Malware Analysis Report

2025-01-17 23:17

Sample ID 240603-p6hnvsfb5t
Target 91dd698a60e24fe8eabc02a6a36557a7_JaffaCakes118
SHA256 e82ece11caf0859ec19df7ff64b9cf8c380b38babc49b80c2241e911af348af3
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

e82ece11caf0859ec19df7ff64b9cf8c380b38babc49b80c2241e911af348af3

Threat Level: No (potentially) malicious behavior was detected

The file 91dd698a60e24fe8eabc02a6a36557a7_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-03 12:56

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 12:56

Reported

2024-06-03 12:58

Platform

win7-20240508-en

Max time kernel

119s

Max time network

127s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91dd698a60e24fe8eabc02a6a36557a7_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b000000000200000000001066000000010000200000000ca4718f98e2bce61846aacc43e92d2197c9d3e3348b0cbc1d2cede20f6103fd000000000e8000000002000020000000b5eeca78bd358c9f6feea9ac1549ab48c3bc69ebdc84cb24bb8cbf70967ddeae90000000a94234348004d2e5f7fb27bbf2b899d0d34d1eaee850057ec1966e8c1ffa9c6aad66e8986c5bc6c58cff7e3498c4c0e09bd0633dad77dc9128903c609d1c1e0951d772b6fc4e15867504c8cebf2bd6f8023b082e62177e84718a7e48aa70e43a51b670f7069f1376d47798b2e564d1029b3873f21d2a73e254bd54c939253ac18c90ea7b0fb26064509579bd6afdfa764000000096dd60366be3cc09d70491b0b5234a7ea534dae44527b52e51db89406419f81b5d050c672e24a4e9636e892fa6a23a55a3cfcb5ad02a847b1d36bc956a25ff7c C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b00000000020000000000106600000001000020000000b44149fc9b9603bdca4ac680f9f74523d9bf8320491e98bf7b54b02fbfe2565b000000000e80000000020000200000005364c2ffefb8ea63a57c97a3c739128d9f8193b3319dbad9500620ebb1b0b5cd2000000096f73007631b7b32049932ae917cf44d9de3764d27ebeec43fb03f2102faa1ea40000000747cd37cead2dd4900a0e64d0665c930a773c1b8b96ca339aec78fa71c80efbf8e574dea12678deabe690f1815c00208c43b6162bfddc4d6f7ae600a49b640fe C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{ADA92321-21A8-11EF-A5E3-DA219DA76A91} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0a39383b5b5da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423581250" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91dd698a60e24fe8eabc02a6a36557a7_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1748 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 afeld.github.io udp
US 8.8.8.8:53 maxcdn.bootstrapcdn.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 apis.google.com udp
GB 142.250.180.1:80 4.bp.blogspot.com tcp
GB 216.58.204.74:443 ajax.googleapis.com tcp
GB 142.250.200.14:443 apis.google.com tcp
GB 142.250.180.1:80 4.bp.blogspot.com tcp
GB 142.250.200.14:443 apis.google.com tcp
US 104.18.10.207:443 maxcdn.bootstrapcdn.com tcp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 151.101.1.229:80 cdn.jsdelivr.net tcp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 151.101.1.229:80 cdn.jsdelivr.net tcp
US 185.199.108.153:443 afeld.github.io tcp
US 104.18.10.207:443 maxcdn.bootstrapcdn.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
US 185.199.108.153:443 afeld.github.io tcp
GB 216.58.204.74:443 ajax.googleapis.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 8.8.8.8:53 apps.identrust.com udp
US 8.8.8.8:53 apps.identrust.com udp
NL 23.63.101.153:80 apps.identrust.com tcp
NL 23.63.101.153:80 apps.identrust.com tcp
US 8.8.8.8:53 x2.c.lencr.org udp
US 8.8.8.8:53 x2.c.lencr.org udp
BE 23.55.97.11:80 x2.c.lencr.org tcp
BE 23.55.97.11:80 x2.c.lencr.org tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 185.199.108.153:443 afeld.github.io tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
US 8.8.8.8:53 zotsell.com udp
DE 207.154.196.225:443 zotsell.com tcp
DE 207.154.196.225:443 zotsell.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab1190.tmp

