Malware Analysis Report

2025-01-18 01:08

Sample ID 240613-g6vpes1fmk
Target a430f07d8f59f6531d6e39a95f257c63_JaffaCakes118
SHA256 5dd9ee83d0e1db9b2b92ea6320bfb85f93565f8451f0c0bbde0ceb507f2f86d7
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

5dd9ee83d0e1db9b2b92ea6320bfb85f93565f8451f0c0bbde0ceb507f2f86d7

Threat Level: No (potentially) malicious behavior was detected

The file a430f07d8f59f6531d6e39a95f257c63_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 06:25

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 06:25

Reported

2024-06-13 06:28

Platform

win7-20240221-en

Max time kernel

149s

Max time network

140s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a430f07d8f59f6531d6e39a95f257c63_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{BAAEDF91-294D-11EF-9034-729E5AF85804} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424421797" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b0d2f2905abdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000025c9d1c665b564ebd2caa54b9f01dc2000000000200000000001066000000010000200000008ef6e2c84640ce568ec6f231ad67b7c8ec015cb8a88905e0f84d497f476f52df000000000e8000000002000020000000de7d43ffddefdb8358bfb766e36f38d73624edc964f14705d61205366bf86cac90000000b9382a691499f17c9d39457336ed429eaa0bb60abd92f1fe9d5b58ec2b51668b0a48ff5fb56187f337ac587effaa1e9dfcc279fbb81a1907b704efa2cce1623ac0a96ee55da2a164fd73e8561f9428784dd116a9d5355e17fb5de9fb857c27c369be9bbae14d98c80283532a2f7df4ddda549c3a064e023a8f7d791cea5b7c77a7afa1e140278578ea8a46d5174ce4aa4000000022f8398c4eb256ebb71c1e9f40e99abc58b8e1a3e779f79681eab6e393ae988d9107ae2af7915e125bf49fe3072e28620994da66188acdd91c408899bbc90031 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000025c9d1c665b564ebd2caa54b9f01dc200000000020000000000106600000001000020000000193994cb1243054bb9f65d46540a45a001a5c7537c7d1caacf514102956b3312000000000e8000000002000020000000466913c28826d2295c1513b36e5c35543496d7bb6abefd0e15b8952477a375812000000079ae8b613e066215f51a004c612578480e4af69df7507b8066ff9ef01a00bf2c40000000071822af7148986a7a77b235ef5f02b4d81122d0c25b1fc2e113642241f4fe89e6f98dd87b4e538e9ad7afd8c6ee70d80a9c0f331e435211a7b1d252390beb59 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a430f07d8f59f6531d6e39a95f257c63_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2032 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 lh5.googleusercontent.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 lh6.googleusercontent.com udp
US 8.8.8.8:53 apis.google.com udp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.180.1:80 4.bp.blogspot.com tcp
GB 172.217.16.225:443 lh6.googleusercontent.com tcp
GB 142.250.180.1:80 4.bp.blogspot.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 172.217.16.225:443 lh6.googleusercontent.com tcp
GB 142.250.200.42:80 ajax.googleapis.com tcp
GB 142.250.200.42:80 ajax.googleapis.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.180.1:80 4.bp.blogspot.com tcp
GB 142.250.180.1:80 4.bp.blogspot.com tcp
GB 142.250.180.1:80 4.bp.blogspot.com tcp
GB 142.250.180.1:80 4.bp.blogspot.com tcp
GB 142.250.180.1:443 4.bp.blogspot.com tcp
GB 142.250.180.1:443 4.bp.blogspot.com tcp
GB 142.250.180.1:80 4.bp.blogspot.com tcp
