Malware Analysis Report

2025-03-14 21:43

Sample ID 250110-wa7rfatlhk
Target JaffaCakes118_ea343e2a1a2f11dd1cea32c215d2a19d
SHA256 9927252efb9f3165cc70c2aab6a5df025f5fd99b27d1b9dbfa5a005ec1f3e64a
Tags
google discovery phishing
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

9927252efb9f3165cc70c2aab6a5df025f5fd99b27d1b9dbfa5a005ec1f3e64a

Threat Level: Known bad

The file JaffaCakes118_ea343e2a1a2f11dd1cea32c215d2a19d was found to be: Known bad.

Malicious Activity Summary

google discovery phishing

Detected google phishing page

Legitimate hosting services abused for malware hosting/C2

Browser Information Discovery

System Location Discovery: System Language Discovery

Modifies Internet Explorer settings

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-01-10 17:44

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-01-10 17:44

Reported

2025-01-10 17:46

Platform

win7-20240903-en

Max time kernel

134s

Max time network

149s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ea343e2a1a2f11dd1cea32c215d2a19d.html

Signatures

Detected google phishing page

phishing google

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "25" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "442692922" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "25" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{81DC58E1-CF7A-11EF-AB7C-F2BBDB1F0DCB} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com\ = "25" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50c3f15a8763db01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000de79912919e27448af37dcae07e6674d000000000200000000001066000000010000200000003fba342d22039f15c780693e002b351418c936fdececd270a78e598a661d685d000000000e80000000020000200000008469184812a994dfb8840759dbd480dddfa6f0fa2a76d9e9950096aa4e89859a2000000090ad01da11c122a5bf6b85ee6fa4d43e0d2b0f97d3e7f5253f823c8e6a0a230e40000000741297cb33809fe7a4dc266c9247815d3517b95c4dbe8323bf883c95a219560122576e3ebf838c33554bf3ff8af8b7fd797fbb79e1cb43498fb59be01c2c63cf C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000de79912919e27448af37dcae07e6674d000000000200000000001066000000010000200000005ea80cbe05d50ad78e70217f0f7611fad8bb614caa80e32098e014afc06bad52000000000e8000000002000020000000dc46ba639507e5db38bfa9f7263dc8329afed3cf0885208987373a9fc5af2ebc9000000048ec43b4e8dc490e12f6f5ed561bb0e175914d687885206f86f6b11d778a3394a3ae93a7891d989f7a5358e2e87ae7e0f31e1a3dfa8f31388f3a1081eb82738c5ea34fbb0660dfc9df9d90b756febd50950c1ee18865d51a570f109fab1a848facd125452af604265b8bcf54cec03ae9944fa583742ca1f74dac7c71491812fef7d6c71e9379892f34b56b1e3eb27e0040000000d86c1ef8c08446d28eedf2ac3628e1fa91544b74e8fe02e5a1fa83e645592c6007cd7eae5b26ccba12d8f8137b33ef296bc2396f56293abf1c54bd5a6c4f7f27 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ea343e2a1a2f11dd1cea32c215d2a19d.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2448 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 sites.google.com udp
US 8.8.8.8:53 goo.gl udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 img2.blogblog.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 platform.twitter.com udp
US 8.8.8.8:53 static.addtoany.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
GB 216.58.213.10:443 ajax.googleapis.com tcp
GB 216.58.213.10:443 ajax.googleapis.com tcp
GB 142.250.179.233:443 img2.blogblog.com tcp
GB 142.250.179.233:443 img2.blogblog.com tcp
GB 142.250.179.233:443 img2.blogblog.com tcp
GB 142.250.178.14:443 apis.google.com tcp
GB 142.250.178.14:443 apis.google.com tcp
GB 142.250.179.233:443 img2.blogblog.com tcp
GB 142.250.179.233:443 img2.blogblog.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 172.217.169.14:443 sites.google.com tcp
GB 172.217.169.14:443 sites.google.com tcp
GB 146.75.72.157:80 platform.twitter.com tcp
GB 142.250.179.233:80 img2.blogblog.com tcp
GB 146.75.72.157:80 platform.twitter.com tcp
GB 142.250.179.233:80 img2.blogblog.com tcp
GB 216.58.204.78:80 goo.gl tcp
GB 216.58.204.78:80 goo.gl tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
US 104.22.71.197:80 static.addtoany.com tcp
US 104.22.71.197:80 static.addtoany.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
US 104.22.71.197:443 static.addtoany.com tcp
GB 216.58.204.78:443 goo.gl tcp
GB 216.58.204.78:443 goo.gl tcp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
US 8.8.8.8:53 o.pki.goog udp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
US 8.8.8.8:53 dl.dropboxusercontent.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 162.125.64.15:443 dl.dropboxusercontent.com tcp
GB 162.125.64.15:443 dl.dropboxusercontent.com tcp
BE 66.102.1.84:443 accounts.google.com tcp
BE 66.102.1.84:443 accounts.google.com tcp
US 8.8.8.8:53 jqueryapi.info udp
US 8.8.8.8:53 themes.googleusercontent.com udp
GB 142.250.200.33:80 themes.googleusercontent.com tcp
GB 142.250.200.33:80 themes.googleusercontent.com tcp
US 45.33.20.235:80 jqueryapi.info tcp
US 45.33.20.235:80 jqueryapi.info tcp
US 104.22.71.197:443 static.addtoany.com tcp
US 104.22.71.197:443 static.addtoany.com tcp
US 8.8.8.8:53 bloggercomment.com udp
BR 45.152.44.151:80 bloggercomment.com tcp
BR 45.152.44.151:80 bloggercomment.com tcp
BR 45.152.44.151:443 bloggercomment.com tcp
GB 142.250.179.233:80 img2.blogblog.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 142.250.200.3:443 ssl.gstatic.com tcp
GB 142.250.200.3:443 ssl.gstatic.com tcp
US 8.8.8.8:53 developers.google.com udp
GB 216.58.201.110:80 developers.google.com tcp
GB 216.58.201.110:80 developers.google.com tcp
GB 216.58.201.110:443 developers.google.com tcp
US 8.8.8.8:53 resources.blogblog.com udp
GB 142.250.179.233:443 resources.blogblog.com tcp
GB 142.250.179.233:443 resources.blogblog.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 88.221.134.146:80 crl.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
GB 2.17.5.133:80 www.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
BE 66.102.1.84:443 accounts.google.com tcp
BE 66.102.1.84:443 accounts.google.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 d5180223ba059161e0790d5039dd69f1
SHA1 711facc50fbe0c7345058119903a3d2c28c1f574
SHA256 eca7748104fd92a153deae707860d19ea0f1b6e90fb8d9a1de0f1c9c421d4c20
SHA512 f0b8ef3eaa845603b0d952f60a1c88b1c4b5403b680f363eac0216983134f610cb614b490af3aaaae299f623d0308f9b50a0dfbe9a418f84f75ded2d317d1859

