Malware Analysis Report

2025-04-14 04:40

Sample ID 240612-3r2p3szaln
Target a2fd5315d6763a8ffe1445a823f42ffe_JaffaCakes118
SHA256 8b7af7ec27482f1d0053514dfc5243bcd43862bbcae65d43d8f2e5e1c9791a62
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

8b7af7ec27482f1d0053514dfc5243bcd43862bbcae65d43d8f2e5e1c9791a62

Threat Level: No (potentially) malicious behavior was detected

The file a2fd5315d6763a8ffe1445a823f42ffe_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies Internet Explorer Phishing Filter

Suspicious use of FindShellTrayWindow

Enumerates system info in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-12 23:45

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-12 23:45

Reported

2024-06-12 23:48

Platform

win7-20240221-en

Max time kernel

134s

Max time network

128s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a2fd5315d6763a8ffe1445a823f42ffe_JaffaCakes118.html

Signatures

Modifies Internet Explorer Phishing Filter

Description Indicator Process Target
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PhishingFilter\ClientSupported_MigrationTime = 804679a422bdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PhishingFilter C:\Program Files\Internet Explorer\iexplore.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{DF88FEA1-2915-11EF-9CEF-E299A69EE862} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424397807" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000517fbf4a0ecab4ab4a8f97ab894332e000000000200000000001066000000010000200000006de2c2c7a3398775053847b4e52c00247e79a0b65c8c3667ae6f11a3ee1145a9000000000e8000000002000020000000b5c3d72e78b4b2d43f22584e6e38e5fbf64a9503097aef71935c764f0d512eca9000000004dda677becae6243f4a16763b2a386b78aae4f395563cfe67daaff2dc0a611e41d4b234c6f4f41f9ea9f60950f9968d0c1d123234f304df0bb8baf0a59b71deb4d57857984dd66447c5feb4d8c5cc7efe3f5098d08a61cfbb5f8d43d37ac5c14aa6676f0c14d55e549744c7a40da79409a21eaa2ee9112f7ac02540252c7a16b95d72afa2211d805dd4b514dfe742184000000043b48bab639ae99efdadbd8f4077cfdaefa00fa1a37c2188894ddabe66fb4da3695ea6b7042ed10ae38df160ab732a8754f20dc91065a3c634de61d133d6d43d C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000517fbf4a0ecab4ab4a8f97ab894332e0000000002000000000010660000000100002000000008aba5828a8b2b7b9cf3792e27792af5d37337d9d846f47e7585cac543170c9e000000000e800000000200002000000049629fc35b8d1d6590646e4ae5a6faf1cebf3f715b92552d0288a94f5714b1f120000000a2efbad63e8516942658e6faa51be5a22c4273f4ba3cb33b128ffbdf31525b3a4000000018198f93b07be5f0ec3a893473f9b5ea17e76e4d5701ed61811014002d737165ff203e481918bc8000c6162827313eaaa3fc07174e7e38129459975599cad35d C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 705158b622bdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a2fd5315d6763a8ffe1445a823f42ffe_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1096 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 static.mackeeper.com udp
