Malware Analysis Report

2025-01-19 07:16

Sample ID 240531-eztgnseh2v
Target 85f5dd03f70f4f1d8a8c28f93ff53ca3_JaffaCakes118
SHA256 cc02572acd1d37e00bbd406fe89534e8539d040c9791adf7d2fc02aa33304720
Tags
ramnit banker spyware stealer trojan upx worm
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

cc02572acd1d37e00bbd406fe89534e8539d040c9791adf7d2fc02aa33304720

Threat Level: Known bad

The file 85f5dd03f70f4f1d8a8c28f93ff53ca3_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

ramnit banker spyware stealer trojan upx worm

Ramnit

UPX packed file

Executes dropped EXE

Loads dropped DLL

Drops file in Program Files directory

Drops file in Windows directory

Suspicious use of FindShellTrayWindow

Modifies Internet Explorer settings

Suspicious use of SendNotifyMessage

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-31 04:23

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-31 04:23

Reported

2024-05-31 04:25

Platform

win7-20240221-en

Max time kernel

140s

Max time network

141s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\85f5dd03f70f4f1d8a8c28f93ff53ca3_JaffaCakes118.html

Signatures

Ramnit

trojan spyware stealer worm banker ramnit

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Microsoft\px29A0.tmp C:\Users\Admin\AppData\Local\Temp\svchost.exe N/A
File created C:\Program Files (x86)\Microsoft\DesktopLayer.exe C:\Users\Admin\AppData\Local\Temp\svchost.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\DesktopLayer.exe C:\Users\Admin\AppData\Local\Temp\svchost.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Downloaded Program Files\swflash64.inf C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened for modification C:\Windows\INF\setupapi.app.log C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened for modification C:\Windows\Downloaded Program Files\SET32C4.tmp C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File created C:\Windows\Downloaded Program Files\SET32C4.tmp C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7BCAB351-1F05-11EF-9CEF-E299A69EE862} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff5600000000000000dc04000065020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 7071e54112b3da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423291256" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d10ec1a99b341e478030a6b4c955d01c00000000020000000000106600000001000020000000c201fda7053c5013cdd062bc0180c5f3c057080f0221dd8b60a50ac87c6f0f3b000000000e800000000200002000000070ff15c654f940553ac06747e6b6a073a8fe4c262535ac2337dce265df6beb1c90000000825614a1261d7dbb2f94a189473bff837015435f3eb88774a8e2ddd35b41da21ca7daed321fb15e67ca6a4382d69296109d181c0f3d256fc21c98427ee5f0d872ac54cc02262e462ed5134efa01ba59a5ea52f961796fc50d81377a41a425e51b068b6f3d0ef37b6779118bc7b1c60b30308ff8153152ec964d479fb324181780f475370e1c8e581b1003f594bf27fbe400000000547911183f8a9a21363a5e8934d9598b60548e9322172b3ba0e5ceda6567f4d13397f77f7423dfd5d27cbc5afeb6cf06330519752114eb9774377331d956607 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d10ec1a99b341e478030a6b4c955d01c000000000200000000001066000000010000200000002ec3f576ecfe2d2547abeb979f40f790a465bee2c2711ae179eeb0aedc74f52e000000000e800000000200002000000032d4a54d574f30e080a77f16f1eed10fe4040ea3e439eabe1b142b9ffa46b9a72000000044cf893fffa556313d4e00765d7ca6a91fe11acf4b42074f820cb1640a50a1a3400000000c7eda83f9846a2a90746308e1e5a6cbb4d59afbe579f2bd6192d675c5724a8664cbd9d2b7015e763b7aa426a1083fac4a01cbf7eb4aa5ace70b3975e7610aab C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeRestorePrivilege N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Token: SeRestorePrivilege N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Token: SeRestorePrivilege N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Token: SeRestorePrivilege N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Token: SeRestorePrivilege N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Token: SeRestorePrivilege N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Token: SeRestorePrivilege N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2512 wrote to memory of 2212 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2512 wrote to memory of 2212 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2512 wrote to memory of 2212 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2512 wrote to memory of 2212 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2212 wrote to memory of 704 N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Users\Admin\AppData\Local\Temp\svchost.exe
PID 2212 wrote to memory of 704 N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Users\Admin\AppData\Local\Temp\svchost.exe
PID 2212 wrote to memory of 704 N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Users\Admin\AppData\Local\Temp\svchost.exe
PID 2212 wrote to memory of 704 N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Users\Admin\AppData\Local\Temp\svchost.exe
PID 704 wrote to memory of 936 N/A C:\Users\Admin\AppData\Local\Temp\svchost.exe C:\Program Files (x86)\Microsoft\DesktopLayer.exe
PID 704 wrote to memory of 936 N/A C:\Users\Admin\AppData\Local\Temp\svchost.exe C:\Program Files (x86)\Microsoft\DesktopLayer.exe
PID 704 wrote to memory of 936 N/A C:\Users\Admin\AppData\Local\Temp\svchost.exe C:\Program Files (x86)\Microsoft\DesktopLayer.exe
PID 704 wrote to memory of 936 N/A C:\Users\Admin\AppData\Local\Temp\svchost.exe C:\Program Files (x86)\Microsoft\DesktopLayer.exe
PID 936 wrote to memory of 912 N/A C:\Program Files (x86)\Microsoft\DesktopLayer.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 936 wrote to memory of 912 N/A C:\Program Files (x86)\Microsoft\DesktopLayer.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 936 wrote to memory of 912 N/A C:\Program Files (x86)\Microsoft\DesktopLayer.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 936 wrote to memory of 912 N/A C:\Program Files (x86)\Microsoft\DesktopLayer.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2512 wrote to memory of 664 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2512 wrote to memory of 664 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2512 wrote to memory of 664 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2512 wrote to memory of 664 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2212 wrote to memory of 2456 N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe
PID 2212 wrote to memory of 2456 N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe
PID 2212 wrote to memory of 2456 N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe
PID 2212 wrote to memory of 2456 N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe
PID 2212 wrote to memory of 2456 N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe
PID 2212 wrote to memory of 2456 N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe
PID 2212 wrote to memory of 2456 N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe
PID 2456 wrote to memory of 2244 N/A C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2456 wrote to memory of 2244 N/A C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2456 wrote to memory of 2244 N/A C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2456 wrote to memory of 2244 N/A C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2512 wrote to memory of 304 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2512 wrote to memory of 304 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2512 wrote to memory of 304 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2512 wrote to memory of 304 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\85f5dd03f70f4f1d8a8c28f93ff53ca3_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2512 CREDAT:275457 /prefetch:2