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 617948540bf13e8738c001340a1c4464
SHA1 9b3f8aaa715dbf52d5bfde8f69ccbc95999d1578
SHA256 4a89ddf3daaa05026b65e90513aa3afde000be6f8f2bde071dd35dd80fa923aa
SHA512 776c6b47c99231206fdafbf8e748d859dc2e6f4b45751e2e676f5fd66657a804a7d3ee31ebe0370579249e5bb6cf92a5ddc4f38dcd7facfaf6787995fa2ca62e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 033647ee56d77452590e82f4843fe40e
SHA1 d1249fb0bb40318a776d63137b32f44a7ce0e9d4
SHA256 9a0de13bcd43962f7ee2e3893bab0386b4c2067cccd79bc12d688c40f4367e45
SHA512 15ca98f03885ab23f6d144af4caf0dc6d3eda49779700a3ec489ad4a95f23a8f91ae49d8cd845dad4ed65136071c4c9e76bcb1c55e6605123f041c2a27ead2de

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 9abfe5413c972cd4fa9729addbcd169d
SHA1 d4a85d2704853cd4cc5640f7d252fd314441704b
SHA256 670f7073e8b8abfed8ad1430a3ff568208d26241aac8c601cf201537f3ca4142
SHA512 9501df45c405764b43c0f2b59c08765357efb7b7c471a5ea2c41d99486a229ffb9801c97b44c5f7b610c39aebb38c09c33ecdd67438c1074aa6227d244eb223d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 e259386baebc2bf81ef6b30c43b3b422
SHA1 118c0d531d4f09facdf66e01ac427833379185c0
SHA256 350e1bca7512ef93a66e43b45ba739aa9fc0e3132eb2e158076930fc840345f1
SHA512 206d1056dc172b4b66b614d25c1a38e07490a968bad4d2b315a1c723ff15adae172ba9a338b0bd414c2a24f1241c84f26debb5c132d0c8c6f85b954aec5d7f0e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

