bb7741a46de57b2ccabd355ccfee9aebc4d9eed42ba6bee77da68b

C:\Users\Admin\AppData\Local\Temp\Cab4221.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar4233.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

MD5 e935bc5762068caf3e24a2683b1b8a88
SHA1 82b70eb774c0756837fe8d7acbfeec05ecbf5463
SHA256 a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d
SHA512 bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WK27LCMU\plusone[1].js

MD5 950e589a42fd435b2b6daacbdbbf877c
SHA1 78dc5743d4b541018adafe3a2b49b6be5f1c7944
SHA256 c5e3093bd5e8a58f04846013ead66d36ca25457a0475c9c72d8cde60e598fc0e
SHA512 cf2aa139ee4c2f79ad5dbca6239e4d5179a21f54cf2c3672c45915b3282bda5f5fa702c241d3b5c02805cdf1b48427d34e86b627904055a46ff6ef11be2b2104

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 998e5e1d396dd7babc1e06cf8f853113
SHA1 c2802a1da487223485b255a2b30e7a2f648a18f1
SHA256 b6f50f50cc76d0d8e4385566be6f11039ed11e14c6e42b4dad274c45b2766bad
SHA512 05805123b4a6eff99421a1ad0cd3b9b2b90235d4b9c0ab623be6e617d03b2b04eea436206b1d219997083de9b8a5a0221de3c343b5d3a221fcf69132942049b8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2bcba6730242d590b6e61c6f488754bf
SHA1 10028040064dcd27c106a013b30edf611b9c9272
SHA256 6e9a8d13e75c0a03c9940fe66a9421081c08ac06ac9765047f7517cbaa783b31
SHA512 e4abb7561a1182ea7580277bee24714d434130a6d23d533812ae0438176f197d5439f8a52551938334292a7c80ec8abeae87b0db75214afa43ece3617d478d48

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2163d752493dff777421318bcc6438f3
SHA1 1d8c2bf3f8853e9feb51433581ff3b5f3eeedf0d
SHA256 46ea79c293f6e1b71e505c095ccf033dbf2d28e33165d0acc36009e5fb23e893
SHA512 a26a9b9a16bc9a74b4ada307653dcbe0aadf3925b222c69a3179af1ecdd60ef6403ec50b8c9c8b050e48c2f01c3975e6d11850baf06c59e962ad4ef8d3ca3f91

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

MD5 7f6260fa3fc8b8b0a706cb8ae7842916
SHA1 361f18cb8f62f36cf29694f26ef15cda2d4d0bc6
SHA256 50a7800e13670ec4848c903dbf2c10920e2a035a9ffe8a4c971bc6d34f16ae05
SHA512 7a8a710d9b21c05422c7722ae5ea1828679fb5df14e8c819bcefd3089f5a560895538f3ff75745c6fca6481e02b7f77d5e2db79d58f1707b040bf0d71c1ec676

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

MD5 55540a230bdab55187a841cfe1aa1545
SHA1 363e4734f757bdeb89868efe94907774a327695e
SHA256 d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512 c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2a76d39948ed294178a9d407220910d8
SHA1 75ee91dc588ddf332148bd5b1f2e36aca1e2e382
SHA256 e2c88b234e485cc9c71f1a8ea76caf378c1e307bdb00f97b732b361da410c832
SHA512 48e03d317fd96a090364272e88ea39b3b6743982bc22dcf118b2595be7d0ac7e74b324daacab578c74dbfdcdd49e1cefa117fa6b117fe8f142c900ed3e43574b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 04423e0bbb94d1d6a43ce4a6e0ec569f
SHA1 30bf63e7a71cb4fe5976e0ce86462294be76ec49
SHA256 a1dd1a9cddc304388c8289226b0c28e6481e68dae28ad2cd91aff2b0c9084edf
SHA512 a9dc20f516c345b93a7b732d85c61e0d4af46eefe399d046cfdf345077ed235e8e7b490381b8f99d7eda995ad0f7828b057a6431478aeb62bf1ee96749700284

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 450b07773ba209e9a98453ff5edb95db
SHA1 45e1822953c10e9855e5f24067985902a4b04659
SHA256 b40f953cc3ffb4abe5dbdb55ffeea24891e9047b5ab4d1cb748bf0cf0b1aad9a
SHA512 0c82a4951ffa7bc135ff6abf2f5953cd15d5fe38e493ddc209bf23644eabb9e1f4088eb81116ed833f5a84f4c921c559dd7b4e99287043a08125510c2da70681

