Malware Analysis Report

2025-01-18 01:06

Sample ID 240613-g7sw8axdla
Target a43269c71b874b102bde1b093274dfe6_JaffaCakes118
SHA256 700365e51f0949a6f943da95eb903aeff292f140f23ea1cbfdd13799e31a9604
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

700365e51f0949a6f943da95eb903aeff292f140f23ea1cbfdd13799e31a9604

Threat Level: No (potentially) malicious behavior was detected

The file a43269c71b874b102bde1b093274dfe6_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 06:27

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 06:27

Reported

2024-06-13 06:29

Platform

win7-20240611-en

Max time kernel

136s

Max time network

140s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a43269c71b874b102bde1b093274dfe6_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424421898" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a0390500000000020000000000106600000001000020000000f519f9826bbf56906fef3839b13ad3dd6ddb366486f236b9769bb147922c0f06000000000e8000000002000020000000969d8cd555e4d013c1e4bec0134d3068f3de7fad2850e324a0ede0ee96c8371520000000b22bed7a5c5b6a6d0a0dcc557cc1d5d210053a48bf33a8d6a689a61db6f6dd4c400000008f2c4380556d1977e316d96f0f7bdc1848b44c6c06c2cdee23612d61a5c0a4c8d755e3a0b822a2585da3e822807772d16eb05f51d1c02a51e47233c074c1135c C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a0390500000000020000000000106600000001000020000000c22217e80b15036e6c246e8bc9ae62bc17379cf5a86521f919093ac36a663055000000000e8000000002000020000000706b5832008b722a709f4a5838f3aac189f12da25ce98a2d8f41c98dfcac6e2690000000c569a8f29262c41fe34363c2185a8d785a801b3e354c952aecbebd5417b4f65406cb5dcb02e1825e8954bce8e104595d11a4cdff8acf8e60a7c0bc90e3bf3f4292345f3b1390379c4d4138de180562f1953ab793bb4be1cadeaf662a069035d1e5a5147cc95abc868eba4bf5d2cdf05fe0cc03864382ea4ae1db50f81b303d05681b118286eb695fb75f7cb0ab12e820400000009bd8e364b0f33e67f0eecb3d330bd9d83c34456d760dbe46045863d0e3a01213ff9b7e5524619787ecb2c505f3414252017ff6e7f75a4f813dc8e1b5a733c7ab C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F6E39001-294D-11EF-A0E1-D2ACEE0A983D} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 603977cd5abdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a43269c71b874b102bde1b093274dfe6_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2484 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 fpbagrag-seg3-1.kk.sopqa.arg.r.de.a2ip.ru udp
US 8.8.8.8:53 fgngvp.kk.sopqa.arg.r.de.a2ip.ru udp
US 8.8.8.8:53 de.a2ip.ru udp
US 8.8.8.8:53 fpbagrag-sek5-1.kk.sopqa.arg.r.de.a2ip.ru udp
US 8.8.8.8:53 fpbagrag-seg3-2.kk.sopqa.arg.r.de.a2ip.ru udp
US 8.8.8.8:53 rkgreany-seg3-2.kk.sopqa.arg.r.de.a2ip.ru udp
US 8.8.8.8:53 snprobbx.pbz.r.de.a2ip.ru udp
US 104.21.5.12:80 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:80 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:80 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:80 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:80 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:80 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:80 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:80 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:80 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:80 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:80 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:80 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:80 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:80 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:80 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:80 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:80 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:80 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:80 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:80 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:80 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:80 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:80 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:80 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:80 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:80 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:80 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:80 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:80 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:80 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:80 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:80 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:80 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:80 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TNPG4FQ8\28616404_10160148454140578_1901066303915416974_o[1].htm

MD5 0104c301c5e02bd6148b8703d19b3a73
SHA1 7436e0b4b1f8c222c38069890b75fa2baf9ca620
SHA256 446a6087825fa73eadb045e5a2e9e2adf7df241b571228187728191d961dda1f
SHA512 84427b656a6234a651a6d8285c103645b861a18a6c5af4abb5cb4f3beb5a4f0df4a74603a0896c7608790fbb886dc40508e92d5709f44dca05dd46c8316d15bf

C:\Users\Admin\AppData\Local\Temp\Tar3048.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\Local\Temp\Cab3045.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5597bedf7d205e9a45c8e2b8e16e1f9b
SHA1 382525b6fc8544508889db0c2251a1e08a35ef9a
SHA256 60cba8b958afabc541b49342506ff32858902f8e50bcadeec406270d6b7862b9
SHA512 7b6971c994f4a3b168a74f0db925ba8bb05393006d6591e9b32e026098179eecabbfbca06511a42378aaac797e4e8709971358263f82548b6f7d10ef9e737341