MD5 e935bc5762068caf3e24a2683b1b8a88
SHA1 82b70eb774c0756837fe8d7acbfeec05ecbf5463
SHA256 a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d
SHA512 bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 8be60e682751dac978c8bc4a4901efe0
SHA1 16773ed99b7ad9c1d30c04cf5a3661927d3bd250
SHA256 c28374dae596e0084601aac7cfbd9fb2541bd5c83075bff234cf077982da1cc1
SHA512 c769f6e2976bbf0591a9340ef9e810980eedbef10d0de8aa47911d1e2b0f532d06852d55740501566536927ccebf419d4fccf7744fac7b87487406fd5b316a4c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6DA548C7E5915679F87E910D6581DEF1_CF0CBB3D0D6F86153E0774F3F89E134C

MD5 1ad5e9baa616882459bbb380cff8f3c6
SHA1 7790fb5c14a00b216f183f6c91fe9d21a4a64a55
SHA256 b3cbbc3caeecc51b1ab0a86d4dc68b424bb9383dce8887d690921d3d61949308
SHA512 4f43574f9df3ea00b5407ffe84540dc8fd81181ff1a6ccb3ed20abd6616e3ecff51dd3a80e3862ae0d51115b26530e957e69628ac8dfd123aba9a33006a36fcb

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZKZ95V4R\plusone[1].js

MD5 2e4a448a27b8a58d75f607c7bdcca6f2
SHA1 31cf764c6c2240148eaaa2b9816e1219a273d0bc
SHA256 d3696859f3485d8aa6f8a4d0054d64fc1ee614e57725221dd1c97b930f02bc3e
SHA512 09ca4d8b6a0fc653490921befcb3d752e150ac9abf24d1fdd49c9453fe2baf969b76433a45121451ef642ea3f73f9c62871cdde5e07976ffdc03ee5200e4d35a

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AS91FDNI\cb=gapi[1].js

MD5 b103bb58d9e7cecaa60bdf377d328918
SHA1 0f094c307bceef833a64f408d2f749a10f79de44
SHA256 81dcd274347bd909cf132d3c8bcc9924e41921c33eca07fd6fe5e2a59ca4f5b7
SHA512 b1a4fa329b76df7c861771e1dc36749155895dff623cd916811f2af8c95f3bcf9fe75a3b9a56833f066a227444982ff4883459e24f7eead79b521c2ffdcaa844

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZKZ95V4R\recaptcha__en[1].js

MD5 19ddac3be88eda2c8263c5d52fa7f6bd
SHA1 c81720778f57c56244c72ce6ef402bb4de5f9619
SHA256 b261530f05e272e18b5b5c86d860c4979c82b5b6c538e1643b3c94fc9ba76dd6
SHA512 393015b8c7f14d5d4bdb9cceed7cd1477a7db07bc7c40bae7d0a48a2adfa7d56f9d1c3e4ec05c92fde152e72ffa6b75d8bf724e1f63f9bc21421125667afb05c

C:\Users\Admin\AppData\Local\Temp\CabEDBA.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\TarEDBC.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 544d74cc9792ac30807136c322cd60f3
SHA1 98be4dee4d068e576e3c249d139784847696eb81
SHA256 a0a41c7cbe88fbb747a614cd05e76e23915c3f82b2a100f6e1f95e20d9bd202d
SHA512 69c3ac09bf61b3b207b906f9598580f7cd9107b3ab8d22f48bb28fe31767eba5a9b4d979a60c1b0331e9e300472f8f2d2d15ce5ec66b5f7acb3f1aa659d127ce

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bd86866cbe2ceccaed8c179439277b6d
SHA1 4c4c3ee2831ce06ba1322deaec9a47a133aee1a0
SHA256 314aaca92ee3b81e861bd5eda171246dfac14eb5dff291393cf1d1eadfde625f
SHA512 6bc6acfae48da3f2d515f883ba3ceba693fcc1f6cd005a3129bbe372222caf7f7dde95522c19fc4323eac0971033f45f96d219f82b7ad002c89cfb89c3db5422