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SPRIFH8L\cb=gapi[2].js

MD5 cb98a2420cd89f7b7b25807f75543061
SHA1 b9bc2a7430debbe52bce03aa3c7916bedfd12e44
SHA256 bea369fc5bdd5b9b473441583c46b9939232bf1f98c1cedf6bc2241c4f5068d4
SHA512 49ccede4596d1e5640a9c8e8be333f9c18812d58f02b2b15adb54172df1387439e9dc5afc4ccd9d8f0f75f092318bed68d3cd577338e88ef4f9373de8a07c44e

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SPRIFH8L\platform[1].js

MD5 9c971144141aa4a6599b9f0954210340
SHA1 e0592bc9344b1917a2f37f0b4d163eb2a73bcdac
SHA256 fd147b07bdeee3792d9bf29d77d72396488b3bef3c1ef3a185f343192db704fa
SHA512 a33736a08af2836d260a7f9a600ad495739addc2d33713f0d03ec6822ace95d64590cb75df9de7e04c4d55b2aa68210566d44c1718e584a9e460fe41d49299fe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bfb6a14f4de58a12152e43135200ef06
SHA1 1c048717cc95dd728827d9d49709efc8d5d21f9b
SHA256 9dc528bd99c94176ad37381c15ab629c1df14dda37846f486a7dfe2560ffe7dd
SHA512 3a7910be73d8ffc79b5d44359c9b05f93bf49f670c0e9f3a710d9c8329b7ccd1635cace702733f843b43bacb2a52f2da84a676254924a0a23fdf253dde70b685

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2947bd18e2e5679d1ba6c305d019f2a6
SHA1 a03d46bf72bcc16b1d0189964a261efb75ed1a55
SHA256 630181e28690af8d16b2662e0120623a295cd9cb440de3e631c43061253cfee2
SHA512 d210c85528caa41642993ed121e128627c8e7eeccd4e6df847731ac81bd32e8aaa07e439535c0eabaa83f892394b988d408dba88200681e84e69778784fe2937

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 60812769e8d7dd61be41175203d279d7
SHA1 56af8a0f7a9a05948f559269dd6bb8c75968ae2d
SHA256 ee2bf4e34c77c8757c3bed8460e05a76ee1dc18d5bc45d42c9afa445a7d1bd69
SHA512 6c1dad8f4fed26d7e380645bdd02673174d33928706fbb10006cb802ed501a4f6c31a2712cec89ba58cd8e5df906b4bba03f3c6a9c45ab9d968fd748da7906e3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0c93eb1a78ab0a2b170ae7624723b408
SHA1 351920bae0214913c6eac8353462417bdcaa384a
SHA256 66471a0ddff3abea4585e8a2110b67fb998531d447271f09456b584154eb2862
SHA512 9f0daf863801e03a76cab5d901d5b6179b9d064ad89462446f5497c697ff5e83ae73a0145cce5107128f32f490de25d7c66ba6129f1e1b9042dce2ad706f6834

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 25dae523db17ec6d51b04a2de20c3530
SHA1 c5894f7c8cbe7370aeaa80ed3b29b9595e8e5df6
SHA256 0fa441702124643a19d963b71aa1d9bc615740c200843f9ac425713f641a81d4
SHA512 a366180589409699ac4710745eb79c7b192c39088374562e8f4227b78241f32af6f7f352f6a4fb4c4c657bf008528f92510995f6daf98961541f4ab16cebcd22

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e6f68c37136765fefb6b983be773a545
SHA1 f0dac8fca2eea1d984004554e3c54c19649397da
SHA256 5f934a2304e1cd31a7f6bb9b4cd8902486dae5b01dd70b0eb3926cef1a4ca520
SHA512 a8697ea13f9058d57597c701d529648f2bddd375e793572db6a8cbe634472e1259028ff83d7811e95a923cfda95ed9df533078fe67455a437f4d08b4a35b75bc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 96e4334045aa2c0449645e5b6ce9efcc
SHA1 0c2940f32d1d0bdf1470c39507a4cf4d10641de5
SHA256 7025d13a424c43ac9640ad6bc7bb938227aaa6edcf1e3d0497c754580141d633
SHA512 5fb4999df8412a833dd01cbd41e3aacb0deb696029e5b4aa4cf710900fc616ad36db1c5579cba68e15e37acefc45cec3dc677c07574678a6bce743e43af8fde4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 45ced44614bc458785f41829392a1fbf
SHA1 8f7c332521c73e7e3a863ad8e169fb803c9a53e8
SHA256 55157762eacd889c7ece5a8948ef8cc4a00e885fed492dc59a534f5a6ef92379
SHA512 68d9089ebe6593a6dfdeef93ddc09f70f3646827eae2fcb9f6c6f481bd97ba823dc632726f156047f25b3a6d08df4bd195d1958244ae357cf9391c5281a92101

