Malware Analysis Report

2025-01-18 01:57

Sample ID 240613-kbelhavdkp
Target a49eae9d454cc33c86e92907b3985336_JaffaCakes118
SHA256 b470b6181186de479937d160d5641ccd0a4ecf87cb472a55a0fe120d057365af
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

b470b6181186de479937d160d5641ccd0a4ecf87cb472a55a0fe120d057365af

Threat Level: No (potentially) malicious behavior was detected

The file a49eae9d454cc33c86e92907b3985336_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 08:25

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 08:25

Reported

2024-06-13 08:27

Platform

win7-20240221-en

Max time kernel

140s

Max time network

141s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a49eae9d454cc33c86e92907b3985336_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "9085" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e22b25f2e841bc47a41592d074122d740000000002000000000010660000000100002000000084c43f560cbc1e5f66d7c821eaf397376e0de429f736cebf0b037bdff3cc7cf9000000000e8000000002000020000000abe1cbf820e7b67258b0052b39b484ca5c96c82dd643071519572512722a52eb90000000438d41ef2467723f2bd3818baa776baefe6423d4da82f95f0c758a2dadb1462ded41cecca2f7d4dd6f4c21a67e8868470773554926e235ea62261b7f93b295cbf3a3a5f64bd88b3b209257b19a94c8eba79f7607d47b21e19abe2ae74f2eb85a683d10a180828316b3aa7b3521095cf15e4d2aec8a730b082f3d5c7e46d63f5789ea6b1dd313f3f46e1844082665859a400000000cb81d8b74c3e50855b8d716efd96c9c35f3dcd335c1600199aab69a4d17ea66ac35ac582464171ac9d83b2c0e785c9531256f6f92482e9b33181ff535261bb2 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "282" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "282" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e22b25f2e841bc47a41592d074122d74000000000200000000001066000000010000200000004cf8c7239b54c39ee9fbdc033892a81b3aab4f2a31ce39ec05c4a036d5405fb8000000000e8000000002000020000000106b42daa8d7931d9beb85ba527f3c5a376ce1a810de9359ce5e46947d40d834200000009599ec41aaf6ac4a080fa0193ec7df23fef357fbf85b64b90c7967fa9ce71dfa40000000776fb21c2b9fac4d70318970ca3d5d14d15db26647c98be859a3e460e5f828fb843b68e5c755239c31fb2d9bdd1ea1da62b33b1e36e218f50647545a051b2f67 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "197" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "9085" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 20f3eb5f6bbdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "197" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7846B861-295E-11EF-A5A1-E299A69EE862} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "9085" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "197" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "282" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424428986" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a49eae9d454cc33c86e92907b3985336_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2112 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 izumrude.ru udp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 maps.google.com udp
GB 172.217.169.78:443 www.youtube.com tcp
GB 172.217.169.78:443 www.youtube.com tcp
GB 216.58.213.14:443 maps.google.com tcp
GB 216.58.213.14:443 maps.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 172.217.169.78:443 www.youtube.com tcp
GB 172.217.169.78:443 www.youtube.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
GB 142.250.187.194:443 googleads.g.doubleclick.net tcp
GB 142.250.187.194:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 maps.googleapis.com udp
GB 216.58.213.6:443 static.doubleclick.net tcp
GB 216.58.213.6:443 static.doubleclick.net tcp
GB 142.250.178.10:443 maps.googleapis.com tcp
GB 142.250.178.10:443 maps.googleapis.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 172.217.16.234:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3NPBB818\DDVTP4YE.htm

MD5 afda131567e9fff50699ea95b4e18bad
SHA1 266389deeaf1ca34b2c06688390cd9a0463ba600
SHA256 64c7a498a15971b784aef722ea2e6cf4e6a76dc54ae082dcff68da61f43862a1
SHA512 0022b6656a582ed32a5cf8178dd6cfcfba39a2a0f18b9df90be631ed882d4d6f225ca20f0a88274344b0badd82d92b866d87d5acc0524ea2bb5f4128e32a804f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_89FBEB9EEBFF8AABF1EBFA20B87AFE7E

