Malware Analysis Report

2025-04-14 02:42

Sample ID 240603-jxlq9shh77
Target 910b5e2f86ab6dae3968725d7782ec9b_JaffaCakes118
SHA256 440d6a27c926138b41b412198a4837e0d6007108e16747e30f2a6f184f76eae0
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

440d6a27c926138b41b412198a4837e0d6007108e16747e30f2a6f184f76eae0

Threat Level: No (potentially) malicious behavior was detected

The file 910b5e2f86ab6dae3968725d7782ec9b_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Modifies Internet Explorer settings

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-03 08:02

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 08:02

Reported

2024-06-03 08:05

Platform

win7-20240221-en

Max time kernel

150s

Max time network

144s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\910b5e2f86ab6dae3968725d7782ec9b_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "1477" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "21" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "433" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.ru\Total = "486" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.ru\ = "454" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "1429" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.ru\ = "1464" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "62" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.ru\ = "433" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.ru\Total = "433" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000add398c73af9694aa310194fa5a6beaa000000000200000000001066000000010000200000008e181dee4d5bd8216487b301c59ff454910494282bd9e5a8d3808e7f4c40f196000000000e8000000002000020000000acd5bd013ed55e5e95b4e003cde7703aa91251559c1fef28ced8eee21a0ecfcd2000000052aa9fd8316466f225a987d4bd5bb1913fa371af7da938e6fc62619ba8fdc782400000009062966456808be7b33f17b3b931e3c9a27b46441d7deac36b73f7d4758ea8f2dabc15759cfb5d30461a6a344f52a65780fe0f524bbb30b401b9d46dde82a6d6 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.ru\Total = "27" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.ru\ = "1416" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.ru\ = "21" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.ru\ = "27" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "48" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000add398c73af9694aa310194fa5a6beaa000000000200000000001066000000010000200000002e1093e2746724ca71abd037650c2d02940080e37746e7dc567f2ea1df59985e000000000e80000000020000200000008f148b652e6d3bd0ad57ae9107e63900d7aa7461e10fee25308d813b5b92178790000000e212f5e19c9deb0a72ce4d7827d8c3371bb693eb593787516bfd09dab2aa3df4c9e614d58c8158df03cff2fcd3ad0fea1ea0c4a36f5a6db7f9557c5139c680214002beb00389130a94db8d44e2bdcceea2916c0c1300d998f0cf94e51da954616efb8b77aade06449e82f870cad0f55f487505eaf57ca22b0454bb5be766bbd54c9196770f004d0180a831738178369b40000000cfed646d78ae58fb9c5cf3226d635330bb42a5375c1b31a53401118c959ed18048106fe879b9c7b00e239a01a1a7529af07a94e79fe2fdf386d400b9ae614887 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B0DF9A71-217F-11EF-87AA-FA8378BF1C4A} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "9" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.ru\ = "12" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.ru\Total = "1416" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.ru\ = "1477" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "404" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423563646" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.ru\Total = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.ru\ = "9" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.ru\Total = "9" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.ru\Total = "1429" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.ru\ = "486" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.ru C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.ru\Total = "21" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "90" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.ru\ = "404" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 405d1f8e8cb5da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.ru\ = "48" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "454" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.ru\ = "90" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.ru\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "12" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\yandex.ru\Total = "454" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\910b5e2f86ab6dae3968725d7782ec9b_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1688 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 spmrk.kz udp