C:\Users\Admin\AppData\Local\Temp\svchost.exe

"C:\Users\Admin\AppData\Local\Temp\svchost.exe"

C:\Program Files (x86)\Microsoft\DesktopLayer.exe

"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2512 CREDAT:472073 /prefetch:2

C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe

C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://get3.adobe.com/flashplayer/update/activex

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2512 CREDAT:472078 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 cdn.joy.ac udp
US 8.8.8.8:53 cdn.joygame.com udp
US 8.8.8.8:53 services.joygame.com udp
US 8.8.8.8:53 i.hizliresim.com udp
US 172.67.154.131:80 i.hizliresim.com tcp
US 172.67.154.131:80 i.hizliresim.com tcp
TR 185.70.86.121:80 services.joygame.com tcp
TR 185.70.86.121:80 services.joygame.com tcp
GB 163.171.129.134:80 cdn.joygame.com tcp
GB 163.171.129.134:80 cdn.joygame.com tcp
GB 163.171.129.134:80 cdn.joygame.com tcp
GB 163.171.129.134:80 cdn.joygame.com tcp
GB 163.171.129.134:80 cdn.joygame.com tcp
GB 163.171.129.134:80 cdn.joygame.com tcp
GB 163.171.129.134:80 cdn.joygame.com tcp
GB 163.171.129.134:80 cdn.joygame.com tcp
US 172.67.154.131:443 i.hizliresim.com tcp
US 8.8.8.8:53 apps.identrust.com udp
NL 23.63.101.153:80 apps.identrust.com tcp
US 8.8.8.8:53 platform.twitter.com udp
GB 199.232.56.157:443 platform.twitter.com tcp
GB 199.232.56.157:443 platform.twitter.com tcp
US 8.8.8.8:53 www.joygamedl.com udp
US 104.21.40.73:80 www.joygamedl.com tcp
US 104.21.40.73:80 www.joygamedl.com tcp
US 8.8.8.8:53 download.macromedia.com udp
GB 2.22.133.225:80 download.macromedia.com tcp
GB 2.22.133.225:80 download.macromedia.com tcp
US 8.8.8.8:53 fpdownload2.macromedia.com udp
GB 23.73.139.66:80 fpdownload2.macromedia.com tcp
GB 23.73.139.66:80 fpdownload2.macromedia.com tcp
US 8.8.8.8:53 api.bing.com udp
US 8.8.8.8:53 x2.c.lencr.org udp
BE 23.55.97.11:80 x2.c.lencr.org tcp
GB 199.232.56.157:443 platform.twitter.com tcp
US 8.8.8.8:53 get3.adobe.com udp
NL 23.62.61.185:443 get3.adobe.com tcp
NL 23.62.61.185:443 get3.adobe.com tcp
NL 23.62.61.185:443 get3.adobe.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab2780.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OORQXHVT\jquery.tools.min[1].js

