Malware Analysis Report

2025-03-14 21:43

Sample ID 250108-mw7h5awraz
Target JaffaCakes118_9ba34bcf15fc8f343619928392d52e9d
SHA256 6f85fbe7b5924665f4202ad0ca6872d0b2fa11fb0cc4518567197a335e51d2b0
Tags
google discovery phishing
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

6f85fbe7b5924665f4202ad0ca6872d0b2fa11fb0cc4518567197a335e51d2b0

Threat Level: Known bad

The file JaffaCakes118_9ba34bcf15fc8f343619928392d52e9d was found to be: Known bad.

Malicious Activity Summary

google discovery phishing

Detected google phishing page

Legitimate hosting services abused for malware hosting/C2

System Location Discovery: System Language Discovery

Browser Information Discovery

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Enumerates system info in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-01-08 10:49

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-01-08 10:49

Reported

2025-01-08 10:52

Platform

win7-20240903-en

Max time kernel

134s

Max time network

135s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_9ba34bcf15fc8f343619928392d52e9d.html

Signatures

Detected google phishing page

phishing google

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4E4A9141-CDAE-11EF-8250-E62D5E492327} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007fdea4a8840b694ea1eb06949309d384000000000200000000001066000000010000200000002728ebec30d198cfeb00168c448b82eba54d702f5bedc35f2190a70b963aa10d000000000e800000000200002000000089f195599dedca09c88085efc472db2a0af6b7f4a29ceb2253c5d8256c9dfe8b2000000063ee881bdd1551068ba1e57b5d22ea1b5337650530a737c091a30e97686837c940000000eaa3de640141a5fa21685478af54ce1680ef456f72e3bde525e846451430a9b2a1aefe94f55bcb3155211c1339b60a1ea1c3341c8ae8ffa5e06020cdc3215ed2 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70a89d2cbb61db01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007fdea4a8840b694ea1eb06949309d384000000000200000000001066000000010000200000008594b1a6615aeb66a66ad7c405ffed1351945d30d7fbe69677277f91a2d63cca000000000e8000000002000020000000daea2bf36a897ad436a3b6b7dd59b1259d77bdc11d7ed936739a31446e0c675c900000008483dfac92a5bfea6560d00bbc56de1ed8ba2d619f55a85fd7ee03743b05b644c5ac49df85b33685c603544ce3860bcaaaf31b26d732fb9fbefbe017ddf2269aada75d616a6df0f042120f6e5c4c6eb678ce25aae4367a0d09658636ddbb6b1acbb8c1c6f6a64cf38677da19539ab053c5c5f0fceae495e11534f499bc04f5efe98ac9bd7a578b5834d58597f9e84fc4400000009377bd26307f31fe2c2281627f7a753989c53e614a140200bd428f6552eb0cf16c2cbae7860a22b829236d4100d6a6f25b1e0ed00fdee92b2e95fe9af69f28e9 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "442495267" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_9ba34bcf15fc8f343619928392d52e9d.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2392 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 sites.google.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 lh5.googleusercontent.com udp
US 8.8.8.8:53 js-css-image.googlecode.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 lh4.googleusercontent.com udp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
US 8.8.8.8:53 encrypted-tbn3.gstatic.com udp