US 8.8.8.8:53 app.getresponse.com udp
US 8.8.8.8:53 api-maps.yandex.ru udp
US 104.160.64.9:443 app.getresponse.com tcp
US 104.160.64.9:443 app.getresponse.com tcp
RU 87.250.251.134:443 api-maps.yandex.ru tcp
RU 87.250.251.134:443 api-maps.yandex.ru tcp
KZ 195.210.46.67:80 spmrk.kz tcp
KZ 195.210.46.67:80 spmrk.kz tcp
KZ 195.210.46.67:80 spmrk.kz tcp
KZ 195.210.46.67:80 spmrk.kz tcp
KZ 195.210.46.67:80 spmrk.kz tcp
KZ 195.210.46.67:80 spmrk.kz tcp
US 104.160.64.9:443 app.getresponse.com tcp
US 104.160.64.9:443 app.getresponse.com tcp
US 104.160.64.9:443 app.getresponse.com tcp
US 104.160.64.9:443 app.getresponse.com tcp
KZ 195.210.46.67:80 spmrk.kz tcp
KZ 195.210.46.67:80 spmrk.kz tcp
US 104.160.64.9:443 app.getresponse.com tcp
US 104.160.64.9:443 app.getresponse.com tcp
KZ 195.210.46.67:443 spmrk.kz tcp
KZ 195.210.46.67:443 spmrk.kz tcp
KZ 195.210.46.67:443 spmrk.kz tcp
KZ 195.210.46.67:443 spmrk.kz tcp
KZ 195.210.46.67:443 spmrk.kz tcp
KZ 195.210.46.67:443 spmrk.kz tcp
KZ 195.210.46.67:443 spmrk.kz tcp
KZ 195.210.46.67:443 spmrk.kz tcp
KZ 195.210.46.67:443 spmrk.kz tcp
KZ 195.210.46.67:443 spmrk.kz tcp
KZ 195.210.46.67:443 spmrk.kz tcp
KZ 195.210.46.67:80 spmrk.kz tcp
KZ 195.210.46.67:80 spmrk.kz tcp
KZ 195.210.46.67:80 spmrk.kz tcp
KZ 195.210.46.67:443 spmrk.kz tcp
KZ 195.210.46.67:443 spmrk.kz tcp
KZ 195.210.46.67:443 spmrk.kz tcp
KZ 195.210.46.67:443 spmrk.kz tcp
KZ 195.210.46.67:443 spmrk.kz tcp
KZ 195.210.46.67:443 spmrk.kz tcp
KZ 195.210.46.67:443 spmrk.kz tcp
KZ 195.210.46.67:443 spmrk.kz tcp
KZ 195.210.46.67:443 spmrk.kz tcp
KZ 195.210.46.67:443 spmrk.kz tcp
KZ 195.210.46.67:80 spmrk.kz tcp
KZ 195.210.46.67:80 spmrk.kz tcp
KZ 195.210.46.67:80 spmrk.kz tcp
KZ 195.210.46.67:80 spmrk.kz tcp
KZ 195.210.46.67:80 spmrk.kz tcp
KZ 195.210.46.67:80 spmrk.kz tcp
US 8.8.8.8:53 widget.copiny.com udp
RU 45.92.177.74:80 widget.copiny.com tcp
RU 45.92.177.74:80 widget.copiny.com tcp
KZ 195.210.46.67:443 spmrk.kz tcp
KZ 195.210.46.67:443 spmrk.kz tcp
KZ 195.210.46.67:443 spmrk.kz tcp
RU 45.92.177.74:443 widget.copiny.com tcp
KZ 195.210.46.67:443 spmrk.kz tcp
KZ 195.210.46.67:443 spmrk.kz tcp
KZ 195.210.46.67:443 spmrk.kz tcp
KZ 195.210.46.67:443 spmrk.kz tcp
KZ 195.210.46.67:443 spmrk.kz tcp
KZ 195.210.46.67:443 spmrk.kz tcp
KZ 195.210.46.67:443 spmrk.kz tcp
US 8.8.8.8:53 mc.yandex.ru udp
US 8.8.8.8:53 d7.c3.b1.a2.top.mail.ru udp
RU 93.158.134.119:80 mc.yandex.ru tcp
RU 93.158.134.119:80 mc.yandex.ru tcp
RU 93.158.134.119:443 mc.yandex.ru tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
US 8.8.8.8:53 yandex.ru udp
RU 77.88.44.55:443 yandex.ru tcp
RU 77.88.44.55:443 yandex.ru tcp
RU 95.163.52.67:80 d7.c3.b1.a2.top.mail.ru tcp
RU 95.163.52.67:80 d7.c3.b1.a2.top.mail.ru tcp
RU 93.158.134.119:443 mc.yandex.ru tcp
US 8.8.8.8:53 top-fwz1.mail.ru udp
RU 95.163.52.67:80 top-fwz1.mail.ru tcp
RU 95.163.52.67:80 top-fwz1.mail.ru tcp
US 8.8.8.8:53 yastatic.net udp
RU 178.154.131.217:443 yastatic.net tcp
RU 178.154.131.217:443 yastatic.net tcp
RU 178.154.131.217:443 yastatic.net tcp
US 8.8.8.8:53 mc.yandex.com udp
RU 87.250.251.119:443 mc.yandex.com tcp
RU 87.250.251.119:443 mc.yandex.com tcp
RU 87.250.251.119:443 mc.yandex.com tcp
RU 87.250.251.119:443 mc.yandex.com tcp
RU 87.250.251.119:443 mc.yandex.com tcp
RU 87.250.251.119:443 mc.yandex.com tcp
RU 87.250.251.134:443 api-maps.yandex.ru tcp
RU 87.250.251.134:443 api-maps.yandex.ru tcp
US 8.8.8.8:53 core-renderer-tiles.maps.yandex.net udp
RU 87.250.251.89:443 core-renderer-tiles.maps.yandex.net tcp
RU 87.250.251.89:443 core-renderer-tiles.maps.yandex.net tcp
RU 87.250.251.89:443 core-renderer-tiles.maps.yandex.net tcp
RU 87.250.251.89:443 core-renderer-tiles.maps.yandex.net tcp
RU 87.250.251.89:443 core-renderer-tiles.maps.yandex.net tcp
RU 87.250.251.89:443 core-renderer-tiles.maps.yandex.net tcp
RU 87.250.251.89:443 core-renderer-tiles.maps.yandex.net tcp
RU 87.250.251.89:443 core-renderer-tiles.maps.yandex.net tcp
US 8.8.8.8:53 code.jivosite.com udp
AM 5.101.37.37:80 code.jivosite.com tcp
AM 5.101.37.37:80 code.jivosite.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZQLLOZN\mootools-core[1].htm