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 30e14087eabbcbe775906fa07cee931d
SHA1 64ab6a915dfa77113479ecd6d89c7a2698fab8b5
SHA256 778d6795759353af42f098e0afae80cc6bafb5a387f416d0b1d1214174ea3aaf
SHA512 df8bd53995b73d784f7fd1289a7c7438b634c7ec9844c6c801feea9ccc8ef37b7f4d595d91986d413aa4ac105cd27c161d16e6342c8ecf6f82bf19bf52282494

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8fb45800f7c6365f827c30f78ab5d035
SHA1 ccfae3d0fb02084f0dda85509de21cbe37095817
SHA256 844504c13d7b79b1fa6240f81989054cc81ae53e335a67f48ae5b5c4c30bf1d1
SHA512 d33fb2808ba48f0e67b078fdc36d8042f01d76319499d7a5519f9e88d6bcb6520abb4f48d4e93a816694abea496175dc43463c3bb32f51ffb6d499ebe39b652f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 6bacabdc66fabf632fd60f4ad776b2b3
SHA1 b75e71198b43f65f28b708981f12a8a544f1b65c
SHA256 b88cf3fc14ac4c0c326ed6a07e245edd2434c7fe9cea61cf98635a6ba0008388
SHA512 5039fd6cfc3c4bd09b8d911484b8871970adb20b76a205904782e6dcba4da7f5e9ff62a2c356aad2165675df9dfea1ac10c96a8a4a72eff1a81fe3937d061f66

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5b62544acc36acc47d49a7c4d6d5eefc
SHA1 aede56f132b8ed1944fb9785977dff19b1f090c5
SHA256 67674a1ad9dc357671ff3945c641629c1b1594e1386c18cd848ce68d1d8bcf69
SHA512 54485d688e7feec9fed9dbc47d2fece5250d891970f108b72815ab5c2a72ef85ac3b7b36bec32f04c54a71077337f0e050f1bd06c8bda178c5fdec7df8571d7a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 034a0129e4bf9537a38e7946eb2b101f
SHA1 7974299deb4dccb11ddbf4c95e0f34a342194a5f
SHA256 78b2eacaf581876e4f473c44c251b019acd989d2059305bf417c98418da2e928
SHA512 7d5179ec31439a8af051c6bf444dfa6167759f00e225c37f550f93b72b3e94fbd2c1a5ceeb55c5cd114c12408f05fbde80287f8957038263a4b04748ee97401a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cbd22c9ccc00980dad08675e04b4f2c6
SHA1 74e77624df400a91fd8dd21a6485abb6e2824c5a
SHA256 7ca47b62ccbe06856ca9403252097955bc1d99990bc6506b5e3ea770c0c1975f
SHA512 ea10510163c1672f1d2fff25895ade6bbe7925d31a4bfc18fae4d5cb8f30265cf3274f2db8e3a54950979c4461e67a014aa6730305994e8defcebd0ca82caece

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 50920e54b5f7d6f0a422c8e8eb42ec50
SHA1 4252cd5e538f9aeb5d9f905b7439d62504cf8895
SHA256 067439fcd9d5b14c5cd32f58a305c6b754056407091a2c0eef6f4309459c5e48
SHA512 fd7e9cc376a50d7f19d38a932f441a3acb5aceef2ccbc1d3206c30094366cb2d046d10070be2a9b63c1c5ba143917670248a6eae05b2d6b5392d4e4c919a5f58

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 cccb41e768defeda669c623da516cca7
SHA1 a3e0b70836c37440c8bb55c5378f4a75af913510
SHA256 d5eb5be25a893298d9c0b26a4ddab91b21c1e95b3daa0d5388ee091963af0c3f
SHA512 d84ab54e0ada5239746759055e22b0e0a62649d5cd0ba70ba6d312e7e76442818e47773ca260a4f29bd8538f25fa7cbaf4094cd9aa72b3bfe083762074c76bee