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\Local\Temp\Tar11A2.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 13ed5e0369cedc64c8437eb9a493a981
SHA1 880053c91809fef7b2a3d688143f554d5a05c0bd
SHA256 3560614f2f62c19498d2ad6c3b9fa8f232883167479de05e924a5a3ab19a8454
SHA512 18b3c940a3b722b58c476af4141ab987ed9f7557c1e52f3f20548b2c209abd67c943761d22e20ed59c36d69f8cd911285aff7efdf2d20f51c35cad62932aefa0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 d42db332f71b8ac44bdea1ca4b30815a
SHA1 b0403309d2493b545a57a2b5fc271b4962d7e2ce
SHA256 4fc186308491c1438a8ae2745394a1197024b9c8312495e0ed8ae73bfbdc387e
SHA512 62b9431ada16b06a99f1c3fcee6b6c6c84e87c9f5e0faf199ea9916e54233a614310dba3d07c0e9629348c70bdd8afa823990db1a29a41092500e8a3d5a402e0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 cae3588ca1583fbca5a5c647a21cae5d
SHA1 25441408434a8ac330ac6cec3b9766e10a5d773c
SHA256 a15489fa10e471d93fba08c7df137fab7021f781227a33ff77d0ca774472bf3e
SHA512 42db6785a02f97aed47ebd1b441515a05da1f6656c5766d2283d90acbc0012010162facb3f0af82945ae18c87307a42d9b9c97ff63eb092cdacc864845664e3c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 b2e8be365d17e4fb0bbf2090a5fd06f9
SHA1 8870af8767d33d814b6588a3c97afbc670015be6
SHA256 be9670f50a38349909126e6cd6e4e62bd0349a927579128aaef2a26c2077c131
SHA512 94d9ec9a8a4c241feca8be4f665eff096d25b65644dd8ba86c9875fd2aefac43758d58d83c54abfc8571a1197e62168f0b0c9120fdfe1b5abed49e6bfa02e5b3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar1256.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ad3a0e1d4ccfc6cf47e53a9199bed138
SHA1 0616297f522cf0213cbf1e77b3a700538b1b5696
SHA256 221a570a46d8500e7cadf5d24c18cd783b188680150169d45153d4184a3a50c1
SHA512 1de8621eae2ff887b7a950933c889cb47b6e7570b848285973aec48cc87e7123f44032f804cd144e0437858951c8d5ccb68a75af5b1ab6c9780b5847a16a7375

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_827A2BD464611B5891D523F77B43FEB1

MD5 259ef48f68dc0da5e37410a50a5a1cbc
SHA1 6745631f2767256440499b57cc04c960044d5fb8
SHA256 3f402ea4d9762e49d0f43408f40c3ec51ee95c34cc9dec2fdbe00fa62ac52d3d
SHA512 bd846ac87e32af8db368e0321ee4c59bfe0f9b0756ffdeabc7e18cbbe397022d683809e730f8757e8d4531e050e3ad60b805d667b3340717cb9cb6e1d846d730

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e2e7f7cc3f139e5c304bb7861df0bc50
SHA1 5fc3d8215e393af3f41abd9e7bc4802930af356e
SHA256 7e84f094d79cedcc8b970d02ab37f861c782082da7967ba35efa22c2bef00eb8
SHA512 8f46b93750a0800f6e5896369c601f0a55d9b8065a7245419cda345920e23e37ed577e12230328e6700ae3a6396a9640efbecec24cd11db79fd723d3b3fe4452

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_798B036C05F381321FD6C3F00885C62F

MD5 6608804d996e2f64c48e96c3f4738928
SHA1 04b62b221f8bea13f4a910a8bc905a85467bd007
SHA256 44949d6ea59e35f84a9a9c4c99a07a4e97f96734392f6f11ae4a1cb018c4cf03
SHA512 809df8f8fbbd851512eada9976b2bd6b7c74b0bc3dc39ebbadffd5c11f47cd78720c2fb1068ee883b22eb2b56ef8639a886ea49e24d187c0ab8e2ec136e309b7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_827A2BD464611B5891D523F77B43FEB1

MD5 3cbd995f8bc61a3669d6dccec2391d8a
SHA1 39e5903bb99f1d045f6b0c2429b43ea8e2d551da
SHA256 d302d7266945490d5d06e91e1c2557830688004c572f39343357dfd57ada50e5
SHA512 6335e0e9db04d46564a47818a02c3ed714ee705dbc70ecadf252f2813ef62ed14bf739ea545d69e3214d21600a2d9257013545ab3bd7eeba17fe1fb07b2a22ba

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3bb771d398a93a963a102a6155b03075
SHA1 66848ae0e10a94bad907d986574b5f9c6e442c8c
SHA256 9b3a51cf041da6dd92f32877b621d172a66437c52480771dc09074bc4a69a477
SHA512 5330749e1069a6ef8cc4073115d77919d1411bc451ebdd3f7a43ed31f9129534e4dbfbc1793e32d10bffb838b184eb2f6fa21d95e6e87c8712aa3e76f8bfdd33