US 8.8.8.8:53 encrypted-tbn1.gstatic.com udp
US 8.8.8.8:53 widget.adnet.vn udp
GB 142.250.178.10:80 ajax.googleapis.com tcp
GB 142.250.178.10:80 ajax.googleapis.com tcp
GB 216.58.201.110:443 encrypted-tbn3.gstatic.com tcp
GB 216.58.201.110:443 encrypted-tbn3.gstatic.com tcp
GB 142.250.178.14:443 apis.google.com tcp
GB 142.250.178.14:443 apis.google.com tcp
GB 142.250.200.33:443 lh4.googleusercontent.com tcp
GB 142.250.200.33:443 lh4.googleusercontent.com tcp
GB 142.250.200.33:443 lh4.googleusercontent.com tcp
GB 216.58.204.78:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.200.33:443 lh4.googleusercontent.com tcp
GB 216.58.204.78:443 encrypted-tbn0.gstatic.com tcp
IE 74.125.193.82:80 js-css-image.googlecode.com tcp
GB 142.250.200.14:443 encrypted-tbn1.gstatic.com tcp
IE 74.125.193.82:80 js-css-image.googlecode.com tcp
GB 142.250.200.14:443 encrypted-tbn1.gstatic.com tcp
GB 172.217.169.14:443 sites.google.com tcp
GB 172.217.169.14:443 sites.google.com tcp
GB 172.217.169.14:443 sites.google.com tcp
GB 142.250.179.233:443 www.blogger.com tcp
GB 142.250.179.233:443 www.blogger.com tcp
GB 172.217.169.14:443 sites.google.com tcp
GB 142.250.179.233:443 www.blogger.com tcp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
US 8.8.8.8:53 accounts.google.com udp
IE 209.85.203.84:443 accounts.google.com tcp
IE 209.85.203.84:443 accounts.google.com tcp
IE 209.85.203.84:443 accounts.google.com tcp
GB 142.250.178.3:80 o.pki.goog tcp
IE 209.85.203.84:443 accounts.google.com tcp
IE 209.85.203.84:443 accounts.google.com tcp
IE 209.85.203.84:443 accounts.google.com tcp
US 8.8.8.8:53 lh3.googleusercontent.com udp
GB 142.250.178.14:443 apis.google.com tcp
US 8.8.8.8:53 lh6.googleusercontent.com udp
US 8.8.8.8:53 s0.adnet.vn udp
GB 142.250.200.33:443 lh6.googleusercontent.com tcp
GB 142.250.200.33:443 lh6.googleusercontent.com tcp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.147.35:80 www.facebook.com tcp
GB 163.70.147.35:80 www.facebook.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 142.250.200.3:443 ssl.gstatic.com tcp
GB 142.250.200.3:443 ssl.gstatic.com tcp
GB 142.250.200.33:443 lh6.googleusercontent.com tcp
GB 142.250.200.33:443 lh6.googleusercontent.com tcp
IE 209.85.203.84:443 accounts.google.com tcp
IE 209.85.203.84:443 accounts.google.com tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 88.221.134.146:80 crl.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
GB 95.100.245.144:80 www.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 68633def49b0b9471878462b556f9402
SHA1 299181eee5cefaaf03ae5e4f968baacfda7ce254
SHA256 1df858c748876dadfc71081db56ff48c3d3c7bafaf538e368af96ff2bd532c30
SHA512 11a27cc58c127bd76d28dcc4a1a21f5400457e3c14ca52d6dbcb5f0d8eeffc227c4ec2a70f4f104eac7f89f2bfc9dc401625e220407ccbb12a37e5580778bc0e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 7ac1791f24537326f65343cff2de5c94
SHA1 bcfb13cd7d822394345416998eda14a45312fb36
SHA256 8c62ab81fc06fd2a5484f02b82c6159efcc71cd8587fefa04b797369a40c3355
SHA512 71af52e070277680accd8696d64cbcbdb71931160764c3eb19e8c512f93529c8b998b1663910e99c0e2e5246a62295454a4b2c0757b781c7969a1700d466b5ad