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 56eece8e635c28333beabcbc93d3af1f
SHA1 047411556b2d260d24547124231491fd4ca2bd0a
SHA256 33d263d174c5edd6154c7b52b3d9e837dc1474faf040c52abc5f8f4fc7427660
SHA512 9cc826a32cc48a197b2346ee3448842ae0bedb00f10145176e6c77e9f8bb23bf9792dffdb29b2951b256bfc78493f40753fb24a12e7518cd75b1d6cab6c7396d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 495c6fed56150037d49584ecc4a9eba6
SHA1 9552296f6e739b5d6eb88194309869329401763e
SHA256 05aa4d3e0343a7b7a19c96ed92ced9783422d4fe29d3d5a975a9627fbd1e20e2
SHA512 9b839a477994b84a4f79b2f2e2aa99c3188dd1953e36c4ea64a12d1f63fc46d7b95a3af8f61633b233382b62bcf82e42f42f62bb8d6d6e39b753420dafb0042d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5ccf3ae6ae63a705d7fe4e567d53fc86
SHA1 13a12b8fac60af0b5afde2c5cc33ca932dc12a73
SHA256 bc176bb7a4751c7659e67b325edeeaae7754ccd15a39011a24fe6e3ae835b3e2
SHA512 fd33d23fbb8934dc54fcf28f0ba245e6fea67905a3e9b87da751dfbb4d53fde15b705774d785c1018eb6ab79f860d5fe03d89f39596f3bfb1d239ccb250046ac

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 df7feee0b798d38eb6f1dddcf8dca00e
SHA1 62f086314d69f3b45dc2c281f6b77b6f7bed2eec
SHA256 6b780eb88f0cc2dc74d2b77cce3c6390a58e48019297aa16ea5988e32e435b9e
SHA512 1108ba8c68a844fbd427ce8377847c91f8a604542d5a9507dc28dd4121518e2d9c255b4d632a9042176c905428db05aed815791e3184c66cd8df4f35504ccbdd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ce31940a7a778527d8cc5270be0945db
SHA1 f73f275a33c89b8510da1a78e87b3edf4c070b28
SHA256 efb851ad9fc0e9e54fe53bf91f16cf8e7e696582d8e74280c5b44a0f0b167fe1
SHA512 d9e95fce112b9a614786742f39032462d834379d4ee5bb7bf2b303d2172d5d663595d3dfca2836ff788915e36419e8cb35df246a3765fbc83e9a8512b0c33da6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d594d94d36509510b45b5eb1b5921f3b
SHA1 e91a78a31da0da8c73ef91e327d9c4f7c242d8e6
SHA256 3e7bd2660a698139923b11f3db6ac92f687db17cf0000ae754f4b5852a098ff1
SHA512 95de69d7c6bdedaa9ff8834737186b84630e05a3e59fea65b194cb1f4b398085643d6401324fa18e18c4543b0dd11db3a5be10f3ce177b993d92c903169fbc5c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 aebc9118573621f6506f760511b83ccd
SHA1 6b12d31b9f080080b1c107a1f4e816dd1a370c36
SHA256 263e44f7f0521f2d074738a997262b2a834b039bce2b645468235124b5703dd5
SHA512 54e3e24a1129e878fe5bf55e35cdb03e9bfe4a8cb71c4da7c094f7ff94bbcdebab360a7bc84b4eaf99fe056a976d99f7f770d1bd6f35e4df2fe4edc4a3eb3a72

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 113c4213e9b6a154c4facb009d25a148
SHA1 840c93fd60977183cc062a048285a1478dc88e0d
SHA256 5b9ff703ebfae39de07d9a3d3989b74f43e54f5638b9156dc4ea264751536e0d
SHA512 20aef775094ab36731a1602e29fe83f4112e25543eac2c4ab7d2ed892d456654112284648134a08c58572750e86846b32ce04687c4f49491400ad987372aedf4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b2dafe8e252b565e49aecef2ec939cfd
SHA1 aedc8f05e37a3efb517d3e1b3b41dd223c4eecf6
SHA256 86af9eca0c8fcfbe5c0e0e1768b5f70bc337125368f60a38fb170dff2195f181
SHA512 af0d005da0957e5071dfcec66177496e5e484b66ee48d5064147c45b5c04666a2756121caa36ebb19c08b92e6ee578b45da4888cb7df89374cdb84306120aa32

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 01f928775896b17e9d43f78328337206
SHA1 80b43d4e49eac242e845245c0e25593fd6078635
SHA256 ebde16b9ae92095850dc7b55227dce7600c1da6dc576b928c169147298f1ebdb
SHA512 90741a5a5a8b022100a5ad4d24beade3df588ab3ceda140f22dc13073ed57910bbc5a0edfd27875fa8e01f4ed603d2cf0818b54945504c0474d5eb26c6677eef