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F59A01A8B782D93EA6991BC172CEFFB1

MD5 a390956de7da6865d319ab7de33182a3
SHA1 ec5645ad24a551c8e308c577fc83d155090a2a48
SHA256 a156365095ff729a263fd4b2798b988961dad2e8b2f6d101561e2d547cf31c77
SHA512 341e91f6ba4b8025ea8f8838f899396bfeea4aedb7aae59b63d1d848abcd9758cdb063efcb8a3ce4cb4565281a22453e1b8ab3feade92266d3680cff217f7882

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F59A01A8B782D93EA6991BC172CEFFB1

MD5 c5dfb849ca051355ee2dba1ac33eb028
SHA1 d69b561148f01c77c54578c10926df5b856976ad
SHA256 cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b
SHA512 88289cdd2c2dd1f5f4c13ab2cf9bc601fc634b5945309bedf9fc5b96bf21697b4cd6da2f383497825e02272816befbac4f44955282ffbbd4dd0ddc52281082da

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 475418e21c14af9b9340d671bbd2c0e8
SHA1 63a4113d3beebe1dbfd25cf10cf9ce64dabdc92d
SHA256 abffb6db0c5cabb8c4d4a192aa7ae4d4db7fd46eef75df26ff728b5004479020
SHA512 0aaab7036f8d99ec672dcf99d9a20829c420476270839bbcd54c5ed4cbebe01e5b24d5fe331e457fecae241d0ad7ab708e4b8bfc2522ee06796f606dcc280d4a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d74b689026b6543f8f7c4260f0137b6e
SHA1 7a9bb691dd9972a645aadabcd221f5ec21e1d9c5
SHA256 b873b6fd01ea6dfb0b9f4ffbad8a35a1264e9664671521cbd395cbf0b52a778d
SHA512 c74d66bb8b008647cbd6f87593cbf30b4ee2c9796cc9a2e462419843d02dfc6aeb904e6fb0565eb2c771b5cebea440ae6664d12a6e682200a48c3bb692b126c1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b4ba08593bd735aa18e0b4ac5b914e61
SHA1 221b3090120b121e2fc338591671fcf4b1ac2522
SHA256 8d50696dc54bb1ac91d2722535fab3f7596305711c5ac3da46737cd662c6b197
SHA512 9eca7fa8bb20ff970a22e6b38a7e5131c00bac433fa17b46fa0a06561bf727b0ea17a15b538d7028aa136e2419e496925f222a11c6527acee52028bd6f953a79

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 66d1857f769510901b6cd68b1736f4c6
SHA1 b26f5794f0b8140a6695ca54f2b7a69da4a8a59b
SHA256 1098597c1b7a0137e0e157bff91238d0911fe140a812a00cc6bf549645a3e834
SHA512 88e0c4535660c193e5dcd84451943f821427362d158c9a4895250c613c67ab42f48c3b4f85f91e55ab5adaa3bc5da338b8e54140b07841d8e9cb5c5df866c3bf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b6f8c5b4d68ed7aaae70d831fe010099
SHA1 ad28c663f879ef1aea421656879c9cc56bab9736
SHA256 ea4b1c42fa0a5d27f3d4e2e02d8e5fc041143185c4ef2e7cce465ccd0a8c3548
SHA512 3d7da7290dc8d5e5c9b1c1e4ef2f95959f4fab0a1404720a8954a8bb566c6ebaef254283481e1d472503c4bac847733e8679508b22db48415edb2bfbe1fe26c8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c4044c7ba165f27a942a7b3cf10afbfe
SHA1 f73a875208ff57756297e78e80b64188b11e55f4
SHA256 c7c8346d84a0c6fca8bb47a63aba10e642f89fdbee13f314285e1b3acfd2e125
SHA512 b3fd24e3c6e25fc232dd31a0a7070acb4e6d2ac7b386b84fdfc683e279a7ac37bd68803b05eddc04746c6ffd93aa1bc6132e81bc8fbf6678803d6ffa5111fff3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ae83d351122d4ffe850587000e3ef146
SHA1 4c0481891708d215ec5de4590b0a2219c6dbe891
SHA256 cfb53415bf44bc210db5f0eec341c1819ff9bc3a11e8f8fbb8a6b42fec107554
SHA512 d42c0816a937f860064e2d61f693c9d45c7530495ac236c6133c45f8e8dde365356ef027709673bac9a7c83fc32fdee8afcedf740d86022f61de2183883b50f2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 174dc70043d36fe5ab876b81c97e3132
SHA1 521e59a5eafea60b2ecf1235b738d2d686293ad1
SHA256 78270775c86422a4e50ce381328a25ec400c68a77e32d55442c71ed472be7951
SHA512 ebdbdb9a144b870c4c249b6e53db5d9fc34bb80ebbcf8bc26d073eee535f78e0e4d2e77de55b74ccd610bffe8c7c9544b77c750ad2a9c1ded6c317c465b66b1c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 97ff3a4d8402199ba189b57c858b4401
SHA1 76883959594c3f91c7473e5ed16471668c5096b1
SHA256 02427fcc9b2520380b30041bf32b1b3793ff2635333229186186ec064a00cdb6
SHA512 2e6da1bb48bafd7a2f08410958dbd8027eec8f88fd131e91acd5772b48eafdebf49d30d82125bffb45e023dc355068cb2621e4ecff26c070f44987d904cba333