MD5 4f8e702cc244ec5d4de32740c0ecbd97
SHA1 3adb1f02d5b6054de0046e367c1d687b6cdf7aff
SHA256 9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
SHA512 21047fea5269fee75a2a187aa09316519e35068cb2f2f76cfaf371e5224445e9d5c98497bd76fb9608d2b73e9dac1a3f5bfadfdc4623c479d53ecf93d81d3c9f

C:\Users\Admin\AppData\Local\Temp\Cab4887.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OORQXHVT\js[1].js

MD5 3ae3afcd1c20faf3eeed83bdfa6e054a
SHA1 6cb26bdab97aa5c9a1389ddd11bc6fecc77d897d
SHA256 f0e815dc73069b362fc86bc37300355dd1f646816e62ecbedc4f0a675cfa9e9b
SHA512 0e1531801781df41ec6cc733e0ddf6b4140afd2d7d75038d98c762a2d21e0cf81b90a15a8d8c44cffcf5ca6599ca2479e8d7929c3d12ac1034ebf99a3c42029d

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4JZQ5QLK\watch[2].js

MD5 1c839034bc081f1191f189bc59074329
SHA1 baa55d2c2d9ecb4cfe7628a8ba229636fdca5607
SHA256 6fc6d4f406047a0c2a59835c42d44dc69398ee93a5715b34effb0dddf95f9b3b
SHA512 38c80214173e207c44aa386fd3a405240315327ede2610ad31b54a81cdbba9ce021e98e526af7d566c1f6dd2fea8535ec7c5a66e87e51de42baa9e819d7203f1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\81B9B36F9ABC4DA631A4713EE66FAEC6_3127807E14AC026FFAE1EDED5FD0DA62

MD5 d20761e5ef8b0a418f8b858aa8b5867f
SHA1 2210da4b394fd71833a5a5ecefb4d5cbe1dffc11
SHA256 fb5cfb4c23d77ededa7292bf5758540ac12172cfd37e6650418045a94f2077e4
SHA512 aca4a9f7b2e1ff0194a33633c28c71987c010b17305255e83b13f5d9d66ad2c6e18b0400f6777a91ad887d30cf359ddc0d50d7d86c741e2afa403a198547ca5b

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZQLLOZN\grab[1].cur

MD5 ef50ac9e93aaebe3299791c79f277f8e
SHA1 fbd667e863c8278950e7761aee54b394cd93ea0c
SHA256 13e327b334d10b2b24101040eecace86aaaa2eed03d282fa75a04aa3bebf69c1
SHA512 5737dc74030cc0c889a203cb05cf5ec09a9455a249bb6c799b1b0e82b9e8dc3cbfa81db5878551e2ddff11838776f6a8838bd80386be58be99907d224443e205

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\349D186F1CB5682FA0194D4F3754EF36_1448C2ADE06763B7161EEF1787EFF4A1

MD5 5b1d17b80e5452ed835d54f878414c04
SHA1 dc219a1c4bb9b8891c44c642acfd42e44f595636
SHA256 c806926a3e632e1f8a85a8afaffee5a7682b6fb3ed3a02ad5d3b978deaeb8dda
SHA512 795bdbfef6290f2ecd0d138c53ab0693b23600a0170d58bb6085034e955d5f985cebcfa8e346848dc93c8aabad9668c29ee1ac3a2544182e4f6f11ba86578b54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e632deb0b555df8dcfa5010f5c4c287d
SHA1 7bbeb917fd3574b4345b076adc8bfdef2e51ef26
SHA256 04c9e403594eeecb2d02ddf1ace045c22f32f5db320add5fea19315379044263
SHA512 695ff14395e51443b8a2088c93bec6eb36fd7bbb40c690de9c9c4967eaa14697d613178f1f44c5d94b721f9ad675f1cf01df407c6df86b90551a4bbd2e1a0323