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3d63a0d28137aa5abcda627038b07d52
SHA1 28420ad2b8993c65be8f6a4d074d804d39e75a13
SHA256 8765a1418ffe9cce5ab7475b98989ad97ec75fbeb888a8c7c3a9512a746bc384
SHA512 32ea1ff558fee5c507bf4611f7e9118542e414113fd832fe30c697b6b8ccf9615ecddba517125d4b446420fb773285297b0c4630bf38143644a7b0b4c232a4ae

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e42d53838456725e3904b248cdd42ca9
SHA1 4c9961d39c892f2359e028a4c81338c69bf0da7d
SHA256 5391c194c4bf6a003a9931b7fd146500d32979a2d3ae1d9a799a6d7f1f4d6358
SHA512 83735a661767c4e64c07f87452081a7cbd1b5f7be2740f9c999a6c6bbe34a0c042b04ee593da7fccb1b250cd53a91bb393daa636bf9b0711f73091767d6c900c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2b95feedefa811dce2cf2b5b79b2d21f
SHA1 c622f283607e89b124cd44bf4cc2586da7091dc2
SHA256 82434ab0f24e6add03f7c023a79f887fb0ffc87481739eb683b3558b252b0d91
SHA512 489d3b981f54dd2334f37ee3ddf51ea1b4c3542c9687856c0020641314c0db3f06f5940b9f4db9690e54ceb6406f0d225e5e34d742723809c982a6d82a6f0487

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b63a4cafaf0f70b4a5fda8872b5898a6
SHA1 c63060f76cc0d41a69ea6273e3860514ebe6fc2d
SHA256 b0e5ac381b79cd5d450f7f6ed62943a2bc629c308853829a168b4bca62b02509
SHA512 8c59def613600b630be3a666370f39326c59285b442898f643165419f2f256211c5544c986cc2e484492a51d9aaab48037d181cc0c0223b8c80f69e88d50b01c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ebe5155d11c423426be49ec5242f1cda
SHA1 fb66ee9462d99c46ffa58ea81c8ab11664b3d0f3
SHA256 96075dfe808f7d00eb2ecea631df351a86b0a4859420537af7ffa43b4c442dbb
SHA512 2aeacf3e9626610b33ef2b96ab63428fbdd800a0806789b5ce7582b9a9cefe4ecf6d1fe6f2f4893d4b7c8b737c498a816ea402d0cd1abd7023c7a4e2be131ef6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0361bcae52919158e6fb54ed54a072d0
SHA1 0dea7465fc0a3d2c428710328b7d215c9132853a
SHA256 613390c9bb4dd704540251d35ea5e8ffee42bf5c3b84e627edbf8fe45e6ab3cc
SHA512 d1897f2567ba15323d5f5d7c457be3284b302fafdbc8f8e550948c35b2ff007e14a4a6e257059dc828d1fdb29735606f3a9c408e73e802dada4bd7691cee0ccd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 39c8ea976a150b59a2f06f9fc629685a
SHA1 7a03d249b1282f358eabf9da431cd12e705561d0
SHA256 8aec6a4ef0809d17e40f26ccd84373eff2c3be284fd7e1b9b82dee069e69345c
SHA512 6178a746062a33dae780e76311d72d0fa0c0d4c66778e73abd7c60e1941c80ec10567e568230c344fa024b8b86027cee57e4fc92782170d8a790e9f2addbf451

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0725e44a0349bb8b9358da678c9481a3
SHA1 7fe8055f8af145295fb59184c166825e7b59a95e
SHA256 5d45ef1382190768c98986af0ba8689d0f45a6657c06e642cbbd23c9589b3f6f
SHA512 598e04e43704f0f494cc3364f76a12ce6d6e278a4992cc26be4b32ab72ba9de09b1d37f7079a24d022a1b07cb683b2363ae7c79e081d3b9d9201ad78caf9e390

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 62ed6ea5dcbb6cf5ff0c6b825dc1624f
SHA1 5b697516a494ef92ac8151eda1caa9f4bbf7b9af
SHA256 9f1cd4679e5faf5aa9a3a97127810a374a8b3deb667e063f624b6aa5ad9e613d
SHA512 cb5db4fad70440e525c981af6105c9fb2a5a64288f1cf0ac8bc930c1de187a0339e4448513c0ccc97955997f0b058ceecdf3e7ab7e3f32b6a7a372a03098bf57