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 be1e69bd9aa715ce180ad6674e340800
SHA1 b7017962422be00e4ed6dbe3015c374bac321463
SHA256 d1e5c6b8da3034b435c7f5157a7e5f6400d8a0e6ffcb7b0a3e1621c294d0228a
SHA512 535017f1c5ecd8e2bf24019e6083d31840799e8ebb2939a1eeb1b18f494ae8ab02a7880edeb85aaa9e8d1bd4d11daeeca98de624f1fee72608df606ebb6fec22

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8a71665064f57d83fb8c59cc71c6903c
SHA1 059c132e397177efc52ed61b1e050502a7cf74db
SHA256 96b7ad5ac8bc08e35d89c60f4dc86757b3580003598118984fa82f60b40664ac
SHA512 980ccb8f5cee0e43d0366694bcec76c29ba4a2bb13027dbe9b008a466d77f92caef07d580f435049ca19956bde67c23f0c6dbb59031e570b37c09ec001d1807e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1b4537457972d56627c495047b6206e1
SHA1 4e6798a3c40a72a3d0c3dcbd5362d0057df05e06
SHA256 500771cf5ec8869192b2696d88f8a6b3d49f9a64a13f05acc67af64f8e85bb41
SHA512 ffc81d4dbd74905294b71c8e9197c9a0e91be51c3164cf7303c2e5b43025f2277c7c633ae3f97a928b7b727b78d8b5b6989904c59cf197e21b2a19838ae1016d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 aa87c0d60dc29c75f4983f0f696970ec
SHA1 321554432a6b8516205ea2e345b9c6fd861081de
SHA256 c5a6fc9191f313157b92df4d42c78bd44d7d0a3bc295c403da0169d74b289c03
SHA512 2d0206ed6013959e86965c6d1c71d0b69688498ab3b4d57692d7db4733c08a90d8d670f69c7fb9b92eac12b770dcb408e352743a8100c9fe16e0c2958f0b5bc1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5f6f249581441d62b87697e762f9de32
SHA1 8d5e4362819ac806f5ac298b2bb3a989e2c49390
SHA256 b884091b5f466cc150d1cbe5a7a3602192d6b8a305424f6ded88c287eaff52a3
SHA512 06b5b0483b9bcc9068cc8a1b88c520b2b9d782e7259988b4d678eb76e269d359a566c35b4a702b13a6fd88659c290e8b118a1bc94c627df169e2d9e9bbd5a88b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 31c06a1809990b69b76d67108f39cdc4
SHA1 b336ccda092be7195ab7de22cac60c3d74904b76
SHA256 b4058cdf09802546f5a5396123183b73a1068156df5d17c8a92ed02966d6bb7c
SHA512 7b49d1912903f79453afc3e948ef036846a2737adfdcde0949f94b4b381d99c83a45d2ad56f4249ee2d5d6be5fcd408c92a6a73794222558fd0c5bd5651999ad

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a383c63193c5e276ed76a819b33e98e3
SHA1 2e95862eefaec3d76a72100d15aa8ab0c26f2f09
SHA256 96f09cf11a356898a826faece49ad9f756839429ee7f95746555b89488beeb10
SHA512 2a761ebb80ed03707d2869c35aaa0d8f1cdfbaf192659d5611132e47bd80464252757e9830a81784fc6c7bfe2d9a3b31e1713500bc7c2e68a85df91a0cca6ff8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1baa082036719d52f71223c306725f53
SHA1 b746e242581da5f80bb6c66c9dd093bbd6f069e9
SHA256 35731d11f9060a6e3b6dadf70171d16384a9833968817876e668ad8c45640e99
SHA512 230ed9fcb5c7db72db6a24f601875dcd891ac8191175aeca9774802af0c64f6d707f5792808b388d5506aff406c654dbd9585e88f74783aa0b53cb80e01b9a13