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0ff1127343584675423f68c9c002f54f
SHA1 52e9f8d8554a6e1c1b559950b34fe39951991865
SHA256 978826e26ee0daa642555bd250e1159371c2b3db7522b8f23bd189314710fb20
SHA512 1e973ca2a448db8ca9407c1bae7d62dc88e6beea796cf77ccdc945fa7a52eee936482dbfa4114c16bedd67e900ba8faa2b16946545fe3507128e3a1478f07510

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c7540f048325cea855500860b45463e8
SHA1 858caebd1a895fff222199d4f24f18b8c15dc9c0
SHA256 5243ad28c9f358165db7b0876e8e8a2fe273bbc6bb57f1981f24369974171a88
SHA512 5a85e3afb6ef3da4429991982deca79c382192061752176d22f5526e8f2742c2a24ede71dd0adaf60f4c838c3a2f444e1317e608df33325b3bdef4c85e392ab0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 85f76abfeef75ce245fbf242215adb6e
SHA1 9d54441571bb815f06dbf568760a7a4ddd0d085f
SHA256 72b1fdf0403c96b80dc1339e32bcacbc96ec6b930af3de84214a21e4d8fbd2f3
SHA512 9e00f6337539a2980777165db053fe595aba253dc40bcd3d7fc11a1c30c69d2d119c614cdd296a52b93919a62d70bfad61c34e611971a0f14421a32c2f14fb5f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 198a0753dce4ddd8fa22e637a5039d17
SHA1 8613144373a2e71eab1d5c15ce85fc18471a8bc0
SHA256 67b20a64f492858ca1ef3d6e0d6cb4484638b696cfdd06ddcb58cb5eabdeac7c
SHA512 59d18a61fd338cd9a2300750671c5a5be6afb16be7ab7ea3eebcd180aadc7eae647237d10e8a5c18d20003baf64b3076feed9f2146ca5ac942581f1a8f316862

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 808dd607e8576e028ae55b4c3f939174
SHA1 59b1553a068627f61c2d7d38e216080d2c2878db
SHA256 573f8767747dc152693b14d4754561978ff58cc2692491496452a9975fbdfc0a
SHA512 4a50bae581a99ba2833aacc6a6de4e85c9fa2536004e1ef2d3eb22cf15733f2029e573c7ddfd793ff6700bd865d6912d72e371a94df6fe91abfa6fe60903324f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c400db18fd3d331ea6862bf998502881
SHA1 87bdeb4c01856fa1d875a51664e62623b9121eb5
SHA256 0af88f995c496f8b41630c496ced14a627cca81055dca9006e689c6fce1e0d24
SHA512 e0cf4e6dd50ccb4cd2dc71e3dc1502a0d971310ffebf9a04177e59202bc1eb38a23ae1c985c6e95e4073e85c53fe57d039554d51e5ec3f2ec6c8662179cd3601

Analysis: behavioral2

Detonation Overview

Submitted

2024-08-27 14:07

Reported

2024-08-27 14:10

Platform

win10v2004-20240802-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c52492c9cf6985abc1648ae3d01be898_JaffaCakes118.html

Signatures

Mark of the Web detected: This indicates that the page was originally saved or cloned.

phishing motw
Description Indicator Process Target
N/A https://3d978.com/ N/A N/A

