Malware Analysis Report

2025-08-10 21:21

Sample ID 240527-nszvjsba36
Target 790786864fd2633e5d6f238dff41a246_JaffaCakes118
SHA256 7427c5b22693215d7afe5087fce0b325ac987bd5c49014a4b52762f6a1d218cf
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

7427c5b22693215d7afe5087fce0b325ac987bd5c49014a4b52762f6a1d218cf

Threat Level: No (potentially) malicious behavior was detected

The file 790786864fd2633e5d6f238dff41a246_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious behavior: EnumeratesProcesses

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Enumerates system info in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-27 11:40

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-27 11:40

Reported

2024-05-27 11:42

Platform

win7-20240221-en

Max time kernel

139s

Max time network

140s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\790786864fd2633e5d6f238dff41a246_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\avgle.com\ = "14" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\line.me C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\social-plugins.line.me C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 80bf5af92ab0da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\social-plugins.line.me\ = "24" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422971889" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\avgle.com\Total = "14" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\avgle.com\Total = "174" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\avgle.com\Total = "10" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\line.me\Total = "24" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ab6de57fbf79f44ca90858b7eb3d2c1b000000000200000000001066000000010000200000009b2e6e5c39fc07ea20a47680986a5d06b0af00887db4db9e6f496f71507e0f78000000000e8000000002000020000000d7c90fac4e4c12afabb46fbcb63e76acfb808d0cb7c43227a9f421b5d57c5906900000003fa7eb73956f3fd9978db1c63ae553bb1808df11794265b877f4b91c65c4fa1be0bdf01271f820363cb0d2456d23c74b042c768abf1f8ca6c2b241868398d04cb1e10c753acf08eaa6c356b26ff661e6f2876b8f36ce84b9810dbb51e2e847cf4aa6f48c178cf7a94f1aaaf6c86fa0be67a51eb1bae8bed17713910680a6f89a9d5e3f1d3914ee1a6ed71d8ddf99557c4000000010508bf3438e2f599a361117dae6c06a5ef7ebd091a69bbba6d98f69ef5f87356fc8e6c4c35f1e69bb87bc617dc6e7c23bd1a9d00ef3b6039567fd624d862936 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E512E201-1C1D-11EF-AB07-4AE872E97954} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "198" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ab6de57fbf79f44ca90858b7eb3d2c1b00000000020000000000106600000001000020000000928910ee60420974fbc659594d6f73275765f53e247d86153a3a4c65f548592f000000000e8000000002000020000000cdd98cdab6a6800dbdcae282f5395108b8e505ce0332a602ecfd3686c0908fda20000000ac6bfe1dd2aab5893186a29e1c5f5ac70bec7dbc2b6856018d11ff1bebb5e44f40000000127e19c8e47be5ef9779014633bfbe97d025394f6e2edab50921a002ede02836c752dc1857f36a7b7740865061688d0eb5deddb7a568554ca1adbf93b8e02d1f C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\avgle.com\ = "147" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\avgle.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "38" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "34" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "171" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\avgle.com\ = "10" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\avgle.com\ = "174" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\avgle.com\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\line.me\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\avgle.com\Total = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "24" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\avgle.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\avgle.com\Total = "147" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\790786864fd2633e5d6f238dff41a246_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2528 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 d.line-scdn.net udp
US 8.8.8.8:53 94ero.com udp
US 8.8.8.8:53 static.trafficjunky.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
FR 172.217.20.196:443 www.google.com tcp
FR 172.217.20.196:443 www.google.com tcp
FR 172.217.20.170:443 ajax.googleapis.com tcp
FR 172.217.20.170:443 ajax.googleapis.com tcp
US 172.67.213.170:443 94ero.com tcp
US 172.67.213.170:443 94ero.com tcp
US 172.67.213.170:443 94ero.com tcp
US 172.67.213.170:443 94ero.com tcp
US 172.67.213.170:443 94ero.com tcp
US 172.67.213.170:443 94ero.com tcp
GB 64.210.156.16:443 static.trafficjunky.com tcp
GB 64.210.156.16:443 static.trafficjunky.com tcp
SE 104.73.93.99:443 d.line-scdn.net tcp
SE 104.73.93.99:443 d.line-scdn.net tcp
US 172.67.213.170:443 94ero.com tcp
US 172.67.213.170:443 94ero.com tcp
GB 64.210.156.16:443 static.trafficjunky.com tcp
US 8.8.8.8:53 avgle.com udp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 push.zhanzhang.baidu.com udp
US 8.8.8.8:53 social-plugins.line.me udp
GB 163.70.151.21:443 connect.facebook.net tcp
GB 163.70.151.21:443 connect.facebook.net tcp
CN 112.34.113.148:80 push.zhanzhang.baidu.com tcp
CN 112.34.113.148:80 push.zhanzhang.baidu.com tcp
SE 104.73.92.35:443 social-plugins.line.me tcp
SE 104.73.92.35:443 social-plugins.line.me tcp
US 104.21.95.205:443 avgle.com tcp
US 104.21.95.205:443 avgle.com tcp
US 8.8.8.8:53 apps.identrust.com udp
US 8.8.8.8:53 apps.identrust.com udp
NL 23.63.101.153:80 apps.identrust.com tcp
NL 23.63.101.153:80 apps.identrust.com tcp
US 8.8.8.8:53 x2.c.lencr.org udp
US 8.8.8.8:53 x2.c.lencr.org udp
BE 23.55.97.11:80 x2.c.lencr.org tcp
BE 23.55.97.11:80 x2.c.lencr.org tcp
US 104.21.95.205:443 avgle.com tcp
US 104.21.95.205:443 avgle.com tcp
US 104.21.95.205:443 avgle.com tcp
US 104.21.95.205:443 avgle.com tcp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 8.8.8.8:53 poweredby.jads.co udp
US 8.8.8.8:53 restroomcalf.com udp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
NL 185.94.237.64:443 poweredby.jads.co tcp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
NL 185.94.237.64:443 poweredby.jads.co tcp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 172.240.127.234:443 restroomcalf.com tcp
US 172.240.127.234:443 restroomcalf.com tcp
US 8.8.8.8:53 www.line-website.com udp
SE 104.73.93.99:443 www.line-website.com tcp
SE 104.73.93.99:443 www.line-website.com tcp
SE 104.73.93.99:443 www.line-website.com tcp
SE 104.73.93.99:443 www.line-website.com tcp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 8.8.8.8:53 static-clst.avgle.com udp
NL 45.133.44.10:443 static-clst.avgle.com tcp
NL 45.133.44.10:443 static-clst.avgle.com tcp
US 8.8.8.8:53 s10.histats.com udp
US 104.20.19.71:443 s10.histats.com tcp
US 104.20.19.71:443 s10.histats.com tcp
US 8.8.8.8:53 s4.histats.com udp
CA 149.56.240.31:443 s4.histats.com tcp
CA 149.56.240.31:443 s4.histats.com tcp
NL 185.94.237.64:443 poweredby.jads.co tcp
NL 185.94.237.64:443 poweredby.jads.co tcp
NL 185.94.237.64:443 poweredby.jads.co tcp
NL 185.94.237.64:443 poweredby.jads.co tcp
US 172.240.108.68:443 restroomcalf.com tcp
US 172.240.108.68:443 restroomcalf.com tcp
US 8.8.8.8:53 e.dtscout.com udp
DE 141.101.120.10:443 e.dtscout.com tcp
DE 141.101.120.10:443 e.dtscout.com tcp
US 8.8.8.8:53 t.dtscout.com udp
DE 141.101.120.10:443 t.dtscout.com tcp
DE 141.101.120.10:443 t.dtscout.com tcp
US 8.8.8.8:53 i.jads.co udp
GB 195.181.164.16:443 i.jads.co tcp
GB 195.181.164.16:443 i.jads.co tcp
CN 163.177.17.97:80 push.zhanzhang.baidu.com tcp
CN 163.177.17.97:80 push.zhanzhang.baidu.com tcp
CN 180.101.212.103:80 push.zhanzhang.baidu.com tcp
CN 180.101.212.103:80 push.zhanzhang.baidu.com tcp
CA 149.56.240.31:443 s4.histats.com tcp
CA 149.56.240.31:443 s4.histats.com tcp
CN 182.61.201.93:80 push.zhanzhang.baidu.com tcp
CN 182.61.201.93:80 push.zhanzhang.baidu.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
CN 182.61.201.94:80 push.zhanzhang.baidu.com tcp
CN 182.61.201.94:80 push.zhanzhang.baidu.com tcp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.151.35:443 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab2AE9.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\Tar2AFC.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 cf5266d165ec34d5827dc2441f12980d
SHA1 0631f2699bfaa8631a5d69be9c9e3eb68d948167
SHA256 a98e8f5a60fceeed34b6533155480443a80ffb4abd3218dc7ad04331703dbb0e
SHA512 0b00c27f2a2c8dd74e9c30f2e27083458353b355ac5efcceaafe509a632491c2d934b6cfc712af30ee9cc93e11d02ff2702076fc91cd1b6206809b8300afa3d7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 2b79576931f7278028f9fcc700d932d2
SHA1 84f199382ad7efa564324e559dd9d0586d518fd7
SHA256 990697f2eed9d44971a4eaeec7c0ddd2822c683683bec33dff51ac1fcc07b059
SHA512 1aaef7b8a3e8e5e9dbcca8daadef4951b1467d76c4a3cfb39328c5dc21431bf68bfb1660ba403a755504e2611f864a27847a08a5d3dd6b63c7489d230f99ec24