MD5 6d59c406bf139fa24b963a79c25b33e1
SHA1 7e34555a329e3728873b707b61952c5e8b448f10
SHA256 0d082c17e30567f46aa69f807ce9f78143fae08bae4cc1719dbefdae1b6fbe93
SHA512 5c944a8080590c6ae5ccb41553ad84c1726502c6f5082fff60e12765288b5cf22b38dbaf7303960c75b083f18bcbf947b68a9eb72eb227ab0c38743531923363

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\QP8724SR\www.youtube[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\QP8724SR\www.youtube[1].xml

MD5 6e0a5434fcb3e4a6491b8ad2e0df50c3
SHA1 835e7e02415b454224d13b58d1ea60b028886d4e
SHA256 0eb710d98a060acb8ceb20e2d84933ce81366ad76697fa28394a82e3e5e7bb7f
SHA512 dd9db451a81b3aa5aaf4637e093d7640e89149b61e85f61bb00602dd00e0de1485adddd3a353875d8d103c8530156f6fee264b8328c063ddf9ded07bc898b6e0

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\QP8724SR\www.youtube[1].xml

MD5 9e613f819eca37ed9b3489591f083c27
SHA1 fc391c1a3bee43512e6d66492c63ee9151aa157f
SHA256 07b94b09825b273a513a8617f856314fbe407f7d4fcfa00f0f9dc7a996c384df
SHA512 b12a47a401c6962fb265f1e536f353c32b5f60a9c13ba0ba8fe9d518b93c52e6bc70c8bd968b65716d160005e5292ad18a24b98cca9ebf84d4da08eacd1ec1c5

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\QP8724SR\www.youtube[1].xml

MD5 3f397f6a3250b8e0b79243f22d77c81a
SHA1 4488954aa0e3a842bdae8b80e88cd5877c726538
SHA256 bf1ecb75efc6724d68bf3969ceb3032267bed705c0c6c5884efbe43680bfe48c
SHA512 a3f039dcd7a5bc75ab684afb3fca6b46bdc37a2eab4b387fcd6c7ec3a4f5865dfc0dbe662ae238c49e6bdbbf1b2e77608a2ae09db8b03ce55f6bac886e69f512

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\QP8724SR\www.youtube[1].xml

MD5 d3fc9f3f0f19d9b0d5a4c81b6e07f025
SHA1 b772d4136ed7edb2110cc1bd6934484afd875b7c
SHA256 4f4c989aada69ca669cd4fc666b1b4d6786f9a7e0728d948199534631c449173
SHA512 bff46b4cd78d66b1185caa515f61febd1e08e775644edd4b90938d5cc42f598ece9a37d5e639ef2de1b7a609e118770f0ca0a776fa3002634ff10d0d91b366a7

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\QP8724SR\www.youtube[1].xml

MD5 d71e9343f1351fc0463a93e812a15d66
SHA1 0e7309f7399909593272e6d8908648122363f41a
SHA256 dd83d70725a47ee535b9e4875cd1e5c50d313d9b064f17c2bca49fc5068913c9
SHA512 d5d9bb9bb08e1c2316281383cf56bd7bb88f86b0112f793f46d8c3b354063dcca7ddd609df711d86a398b46ddd45946d9c8295da3a36f7872cb1868e87ea76fb

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\QP8724SR\www.youtube[1].xml

MD5 2d651cb768392db84fed882c996bff14
SHA1 5f053d927ffaed66e21f435d55c0943f68fa4db0
SHA256 10d7f1c56a0466e886f40b5246fab50345d0bfe6258ac78fc554c9170ad0a367
SHA512 66d06ea3dbefd6a6b7926c3095b561d01bf809972289a5bae7c3a84466d283c589dd2480f2752ba3ba4394177090a7d4ebd05ff79688b7be08a177bf68e49aa2

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\QP8724SR\www.youtube[1].xml