GB 142.250.180.1:80 4.bp.blogspot.com tcp
GB 142.250.180.1:443 4.bp.blogspot.com tcp
GB 172.217.16.225:443 lh6.googleusercontent.com tcp
GB 142.250.200.14:443 apis.google.com tcp
GB 142.250.200.14:443 apis.google.com tcp
GB 172.217.16.225:443 lh6.googleusercontent.com tcp
US 8.8.8.8:53 yllix.com udp
SK 185.66.200.224:80 yllix.com tcp
SK 185.66.200.224:80 yllix.com tcp
SK 185.66.200.224:80 yllix.com tcp
SK 185.66.200.224:80 yllix.com tcp
SK 185.66.200.224:80 yllix.com tcp
US 8.8.8.8:53 yx-ads6.com udp
US 8.8.8.8:53 images.broadbandgenie.co.uk udp
US 8.8.8.8:53 lh4.googleusercontent.com udp
SK 185.66.200.221:80 yx-ads6.com tcp
SK 185.66.200.221:80 yx-ads6.com tcp
US 172.66.40.64:80 images.broadbandgenie.co.uk tcp
US 172.66.40.64:80 images.broadbandgenie.co.uk tcp
GB 172.217.16.225:443 lh4.googleusercontent.com tcp
GB 172.217.16.225:80 lh4.googleusercontent.com tcp
GB 172.217.16.225:443 lh4.googleusercontent.com tcp
GB 172.217.16.225:80 lh4.googleusercontent.com tcp
GB 172.217.16.225:80 lh4.googleusercontent.com tcp
GB 172.217.16.225:80 lh4.googleusercontent.com tcp
GB 142.250.180.1:80 4.bp.blogspot.com tcp
US 8.8.8.8:53 lh3.googleusercontent.com udp
SK 185.66.200.224:443 yllix.com tcp
SK 185.66.200.224:443 yllix.com tcp
SK 185.66.200.224:443 yllix.com tcp
SK 185.66.200.224:443 yllix.com tcp
SK 185.66.200.224:443 yllix.com tcp
GB 172.217.16.225:443 lh3.googleusercontent.com tcp
GB 172.217.16.225:443 lh3.googleusercontent.com tcp
SK 185.66.200.224:443 yllix.com tcp
SK 185.66.200.224:443 yllix.com tcp
SK 185.66.200.224:443 yllix.com tcp
SK 185.66.200.224:443 yllix.com tcp
SK 185.66.200.224:443 yllix.com tcp
SK 185.66.200.224:443 yllix.com tcp
SK 185.66.200.224:443 yllix.com tcp
SK 185.66.200.224:443 yllix.com tcp
SK 185.66.200.224:443 yllix.com tcp
SK 185.66.200.224:443 yllix.com tcp
US 8.8.8.8:53 457qq.world udp
SK 185.66.200.221:443 yx-ads6.com tcp
US 8.8.8.8:53 ylx-i.advertica-cdn2.com udp
SK 185.66.200.221:443 yx-ads6.com tcp
SK 185.66.201.43:80 457qq.world tcp
SK 185.66.201.43:80 457qq.world tcp
SK 185.66.200.127:80 ylx-i.advertica-cdn2.com tcp
SK 185.66.200.127:80 ylx-i.advertica-cdn2.com tcp
SK 185.66.200.224:443 yllix.com tcp
SK 185.66.200.224:443 yllix.com tcp
SK 185.66.200.224:443 yllix.com tcp
SK 185.66.200.224:443 yllix.com tcp
SK 185.66.200.224:443 yllix.com tcp
SK 185.66.200.221:443 yx-ads6.com tcp
SK 185.66.200.221:443 yx-ads6.com tcp
SK 185.66.201.43:443 457qq.world tcp
SK 185.66.201.43:443 457qq.world tcp
SK 185.66.200.221:443 yx-ads6.com tcp
SK 185.66.200.221:443 yx-ads6.com tcp
SK 185.66.200.221:443 yx-ads6.com tcp
SK 185.66.200.221:443 yx-ads6.com tcp
US 8.8.8.8:53 cdn.457qq.world udp
SK 185.66.200.127:443 cdn.457qq.world tcp
SK 185.66.200.127:443 cdn.457qq.world tcp
SK 185.66.200.127:443 cdn.457qq.world tcp
SK 185.66.200.127:443 cdn.457qq.world tcp
SK 185.66.200.127:443 cdn.457qq.world tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 0c2c8117b4fd2038197468179f60f954
SHA1 6b40c1dfa0241d6e626ad0c3a2c45cf10632cd4e
SHA256 823da1286104f2a002b49b0cb18009f8ea40dc819d0b8a705ddff7bac3953a10
SHA512 52a9eb9a5a643a915c498852a39643abd5ca6c23ca5d4276cf921f1645497c3973ba422f59f7b8837551c2023a21f2396bdcc1e95f227b8dca6683aba6b76080