MD5 64d50c53837cec47dcf42cd3b0bbb4dd
SHA1 5a863240c2e4bb834e18131164354ba39de813c3
SHA256 09c51f86f67749e38cd2f3e2a39c5e90e3ce442f8ed20b0aa3b1333cb86551ff
SHA512 c76ec9ffd913fb7a2d4e27a5948b6cd82da062f1aa05d20fa140de61a2b3cba4caa918b2189ffc0048be1202f9313e4c86488631764e5b3d606c8bb4e699afbe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar2890.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 09a51abb47466e5919ba48b6b31b094c
SHA1 4e10e4b00fcb2c6c2fbdf18d7b520b46423e1c19
SHA256 6a7b8f3a0f3e42b93ffc39af0a3ebb6f1d3f90a80512ae9f4a770578cd5f6e66
SHA512 af50217b628d89020b9deaca240a67ce4a022fcf7c9c712950bf921b65c05c7597adc88fd8f21847c8f939d16f4ec1e1a5a28ff7712671caf727733dbaeab710

C:\Users\Admin\AppData\Local\Temp\svchost.exe

MD5 ff5e1f27193ce51eec318714ef038bef
SHA1 b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6
SHA256 fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320
SHA512 c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8703b5313ee5da6752312f4dd69716b9
SHA1 96ff6ff1efd36d35eeebc99a4dbbe396ab512dec
SHA256 c4313e60f37443efa43b836f649d3ecffb0fdb9b7a06c8f91cb7c4cc66955c7b
SHA512 1f81ac18488ad6424f9bd32689aec6c8ffb95f872a1abc14f7749f2c46b32cdf6d555c14f4af17356dc71b40c6b2e8292e0456aedd79c28a690da72e2d8624d0

memory/704-219-0x0000000000400000-0x000000000042E000-memory.dmp

memory/704-244-0x0000000000400000-0x000000000042E000-memory.dmp

memory/704-243-0x0000000000230000-0x000000000023F000-memory.dmp

memory/936-260-0x0000000000400000-0x000000000042E000-memory.dmp

memory/936-258-0x0000000000240000-0x0000000000241000-memory.dmp

memory/936-254-0x0000000000400000-0x000000000042E000-memory.dmp

memory/936-267-0x0000000000400000-0x000000000042E000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 60d8ae72d214a6bddc13ee09f57ab67c
SHA1 8d4533a4151dbdf4174769f1560f1bcdd86ab097
SHA256 8736df7731a5613d46b82df84f77f3553f99ce84b5da88f0c549ce1df33dbb3c
SHA512 b2b2e7c71e9998a0919987b3d92f14c8ccc09c67862855e5a78e196cb769537e798329715581edb0b8aae4af1709e563308fedecd5d4b9f618d84993f253f47a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f844ba14d5500db1d2f81f0012d40b41
SHA1 7ba3aac2e85a438da185a5948cd0076cf1ab6b6d
SHA256 0313c14cbb02968de6ed4fd016b2d3756c49a4c494f2b2efdc50db65bf40e7cd
SHA512 1453d365bebe93d32a7408c1c138f8c94ad850a7e6581be7ceda22c1ed015f897e7b4d590cb67658e12292f8c295837972bea960fd2e29e49d7b2858ce5555f7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 09169b8ade94fa1ccd74bd222b3ad7f1
SHA1 263841805e9a350783942a70cf8ed58ceea3cb01
SHA256 e4ef5169b7b075da91c3c5ee1494a4d7ab7cee3bf2a8813fb889689c989a79cb
SHA512 2bfe5160b3f17357dc3da6374e6feb5733d1d45cbc8dc5d3302c58abe8faf8809e720abb3ad960783f07e7f73c7c359cf405b86d6318abfa62f0d7e0d0072f52

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 24067d4898e43ad15a486ee60a7bb746
SHA1 5f2332d63bea851c0da0bce9ddf52bc2e3bacabe
SHA256 0e073b46ce901f4ce9110bfbc201b448610088677f0c00aaefb2a80e64898361
SHA512 5eab4337c709247dc14dc7c01ba1ba6019c551a12cd837db6469d11f1061a4e506d029de6233d2926bc544f572f1b28ea16d09a68543c3455f961a09b0595203

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3c704301edb1ecbd4a5a3438bfd56767
SHA1 e7e41e888cea8864468063a711b007027146666c
SHA256 d6c9e3114add8567648f387239d6cd400fa30d1ca9f8cf3e0fa9681affeed00b
SHA512 825ff597a7b78addd79ba6d85d953153ac89580806b7d8e9ddbcb15e73a95745a3a6688f678ff8f44c916dccf4e58730991cb0ae364da5f84c520fa21a0d530e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5cc1feb06df0caf5ff5275c9fe20b544
SHA1 76424654050ac9aee4ab786d8add65edc251f670
SHA256 98a7079864d2609a69c49c364690634e12d67ac586cf51125a80d3e4cdd4f720
SHA512 97172bef7267b5f55c53b8b6fdb33b046f15a1fc4df5cb8c39fc3ae048f008ca3e3fcd408750f699abd11e75061dcc58c566b046e1e5aaa2f0641fa329be604e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d6b52ab9cd98e6cecdfed79ad5b0da19
SHA1 ac588bdc2e97e551c75d4d2ebccdb42b81ced891
SHA256 943eaa879f338a9706afcafb7ce3e3d77889de66ea90e00c1baf950b5ce23d42
SHA512 08d81e1c4896805c099e735e8eefa8cf138af3315ee9e35fedffebe5949d46a58d9bf6ff22138fb83ca3de4f057790c2709b2c16568034ba6f43c74efa42956a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1d82691e3d8c467db6708aa3d9acfa7d
SHA1 5a6924132afffcf4fe835985f2166b27ef4efa75
SHA256 a8f66d7d76898c82c02233074b8694d95e89fb547f5b862a531461c2617d7811
SHA512 4ba8c14bfb40cc8c62b39dbe8362e646351b80739713e45d6e29b53392a5a60b93a282b958a1577aae9bd6e019d60c136b78bfd7beca1868b2e20b2dfc0e9587

