Malware Analysis Report

2025-04-14 02:36

Sample ID 240603-mlpwbsbd71
Target 9175dd64c6a8a8dcf0511d9a467e1a9b_JaffaCakes118
SHA256 c776ef93a45c7cd4f3bba5381124d9fcf82b5fc61d92a4501181c4520eb278b0
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

c776ef93a45c7cd4f3bba5381124d9fcf82b5fc61d92a4501181c4520eb278b0

Threat Level: No (potentially) malicious behavior was detected

The file 9175dd64c6a8a8dcf0511d9a467e1a9b_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-03 10:33

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 10:33

Reported

2024-06-03 10:35

Platform

win7-20240215-en

Max time kernel

139s

Max time network

140s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\9175dd64c6a8a8dcf0511d9a467e1a9b_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f0f7559da1b5da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587ccaa9d68a1d43841e29b39690c76200000000020000000000106600000001000020000000eaec085bd2b842555b0cbd92fb757c7a7ffd535bc874f59b8596fe42a94505d0000000000e8000000002000020000000bf6d61beca808b5878e2d8b608be6b9cfd66576cce4a7a399f88b550ed9c044c900000009ed07f72b483287caf302c99d4553e698e4a5e62557326a05df83e068d45878546ff0f7cdc505684818db609417359898a638af5bf218883661b5f0578cb67c9187d5097412ffdf8345ee771fe12574189908714510f478cbafcac77303dcc8b72de2949196444493e66a57a0b9caf05e65ca224570ae8014bc7b0bf507861e5da90fa6641fe76760a3845e2f9d9b09c40000000de53c1c1fd05c648ea227c27c41f49b720c93e16504ab7a82abda24db7fb2fd0fbe3ec272ad8fdd875a5a9c66546655378d0abf5b084678291b658896faf5e2c C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B562C441-2194-11EF-A4DC-6EC9990C2B7A} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423572673" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587ccaa9d68a1d43841e29b39690c76200000000020000000000106600000001000020000000a0ee76ef3b5438a1178a460b17f280ab588ed780e9d1a65ce841f597b6ba78c8000000000e8000000002000020000000b58a0b10a51c77eb376c11d33851764f1add492853a20fff80ee4dd5d503d595200000003100465e038f0ab9162e2fdb6d2f732b05cf9a4d157898b50d11e105a4d26c0140000000c266a1000effc0980dd5251740b5aba67a2f07ca259e606806fa9428d51239212cd4e8a6b8edc4e24b455a86fa5747839e4564407e38815a8b8a91d634bbcffa C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\9175dd64c6a8a8dcf0511d9a467e1a9b_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1888 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 izumrude.ru udp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 maps.google.com udp
GB 172.217.169.14:443 www.youtube.com tcp
GB 172.217.169.14:443 www.youtube.com tcp
GB 216.58.213.14:443 maps.google.com tcp
GB 216.58.213.14:443 maps.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 172.217.169.14:443 www.youtube.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
GB 142.250.187.226:443 googleads.g.doubleclick.net tcp
GB 142.250.187.226:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.212.202:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 maps.googleapis.com udp
GB 216.58.212.234:443 maps.googleapis.com tcp
GB 216.58.212.234:443 maps.googleapis.com tcp
GB 216.58.213.6:443 static.doubleclick.net tcp
GB 216.58.213.6:443 static.doubleclick.net tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\902LKC6A\9TJHAIAA.htm

MD5 afda131567e9fff50699ea95b4e18bad
SHA1 266389deeaf1ca34b2c06688390cd9a0463ba600
SHA256 64c7a498a15971b784aef722ea2e6cf4e6a76dc54ae082dcff68da61f43862a1
SHA512 0022b6656a582ed32a5cf8178dd6cfcfba39a2a0f18b9df90be631ed882d4d6f225ca20f0a88274344b0badd82d92b866d87d5acc0524ea2bb5f4128e32a804f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_DBD1FAADD656881B5EBDBC1DB3D60301

