Malware Analysis Report

2025-03-14 21:43

Sample ID 250107-14259stjbq
Target JaffaCakes118_7c0a3bf4e22564fb2a0d3840a2576a56
SHA256 6cae90ad705e16d1e83b39ace5df8461ae463430bfa6352620ff857a04cb846c
Tags
google discovery phishing
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

6cae90ad705e16d1e83b39ace5df8461ae463430bfa6352620ff857a04cb846c

Threat Level: Known bad

The file JaffaCakes118_7c0a3bf4e22564fb2a0d3840a2576a56 was found to be: Known bad.

Malicious Activity Summary

google discovery phishing

Detected google phishing page

Legitimate hosting services abused for malware hosting/C2

Browser Information Discovery

System Location Discovery: System Language Discovery

Modifies Internet Explorer settings

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Enumerates system info in registry

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-01-07 22:13

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-01-07 22:13

Reported

2025-01-07 22:15

Platform

win7-20240708-en

Max time kernel

144s

Max time network

146s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_7c0a3bf4e22564fb2a0d3840a2576a56.html

Signatures

Detected google phishing page

phishing google

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "442449853" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9172D191-CD44-11EF-A205-6AA0EDE5A32F} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "21" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f0225c6a5161db01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "21" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000fac55af18cdfca4e97cac9cd4c68175f000000000200000000001066000000010000200000001a2fec6a20477328b467d734128b1757d63779b43da03259cdaaaf726e1f67de000000000e8000000002000020000000654021ef547efe17bf4a28f89e3054d37d3b70391d5687330a666633b536668120000000631c879b88c3101cee9d7c692b72fdc31339c914cae6dae09ef437ef691d911740000000eeb6573247e02d995a7993b33f52c7f2d9366e1f3a71eeaa7d7fc47e091ef33156115b4de36041e2c101d830392a530d81d2d8e59d3da92e8ed8caeb1dd86d05 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com\ = "21" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000fac55af18cdfca4e97cac9cd4c68175f00000000020000000000106600000001000020000000845b05e0a153447fd69be8481a7b2e271f7d1aa5c08c0b8d63363c0f7e892779000000000e8000000002000020000000c9dc29adb5b28167dd834b741a1cd681c71be7afa4493031a00ee6611bec9f8690000000496b465d3363fc136fa436e23e85d2c0afbf5f57b03764dea733e74ba0ac413347a27cd03db0de1784783d0615f356b064f79d390371d521d0ae9346f20364c427c4a7aa270f90225fed64a9a1f5cdc4fb4a6a9796f13c8baa7bbd676e8a4788b018f38d6ccce122743bfdb3949178e4801961fe6fe8c1dab61c4291b184da32677244770375f0732b65280596739fc5400000005a6445c993b2c18519f81179fab14be02edb4868077dfbc6b2cae00cf35000ebf78c0739d051054ad7a36c5bbad735cdc0fe5eaa48fe84fcf0fec302cdcc1b94 C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_7c0a3bf4e22564fb2a0d3840a2576a56.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1272 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 sites.google.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 lh6.googleusercontent.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 lh4.googleusercontent.com udp
GB 216.58.204.74:443 ajax.googleapis.com tcp
GB 216.58.204.74:443 ajax.googleapis.com tcp
GB 172.217.169.14:443 sites.google.com tcp
GB 142.250.200.33:443 lh4.googleusercontent.com tcp
GB 172.217.169.14:443 sites.google.com tcp
GB 142.250.200.33:443 lh4.googleusercontent.com tcp
GB 142.250.179.233:443 resources.blogblog.com tcp
GB 142.250.179.233:443 resources.blogblog.com tcp
GB 142.250.179.233:443 resources.blogblog.com tcp
GB 142.250.179.233:443 resources.blogblog.com tcp
GB 142.250.179.233:443 resources.blogblog.com tcp
GB 142.250.179.233:443 resources.blogblog.com tcp
GB 142.250.200.33:443 lh4.googleusercontent.com tcp
GB 142.250.200.33:443 lh4.googleusercontent.com tcp
GB 142.250.200.33:443 lh4.googleusercontent.com tcp
GB 142.250.200.33:443 lh4.googleusercontent.com tcp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
US 8.8.8.8:53 accounts.google.com udp
IE 209.85.203.84:443 accounts.google.com tcp
IE 209.85.203.84:443 accounts.google.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 anakgapteg.blogspot.com udp
US 8.8.8.8:53 api.htmlobfuscator.com udp
US 8.8.8.8:53 widgets.amung.us udp
DE 157.240.27.35:80 www.facebook.com tcp
DE 157.240.27.35:80 www.facebook.com tcp
GB 172.217.16.225:443 anakgapteg.blogspot.com tcp
GB 172.217.16.225:443 anakgapteg.blogspot.com tcp
US 199.59.243.228:80 api.htmlobfuscator.com tcp
US 199.59.243.228:80 api.htmlobfuscator.com tcp
US 172.67.8.141:80 widgets.amung.us tcp
US 172.67.8.141:80 widgets.amung.us tcp
US 8.8.8.8:53 lh5.googleusercontent.com udp
DE 157.240.27.35:443 www.facebook.com tcp
DE 157.240.27.35:443 www.facebook.com tcp
GB 142.250.200.33:443 lh5.googleusercontent.com tcp
GB 142.250.200.33:443 lh5.googleusercontent.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
DE 157.240.27.27:443 static.xx.fbcdn.net tcp
DE 157.240.27.27:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 2.18.190.73:80 crl.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
GB 184.25.193.234:80 www.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 56e20de5bef1b682cbd31b044d4d4896
SHA1 66c785e2c2b855e6270bf864d5bc4e5d1df2092f
SHA256 382b119488e67c402816b092eed02c86e6e6359d9d47131303f8638879d82b34
SHA512 c799be4ac3395684587a2f43cb32ccd7e63e5df613b0d901af44bef1774858a7730c10a68da52f124f1629b42cb1c6a4bc07886d1a923bdb8c7a00e1ecbf53b7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 be135ed48e35b889881872c6754796e7
SHA1 29fa310c94ec477d921a5993fca7e23813c99b9f
SHA256 fd2761c5b68c478f63b80df0009611a64518335b64b78e744229c00664384304
SHA512 224405b923852de565c2ffdb9f7d26496ebbd3bd91968aa317a734cbe404e1107e1495a6efde8a419278b6284de675b8b08844f24e48f05e082207c85e90ae1f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 40c58e3f2d84537e77b917544a2d028e
SHA1 14b461ecae412c44384e1c2deeee3dc0d79af25c
SHA256 cf3e59f53caed5ddc07ed848ac6156f39d073c73e7589a4fd9d2e71a861683f1
SHA512 8c482f6cb995b2602b30081abedde5a1a5163131ecb5da1bdcb7c9a9948a20cd751762e754f11bd62af5c4e1401d83a0c785e6ecc919898192487a2ecfc33eb3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