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 77d3e81af3a8870e46107ebad87e2339
SHA1 260f37b76329406d2ff1037fe9e71017a9f81a7f
SHA256 b553e7b0f00301b0a8ade0f02fea200ab0d90898754dec19e7ad2d55d9006191
SHA512 44143a2eb4932f3867bc909bcbf224e15ee0f86914266648be91cfe003a47fd06c9e9fa5d772f4214a0f0cb4580a2278c51cbeb909815a5705a4a08d60788d49

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

MD5 e935bc5762068caf3e24a2683b1b8a88
SHA1 82b70eb774c0756837fe8d7acbfeec05ecbf5463
SHA256 a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d
SHA512 bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 5571c88bae4099fcb48a68a4f03bed0a
SHA1 4b286d64408c43ef4025159ba440f2b98ffff841
SHA256 7925f4362089f6d090ab72fd3e46699fcba45510afa301815f5d9372f3136f4b
SHA512 86bb66b4045ceb10832e9241e9db76370cb2c54fb7004f33ea3316f1a60265e5ef8d41f13bb964616412125435787cf3d60a8ad02f0246bf199e8d74f506c216

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 5caa617e7e52ae4c3be112a173ac8015
SHA1 7963bc53c25d3001a3d96c17b7bf00eb747ffdfa
SHA256 f376b1bb73b670a3782261922dedca9c793127d2cd71adf6e25e4d37e928b1d7
SHA512 cbee8d8292c888f872cf2afdecee66fc387712ef843e09803754791f8c306ddd3c4aa3e098b418f7e30c49c093db6cfe8f3e7875533d0b5dc97f616843ca9613

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6DA548C7E5915679F87E910D6581DEF1_449C1568AC7FF091AC6332B7D71A1467

MD5 59d9a21abf020a52a47440a4549b1ddb
SHA1 2278f6fca77f757d9f1bff60d4e26d17b5c334a0
SHA256 98a4170b9c0f81f0aac998ec2715b78a7aa23d671be198e1c6ffc4923e6d7439
SHA512 2e7a98b299a5d882fc48c57b08c506fe2fb36b4eec05d590af2f38ca77ac9f09f8a2b2dbc730e0f42eac0a6f38edddc958b86ed023c30da34100557f584f4121

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PLSLTMYI\plusone[1].js

MD5 3c91ec4a05ec32f698b60dc011298dd8
SHA1 f10f0516a67aaf4590d49159cf9d36312653a55e
SHA256 96b335b41362fd966c7e5e547db375ef0be7dcb2aec66bf3646782eeaed4b2cf
SHA512 05345e754b39e9f83514bc3e14b52f3cbf321738fd7d973da55db99035b11b4152fedce2c203eb34376cc9e18571db514ff9fbcb4174a2dd7cca7e439cd25944

C:\Users\Admin\AppData\Local\Temp\CabEE66.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\TarEE69.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 403006b64a2d9eca3d15f55844371189
SHA1 2ae366d065a81f355c14819edd92942dca46feb5
SHA256 3e095eb29ae49267718228ba9be4249e53587d9a83af58d02b96dec5b24580dd
SHA512 3c40a213ff17f77092005b0cd5f760c58766f21aca56329d92529d51bc54677880edb95f90614f189e8947fa68cb4d395bdc06fc84e43e7cc836625929979387

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\633SXO0D\cb=gapi[2].js

MD5 b103bb58d9e7cecaa60bdf377d328918
SHA1 0f094c307bceef833a64f408d2f749a10f79de44
SHA256 81dcd274347bd909cf132d3c8bcc9924e41921c33eca07fd6fe5e2a59ca4f5b7
SHA512 b1a4fa329b76df7c861771e1dc36749155895dff623cd916811f2af8c95f3bcf9fe75a3b9a56833f066a227444982ff4883459e24f7eead79b521c2ffdcaa844

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fa13e3b369776797b17381cc579a4d1c
SHA1 2e94cf406a5485e55022ccedbd332d036dcd8ed7
SHA256 05a5e8103c7e7b5aae7eb28401b8f7caf4887f2413b1a774ba86eceb620d5996
SHA512 8ab4d66c6ec15cf872f0cf5eeb1c481bcb97b73c232da8b826a18435d007813c1918c432fd6c7982eb5408a0ca4c88fad8483dc11adb0f5e847de96f807bceb2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fcce44e32de5340b56c0dd649210dd64
SHA1 1b6c24caedaa1e426c600a87a71aadfec32776b8
SHA256 cdccb9f1cb5c34a3b03a46cfeef9b87815364ff54e8c3095d4ea0a94cc9d92d8
SHA512 2521323529b0fdbeb8e4339e800edcc29c49ad956069620dd6ebd0f51e429eae94cd1b6594c18bc10583fab82afa2a91ce20b819946031bba36ef6ba404395fa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0fa8d67f453d871fc9e903a66efb38c0
SHA1 a6d07596f58e9151b0606f2e870bebeb1460b000
SHA256 16cadddcc28785c7acd2aafc42741bd9e67eb96f7a8422d6e8e23d305d8ca8f0
SHA512 d3f5d19a0a7360d76721c4055d86ca0dc171b8ad993befb61202d6e9132045601b6ffe51cfc31b21dd3fef21233d1403fca9ab3b9a97ba446a6a794cb5f941ab