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 2d281a284fa01caaa943a2c0499a2b10
SHA1 ed56249cae52435fe9b9792ab22cf4115676e92a
SHA256 13bbbd98419ae27910225c94917e850bd65da76199ebf79f6efcbd47b23da956
SHA512 2e2cabbe8b42db7d6d172e92b72136c9a0bc0bf0134c358b1ee6278e493ab6dad9b4040ad14b5aafd65313674a65961b00fe024b58c63ffaac4e1091f8910969

C:\Users\Admin\AppData\Local\Temp\Tar2C0D.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 869f618bee56625500eb8f0b5580ef05
SHA1 d4792fc5a3cfb690c8096f90ce824409a44be3d6
SHA256 97debe4651b6760157ba5d6f307803aa46f5c8fe84203d23de292b68e24796f7
SHA512 f8bfc71bf3c1fb83daf51399174a14beea342901b1b4a02fde150452ec63fa703d6ffb4aa520d8026d9196a3e3f9819d6f94643abb8b5b4dfb4775654e72c724

C:\Users\Admin\AppData\Local\Temp\Cab2BF9.tmp

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464

MD5 8202a1cd02e7d69597995cabbe881a12
SHA1 8858d9d934b7aa9330ee73de6c476acf19929ff6
SHA256 58f381c3a0a0ace6321da22e40bd44a597bd98b9c9390ab9258426b5cf75a7a5
SHA512 97ba9fceab995d4bef706f8deef99e06862999734ebe6a05832c710104479c6337cbf0a76e1c1e0f91566a61334dc100d837dfd049e20da765fe49def684f9c9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464

MD5 b1046b37d85265c7a27a6e5b10816e62
SHA1 022769b5952c5d5e93893803cdc1a052d0a3fc50
SHA256 46519deb3b0c994d7355595233f2f3ab55d51d5548b5a3cbbba9a8f569b85413
SHA512 4355101b147288ceac3150c0aa2bb126577109531c0725626c1d2fd0863f03a179899c28b8cc27e91b1ada107fae2abd594fd1dec531a794eebe027335bb06d9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 41cf71653a5abc9f8fd56b1c450a13c7
SHA1 5a6ab5a561f77854c9a4e98047e386ce922bbf50
SHA256 cc74ed0d24ccf60e9cb600d1b24937a7f2f6eb33a8e67b39f923619130004e21
SHA512 92681b378cacec01c43c3ccd39ec838e5049d37204f92090b4dde7e1e97a55612bfd2ac347b4654be2e108f9e0fe8b4602629f1d429b5acb8e95a61946a9adec