MD5 e935bc5762068caf3e24a2683b1b8a88
SHA1 82b70eb774c0756837fe8d7acbfeec05ecbf5463
SHA256 a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d
SHA512 bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 c34dbc16c652b445c9e088d6fbf7f058
SHA1 c6b64059770e35b04750811f08ef737c93dc6089
SHA256 bf87e26ac0ba624162cdb98685c4f8a5d2e9d030775aaa30d0a565a1cfe72c84
SHA512 a3dfe827dfebd44556c976d4374833813ce2750f8826399aaffce3d499c8d5e00d6950b900f5133d957073f16a5cbfcf13e1220a12967a648e5f3198bd6bef29

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 270911415d414b6fbc4d7026ce54fd80
SHA1 689079cc63b9e405865fe229e26ea93cfb9589e7
SHA256 0157a5aa60f7a5b24a0837ae55dd0d6b0817e9413e5e4d62ea101c51178c5410
SHA512 d33cf337df11d107aad257249802506ae2a46e98347358751243bb7c775be40a5353f94bac6b72bfe65b7d1e96af43d4c482015e7c58f0277cde756e0d0b4b19

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 461e4b25200c6011c9460fb9881c28b9
SHA1 06287f4274f52253c011f2cb26b5b3d9049ee8be
SHA256 c755f4c8ffe522e6ab64a6cabcfaa9cb6a83103076b33c9fd8f6a7f1fefad7df
SHA512 60abfa31383c0b482473359c11571539327102e1081d5b7b38a3d2708c9745a8283fbe237a1857509aaa2d3ae41ec589cb8f97bebefb6a6da7612235724ee2fb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 9754c6f7af21b45e4f8253ada0270e0c
SHA1 8efe1e1ac2a50cab271301039183175b78035f1a
SHA256 f2e8948948383d178822c4c9a8ab01c8818c7bb4532da80dc9f0153e8069fff0
SHA512 6965638d1dacbe32672c4f15a39433c6a0557d5e5c60afc39c48ceb3b1efc1da64cf941ce83efce5d8d0a55c13b78f4d12d6c5ce691b3f20ce1de22aea5dd449