MD5 392da785b860914be32a05a7e28d572d
SHA1 b5b00bd84850517a5d44f610366406132129a328
SHA256 afc6850cf7b9a1e492b79b47553464ce70cdcafc33de05b1eff9445fd7035b33
SHA512 c039e9edc3c14316630be629ebe3b301f17a0971ed315353a47ff99af965ee233263e718eafb3e5bc36952dcc53769014497b7178b91b96606a778f95f6534ad

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\2EK7MURZ\www.youtube[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\2EK7MURZ\www.youtube[1].xml

MD5 fb7f57533a0553d52f42597ea36c7f84
SHA1 0d5e055103867a9a478d8ba71bf0d90e04626212
SHA256 024585bc18e947d454c282a5581bfa58c5e4deefbb4e03a3296cfdf8ff5eee55
SHA512 10d3ca48aeb55cd4e4edcc3af3f76619d026c2b0a9b2eec60b2fc121c236e59e1f47185fedfa80d667ac743d99502701b3ba6c496b34aa93c5054a7b0ecfbbc8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f36dc6191509d18feef4e9cb13e1dfd2
SHA1 1fe84be27dc34cf306d3f69cadb5f4081ec74101
SHA256 2a83247bdce54a59d39f73424801437ff814722f7b32538ae5c1c587616b34d3
SHA512 a2a2a16efba97ab90341262990622d93fef5e13c7b7316e54db15c7b91edd44841e9bb02095577234d16f5e68501a3d6f2ff753eed8bd389044cd47f9f9fdff8

C:\Users\Admin\AppData\Local\Temp\CabA8AF.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\TarA8B2.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\TarAA3E.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ee0d7cccaacba7b7e3a6b1931624eb9d
SHA1 b65a0cb7d4cb8d39ced16d08a7ecb33fb5c90f2d
SHA256 0a486584d9af4a3df82daab7370a7f8e0595824afffd6875b12330209cd4dd9b
SHA512 e3f3670564981e256482261be332c5b333576604c639547079cabc1c666e74af8e0a4b315e127d83d52ee4a8de6736f2678fb01e93fc99ae6638d1a5d17000f4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 b0860ef842db0f961eebd68c29ff9b0a
SHA1 a082253fabfda8cd77e8b3cafd3fc79cacd4474d
SHA256 fc99d222e862bd2e3bb110b64c0a6b9a7a008f93dd07cbd0e8a2769bbfc47137
SHA512 c09cd6c46aabe681ada311645edec12c8bea36e6ce4e8bee9d50b694092c3b3302f146e0f50deceb5ef3a32c558cd535e69071009a9897ef680ddf1067d1b6c0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 245124e424558765531a1c6f8e79fd0c
SHA1 589f631909ffb670751a90da7b8e3b3644bb0932
SHA256 09d9b4603fde537ec21f253442b2ca6a89f529c587acd6f73bf0a6df67aa84d4
SHA512 ec2569b3aac595eb2e04b690a1ed31f4810b5a1e13709a6ef2e0dbe9271946a64856585892ad129aaafa9227a1aa6c57f5c5d8af13aec5e3f5734727ac0da0c5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 61e1f2f06c631b9a0191fbd5cd3b22e2
SHA1 32b313e3a756d4dc61ad8c7ec0e240ce252f7e08
SHA256 f82032995f2b83b1f0140c821d2a85fb7d428894326ead298e3df1dce3bc2a72
SHA512 5a0a108573f1859b6c0b22f5112be16e7d2ecff7374bdb57541f7f7f6cd49aabba28a6dc9744932a3497601862b3698f2761968f3d2f7b16d0c0d44b931e417c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 675df6d0fa9159292b515d804a54b44f
SHA1 5f036971dd30407c3f64ebb513b49c00aded82f4
SHA256 c4d025733f59ba9838852f111ba69ca40ec34ee879b2198c12e6f7274f420459
SHA512 2893bb085d604ad5c86f76715a953374eff6d820d5da611c7e8ce7680d0d3883e22f6d150a28b7ff4899366d9a4d358c0b615b028549b4c46f4107dbc343a295