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 187f0ad4b1e8e97266e5e87f1a704efc
SHA1 783370178975918061d325a6e5fd1df00d7f6933
SHA256 fa4768415ffe6da6f2c5e72c33c2a90a3e99c8c44921fff1b63cb198df24d319
SHA512 94fea59f1c7e4815b296b6bc02145de95e13eb5ee49c529788cf6e98e6c8cd842f2ec5c9c92a0ca3be15c40eb858279220ce93f2c037ea54bddabba50d3115bd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f294f9af6df830c1ca3aec257748a8fb
SHA1 514966f17a64491344fb9809968bf9fee8cb2d01
SHA256 be93eea3f4b483ec39560976b22cf48dcc748247fc5c191624a652b3af05ad41
SHA512 97fd710e8ae0bb14660e6bde295a8f31c7e1d2a49c87889aca7c542549606fc74a35724d379720bcc6ba86a90f7ab172d0342adb799939ac9a71b9d85c5a7dc7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 85970235bd48e5b9d0798bc84474f26f
SHA1 9f3b6754b7905d07f475607a9842fc06c341bdf7
SHA256 b68f9cdb521a827c6e0493e49494fcdd6348391327432cf5c5b301641b08544b
SHA512 8c6362030cb694d894b090defb04bd71ec0f583b28e374b5579062336d0a2d0105e6b77ab449d1f46585e859810a95b75ff34d77f076798248f0a0e06d3b4405

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4c4ac3a37b238fdc80e702d64d225271
SHA1 8eb84f3e12dc26d7a0986f4632cd25343747e087
SHA256 7e98a8a97efbd0e361e11de73ee472a9819f03efa9c2698d64ed59a20774011a
SHA512 63bd967edd43d7da5fcb07079a7716ea4ec025fffcf85dfeff337fc2f751538ae4cf798c2986fe106125275a222e257563570352859b013148ba46abd1dd9fb1

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9UR26M8S\2254111616-postmessagerelay[1].js

MD5 c264799bac4a96a4cd63eb09f0476a74
SHA1 d8a1077bf625dac9611a37bfb4e6c0cd07978f4c
SHA256 17dce4003e6a3d958bb8307bffa9c195694881f549943a7bdb2769b082f9326d
SHA512 6acd83dfd3db93f1f999d524b8828b64c8c0731567c3c0b8a77c6ddcf03d0e74ee20d23171e6ceac0c9f099dce03f8e5d68e78c374da2c055973f6ac2db4e4f9

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S8GI6B9B\rpc_shindig_random[1].js

MD5 2a64803c4545d283d7a51e71f82a64a0
SHA1 d1e190bc4ab6a900cddff5891650f5ddc390e9db
SHA256 0a5518064275c2fba33ba69c84f584819aafdc9faa0ce3689c8687fc41f58ed1
SHA512 82bd924261272ed025d4938d7e7d5ccd9c6ebfa571b1b6816bf56341ebb70ef9faee807d83ba491a2ddea86e795780ce097fce4957d432d3b44497f5e6e16576

Analysis: behavioral2

Detonation Overview

Submitted

2025-01-10 17:44

Reported

2025-01-10 17:46

Platform

win10v2004-20241007-en

Max time kernel

149s

Max time network

150s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ea343e2a1a2f11dd1cea32c215d2a19d.html