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B3513D73A177A2707D910183759B389B_DFB78462C65FAC2750B89E1A8A1F9A53

MD5 c5df55214cc448b9c91afebca5af40b6
SHA1 5ad3f492f592bea7c23da8bb4fd925e444820782
SHA256 106595f43ced63b4f5e9ee54934f55e38ae2ac599aaf752ed37d8c80d2c8a9aa
SHA512 7a4cc93ad8c9222e3ca3e515118c7c48abb34cfa00a0cc8389ba5c5412b85fcc06a4e3f6695c66b82ff3c55452f85505d1b5759e4deacdec180f9f89330852dd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C02877841121CC45139CB51404116B25_2AC354D163B9A95ED11B23DFC6FCD931

MD5 c80d7da7ed9b579f8b3d13169ee05fcc
SHA1 48cdc9cb9bb148c37b1f7cbdb315be092e9d4584
SHA256 7465c0c34b23c35a8d26b8804a31520af36e9318d57baca735ad4a8b35396730
SHA512 6ee64894b3330e2026cc760145e7ef32f9ba90b29a1e907b9c2d9f558f34063358bad6e267413ac4a87ae062537abeccb5ac133db20c9e1788cb1a5397173dd0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C02877841121CC45139CB51404116B25_2AC354D163B9A95ED11B23DFC6FCD931

MD5 fcf322494636910d37abfa75099022c6
SHA1 85f3d9fbcb49cd630e2afa6598c40f67d03436e8
SHA256 69acef07f8e51c9e4cb146c1c123f775c89ecd2e06cd933d74e73b0bd881ee05
SHA512 ba4e47241cc79a2a9965aadb20e6c317d709b5706896167c401aa8d7590556ca634d48f77712d24b81ab70f4a61e967e8ae9e9fb124e191ff321a8f9a957accd

C:\Users\Admin\AppData\Local\Temp\Cab9BA5.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar9BA8.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8de3a60f6198c4c5c8088a92e8c60831
SHA1 ff2e0c5b5ac2268115e3aa41293b0eee072c83eb
SHA256 4adaa42b2023225031513996751ce00a77deaf0fae0134f3a754c31e2bd74d0c
SHA512 1aaf70973e671c3318fa7928da79a0d86dde21801633cb7f6c2b42dc9be8b31ca5fdf6acb97218acf2c49f9ae344ddac9d283ed4754e89300a07dfe8d30cbe04

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UQFHO95Z\recaptcha__en[1].js

MD5 19ddac3be88eda2c8263c5d52fa7f6bd
SHA1 c81720778f57c56244c72ce6ef402bb4de5f9619
SHA256 b261530f05e272e18b5b5c86d860c4979c82b5b6c538e1643b3c94fc9ba76dd6
SHA512 393015b8c7f14d5d4bdb9cceed7cd1477a7db07bc7c40bae7d0a48a2adfa7d56f9d1c3e4ec05c92fde152e72ffa6b75d8bf724e1f63f9bc21421125667afb05c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dacc59c641b67a0882e8b3339eb89456
SHA1 82d6db19d2614ea14fe82847581e0699012f641d
SHA256 e3a424e27eeb614b90dbea1bfd14135f1b7516923b4f689b62890fe2a073c535
SHA512 7fe393a31649105bea6b6f935afcd23acf50dc0b546813ac1fde64acd82e5e37d66ebd008a6fd7984a97b817cf56ae1854489e588fff8e2c58d7ac53598c4533

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2183c2f5960bd584874b81021a250b8c
SHA1 161753b38745c3dbaef90beb833b08cd9bb03bc0
SHA256 1b16e470daa38e1504016d4f0cfbe91ebe3e87676c0fb40331963ad4b96920c4
SHA512 a3ac977ee0af24cd0872ba764113522a6e16516a9cbeeb28bf1d6714f6313e0309917b9403279991685021d03afc87d308db814f0c29f7f60e5d0a3c106c0bb8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ed3e15a59a6d8a1341318dcb42cbb8ed
SHA1 553c5deda75cf8e2db2b6e35e44e527af60e0d45
SHA256 a5e72742f41ad72c0c5ba286a79deab41af4f471b1dc8197c277fb909dbe4ecf
SHA512 45bb0f942c14af43f69b25ae641a6d71b098077f7b2c68a59a6a65912a0b7b7defacd6331c9439360f593104920cb57efa4169c789cbc99656702878a8bbe4ae