US 18.172.112.104:80 static.mackeeper.com tcp
US 18.172.112.104:80 static.mackeeper.com tcp
US 18.172.112.104:80 static.mackeeper.com tcp
US 18.172.112.104:80 static.mackeeper.com tcp
US 18.172.112.104:80 static.mackeeper.com tcp
US 18.172.112.104:80 static.mackeeper.com tcp
US 8.8.8.8:53 mackeeperapp.mackeeper.com udp
US 54.225.68.202:443 mackeeperapp.mackeeper.com tcp
US 54.225.68.202:443 mackeeperapp.mackeeper.com tcp
US 54.225.68.202:443 mackeeperapp.mackeeper.com tcp
US 54.225.68.202:443 mackeeperapp.mackeeper.com tcp
US 54.225.68.202:443 mackeeperapp.mackeeper.com tcp
US 54.225.68.202:443 mackeeperapp.mackeeper.com tcp
US 54.225.68.202:443 mackeeperapp.mackeeper.com tcp
US 54.225.68.202:443 mackeeperapp.mackeeper.com tcp
US 54.225.68.202:443 mackeeperapp.mackeeper.com tcp
US 54.225.68.202:443 mackeeperapp.mackeeper.com tcp
US 54.225.68.202:443 mackeeperapp.mackeeper.com tcp
US 54.225.68.202:443 mackeeperapp.mackeeper.com tcp
US 8.8.8.8:53 ocsp.r2m03.amazontrust.com udp
US 8.8.8.8:53 ocsp.r2m03.amazontrust.com udp
US 8.8.8.8:53 ocsp.r2m03.amazontrust.com udp
US 8.8.8.8:53 ocsp.r2m03.amazontrust.com udp
US 8.8.8.8:53 ocsp.r2m03.amazontrust.com udp
US 8.8.8.8:53 ocsp.r2m03.amazontrust.com udp
US 8.8.8.8:53 ocsp.r2m03.amazontrust.com udp
US 8.8.8.8:53 ocsp.r2m03.amazontrust.com udp
US 8.8.8.8:53 ocsp.r2m03.amazontrust.com udp
US 8.8.8.8:53 ocsp.r2m03.amazontrust.com udp
DE 18.245.65.219:80 ocsp.r2m03.amazontrust.com tcp
DE 18.245.65.219:80 ocsp.r2m03.amazontrust.com tcp
DE 18.245.65.219:80 ocsp.r2m03.amazontrust.com tcp
DE 18.245.65.219:80 ocsp.r2m03.amazontrust.com tcp
DE 18.245.65.219:80 ocsp.r2m03.amazontrust.com tcp
DE 18.245.65.219:80 ocsp.r2m03.amazontrust.com tcp
DE 18.245.65.219:80 ocsp.r2m03.amazontrust.com tcp
DE 18.245.65.219:80 ocsp.r2m03.amazontrust.com tcp
DE 18.245.65.219:80 ocsp.r2m03.amazontrust.com tcp
DE 18.245.65.219:80 ocsp.r2m03.amazontrust.com tcp
DE 18.245.65.219:80 ocsp.r2m03.amazontrust.com tcp
DE 18.245.65.219:80 ocsp.r2m03.amazontrust.com tcp
GB 216.58.204.74:80 fonts.googleapis.com tcp
GB 216.58.204.74:80 fonts.googleapis.com tcp
GB 216.58.204.74:80 fonts.googleapis.com tcp
GB 216.58.201.99:80 fonts.gstatic.com tcp
GB 216.58.201.99:80 fonts.gstatic.com tcp
GB 216.58.201.99:80 fonts.gstatic.com tcp
GB 216.58.201.99:80 fonts.gstatic.com tcp
US 8.8.8.8:53 event.mackeeper.com udp
US 18.244.18.38:443 event.mackeeper.com tcp
US 18.244.18.38:443 event.mackeeper.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OORQXHVT\cookie[1].htm