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0dfa9ea07eb73b76b9e5c1cb3dda382d
SHA1 3a5d14d81ee2d1b5b45b1cd30f61068dea663b08
SHA256 cbec1fb05ca9c5fa271736396625c7236045d70bebd29e9ab19d785ceaeb7d2c
SHA512 33b5fcfd468519bd071400d0065b4a256db28e3cefcb9bd87e1db9fa8066ed4a69865040c25d27f90208b3c5c59254a493aa28c719a90ec95cbaf04413e930e8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1f6d4825d41a130e3e30b0ba982ac2e8
SHA1 4a143f135450ce10219b5804ded267b2c54f96cc
SHA256 ed87cfa637bd8ceacbedf6d8ed61764ec96a3b419beab11d5d636a07f61f26d2
SHA512 273461826d2318e5ddd79befc10c8d3c9c3b25e3d16490b95a096d4195f052e4442b0af3a3ce0410c7dd42a284f78d44ffb0dff203762ab365e09e6c401d7bae

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a70b5d539a61507db3f4ba8bd63651eb
SHA1 d403081e57e21038970ce044f57e8c6c162f62f6
SHA256 da0a8c30ff018378a0fdc64f0077b17b21e198ecd0f26ff33495ffb9602e665e
SHA512 8ca13dca8d03855c95ecb2827fc71e6cdb45664838e57fb52e7b348ec1401e7ac950a4c966df02eb7093028e88a8c483547654f7370dab28a60fec71f9cf54b6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 080e35843899076f621646612cc6da3f
SHA1 234440181129932481e6ac0763abc1083c5216e1
SHA256 fea378318ac8f6b00b7d01b6458224e45ee5e45a810126796f2d5b3f44fdf065
SHA512 26e4e009cbdf1e04744cef0059dd93d24129eed5667c01b877263b7706ca8b618d0a40d042c45488c716ebcedaf04ffe6306ee27c38422cb875841d295e74f3c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c05e228a7962c629ad80616bdc47471c
SHA1 303e3ac18a14498087580eb75111fd85a1ef10fe
SHA256 ea74e241fc56e06508193096dda33987607c765f61a87e3d0f14b7265bc1f94a
SHA512 ce3483c46c03db3762f43773a5642b8e4d401fb4c8e70ec68ef6c0b82a4480e3aed5b14bed5dae95f1ee64bf562b64b2b446be77a8abfcc933fbdb40c9e5ef41

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 76102bcb2472dd94c7711008e6d3702e
SHA1 602cba68e5cb1de55df945bad2ec85c4dc83cad1
SHA256 fa3002ccbf8e284498e1b84294cdbf4123bc551fb3d513c2d2454fd42b3c9316
SHA512 54fe5a524227e84bed68f81a579ced0788b625bd070db63b0e75072b4c07f99b45ac593040ae0008edcb0b7f4700bb1ea9f718a958c194f3a92026f20127ccb5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7254919e5c887d5a5ebaa86019c9085c
SHA1 b6f77427977aeb14b9b7f0a774ceec8735ed301c
SHA256 77471b54732d19b48c24694910e5b6daaabbeb220fc4a2b7d94269b886baf11c
SHA512 f3e95a5aa552363d6d134ead69ba7dd70106fcf25bfe05c73349a296241ac5306952e51b63aa5260846b89e6b60fb1ea4e232bb3808fb48c606783ce29e38e23

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f05ccfa2d9fc030b52ca209a2e92333c
SHA1 d64a212aea3b431739e0f65f1fcbf6f9f7200f5e
SHA256 5e3242968a6c30175bbd1582d1e20a25cb30a2539980377d549e7188059b422b
SHA512 be2615ab62949700b0a3e9db0233d9b063c681180c7f32315d8f738cc6a886ad44806a5191a9aa3e5769c031740c380d6ffcf85e31c70f37b2040b7a41b4fcf7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 4d52970741600745e332c7bcb99d7e95
SHA1 03db20a7a194a7cd690f4237b3fe954baa2046fd
SHA256 4aa029fbed62dc0abcad5df23827294f2a73eb4f7d2b2eeec2dee5de8ecbb12b
SHA512 e382c6e6b839ec5a8fd7a43f0732b187e2132bd373bdefabde10d7b1f88764a438c975c7df752e3233703feef361979fbcde02d27a18d13dde84fd23ce1d02b1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9f8a81c69179cd207d9e734202a800ad
SHA1 c55c94708574a111713a801bd253369d349eb234
SHA256 55974ed46c8181ead223284a8db3d17126a5209d11266720f65fce9751ae2b9c
SHA512 24de414a51dba25503ed2612060da5d8679258a0c71cccbd4d6682d05383fcf4ed5bd2f311ca78d3f6a1657b5f82258abb53eca9495c6ebc0ff709bb87e7ec64