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 cb85f3fcf86ef0de7ef258539cae87de
SHA1 c73288fff07885a62f8c7033b348863ed3b8cad1
SHA256 7430a96d94b1faa5363b7656b323ffa416fd262e0405e498bb143dc93443963f
SHA512 dc152f2e8c8f7e316e84f7a1f3996e02c08d582d6d0e40b8bf7171e359ea952a80b7452e56690b30fe98b4655d4744e8529a930449ef1cd853e377f86294b2d2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 d39317309c12b6b62c3cb999ac014a9c
SHA1 4cd512046ccc8c8a89b1410d7ea414902c8bb892
SHA256 e21a91dc93ff11a3b070d8c03f9a0f2601e7edd13893d7960b7cf04e47b7182b
SHA512 89f72527dcda70fca863704e7d636176393e72cc9e7b4129373aa379c6c828278efe11f2e81881d4541fc125ae0d73ccf963a3eac71a2168a7ac9183f655263c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 04ef7059532fcc32e8c79186107fbd8c
SHA1 97e34ae5edaf984e3eb65be1a2bb2e99fd6dba84
SHA256 3ab78e65b8de10b4312591fc15d320d620f127cf8c95e4b3965fd1a1c3ef1434
SHA512 4552d74802920f4c40ac61b88b8193e12b56e3fd73924b03747b8f9c9f3000cd3a509a3320597d5d5af5e2eec4d76702b53b69d8ac4dc4566614095b17aef254

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 87a96a6d0bc4b03f48e2606e1055af91
SHA1 00fa9c0a7bf03dada93a3ff8720a362eb8222af9
SHA256 7033a14cb6431130db8cc7d93ff3aa425fd22e3a9af9bbb72631dc983a67e045
SHA512 58f5990f7dd07a094dfa03a6dab984f912a62abaffa831ef0c16a11fc091cdae58a7891f7ede266817a640a46b68eae12372163332e8f8e6ac62ccc718025dcc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 4908bbc592edc23ed40d2626b6895828
SHA1 eefc4f39c8fa8ae833258719358c86a7d119d256
SHA256 e55cb0512dedaec61fe053430b04bf8c969a860837eac42b51ffd8ec8244ce78
SHA512 24ec0aa30cf60b675e9fdc88b283e0cd9f397ff1d231210bfcc3a779fa45ac8c94023a8d2377cc638e52e9ab779d37ddf9a3a81ee1555e1740f663fa9548a9ae

C:\Users\Admin\AppData\Local\Temp\Cab16EB.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DACC52A1882A05AED14688828CFAE295

MD5 a4c3e4b3f212ccf9719236eaa8f728be
SHA1 e017a18974a9969ca60ca2499ac54b464d91a2ef
SHA256 0641546fbe6a6bf201d918796cf5efa992632208053037f369a6173cc2afd39a
SHA512 c4c229eec604f4022ab0d439eb8b95bbdbb554d809d4571745957f0da5dc740e4ecb13757273b9dcf9f431a5b1ca40d53a539e2ccfaadbf7c161dba6b8b2734f

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5OCCPTL4\banner_show[4].htm

MD5 4f8e702cc244ec5d4de32740c0ecbd97
SHA1 3adb1f02d5b6054de0046e367c1d687b6cdf7aff
SHA256 9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
SHA512 21047fea5269fee75a2a187aa09316519e35068cb2f2f76cfaf371e5224445e9d5c98497bd76fb9608d2b73e9dac1a3f5bfadfdc4623c479d53ecf93d81d3c9f

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B1014REI\dnserrordiagoff[1]