C:\Users\Admin\AppData\Local\Temp\Tar6DC5.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 563db9308c19fc9fc36413e6f917cf10
SHA1 2164287c18e88e83b8a1d792684061b28cfcaf73
SHA256 32ca1d0883d56f34d5101cd2ec029cac9cb3912a46c008bca0d4f01c2e81b2d9
SHA512 6edfe8098effe548ebfeb1f92d4b0182b056b1f0372553078f3ed57fb7624ee619a1907993bc9ea607d6cfe4d0d3a1738a7b64a7367e24350b2f41a4667e167c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 85fbc27c55892532e2dab71e875ac046
SHA1 401548a25a6114054d903bca875c7a2936ffada0
SHA256 c3870c6f16e5d4c53bc16080319ce0adc881d8e40992a387f3d143c777d9bbbb
SHA512 155cde1196261f673ae219e1b78b8c62456430be43b3e795d29d44c901a411e9a05e2036b9960ced116e72a22b0e0260483d8c7ae63a6d8bcbed4560bb95ab80

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 95e7c8d393b171a8921a2322290eb132
SHA1 02dfab8430900ce34bfab97f7cc5a329d9f1afc8
SHA256 26cac84864eea16d130192dbef2f1c4357127201d99c4ded5f9ffdb8382ca2e3
SHA512 2b289a98f3741d2f740d377b5fee0193a69a2e3904ab09546e49486e49445173a52a655df238076d22943a8a3ec69e17c6aff0bd2c0e23aa6f7b47d98910cac4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cfd791ffdb0e171724059ce376d06412
SHA1 8d906851d920c884616d3f5ff7ad630887a7404d
SHA256 655c09b6edf823ee539600e0e36aee2a671a793a0d53f7f4cad4be17b49cbe7d
SHA512 255a30276300fd48116c60beffa29983283e4fbe39ae4e3cf11ded993d9e616d2e3f414725e8547076934f8787bfd509bf045c70e0c4b845239e93dea7143cf2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 69a51d206448b04983b0e8b6a0e0e28e
SHA1 d881f625e3537e4c4551f65719be29f26fceecb0
SHA256 262418ffd01af40e082d6871684b2ef5bd0b6e3c74baf50ab6829d7549e44beb
SHA512 d84dc851cc11f75975668fc9a916441efd48578b6eaa6784541b419200e50710afd06d9f943a20affac59cd6eb56bf65bcf5367ac4713ffd8c0837ec3dc6e86a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 11952a590f96b8ccb5773a275ec544c7
SHA1 d8739fbf4062ed9e58b680cd5628bac1a4457fd0
SHA256 30d2d20863af7e8386a9acf0f62a27cb77570a224ab2fdb332fc1ab6986589cb
SHA512 e41e308c34d450d3f17111cbc577fb9e284017ba3b9981f1ca7ff7a886cad8ab77f2620c0ed9e5d10b3b16392e6e347b18cff60e4fefd6ec6bd6d19a2ab11648

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6fa0312e5acccb426fee28ca2c55a0ae
SHA1 64e293f04f32dbe7f842a6fb4b3d2d9cfd0ee03f
SHA256 4c7e19b83f19de9cd2b3b7ccb121a14b785fa015b5fff2ceac39236dc608ed85
SHA512 7e48fd26c9f97f6645c673b5afc2dfcb73258e9218238025ee2884d1c0b38fcb51c9180f743e8f8e6d2380af1b2667d5a29d441c144fc7fa8aca81bbaf6a42e8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 345b2b07527569525b39bd871e7a03af
SHA1 d26e535168c1ed79409a62cd82d83fc3ab0c383f
SHA256 a712b8a99be4e78ed883dd187399cdedfb229c049a412e212aa2a255df3f4901
SHA512 0f80ddf875ce7318ada2258e9354906bb100f264bf3bfcd4759771152add5eb71207d0da2ed0527cad7b4dd30764d608f18c7ef6ae52019eb085d42ef00324c3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a369f48539df68310cceb24264f70587
SHA1 1077467890d5da5a647b7830af281de32304f86a
SHA256 cb14068c55f74f2946ebb97cfce9fa768e38d8c28bb0f19ee81a6115a4ca0bad
SHA512 01f6573a9ed4182315aa4f3cc611724f531831e8168aa7144cc39cd70a1a3673236c8521ad92b1d8d838c0284d3afbb8c45214c63e1507bf6d8788e6ae12c9be