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 af9076bff812509ae38a29af145a4175
SHA1 5ab7e68d58e8c070da47f85f534cbd3f252f5850
SHA256 017e93fbceef6326a05a215acb8a1265a37d031323fb1a88ca3159cd39d9f8d4
SHA512 a07aecdb9ff6d78e6bdadc768345a92a9bae2ada8cd3c3d797aba9e5b985773748da937cbc71e9fb9a1feb5cac4cc22ddb27a58715c2ae6916f452071241617e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0df2b4667653eb49d2746c5900cfc119
SHA1 3bcc9b85672fad058211ae74e1e1fd350b3b4838
SHA256 03b4486e0b0adb8ff50cd25f25b221ac7edd05d5d9e471372b829a656cd4404c
SHA512 cb61c3db3956bcd900944630e9b4b5230e54083395eef250fba2bfbcf627ffceb7946f0fd23ae341b6a45344f899b8d694634243c4527a83f5feb2f7f89602cb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 10fc7d7ba5325a54d58d75cae35eacff
SHA1 9f3ddb266d902fb9dc11545bec2422740ad9cd8a
SHA256 cc46697d65fa2b4b64ce192302c50a0b402b074adc3b89e7bb87a0bb650645fd
SHA512 587574e974a8da80938a5b076192b3e72ab49156a8bc16e610ac9455a3a630ceb4d280a246d878c9a39b5575960c7753ad14c3c18f4a80f2428a6c0e48cae5e3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6d5e2ee0ee8265137a2986c776b552c6
SHA1 d720b90c4acaf2250e5447bbc7bc925dfe487506
SHA256 e2bc45ca378e6fb29f27c3c9370a07c7fa68cb7ddc8979770544512c1c625499
SHA512 a4ca5c55758d03b2b87e10927734d2ba201b4701876d5feb142bcd285de7e74e03c341c73ff3cd8558fa7e6f92914d72d82f6a45563f3a1608beb7fe704ec0fb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a34ac489c8a34abedc87b71e0cbd6a7d
SHA1 256de08c9f175f187a25630c2d5f94d3a4d08f18
SHA256 aa7a2b3d475a5ccf5c0b14af79945f401dca38056c3552f9fd7163b16af25106
SHA512 20f5eeb9dbd70a0a9a7095105e1e26f7f536c0f4313b062b4c08c7c8807e9528788306dbcd5189dd25bc9802cdf35a0622ad814163a6b7b47437efb7e1ad052a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 514b67a49f89bf37c62dab683c4e1ffd
SHA1 61bd34f9c2bb0badef276f6befbbac98374bfc5e
SHA256 a860c57adc9703a53a1d6319bf038d92f20a11c10a8b8fec07c2776c967639b5
SHA512 8d49fdc9f6a5c92725df1bba7e73cdca2b1e2c0256399a6ba1e9361f3a136e83ba57d21e272540db662d7a9066bf7903ffd24501f7668bf7ec989d8a85a3f154

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7c97394b6bbc4cf23f48adb535a8e360
SHA1 0e0a750bd271a13eada477153c0758c60d94fced
SHA256 b8b07bfa38d621d8f884683f267f0a0fbee7c94333ff3714408b59e42070f95f
SHA512 69227af7a36ff80a76db815600d956818308d74a7cf3f98e273e0995d52fa5d81e62b12661f5bc7c6b160862ef2d3b3d4984699d93ffb3c1c4f4b91f16499d91

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e23a77579f3b18954eae18e90c8c5fe6
SHA1 416d31df6ae30daf27d34c782e389d1c77e8c265
SHA256 9eb9c04682af9f0cad620eb7367a9906ee9dd4fc9c8517dd68ce4e5302a7514f
SHA512 f33e00d55bf4356d738b2b116b197c38236950771e00292c27afc27855b75ca8f555b8259c64af26671172d7923028bc0cf2c1e15c97cf5e5441ff1c4e13d4bf

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QS2MOPHD\2254111616-postmessagerelay[1].js