MD5 47f581b112d58eda23ea8b2e08cf0ff0
SHA1 6ec1df5eaec1439573aef0fb96dabfc953305e5b
SHA256 b1c947d00db5fce43314c56c663dbeae0ffa13407c9c16225c17ccefc3afa928
SHA512 187383eef3d646091e9f68eff680a11c7947b3d9b54a78cc6de4a04629d7037e9c97673ac054a6f1cf591235c110ca181a6b69ecba0e5032168f56f4486fff92

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5OCCPTL4\errorPageStrings[1]

MD5 e3e4a98353f119b80b323302f26b78fa
SHA1 20ee35a370cdd3a8a7d04b506410300fd0a6a864
SHA256 9466d620dc57835a2475f8f71e304f54aee7160e134ba160baae0f19e5e71e66
SHA512 d8e4d73c76804a5abebd5dbc3a86dcdb6e73107b873175a8de67332c113fb7c4899890bf7972e467866fa4cd100a7e2a10a770e5a9c41cbf23b54351b771dcee

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B1014REI\httpErrorPagesScripts[1]

MD5 3f57b781cb3ef114dd0b665151571b7b
SHA1 ce6a63f996df3a1cccb81720e21204b825e0238c
SHA256 46e019fa34465f4ed096a9665d1827b54553931ad82e98be01edb1ddbc94d3ad
SHA512 8cbf4ef582332ae7ea605f910ad6f8a4bc28513482409fa84f08943a72cac2cf0fa32b6af4c20c697e1fac2c5ba16b5a64a23af0c11eefbf69625b8f9f90c8fa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B5F183132BC4FD3CD343BE4B625B7CD2

MD5 d72ecf40d65b415a2288ad4c1ee0fb99
SHA1 41a7339b2090fbbc3d1577c731ef159612a88139
SHA256 bcf804634b916bc95cfd7ccbaa66adccbb9bc89116e208b41cf83e91d2f28dfa
SHA512 50f91b9d6bf7e74b475c035b22c18d99a0611feadfdba87ae2a29b45176a6314e2f468a2a9d05d68eda1bb73f33f0e88b4e1db8fdbaac4bb08f20e22515030c9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 866ce420ff931ee0b23a96279f346484
SHA1 6e84290ce59f0b1cc69aba6e54d4b8bc7645d1d3
SHA256 66a82fad17c66dcb61b26f8d3503b2086249102631637dc862be1aade5bced11
SHA512 48c72ce87056bbaca370b1530e893501ccf53e429f3384e691cb98639709bd91d85710bf88bfc2f9dd528459600f8c719c56c52a1e0cc9efe915a7edb60441a5

C:\Users\Admin\AppData\Local\Temp\Tar3594.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar3685.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e8f45236f6df745aa3f33c0c16dc996f
SHA1 d7b4b1889be2ab225c1c5c98758b18c4e4ff1381
SHA256 33e78df0d474e3586aeeb2a06d6ae98060912e17ae43cfd7fe0f4231bf7161c5
SHA512 0a7d166a3603c001eed792f79d6dde311dae699c0df435025cc9322973ed70a266b8030992807dd7b5497e03e9ba0077749a3147baf131533ef1fe68eea0f626