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 85592886224e067bc6a78930607b1f78
SHA1 392499653bdd2d4c6fd9272a335e27ffa0168e6a
SHA256 d7afa6d30d16465714514d33b8bc01d66e7a4cd86037dd8354fc7c4ded215fe9
SHA512 76e0511ebadec2d3387296967410e136a3eb52754a5857d601a93ef9886a953c911bc14b2f9712dbfa2c8d45bfc622b93339fe15438617cd6c6053759d37c31d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 49d0730446d85e935d2e36e93ed464b2
SHA1 155ba27f4d77ceda7a9f5498567f6d32a7b404b0
SHA256 809996d3fde2638f97cf8afc50e60e8b49c8efcb78e4465b4672c603e7ef796f
SHA512 825d70c3cdd3251495898897620290aadedbb8d014000a8e4c287e85ef20d6248a0ec56958e25c002f4414f0e63e95bbbfb4a9757ff5e6995c64a39a609c8726

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3edbe4695daa8d35d4cc31d3627e10d7
SHA1 aec1dacc321e8451e48bf646db91f91e964f2676
SHA256 de90b29dba41e1aea631e87fa266ec3aaedb6f6d346b2c6e21f99a47335ff0fd
SHA512 127205567227c1c180bbb7f7f88476644ce0d5d19d563c3a5202877b6b1d8fc3b13012ed30afbf230b13a905d5e5ee50ab1d6730e3db02f150759236170a1305

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cceb3cb8864b9a304c974fe4d02210f2
SHA1 f7fa53b567131c35f625cbf8c8b8f75faa1ba540
SHA256 e18ac5e975f7636f59ebce5fc59e115c8e5b1b5e0abc13e3515ac491ce68f681
SHA512 1934a651528377f81f47f45e755e9320543afcc008b87809e32ef4c8f5860658e3b50fcf84cea2c3e5aead8e800907d784dcb0439ced87bc29d72913b15ff823

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a50a9bb6ef999ff62bf2537173a8cce2
SHA1 2effb5a538fea630f71ce0ccab5aa3b61f16e4dd
SHA256 8bd6fa716dfed12844c7d0cbb9e69fa047ca93c735dd5c377f991a6ae2ef49ee
SHA512 ee9785f28a098d2833990d15642d292279936bed642f64f3b579af8df1f29966d4d92b76b68a701204ae0e37a5c8c5ec7122fdd0bdb975c76d69a9c654252929

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4298851495caccad99e6519fc2ff4ab7
SHA1 8c7fb0903516072e1a039047a9a77b48906593c5
SHA256 8facdd4f53aeba093ab7bff0bf92d239de38bf26dfed15fa0f3311f792803835
SHA512 cfc62d639e210f56e8f03a1704591b42a6ba6a0e21a12fdc05e8b7eda0858edbd03a020a758789e93d2b83a66b074251339c7e8c6a1243560b35a3af7a1377e2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4b73c112b021b990ba27a0e9d3386796
SHA1 c292ec4bbd4d3495876e172e94a60e05029ea304
SHA256 f4fe2d470d4d53669e14e422109732b66c2efb69bcb518f93a7506a80cebee23
SHA512 96ef70e7d5df276126ca4c4c82abd1794f3e4d32a841ee2c52d12086025e9422186a6cd381b5fdbb3faa85578eb939e80222a14748cc8f716b53d7ac33e041a8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6de139fd4e301191ab5ae5548cf74083
SHA1 d5f041ea580fbf69fe8ac57af20949e7e2d8403e
SHA256 f0fef7ce057821d93d2d2bb4104da15b7d8797ebd358442030a5aa3da271c61b
SHA512 31eaaf7d0beb3f989076242fe764af0e662752c43d5fdbed87c20530a619feaaff00aa574d3ce3987179b0258131d7e4275f951bc9d00173c8905da1b897b873

