Malware Analysis Report

2025-04-14 00:26

Sample ID 240603-ks1kashe41
Target 912fbf53f497c674a50929818760eb72_JaffaCakes118
SHA256 37070911c269089c9a982619315d14ce92766deca5f1a8854d188fd98c62ddf2
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

37070911c269089c9a982619315d14ce92766deca5f1a8854d188fd98c62ddf2

Threat Level: No (potentially) malicious behavior was detected

The file 912fbf53f497c674a50929818760eb72_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies Internet Explorer settings

Suspicious use of SetWindowsHookEx

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-03 08:52

Signatures

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-03 08:52

Reported

2024-06-03 08:55

Platform

win10v2004-20240508-en

Max time kernel

145s

Max time network

150s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\912fbf53f497c674a50929818760eb72_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3032 wrote to memory of 1720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 1720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 2408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 2408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 900 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 900 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 900 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 900 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 900 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 900 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 900 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 900 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 900 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 900 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 900 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 900 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 900 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 900 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 900 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 900 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 900 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 900 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 900 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3032 wrote to memory of 900 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\912fbf53f497c674a50929818760eb72_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8f40f46f8,0x7ff8f40f4708,0x7ff8f40f4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,17976675855759943774,7746545181850172884,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,17976675855759943774,7746545181850172884,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2492 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,17976675855759943774,7746545181850172884,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17976675855759943774,7746545181850172884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17976675855759943774,7746545181850172884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17976675855759943774,7746545181850172884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4900 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,17976675855759943774,7746545181850172884,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1708 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 stackpath.bootstrapcdn.com udp
US 104.18.10.207:443 stackpath.bootstrapcdn.com tcp
GB 142.250.187.202:445 fonts.googleapis.com tcp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 216.58.201.106:443 ajax.googleapis.com tcp
US 8.8.8.8:53 www.blogger.com udp
GB 142.250.187.194:443 googleads.g.doubleclick.net tcp
GB 142.250.178.9:443 www.blogger.com tcp
US 8.8.8.8:53 lh6.googleusercontent.com udp
GB 172.217.16.225:443 lh6.googleusercontent.com tcp
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 226.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 207.10.18.104.in-addr.arpa udp
US 8.8.8.8:53 82.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 106.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 194.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 9.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 225.16.217.172.in-addr.arpa udp
GB 142.250.187.202:139 fonts.googleapis.com tcp
US 8.8.8.8:53 58.99.105.20.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 4.bp.blogspot.com udp
GB 142.250.187.194:443 googleads.g.doubleclick.net udp
US 104.18.10.207:443 stackpath.bootstrapcdn.com tcp
GB 142.250.180.1:445 4.bp.blogspot.com tcp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 4.bp.blogspot.com udp
GB 142.250.180.1:139 4.bp.blogspot.com tcp
GB 163.70.151.21:443 connect.facebook.net tcp
GB 163.70.151.21:443 connect.facebook.net tcp
US 8.8.8.8:53 21.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 2.bp.blogspot.com udp
GB 142.250.180.1:445 2.bp.blogspot.com tcp
US 8.8.8.8:53 2.bp.blogspot.com udp
GB 142.250.180.1:139 2.bp.blogspot.com tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 1.bp.blogspot.com udp
GB 142.250.180.1:445 1.bp.blogspot.com tcp
US 8.8.8.8:53 1.bp.blogspot.com udp
GB 142.250.180.1:139 1.bp.blogspot.com tcp
GB 142.250.180.1:445 1.bp.blogspot.com tcp
GB 142.250.180.1:139 1.bp.blogspot.com tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
GB 142.250.180.1:445 1.bp.blogspot.com tcp
GB 142.250.180.1:139 1.bp.blogspot.com tcp
GB 216.58.201.99:445 fonts.gstatic.com tcp
GB 216.58.201.99:139 fonts.gstatic.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 439b5e04ca18c7fb02cf406e6eb24167
SHA1 e0c5bb6216903934726e3570b7d63295b9d28987
SHA256 247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654
SHA512 d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