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0d7a989c207a7945dfc65a94a354edb6
SHA1 d05808fc1c156e8796ed63a827c1966ef23b6d6b
SHA256 96f00673c604d390b5b8de755d45fc38c9dd050ecdef02d0bcb533cf9f668b43
SHA512 ed350387d95f091a6b7022c3f228a444a34f51d172d794de7bb09d0496037fbc81b7b1c006d94b71c827cc15d2552c54f296cf399ed5d5900b5050d9a542226a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ed0dee033468c72dce7bbf11ae549397
SHA1 986f39c4520c68dacd147762d7cd8c9433cae2de
SHA256 72967104cd5a4329241a88ed38d1913873866e4e20c8740946b3bfd3bcd3ffc1
SHA512 b4e5ae43f01221be660eb74ba8d5e474bc81d32ecef46cf651f6c758dc15dce9d6d12239fdcf3198026615561252fa25bd691f64391db6ad074fd91a14f32ee5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e52e3a4ed9bb7de3d3d9d17a9e724579
SHA1 0d099a3db23a530fc088a6e3ba74d36859caee70
SHA256 b0416bea1a43aea962cc92e7852f8fc1a7d2ea13ba5f15c0078ea358abc9ad47
SHA512 5e584870fa0ece7bb981bcc4b0dca40a0d54e15e7a585b3ff53b03eea9e75a3fc77de0f13f049086c75689b893556fdf6ec3169e7da138d2df3621fb37cb25cb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9d328dcdcff4a9c6584a011bef067528
SHA1 e302f4fc896114dcd6d41a4e522ad1bdb55b796c
SHA256 80b239403a1612e9e761c269764bd7b51aa36f4ce4965595ee854e0f92dda3b1
SHA512 bc6c946d6da8e528ded96bf2bc30cf9421b568e559b6d5c7af071b64a79d0c8f9d3dfd65750792b996b2ca4babee351cb4f55ceb5238a7c3067c072fd8c4acb4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fa81e1616289ad13f5ffaced72cb79a2
SHA1 5b3507410afdea7146340e47484a0e51e85e6cab
SHA256 52508963efab4a2c904eaded0bd5d2e5b18f384e246b40d746a634ab2f77d18f
SHA512 b5ee103820280d38b44f51e20fc0c6afd3f1cda2206c8c73639437a29f9c0174fd0e4ed2ae68f7cb559df03c508b576ae872c8c29c855c3ac2bf27e4e83ab569

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5cad820e00fffc5412c60738a1a335a7
SHA1 58103dc0d78721e3f39c4b16ab417fea155c5fe1
SHA256 a488e690b3b0782261833f3a2a996c1257527572935fb32d7983ab7fe815c373
SHA512 149e0ac1fdc0e1520b873463fb46c5a7187c8614a1b9bd513c296853fd1c4716dd9e5cc2bff422c2a95d5278ab74ad86a04fb9dfd60af56bbf7abf191f950175

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f365fa77997219389ffdd63abae3ecbb
SHA1 2f19983b0f3c2a01b773f4432a5f741b42af246e
SHA256 be953540dcd200e95d2df6d4d7899de7a22c59ad5d0f8a1e6ea75ccf5b010786
SHA512 bb09b72904053ea4fee2f653c7ec5ed46db767bc8c04d9281e0d68f6d298bbf2fec22a9f7b288a208dcb0d34a01e9fa431c93c3361329a7b969433017a6be804

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2c0a710a6f596d9a729693e92db1cff1
SHA1 5579eb37b56e3f8e6b7441a30164746e431e2b32
SHA256 b41fd667a36bfce3cf57ceb839e11d4375fee62ced12a5fa36b2299e1f20dd12
SHA512 962c862c88256c2aa95d5b92105da8785799d9e17c03b894b79793a94fff9d881ae444637487cfef93e5b2444a81dec0edb35637aef8dc1141780e65acfe6176

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 170bf6353fc83bf3c55a04af46f6323c
SHA1 8c984b4acbcea22b8b35013a0a83742803f035d2
SHA256 a461ba7fba22a1265dbc907b3297ffd770968fd9db7df7ff1ce41b3d99f1bd26
SHA512 3e17ec526963e4de6dd3b1e16214f93f3c617dc7b90829c899da88af759c2a4fda0bec95406c7c999651bb9ac940b3ff9fb47dbe250d6f69b8ee723076f89166