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1f18c713e97a668ef4b58fa0feb9c096
SHA1 d070f8173b6e7e18620a45d6ed790722e04c0801
SHA256 a921cef1eb5feed7efba5c3e142299667abe0055090e70254ecfafc9eb01b0b0
SHA512 2c34ae1ce1b602db75f0b4c7a7cc7f7e41303e037178850af2090b7458a4dd90e78fa0207f015d3d2c91c2cdc25fa53671900d95beed2dd5766c9ec11d50424d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ce4c384e18226e78876004e6500b25cb
SHA1 180b49f7352aacfbb0e8a6be2c55730c435969c7
SHA256 f6aa82d8093569169f91e6b15f0a36fce87ce7dde6dbf54e4d0e5ea1ffe8e6a3
SHA512 32c24e8045097af49d183a4cd9e19b0ff56b3330144b17c8eab1ecb74caa1510fdfa53f0948f31444a65e4f13e64009aaff87284a943df09c066ceea09504849

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 06:27

Reported

2024-06-13 06:29

Platform

win10v2004-20240508-en

Max time kernel

145s

Max time network

125s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a43269c71b874b102bde1b093274dfe6_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4880 wrote to memory of 4276 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 4276 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 4496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 4496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 4496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 4496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 4496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 4496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 4496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 4496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 4496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 4496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 4496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 4496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 4496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 4496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 4496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 4496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 4496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 4496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 4496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 4496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 4496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 4496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 4496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 4496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 4496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 4496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 4496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 4496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 4496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 4496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 4496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 4496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 4496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 4496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 4496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 4496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 4496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 4496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 4496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 4496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 2976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 2976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 2856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 2856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 2856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 2856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 2856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 2856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 2856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 2856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 2856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 2856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 2856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 2856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 2856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 2856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 2856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 2856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 2856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 2856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 2856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 2856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a43269c71b874b102bde1b093274dfe6_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbaf3846f8,0x7ffbaf384708,0x7ffbaf384718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,1904895561891403092,14540050592660118640,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,1904895561891403092,14540050592660118640,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,1904895561891403092,14540050592660118640,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1904895561891403092,14540050592660118640,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1904895561891403092,14540050592660118640,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2092 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,1904895561891403092,14540050592660118640,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5004 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,1904895561891403092,14540050592660118640,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5004 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1904895561891403092,14540050592660118640,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1904895561891403092,14540050592660118640,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1904895561891403092,14540050592660118640,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1904895561891403092,14540050592660118640,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,1904895561891403092,14540050592660118640,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4396 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 fgngvp.kk.sopqa.arg.r.de.a2ip.ru udp
US 8.8.8.8:53 de.a2ip.ru udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 fgngvp.kk.sopqa.arg.r.de.a2ip.ru udp
US 8.8.8.8:53 fgngvp.kk.sopqa.arg.r.de.a2ip.ru udp
IE 52.111.236.23:443 tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 eaa3db555ab5bc0cb364826204aad3f0
SHA1 a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca
SHA256 ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b
SHA512 e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4

\??\pipe\LOCAL\crashpad_4880_NYRGYYYTIPPWDYGX

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4b4f91fa1b362ba5341ecb2836438dea
SHA1 9561f5aabed742404d455da735259a2c6781fa07
SHA256 d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c
SHA512 fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6bbc1d015a9121bbd64573a75550d2a7
SHA1 e5c06566fce6aa8fc480ce246926dda82d06579b
SHA256 b0d3924a26a4bca1571d32a6e3d0d2decc10199db1d7afe29d80fb31d7e7ed32
SHA512 d5da6cd5d9b76a39d1f43c88f8f36aa52f9ff82f204ae0c211f09e5be7d33aa1a7e826500a6d850918eec868cc671b55c97e5efa650310a490a26f9a2e38bd2a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 4cbb4a79faa0062cd222fe9d5c7a8a5e
SHA1 047614e8130ff06f28c8d4f15ffdc6e0ffa30589
SHA256 2e81deb14eea6d0502519838948ef788c8701a4b40e0587e746f3f2a61a0f8fb
SHA512 6f2deb40153c52bf3dbfba3d929065bbe18867b59594ab2a325738e88dfa096a4dc34ee26daf6ddf4af0e4363cb815bde7b6271ee89a7872d9af9fd9360626a9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3a7c4c34be0f8da73a6e2cc345f89126
SHA1 3499d0958826f779cf905da863fdc0ba506eb4e5
SHA256 8611e0d8f0ad5402c78c00cf0b1edc2cf8da8b832c57d97a352e304acb596f86
SHA512 6ee2ce1a40d0a2ba0e0b29c0bc8c6e4c6080478da4646f7ba802ed5dce0bc9fbf4fa6ea206ba3bf74b556f0a11386c40725c58838bc28dac8869946a118fa58c