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ea797ab8907273de6355b76b4f180412
SHA1 7bad45224cb57e539a2b6183ccc4fed05e1c8553
SHA256 824009de93e05779692fc4caf99c28a9bcdac4363cbbfecd45f7b48f4f965f0e
SHA512 9d7646b4cdb1e32cb6214359378c58da22b91c9ea9bd09939274aa37ecb54fb1dbed69df97da83065537c1d57a4604080bc2a78bf6e232777ba6b3a4feba4eef

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e82ae50709ec69f0ff288ceff7ae9d78
SHA1 653c13ff39ee035f83bc9f985bf8a1254700b235
SHA256 45d4ad35051de87274cddbe8d9a4133dbba8adc798fe85fcc8f4bc094b6ac56a
SHA512 41f9401da42016b978475f47a45d490343abdaa1b705b88edb98ef72d85887dc8b0ef6e7a50d9e37d3299c167f4c8abbc4332b81632a00cef9429d18c9b6ef78

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 eff3eea714c32cc3931bb769833823d6
SHA1 8f963d3522629caaef5ccc4d42768438934ef279
SHA256 174bb45b13be5455d0b5fc8e71e5254297a672774b39338d443a174cbd2331d8
SHA512 09c95410a1e7dae932ef463653f7404d0ae90a6596d5ea5fa2115057dc9756ce365deb40982518837264242c911e9a0674a99649c20a154edff4d96d1692f60e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a363e0b763961ae712e4dcc97b26c65f
SHA1 47c3349c48e772960d72ce96ad72d3079ec759a7
SHA256 30adb2099e5f6918f2ad0cedaf76f8ef09ecef5f81ff5569a77e0aecb28f3edb
SHA512 6399148a5a3a091fca3be1831e65f0c3615833ac3759e0fd6e1173fe0b7a7c79e5b713a5a3193656afb19173dc1583ab6e3f4d205d926d6827755d408988bc26

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ADCJI8Z\swflash[1].cab

MD5 b3e138191eeca0adcc05cb90bb4c76ff
SHA1 2d83b50b5992540e2150dfcaddd10f7c67633d2c
SHA256 eea074db3f86fed73a36d9e6c734af8080a4d2364e817eecd5cb37cb9ec9dc0b
SHA512 82b4c76201697d7d25f2e4f454aa0dd8d548cdfd3ebfa0dd91845536f74f470e57d66a73750c56409510d787ee2483839f799fef5d5a77972cd4435a157a21a4

C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\swflash64.inf

MD5 60c0b6143a14467a24e31e887954763f
SHA1 77644b4640740ac85fbb201dbc14e5dccdad33ed
SHA256 97ac49c33b06efc45061441a392a55f04548ee47dc48aa8a916de8d13dabec58
SHA512 7032669715c068de67d85d5d00f201ee84bb6edac895559b2a248509024d6ce07c0494835c8ee802dbdbe1bc0b1fb7f4a07417ef864c04ebfaa556663dfd7c7f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 19c6fbd0e8f6d8ae643bf36880410596
SHA1 376172032e4f8df887d70d05d6a8818496fa877d
SHA256 2a194ed10eac83d1eede0217e7997a5cf1c6f12311116531d2c75ca8d23a6562
SHA512 04032095830ada44becc66b86a982756c89ef92338b19705a09188034615dd4b39c31b62e56e6c641fef4b9848e282036d7b14d09a65daf9fe17c9283d344094

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 49c29df559d2cff8ea9eb9655c5d331c
SHA1 7dbc22a3bf683737ae942d2667d996b1b7778de0
SHA256 45f261e6286b21d4420c1f0edee7e72105565f49096ecb8652115698629eb275
SHA512 c65e9a102010fe322c40b6a476a02f18ad3fd2e46cd6b85f06b48bd071a42db81ad03c2b89c90a5bdf2ba8155fa58c3bd515cd2773cbe4484b445169d6481465

\Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe

MD5 47f240e7f969bc507334f79b42b3b718
SHA1 8ec5c3294b3854a32636529d73a5f070d5bcf627
SHA256 c8c8cff5dc0a3f205e59f0bbfe30b6ade490c10b9ecc7043f264ec67ef9b6a11
SHA512 10999161970b874db326becd51d5917f17fece7021e27b2c2dfbee42cb4e992c4d5dbeac41093a345ad098c884f6937aa941ec76fb0c9587e9470405ecb67161

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6d2044e9befbffc92c7df7d01ccf6af2
SHA1 9b593bec28038d9d3685ddb4a75f681ee356c005
SHA256 db377cfc2354f32ac56f5910c5f0a12ca450d3bfec9688972944a40fd6e43c36
SHA512 10e47f003f521652f6ba093b234cfa1b12005bd476c378633c754907b1494e248891fd8c90dd0208060538ced694af4f34c5bd52eb59fe0d082c6261afa3a4d8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 baf680f48eba83b3997d3afe7ce04e2c
SHA1 3f65a201df00df498b6bcb9a2ddb1e5031b67068
SHA256 b9b5e56acf336118b5a15f2368e7c40ad8b7059243c12c78155b7c8be356bbfb
SHA512 c48be7835a2ebc4aabb1bd2ba345d8af95f394d3814e12c7e7b604dd2fd2ce6397c836a2ae5a1d89d7388eab8b3f02f5d9c25b5a33cd002294306981a48c27ec

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d17a6a92764f78f96d16069aefe62160
SHA1 89e61707359f9d3091229ea2772bf37c572cd4bf
SHA256 abddabc4f337ae20dd15c80c0e6f134860c8c66c1ef1715d08348588862f2024
SHA512 46c65c8f373b5aaf970e6ac4091c123c8664fd097e4f79e81b30bb53e89f19afc177b3ae404c35a095087beaa1029cb75b1c21543b2c6f7c9802c42d40ee80b5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 05695d25f3f4bca98d5ee43bd744a828
SHA1 6c5d2f1d43ee2ea66521e96b8c29f86f04a7e69b
SHA256 27fe9cc6913eb4c1cf99fb483d161a32e372430759cad90ed2982867c1bce8c8
SHA512 0fd6725447caa811692424e181e268eef281d6555da8fb30fa0b7d99770202174b7b1c9dd1515259d0e32d80c24a902e138ad8e0e70c0897bc4f8b62d4fccea2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7a415212c143edab3a50eb2016b3f2e8
SHA1 5fb83d39a673c4069454568b154cb6cd74696f4f
SHA256 b849179a517dd4b1c0278d16f6ca5fe162936da904896f64f44fa16c6e17cd71
SHA512 39897684b4313f8144811d47d3291d3a7ed40f381fa610eb64240d47f453514f02bf13f96b69181ab50876a52d4aeff2a88e10bd76d02911b0a0a700672c9792

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4ae6532fb5437a575c15ddd9e437c98d
SHA1 a2ef39d40a228f41a150b59867916a92deed67ec
SHA256 4b6cf8fd14edc1dae31051c948f375fdb7f8e537a51d8c6176ff07b93ea0f080
SHA512 e48a10f2163aaaff8202eccabb16a6769216d91213b96081d8128ef9412ff9b844e7ead64e33bcfdba3c914f8b6d53d1fa58b8d24a6cb863ae36493af0bf16c3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0130119796883348b3790e23bde07fee
SHA1 a5a6ee4822207bcb9ad596dfdd0a4c218f3b70a4
SHA256 b04f7804568e9eb1eb75520ec17cfec08d5a67433e2ff505a8d6c8b2942baf47
SHA512 bfaf632ebcead76812afdc98eb374018b119598d3e1fdbb4cea2635fee2ee97957532bf37b8f70636b774ed5eff0c1cb8bff1ff78761e31e3232a272d951dfe2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 94b0ba6ef9878b5776c5153a0994166b
SHA1 35e726dd8c55cfbf9641c7bb20b2062b1d2601d7
SHA256 a1367997a4a13209329b964497f0243aa7c4fbc7d3ad944faddb3769f52ae524
SHA512 15086f41ad09ab402b5441a9d444176ae026b702a2c61579e915ddfc466beaa334a8ee81f864e16ad132ce9e126d2743953f78bf9d220eddd686132c9c672e32

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 defe155c8232814bde641f1e9f3d0270
SHA1 6f4f2ab1a585081450841c410d1cdc725abdb195
SHA256 ea9d310ccf474c5e6dc77b5679229d07990c6d403de1341de71f2ae971a56556
SHA512 8ab6cd46068781e495b7dd9872685e20a332f516d31f9d3196da2f3c3959466a5d0dff22b08526b11c63a97047486ea0d0fbff89adeb1924424c930b067a4b12