MD5 c264799bac4a96a4cd63eb09f0476a74
SHA1 d8a1077bf625dac9611a37bfb4e6c0cd07978f4c
SHA256 17dce4003e6a3d958bb8307bffa9c195694881f549943a7bdb2769b082f9326d
SHA512 6acd83dfd3db93f1f999d524b8828b64c8c0731567c3c0b8a77c6ddcf03d0e74ee20d23171e6ceac0c9f099dce03f8e5d68e78c374da2c055973f6ac2db4e4f9

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y1738IZL\rpc_shindig_random[1].js

MD5 25879c1792060210aabb2cc664498542
SHA1 349848a5e88088b22fb4762ca2a619d1a7f40d97
SHA256 1c0dff80b0111b04f387f0c39fe8d199e909c285f5471da80d6da78c79f9fc79
SHA512 845cb435d102d39b001e7f00d7528dbc3f8505809f5fbca039587ed82d9790b16c9179de8877fd48f2fdab11e7308ad003303821217213a2b99e60d9915a9c88

Analysis: behavioral2

Detonation Overview

Submitted

2025-01-08 10:49

Reported

2025-01-08 10:52

Platform

win10v2004-20241007-en

Max time kernel

135s

Max time network

150s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_9ba34bcf15fc8f343619928392d52e9d.html