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\JS0XY24V\yandex[1].xml

MD5 9539caf9b983e3e8569ebf1c747c747a
SHA1 77f37a95b38ba01b28709774c3e5c0ee6cf3764b
SHA256 8e2720d8846b33c165bc67db9ff43edde1ea0a929012dea79d48a289d1d7391e
SHA512 4319e72331efb61eaa2eea1c42560688341ae681980ab7682b00255c03959250bf5db5cd321d185cd93d3df7abf2f94a4444f2edfceaf7a8497e4d84542a46df

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\JS0XY24V\yandex[1].xml

MD5 79c19936a8c6ff89c6b919a1f0de10f8
SHA1 033376a870dcd6e60b94d40f1d9dd967b202980d
SHA256 63b6da07143911174621edde41b0c59304e3976f4a0b8f18bc5f0ae554a9ceb6
SHA512 b098ead7d4ef0fa580d33412809df1bdfb45adca37c7a512d15e81d4d2daa940b72834bd1e183e254433e8b4b97527f8db9a5392c6a3b5147aaaab9cc0dd81f9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 850637be6943d3e96e9e6712b0de4f18
SHA1 00769e160c8b1373cbf4570ddafcabec23e502f3
SHA256 8cb610cbe08ad36d1fae9beb2f4594a7f4e58fccb1555127de3b015de4765b44
SHA512 65a6492a007152fd9e84dca99dc032885e63dc04d5ee63109d369bfb6f024050deded4c777bbf707ee548b8ae24e2453186349611691da55f3f29db50e5c9f9c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 4c89deddebc820f1027dc4878ed8e2ef
SHA1 02ee4bb1538b76c3a89bff0c159af1b7681fd47a
SHA256 884524f69d7d84ccc6990da2400ee414ea2030431995cb62d326c323e2f95055
SHA512 d14d3209ab2ada9ec9ca56bbe22da6559eeeec7dd841e877d295df01f1517146e4c2d5f59690e6464e80cdee5a49c5581cf2436ba6153235f98df2b881d62f06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 63d57b7c267266105c3488b2013ed84c
SHA1 fc54a3783b67cadb020f6b3268ef0b39a4e72fc5
SHA256 c053e1f99bee1f7f1de1d7efed4e9db7d113fa3702ec6050ef11e41015188299
SHA512 0f4e3e2720e4c6d999302a46a66d08689394527c8c3286c2dc20d33a4574eb9a15bd746f211a63d53e88dbee5cebc6d39d92eadb3ca26f02876b484120735cae

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b957068ea7f6409a2a6bfb0c1448d023
SHA1 d1cd4d7b6fdefabd89550c2a84dc59c31d831cb0
SHA256 f1eed5d99f0dfd28dd0dea54dbf0e49b082204c525f685083bbe31cb2b05d71f
SHA512 a860057e9be911a069bbb2b2c0c789192c6c2f400c231445a457abfa5c4844f1ea4f2715ac8d7f18e54dc1400ef243ececf667cf624784831203f5a509af8459

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5fd2f1d1ae3a28b2ab9235b049bd4e89
SHA1 ae215303d01081c5b5e7c81e5f4afe3c41120f12
SHA256 c921f2635f36049e6b2010dc1124cf2ccc47a338116ed66654a51711df31ce23
SHA512 775fc60ef6337ec1a89f434dcf86440cddfeac5b3a5a32be6d925e040791cff93286edab79d0238bf046e55cfa1ed3f034e5b1aa88f2c58895f9a8dd0bed7eac

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 54f6ac09acffadfd7c7de781e76f113e
SHA1 828adddb75a9d3d770d24cc537eb2dcb58bdce0a
SHA256 f48d1cd2f3c231889e6d3e9b506809ce49eaba447e53e1da39a2cdf85c175e74
SHA512 17657d124dd9d3365d24c2e19da2aec03f3720c0a853a5b2b6df3aa135a7c4ebc867a0a0e387d5dd82b1c67b060a4f89d7a18d8ede4f9a183b895dd1c4d9ceb8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9773210c9c8ffa9318ef1360e7941afd
SHA1 850a282ef007bb6226c3f6b76139ad7e3ebe3041
SHA256 ce470ebdc1fcd31136531050e2e1560b69ae0f0c2c81655b54e75ad4579e444e
SHA512 3d4dcdaa19f9565faf631cc0e39162c4755845bc7f22b6366fb344fd13fdc922f83c5bf2013b2bee5956089f4f807db9397ccd6a6ecfc21bb9ecd6e604c3cd18