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 59af64b746f802481d4f615318f00ea0
SHA1 129c6a48e573acc515cd723a1b3f390df1a4a5f5
SHA256 14ec56c79685c0c541da5853e20f3bb2d75c56e8215735ff323e9a135e438ae8
SHA512 c6369c8cb3c5edb7697feedcf9ca2d0835c7e2e1521376f512aee549d8da17e8b6f9176448d4f9f909bff4b1c7af591c4dfc692d73c93e200bc2ca64c96c57c6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_05B056B983E25E9B4D43BC3D9283D686

MD5 e625dec03a0358e77fa86c6a7a8c2d17
SHA1 4d9b9ac1e6635ed4b7d72935d001068827baeb6e
SHA256 3fe5792aeec34e706100667f70ae6469a5e00b82782c7a99c81dcb07e8c1f7fe
SHA512 e455c6ec5da30325c6d8826d64c2a029e6964ac2058daf45151703beb39646c5684e50bbd7f4a188761ff9500323c0a21da7d6e44319167ce0d17cb8523f1e77

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1016f8cf06e17c3580737f04c05b8308
SHA1 890d929be1cfb20e050c08e013c88946b674652c
SHA256 c8dd51db06c5a52605c443211f91da2cb12a2a8b08abab4bbaab01403dbf1b67
SHA512 f1bb52dca96cf5d2c06f3b696e19d9b5c48c85b38365a4e357192a1059c7872b36ad7d00733248a6eedf3ab68c21bf9b2d6029ace747da9bbba4d4b5ab6da370

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0b8113009ec6b8b3ec87fc3420864618
SHA1 fb5a5fdef722b5829c86583274000ab6eba0297a
SHA256 9cc9652330fb2e180ce8c7d1359fe89e08979db5f5671a8ffc9468ce3800bb29
SHA512 d17e31b550c3bb639671b0915225d1e27a682cb7f6fde102cd5ae2c8cf85f9c0051d41bad93ebaf736adb73e03fc06e23270ce0e4d06e23a1f5f126978f12b61

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5eda5ebf20b32b3cf7a52e0ec491d333
SHA1 e05b3a0eef643dda96cffa111578d101465a37d8
SHA256 bfb7d4564effe9e04f0e6cd811aed7809d42208b26e24cc0ca21b62ec3cdea6e
SHA512 317a0c91f4f7820467e86f96270d0e7e09d0c4b4bb77b47bc67fc067c02e464d00ccb8a9bac0a370c6f052c522ec4af22d7e8c5f63f2961ab45162bfe0dcc719

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ca72df7d07e123491f8d7c4f74fe482e
SHA1 6a52fbe43ace667e3957cc5ce961564dcb253ff3
SHA256 0e895364bade848f7e4e9171e4022972c890ac0f62831379acdeb95f9e42bfa5
SHA512 f728e5207afc8087bd97af4718268937b814689e79c8b0060b720e848a17c04e71a0d1bc490408bd56c570ecd47fa77edaed0ffa6ad7449001af0410313073e3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 658a56feee9c83cfc63339f89d4d4f7f
SHA1 043a9066b2001c55fe3f7295c81dc5a10f6ca594
SHA256 b17fa64b518bff3d631e17f402024d31531d3c6c0baedd150dc960249768fb48
SHA512 a8a005de16a22cffe29da558228352d5da30b3912406652fcff453c3447b3356989897df591ebd6526a3f2ab53593a5c6d6d9ad73c6fc8efbb8f8145a90ceafb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 83921576e28018a82ef482e9c1cb0917
SHA1 1b27c44d2b8a27ccb6846b60c0bdbf3fbdf50642
SHA256 e6b9948587770fc465c0082cebb2080fb9dadadf539e04b1e1adf68e9e8f7b03
SHA512 8cdd24ae7c8e73e2c6a88230bf08abc1558ce989817529e706fa1f51b5815f719ed35706ff70b6e7a1c9563e5072d0a4d8807bd10c06fb95ca807d62c8bd1648

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9a03865dbfd9744cc5b689b92f1f1d99
SHA1 652c689befc70bc1cbb6f5859ce0401852c36650
SHA256 8388b8610b36fee30d06a32a5e944a7808fd0dbd09e89ddaf1373f7cfa4cbf77
SHA512 0d3b995e76f614a29d966e06afeda586de20ddf635ddcd0fb3f63d09d5120dd695564c8cec5cec97ce7a510b8a6dd5b7dfffaa7641485c5fbfa5ebbfa8036633

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 552b43c70b4f32d49d581f626b6bf138
SHA1 df3030df0aaf8416095f06170e21a3d697a10f15
SHA256 eac614c374f4b872dc32adffa3b466877a2c562ef3a56ef009d48ae9baf294aa
SHA512 fc207eea0daaba8f4e1e8906f88f68b43eaf723839bed0a98297163b0a3326a4d2e2e70262dde67bed17fce6a02c9fb73fc60c2e970e7b8c4fd1dd9c26f43f4b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7a8eae2b509e52bae020db377b95d122
SHA1 98165a7950ddbf15a717313fbed314b1bca624a5
SHA256 68e48d7956b66bc3b630702d2d9baab933dc864f20b4bd5c95705d596be10ffb
SHA512 21353115cbf66998062c62ea737e4aae50a10529a680ed3b325e4113056aba34f1eb17094866357f259fd894e3b6ae66dd4c027f7230dff7ce3c7ae6e5fa6258

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4e7f264d1c8d7ea69e35029d13e09189
SHA1 2152fa1c00c055380fa84c7f383592a0a7d0a0aa
SHA256 f3e1303c1da51674809e36356d71ede9ab0c8f46ae9e57b5437bff269dc3c969
SHA512 636ffacdcd94fd90b3b3a89567390e4e69886bef1bcf07fd1ab3b9c797ae823c41acadd09aa54d0e19d1c4316591e1a96e7e8e1cfc52940a67b8f56c73d5e502