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2ad69721f08dbc657c77e9da960a6c0a
SHA1 3255047f3a587680e6b5c09615090973ef860bbe
SHA256 2f756a60cdf9d44766066b657ec8cf2167e9edd88a0a0211b5e637fd06e414b1
SHA512 1057778bc5d402fcd133d8cab29d09a23420c565c5354df6f0acac77b14cc4d686cb953012149dd0ca02b01aa50c665e48b08fbcbf419945bca31a1774b4d7d8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bbe64b50373950a08a4f41ec42668f3b
SHA1 10a84b683fdc3fa43e2c0ad59e8bcbfd984e1ee7
SHA256 e43412f770cfd2b67248ba5fa2ec5708cd6f6118a601c1227c79965650f10664
SHA512 60e86b6cd2a5fd86a8a317147e40962589e96ffdfddabb696e0925b97adfdc3cbad93924aa269750c6b10d260231f94325756ba30fc0905e7e16ed664a1a8c62

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e32c971e3a74834d6e781cda46892d5d
SHA1 96c15d95beb44415c20eb94ec3faa256c22632ff
SHA256 fec8a4c522cf7a705ac156f9b1eb0bbd2db9ff4f41b483a814f8f23bab83ee2a
SHA512 cbd5d4b223b6bf4ffa7a96131b59725f0dbd29edc5a2c06102c6eb2b343f0565aed1b9cee5920fa76652a712055d3c18a53af04023b2b9dca042f9bc11657603

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cd90165b5f4ec51c44f9e1d23da66cf9
SHA1 72df64db2ef93523b09e431923ae820ee52b1704
SHA256 ecb2259133ca6cdc1e56fa3c0ea5d5ec14ad83eae177781587a2fb55b7c3cdcd
SHA512 29dc624c319cc91776c230a292fd79e39185fb94112d215cd1e2cf72ae88ac3d0d6321333028638a5b820c1ad48f1f4532cb5bfae32699c04905dcbb51af2c52

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7c261def47a164a7a4aeab9d4affca57
SHA1 ccfcda05c277dcde31135d3e528b744bbd72966e
SHA256 c6b8b3ce7956db06a24a64ab6652cfbe90bc863a195adf999f1a0c8118c6ffee
SHA512 634e8142aa0858f1547180ca297356cac3106f5487053d3c96d986c8119a6675f4960dc3e85b17146b864ab4fd7374931e05de7c36a748a713f0de85b25fa1a8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 5db145c28f9abf9aa7d94a0deeeb8f0c
SHA1 2cc5227dd9cf62c03942749464fcb784ddcab8e0
SHA256 15de66fe9a7de22947d309daacb22b11f016512dee7d656ce11661cbc3add12f
SHA512 289a1dd03d8bbd390870d45f3ec040a3bf78441069ad52a063e43d572e7164abe89490de6644e3a50a46c8872a173194b40e319ee9cd4e9027c1cae645666e46

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bdf96d727539f34ccc53958f693eb41c
SHA1 68834bb9d1a219961c643a78701e082857c5ea34
SHA256 15e2f60aad91adf919edcef5c51436d368d26f9a99706f922d8a794e420a6d32
SHA512 333ac68df35e4977cc0212535e87655cb3eaa664e21ad51f78a9aa92dc184418abc99baa0d581cac160aab6c5ee40dd8c8c8d435458d83a0ca4e08e50a8f0924

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5b58a8ad334ef78c0b4bbe9694d0ef37
SHA1 7833ca215b86f9aea06300023032ca14dcafd74b
SHA256 2fc1f2eb967fde994f0dac3fe117a6aacdcd8fa1b93bee8bcf140d67e41f6a51
SHA512 44423ec8e32f8921fe80eefd082455acc696a6bc48493810d576752203e5c69fb793781b0ea782e236b55613afe5417bd56b12edbeec6d1744468d7b595bfa50

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cb3838286d86ab17a8fb844f168015a5
SHA1 988c392960107c31873b70e8b8cf65ed560b05cf
SHA256 76728a890af2ac7714c6e3497075030371ee93631bea0102d931f3b13073a3cb
SHA512 4e14353d5718bfe1ba32419a2e2a6f540d82a9d1cb909a23312b81ccd97343df102a13e7f9186c8b432935b97bdf5b86fd8e4c0c2e41916c92b869af8bea3dfd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0aa34a2e9999594c4bc936d8ea20a8f3
SHA1 4186eccc770429ffc18244f7fcf8405e206e29aa
SHA256 73b9b7ffd2bca21b0641045762f2dde4e401fc93ae4e0c1816595289a5ff8029
SHA512 f9bda945110c53932da919794b9a456a793bc2ecf8f8740f009d86d230e5f07a746b1b0ccebab000ad8e9e37872962ce2244c5f05499e607f0227a4b6d65a175

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4b11c1a3b9b9353eb7bc2fbd8f5dc7f2
SHA1 35cf24289691bdc3ff57690b622d8535c1cf3846
SHA256 bb86af811bd0e15cb6aeb159d6170f347a77e6245d87a9594ace6ef0d568ca65
SHA512 2a574c46da5cf1d13e1580895c08ae5691c24a003d84c73e126afb1b75eedae54c0b75023b58d977953f790d2bc99440929a750e0d6d17ba6e6bdfa951b2a052