Signatures

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3188 wrote to memory of 3084 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3188 wrote to memory of 3084 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3188 wrote to memory of 3640 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3188 wrote to memory of 3640 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3188 wrote to memory of 3640 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3188 wrote to memory of 3640 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3188 wrote to memory of 3640 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3188 wrote to memory of 3640 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3188 wrote to memory of 3640 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3188 wrote to memory of 3640 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3188 wrote to memory of 3640 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3188 wrote to memory of 3640 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3188 wrote to memory of 3640 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3188 wrote to memory of 3640 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3188 wrote to memory of 3640 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3188 wrote to memory of 3640 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3188 wrote to memory of 3640 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3188 wrote to memory of 3640 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3188 wrote to memory of 3640 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3188 wrote to memory of 3640 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3188 wrote to memory of 3640 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3188 wrote to memory of 3640 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3188 wrote to memory of 3640 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3188 wrote to memory of 3640 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3188 wrote to memory of 3640 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3188 wrote to memory of 3640 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3188 wrote to memory of 3640 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3188 wrote to memory of 3640 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3188 wrote to memory of 3640 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3188 wrote to memory of 3640 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3188 wrote to memory of 3640 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3188 wrote to memory of 3640 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3188 wrote to memory of 3640 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3188 wrote to memory of 3640 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3188 wrote to memory of 3640 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3188 wrote to memory of 3640 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3188 wrote to memory of 3640 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3188 wrote to memory of 3640 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3188 wrote to memory of 3640 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3188 wrote to memory of 3640 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3188 wrote to memory of 3640 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3188 wrote to memory of 3640 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3188 wrote to memory of 2372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3188 wrote to memory of 2372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3188 wrote to memory of 4844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3188 wrote to memory of 4844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3188 wrote to memory of 4844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3188 wrote to memory of 4844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3188 wrote to memory of 4844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3188 wrote to memory of 4844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3188 wrote to memory of 4844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3188 wrote to memory of 4844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3188 wrote to memory of 4844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3188 wrote to memory of 4844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3188 wrote to memory of 4844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3188 wrote to memory of 4844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3188 wrote to memory of 4844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3188 wrote to memory of 4844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3188 wrote to memory of 4844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3188 wrote to memory of 4844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3188 wrote to memory of 4844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3188 wrote to memory of 4844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3188 wrote to memory of 4844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3188 wrote to memory of 4844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_9ba34bcf15fc8f343619928392d52e9d.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc8e1646f8,0x7ffc8e164708,0x7ffc8e164718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,8615895861447882308,6762944578263276837,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,8615895861447882308,6762944578263276837,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,8615895861447882308,6762944578263276837,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2528 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,8615895861447882308,6762944578263276837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,8615895861447882308,6762944578263276837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,8615895861447882308,6762944578263276837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,8615895861447882308,6762944578263276837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4888 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,8615895861447882308,6762944578263276837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4700 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,8615895861447882308,6762944578263276837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,8615895861447882308,6762944578263276837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,8615895861447882308,6762944578263276837,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6008 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,8615895861447882308,6762944578263276837,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6008 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,8615895861447882308,6762944578263276837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,8615895861447882308,6762944578263276837,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,8615895861447882308,6762944578263276837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,8615895861447882308,6762944578263276837,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,8615895861447882308,6762944578263276837,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5132 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 sites.google.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.10:80 ajax.googleapis.com tcp
GB 142.250.178.14:443 apis.google.com tcp
GB 172.217.169.14:443 sites.google.com tcp
GB 172.217.169.14:443 sites.google.com tcp
GB 172.217.169.14:443 sites.google.com tcp
GB 142.250.179.233:443 www.blogger.com tcp
GB 172.217.169.14:443 sites.google.com tcp
GB 142.250.178.14:443 apis.google.com tcp
GB 142.250.179.233:443 www.blogger.com tcp
GB 142.250.178.10:80 ajax.googleapis.com tcp
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 233.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
GB 172.217.169.14:443 sites.google.com udp
GB 142.250.187.196:445 www.google.com tcp
US 8.8.8.8:53 js-css-image.googlecode.com udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
GB 142.250.179.233:443 www.blogger.com udp
GB 142.250.178.14:443 apis.google.com udp
US 8.8.8.8:53 widget.adnet.vn udp
US 8.8.8.8:53 lh5.googleusercontent.com udp
US 8.8.8.8:53 encrypted-tbn3.gstatic.com udp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
US 8.8.8.8:53 lh4.googleusercontent.com udp
US 8.8.8.8:53 encrypted-tbn1.gstatic.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
GB 216.58.201.110:443 encrypted-tbn3.gstatic.com tcp
GB 216.58.201.110:443 encrypted-tbn3.gstatic.com tcp
GB 216.58.204.78:443 encrypted-tbn0.gstatic.com tcp
GB 216.58.204.78:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.200.33:443 lh3.googleusercontent.com tcp
GB 142.250.200.33:443 lh3.googleusercontent.com tcp
GB 142.250.200.33:443 lh3.googleusercontent.com tcp
GB 142.250.200.33:443 lh3.googleusercontent.com tcp
GB 142.250.200.33:443 lh3.googleusercontent.com tcp
GB 142.250.200.14:443 encrypted-tbn1.gstatic.com tcp
US 8.8.8.8:53 developers.google.com udp
IE 74.125.193.82:80 js-css-image.googlecode.com tcp
GB 142.250.200.33:443 lh3.googleusercontent.com tcp
GB 142.250.200.14:443 developers.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
GB 142.250.200.14:80 developers.google.com tcp
IE 209.85.203.84:443 accounts.google.com tcp
GB 142.250.200.14:443 developers.google.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 142.250.200.3:443 ssl.gstatic.com tcp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 33.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 82.193.125.74.in-addr.arpa udp
US 8.8.8.8:53 84.203.85.209.in-addr.arpa udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 3.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
GB 142.250.200.14:445 www.google-analytics.com tcp
GB 142.250.200.14:139 www.google-analytics.com tcp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 21.49.80.91.in-addr.arpa udp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 connect.facebook.net udp
DE 157.240.27.27:445 connect.facebook.net tcp
DE 157.240.27.27:139 connect.facebook.net tcp
IE 209.85.203.84:443 accounts.google.com udp
GB 216.58.204.66:445 pagead2.googlesyndication.com tcp
GB 142.250.187.226:139 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 www.blogger.com udp
GB 142.250.179.233:445 www.blogger.com tcp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 s0.adnet.vn udp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.147.35:80 www.facebook.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
US 8.8.8.8:53 phimsexdangcap.blogspot.com udp
GB 172.217.16.225:80 phimsexdangcap.blogspot.com tcp
US 8.8.8.8:53 35.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 225.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
IE 209.85.203.84:443 accounts.google.com udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f426165d1e5f7df1b7a3758c306cd4ae
SHA1 59ef728fbbb5c4197600f61daec48556fec651c1
SHA256 b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841
SHA512 8d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6