\??\pipe\LOCAL\crashpad_3032_FGLHLKDRRCKNNVUR

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a8e767fd33edd97d306efb6905f93252
SHA1 a6f80ace2b57599f64b0ae3c7381f34e9456f9d3
SHA256 c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb
SHA512 07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f7f5c48b77c7beeaa53bd8a37ed584fa
SHA1 c7ce57cb9578a8733c287fd81be27ca5c254093b
SHA256 03b2fcede541ce370c1310b863fed10eadfb33a7dea3658bdc0f0ac7d5edaff9
SHA512 b5f21a7daaab95066b3bc02185066bf968c47a9366c0f485c698ff98da5c387a53cf02c3ed33c78b0a01671bc42f4e800224d0bbb33a2e3cdfdaa970629c461b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 8d04a1f46d7e4d7b4e21575208f9a272
SHA1 f43986541db3c6a86d1544e0c78a5b4b0f192b77
SHA256 4dde24f4407d7758a6f972cf6d5b34879d1a9b3cbd0832a1bd1cd3fa0834455e
SHA512 cb483ca0cfc91fafaae6c734b6a3ecb28198f3520030b1447cd2a4384e3c290ea40c2f96d6b1b8085d5fe49866aa7901fadc8e3a8a7eecca4c621c3debf8b75f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d6b6a4307ab718162caf373ee51ec2f5
SHA1 07310edde350199f8fa3475c67836a2541708d79
SHA256 4118bf8921013a348fabc177a43c27b8fd601fb9c6a0917e7b919e869758542d
SHA512 d0be5f3942f8ba9216082449e3a5df43a15972eb3f88555a079f8a1ac62b600b0df442746d87e24ffdb07e2ed639b6dca5b3d72cc585a7f3e060ea186591c97c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57cb2f.TMP

MD5 c5e225d7479508b6a0663d138f850391
SHA1 d49be507331abd2d4972594db988174c4441783f
SHA256 6219d6f26663c888a5b22cdb1b01ea45902e0fab251843a7d72893573792bd90
SHA512 0e2379f72faac45907720734c31588d3a54dbcff4f52e9ad9d69c6bd2377a7c1a280b16a9919c52f614f8552ed24fa1b93b731cce584b6eb8c013231f0208ddd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a6bb3015d99a6c950e308d6d029dba02
SHA1 a27b92f222420e4b1ec04b8d80cb67b13464c73b
SHA256 e983c220bcb358bce41401166f93d5b88eecf73092b6370dadc26a6fea16586f
SHA512 0e6e944750a2fe64a1b0f8586f50bf0a26de995e634c80c249beb9618771f66160539d00e6cd9227a6c1a16ab1eacd185675174004ab286fea4e765977fbbeb7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 c7fa6374717337e4a7f7f5ef11d71d44
SHA1 5aab37129ae2c7936874b20193a41baa081a74f9
SHA256 71a5e5788d7acbdbeb3d7ced418566cc2d4e1c09ae6b499bd2b54fd89d2095f3
SHA512 12afd6b7c41092ec6fd5474f04204605d6574c9e8bccc1818733e2f712a1e4c17d5a1609185dfe187d97fb7a6c3bf32f29cb15ea88945d5ff10f59d111ecda94