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8f690f81910f61c423cfd383c727fce3
SHA1 ec050e9d3ea7ae3d03cace2b599b2a7e0c62a0d4
SHA256 40d21bafacc61622b968b7bc994885b7659dedc0a028cd8f9f45693e5b3df076
SHA512 c4f068f45606a8267a3b1ae40b28f094c39b18783d6fe77a22c20d55c6f8f753d0bf47f1e2f6f040f91f9dcdf6977633a2a2ca934454102a2c203456a4924aa5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e8fe7cf75dad506183e0206591bc2459
SHA1 974e53f5cf98b1cb39b559d5fa9fb40fe949f7a1
SHA256 c736e23bda6bed2d618f2045b7e700d8c51aeacfadf2433fee8d268f7ca4f826
SHA512 77645712ce25c837f9fa0c35c0a8a7cb7c9f589b0e2f6d7165542eded56fc3b243fa6bf902e796b773532a13350b8555f4ee12c97d161bc405e097d35ad8e1f3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 15917cfb485015e6bad3d6bc995f03c9
SHA1 ad4a126c173be9e63fe08ab395e1bb227b979b7f
SHA256 881c79426d40444294f86cb5100cf6b0dcbca5b5c7ee9b58767c51301cdd861f
SHA512 4c0c9a612283949da7b1370bbb03e67a5bbf19b275ca071154a57df669dde46254a96ce9f96a9e4140813e0d417a1be512c7fef0d1e643e27da92333cea833a9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f56f21c7b173223c4399bac4c3b20751
SHA1 c6c0b44d9f0550b3eeb8c9349a6819c6c519c5e8
SHA256 92fd46f87a0a77e0ce0f3bfa0522d695a42554fc04db062a91703f79adb42275
SHA512 0032556645afacd9d5fd39b6c72a0e0b43f4fbbea5e699af5979b0f59c81bd78d46fccaeb98d9401230f3eddf5927702b919c142a6f4e284acee7341ba7737da

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 52a2fc86a4cb23208be585ffb648146f
SHA1 3981348737a9372841a1930dc414ab7e7c038a39
SHA256 11371a29fd04a3c0691fee882ba8116d8de7aaa49b30f113a39b30424787174d
SHA512 4e6be87a6d11c60867a755248980153731b1e213a8d6961a76dcd5aabdaab5306c9be15b7a862666b7a4a2a10cece1af01f65b48f304356bf383a8838fed4a08

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8f74ad4296acb686a8a7ef45bb656617
SHA1 ca60b979b6bb00c24cfe4cb8487a117f6df28660
SHA256 52b7a4c9254c3a243f5a8019b11aae162370ed26a83bf5266083ff858998ff15
SHA512 6c6d9cf240bbc59b314191fbd64ad6313ddd346f038b72e55334f0987f7f55ebb0c9b6a1ec4d2af7eca7818a6cd0f817160535a163dfb298c202434d138d42f0