MD5 4aa7a432bb447f094408f1bd6229c605
SHA1 1965c4952cc8c082a6307ed67061a57aab6632fa
SHA256 34ccdc351dc93dbf30a8630521968421091e3ed19c31a16e32c2eabb55c6a73a
SHA512 497ba6d8ec6bf2267fe6133a432f0e9ab12b982c06bb23e3de6e5a94d036509d2556ba822e3989d8cd7e240d9bae8096fc5be8a948e3e29fe29cab1fea1fe31c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

MD5 55540a230bdab55187a841cfe1aa1545
SHA1 363e4734f757bdeb89868efe94907774a327695e
SHA256 d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512 c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

C:\Users\Admin\AppData\Local\Temp\Cab2757.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\Tar2756.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar2859.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9861a331832d3c85658af5e1e2328a94
SHA1 a5ccf358dc25fa5e4096e4b0934149adbb25ce92
SHA256 64477c137f017a6c56e9dec3c60c7019a8c1ae60e9cfb2e1c9569ee75a87b515
SHA512 a7f4705996ca90cc18fa64afe2650bc5d039c72660018bf4ac8b063aef23b991f0d8943dbac9dd698caa109bf7f2289a03e75715479230f429159f0c0f9eac86

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3b2ffc2a4cc1a6044d24359f694226c0
SHA1 cd1268c7d50a07fd80499cd2a34aa5aa8fa2f3b6
SHA256 3de5bd714ba09d64c183305626cfc3524ede7d39a3c8b8b0adfc1c87194e469c
SHA512 497a75332ab57c17d29267adbf2dc5515a2a3c918ce404e196955fc2324be62877d7efef5cc20e800c85e42e525c5116dfb5c343a4990802b069c4faf5d30b1c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

MD5 7c694a01c398d3986bf60e8be64e77af
SHA1 5f2f6c16061ccfba73169d57d7559d3463709845
SHA256 c699188e60729dd64c9040e552b386271854094698be1d9132a458c57e143b1b
SHA512 026b8a5ac823ead69b5b18559e393494b05cec3cabe1873052b9b8c2115c053ef42ce2ab1bb10cc3677ca80f90e1f5684fa56856408244cf4e755dcf93ebdf20

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 957307a403f4eeb5e44c8f153d2fab7b
SHA1 bb44e9a98adeea4c3f6b3c3de56b88848cba34f3
SHA256 c822e736ff13fbdf48e7097643611022218957efeee8a951257bcc099afe1735
SHA512 eb107ba1c63d6ee1d135360047d5a9e1ce23ffd418f068740b9be66e7ee8e90b56ad921a50f840f221a42a0bdd88a8379b258ad0f39a2c91efb9e757702f030a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2982a3e09d0c2a62ff45d5056edb0fcf
SHA1 f70151f4b7d061f3cda1f470a208ffdda9674977
SHA256 1d30eabc7482a323840b7f2db819f45e9e6a554c070b0b5ac2a92899d1995d57
SHA512 d48b59f7f719ac4de0766a93ece5d3cbab9d6503412192d8985c9d97ad664194007b3ee1b22590904004371a303c41121a3bac93914222929619416556d36295

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 39ef3b24358bed7ba67724d80f65911b
SHA1 df3ce2131d6db1e55d22d7e0de873bbd2233390b
SHA256 1fc281b9d1317c0e5ea7f39dbecf95da0e4595a0025fd8b04f05ed36c2b6bc01
SHA512 569286e61069b173d50841230a859bd920afefa510c17124c7ce232a17712b97d428b57e152df51bcb819b725de748acdfad71f1bd00331385476501e51520bd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a40fba7162129282b8d252de7b1a548e
SHA1 2d145e4d3f5bb81bbc8faad07d0c4ba405a33c22
SHA256 86db7f10f51c40fa184d6bf089715bdc0f48e9ff7a9a0526f06bc9ee5dc1988e
SHA512 396fe54272262bfa1170c1646cfbeca533758dcf84f07663e349a02857ed5bfe2c1720952ec7192cef3bd6a7cee0fcef061eaf9909aae1775f1c4f5552415078

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

MD5 d83d6487dcad0b0879703505cc5b57f1
SHA1 6fb675be1ea7a9300d6c5f02b0153aa50448c310
SHA256 ab88dbd445477b770e6f12485bdfd1afea682157a83ae7b8204d9dbb6f571dfd
SHA512 f61e57927f5024efb5d529f8fe8897596f408e3bb65e70222acee717b7bbaca7e8367e5842407f8b158bd7dff8483e66da5b76b5a47690307edc6bb91abaf52b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

MD5 b371c9c587f11076c075b18b9506767e
SHA1 f997523051005c86a2d77ab78f304e809ae1f639
SHA256 c2ffd05d58da83b73ec3f33f11653a35cc3f48a2f58f5d7cf1a82dcd9c89d53f
SHA512 955e31b80d84a73c51091a59630facc6f0a461f49d024a4785f8288d7d720863d8f1569285697abb038486fafb6ddecd3b7fc7ee326ba627142db0c5a412669a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

MD5 e412421ca38d144f9890fdacfe815f3b
SHA1 3ca07f26ffb1d2510af3eeebade69f980aa84205
SHA256 9d0d6bcb118aa4d329dfd1da10af7635340d310d8af037c3415a5bc9df4314df
SHA512 2ae27c989005d469826771f6f1927168b1009410d731864a61ffc9162e11a8a10c41c3a25cbd8199d097a964809b86f254e7250d80a978bff8263e53944a6b2a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