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_8DBDB314F582CFB69D8C0359C37384D1

MD5 cdb5dd4e93afd29a89745d5df4ecde24
SHA1 4f6dbcd142728f6a427e4a24433cdca90a3955c5
SHA256 72d0a23fe25744cb67fcc1f942b78718fd93d363fb2429e8e01ccec9a16553f3
SHA512 b89a3488ddef13dc6d8a1e9abecce27c54a6211cafb0d5285daca6a67f42817eea5ab2008c0dca799dfa5e978ae5dc6201a84f07f109267395618601dd738ec6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 931b78f087ff2a05955a53fbe15ad34c
SHA1 5cece456f42d6e46f6aa910af42d11496d67cea9
SHA256 11098c4747e6e84d830533e7bf2a88f43dd58287615b1f002e796dbbe8eb991e
SHA512 5a2aff30bfba57e3649e1a965d92e4ffc0a3c2591dfc9e2ebea45d856dea4162a7f53d19712f5a6ae5061c11b8daac41f23d88a33629b04b9eb0e4c282fcb778

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c0db26f73996d055569ae4259fd10394
SHA1 6b594fa48ecb0d2b48de7c20ca1c1122fa4367e8
SHA256 a59735f63acb187a8ef37d1d143ee91e42fa306c52c5bf95667be4e24f7096b1
SHA512 35392f12c3f29d664f9e1347fed039f37b50c6b9d25739112f9211264c72416dadb4a91aaef94aac422cf2822d40265adf172eccc3720d15207bb2b812b8d5f8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 858f91fd213cfdf5dd3b2cf67a7e9eff
SHA1 8cbd30528f7c02dd9e3ad544b0bb857e73059e98
SHA256 f010ff4ef3782ce049f3467d91415945869e80a3013d3588adb73feb878eeb4e
SHA512 41d48416d301be89f7c7eda893bcffc98a3425d22afe3245141402b8a778dd3b1e0ca63b4fed8d36d672d5154354d9271341bf2c101b808dba2810896b94752c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0fb3e1a2a82a644638f82d6abbe71594
SHA1 e86a33c38aa8bc591e9bfe61193802a55fddcfdf
SHA256 0249250afe04413d9af87865ed82d4a5a9333d499c958078cca04987bc6f230b
SHA512 cb21e81a263bf4eead3845398abbdf229cab57a089b2a226aa06aac10f74bec94c9db5025d65dd82c925aa60f1f4b07e4e6ce8fa69c70cdfacd242a7bab6a10a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b626f8368b87236c85305e75c1175937
SHA1 069aec288e0621c8c1bbc103526364c8111febe2
SHA256 e953595de40a04f081d937a2a00991e54304fc1fbd031dcb1e3c7cc0fc21c1ab
SHA512 702a801a88e8776090712f1d7e031815c5a6e674ae57fbd1684a58a667dcd3e23c49ef587af9164d6bee0c5c70e9052c9af32cf421398b6f684f782f302487dc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 29390a23af17c9e3e88d1155aa141d8b
SHA1 c90740334238c288d6857a14100d09f2ce0a7a9d
SHA256 d7803c8c9ecc05094cc73533cd7da209d5cd8543557d5330a41c4d7830451f36
SHA512 fc257b8c87db1a6fe930d725ca6ede02f415693e89a57d253cd48df1b53afc68a961a65a15306f7119513e93dea767df88b6589678f54f5854a6ad44eb61c516

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5650fab5ddfb86e6326a8f989adb33af
SHA1 94e231190ea676c695b09a7f28408754a468ca94
SHA256 dd4197f9999bada21c7161ce7442702589302b2026191b185ec46a956f9c5623
SHA512 02d1900b066c1a353280b16445f541078754a4fbd009b9d97185f1d08cea4c080cdc015f7e3439d242bd232dacff915063d95a38546ecc516fcf4fd1693401e4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 519ceb581feb657d3fd9324cd65428f3
SHA1 1c61e4c07eb35f6f40c8010c96ab9c5867622d9c
SHA256 3e72a25340e1cfa6cb5427b35c0ab806415c944772d8a6d8a151276a571a464e
SHA512 0e4d724166e8f8ababebdc2722aa88e63b5fc64108f5e453fd4922efe87012cb66a4809579fdc1897fdcbb83260479dbf73f20209befd5800ba244b4b0671f3c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 774aa47646a7b468ccc065b58186e253
SHA1 7655f349d4f7f308839693af195f757b08e2cf45
SHA256 a43469711dd51069282eaf64318d4581291b7822b35cf2b7dbdfd040b05f8342
SHA512 037eaf3768ce5af8a882fecb8124d125641d2cdd646c5c3bd47a91223decf518e699c9dbc372b8eb67f52f6867c15e4e2c7870b95ce34e82e57420cd61345dac

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 858f3a5eec83f58810892631ddab8a76
SHA1 eaebec1e6628e0ed2a203fc82f7f12506ce4e06b
SHA256 638b5cad32eb69d0ddd4c60b06407a380afe67fe87fcc2381a5d58c53dd4ab68
SHA512 1554ce9ce7346619ac79b704c36ed6e158b15cc6dea7fcdae03db67951792e89ac6b9f96cefa66cdda8804936ab4dd2c94f028204076eee77a0f62f269d505f5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

MD5 ba3b2479f7e91c7270a2111eca225418
SHA1 8191ba152cdd00fe10329be899a3611f1c4b08b6
SHA256 f8d35c88406277445e3f57b3c9229325135e3fb07be9a37cf1eb4b83aa57b3a4
SHA512 67cca29daca2c44be5f4760150587176c8c8f8bc293c99c3589e894eef4958d223f6718ec564922f320ad885160417ca4a87963deac3118eb9e8c5826e3837ca