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7a2ccaaaf3414bac121eb09307ba8d6d
SHA1 fe996968f40d53618cad11f38fa421f62162c1e9
SHA256 badf382a8912e4a9a91d6119c7d154059b2a84d7eea77d8d7a2a1e09f8ca64e6
SHA512 368128fe6ebb794a3c9a239d88218af2671a40c81cb7b96037fbe7ec8be45b54040d40ae4aa72a09353b378ef03c7983d99f83f0fd8e5f726f5b666422391419

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 ea69906d0fc6e20e9db7f05238b176d3
SHA1 e8a6537c56b79839fd6576872afc5e58472a52e1
SHA256 b511b973490daea39fed69574f23f4662850a26fd556078c3fb9b2cbf6e98e35
SHA512 78aa95408cbec6983e574d845ef15c79487d6f8c04b4bf15f7ff4ce0a913438ee7f554f755ae60350bfce6858cb09e59c13831237ad32d4fa754ef5fa737b2bd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6ea709fd005912cf351e72afdc9b6c0a
SHA1 c343f8a7116823f8976f1f0d23c83322e66ba4b5
SHA256 741531c1564f240f96afbb5e394ef40ac5456fc2a1293827f1f9582727fb321d
SHA512 bd22509d445843e067252e59dee0c612e75827b1412b6a3ab9b40e8d052d54de2c9cf33a04424ccd8c140095656d9708badfd343e5c8f82f3a8eae99281751c0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 84f57eb6aa682fea139b036da3329335
SHA1 11208b1b8257d0b8aed0dde9ef4edf48303f8bbf
SHA256 b6fa87a27ff9ece970ec3ab0be2b71cf5dad111be8cee31a7382b3a53acfd4de
SHA512 276e55d3ca4671a665155213125fae8591a1bc1a31fb1d2832c5dea9aff6437b0c6873fc6dd6372664e9e14a70af869947541edaf22843fa1f5064bb4c9c732f

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-03 08:02

Reported

2024-06-03 08:05

Platform

win10v2004-20240508-en

Max time kernel

149s

Max time network

151s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\910b5e2f86ab6dae3968725d7782ec9b_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4488 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4488 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4488 wrote to memory of 2408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4488 wrote to memory of 2408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4488 wrote to memory of 2408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4488 wrote to memory of 2408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4488 wrote to memory of 2408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4488 wrote to memory of 2408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4488 wrote to memory of 2408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4488 wrote to memory of 2408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4488 wrote to memory of 2408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4488 wrote to memory of 2408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4488 wrote to memory of 2408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4488 wrote to memory of 2408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4488 wrote to memory of 2408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4488 wrote to memory of 2408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4488 wrote to memory of 2408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4488 wrote to memory of 2408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4488 wrote to memory of 2408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4488 wrote to memory of 2408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4488 wrote to memory of 2408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4488 wrote to memory of 2408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4488 wrote to memory of 2408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4488 wrote to memory of 2408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4488 wrote to memory of 2408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4488 wrote to memory of 2408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4488 wrote to memory of 2408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4488 wrote to memory of 2408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4488 wrote to memory of 2408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4488 wrote to memory of 2408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4488 wrote to memory of 2408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4488 wrote to memory of 2408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4488 wrote to memory of 2408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4488 wrote to memory of 2408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4488 wrote to memory of 2408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4488 wrote to memory of 2408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4488 wrote to memory of 2408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4488 wrote to memory of 2408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4488 wrote to memory of 2408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4488 wrote to memory of 2408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4488 wrote to memory of 2408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4488 wrote to memory of 2408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4488 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4488 wrote to memory of 3124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4488 wrote to memory of 2648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4488 wrote to memory of 2648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4488 wrote to memory of 2648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4488 wrote to memory of 2648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4488 wrote to memory of 2648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4488 wrote to memory of 2648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4488 wrote to memory of 2648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4488 wrote to memory of 2648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4488 wrote to memory of 2648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4488 wrote to memory of 2648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4488 wrote to memory of 2648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4488 wrote to memory of 2648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4488 wrote to memory of 2648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4488 wrote to memory of 2648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4488 wrote to memory of 2648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4488 wrote to memory of 2648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4488 wrote to memory of 2648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4488 wrote to memory of 2648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4488 wrote to memory of 2648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4488 wrote to memory of 2648 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\910b5e2f86ab6dae3968725d7782ec9b_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8e77046f8,0x7ff8e7704708,0x7ff8e7704718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,11830154412795285452,16106638074504400062,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,11830154412795285452,16106638074504400062,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,11830154412795285452,16106638074504400062,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,11830154412795285452,16106638074504400062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,11830154412795285452,16106638074504400062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,11830154412795285452,16106638074504400062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,11830154412795285452,16106638074504400062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,11830154412795285452,16106638074504400062,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2104,11830154412795285452,16106638074504400062,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5976 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x2d0 0x2d4