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 aae7705d3e2806f2166a2c91439a2e1d
SHA1 18828d43f285a636c8445e3ed7d225bd99391835
SHA256 a6d1fae19067615eda37487a8dc567ccdacb014ecace2576e3a24b51035c1be7
SHA512 93ec7f9c048f89304332b4713ff3cf2b357d2158eef891b6c08ff967bb67b37e54f6d1262c7cde105f3c3c271114aca90519655f551e901943bd72abd204036e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 83120eb8d36e0c41cb5b31dcfea6e498
SHA1 70bd109eed766109bdb3f3decbccb6f1bd7cab4e
SHA256 da21be296b6e05e0ff6475ec82cd1d7f712f6c351362419c95088a8c80d76a38
SHA512 3e1dd6b1fd09674204172b9b00714ecda31793a84010d06afa215a9b484468192e7b80f6685048fdb9177199601decd00947ece1274f3c7c7013e84f79fc6aa1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d537e73ecf861f4f817b52667585bb2b
SHA1 aecb2e8efa52da88b599af4274fa668e2480be33
SHA256 b974f1e2a8204fdb7f6fa342ccfbcd38d501ea326a5d34ea7cd3ba820044888e
SHA512 eafcdbbcdbb6adbd9cfdfa30b7ca4484b7fa961356f236b439a9fbee8d788563d67fcc550e5846eaaede20e8469e17e58f6e81846dbc2dcd43241e5dad1ddf24

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ac22a9c0b2fb322336a4a41788add283
SHA1 13c57cd09985a4e2d008da6ef16998fce4dbabc2
SHA256 1148d3a776c6583aa79812d031c9d3a8c54ae67096871a0f4906e33632eecede
SHA512 4e738383ba5eb9c9036f10e8142ef777f23618c53011a8e273b6eaa97e993b08d0f5b9e520a38ead5f9efb6c674e33acb8b57852ddb70d7eb74ed8850bd928c2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7680a4fd3a6e7b02409e7fe50928d6b2
SHA1 05d0369ca54fbc6204450da043cdb1fcf1085bea
SHA256 3cf67123364602905156f15ffd878160c8a69a98bf435451eb559ff890f4e43c
SHA512 2ff580a4fd328b2380c9dc5bcde93c36e6b8ade6a1a0f0a0cec3264b9677c6d8ee8391601611d5adbb488687be8c430c491f08efacfebc8ae42129b8db72ef46

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 33160992187e6ba0e6e77b92624643cb
SHA1 5160a59bf7ccda62c198f82c2a68fd791fd0c3ac
SHA256 774a33ad1395ac4212d89357795ea80ba8870407f3caeefb8b419079447cbf26
SHA512 b979ea50e670810f308e8f42178700744225030d3ff7c79906f4590116f267fbf21bb06cb8c8052e399960fa4372e505ae474944b7772780934c58ec5b323d45

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 91ef54b08e9800c44056f6a71b00b181
SHA1 0b777fea6a6a1007bbc4740ae96c3aeeaaec75fb
SHA256 0274ba21c966d5849faea1ca7d438035417e9a78f04ed844c401d53a016a86bb
SHA512 76b6f3a54f2823b88316329cb2b7eb620ef30cd4bb0ed11381074a5e326c735397b18857bf35097dec7662bdd9155c8088633d7d1f080bb42c33cf5e630148f4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a8f15b66b4693797e5df3667450c8273
SHA1 28d49fa137f26b700172c0f3a9fc0d2b9d90ffe8
SHA256 30de92c4ca1bb6ac89b6dcf590ce2dca7544879ae4f87a761c120f597031e0bc
SHA512 4a82f8ffc2fc2cbdd5a89058075b80f48148bf88a2f0f64592d7f433ff84f4934b631e17f94af8442c7d01110ebf38990e6998d05ead675d17b713fb1a713c83

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 66a3844a7e6e43bfac9becd8623c4b6d
SHA1 402450e7c7288800038f3e17aa7eea7f35a00380
SHA256 b1ab5cd04a014dd9b647cee9d4aa98b48b13bff28fde2502f94a7180ca2b9edf
SHA512 93611e53c2c7ce7e953bb4f5d96032ec890a57498e5fe6ad37d653a14e1b80d7e14c12b753deb933f584971762572a5d2a3791a951aedc5b26817ad8b1e941e1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9fd06c1a071af8d2af454829e0078602
SHA1 fe8d2416488804652409986adb0865f80860c94d
SHA256 00dc662fda9fbf067ac19657d52b169b290e3a7b4707a5f07c2824aa170c7c8a
SHA512 bf652910cd5c99a5d267890924a44fd884f3dac2b9e626567a1c566405aa57e7fe4849ad244a4d99a30070a279080a5699dbb0933bf48bcd0d4e1a5092161bb9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3551754da1b0b06fe057ab5d7f5246e8
SHA1 bfbcbc0cdb6b2e0ea8f9ea8f434cd5605992949e
SHA256 525ee1ea5d609f9a101dc89c8b07a304f78c2f6beb951ee75d78f79d7b5f0d97
SHA512 6fce509f07370390abf8e6932417d01611d0408b465bee3b752e1b249d8277a7e98d7713ccabcc503232a59791bbf3f512c92bbb2f0de1d22ecb6161564c7a79