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

MD5 b5f68f439aca20ac2b31bc2fa3e33b5f
SHA1 984ca7c658a05690b7fb058087fac9f5ff361002
SHA256 cfeaa790279d529defc3e677f995cdc00347bcf7cba311e1346b295d85cf0ed6
SHA512 22ab2ddeda2374f4119e036e476eb5adfc86ed00aa6cc21d8bcd73fd7cacc041b760c913359679357ab530ff60569ca67a0a5ef54ec37d00b64c560f2503944d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c07e5ccc781ae2be18d0bc2ac6f28f61
SHA1 9952f555fe41ed084289b32e9d2200f0a04af117
SHA256 301c2f9e6e2892463b411067f96d6dd87c88815731c6f98d949e1a92868a0c10
SHA512 e01f655a6ba960a8f6ebb481c32aa30af850da03b9886f08ff9fe4143cfefb6207ce4f5acf3b8054b8590d7c23d627347d9219f377b7ca988f4188c7bc253a7f

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\M0D6PFF6\avgle[1].xml

MD5 241ac6d8a884f6fe2b4c543df7915315
SHA1 fe2911cb48b2709db62551e7860fa2a29b9ef0a6
SHA256 faf17241ab98cf2d207dfaa01d34a17879ba9b0bf3997ca3091023e942fddd4c
SHA512 ec55cd85d6a4fea98479c6369ab5fa3ff0af39d680004a72cec7530bcc4b01b9b32a6020165dd13008f5cfc54ecd38e7cb8b181f2a0ae1544e07c72373220b45

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OORQXHVT\analytics[1].js

MD5 575b5480531da4d14e7453e2016fe0bc
SHA1 e5c5f3134fe29e60b591c87ea85951f0aea36ee1
SHA256 de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
SHA512 174e48f4fb2a7e7a0be1e16564f9ed2d0bbcc8b4af18cb89ad49cf42b1c3894c8f8e29ce673bc5d9bc8552f88d1d47294ee0e216402566a3f446f04aca24857a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6dc71091fb18b5de09a39e0c8ec02a73
SHA1 57cb2ce7dabe6587c0da283bc80356db65eab2aa
SHA256 bf285cab0cf071232d3593f56c688a46458b862719a929316cabbb1d80016c05
SHA512 8b4ccc9844668259201fbde982515e3366c87c4ac1343b982ae983de5ea643f8b9463be65b939d1d276d05a825ce42f9d391a030790f527eaa64e8b0c9cad30e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 244d256936a52ddba95e0d9d3426834b
SHA1 59e02393434a147d62fc2f82c1099537b8b9c2ac
SHA256 6770b147239ea958d9fd6de137a1bf8866f2c45877719cd389ce0fbe053d073a
SHA512 658ca0a11ee8ecdb669aee0a2da43f3a6bd642c47bb1e72bb84f44ad8530a71ed09fd1c568229f95ce20e5cd9fea9e9dfb660d40cd5197177841e0bc2e95c6cd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 37fe21b6fcf57d1dc3aaf57c8d6f6101
SHA1 40606ad794b54f5f996d5b8ca02b82ffab52250f
SHA256 23a866ea06beb32e07e736ec82e3dd548eeec2114f940b48d7cd53b5667c9074
SHA512 5db60b99dfc451da541ddf4420f6f4e958b865604e83d0378796afd89e866ccf6e025871c31166c1224502d595ef334902015e907a56706c542ff772fba336cc

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\M0D6PFF6\avgle[1].xml

MD5 38b4cee333a303b4239175a4b213393b
SHA1 cd7f8094cd707c021c4e6bc2ea02db033c7e09d3
SHA256 374257f7e12f0dab37c5f96f8eee16b5b34c8a8886e39aaa5f6b80d167d9487d
SHA512 67f75f52621285f96ee39bd90533aa59152ce4823b32ba3b56bd212d8f90df52070767b6b1cc50f1ac059f5850d684a1d4d0e56a7a4af26a523a216219f86e5f

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ADCJI8Z\e[1].js

MD5 20c4317df06918eb01577871257848eb
SHA1 4bab2a2fe08919be4bb1f231f56f3a9158792b24
SHA256 a9578b7b9a921eb03bdca64107746a4c4511797f86c3fa5a06f5c765fda9aee5
SHA512 1e761b9881f225ac067b0087a49a82b8245825c513cd18463e62bc964e5f53b51c4d7ebe210d83ea8ef7dc19722dc76d0154fed3f6df255d5b5408be1ccca5bb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 45a9be6945310fc3f74eda4feabf7119
SHA1 5954976dec2be2e076436e385905f850cf62a763
SHA256 e24d922bcd5048b11214cb9e42c82e720f878407d71e0f9e005021b5abecaccb
SHA512 226ad99957d9915a6f45929004fc70ae78811faf4cd5456f9b8e11981c6069e9d233ac6561f7387f5d391112636cd6c984fed91112c29ae3cc3e7932c18d4204

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e2e4820ec730fc59f53efb408497c8a5
SHA1 4604c28484336ef889e29259f2911fa97c054557
SHA256 110ace251a7ba57ead279077af4b280a789c49b7b757c162551b5f8c87efd910
SHA512 19970316e6bfa92e4ccc4f3370e965a8b71a61b0b6b6c5fa12edf44aa061f99b2a7f6d537eaa9a89d07fcc85ef86c22f078f0eea67cf67314c39ed5bb61fb3d3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 0175c5a1e2ec9beffb99bf00120869cd
SHA1 90fcedc0a1facc25879250efc1cff5d4ac047817
SHA256 dd681e038c5c34b44452757d649a8b88a1a28897623da17626d029f2a5960580
SHA512 47ba3f9d7ab8f09c7bdd6e13e9c09a1aa6f5127fe09be7bcc3ac9ac0e0a3815453df0e48157461db12abba77882b0982ee3fb9f955aaf0a1799bcc6a8bc7bcb3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8a89f4bf6b6e4449140bccb99575f331
SHA1 d90c5a82e2ebb3749dc0c3068f1c92eaa36debc4
SHA256 fa88500978910859fe9e74f3ee0eb89bcc6bc7a57a8ad52c1a0b7a74ee9f2015
SHA512 9ac78e05a71d4671f159c433a1df91b8b9fea3374500cdff4d77401b1f49bd432ff2a18701f41d7be34d5122744a8cd887d592de1c4f6b42d4441a452ca7d87d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7af2e98dfd85e647b379f6c7705008c9
SHA1 7e36761afa4401b825353ec0e86b268e2d7078a7
SHA256 a8055cdaa3e98059833337508e2105502d61dd5ea41fa1ee22c070ab8fcac076
SHA512 1bc469f79a3ef8f0f6812574d0b77e151b7b22411f785d2d8ccf16e6629606e8dd6a414ddaa67766863b5f9b032b932ffdce74633fbf4158c5687f64bc0bf4f6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6d51d98e11856878152a1c181a4a0098
SHA1 cd25fc140d60f1f285eaa38e85181dc0e31e241f
SHA256 6fd59355ee05d984d325cd45f7094ae39b1eb078367e7d6a470bd946c080f7a5
SHA512 f435c295008c73d94f2621837543c7c9fb0dbda55dbee2b95e1792b21d5652e27845bb74b5e6d9aac7e1badd14e5b881e0cb059f28cca976a759364bb978b478