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,11830154412795285452,16106638074504400062,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,11830154412795285452,16106638074504400062,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,11830154412795285452,16106638074504400062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,11830154412795285452,16106638074504400062,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4652 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,11830154412795285452,16106638074504400062,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1724 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 spmrk.kz udp
KZ 195.210.46.67:80 spmrk.kz tcp
KZ 195.210.46.67:80 spmrk.kz tcp
KZ 195.210.46.67:80 spmrk.kz tcp
KZ 195.210.46.67:80 spmrk.kz tcp
KZ 195.210.46.67:80 spmrk.kz tcp
KZ 195.210.46.67:80 spmrk.kz tcp
KZ 195.210.46.67:443 spmrk.kz tcp
KZ 195.210.46.67:443 spmrk.kz tcp
KZ 195.210.46.67:443 spmrk.kz tcp
KZ 195.210.46.67:443 spmrk.kz tcp
KZ 195.210.46.67:443 spmrk.kz tcp
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
KZ 195.210.46.67:443 spmrk.kz tcp
KZ 195.210.46.67:443 spmrk.kz tcp
US 8.8.8.8:53 67.46.210.195.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 app.getresponse.com udp
US 104.160.64.9:443 app.getresponse.com tcp
US 8.8.8.8:53 9.64.160.104.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 api-maps.yandex.ru udp
RU 87.250.251.134:443 api-maps.yandex.ru tcp
RU 87.250.251.134:443 api-maps.yandex.ru tcp
US 8.8.8.8:53 widget.copiny.com udp
RU 45.92.177.74:80 widget.copiny.com tcp
RU 45.92.177.74:443 widget.copiny.com tcp
US 8.8.8.8:53 mc.yandex.ru udp
RU 87.250.251.119:80 mc.yandex.ru tcp
RU 87.250.251.119:443 mc.yandex.ru tcp
US 8.8.8.8:53 yandex.ru udp
US 8.8.8.8:53 d7.c3.b1.a2.top.mail.ru udp
RU 77.88.44.55:443 yandex.ru tcp
RU 77.88.44.55:443 yandex.ru tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
RU 95.163.52.67:80 d7.c3.b1.a2.top.mail.ru tcp
US 8.8.8.8:53 top-fwz1.mail.ru udp
RU 95.163.52.67:443 top-fwz1.mail.ru tcp
US 8.8.8.8:53 mc.yandex.com udp
US 8.8.8.8:53 yastatic.net udp
US 8.8.8.8:53 134.251.250.87.in-addr.arpa udp
US 8.8.8.8:53 74.177.92.45.in-addr.arpa udp
US 8.8.8.8:53 119.251.250.87.in-addr.arpa udp
US 8.8.8.8:53 55.44.88.77.in-addr.arpa udp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 67.52.163.95.in-addr.arpa udp
RU 178.154.131.215:443 yastatic.net tcp
RU 178.154.131.215:443 yastatic.net tcp
RU 178.154.131.215:443 yastatic.net tcp
US 8.8.8.8:53 215.131.154.178.in-addr.arpa udp
US 8.8.8.8:53 code.jivosite.com udp
AM 5.101.37.37:80 code.jivosite.com tcp
US 8.8.8.8:53 core-renderer-tiles.maps.yandex.net udp
AM 5.101.37.37:443 code.jivosite.com tcp
RU 87.250.251.89:443 core-renderer-tiles.maps.yandex.net tcp
RU 87.250.251.89:443 core-renderer-tiles.maps.yandex.net tcp
US 8.8.8.8:53 node-ya-2.jivosite.com udp
RU 158.160.45.40:443 node-ya-2.jivosite.com tcp
US 8.8.8.8:53 37.37.101.5.in-addr.arpa udp
US 8.8.8.8:53 89.251.250.87.in-addr.arpa udp
AM 5.101.37.37:443 code.jivosite.com tcp
US 8.8.8.8:53 40.45.160.158.in-addr.arpa udp
US 8.8.8.8:53 telephony.jivosite.com udp
BR 185.163.159.177:443 telephony.jivosite.com tcp
US 8.8.8.8:53 177.159.163.185.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 144.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 214.143.182.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 87f7abeb82600e1e640b843ad50fe0a1
SHA1 045bbada3f23fc59941bf7d0210fb160cb78ae87
SHA256 b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262
SHA512 ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618