MD5 8afe37836b71477eccd3292c1b96f28d
SHA1 7a740e0db91f2f734879f78180e3b61343344c0b
SHA256 42f4e5ecbbe5a4e83c1e4cf3de80aaf1f98f66063fa0be0ce4505d1a924249d2
SHA512 382d3619761176247c7a6e90c69c93742eadd2b18003eabaacaecbded58f465081c8004f733e50cafd8c3464257378317d12133fd6f414bc7cc67c6bb3bfe5d7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

MD5 ead250826d9195db918ceac631c9c8cc
SHA1 a7b2860dce42d56b0b0caef10d38cd3fe8834aa0
SHA256 e7ec7f704869377f90bba4e4669be24ebdb7671038e5e4fdeb42d7472bf8bf78
SHA512 4d251a7a905f542417e1e4328cd467c4d0af86ed73a81381f1403592b253969c7e8c7299a550db59879fb993f8f93e571052ebe9b229a333a68de960a9186661

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_645BC4A49DCDC40FE5917FA45C6D4517

MD5 58747b472e92dff56d4f422ce462e011
SHA1 7287ccd77d2fac2c7e391dc5df0646a700dd611e
SHA256 d8513499b3bbb132a12753fa0ea44fccfd13a9c055bcebd27643de9fee6e7620
SHA512 b3c6ed895e0c65b8a6d3046bf8b768f0f9acf732df8fc925be1a9830600fa2e694710bbc50a7659e526b115ce615e6d8f2e24cc5c04d09b15c76e99df74d15ed

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_645BC4A49DCDC40FE5917FA45C6D4517

MD5 1271eb3fd975b67a284f78e71de0c1e2
SHA1 de791615cfad0094cd23489457cbf2828e2f1ec8
SHA256 e530f9fec634c89ac5e84d310e633e552a4ea3a572a10113885fc67cc6823ce1
SHA512 e249ddde692cf556b861ba60f12708468a2f588ad3c8f595ddfd5a4cd52674363ea2be1389a7a88a4fda75d836ca6b5b6989936d0b4ea4b02b5d8a23535ce3fc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\83D863F495E7D991917B3ABB3E1EB382_4D506EBD8371D43E19D08592A41A426D

MD5 760cd3d40f345d36f7facbc6511b5e86
SHA1 efaba60746570e85a5ecff762bb519311fba7150
SHA256 339d35e67eab6e527b6865c2e7d176e766d675f5b7695f38bfd059932bcdd359
SHA512 775b32119732090b6b3b8145f0b8ddd60631edd0ecb249b8503c71299338d8f88ec1467e939d71c3bc1eeb1567342212b0ce42f2ffe207fcce36180f999369af

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\83D863F495E7D991917B3ABB3E1EB382_4D506EBD8371D43E19D08592A41A426D

MD5 2b42f3374758b3840a2c30032f94060e
SHA1 0ae13bd29f969d41c075d25bcc3f34d4b2f1a326
SHA256 02e23bc02d999e6948358cf698bf18388efb9febe03afcf6844e1707532c85ba
SHA512 9fabca9f8fca8b5831c34c9134580f45407c86c323b48c7f7e4c7318009f232fe4a1a874d55f5c462d2716c429529379c1266c189b5c9e62401545649680b6f7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 928d23c597f91c795c3ef4d37c6d4ded
SHA1 f15cb4203b06077f451b0caf50b5f64e042aa5c3
SHA256 9dabf9d0c5d9b899b524230506c2880a58597b3bc7e9ae7d5d2abb2a6ede3b10
SHA512 96aa0b981553410a704e707d56afe72a06cd18bb4f492a1dd24d81394ef2caced29311a726fc8dc8d87111c9738687f0afc2f0495eb4aead38141c1b1e458625