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bc50a74715aebda0d1320d375d38ae82
SHA1 249ec5fb05d9e0103d0ea01e1b9204e8679ee045
SHA256 d616f7dfbb937c6349a9e36e07977f68e286b1ac8b7b00bc3df077b149f56b89
SHA512 169d79924d96701863e05e2a0057906aa5a08e95c8fc02975fca58d72cfb1627c56ed7aad2f369f2b88d87460a0b5018f8ce5a526f80f92b346bf91e225f73e5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5077667450f5358b2d691923a111931b
SHA1 543cd75f53377363ab550feb84d35d1b3d5632df
SHA256 20519a7edc9a5b67bf11e6f55e3f7c432864179a328c8bccc846f276498a6485
SHA512 79560742a1cbc8c1cdc7d57441d9e6f6e8e28e3480799a8189a91e7bd5a844f525102ac303da540aaa00b664e49e9bff33d0852ecf628c2e1c70761f6817d7b3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 11863e345144ab4efd755e77b7219db5
SHA1 c21cf09f89976091ace691884f22240e8bd48ae1
SHA256 dd85580b34d344d4c0b771806b6eb5352b1be8e9f79bbee90d020e3e2bdc6901
SHA512 1775fdf56ed77ac0509b8422b4bfb24b64c2bef3028c804d2b420eea6ad031aa1070a105d5ecfecf125923d38ab013df0f91d944db07cd8058acff62ee3467f6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e483af0b98eeae3baece8e04984ad284
SHA1 8bd7c6d12a08935450e72c2a69582a5626c7f2a4
SHA256 4472e09cd233746cf8d9e1b0cc232a6368eca90c9ed36f2cd88ec443bad56519
SHA512 329a9c1837d771f5a7a7e6e8732c999e24b8e21996c41c8b2d65ae77a880aac0f8b2351b423d4c2c6e321c2fdef31526e2fac5268a8c6e980720f314324ee658

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a13cc6e2635475dd199ee5293e2fa1fa
SHA1 89675764fbca102047330a7184cb160d1cee4e13
SHA256 7d0dd352ec73242f522be4d77e524631c0b633cdb76effd03808cd5647f3c112
SHA512 c60cf6b467bb2734a520074c57e3d026431aa855efc08e190deab2b784c5258d320f9a67cf66c8efcab02b0ee2943b0cfbca177adf85b45a833467b2a29d2517

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 edd9d4e67ffadb4edcdc4f6d335a8aa8
SHA1 c14786ba048c0772b51400b871ee8c2f45ac80a3
SHA256 00f8545a04f43a982fb931769fe01e36f3885f56eb5b15d2d7eded2392361890
SHA512 15cf8099bf25a8e3e2a58dea53b3d81f25fde54e22fe675249e32154d215e984d44647c49d2ed3a323eea03664a1724512d910863a833e821bcbdb089071d6fc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 31379414076a3d9f55389720a31bf072
SHA1 0de875c53ee7049a625d13afd75eac015f65b252
SHA256 7a5ee386ae9c05d7c26511b2eac723eb66646d0eea97c5fa38f65bd5a0ab2fb9
SHA512 0757dfb655202ba9a237881a7e0fa150631d3b306d9a9a3d0c3c90805f5e8c63d502c45d34f8f057e982a5795adda472415cfd750faab8113e662e4fa3fe564e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 22e002f39191ed54e90a7fecd885ab04
SHA1 6f0b8c1c4bc4521b567f3383065268c3a9e5a283
SHA256 49712a5bac754fa6e44f2120e1ece7a766db92ecd7cec8297c95af0c3762a4c5
SHA512 5f68a174c57cbafdd620862145f2b37ba7ecb7e782019ddde2d9a25156307dcc27bf19ab95dc28ad00c9c4b85c0c35848bc9915698985bd748bee29068d0bc5c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 81c5937504b4b3471de230af0b5f0368
SHA1 28f8eb44a777a1b81f05a916278ff82ac62cb77b
SHA256 a8f89871c4df717984cf3f2873234ee0ef016ef93a67eb27f82a10b75fa22fc9
SHA512 d3537b95a798761fda97ff3d182c9ff64e4a34d4bdb99b26d6c74360c53c54ebec5818357ec2615a502b7c76c5d6f5fcc167794fe1b553a5a1fa167748ac348d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 62f16535c19f98c86f6c4d63e1adbadf
SHA1 b0235ec14d3b46ed72f00af6a8e94e4722022e94
SHA256 836df1c8e257354684e43041cdcbd2c6dfd64e332e43b5241b931cad56357721
SHA512 fdc45804153da0ee535e62f5da977d30d60b969b34fb8e80995f05b2b50e2f44cbf6798d47d0a52c80393be6a5ef69d0ff81e9e38ff5832d2b53baca88c3858c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8c18ee58f8395f18e319f0314dbbdc4e
SHA1 ef7a6b907c7e7ed06a52d6f48670772e9b4a1e5c
SHA256 6ff47b9a1812c750b8893997d0182342c1539775efed8655eaf506315a3c9fad
SHA512 9df5f7af4b4d375412cd04e557bc501d4730f985e03a4d0731ca8d72ec2506ee2e8abac7fcbf15c8f5fe6ff1757fcf0aa4a8f2af11f623b9f359c4d2fd98e6a5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 21d4681e584f325b6864cb507313b537
SHA1 2c6b8b6d0cbee3681653d229865b42a88f92ee04
SHA256 c8a773510de8ba8f895658f90e9b1769c0c3aed3ef66abb37f2836511a6a5450
SHA512 28c7a1161912cbf819e960d8c0d397f70cfeb6892181f89a5611c96ce96dcf084a8d1fbffc4d07f1446b66f7dd122160c601df3f0f31cb5ee2b17a41062335b2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bb4c49d453d8f0d02ecf55e2e5531374
SHA1 c60aa9ed39c28bc8cbc88c72c864ecda9a52fe61
SHA256 7240bd585e64f801d489f6f79618072c10cc27f855ec747a85b48091ea48713c
SHA512 8f88f117c0a150438123cbfdb027cd8a4ed3a0473c52a8d6b633219bccc9601bf2fe26ff1b9972130b4f7ab086b40a35d5815b7184b1b6a40c6fba2d0c1a38b6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 13a6453c9a2b7ca16f8e0e4ee82c7871
SHA1 d13f5f425bf74c71cec0c34748b1d7f978a84ceb
SHA256 b71578e9303b65f959bf852fe4ef568e135d3d39845ce82f2ad90906977088d0
SHA512 41bd64e71becc79cc4705e6b2631b05310e2cf025bfed0abfe89a8fe2328cfa9d863e018dbe2afb16e130f71fc493b4a64115ac93b20655e3ba830e54579f60a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e3900fb52dcc8cc147f37f81cbb3954d
SHA1 938f12680ba0fa3f26def68cf0657252c1090b1e
SHA256 a6cc56ced63868cb3688b171497322ff8958b4c430db59dd76d42135cfdadca5
SHA512 bc253951e2c28d57bc1df2c343b29158718eabb23ccab9d9bba75041462e4836bb4b86459ce0ef38d8b60fc3ea74cfec783d8bbad88b56831088e838813d9828