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3724 wrote to memory of 1252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3724 wrote to memory of 1252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3724 wrote to memory of 2308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3724 wrote to memory of 2308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3724 wrote to memory of 2308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3724 wrote to memory of 2308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3724 wrote to memory of 2308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3724 wrote to memory of 2308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3724 wrote to memory of 2308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3724 wrote to memory of 2308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3724 wrote to memory of 2308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3724 wrote to memory of 2308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3724 wrote to memory of 2308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3724 wrote to memory of 2308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3724 wrote to memory of 2308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3724 wrote to memory of 2308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3724 wrote to memory of 2308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3724 wrote to memory of 2308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3724 wrote to memory of 2308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3724 wrote to memory of 2308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3724 wrote to memory of 2308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3724 wrote to memory of 2308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3724 wrote to memory of 2308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3724 wrote to memory of 2308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3724 wrote to memory of 2308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3724 wrote to memory of 2308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3724 wrote to memory of 2308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3724 wrote to memory of 2308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3724 wrote to memory of 2308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3724 wrote to memory of 2308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3724 wrote to memory of 2308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3724 wrote to memory of 2308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3724 wrote to memory of 2308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3724 wrote to memory of 2308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3724 wrote to memory of 2308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3724 wrote to memory of 2308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3724 wrote to memory of 2308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3724 wrote to memory of 2308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3724 wrote to memory of 2308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3724 wrote to memory of 2308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3724 wrote to memory of 2308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3724 wrote to memory of 2308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3724 wrote to memory of 2260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3724 wrote to memory of 2260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3724 wrote to memory of 1336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3724 wrote to memory of 1336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3724 wrote to memory of 1336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3724 wrote to memory of 1336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3724 wrote to memory of 1336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3724 wrote to memory of 1336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3724 wrote to memory of 1336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3724 wrote to memory of 1336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3724 wrote to memory of 1336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3724 wrote to memory of 1336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3724 wrote to memory of 1336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3724 wrote to memory of 1336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3724 wrote to memory of 1336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3724 wrote to memory of 1336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3724 wrote to memory of 1336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3724 wrote to memory of 1336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3724 wrote to memory of 1336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3724 wrote to memory of 1336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3724 wrote to memory of 1336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3724 wrote to memory of 1336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c52492c9cf6985abc1648ae3d01be898_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff6c0f46f8,0x7fff6c0f4708,0x7fff6c0f4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,15996833219091093946,487338209268389210,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,15996833219091093946,487338209268389210,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,15996833219091093946,487338209268389210,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,15996833219091093946,487338209268389210,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3144 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,15996833219091093946,487338209268389210,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3156 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,15996833219091093946,487338209268389210,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3820 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,15996833219091093946,487338209268389210,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,15996833219091093946,487338209268389210,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,15996833219091093946,487338209268389210,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5996 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,15996833219091093946,487338209268389210,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5996 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,15996833219091093946,487338209268389210,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,15996833219091093946,487338209268389210,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,15996833219091093946,487338209268389210,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,15996833219091093946,487338209268389210,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4628 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,15996833219091093946,487338209268389210,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4912 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 www.blogger.com udp