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3980d6d806ba718d35bf9bd902cd3776
SHA1 b4eabab617c4704dc178913d62d06c7115820407
SHA256 9b668db7de71e1fc9051ddb88c18cf142ecfd57e296dfa0c3daee41086ca2fdb
SHA512 943949e8a5e804af59e2c254bf10ea69de7a3b580a75f931afcaab57fbe7e76977a21c6adac67b953ff3b7946009f4ea13569361420b75b09a1e59d934390a6d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 13fa5f13db5cb61d61dc904bafc6fa24
SHA1 ef7ce85c3dfa6f5bb2514db4c45d1dbf8604d7f1
SHA256 f455c930171ed6d892a773d90cc816d1863628ec510144b8488343ee53a324b4
SHA512 a2431ce2b42c4309440a492bd7ebce100b6c4e3d3b477825fc7521293f92bcbba2deaef2f94c951995ea37de87b159b82efc6cd00b700ff3762fded78e2c3dc6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8aa16276879d425834adbec0623eb843
SHA1 a3cc034b3e1ac3df7b2248c556edc38028db7cb1
SHA256 ad9c246addf664774a645354b4cba989a99f1a74ec16b654d99ccddf4d8e53de
SHA512 95f98a066c936fafb6300324505e3c589f7640d9b34841751c75ebcf1d34a6743c21200eec3ce3c377c498a20a230bc162545b51bafbdee34fd78019a27ea58b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 32750fc8a8b0504c20e4907d9a0d1e63
SHA1 f98abf4f253a20efb0212f3312cdb49fc064decb
SHA256 1190fb35ecd9e908f62848d8cd2a4de059df981a6b77806edeceb21a3002dda8
SHA512 35c22a1e555e71b7ae5de5dde846dd2285a96db882d82e276f6ec5d10acf0d21342b91df9217482f0421b8edafaa54d0439faf411740fc9253c5e8ba5acd115c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 79abcc6a977ce97a1b7bce7594f211f2
SHA1 2a15fce123b789149ee871dcdaad30ca69fbcd81
SHA256 57570ea13bd1542a3387253f87748572fab4c78a6151b7e29d916d667697d783
SHA512 b564f8b0174d4135ae55298c2c638921b07fab2243b774626f84694d45061a8eb8dcb394905915cb7bd76312f0e16d279ceb0b911e4ebda430ffa11ba98b5132

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b9699e728ad5bd8a040b875482873018
SHA1 e6cb67f09497765cc413369876f3c55afa13da32
SHA256 62ecd094acfe422e914a5e5597c93150b02fd8da37c6cb69a6cd3cc47db42008
SHA512 e226dd0d297d9181265deef3a90530566bc87de21ca11a824b31dbabb599e9b6a77da68d3f64d987ef53d390c63411a497d86dcf25c7453d33ca17648767e74a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f3c4f4b33b661961b8ce78fed92cb860
SHA1 28dedc53cdb817e1fe48b7e9372511dfdb4e8019
SHA256 261071c1134a4e87a254c7f627a468c1c81949642e1dadf8f2b0784e02060830
SHA512 7c54c97f84ce20c00f7a55bfbc37910ca0dfee49abad1fce4a576583c89b03c290103d6a71d4e2101f5496eef3ff65b90d36a22a40d5ca75a0b016db9a253683

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 17c07ade74d8a42131c6db278184cf4d
SHA1 37949057686338bc0b1d846d6924eb816decb345
SHA256 c41731c25b1db688c4686b84e7fc9de91ea71eb49d0900398c710fc1a3fe3c5a
SHA512 7aec1e7b5280879a21d08fe9c15a3c0be50399f5218f5874f9c585a8cf2da13e881beee15ac1f2407a17375941bfeb25297d4417e0393fc650d039e71ddd0463

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6788d8a5e5c3bf63d2f07237fb1a4ffe
SHA1 4821f5d9059dfafa822fd7f16b925b8d44d6b69b
SHA256 654d36faeb908f00f892b42d7c5db451d4f707696fff754af5f399917b53ccb9
SHA512 191bd4c5bc2902feb22d5053863de6ac62a7893b2d0a13c5b43c7443d14822a9521a554b9a68bc06083b0901e49ee29283ce15af666e96fa78fcc1ba1ef9df7c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 486b171dbd8fadccadf79bffcf3db073
SHA1 9c3cf3bf91bd0f6eb41954cba00c60410126fb9c
SHA256 442866b8f4c47342f5678a4814172241f836b10ac0bda7485d6cd4b825c6d34d
SHA512 bcc84a618da85915e92e755204815b0af6533a592b3a79d74261f07774f695635ddfe10fd2ce7a2303721a8517ddbcd16119e1b7087f4c7b5f1a9e6a8913233e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 b6fc61371bbcf9ac89d449b3079d6968
SHA1 3c99cf4360603f299337593fda680deae165d8f5
SHA256 f6e12f04278e6a6255d5017e0da58b1ddf3d246fe78d9f7e3db3a0525e75f466
SHA512 e908d5ca24909e4b5b842c025cb9e05c6f2f65be101e1479287193faebd9310f245682ce74e4daf50cacd3ffaea04245dee2366afb6ca879743ccbc64ce0b5ee