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 31ed96680c6d82ad593b611e16b1f1d5
SHA1 34bbc8b8947ac382b03f925a26bf814554a571c2
SHA256 2fb0c80d411b3eb24ff7d58070d8306b86030a6b78bbd8f53a923bcfa4d10c9f
SHA512 611ba8eb688d56db3e840de85cea3602e3e64bae45374ba9c4b02fb75db27be5c07aa552d5f4aa7e512518cd1749db97c857e6e93a6ce87f4ae396ac74bb5fe0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a3274f3f43b733afa9207d82e47725c8
SHA1 bf36cd589a85917f94fae568eac53437a10500c1
SHA256 262b15fba7cd3683f913f46498b1205b4e1ea3af2b0d54b0b902ec539466b5a2
SHA512 b7043ee77b7b70a18521394035cacc418be753f57790b53f6d4f77b46d9b07021a56f22bb9264d97e867ceebfdedffe100f773f4ddfa10cffbf231019a3ae7f2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 b23233a2e1311fabb6c382cbb765b2c4
SHA1 38cb0cee0c15f0e93e43c746242c4a7a401405cc
SHA256 cce198d843e9f2d7184b5af971eb4fe370c8d0de301cfacbfd4efbd5d4be6acb
SHA512 f139f5e039cd2b3e9d3bffabd18ab96064e8c80f25aa505c9aadae1be6b9fda8d5119fcb798301a5ae584cf81215440de382d9c5274752b07fdd8d2962e086fd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 426ba13139d237b79d02aa4aa5de1c3b
SHA1 37f031fdd9a971ea1799254998ccca2cd8510380
SHA256 4f3bcdfeff543f4a2538d485c9b94f03b672d84ffccab76dcddf34b82389b2ee
SHA512 700bb3a27dab6d655f169515d36765272f49ce9e1e96b2b0fbc2fe98a36279de9fdfb25f259424a06ca630479e2402ae81eedb2b25081c02187b61735bb31948

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b043799251fb5759151f152d0b62926b
SHA1 d45e9afd4420720453ecc03889a702ebba3058c7
SHA256 c9cd71fc657ea615052ac1570f85d0433e71bad138436e997d9b94f554454304
SHA512 ac4b95fa3c8ddbf56e13bae354e6ea3f6d5068cdb53b9d23f0973c1f04f362550cb274e98ef47a9cb98f7ff28d7b36e2cdc01455949eb08b742574effb5541c7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2613916cd32f7f01ba31ba2389dfbc38
SHA1 96a39421508c59ef5e8788b42bb9f503a96c75d2
SHA256 87c1cb272b36df94f2320390e614b7e1c068986adf6ce1951ef61789ae9254ac
SHA512 1b1fc04b1206114504771a7f1cabfe131d1e18a5001d855d0f7cc2140a448a78b835b6696e6b1427208b29aff107a825b26cab1a3a2551971cd340f000b00d66

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2b0013e83a5353c0a1ed0ba4343392c9
SHA1 b1052266cc0d6999003a036a4e0c5dfa7106015a
SHA256 75da433b95ccb1c153a9bc58348f9a5978c5585b04c896ee04205ddc054e57d5
SHA512 1aae86486e1335ae723420c7d2b53cf1aee0267f3b00ac3b8718b65e5552d0d7854e5e87c63614ecd6f8e628f302ac5a1748ba8ff716bfef20ac2cd3d5d75d28