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 01cb8447b18a83d7738f8d11d35e70fd
SHA1 63a6f7848566cb1f505b99093df64eae6ac6c501
SHA256 298a9159870e33a7b75c29a5b216c46336fe15e33ada3fb699455c1fb5a1592b
SHA512 263a2dbf5598d7c49a6a04b0226deb4f338069c11d53fdb22017e22a71f176416ce4f69b60e6aa02f7f01fe74b15f2523f90a9fd06ffabfda9bae90a2b3eaa0c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9e8d1d0a157abd92245621ea7148b559
SHA1 c19c6948b72e7aa269c9938f94f059a9c82bd5e3
SHA256 573825037b80145f5b5775e1e5152a69f597e3bdaa3649fe3a11d999784695c2
SHA512 4da77c1fe4eddf0b811b6f5b2ec89b674dbb846cd59bac16014011277631ac1bf285877846734500ae8bebf09bb76e0233f8cfa621e7b80f1ddf0c74ec82fc6a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 05456481f112eb9a82d787bed40bbc80
SHA1 04253bd08fb489a5f3ac3bcd3d0a30e1bb443a90
SHA256 b419e6f3ceb005f7bc93a60ee4df5af366e216af7a3eb77c706bb507a4b26c27
SHA512 64233cf82a32667aaea10a0f337c7cab6e35e3b178a35f02255d1a4bcd4a58e461d39275de15adfd7c4ac56a2dba6bba06c3eb469e47ce4d6c1190b6aa9b4242

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5967cfdc59ca7575924e12e65b451de0
SHA1 3040f7c4ee635e661391bdd86acb801d37282fab
SHA256 4874d6c5daa189a5581c1f190f87d7b1a2849eeba8c2008cdee45f36b720ce1e
SHA512 4df6451d7866ea76f1c721db282db51e55ec0d28c039879432bbf897db71d02db126b03ce1d9b25e54fbb7884162fc8006fe195fd6ee94825ebccdc0a94bbada

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5b93cec4d4528eba6de57c152c417043
SHA1 e6b578e4a52ecd332c1d9944f444256994078354
SHA256 52118943376cca8e63ce9921ba9c041592f7a8d9d664754345714cc1b1eae2f8
SHA512 af1587249ef693645f6d93b99da50f0e1c8f734fc672bcc1f76a0bc62fa03058a199ff363858748bd9b37c75b0205bfbc91b53a65d8ac9657e43f928e9f96b0a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1750d37012fc95d6082d9b7721447b22
SHA1 6b92385c235b091a5495387e1f02722f6ab7662f
SHA256 eb1310e48a67e502f0da04882d825ebf37b662edb04a02fac88ad8b1b8d8a954
SHA512 4d4f08c20ccc4ac650a5ca3be16556d6a36cc8370822654228c703d4a47c36960479e9f4d1dd536f37fb677a4e418a6313a5e54d587f8b36993eaf9ae10fe3f5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 68e9a3aa35b3c74d61e42a806fb2faa9
SHA1 f61be4b58facf2ff74d39f6c5dfbafc594fe1898
SHA256 f6a7084fe351789d23dd28afe7a2fccdf2b5f0cc038a7cc90733a5a06d28e936
SHA512 fddeae3e186ea0feb5eb53da58248462a60477f3a557e91a478356a3a619a2d159d49635b325cbbc44728c202a2809f6e5f1bc292d1dcf5cef92ff4740432bce

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a7eba73ff4dd99f7864107c799f1890f
SHA1 dc58f2318817bf89b61a8c70d5ed863fa1616383
SHA256 e50ad6c07576f104f53627bd02eac4d588270ef8335b8f6fd0622d6cce772391
SHA512 2c48cc4f54dde4b0d358276021d1429cc0e71b7a66de428fb874034243efb63f5392491303fc612135d36ed4dbbce8d5b1797c1b0bf511ba9e3b2624c7e9f958

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a9cdafd7b416f91332384f0a8ab37832
SHA1 83318ff1fbe4eaa94ea30256dcbe6510001e0749
SHA256 60a7d0a54769106784fb40920e571ee086f1ef352efe4a5a4715eab3ccb67c45
SHA512 5fdf36ee4a5700e8620de19f26e60145911cf07445c1458faf0ab1aacb56cefae622eb59ae28d0857a17f559867d3456e71dec69d7dcae58327a573848ceac78