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 32a84cf9274667406bb8efe05fba8c2b
SHA1 57d94600173b76d77fe0969927935cced63f42d4
SHA256 bc2320b306d7ef91fcf9541366beb1ffc9d0ce0b0673bf6eff6a694aadd15dd4
SHA512 7673f7b938706f2e0ad83665b86a0778769b788454000d0f343350357c66a0a384271c1c8c1232afee785974dcce98392dd16532c5930ecb7b2217220fe5bcb5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 efe6c3ba54fee60afcd691665d120205
SHA1 c3880f1eb9a09b216e1f5da469ae2eb41e5c5738
SHA256 e376f12114b5c0dbef985f9c7f11bea5770ea81c43b1d6efd0c131d6d08b1493
SHA512 05de675070e39c17c1adf09d935e9b23fceca466790d814001a9864a409850e8f0bf919de6b559f11c8f376cdd9d6fdb7063c640e5f84ad05098d8d0bdd85ba2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 526ff558a5ae63665027370b2d09b1dc
SHA1 e36b17eeba48d99dde17b8894785a72980ef5a9f
SHA256 08a4ea616b6d241905f4814cec28c5f1f57f2dd0c4482643152ec7e7a8cbdf51
SHA512 6d50bc4fd74d1fdd940718786d5f9d50aed4cfb256cd87fd18604cf7a4c0fb2897e983ae07865c8501ec1489c85eec20f3880084ee6f0c89569dceaf5877a486

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6b0140ad07bc91fd5eafb0f0820bef2c
SHA1 27a26ea74cdc84a6f6a6ffd69e207a4970faf691
SHA256 a692e1521ea11b455dbc5c1dee912997b0672e6204a0a084f243587e8efec0f9
SHA512 97ae6e04b1c171f66cf101118f3dfacce344647d6d7939021f4a1d5bb91f4eb5e03cf4bcdde4da50e469e4f5eba8d400c7ce1f990c572d34eb6beac8c0f80343

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d776203bd5ebd77a74cb236b8fc74b72
SHA1 bf1af500a9aea730e398651476a02499abc85ad3
SHA256 b247189480e2068f11b1a56034c98e07744a6f9bc7df027a4be3fdb384f5f679
SHA512 3287f09f9e007f5b7f02f9ca863c4e3d62e5087bf76ef16967ea012966fe2c3a4d844e192f2eeed90fea81acdcf36ee33b1965ad76ae0891c1ae3b5463ac1506

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b6b4bbe451cabf3e1401e82afcd53840
SHA1 1b3d53af5a47db36a9a6b4659904e82f25469e04
SHA256 080b249dbdb33c3bd03c5c6f7660564a5081f3ea8e32d0a4b3a05c6bce30d874
SHA512 67dd9286c623ee7e062b0545b08793b6b19b6506f9b7ea93b0fb6f3b2594dbb938513166eed1537c1e2ff1da0727ee886d5ef332f09e09c9e993988b728b5687

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 232a6df6c825956f7ab652f0a7fd91b4
SHA1 a0a57cd0a9b7dcaa334b12679a3c0b8e1de4f124
SHA256 f8dfc63fb5f5a93eb81d1204bfd26966fe71ee7c7b44b3d8b891747d1b9c7c83
SHA512 ee8809ca5f910690e7c1576942ce34384d6af55b7b0355e6928593b91b3710106b90c666a2d12dd40351b98638dd781b076075c02c3e4ef5ac162e1d16515061

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2bf5086e02d4cebaff7bbe335556f6d8
SHA1 e7d51e4c9a5ffc698316d22fa879019d4eb99d5e
SHA256 4775865d4bf27bb25d0768b53bae3b10762357847cfe747e9af487a9e65d1270
SHA512 b6c0f6efb78434c995bbc2d1434ca51ad1e832095459d9b017cd55b0be2ad6adab632228a345c2ba402ca825f92682d01319a3b45df1ba5b05b766d8268ac82a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 475cb37f598fd049013b0e19bf11a0f1
SHA1 b17437ad5a89f158ca3a074dbb385f71525c509d
SHA256 e2ab09974235bc9e2d89e56667bd9122f33793defb59749ad92cba91553bbcc2
SHA512 dba72317a771860dbce9fbb81b94339315c648acc4704c2c79b594806e7253a64a778fa5e4b5056eb857f8d8f6725891304bd658bd7b08c2153390c7f6b9cc3e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 516b9f264810073e3d981eacc7934176
SHA1 b72cb47adb4612b7ade5cec9268b5da180f0713e
SHA256 a46e26699454095c60c1014b83301f556b3340f5006d1b2523aadc5dd2c9e3fd
SHA512 2ac9ee1025b11317bc26ee17f07d2e71249e5b128db31eb60b172d529210b61ca0421f4fd95038367357db1c9b741b11020d64543c32956af9001b6580709d62