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-27 11:40

Reported

2024-05-27 11:42

Platform

win10v2004-20240426-en

Max time kernel

145s

Max time network

147s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\790786864fd2633e5d6f238dff41a246_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4576 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4576 wrote to memory of 1496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4576 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4576 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4576 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4576 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4576 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4576 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4576 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4576 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4576 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4576 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4576 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4576 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4576 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4576 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4576 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4576 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4576 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4576 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4576 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4576 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4576 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4576 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4576 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4576 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4576 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4576 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4576 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4576 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4576 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4576 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4576 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4576 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4576 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4576 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4576 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4576 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4576 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4576 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4576 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4576 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4576 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4576 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4576 wrote to memory of 3764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4576 wrote to memory of 3764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4576 wrote to memory of 3764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4576 wrote to memory of 3764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4576 wrote to memory of 3764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4576 wrote to memory of 3764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4576 wrote to memory of 3764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4576 wrote to memory of 3764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4576 wrote to memory of 3764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4576 wrote to memory of 3764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4576 wrote to memory of 3764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4576 wrote to memory of 3764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4576 wrote to memory of 3764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4576 wrote to memory of 3764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4576 wrote to memory of 3764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4576 wrote to memory of 3764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4576 wrote to memory of 3764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4576 wrote to memory of 3764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4576 wrote to memory of 3764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4576 wrote to memory of 3764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\790786864fd2633e5d6f238dff41a246_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9849246f8,0x7ff984924708,0x7ff984924718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,9354354889319620329,5658037866573062443,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,9354354889319620329,5658037866573062443,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,9354354889319620329,5658037866573062443,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2652 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9354354889319620329,5658037866573062443,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9354354889319620329,5658037866573062443,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9354354889319620329,5658037866573062443,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9354354889319620329,5658037866573062443,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9354354889319620329,5658037866573062443,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4764 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9354354889319620329,5658037866573062443,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,9354354889319620329,5658037866573062443,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4828 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 adserver.juicyads.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 94ero.com udp
FR 172.217.20.170:443 ajax.googleapis.com tcp
FR 172.217.20.196:443 www.google.com tcp
US 104.21.16.154:443 94ero.com tcp
US 104.21.16.154:443 94ero.com tcp
US 104.21.16.154:443 94ero.com tcp
US 104.21.16.154:443 94ero.com tcp
NL 185.94.236.244:445 adserver.juicyads.com tcp
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 196.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 170.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 154.16.21.104.in-addr.arpa udp
US 8.8.8.8:53 25.24.18.2.in-addr.arpa udp
US 8.8.8.8:53 42.215.58.216.in-addr.arpa udp
US 8.8.8.8:53 d.line-scdn.net udp
SE 104.73.93.99:443 d.line-scdn.net tcp
US 8.8.8.8:53 adserver.juicyads.com udp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
NL 185.94.236.246:139 adserver.juicyads.com tcp
US 8.8.8.8:53 static.trafficjunky.com udp
US 8.8.8.8:53 avgle.com udp
US 104.21.16.154:443 94ero.com tcp
GB 64.210.156.16:443 static.trafficjunky.com tcp
US 104.21.95.205:443 avgle.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 67.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 72.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 99.93.73.104.in-addr.arpa udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 8.8.8.8:53 apps.identrust.com udp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 push.zhanzhang.baidu.com udp
NL 23.63.101.153:80 apps.identrust.com tcp
GB 163.70.151.21:443 connect.facebook.net tcp
US 8.8.8.8:53 ads.trafficjunky.net udp
US 66.254.114.154:80 ads.trafficjunky.net tcp
US 66.254.114.154:80 ads.trafficjunky.net tcp
CN 180.101.212.103:80 push.zhanzhang.baidu.com tcp
CN 180.101.212.103:80 push.zhanzhang.baidu.com tcp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 8.8.8.8:53 restroomcalf.com udp
US 8.8.8.8:53 poweredby.jads.co udp
US 8.8.8.8:53 static-clst.avgle.com udp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
NL 45.133.44.10:443 static-clst.avgle.com tcp
NL 185.94.236.245:443 poweredby.jads.co tcp
NL 185.94.236.245:443 poweredby.jads.co tcp
US 8.8.8.8:53 205.95.21.104.in-addr.arpa udp
US 8.8.8.8:53 178.38.239.216.in-addr.arpa udp
US 8.8.8.8:53 163.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 16.156.210.64.in-addr.arpa udp
US 8.8.8.8:53 21.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 153.101.63.23.in-addr.arpa udp
US 8.8.8.8:53 154.114.254.66.in-addr.arpa udp
US 8.8.8.8:53 14.25.17.104.in-addr.arpa udp
US 8.8.8.8:53 10.44.133.45.in-addr.arpa udp
US 8.8.8.8:53 245.236.94.185.in-addr.arpa udp
US 172.240.127.234:443 restroomcalf.com tcp
US 172.240.127.234:443 restroomcalf.com tcp
NL 185.94.236.245:443 poweredby.jads.co tcp
NL 185.94.236.245:443 poweredby.jads.co tcp
US 8.8.8.8:53 s10.histats.com udp
US 104.20.19.71:443 s10.histats.com tcp
US 8.8.8.8:53 i.jads.co udp
US 8.8.8.8:53 s4.histats.com udp
CA 149.56.240.131:443 s4.histats.com tcp
GB 195.181.164.14:443 i.jads.co tcp
GB 195.181.164.14:443 i.jads.co tcp
GB 195.181.164.14:443 i.jads.co tcp
US 8.8.8.8:53 71.19.20.104.in-addr.arpa udp
US 8.8.8.8:53 e.dtscout.com udp
DE 141.101.120.11:443 e.dtscout.com tcp
US 8.8.8.8:53 t.dtscout.com udp
US 8.8.8.8:53 14.164.181.195.in-addr.arpa udp
US 8.8.8.8:53 131.240.56.149.in-addr.arpa udp
US 8.8.8.8:53 11.120.101.141.in-addr.arpa udp
US 172.240.108.68:443 restroomcalf.com tcp
US 172.240.108.68:443 restroomcalf.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 68.108.240.172.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
CN 182.61.201.93:80 push.zhanzhang.baidu.com tcp
CN 182.61.201.93:80 push.zhanzhang.baidu.com tcp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
CN 182.61.201.94:80 push.zhanzhang.baidu.com tcp
CN 182.61.201.94:80 push.zhanzhang.baidu.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
CN 182.61.244.229:80 push.zhanzhang.baidu.com tcp
CN 182.61.244.229:80 push.zhanzhang.baidu.com tcp
CN 14.215.182.161:80 push.zhanzhang.baidu.com tcp
CN 14.215.182.161:80 push.zhanzhang.baidu.com tcp
CN 39.156.68.163:80 push.zhanzhang.baidu.com tcp
CN 39.156.68.163:80 push.zhanzhang.baidu.com tcp
CN 112.34.113.148:80 push.zhanzhang.baidu.com tcp
CN 112.34.113.148:80 push.zhanzhang.baidu.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f53207a5ca2ef5c7e976cbb3cb26d870
SHA1 49a8cc44f53da77bb3dfb36fc7676ed54675db43
SHA256 19ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23
SHA512 be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499