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 08:52

Reported

2024-06-03 08:55

Platform

win7-20240215-en

Max time kernel

142s

Max time network

143s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\912fbf53f497c674a50929818760eb72_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "18" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 7010df7a93b5da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com\ = "18" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ad6a6238eff9e341bbe54f96c0d7014f000000000200000000001066000000010000200000002ba2aa4ec58f7929bd3902616eb834b7a14621754b21fc343cd8de7853c01e24000000000e800000000200002000000050dfc594f3a0dfab1c7443d78766be9c531735236e5211bfe14ed6007cd5c9e190000000741053caee123804fdbcff204dc7b71461c24e66739dc7f80e106b87d5b76e8da97c6898523a800f41080eaf2baa76e9e94ce73c57956ee2ae6e03f6e9b38e864885ea334b0578bc67a5bf4a5f952befc6cb98ddf561d37a315f61293447dda37c64bbf2439656350b7ef1d4a04e18bc6c804179eae1b231ab185ea45cbc1ce23d944c2a0d4b4e9119a0a484d0ecb1e3400000005161d14e001072742ae5e563d5c202112bc295f8e4915f4720a06e2dc83e89642aee466128ae3e5ab21a4d504e28659cde9ff1f1001dc9b05aa0346faea0fc8c C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ad6a6238eff9e341bbe54f96c0d7014f000000000200000000001066000000010000200000004a46c007ba9342fd97d48bb3bb7c02b84df669cf7ddb1f0fff5a8faca341e41c000000000e8000000002000020000000906faa0d78f43db9ef131fb3ed9857eb8304770a84bc03d4b9e41269570a89b420000000271e5b8f1bfd06ea9e5bebf32180a8718b50b77489fe6949f9ba7f493d60c97c400000005a06ffa42346501f8d64c81eb99c2be8f08b536a383ebd2e650ad22887c4d6f8ea28ad0a62feef5a69e640e5012bd102c1136b88c84a61b74a9a6829e2a5f2c8 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9FD98631-2186-11EF-9907-E698D2733004} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423566624" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "18" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\912fbf53f497c674a50929818760eb72_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1724 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 stackpath.bootstrapcdn.com udp
US 8.8.8.8:53 lh6.googleusercontent.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 www.blogger.com udp
GB 142.250.200.42:443 ajax.googleapis.com tcp
US 104.18.11.207:443 stackpath.bootstrapcdn.com tcp
US 104.18.11.207:443 stackpath.bootstrapcdn.com tcp
GB 142.250.200.42:443 ajax.googleapis.com tcp
GB 172.217.16.225:443 lh6.googleusercontent.com tcp
GB 172.217.16.225:443 lh6.googleusercontent.com tcp
GB 142.250.178.9:443 www.blogger.com tcp
GB 142.250.178.9:443 www.blogger.com tcp
US 8.8.8.8:53 connect.facebook.net udp
GB 163.70.151.21:443 connect.facebook.net tcp
GB 163.70.151.21:443 connect.facebook.net tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.200.34:443 googleads.g.doubleclick.net tcp
GB 142.250.200.34:443 googleads.g.doubleclick.net tcp
GB 142.250.200.34:443 googleads.g.doubleclick.net tcp
GB 142.250.200.34:443 googleads.g.doubleclick.net tcp
GB 142.250.200.34:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 fe0.google.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 2a267c8371f84045236028d9d98b0988
SHA1 689e34bfc1f5b0d068c4ee62baca3e32f2a8e2f8
SHA256 3e6148f5d2f700962e4ca856d369cf61329d27095aab4081997a69c337194f4a
SHA512 7da74e5c2144e31887d70c62f623a0271b33153f0be825828f006ecec9fcb7d1f006249171b2b6746953cec27ce3ef159f980919e2b7ac996ae64d2519938e5c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 8ac3be13478bce4b43cb13133d330019
SHA1 7ef7df6a34660907a7d5943afb2e78830160c11f
SHA256 cc522b02c09a2fa69f4b0e918135a61d03f634ff2c39d499d447b2b8af758522
SHA512 5575756a991d2292cd264e5b5618e6aad2311ca930974034a7e0638670b6e83cb996af550f540c9e469d82b07b06f569451e625caa3302ed6435ce755972b61b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 61cf993f4ec4465cc2d9a590f52c993e
SHA1 7c55e95e1317c076d61f73b2565d5d08b36aa78d
SHA256 d803bad9f7bc537a7eb24ce8c7e007fededd0657e3007ed49610ddd2c385aaa3
SHA512 da2db40445a5baa6b0b9da3d0ee8bee472cabc71c8dbbb3d1a09cce6ae58ffcdf3e2bd3501ff604d3d721e3a83cb8b6bfa7af66b74de33d6ef74cb1c05ce725b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\902LKC6A\f[1].txt

MD5 22df2217e85867500da7dbeeda5ecee0
SHA1 ff9c40fa0d5d85dc8d2689b22a83305363e2610f
SHA256 3168a429f3b727e345e096a478d1b337a6e6f0d8ddc43ce8e2a7ae60f5d1d42c
SHA512 93b06babe82f5868a1807ac35e93a562f907bab6ef05ac5b5d223ff285ec376341ca976e447761caffb93e8fcea7bee230823e006386bce182feb9f6c2851ed9

C:\Users\Admin\AppData\Local\Temp\Cab2A5D.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 efd9f94d2bfac3ae14ffc7f5a58d854e
SHA1 e9b518fce3476922fe6cf33db0ea6def9d8f4bec
SHA256 14047d2c70bfd136f4d1c55edaa3cff5c4eb6283f8c40513da69bba010448815
SHA512 4db51e1d6f2282900883569cb6858d2e87ba7087b853c7d37f648b1417411fc48cdd88f41c7e02ef4b523f89dd585f380adfc239b1446e64de2a10f09285c2a2

C:\Users\Admin\AppData\Local\Temp\Tar4197.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar42C6.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\RE4DSW7Y\www.google[1].xml