\??\pipe\LOCAL\crashpad_4488_HQGJJFSROMTYPHHD

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f61fa5143fe872d1d8f1e9f8dc6544f9
SHA1 df44bab94d7388fb38c63085ec4db80cfc5eb009
SHA256 284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64
SHA512 971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 87e392ab0f2c8d07440371562fd26b71
SHA1 a618d8fe43c889d92673943fc3beb1622779403f
SHA256 5e24e499b959ac7972ae4618675513f9af2c07a347b759e1cab1a3decf8b6770
SHA512 6ade86b1424b83f8090d5d08f0ea6907e7c458fec686edbcc05f35b55d25d410ed93a68546d00ae8b2d5fe3eadb80c2e8ab96514fafe0fb877a09161ec5ec284

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 0286ad134aca4e1c6b173da54bd54139
SHA1 5377ce64751f4b1e7b9988f1ca8df4b3a75c09eb
SHA256 d5a9f597ef7057ec395e650054d8d24bf3261928ac8c3f7aaf9b5d9a5134b68f
SHA512 c2b9b657977fdef8ef61f45ecdf16182d4153ec1ab52d66b4ba43480f4916c3f83532a7f2d4cb22dd813f27604d7e2179dcbaf21cb4933a2eeb420e56b2b2099

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 96d658f11c237d7e868ff14af18c1e5d
SHA1 ed5b2ae0f1cfdfc729f367482566437a2c4cdc1d
SHA256 64c98cb4c84ca97fd8038f1a3764a8df03db0d32e11befb19e64021f83611f11
SHA512 71f7c1e5cee3a4bedfd1e6df66cb292eb192d8381c0083bb061e48974c11431b03475adf9ca4a3e909525cb0e6f2c5e84a2a074857e6ee4818ff1161a2e75418

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f354094b9066330b3d17b57e6d2a2640
SHA1 96ea271f9997fcf8ca6b2917f662daf9abbd30e0
SHA256 3d1ec44a1bf9f76acebc9717fae77a903d32321ea4f537e35a46b4f55139c8df
SHA512 aa5eeacf03f00ebabeedce2500cf48ae70a5a8502fc806b6f6c98954e5c8410ab04a9b34ab961f725c81f65a0dd7e5e758c501e014c85d268bcfdbf0708ffb00

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 93d44dd4500998e7b7cc6bd700f1be10
SHA1 51d2d777b352e1e196a1f045bd0fd0c844974441
SHA256 3e09595708a6ce4327815a48096fcc5f73085834fa0c1a8e265bca71333670ba
SHA512 e608f6746dc0018a9f4acbbd313ef73436abede722b724cdaf36725c001caecb59dde7c3c658705aafd47dac7e935ff4df1ac743d428829c1a3efa1647b10475

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 4694cd71540f318667e53a3f53ff368b
SHA1 582206ca12d46f278c061c113d6e679e4cf9c14d
SHA256 c33c0fdfcf094337134dc7db9e4e47a1978c584258128b4d4d2ab201c895778b
SHA512 ce4b7899fa8dc7f1ebd3931e01996bb16b800ad98aaf607dd066bffaeafa806b8c88912d53e5483fef61bdabc9528eb71b59bcb47befe5acee0ab405a87889d6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d8fb.TMP

MD5 673a2bf66b9ccabbe5922eb5217fd090
SHA1 1b75a2471d1a556efc9ae55b0068ecb84fbf2f30
SHA256 1729d4015e02190fe6dc24269aa2e391bc701caf2ffe08cbf6041a68a9ce6af0
SHA512 4051ade7ed05370218d8333b5f1ca3111e41e9aad98bca256f920d1f13096c3bbf6a9fa4fc39bcddfa897e84dd59b4efb2739e035dd0be34fefe45e59ba8ce68

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 e5d990f11f52bfee4edf545944635805
SHA1 b168cacf2d3db7be10ba4d9c9a0a285e67be04b9
SHA256 daa5dee0811da13573927ae50f4602174a3a6f2872a29b0b05ecb75e5076a37e
SHA512 4f540510e9af2e3f4efb8bb67068873264231ed1a7faeb21b57a778882a8950be99e12335e473a049b80a13e05cf797f06708216a4b478211ac36777d5d0e16f