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a11b0e56d5a4a296d40163c75155a81e
SHA1 df7cf2a2afa40bc982d568aaf731d51de457eb89
SHA256 5a38bd08dc8beeb0f02806e5c3b05f7a162cff4871220becb0098da529b80d5b
SHA512 702e7ec274ff1125c45015cb9138b1734d2a8f43d847021f2b0d9d2ed8feb1ec9df4d3245408cba4fe9d6be45d7416635e9bbf8df0015eb40e23a2e3403c3b9f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 03e0abf9bdecd058120a9ea89d913a68
SHA1 dea193de01240060e0292ccf4b765002f76dd8f4
SHA256 a95d1442d2e64c6f8428e386cfc4e5063c7d52d1144f06b46ce6004f7ceefa52
SHA512 85c3b358c6bb742507e0b1b2c6adf876ba4a37dab6d92d6b5f68302498bcea70881432d702dca238d68e59d3ab29168962393fb74ed7923f8ed295d602766ff1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e06047a33325c4b165da5feac9574ac7
SHA1 3de9e6ed5d1289be3066bb1b5f48468af9e4d36c
SHA256 ce2be6ca67002c681eeae1c14c9da735b776c5f08bc4e3ac9ad2ce4fc586241a
SHA512 cbe0699fdb8a3ffdbea577fba3f467387263283005d9a0aef243792bf18c4dc49d0c77eb578abc573b48b85fdf8a36337ec614a113ae6855e239ffb836c4a2ae

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 78f4a577e8fbbb7dc424239b909cc7ab
SHA1 1fbbe02329533f4cb7cb0d382978a583e6a15770
SHA256 9bdbfced61ed3aca74c4766f7a98eb10788e3a28d5cda7dc5f3ecc723a62270d
SHA512 963746452d37fdc3471caf658ebe21d70a013005dea88d7f0880c774ff3e5bcc7fb837b4d393eb7348928e91efcd1e70f4733ecdb816fe81c2d54dae4478959c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cd9519519615bac11dde09b9e810fd04
SHA1 6d71941bbcf893e5aeefae1a17fb4c74c6efb31f
SHA256 708bd18509bba3d8e6232bbef81b80080eb1613647f2438c92769a71d2943afc
SHA512 5c3a5e5c40ebcc4c92e54e4921447c62a827f9345ad9deb4dc5f480c5091952a3e23539e44b80d667a6bfc1863998c33f482f3a7e577532b9e142acf9e67c061

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ff305b94ca0458724f78887900f09386
SHA1 f414137356d92ffea9bd523a6da56c21658cdf67
SHA256 ae548e9d17affc3ac55bc3099a670d20766d61b535c73f548fe5370db5ec0598
SHA512 f54ed95fa605fc957da8be6062b27bcbff54db97cd283c1295d58ed0cd63d05db1f9f2e14bbd0c73e473bd24fc768fb9c4c160540ce40d1bfa81289183cf6838

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b21f2fb13ab5eb2830726b5bec6d960e
SHA1 d764c3a92be58c01e7190179d701b6ac474b5691
SHA256 f5502866330b34c59240403378c3b98a8c250b5d1956f347dc22c749b6402190
SHA512 a20b55517519bf0dd3ea36dd1b49eb891c047a1c1196fc08929519e59fe9006afa10c8552fb9e4bec819b41bde3f9a17081330acedb31575204d97b3cda11bc7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 970feb9ee93ec4cc07d8f89e1abd12d9
SHA1 4a9f34849c716571245962107968a0fcffee3039
SHA256 d730be564c99130ce1cc7eb2be0aa855b6567c161db7bd539bce9c7cc6e9b041
SHA512 0ecf09a4f0bf04d8ef37aef3d2f85af98b3ccadfc6e3ebf641c4a239da99337a02fa5ae886fb13fc7ea7e164d8d4a2dd4a9a4475032166a9b122c1d552695f62

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e04c3643379e5f368d2dc81d74b23fe4
SHA1 657a3dbf0ceba0601744f9bc8b1c9862773c87ec
SHA256 a4e7bd264d2311c64f484763f48e9f6b7a4b597b35fa715e6419e795f7f849a1
SHA512 5d259fb8a3cdc7ff20cf0038e3d6d6215a492d46b7bfebff32fda26f244384abf540c22840d74445aa8a657d70c1adf308ab5c950f011c412d000a40813a4101