MD5 7e7acbcb902a13432538135a285c8d30
SHA1 089bfbac8329b0dd9b8f8ac3b6945b55704cb541
SHA256 ce09c9184c602fbee705fdaf50691a4d6d136a415dca0d50f7f49decd30e01b9
SHA512 43a7c94164f2823da06beb02d8ceda10ee81b109d859c7d375d5459fcebe7ce276375971717ca5e4f87a28bbee470ab687721344bf20fcd806e3eaeb939d65fb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2f29ea5dccf2d2a30c4e71d46f50d75d
SHA1 a9e16bd3f305c301334d002b0f2d38d7deca0c54
SHA256 41fb8477bb858cd618cc48f0a8e6358e913090350341b8cb98bdf0e6c45ce55b
SHA512 7c5e50182cc51fbffd465df85608b64333adbaf69c6d514093a5c8c5998f3037740be70154f68479d7e379720fb54cdb2074274a91b1e354d84d234a902760eb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 22dbd85b0950f0c49bfe2de0131230eb
SHA1 3ddd1e8c8ee4ea88a9e3b690273e69cb4a805755
SHA256 3459762ab5515f23998f49de734b85b5f9c4b476ad19536150ae6a8525fc5727
SHA512 11620170736a31feef4949d6af1dc11d716b10f6a35e9402f04a773777963a15a1f251aca96074287b9e26564c9cab39d03ecaf9be0bfe8e06819e43e994feb0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 08609633630ab7fcd49af86f9bde3306
SHA1 c2dbe3c6ba3d006e69d09a8227a39ddcf5bd084c
SHA256 3e360a2f962be56ea1fceaa09e2aeb564edf8f473825335bce46a9cb53a2f86e
SHA512 2cfb2bbe674a7d3323150128731c56bf9c5796f6ad85ea98b72593e5dbfd1bcc885eb36b2e66063784c8fa67dac0b4dd03a885ae63407e925a899b568c3b2cc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 778e53219320ef455a0c0f9939445e76
SHA1 2c9d11ffc3091996e22dd2a7cd3a4c1d149d0ec3
SHA256 587d26dfc5578fb7826acc7d2f3cb8a1b329a891359dadd66602f01630eb66cb
SHA512 c4ceb58f808decda5b66ed940d5d17761190e984ea15ed4ded587f524de24abda48ce875756b6345ecbc65a507d41acff6438da632618165d25ff7a1a79d17a3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8f3eaa9cf9d45cf5fb09eb3fb7faa47d
SHA1 2a9399f093d853a5996d630306be1b942dfe9178
SHA256 056f994ef49eabd34f478ef108c079682bf10ba2b1e81e2f4236787d42b07c40
SHA512 534c444a93b07fb6b219e0e7a849787bdc4abc141db0231fc15b049c09541ca67cf3f2faff81558d096cb6e5b9f0499e1c2fa63bbdf84b477a42800e3fc42fc0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 36e69b9b9328ae7f6b19b61eee70cd54
SHA1 00ca563431edd373fc88c80ed1339a34d3fa818b
SHA256 c2a1b4eb78aaff21d51457561d001a70b70810ddbc95bf549fd9d30f28cacbc4
SHA512 daec5611b5e6723eed1affe844ab2224f0ee273c7ce065ac2dbbd40a0037f8b431723c2d50d30a6146c3bcee6c805f8bdf67ed3df378c3932786579f344b8927

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2906f79d034e2b3521ebced6b7647a7a
SHA1 c911b793439e27a36ed61b8d2c6195945eebd27b
SHA256 946fe8de884822675ac7625ecc206834b9aa6619f58db7c083b2a7f8fd23fd4e
SHA512 88a0724cfa0cf00da190327fbd7f6121249780cc2fb51949945f67e775e394adbb0989a9a217215429434e5ccbdf50308ec6e068148ff4e7188ac6b296b4b6a7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 acf07f2ad5d7b7297f528ec92fd76ef7
SHA1 5dc10ed8749da371271c313d24d654c17da3393c
SHA256 d658dd1af95d0c3a385d0778405a83181003aa8683482ec24e058854c8351c54
SHA512 38af7afbfeab312b4c73727981b1b8093f29991ac0d55f3c2dd7c253d11cee99bebc81d94d18378dd1dc1d5d282a7758cd1a6e35ffcc3d22a4ea62b2f13e8e05

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 b5d003d95e672e4f22274cab9d7c0416
SHA1 ba4c3a6ccbe6df708ea1f9de85d80cf09372906e
SHA256 26e6c064b946077af0ffac739a7dca36663cf9707a6c8d95a7821d6d84b93b25
SHA512 93221bb37944506387373df8ff816bfb86ea4e4989cea3ad24eb09ce485cf2efcf32785c32d42760d976dac80f5244eb967cf1953f69b55f3848deebfb7b3429