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 fea6c7a1a8f141bd2eea7b195d2a939a
SHA1 d190b9b35b22c2c70b4786e13cd95ed5df06abb9
SHA256 69f1001215651c3a78c55d0b4540c994eb4f74832d15eb83cbbf3a4926649132
SHA512 ff09175d5b943f00fa8f7e7a2a9fac6adfc5827fc7659843cb9f223742c8555f732cc18622fd0511fa463c33c70ac825ed979424d0cbd1bbb99b3212a27e6498

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1b8664df2c39e0d789226f1ad51f2dc9
SHA1 3ff0918bd3089c2832ba13fbe0608c9705467460
SHA256 43f9e3ea215c6c713d1c65f2bfd5112bc21ca3aecb446245af243338e820cb59
SHA512 55c03fddfa4573e8194632e4edf5e02f82f5d64c4401d17c7975083da30237abf9ec3d6bed4028f8948d189d33905e7cf3ebc1ee599e0b6ae454c41131f9bbde

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5891586f6227e283ae1888b21a6d4c6b
SHA1 7ae3a5e90f47c28f5a735aaabc0de935d0115b2e
SHA256 cb10fac911a61c1ca8fbc51c6b815eca3fbac459afb5841b678dc53449116e2d
SHA512 d620abca4c2b489fcd9d57dea03c32e5cfc44c2f44762bd959fabe848af97c2fc8ccf7cac5dd43ad6dc9224c6f831117ba3b0f5da317fa8b1da01c76406d79eb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c0c9ebf450579e98a25f02c9e6a7970b
SHA1 4f9e3bc247bc3cd65aa714ed878d43bd377e1864
SHA256 670677e287ed1a9dda8bfcce11b6ed56c98b0927ed7002390b15f766743c3298
SHA512 9e6c5cb00f2c3fcab1d46af460402c9c6c54e4a61da6e006575824ee6d6121753265763dbe239d2a9b6f7d380b5a54ab0052aab44c72a4473600373376a4c5ec

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 90f888e8adb01e6449e28d8dbc4c2770
SHA1 ba1ac9f50cf452d1797913eef65f5f65468f10b6
SHA256 dd54bc9b93b84a376751e8cda86d5f51d771754544c1b38fb2ba629da49e2c00
SHA512 217c9fb2595b3f905944730ebb3ea27ef05ddb11eeab40be5c2dc958281fe8f0b83fcf1b7358e5cc2d33ea38aa492a9ba0b457b7428315715471a6dcf9f4dd6e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b608edb7a38bc2c6ce57892a9b3fdf98
SHA1 1fbfd10f6ad8d61e2f22a6b7148f92a5a63f9499
SHA256 879b807babee265a9a6bbf4b7750cb8e947ac97e6015d46d8c9f4977d18daab3
SHA512 f179113ba91d6d9b4fdad1ba4efa6be7c6b63bcfea1f92472ec4b9edcfb26f20d29f22cbdcb4355f91c3eecf281c32818101964e637ec127b9aa23a71a74c761

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 35e481f49a85a85a1cc847932cbc1d34
SHA1 93fa5e783bdaf69e64c7710ba979cb1ad178cbab
SHA256 22d1485f72906b78f308a6e70a1b98b16dd0a439fd8e7e09249fdd0b6df8cdcf
SHA512 1a4ca7ad5c6e5082820d723794ead6cabea68b47a2f649a736d0d25e2366d730934e7b70f4323107b1ac7cd6f7833a873be930e0f1e4336a14143f219b046460

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 18e2bf7ea0d860f79e0590e8ec117f45
SHA1 6c14ab14051dfb6b8a5f3634bbb9ee348a46980f
SHA256 5d4a4c1b6cb0fa3a1bb511389bccf32cfc070d865e0a7c7f500dc3f34d8a7146
SHA512 3b8005b2652c682849f4141cc3708ffd0543fff852d1519de6c1714b23ba96011b9b0a9204e045bb9ef1f22c68833de822901793bae9b5dea1bef80f499094f1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 76ef91f6fc38f5a7e24632166ff2b3cf
SHA1 07c437be0fd6e3e72df4b10e2590493fdb36a1c8
SHA256 ae98dd3012bd1ebed2e809fc6287b427f575ced6923fb329aca98634c89f2a6c
SHA512 b14feb8e359d3e255c9f160da407cdb87ed970c272fb0393c7692be7cb7b27c2c481b1372704998d18fb649c62d42a2227f453050ca0002cb15c8b8f25039182