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-03 10:33

Reported

2024-06-03 10:35

Platform

win10v2004-20240426-en

Max time kernel

145s

Max time network

141s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\9175dd64c6a8a8dcf0511d9a467e1a9b_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2640 wrote to memory of 4380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2640 wrote to memory of 4380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2640 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2640 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2640 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2640 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2640 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2640 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2640 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2640 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2640 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2640 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2640 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2640 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2640 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2640 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2640 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2640 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2640 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2640 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2640 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2640 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2640 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2640 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2640 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2640 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2640 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2640 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2640 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2640 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2640 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2640 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2640 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2640 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2640 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2640 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2640 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2640 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2640 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2640 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2640 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2640 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2640 wrote to memory of 2040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2640 wrote to memory of 2040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2640 wrote to memory of 3764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2640 wrote to memory of 3764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2640 wrote to memory of 3764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2640 wrote to memory of 3764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2640 wrote to memory of 3764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2640 wrote to memory of 3764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2640 wrote to memory of 3764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2640 wrote to memory of 3764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2640 wrote to memory of 3764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2640 wrote to memory of 3764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2640 wrote to memory of 3764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2640 wrote to memory of 3764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2640 wrote to memory of 3764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2640 wrote to memory of 3764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2640 wrote to memory of 3764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2640 wrote to memory of 3764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2640 wrote to memory of 3764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2640 wrote to memory of 3764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2640 wrote to memory of 3764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2640 wrote to memory of 3764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\9175dd64c6a8a8dcf0511d9a467e1a9b_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9849246f8,0x7ff984924708,0x7ff984924718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,12085193330871409890,1865600839805337220,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2232 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,12085193330871409890,1865600839805337220,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,12085193330871409890,1865600839805337220,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2600 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12085193330871409890,1865600839805337220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12085193330871409890,1865600839805337220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12085193330871409890,1865600839805337220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12085193330871409890,1865600839805337220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,12085193330871409890,1865600839805337220,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5452 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,12085193330871409890,1865600839805337220,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5452 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12085193330871409890,1865600839805337220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12085193330871409890,1865600839805337220,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12085193330871409890,1865600839805337220,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12085193330871409890,1865600839805337220,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,12085193330871409890,1865600839805337220,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4616 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 izumrude.ru udp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
US 8.8.8.8:53 s.w.org udp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 171.170.122.62.in-addr.arpa udp
US 8.8.8.8:53 88.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 maps.google.com udp
NL 62.122.170.171:80 izumrude.ru tcp
GB 172.217.169.14:443 www.youtube.com tcp
GB 216.58.213.14:443 maps.google.com tcp
NL 62.122.170.171:80 izumrude.ru tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
NL 62.122.170.171:80 izumrude.ru tcp
US 8.8.8.8:53 i.ytimg.com udp
NL 62.122.170.171:80 izumrude.ru tcp
GB 172.217.169.14:443 www.youtube.com udp
GB 142.250.187.246:443 i.ytimg.com tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
US 8.8.8.8:53 14.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 246.187.250.142.in-addr.arpa udp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
NL 62.122.170.171:80 izumrude.ru tcp
GB 216.58.201.98:443 googleads.g.doubleclick.net tcp
NL 62.122.170.171:80 izumrude.ru tcp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 maps.gstatic.com udp
US 8.8.8.8:53 maps.googleapis.com udp
GB 216.58.213.6:443 static.doubleclick.net tcp
GB 216.58.201.98:443 googleads.g.doubleclick.net udp
GB 216.58.212.202:443 maps.googleapis.com tcp
NL 62.122.170.171:80 izumrude.ru tcp
GB 172.217.16.227:443 maps.gstatic.com tcp
NL 62.122.170.171:80 izumrude.ru tcp
GB 216.58.212.202:443 maps.googleapis.com udp
GB 216.58.204.74:443 maps.googleapis.com udp
NL 62.122.170.171:80 izumrude.ru tcp
GB 216.58.204.74:443 maps.googleapis.com udp
US 8.8.8.8:53 98.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 6.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 202.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 227.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 172.217.169.46:443 play.google.com tcp
GB 172.217.169.46:443 play.google.com udp
US 8.8.8.8:53 46.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 52.111.227.11:443 tcp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
GB 216.58.201.98:443 googleads.g.doubleclick.net udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f53207a5ca2ef5c7e976cbb3cb26d870
SHA1 49a8cc44f53da77bb3dfb36fc7676ed54675db43
SHA256 19ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23
SHA512 be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499