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0f2ee071af0908cc4273c649293a675c
SHA1 b6732ec6b997ac71dd7bad5ed2a8a1ce3ce7a4d5
SHA256 d61aecc3f303c44186bb039652740fc854ef7da992122f88752a9a28e4932e0a
SHA512 6c5df6b0be2d4e343793041d3efceb4843f4c115f101df9570f9d2ed3745d019f52698c97882ccc37a3991311ac72707cfd00910346f62d3752dfbc1b4a3dcbb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3648107a03f59baf6f4c5cb797f036b9
SHA1 57ea01aec7a83454386bd0a349b8142668024edd
SHA256 12578465f89727d1d962bb777de4c31a3d75578e215de686da9b24807f9d8705
SHA512 1dfeba77ed7795736e510503700eefa3e17d98efc97331e51a887af50c1146b7bdac21206b7ed7e98dff1280e329f4a11360cfc6588c44cfa321f87b67768530

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6be1af13413430863b807fede6e4ddd5
SHA1 29291611be155e4f647104008249dc70fa4b82ee
SHA256 791b7aa749efb1188d9b6d56e6bd06dc490fa47a64667085edff16f4803cdf81
SHA512 2e0d14bb80db742766747a7e611d76951a44595112f793d2403f59c6ff76d638e0811b6102033e3744e500a077ba84685d20926995ee4554eaa6eca362973b70

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5c55bb8ad0b989c7c1198b09e51047a1
SHA1 08b9e22d2b6e8f9df890db32d7b972ee28ba3dd9
SHA256 d7ae30027657c4aa6b199f256415ba541993205fd1806cf77068f826093a8dea
SHA512 e959d2ca3642dbb9d58c4c4fc47694ee2d51f67479f85b3956a3bc7f13f3d86d97a9d14ad95be9ce22bcf740f6ee724e5d5347a48df8b43e179bd1744b264c41

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a20affeb5ab850a3ff52070837536a3c
SHA1 69a0331fa832f429c55834db2f4bf676e61f61d7
SHA256 6c32027e5f9bb46576abdebc698d42b31d2835a938bfe097e85395a89bf5450e
SHA512 26ef9327b88b56bed511d99b2769c0897739b7fc9f5150d2920476c8eb227aaf8a35f3cf46372c350f2a04f6796ec2df14042f2a8bbdd34f51e40e7204baa5df

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 f7e0beb4ffbcf4e51cb1963cff3e51f4
SHA1 bf221ec99f2f534981d6c0122b57e4598f10c832
SHA256 11ea980ae4a7b018dd2c7a3bf128cfd67e22e34464436dc719e9d804ae1848e3
SHA512 67baa8672b7e7df6e6a0d79296c5c5c19e7d9f062068d0db02d2607d9596c43f91d3df390c46a68db3583859f05c0dcfc4b0173a0273042f55d2175f74cfb647

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1aba885cabb09b8f930088d4294a5f51
SHA1 e3c3381b9176f5bb59e54a68b0c0e2670e7c44f6
SHA256 86c5b0259a5196dcd10b802d62eaced9dbe933d7b1a9561d67dbc4542ad3ce9a
SHA512 945a0feb30366428d83f05a5f8869b1149154730b55b1fe8b32369311a7beb3e0bdf59567e746e05afb39ecee2ba607b3a957ee939b8356b340985aff68bbf4e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7b6252f41229ecb94209df102f7a9586
SHA1 ca01ef797ea551a4add027dc954d21a9565eca91
SHA256 84bc7910d1e93e96d91bc8501bc879a05d26357cd3d4cce4116d84da8307d5a9
SHA512 6099a1ffb5a3efa50e0715b9b0573ed4d9d75e819efbb33d5224c4750c19b59713f3da7c550e73c1d3f9618c8824c1f60699958d81b31ec74f5cb7acdbc36fbb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d48a0bf37986f844e93938fc59576272
SHA1 80d243b1dc83b6724b2f37a17580ee3d228d9cc8
SHA256 0e4871bb7c44c6eb716182af20b2ad8c4f74e9966c6f0dbeaf943fe9030925fe
SHA512 fc7fb0f47a2ad8c8b2961cb780859ce28936d3de9745776a893eb138308f6ad3a565d982d2824cab23cc9677301932df40ef55aa7e86283bd8441cc66b327a4e