Signatures

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 872 wrote to memory of 3760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 3760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 3436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 3436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 872 wrote to memory of 4204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ea343e2a1a2f11dd1cea32c215d2a19d.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8cde346f8,0x7ff8cde34708,0x7ff8cde34718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,6011621723751136846,4009279596250579938,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,6011621723751136846,4009279596250579938,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,6011621723751136846,4009279596250579938,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2688 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,6011621723751136846,4009279596250579938,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,6011621723751136846,4009279596250579938,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,6011621723751136846,4009279596250579938,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,6011621723751136846,4009279596250579938,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,6011621723751136846,4009279596250579938,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,6011621723751136846,4009279596250579938,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,6011621723751136846,4009279596250579938,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3020 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,6011621723751136846,4009279596250579938,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6336 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,6011621723751136846,4009279596250579938,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6336 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,6011621723751136846,4009279596250579938,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,6011621723751136846,4009279596250579938,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6032 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,6011621723751136846,4009279596250579938,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,6011621723751136846,4009279596250579938,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,6011621723751136846,4009279596250579938,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5404 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 netdna.bootstrapcdn.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 sites.google.com udp
US 8.8.8.8:53 goo.gl udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 apis.google.com udp
US 104.18.10.207:445 netdna.bootstrapcdn.com tcp
GB 142.250.179.233:443 www.blogger.com tcp
GB 142.250.179.233:443 www.blogger.com tcp
GB 172.217.169.74:443 ajax.googleapis.com tcp
GB 216.58.204.78:80 goo.gl tcp
GB 216.58.204.78:80 goo.gl tcp
GB 172.217.169.14:443 sites.google.com tcp
GB 172.217.169.14:443 sites.google.com tcp
GB 142.250.178.14:443 apis.google.com tcp
GB 216.58.204.78:443 goo.gl tcp
GB 216.58.204.78:443 goo.gl tcp
GB 172.217.169.14:443 sites.google.com udp
GB 142.250.179.233:443 www.blogger.com udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 61.153.16.2.in-addr.arpa udp
US 8.8.8.8:53 233.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 74.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 img2.blogblog.com udp
GB 142.250.179.233:80 img2.blogblog.com tcp
US 8.8.8.8:53 1.bp.blogspot.com udp
GB 172.217.16.225:80 1.bp.blogspot.com tcp
GB 172.217.16.225:80 1.bp.blogspot.com tcp
US 104.18.11.207:445 netdna.bootstrapcdn.com tcp
US 8.8.8.8:53 netdna.bootstrapcdn.com udp
US 104.18.11.207:139 netdna.bootstrapcdn.com tcp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 platform.twitter.com udp
GB 146.75.72.157:80 platform.twitter.com tcp
GB 172.217.16.225:80 3.bp.blogspot.com tcp
US 8.8.8.8:53 225.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 static.addtoany.com udp
US 104.22.70.197:80 static.addtoany.com tcp
US 104.22.70.197:443 static.addtoany.com tcp
US 8.8.8.8:53 2.bp.blogspot.com udp
GB 172.217.16.225:80 2.bp.blogspot.com tcp
GB 172.217.16.225:80 2.bp.blogspot.com tcp
US 8.8.8.8:53 157.72.75.146.in-addr.arpa udp
US 8.8.8.8:53 197.70.22.104.in-addr.arpa udp
US 8.8.8.8:53 4.bp.blogspot.com udp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 www.blogblog.com udp
GB 142.250.179.233:445 www.blogblog.com tcp
GB 216.58.204.78:443 goo.gl udp
GB 142.250.178.14:443 apis.google.com udp
US 8.8.8.8:53 jqueryapi.info udp
US 96.126.123.244:80 jqueryapi.info tcp
US 104.22.70.197:443 static.addtoany.com tcp
US 8.8.8.8:53 themes.googleusercontent.com udp
US 8.8.8.8:53 bloggercomment.com udp
GB 142.250.200.33:80 themes.googleusercontent.com tcp
GB 142.250.187.195:80 fonts.gstatic.com tcp
GB 142.250.187.195:80 fonts.gstatic.com tcp
BR 45.152.44.151:80 bloggercomment.com tcp
BR 45.152.44.151:80 bloggercomment.com tcp
BR 45.152.44.151:443 bloggercomment.com tcp
US 8.8.8.8:53 244.123.126.96.in-addr.arpa udp
US 8.8.8.8:53 33.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 195.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 151.44.152.45.in-addr.arpa udp
BR 45.152.44.151:443 bloggercomment.com tcp
US 8.8.8.8:53 www.blogblog.com udp
GB 142.250.179.233:80 www.blogblog.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
US 8.8.8.8:53 developers.google.com udp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 216.58.201.110:80 developers.google.com tcp
BE 66.102.1.84:443 accounts.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
BE 66.102.1.84:443 accounts.google.com tcp
GB 216.58.201.110:443 developers.google.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 142.250.200.3:443 ssl.gstatic.com tcp
GB 142.250.200.3:443 ssl.gstatic.com tcp
BE 66.102.1.84:443 accounts.google.com udp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 84.1.102.66.in-addr.arpa udp
US 8.8.8.8:53 3.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 resources.blogblog.com udp
GB 142.250.179.233:443 resources.blogblog.com tcp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 connect.facebook.net udp
DE 157.240.253.1:445 connect.facebook.net tcp
US 8.8.8.8:53 connect.facebook.net udp
DE 157.240.253.1:139 connect.facebook.net tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.179.238:443 play.google.com tcp
US 8.8.8.8:53 29.153.16.2.in-addr.arpa udp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
GB 142.250.200.34:445 pagead2.googlesyndication.com tcp
GB 172.217.16.226:139 pagead2.googlesyndication.com tcp
BE 66.102.1.84:443 accounts.google.com udp
US 8.8.8.8:53 whos.amung.us udp
US 104.22.74.171:445 whos.amung.us tcp
US 172.67.8.141:445 whos.amung.us tcp
US 104.22.75.171:445 whos.amung.us tcp
US 8.8.8.8:53 whos.amung.us udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
GB 146.75.72.157:443 platform.twitter.com tcp
GB 142.250.179.233:443 resources.blogblog.com udp
US 8.8.8.8:53 syndication.twitter.com udp
US 104.244.42.136:443 syndication.twitter.com tcp
US 8.8.8.8:53 twitter.com udp
US 8.8.8.8:53 136.42.244.104.in-addr.arpa udp
BE 66.102.1.84:443 accounts.google.com udp
US 8.8.8.8:53 92.16.208.104.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 34d2c4f40f47672ecdf6f66fea242f4a
SHA1 4bcad62542aeb44cae38a907d8b5a8604115ada2
SHA256 b214e3affb02a2ea4469a8bbdfa8a179e7cc57cababd83b4bafae9cdbe23fa33
SHA512 50fba54ec95d694211a005d0e3e6cf5b5677efa16989cbf854207a1a67e3a139f32b757c6f2ce824a48f621440b93fde60ad1dc790fcec4b76edddd0d92a75d6