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-31 04:23

Reported

2024-05-31 04:25

Platform

win10v2004-20240508-en

Max time kernel

149s

Max time network

151s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\85f5dd03f70f4f1d8a8c28f93ff53ca3_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 264 wrote to memory of 5040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 264 wrote to memory of 5040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 264 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 264 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 264 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 264 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 264 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 264 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 264 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 264 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 264 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 264 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 264 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 264 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 264 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 264 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 264 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 264 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 264 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 264 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 264 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 264 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 264 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 264 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 264 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 264 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 264 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 264 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 264 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 264 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 264 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 264 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 264 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 264 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 264 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 264 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 264 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 264 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 264 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 264 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 264 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 264 wrote to memory of 2340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 264 wrote to memory of 1524 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 264 wrote to memory of 1524 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 264 wrote to memory of 2380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 264 wrote to memory of 2380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 264 wrote to memory of 2380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 264 wrote to memory of 2380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 264 wrote to memory of 2380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 264 wrote to memory of 2380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 264 wrote to memory of 2380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 264 wrote to memory of 2380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 264 wrote to memory of 2380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 264 wrote to memory of 2380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 264 wrote to memory of 2380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 264 wrote to memory of 2380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 264 wrote to memory of 2380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 264 wrote to memory of 2380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 264 wrote to memory of 2380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 264 wrote to memory of 2380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 264 wrote to memory of 2380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 264 wrote to memory of 2380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 264 wrote to memory of 2380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 264 wrote to memory of 2380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\85f5dd03f70f4f1d8a8c28f93ff53ca3_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffffe346f8,0x7fffffe34708,0x7fffffe34718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,13873539720878418765,3569440263092081961,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,13873539720878418765,3569440263092081961,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,13873539720878418765,3569440263092081961,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2892 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13873539720878418765,3569440263092081961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13873539720878418765,3569440263092081961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13873539720878418765,3569440263092081961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,13873539720878418765,3569440263092081961,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3668 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,13873539720878418765,3569440263092081961,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3668 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13873539720878418765,3569440263092081961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2168 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13873539720878418765,3569440263092081961,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13873539720878418765,3569440263092081961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13873539720878418765,3569440263092081961,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,13873539720878418765,3569440263092081961,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5184 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 services.joygame.com udp
US 8.8.8.8:53 cdn.joy.ac udp
TR 185.70.86.121:80 services.joygame.com tcp
GB 163.171.129.134:80 cdn.joy.ac tcp
GB 163.171.129.134:80 cdn.joy.ac tcp
GB 163.171.129.134:80 cdn.joy.ac tcp
GB 163.171.129.134:80 cdn.joy.ac tcp
GB 163.171.129.134:80 cdn.joy.ac tcp
GB 163.171.129.134:80 cdn.joy.ac tcp
GB 142.250.180.2:445 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 i.hizliresim.com udp
GB 163.171.129.134:80 cdn.joy.ac tcp
US 8.8.8.8:53 cdn.joygame.com udp
US 8.8.8.8:53 134.129.171.163.in-addr.arpa udp
US 8.8.8.8:53 121.86.70.185.in-addr.arpa udp
US 104.21.82.74:80 i.hizliresim.com tcp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
GB 138.113.101.21:80 cdn.joygame.com tcp
TR 185.70.86.121:80 services.joygame.com tcp
US 104.21.82.74:443 i.hizliresim.com tcp
US 8.8.8.8:53 platform.twitter.com udp
US 151.101.188.157:443 platform.twitter.com tcp
US 8.8.8.8:53 apps.identrust.com udp
NL 23.63.101.170:80 apps.identrust.com tcp
US 8.8.8.8:53 syndication.twitter.com udp
US 104.244.42.8:443 syndication.twitter.com tcp
GB 142.250.180.2:139 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 twitter.com udp
US 8.8.8.8:53 74.82.21.104.in-addr.arpa udp
US 8.8.8.8:53 21.101.113.138.in-addr.arpa udp
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 157.188.101.151.in-addr.arpa udp
US 8.8.8.8:53 170.101.63.23.in-addr.arpa udp
US 8.8.8.8:53 8.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 connect.facebook.net udp
GB 163.70.151.21:445 connect.facebook.net tcp
GB 163.70.151.21:139 connect.facebook.net tcp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 65.139.73.23.in-addr.arpa udp
GB 216.58.201.104:445 www.googletagmanager.com tcp
GB 216.58.201.104:139 www.googletagmanager.com tcp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 24.73.42.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4158365912175436289496136e7912c2
SHA1 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59
SHA256 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1
SHA512 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

\??\pipe\LOCAL\crashpad_264_EAATQUDDIJZIDKPH

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ce4c898f8fc7601e2fbc252fdadb5115
SHA1 01bf06badc5da353e539c7c07527d30dccc55a91
SHA256 bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa
SHA512 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2051272c302d8c85c352efebbeaee293
SHA1 0494ac212438d3da47e6d1a19f2f1df5405353e8
SHA256 14a096a66ffe147ef029feef2fa3ef69afec4369b08079d11f638df65a19c69a
SHA512 9f3da125641ff36eef18ca8c561704062ea3a411cc543a768ab99bdcb57cd72f36af1b67d5f9d636ab85938c84ea0663c9002d1c6d016462df93997dbe86ccfe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 3a48b009482d4b80aa3913c2c39e65b4
SHA1 75a1eced4c059b100bddb599f14e8127f55fd0ce
SHA256 5c8fcd68c5095d807324b66d2ac2dec71ee7322340985d81944c90667270edde
SHA512 1d33b048b9c92127190b2f2b3253ac11464849f4a31033f08a74edb1859c7a34ed0e247380c6274cc8ffa5015971751b195403ee67730540e562326bb9be0b41

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\bd68dd0b-16c3-4bc3-90fb-01467d3604b8.tmp

MD5 b2e8481237c857c6589a8a7c676a6542
SHA1 272315179370b9ca2459474e51d66582ed70475a
SHA256 065d4f9262820a4c38136c1a696a116cc130cdf7608d21accd9931544d90f5c1
SHA512 d0c8651c63538555add2c83334f6e71992242d575b3d1c8af2c777521321560206033c04e482c421e7e5068bf98ecd2761889ea087dc56726efa9be733bd63f5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 a434549b59949b0ba17834ef93771386
SHA1 beccdb66edecf92de5c28de9c0e5f3a26e61fabc
SHA256 2e03f3da999b779ac46f35c9f1af2b6a3b152d3786b064e4d6df04a2c3a08670
SHA512 b7a87b462a54c3958da08d0a3bae0ca1e9d9da82936437ef1b3316d7260c81864fb719cf65fcf29ce15856132541d267e4467bce4157c7af81b0a89dd47894bd