\??\pipe\LOCAL\crashpad_4576_RQLHVRNJVRCUNCZQ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ae54e9db2e89f2c54da8cc0bfcbd26bd
SHA1 a88af6c673609ecbc51a1a60dfbc8577830d2b5d
SHA256 5009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af
SHA512 e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 de5116ecbbf9dc2601a0e482e73951d6
SHA1 e1c3ed8331214173d7c8e15a8e5fd22d5d1bc4ec
SHA256 0257b866bb3a28fb5e5d823480d7d07d981a07bc69d49079ded99c547c9ad847
SHA512 4630566ba8e738ebb79f10cbef3fcb5622360d529b57779b8d3619292ee08a785e7cb7be7d8e27ecffd063d68e2b17ba286c25940ed9d889c73dc1496ae1d25f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c2638927a13b635458104fd8cb2b8643
SHA1 cf3d74a1af3b7307d1af4b8dcc25cde6bae8b1f5
SHA256 316e6bf8b33aead8b81484ce091151e501de1b56a4cbe4aa01665ab1f1cf26ca
SHA512 6596b77d54fc66f852bf4343973273648fc010565f8f1e88d6ff8fef0e863c6f5d487dc79d247ed3ebe64f0be425d1067bb62cfcbb4e6886c55e81a5c9fa0f47

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8b853445335e94cc37db645510d1f11f
SHA1 5031e5963cfcb5370afbcec7010e48f3feeadb46
SHA256 9db5aa8d3780ad1823d26034fda8c449e6de0798fd187248b8739351003550cd
SHA512 f6e8f566eda2f0c23751ba0eeee5605d23f74799c572b366ed5ec31dc0cfd1e127860cf9ae2c5e64fee1a356601baad5754f73bc8ef19500175f3c4e174bc33f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 ba58248a1132536f2a896e9883c5a5f4
SHA1 269606c91f4297f62a6f6a75005c30f553648884
SHA256 4fb44636962b4df1476b7fea38ed128e60556efdcb88fbae64bd465c2f056108
SHA512 ff163a4b3b952d7835c10e827f6900c713888e683e462667e38d1105cfd1a95f29f6ea70810b7d95f13c5a48d4ec39324f957db4b5df8607bb01d7e9c918e714

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 49c1a5dad1524b1bf0886358ec59986f
SHA1 525bb1ebe4d3e00aa025b587c8fcbb1080291474
SHA256 acaf697945f5478926cee8815555dabd922f24829cefeecce18812e4c19c4e72
SHA512 84e3b8801f72295398026bdd95756e2faa94da1335c2f30b04e723eeac9d8acf5a9268c507048f8d51ff91fcadedc7f94168b39afab63c85a7183abc1f13f3a0