\??\pipe\LOCAL\crashpad_872_RCVAINWVBVCDZUUJ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8749e21d9d0a17dac32d5aa2027f7a75
SHA1 a5d555f8b035c7938a4a864e89218c0402ab7cde
SHA256 915193bd331ee9ea7c750398a37fbb552b8c5a1d90edec6293688296bda6f304
SHA512 c645a41180ed01e854f197868283f9b40620dbbc813a1c122f6870db574ebc1c4917da4d320bdfd1cc67f23303a2c6d74e4f36dd9d3ffcfa92d3dfca3b7ca31a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 41f387c57ddf280e79ca514c24731089
SHA1 8205931ad25ff1132f141ae28a3f8c064f093b2d
SHA256 078dc3cb1bb510dcf44ad0e8e7861c4d5455268daba97ce11d826ce8639b552b
SHA512 2d98cb43518fc41664c0588aeeaaa3e70c58e3baabc40ef18b0a0982ea4219143b40ec549a23692a20517b3ee2b0259f579969e970c65a5ea9bac5a241146816

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 be04eff493606ff6617aa53762609566
SHA1 21fa866b1f3b1e0494d28b0e0c73285614e126a2
SHA256 f4617c049a72e2b57dddacf6c052115f5738317cfaaea5b408085568bf7eae99
SHA512 7d4e52f7c106e956c07971d36e66a583c4155f3e093798dfe4a4a1ad06de8bd890992ccb41be1a770c8ad394e9bb0544c8f1541bba74f4e16662f91df589eabd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 651ae3d513714a59f1805c7fa48d3cbc
SHA1 14e13b9f8d1994cc9a2aa078320ba8b91e14bd44
SHA256 b93ccc9d9384f81f7b1f2d38121be24b7f94953a7e4a6a6ad90b947ca09b01aa
SHA512 eb3197217f3b7ca72ae570a4e3bc2620cf7e8137cf63f977b4633a2aadfa6a81883dcfaf582d9c948f5e2f09f05f2dd94e39eb2fc7e6245022c77fed70f9032a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

MD5 2ebfdbd309ee762211b4a2ac39708c4d
SHA1 b002922c672dbe1dd4caa02af24d0b1e7da616af
SHA256 54ae97d445b166859fe3ba6241b97abbac0aa0d158c72352b774d60ba3e81797
SHA512 d1687b7a6da07a72963c96a1e85661046d3d3c96f88445302afa09721fbe211a5fb8881ff14b346b0ebe8a20f5ced21979e9f58e256427e57b85d565bef17720