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 097482d108364d6e637080e5efc6d74a
SHA1 73e7e2887334eaf9a9e3edc04ea414596d903c93
SHA256 d6ee86ce7c5f48b7033665f2ec58371acd8cfe1a26952d7e4da6408080be449b
SHA512 3e4f3f7004c876b78557bc28d1ef8acb458d8d9647c6c2ed141c4ae2ac84da9f80743c1adb91cdaafaa6a78b0284e9edf6fe355b35b2b886f4cefc232368d251

Analysis: behavioral2

Detonation Overview

Submitted

2025-01-07 22:13

Reported

2025-01-07 22:15

Platform

win10v2004-20241007-en

Max time kernel

145s

Max time network

157s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_7c0a3bf4e22564fb2a0d3840a2576a56.html

Signatures

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 736 wrote to memory of 4428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 736 wrote to memory of 4428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 736 wrote to memory of 1424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 736 wrote to memory of 1424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 736 wrote to memory of 1424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 736 wrote to memory of 1424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 736 wrote to memory of 1424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 736 wrote to memory of 1424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 736 wrote to memory of 1424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 736 wrote to memory of 1424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 736 wrote to memory of 1424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 736 wrote to memory of 1424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 736 wrote to memory of 1424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 736 wrote to memory of 1424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 736 wrote to memory of 1424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 736 wrote to memory of 1424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 736 wrote to memory of 1424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 736 wrote to memory of 1424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 736 wrote to memory of 1424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 736 wrote to memory of 1424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 736 wrote to memory of 1424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 736 wrote to memory of 1424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 736 wrote to memory of 1424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 736 wrote to memory of 1424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 736 wrote to memory of 1424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 736 wrote to memory of 1424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 736 wrote to memory of 1424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 736 wrote to memory of 1424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 736 wrote to memory of 1424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 736 wrote to memory of 1424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 736 wrote to memory of 1424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 736 wrote to memory of 1424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 736 wrote to memory of 1424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 736 wrote to memory of 1424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 736 wrote to memory of 1424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 736 wrote to memory of 1424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 736 wrote to memory of 1424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 736 wrote to memory of 1424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 736 wrote to memory of 1424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 736 wrote to memory of 1424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 736 wrote to memory of 1424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 736 wrote to memory of 1424 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 736 wrote to memory of 4004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 736 wrote to memory of 4004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 736 wrote to memory of 4800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 736 wrote to memory of 4800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 736 wrote to memory of 4800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 736 wrote to memory of 4800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 736 wrote to memory of 4800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 736 wrote to memory of 4800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 736 wrote to memory of 4800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 736 wrote to memory of 4800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 736 wrote to memory of 4800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 736 wrote to memory of 4800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 736 wrote to memory of 4800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 736 wrote to memory of 4800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 736 wrote to memory of 4800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 736 wrote to memory of 4800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 736 wrote to memory of 4800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 736 wrote to memory of 4800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 736 wrote to memory of 4800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 736 wrote to memory of 4800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 736 wrote to memory of 4800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 736 wrote to memory of 4800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_7c0a3bf4e22564fb2a0d3840a2576a56.