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4ee9e9f86a9a49272c22d27406fb357e
SHA1 7c07e2f5728dd7cbe2d8771a19e70b54d647e9fd
SHA256 8df99d0426ad67b911724c37a682bb308d32eb109116c6ea6dfd44eaf7ecf902
SHA512 88b11419495fa44ff4893412fe7d2d5b0692c50836c7526e2be46b829af501b22d0d5355d6fe250031f62b5ff1f6f9992e8cb235fde00332e4bbfa2975acb6dd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7df16ef64a10761ec2e547d9b64143e7
SHA1 9cfb25ee9f80861345d3b76a9ac2e420c907e217
SHA256 8b4ab8c52e8a55fc1406b630bf09b2c621de8f24e6ffdcc585b421ef4a328c10
SHA512 ae049f813fa5fbcb03ba7511ac39013f0c084c8fe50f8eca9a6d26e7e816fbcf0371ad0baa13bb63f6b2187a753b8df48c551df1ee1f9857fd5f5059fcab882c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3aa4c199d25c91c093c63d4c3f3c37c6
SHA1 c55369f912b000275cec232c6bdd3720378a1b61
SHA256 d96bc16ffcfa776febd81f6f366152a728d766a6606ce2796103ea0212d1df96
SHA512 e186fa5974ff15e3972d4b955fe68e69bc593a460ff3b9067e9a69b77debfedde380b934ddae891cb3b6edf4f9faec77a8de36213615c60d4d4012fb24053c42

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e840f8193135056271d7199f24ef8fe7
SHA1 182841f896439cdb5e9abe6f1a39e2c4ea6eb4c3
SHA256 7dc4b29ec881916c903733e10cdcdd134d49b31767bfbbdaa869a14d5e0b4b4b
SHA512 00649dbd072916d63ad1b950477fc2b9adbaabff189dcfe80896260d6679a22cf1c59f6874edc8aec972c5ba5621ab31bea6c88ed4697bf6485e830ef4ee1ea8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 0793a1679ea72173fc981ebeaf974e88
SHA1 4f9446a004a888f348ccf64f938d6072c7585749
SHA256 f147f35b9c959d296e3f6c97c2afa9fa1a6c091d3ce1d0e852557cb4bfb10078
SHA512 7b886c658b60a2d2de59b70f1be526c4a96d3d50500409ad294a0e1d758586a84696e1a490eee909874b1a45eb8f9499d55879cbf6cf6a1637794d6028ea46f4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 33578264255862e47cf28147d503a639
SHA1 e3cba58d7ef6748e74109a5e9d3ae69b20743675
SHA256 878f2e12ce776205fc5e94eb90dcd28999ce0924b5f833a0f1eb5632c2e1ad0a
SHA512 187e804d4b7b56dbba2c48722a61d40bdb4e848d1c2d984aa050bf988babec88ce853a1618b50b52026466ff5c3e40eac7374ae84a5ef0fdd3b934a8feb4c760

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8d89e9cf9fd6b54b95c85c503a748889
SHA1 db529dd264564615bb10e204ae3a8e366aaa4447
SHA256 3204625ac2ec4daf3cfd4a2e6ce564f30174fe63031398ef3684410a4383d3bd
SHA512 b3cb8d927dc43d098a9957fda820086839c5431b53c66f976031741b20e9a122518a4ffbc3d63e550f5406ac9f0fce99fdb67af773664d2a22ba875fd7dc379f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c83cecd438b9d4b89d0acca810bf9642
SHA1 939d59652dc4370a4c2291bae8eb69a450a0d3dc
SHA256 f106095993c02365834bc6231460168a30b23f9cd3321e9d5324a22b0988d65a
SHA512 42830c6fd130e2221eb8009ce051c2b9b72b39086bf11eb750f0c593f892b4e052b59dcf30d39dc537678b183ad7601b019f5e81a1e70f282f0d7e0497d875b2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 540645de36f87d4991cb85dc254bdca9
SHA1 fc9e33e78aa77dd737a048a8cd1c92f087bfd8b6
SHA256 8a41894b787998f7bc601e9c4695ab117c3ca1cc015cc919669b866709157e69
SHA512 62fc2640662244f8dbb4a74ff1525b61a6d0d51d4b83aacbc6d0790cf9c705c3f263a6637894893cabb89025a38e2a17f98979a37581b36fcea7637ff3eb8334