\??\pipe\LOCAL\crashpad_2640_DQITRPGVBMGPZCDR

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ae54e9db2e89f2c54da8cc0bfcbd26bd
SHA1 a88af6c673609ecbc51a1a60dfbc8577830d2b5d
SHA256 5009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af
SHA512 e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 bb328258d869fdab047b23b4a7563548
SHA1 f797e2d15f58e371a38a29a21ea7bb28a96d25cc
SHA256 620f1d93af4a45b323b47bec22e8b82d0352fd88d5a0bc3c0cdf393995618d01
SHA512 113871b861efd3429ce0331320b84c7a230a5e1c3bb5f278d3d3208118be1d97a549a42cd6de8caae1422c8e14955db2b8c5d2ddeaddccaea1b4a053ed46847b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b14fc190a7493ec8c3108e58ebdecfbd
SHA1 f6a7401be4b2a018fab7835decebc1cdefa69fac
SHA256 1e9eac2922496e14df157d81617b07cc3a9565c1a919a6bae5f46627b3d3f0c9
SHA512 9ac3120d0a1d3346775d3e4f588ea6d48c76efde4496e177519b95aac93a4eec9df757b9ad288cb56766d3cec1de72d58da0bc16780d8ae98b1a5f2828787b5b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 44630c93beaf60e25402e0b9984d4d1d
SHA1 52ea1e49ed237090d6710c8a05e5560eba6e0248
SHA256 6de0761c95946ad83d43d8b25ce4e859589ddb927a12ae3278bc97e028e6792f
SHA512 4991cf7079297cdd0fe20c35ec71ac493bf505c9194178bb17af5f2b0132f8f605d560b3dbd001a8a4bbe3304738474dc0c4516dfe81f087338e62eec3e685c9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 954f51992fa1e877bad79d5e0e113cd2
SHA1 77e4d210c2505f2caf08bfb85f1d8f49d8841ffb
SHA256 4b54ecc7eab9dc5eddf4c54f2a6cebd1ac4a21b051bba96e1a60b9d348938529
SHA512 f81fe6943bca852b90f76ba3e5ef7811f91849ae4c4f501405f973c3707e9233efabf43af10fa8b192b4a0c37341e1c46ecbc8a327a49beb70860aa5dec7867c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 57327d02ae4fb5c48413879b4e766ab6
SHA1 fc81036d1dc007fa6779e1f739b28d689b14629b
SHA256 245054a7b9c2887f95699194943068d710e95fa0db34b21090dc9022ab9ce142
SHA512 d849b0433386fd9a43a66f805050aaa73466e34b90fe302dc54ff9e9fca7870928b3ec2c0a4f737fffe6a9ffba7df773a06d59c6e116e387396919cbd25eaa42

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 d2187b080e4d92d7df3d2168c31b02e1
SHA1 f73599145d6abeba948c62d2b4c594ceeb007c3a
SHA256 08a700eaab0ec2616a7442ab557c34674f1d2fa9ede873c2e6b301cc4f939a1b
SHA512 77f791041799fb6039528b8d55a468e88b972e2833ffaf5048e5ec18d936e1107689fb73f36ca78af8d23b60184acb363353d3c6627ff51c831f9bf0d76e8e84