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-03 12:56

Reported

2024-06-03 12:58

Platform

win10v2004-20240508-en

Max time kernel

148s

Max time network

153s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91dd698a60e24fe8eabc02a6a36557a7_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2940 wrote to memory of 1868 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 1868 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 4124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 4124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 4124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 4124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 4124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 4124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 4124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 4124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 4124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 4124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 4124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 4124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 4124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 4124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 4124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 4124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 4124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 4124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 4124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 4124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 4124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 4124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 4124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 4124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 4124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 4124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 4124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 4124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 4124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 4124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 4124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 4124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 4124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 4124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 4124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 4124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 4124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 4124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 4124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 4124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 4896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 4896 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 3000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 3000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 3000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 3000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 3000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 3000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 3000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 3000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 3000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 3000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 3000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 3000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 3000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 3000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 3000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 3000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 3000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 3000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 3000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2940 wrote to memory of 3000 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91dd698a60e24fe8eabc02a6a36557a7_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc6f0146f8,0x7ffc6f014708,0x7ffc6f014718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,13323424106690795034,622878702904794077,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,13323424106690795034,622878702904794077,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,13323424106690795034,622878702904794077,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,13323424106690795034,622878702904794077,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,13323424106690795034,622878702904794077,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,13323424106690795034,622878702904794077,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4920 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 afeld.github.io udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 8.8.8.8:53 maxcdn.bootstrapcdn.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 www.blogger.com udp
US 151.101.1.229:80 cdn.jsdelivr.net tcp
US 185.199.108.153:443 afeld.github.io tcp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 104.18.11.207:443 maxcdn.bootstrapcdn.com tcp
GB 142.250.180.10:443 ajax.googleapis.com tcp
GB 142.250.178.9:443 www.blogger.com tcp
GB 142.250.178.9:443 www.blogger.com tcp
GB 142.250.178.2:445 pagead2.googlesyndication.com tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 8.8.8.8:53 apps.identrust.com udp
US 8.8.8.8:53 emoji-css.afeld.me udp
NL 23.63.101.153:80 apps.identrust.com tcp
US 185.199.108.153:443 emoji-css.afeld.me tcp
GB 142.250.178.9:443 www.blogger.com udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 79.242.123.52.in-addr.arpa udp
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 229.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 153.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.24.17.104.in-addr.arpa udp
US 8.8.8.8:53 207.11.18.104.in-addr.arpa udp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 9.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 153.101.63.23.in-addr.arpa udp
US 8.8.8.8:53 226.21.18.104.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 apis.google.com udp
GB 142.250.200.14:443 apis.google.com tcp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 resources.blogblog.com udp
GB 172.217.169.66:139 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
GB 142.250.180.1:80 4.bp.blogspot.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 www.fontstatic.com udp
US 172.67.147.145:445 www.fontstatic.com tcp
US 8.8.8.8:53 www.fontstatic.com udp
US 104.21.28.204:445 www.fontstatic.com tcp
US 172.67.147.145:139 www.fontstatic.com tcp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 netdna.bootstrapcdn.com udp
US 104.18.10.207:445 netdna.bootstrapcdn.com tcp
US 8.8.8.8:53 netdna.bootstrapcdn.com udp
US 104.18.11.207:445 netdna.bootstrapcdn.com tcp
US 104.18.10.207:139 netdna.bootstrapcdn.com tcp
US 8.8.8.8:53 code.jquery.com udp
GB 216.58.213.14:80 www.google-analytics.com tcp
US 151.101.130.137:445 code.jquery.com tcp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 151.101.2.137:445 code.jquery.com tcp
US 151.101.66.137:445 code.jquery.com tcp
US 151.101.194.137:445 code.jquery.com tcp
US 8.8.8.8:53 code.jquery.com udp
GB 142.250.178.2:445 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 151.101.1.229:443 cdn.jsdelivr.net udp
US 8.8.8.8:53 zotsell.com udp
DE 207.154.196.225:443 zotsell.com tcp
US 8.8.8.8:53 225.196.154.207.in-addr.arpa udp
GB 172.217.169.66:139 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 s7.addthis.com udp
BE 104.68.81.91:445 s7.addthis.com tcp
US 8.8.8.8:53 s7.addthis.com udp
US 8.8.8.8:53 connect.facebook.net udp
GB 142.250.200.14:443 apis.google.com udp
GB 163.70.151.21:445 connect.facebook.net tcp
US 8.8.8.8:53 connect.facebook.net udp
GB 163.70.151.21:139 connect.facebook.net tcp
US 8.8.8.8:53 63.141.182.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 612a6c4247ef652299b376221c984213
SHA1 d306f3b16bde39708aa862aee372345feb559750
SHA256 9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a
SHA512 34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