FR 142.250.178.142:443 apis.google.com tcp
FR 142.250.179.105:443 www.blogger.com tcp
US 8.8.8.8:53 keywebtracker.com udp
FR 142.250.179.105:443 www.blogger.com udp
US 8.8.8.8:53 cdn2.worldcarfans.co udp
US 8.8.8.8:53 up.autotitre.com udp
US 8.8.8.8:53 hudsonterraplane.com udp
US 8.8.8.8:53 porschebahn.files.wordpress.com udp
US 8.8.8.8:53 www.v12-gt.com udp
US 8.8.8.8:53 img.photobucket.com udp
US 8.8.8.8:53 image.lowridermagazine.com udp
US 8.8.8.8:53 www.blogmotori.com udp
US 8.8.8.8:53 www.fahrzeugbilder.de udp
US 8.8.8.8:53 www.4wheelsnews.com udp
FR 142.250.178.142:443 apis.google.com udp
US 8.8.8.8:53 www.carspotting.de udp
US 8.8.8.8:53 www.bpa.cz udp
US 8.8.8.8:53 forums.aaca.org udp
US 8.8.8.8:53 www.cartype.com udp
US 104.21.25.101:80 www.v12-gt.com tcp
FI 135.181.241.24:80 www.fahrzeugbilder.de tcp
FR 142.250.178.130:445 pagead2.googlesyndication.com tcp
DE 64.190.63.222:80 www.carspotting.de tcp
US 69.162.80.58:80 keywebtracker.com tcp
US 52.218.182.98:80 hudsonterraplane.com tcp
US 192.0.72.30:80 porschebahn.files.wordpress.com tcp
DE 91.195.240.19:80 www.4wheelsnews.com tcp
FR 5.196.173.73:80 up.autotitre.com tcp
IT 31.11.36.9:80 www.blogmotori.com tcp
GB 108.156.46.8:80 forums.aaca.org tcp
CZ 89.221.213.39:80 www.bpa.cz tcp
GB 216.137.44.125:80 img.photobucket.com tcp
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 240.143.123.92.in-addr.arpa udp
US 8.8.8.8:53 142.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 105.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 69.162.80.58:80 keywebtracker.com tcp
US 52.218.182.98:80 hudsonterraplane.com tcp
US 104.21.25.101:443 www.v12-gt.com tcp
CZ 89.221.213.39:80 www.bpa.cz tcp
US 192.0.72.30:443 porschebahn.files.wordpress.com tcp
US 8.8.8.8:53 storage0.dms.mpinteractiv.ro udp
GB 216.137.44.125:443 img.photobucket.com tcp
GB 108.156.46.8:443 forums.aaca.org tcp
FI 135.181.241.24:443 www.fahrzeugbilder.de tcp
US 8.8.8.8:53 i1220.photobucket.com udp
IT 31.11.36.9:443 www.blogmotori.com tcp
GB 216.137.44.125:80 i1220.photobucket.com tcp
RO 93.113.11.218:80 storage0.dms.mpinteractiv.ro tcp
US 8.8.8.8:53 accounts.google.com udp
GB 216.137.44.125:443 i1220.photobucket.com tcp
IE 74.125.193.84:443 accounts.google.com tcp
IE 74.125.193.84:443 accounts.google.com tcp
US 8.8.8.8:53 www.d4u.com.ua udp
US 8.8.8.8:53 www.porscheperfect.com udp
US 8.8.8.8:53 partsbyemc.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 129.121.5.170:80 partsbyemc.com tcp
US 8.8.8.8:53 www.bestcarimages.com udp
US 8.8.8.8:53 www.digital-autos.com udp
US 8.8.8.8:53 click-v4.expdirclk.com udp
FR 142.250.179.105:443 resources.blogblog.com tcp
FR 142.250.179.105:443 resources.blogblog.com tcp
US 129.121.5.170:80 partsbyemc.com tcp
US 198.134.116.17:80 click-v4.expdirclk.com tcp
US 129.158.222.127:80 www.bestcarimages.com tcp
US 8.8.8.8:53 www.auto-power-girl.com udp
US 8.8.8.8:53 porschebahn.wordpress.com udp
US 192.0.78.12:443 porschebahn.wordpress.com tcp
IN 46.28.45.167:80 www.auto-power-girl.com tcp
US 8.8.8.8:53 101.25.21.104.in-addr.arpa udp
US 8.8.8.8:53 24.241.181.135.in-addr.arpa udp
US 8.8.8.8:53 30.72.0.192.in-addr.arpa udp
US 8.8.8.8:53 8.46.156.108.in-addr.arpa udp
US 8.8.8.8:53 125.44.137.216.in-addr.arpa udp
US 8.8.8.8:53 73.173.196.5.in-addr.arpa udp
US 8.8.8.8:53 222.63.190.64.in-addr.arpa udp
US 8.8.8.8:53 19.240.195.91.in-addr.arpa udp
US 8.8.8.8:53 9.36.11.31.in-addr.arpa udp
US 8.8.8.8:53 58.80.162.69.in-addr.arpa udp
US 8.8.8.8:53 98.182.218.52.in-addr.arpa udp
US 8.8.8.8:53 218.11.113.93.in-addr.arpa udp
US 8.8.8.8:53 43.39.156.108.in-addr.arpa udp
US 8.8.8.8:53 84.193.125.74.in-addr.arpa udp
US 8.8.8.8:53 170.5.121.129.in-addr.arpa udp
IN 46.28.45.167:80 www.auto-power-girl.com tcp
HK 154.194.141.92:80 www.digital-autos.com tcp
US 8.8.8.8:53 un.stavegroove.com udp
US 129.121.5.170:443 partsbyemc.com tcp
NL 23.109.170.189:443 un.stavegroove.com tcp
FR 142.250.178.130:139 pagead2.googlesyndication.com tcp
HK 154.194.141.92:80 www.digital-autos.com tcp
FR 142.250.179.105:443 resources.blogblog.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 bestcarimages.com udp
FR 142.250.179.68:443 www.google.com tcp
US 129.158.222.127:443 bestcarimages.com tcp
US 8.8.8.8:53 17.116.134.198.in-addr.arpa udp
US 8.8.8.8:53 12.78.0.192.in-addr.arpa udp
US 8.8.8.8:53 127.222.158.129.in-addr.arpa udp
US 8.8.8.8:53 167.45.28.46.in-addr.arpa udp
US 8.8.8.8:53 189.170.109.23.in-addr.arpa udp
US 8.8.8.8:53 92.141.194.154.in-addr.arpa udp
US 8.8.8.8:53 68.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 45.79.0.147:80 www.cartype.com tcp
US 45.79.0.147:80 www.cartype.com tcp
US 8.8.8.8:53 cartype.com udp
US 8.8.8.8:53 147.0.79.45.in-addr.arpa udp
US 45.79.0.147:443 cartype.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 www.blogger.com udp
FR 142.250.179.105:445 www.blogger.com tcp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
FR 142.250.179.105:443 www.blogger.com udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp
US 8.8.8.8:53 udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 b9569e123772ae290f9bac07e0d31748
SHA1 5806ed9b301d4178a959b26d7b7ccf2c0abc6741
SHA256 20ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b
SHA512 cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 eeaa8087eba2f63f31e599f6a7b46ef4
SHA1 f639519deee0766a39cfe258d2ac48e3a9d5ac03
SHA256 50fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9
SHA512 eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c