\??\pipe\LOCAL\crashpad_3188_OMOLCVKQIIVNQLGF

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6960857d16aadfa79d36df8ebbf0e423
SHA1 e1db43bd478274366621a8c6497e270d46c6ed4f
SHA256 f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32
SHA512 6deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 dec945584b2b5faa67ff1bfb45c82c33
SHA1 c1586a5d568d912c97f99f0d89a7c1a005ebba76
SHA256 1c67c78e1e57832df88081645aea81dc4f0ace3aaa60ec1853e8dfa9b74dbf64
SHA512 10f32a49bb063bbc2a61cf2e5dbec0039535627cb954caf42855b13bff118398c13b26a803fa4f9af6adc8434806f6f7e4521abe92eae4d3cbcdd5a8da6d4c7b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

MD5 2ebfdbd309ee762211b4a2ac39708c4d
SHA1 b002922c672dbe1dd4caa02af24d0b1e7da616af
SHA256 54ae97d445b166859fe3ba6241b97abbac0aa0d158c72352b774d60ba3e81797
SHA512 d1687b7a6da07a72963c96a1e85661046d3d3c96f88445302afa09721fbe211a5fb8881ff14b346b0ebe8a20f5ced21979e9f58e256427e57b85d565bef17720

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 bbed83157a2dad86ac5f50e9496583ef
SHA1 3ece61ddeaf7a18666762cbda31e40df79308048
SHA256 881ce7ce9bfc2707060385f31f428954f803b5eb8d906713c3d435972836b526
SHA512 d3aaef1c7b380d6fd5d1e2b72151caab272dd38229ad16096b301a0de04071be9a975ec108605872dc933d035d94bb87f25c3d6d12b9ea2b47fd356091082a08

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ef0a1ae09e910df1d40c1fd05f783f05
SHA1 516ff5c27e430b24c4ad8a6842c50cb74cc0bb1b
SHA256 484c296adcfeebad3e1de0f2511989fc30074d3c1590da8d721851a8347653c8
SHA512 8ef72393052a4486ae18a0fd6400184d45a7fc85db23795d76cdf8132d60c94eee4948ddf2ee114bbd8e399d8c43c838ac79260dd8c9c1d96bcf6cdd6b80f2ce

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 a9f35efcf8c5481f1624b342c92e5c77
SHA1 f13181e03d2dd68f157aebfd2ee1abfc128af442
SHA256 b4f02af744479b690e8f1edbbd6b926c1651c0c9846ae4dedb5d82cf9f8f459f
SHA512 dadfcf361364392f706d94651a936dfb9d4a6679110a63df086280c40eb99997269a1ddddce6459c0c0e93a079d12d999a4e5e2fd23f78b10f3d74ddc80cb070

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 9354b2f4e9f98ed4e3522827227e1985
SHA1 cd9a98004a1403d073b56cdb561c395f1e8687cf
SHA256 dc77a279ed8a2190b15778e51112b830035b2ef06df2f93414e03a1cbf359aa4
SHA512 42f2b198cef13075b73d2bf7dfaf37ff986f8669dc83583418af791f4a2ac48b121d412c1faaef22fd5f597bedf68c10e3a9183d4f52bad3d696e54efac9a7b9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 bf7521203fba2ffe15255dd450517c46
SHA1 777b6b876b93cadc32a9f3174bc664ca59acded2
SHA256 431530af03e4b1e686950bb1dcc72ac56d693d1933473d1935bccbb37ba6e4b6
SHA512 9f0c48aaaba1987533eb18e0578676117f133174632a717d9e07d7cb810ef8546cc7620364cb6d187041f6bd53984964d2f1f07d2ebd4d7399dda3d863cd12d9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2cb3cf54d71f99709150b330da86e40c
SHA1 4ca044b3c976870f9660c5052f4c89a0920890f4
SHA256 c2760236119d61a66fd7e3438404528c6278508037a593d8838c6ddce71865d4
SHA512 0b2ac94dadff8f991729865f23d16c025c1038e7521d49a0496df56865535e9f936ba21e9dbf13f425da7ab1b4815615b97087228d43f65150da606a8f5ddb1c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e01ff01fadc9ae3a7dfc0120f8b04f6e
SHA1 5a518062a4850f7ae8575a4b5ae1896536482cd4
SHA256 fc95aa1da6671a17d7f19df61f9d605c00ddb79ed526f705b2ed4b58c5e56c77
SHA512 b9a0e68702b49af5a22fa55c6734cf934ce977f8b25e786c2d9015bb915e807753b727831c323ba00cf083ba2d42f4a3d0e2f7274bfbed6e1d97e6ca1affe0dd