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-12 23:45

Reported

2024-06-12 23:48

Platform

win10v2004-20240508-en

Max time kernel

145s

Max time network

124s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a2fd5315d6763a8ffe1445a823f42ffe_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2368 wrote to memory of 3468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 3468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 4512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 4512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 4512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 4512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 4512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 4512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 4512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 4512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 4512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 4512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 4512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 4512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 4512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 4512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 4512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 4512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 4512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 4512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 4512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 4512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 4512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 4512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 4512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 4512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 4512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 4512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 4512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 4512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 4512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 4512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 4512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 4512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 4512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 4512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 4512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 4512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 4512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 4512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 4512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 4512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 2568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 2568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 4932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 4932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 4932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 4932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 4932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 4932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 4932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 4932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 4932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 4932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 4932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 4932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 4932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 4932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 4932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 4932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 4932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 4932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 4932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 4932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a2fd5315d6763a8ffe1445a823f42ffe_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaf08346f8,0x7ffaf0834708,0x7ffaf0834718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,11234311032828515049,13687934833541013525,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,11234311032828515049,13687934833541013525,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,11234311032828515049,13687934833541013525,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2704 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,11234311032828515049,13687934833541013525,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,11234311032828515049,13687934833541013525,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,11234311032828515049,13687934833541013525,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,11234311032828515049,13687934833541013525,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5252 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,11234311032828515049,13687934833541013525,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5252 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,11234311032828515049,13687934833541013525,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4372 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,11234311032828515049,13687934833541013525,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,11234311032828515049,13687934833541013525,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,11234311032828515049,13687934833541013525,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,11234311032828515049,13687934833541013525,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1696 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 static.mackeeper.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 static.mackeeper.com udp
US 8.8.8.8:53 static.mackeeper.com udp
US 52.111.229.43:443 tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 eaa3db555ab5bc0cb364826204aad3f0
SHA1 a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca
SHA256 ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b
SHA512 e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4

\??\pipe\LOCAL\crashpad_2368_FDZAPSEVNVQZKOOA

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4b4f91fa1b362ba5341ecb2836438dea
SHA1 9561f5aabed742404d455da735259a2c6781fa07
SHA256 d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c
SHA512 fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d1b387f50501e1e2ab35ffab01d8fdf7
SHA1 1f8b9aa0944467d03aad9f5c53998d0d964de134
SHA256 c315623aa1aeba3d4308f15dbf96f839dc441bba26fb5686a015d1763443a2eb
SHA512 2910d3e1d2766d3f0387f683aba5cb87d4e56e5c551b02a91e93f31b925ea4fd121ddde06459c2d29f0c8f16b51637970ebb6005bdd51ca592d5c5f3a8628399

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 1ed4ed3a58ad8906b8584ac27f097000
SHA1 0ef78be7640a5a352b3508357a916c61900f1a24
SHA256 11157e57b419c0ac40cd28295ff016fdabbe80b7f4b92465a004a74a0bd64318
SHA512 06f70d1a7f204d51ed7b278dc71020cfb82767aec2f54a850f9145681e23293fbe363afb0ed92d23eb38e0c1e0b7727bd55352f54792b89014c4e353f3548fea

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 affbf4030d3c5fffb2d065e51df53068
SHA1 a0ae2150bbd880b65d956ee5cdf54a46af08bacd
SHA256 31849f9a147e489eb9b886cdf115e2a7eac1b74bf9fce3564fe156b1963bd394
SHA512 ccb5f288ec2be19993bc5f53ccea0ba1c7d0f07f1da0d1823b5021313134d1cccaa08fa42b5e83b393c947e9b22731af7cb427455454db73eb4a9ec50169040a