\??\pipe\LOCAL\crashpad_3724_QRJJGSCOMCTIZIQC

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f0006370cccb967df9b848a88f936642
SHA1 df03f88cbd61ec3425e49478e7bf878f1ec7f1f0
SHA256 ee7988beaa8fc1b761cf75e9e6f93abab3ac5f5e4ac12851f9db72dd4b76b9cd
SHA512 4e598ec9f8fa36a2dfba11309a56e1826f8604e80bda3fc7a1b916d77890326a49ca79094c28f1e1c44dd00da734100a7a1852d7b7cd97b9c7ca70ae0e596403

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

MD5 55540a230bdab55187a841cfe1aa1545
SHA1 363e4734f757bdeb89868efe94907774a327695e
SHA256 d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512 c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

MD5 66b43a436c0c4c8875ebb17dfd0bb899
SHA1 53f4cc7802eab563be9b395d5cd245d6b7f8068a
SHA256 eef2f1909d289757a0ce34b7d6f031eb126214231c4a0f8ae66565ef8b8e87b4
SHA512 c042715d0f92fd19539c78ccc1883e92651cccf09b86ab104f8da4055b9e6e121a5aa71cb554e5e748117eea3f0f80045489011ff7cc31377b29aadf3b971421

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 3e5e9a128ae64f76aeccf86fb67f6add
SHA1 38341962d7a522ed41c7332c8ff3745365d22cc1
SHA256 ead0ffa114541b72600994dc0344639e62f46fe3ca534c0516d1fd293d4f5e88
SHA512 194a5128c0277039a18056a7f8e0ac368adb8b759a6211393f0235f25e5c3847afa5ce183802769c909ce47d5e7d34d2592679e3d09b12063c3a5f4769c28f03

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 24210ec2fc411a5af2a901b7a3d1d6c1
SHA1 1c3f36a70200f33fa05164d5e695a56035689f29
SHA256 8d94155bafe588bafe146e9864c88521f4b82df679fd0d5aea3c729cbf1ad1cb
SHA512 1ae282047759ee53f57cc02b1d3c85acfa3f5d78aae2075e70f270bbfa9d17a0229c1b1182508e0f45a8ab86ba845441936bc7e79c060fc7aab092b6991445a9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 2e44573e70972f887d5cee60bfcad006
SHA1 30afd645b6455e1dea7edca61b02190044184a34
SHA256 4f6581cdecbdd8a73bea340ed6ce0eb4c6dadeb7bc0925c6c78e223b7a238469
SHA512 0b522f570c741ad55db02e1cbbcfe9bbd3db28e76db50c29658690e27c797edef46ccdacabb4e4065bd12599852490c5d43695107f9b511d6d1e20e345302c4a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 c12c175a42c10449c3a18e337521aebe
SHA1 ac2032d37df8879f02557cee1f986c5411db5523
SHA256 2903ddd3a71a9a20093eb7f9373ad439c2f92974225f20c1cf3727596e884475
SHA512 8f9abe8d7990ad2f971efaadf51d5fad3ae9b74b3061dc757f14de963758b1744154ebd9fd1e68530e15ab9b825d339e14c964f58aa4e40b51c5bd31de8f31ae

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 bb338bc15f59a9efa3b5aafaf3cc912f
SHA1 d9ee914d774a0b0e3763aa6394d64e719f795014
SHA256 b1c42a1fb5504960476f141c4648a9ef98a676d8e42cb5a07b74a1d438d3c15e
SHA512 a86eaca9cff1477678d8de97e7279a0cfe37a1e827b00d054b2aeb5f2adf5633737e932f417e26a827bbae04201a8998c7691d4a7abe22fd96e4b0cd2268eef8