\??\pipe\LOCAL\crashpad_2940_ANPVHRCSSMYIBRSQ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 56641592f6e69f5f5fb06f2319384490
SHA1 6a86be42e2c6d26b7830ad9f4e2627995fd91069
SHA256 02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455
SHA512 c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3c4fdaf7e56b5e5ba55a586fbfbde854
SHA1 59b828158ab9e2b80da1e3bd50d577d0a154d977
SHA256 15ff57af47a186d084b177c37fbad69c825117249b385a3a60f0c978467d0883
SHA512 d33435f87a80b2d3a03598a9aeb1c32792386e68f55b58b69deca042c51abeab647fbfe7530c14bae5f5761066cc094827e09273845a85c37e75f1dfabbd70ac

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f60ae7f505046f554f3985e4e59457e1
SHA1 88b457c3515942d3eed12ae89ed3041b040fecf7
SHA256 0cb3757b90235b9bf5d2b8d8f1226d95744dac3e8d57b6a6aa1ac17b9226202f
SHA512 cc56ad61abb6b1b7b006a6017fcd5988b8257bae5580cea2555aff8764dadc5b0b868438df86cdbf3a73c56ca81eaeb058af75f53afa5d6e46b246b231a8c1d4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3e9dc0e7ecb834de5d44ed815807cf88
SHA1 a29689997ae8f80a6d146625b996ec8b9ffe9758
SHA256 42c52003b32b7d08c4a478db53d9124d5b908a3e684ad245d8b551373d27ee4c
SHA512 4b995d36f2e416849fbf514d1e9c56cba0ecc5e5fa5df0175a8c6c835b87d7c5f0a057e107c2cb2842b88bf2f98c7015bf19ee95407ffbe96f203436cb82b38c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 d7430b7499be25ee45fb672ef01389de
SHA1 c432218973e368848e3696c386008b0f650c2763
SHA256 5e29aff21413b3a91dac90cd3e40738ac23beb65ad75c8a194d6f1755447d14c
SHA512 568c0d9a910ba7f8f1687ff84fbb97ca9d8a8f1b72e531b978b44df6ca040f641861ed9d4c315b5bf87df5b68b9d66bd39471b43513e256316dc16804663e182

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 cff9505d7921d97ce1d8227faba06193
SHA1 352def65a6640a7921f693b8c74f7efcd9d8da8d
SHA256 83b4e645ee535e4106937ee342589fa9c4b9a98562ce0f3866aee14a50b9d0d7
SHA512 d293c30b67cfe5cc9e1ac453a2c5b73877cfcf32cb9b4c892e95c4fb35caf8f53c89f7e32aa58af6b6938dadc47c5c5dcecafc835ec5c6b79b22588651f499ff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58d1d2.TMP

MD5 fb555cb0aa7af676441d7d8526681638
SHA1 ce91826579e2370de585534e8e30b98f642c8dd4
SHA256 c4906e99416e62751f4990a2f549dc2f567b49d719b925534546100b231dd4fd
SHA512 ec3cdcdbc39d816cc2d87c2f076b99329cf4a441ee293bb1b23a833029876aed37e3368141a0cc0a8a975886b7ed832eec53e4679797adc9a1035e97d820f9d1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4000863dffe29fa9ccaaa07fee1d082c
SHA1 9fa9da888193180eff539310c4e156373971ecac
SHA256 157db93c4bd7543183e0e3dce7ba84b55eb53ab753056c1eac026d7d098b550b
SHA512 746ad8a06d6668cc64437ef2c889253e86902dc0f80ded808f4f15d084471d7e61ed6dc7991a0c18ea3e4028ba7399d8a43028f66821d73f1cb402d73fca4079

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 9aa0972467053d96257f11d38b940e20
SHA1 4e118e325cd3e8f1a8f680c74960e0d94c93b73a
SHA256 7b6770ca52d9dff706b313bda9339409f27794200c0f1e5cc5d5548731b88b35
SHA512 1772da8a5752ebefee709be102af1d2e7e175aba3c45b32275387638aaf6e0bf62bb454cf0490dea079f69316c56b7e479d6502ffb737791b54e5b79b3145296