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 06:25

Reported

2024-06-13 06:28

Platform

win10v2004-20240508-en

Max time kernel

147s

Max time network

155s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a430f07d8f59f6531d6e39a95f257c63_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2908 wrote to memory of 724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 4484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 4484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 4484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 4484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 4484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 4484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 4484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 4484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 4484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 4484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 4484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 4484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 4484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 4484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 4484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 4484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 4484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 4484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 4484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 4484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 4484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 4484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 4484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 4484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 4484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 4484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 4484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 4484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 4484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 4484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 4484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 4484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 4484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 4484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 4484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 4484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 4484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 4484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 4484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 4484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 4600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 4600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 2088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 2088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 2088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 2088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 2088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 2088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 2088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 2088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 2088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 2088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 2088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 2088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 2088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 2088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 2088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 2088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 2088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 2088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 2088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 2088 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a430f07d8f59f6531d6e39a95f257c63_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa5c0e46f8,0x7ffa5c0e4708,0x7ffa5c0e4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,4005182418819742474,6311976371736995148,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2052 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1924,4005182418819742474,6311976371736995148,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1924,4005182418819742474,6311976371736995148,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,4005182418819742474,6311976371736995148,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,4005182418819742474,6311976371736995148,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,4005182418819742474,6311976371736995148,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2308 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,4005182418819742474,6311976371736995148,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1924,4005182418819742474,6311976371736995148,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5572 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1924,4005182418819742474,6311976371736995148,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5572 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,4005182418819742474,6311976371736995148,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,4005182418819742474,6311976371736995148,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,4005182418819742474,6311976371736995148,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,4005182418819742474,6311976371736995148,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,4005182418819742474,6311976371736995148,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4264 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 s7.addthis.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 yllix.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 lh5.googleusercontent.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 lh6.googleusercontent.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
US 8.8.8.8:53 yllix.com udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4158365912175436289496136e7912c2
SHA1 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59
SHA256 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1
SHA512 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

\??\pipe\LOCAL\crashpad_2908_GPLRGPVABGRFNAWL

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ce4c898f8fc7601e2fbc252fdadb5115
SHA1 01bf06badc5da353e539c7c07527d30dccc55a91
SHA256 bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa
SHA512 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d460099c8b53b3ae3879c36334df0e8e
SHA1 0e788e1e9da2e0bc1d23d7128646bb06dec6e8d4
SHA256 4485329860a8fe320c491203e5fb02bc5dc21b53bab54ec1378d446af1c2ba95
SHA512 833a27b9c0216a12773d865e194572b015fb71def65b6a92c7388b4b6ad0ee5a5ee4fb97b59113a5e12c25f13595a675ca8750089232df8a6939f1f73d7a646d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 164780908ba83803458081903b788e87
SHA1 cd29c86e0e542bf282d35c29edf10fb256cd0a2c
SHA256 6285154b521f540bbbd2d61d43e405d095a14aa21282f24c8c2656f7d7eea6ab
SHA512 b09ca8c24a5ddc08dd0718cf1032c436c55dc8f791d3acce6edc41eaf9fa23dc56d6e530ded50caed4e11273ee9346323cfb636babcd3947a96f59bfcfeafe86

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 40e297a583bf6290db8b2370b743543b
SHA1 fba845685d847c7ad02f5d977037a6f9da49364a
SHA256 0f8af03087bca62485b3d17aafe78673852124e0409a43ea620cdc2a9a614d68
SHA512 42792fdf0e585cb0129b83a8b19f12d0c14b0a32d7312904e1de5b7a052bc703f1a44b5da948875d5584aca78d033884f97c86ca14aaea3d4f1d5bfceaf86599