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8974b46f8,0x7ff8974b4708,0x7ff8974b4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,8314203386130577340,14661398898354563175,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,8314203386130577340,14661398898354563175,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,8314203386130577340,14661398898354563175,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2740 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8314203386130577340,14661398898354563175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8314203386130577340,14661398898354563175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8314203386130577340,14661398898354563175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8314203386130577340,14661398898354563175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8314203386130577340,14661398898354563175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3144 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8314203386130577340,14661398898354563175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,8314203386130577340,14661398898354563175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4828 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,8314203386130577340,14661398898354563175,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7120 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 sites.google.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
GB 172.217.16.234:443 ajax.googleapis.com tcp
GB 142.250.179.233:443 www.blogger.com tcp
GB 172.217.169.14:443 sites.google.com tcp
GB 172.217.16.225:445 1.bp.blogspot.com tcp
GB 142.250.179.233:443 www.blogger.com udp
GB 172.217.16.234:443 ajax.googleapis.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
US 8.8.8.8:53 lh6.googleusercontent.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 lh4.googleusercontent.com udp
GB 142.250.179.233:443 resources.blogblog.com tcp
GB 142.250.200.33:443 lh4.googleusercontent.com tcp
GB 142.250.200.33:443 lh4.googleusercontent.com tcp
GB 172.217.169.14:443 sites.google.com udp
GB 142.250.200.33:443 lh4.googleusercontent.com tcp
GB 142.250.200.33:443 lh4.googleusercontent.com tcp
GB 142.250.200.33:443 lh4.googleusercontent.com tcp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 233.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 234.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 14.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 33.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 1.bp.blogspot.com udp
GB 172.217.16.225:139 1.bp.blogspot.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 s7.addthis.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 anakgapteg.blogspot.com udp
DE 157.240.27.35:80 www.facebook.com tcp
GB 172.217.16.225:445 anakgapteg.blogspot.com tcp
GB 172.217.16.225:443 anakgapteg.blogspot.com tcp
GB 172.217.16.225:443 anakgapteg.blogspot.com tcp
US 8.8.8.8:53 api.htmlobfuscator.com udp
US 8.8.8.8:53 widgets.amung.us udp
DE 157.240.27.35:443 www.facebook.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.facebook.com udp
US 199.59.243.228:80 api.htmlobfuscator.com tcp
DE 157.240.27.35:445 www.facebook.com tcp
US 104.22.75.171:80 widgets.amung.us tcp
IE 209.85.203.84:443 accounts.google.com tcp
US 8.8.8.8:53 t.dtscout.com udp
US 141.101.120.10:443 t.dtscout.com tcp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 35.27.240.157.in-addr.arpa udp
US 8.8.8.8:53 225.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 228.243.59.199.in-addr.arpa udp
US 8.8.8.8:53 171.75.22.104.in-addr.arpa udp
US 8.8.8.8:53 84.203.85.209.in-addr.arpa udp
US 8.8.8.8:53 10.120.101.141.in-addr.arpa udp
GB 142.250.179.233:443 resources.blogblog.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
GB 172.217.16.225:139 2.bp.blogspot.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 195.187.250.142.in-addr.arpa udp
GB 142.250.187.196:443 www.google.com udp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 4.bp.blogspot.com udp
GB 172.217.16.225:445 4.bp.blogspot.com tcp
US 8.8.8.8:53 4.bp.blogspot.com udp
GB 172.217.16.225:139 4.bp.blogspot.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.179.238:443 play.google.com tcp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 8.153.16.2.in-addr.arpa udp
US 8.8.8.8:53 xslt.alexa.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
GB 216.58.201.106:445 ajax.googleapis.com tcp
GB 172.217.16.234:139 ajax.googleapis.com tcp
GB 172.217.16.225:445 4.bp.blogspot.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 lh5.googleusercontent.com udp
GB 157.240.214.35:443 www.facebook.com tcp
GB 142.250.200.33:443 lh5.googleusercontent.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
DE 157.240.27.27:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 35.214.240.157.in-addr.arpa udp
GB 172.217.16.225:139 4.bp.blogspot.com tcp
US 8.8.8.8:53 27.27.240.157.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
GB 142.250.187.195:445 fonts.gstatic.com tcp
GB 142.250.187.195:139 fonts.gstatic.com tcp
US 8.8.8.8:53 www.blogblog.com udp
GB 142.250.179.233:445 www.blogblog.com tcp
US 8.8.8.8:53 www.blogblog.com udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 c2d9eeb3fdd75834f0ac3f9767de8d6f
SHA1 4d16a7e82190f8490a00008bd53d85fb92e379b0
SHA256 1e5efb5f1d78a4cc269cb116307e9d767fc5ad8a18e6cf95c81c61d7b1da5c66
SHA512 d92f995f9e096ecc0a7b8b4aca336aeef0e7b919fe7fe008169f0b87da84d018971ba5728141557d42a0fc562a25191bd85e0d7354c401b09e8b62cdc44b6dcd