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

MD5 d79b35ccf8e6af6714eb612714349097
SHA1 eb3ccc9ed29830df42f3fd129951cb8b791aaf98
SHA256 c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365
SHA512 f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581a88.TMP

MD5 004eaea6f0f89dca440f63bb8e8e0e81
SHA1 4159e56480dc5f0251ae8efeadbc428032f3bb5a
SHA256 f50c1c740d61378646b9adc8e6a98992ee5f51e99c6c7fb923821e9369c4a78a
SHA512 61f5fee927a83252e2d8a675d813cf00db7a233b5d71a7bce92994ea88795e6613520503ffc6bf45ab3344ee9272a650b5a0e686be2cd17703d9ed112b5684b1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 76b17faa5ff13ea67db92f0fe4a4a5b2
SHA1 722bd3e87c9f499e971fca7a66c30b10a2e58d56
SHA256 2f4fb6c40eaadc99a0571aae49bceaff44fafd72a2f1b7e60771935559a2c8d0
SHA512 b601c1a17cabf80c1e7fb749140adcb3684c7df510077ee8f0f950391e666f3e23bd1e2b4050f267ece533a73aec407fabc7dac205895d365b597ebfa89735c0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 019716c953c2d4c7e741ec959a759506
SHA1 41b9ce1c685bdcaa6df3570653f832663ce9cf32
SHA256 77715def9ac59be63c7fa12c047775d7648364f625520837c2edaa4757032292
SHA512 a4464a4268af8c48dc8fc48d4410b1ec8fa87da3466588277eeb4424465893d1d6a84b32f98b2dc2563934898b72b7e4219307a8ec589ea6c1e7d27b00b878c3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\b7a3f678-ea31-4486-82fc-ccf1c495a44e.tmp

MD5 7f3235f4bae3750f0fa67af854ed87fd
SHA1 bf2b1cbbf33b7aff960a98848164ced9511c2102
SHA256 a763deb57e51577a46799ada2b36ccdaf83fce87410631b39f2d0e64a4aac970
SHA512 68c535e9e86086b0fea0161581940ab6bb96ff603a5a4dfa2d686533d79df2dfca6a9cfc1377a88995940c2fdbc8ba1b2511d2e0b27717c2a2366b4796f0b78e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 bcc399e92f620403b994bb915c166b2e
SHA1 40189a114353fed9c1d75917258ff2634e8b8805
SHA256 6ddc5f5d7fbcf51152b77bb6224c0a82d637032cd3e721707efb132f49b8afc6
SHA512 be3a06904f68eb7f705bccf82e35edcf645bff36464c416d2afe6aea777371bacf11d1df2754cb0bf41074777bd62fb02dff28f31270b82fdd30f8c397828316

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f76095a20fe42aebc1aea5a1f4d70b6a
SHA1 5d7444966c9b4e39699c038309d8b869c937942a
SHA256 683d6c18e51ff80026fbf2896c8c8a3d65acc3fc8cad9c568a060bc2a21a10c5
SHA512 b6712a4d664deda36a5448a1e977d980241fe6cf91ce6eabc2fa7da9e43aa499a5cad09bd54eefa5bad8ea40ca2e488b8c943deb869ad0ced74d74b68f20bbc3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 fb132f8e14b9c6a47c698a931569f587
SHA1 b279de88d8410b40531b960c88452d0456958fcc
SHA256 4d8e128f00071fb2d18a569be5e3f9e12bb2f9ee4199e0c8992b48b5fd81f037
SHA512 7981dcbdde7efac1c55340d4528910486ba6cff532e4147cda5b62444d523357d2ec7608105c5b2cb74fc131efcbd52a90cd149d2406832692abcd4e885778d9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 e514ac50a7607aa6f1f020d525216ae7
SHA1 8aa8c74dddaef4093ba3ec08137ba20fe59f2809
SHA256 f4263926ab67bbd28c7558ee6909c260fe170602c820d45b5e211252b5228f6a
SHA512 0ef838c921c91a6038fedd93a2a2116b85ce8e067f7767da99108c7250b821f34fb32b2e135b740c2252316f24804661281ed5b1178faa35ce80dda51a61f8b0