\??\pipe\LOCAL\crashpad_736_NOVFDLNSBVGDOQKG

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e55832d7cd7e868a2c087c4c73678018
SHA1 ed7a2f6d6437e907218ffba9128802eaf414a0eb
SHA256 a4d7777b980ec53de3a70aca8fb25b77e9b53187e7d2f0fa1a729ee9a35da574
SHA512 897fdebf1a9269a1bf1e3a791f6ee9ab7c24c9d75eeff65ac9599764e1c8585784e1837ba5321d90af0b004af121b2206081a6fb1b1ad571a0051ee33d3f5c5f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7d91cb1d8ecd2a0a5191e5197f42eb7e
SHA1 a0bcb63d61dcb0397414c6fffb66e113e356dff3
SHA256 5cb7782a749c88d641e2ce5d357ef13d105217963d3177dadfa1c5d4c858be8a
SHA512 4b9ce3d9cf9392bf33bf91da9012a41d2985f469804c763e20c6c8a748af87e73a03b6de7ab5417af955093c32dea57b2ad7d86d5caef7af7804aaf73232a126

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 be5911e7cf0f9a9eb263170ac9f0d0b5
SHA1 a7b85bf573c1f06d39cc38e2b8987ba2fe6c4b37
SHA256 f252635621f80ad4a15159963d15cde1085011927a1c7a01083933974911ef1f
SHA512 daa56bc70470aac1d71da227fceb5af7ede9c3e80717f536957611eb6a5abe74151ab91c621eff916750fcc0e080e5a02cac61621df907aaeb5ceb50ca0892ae

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 774135dfe95f68f9f6285e7ac17ba3bb
SHA1 2cd3b2e9a0e5f803fee9cc1a39fe83144231932c
SHA256 0efdcdbbda1970763bc00b5fb5bd0523bfd7c09eb0aefc8ea238b9e5e76c3d36
SHA512 e4da0140d7093a12996d187fd5cd1d4557a479619a7108d9c670eea6b4fe0f553c4a313bd86f013a195d8ec9685078b4ef8fac29b22ee745acf4fd6a3a322fbe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

MD5 d79b35ccf8e6af6714eb612714349097
SHA1 eb3ccc9ed29830df42f3fd129951cb8b791aaf98
SHA256 c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365
SHA512 f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 8103809a3da8a57e5dde3fdaa504a3ef
SHA1 4f07f083813d607db33366c18735648e8b2b9e61
SHA256 bcc86a61e88aa5db7c5b883454359fc86e1eefa21b782f2ed876b6a2257e2c14
SHA512 3b7e3aeb04b73156dc304d5d4ec43dc88b3260c19fbe191a8c67dabd9f2e6ea0ce45a18e6632af4151970e48b0a60872f5bbb3eb9ddf5807a1d858becef7e542

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 217945a4b55c8adafec76ee79d7cd6ff
SHA1 b86d3e8e3086a6599fd71c272e1a55c545ed9f7b
SHA256 6116a964af9c48fed589040e085f1d89db58bb083ecc73a31d9706d512ad15b9
SHA512 260b0659c4aea83823b36411aa8632fe005e9ef7eecffaed427badca8c59277b3d832605cfb6609038d5a9dd79298d0fb1dc0e2f7c48d994babddb78bad13b01

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\51481d52-9dd4-4bdc-ac56-fa099b7544ca.tmp

MD5 349aea759392c4e3836b083c8f14eb47
SHA1 4d561cc63f038c81c84cc740e9902adb39424508
SHA256 f15c3d7328981a5d5fef3c9e1df1a3824b74b4dd8ca1a0bae906d6f494655a3f
SHA512 2ca28dbb04e10965b3dbf897ba111f0ae77a82debbf0d613b8f7ef06e211b9a500b08cc75475eb0d79a3926e49c20b0e253e52afb983cdaac88b4df85b068e3a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e626c21aa60120421c1f2286133afe15
SHA1 f7a014efa9bb4a691d3f4e5a64a4023f79b56705
SHA256 2f3fec7d4ce8b65a113e8b8e837acbabdbb002991bed510798cf0a7450a740f4
SHA512 994f4bc3f3c25e4cd3cb0508c8e749bacd6b1090c2b91665b600101a90e73420bd31d324731db71f575a4888ac8018dd299b1bb0f63e9b34ef72614361c817c3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5946c3.TMP

MD5 3c5b99fbd334dd8471ba0cb701c9fd55
SHA1 7dcbdb38e022c0ea9b15fb75361ea924483d6e8e
SHA256 02565988b94e733f5184ac0df5fa46d375b7917fc26ff37c45267618b8c5a549
SHA512 48ae3cd3dd923efdb288d1b62f1b227d8c3e9958063bf130a1f9889f6ff58e2bfbc9a2d223eade60613eac579a3bd87cb827b11c1b0a121af4def48596c28341