MD5 72009f422337757afbbebed21000200e
SHA1 6c2070faf0251fb09e1a493e236281815feba526
SHA256 1b78391987593b849ac9899aceb2cf6c94292fa003d349e9fb9b109e88de4491
SHA512 eb1ded1036cbbe189e3b867717b8b3390c251017c34b28f55af57196e71e5eab757c13d7860fca67ba2ed2ab06665a560202bc1812f8fe8e5d20e42c3b186b83

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2f8c6ecccba924a756130e658b1faaf1
SHA1 8bf5604e266866fd4f39e774e5b915591facaaf7
SHA256 9fdb8d271d6c6d3ecefe38687391c1dce8b6474456fb73e48f02de325d10ae2a
SHA512 8d1955a8d14992ff24847edf054ce4301a363dcb5e806fb65c13351a114b704d4502425a37f8143fac8ef5ba8a70c8ca512d49c794c289c2458fb8c1a227038f

C:\Users\Admin\AppData\Local\Temp\CabA3A0.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\TarA3B3.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\TarA57D.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 215a8f576a996b078892cef07d2e06ae
SHA1 15e7155a56eb09b25beb7f34a8b5845f8107e9c7
SHA256 ca68640e1fcd1ad4731f540157599661073e5d388621653292264e10e827c0d6
SHA512 2b16afe717b4870379990b4e946b5159317377b3c70cc51b44f2d60248be03c74122698cc329f7b8b4eb1269f8c430a6b2348acd469a3093ade35c25922ddc95

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 4942719a32ccc5ad539208bdc73b2914
SHA1 88b3297fde0094c9dad0cc54cf5e89176cce312d
SHA256 d2b7e968912d3cd56bd281d6214aead24de1a2b3eb5b3846f28348c668184e39
SHA512 469dd8fe8b3b0dabdee33a897e1bc60eeec9a2f4613f7e0896ba9e0197cce301f2b652aa147e535ab81316b3a9b578ed20a80727b762d9e548214e67065ba673

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ad86e183e671694274e6908cf7eee6e8
SHA1 b961d9f8a3877f3e93a9ca07cc29ee2a01136ff8
SHA256 bd37585402e156da30c3f691be2f3dd33095cc8899dbf7133ef741a22e928643
SHA512 9288005388dd96071df5373353459b34c500c2903cf025f625f6bae185d4d944a54e9ac1d340158305ce08e997dfb5d8b3ef66f91f52ab8a0526f3e65383638f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8360664df061744fd09b3c888cea5772
SHA1 e1e8789c564a2216771a81bca988cb3ab5f0123f
SHA256 0da45d2b3321f158bea110116d892af4b926d85d37ea25d5bfaa33f42159249d
SHA512 7013bd3f3d245be1b365bc5dea895b51e6c85c3a7e30eeab50360d3b71088119fb9803282b3f940ecb50016f763d6d4ca037006725c65aa5be6975097a347d63

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ab995edae52c519a38176ca9a9a2afde
SHA1 bfb135c18db7f06e7594f4233e7ea0b67be7c9e1
SHA256 3e96726262203de8e395017a749ceecaa4f24deeab735385d6ee0a9bc5c5c7bd
SHA512 946f0b985fd392cc0baaf7d6db899d6945703902dacedef772ab94b87e051a7ff34d945566c824b2b2d4809268199c15e80f22e80fdfaf44f77ab19fb4532e06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6fdbe56ca5364b6c93ae0ae9cba005b8
SHA1 27d0d27064b571b944d3513905a8e8797e1bacc1
SHA256 50d5fe7e52028057295a404aca29d5221d4a5384957887db8d3f6a4fff0a44ac
SHA512 9e0c7f0936e37068ca1a40d0a988b2cfcb0319fb50cd10ecd17456cf4dfb048446af011b548f32e947d1a92db923a33a8b1ec33eb31877403c74a87393194a2f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 eb573da9e3e28e095a6bce14ac468dcb
SHA1 0c042cfe64c2697d94d95f5f1f717c7ccfe168f8
SHA256 e66b45f7265463b9bb8d72d8ed4640a5c2a1d54de54bb995b1f739a8257c7a79
SHA512 b2e152f35ac926d37bdc8ca8aea68c4c25096a4740b28c95d634cc37f84a21ac40d781072cf5900dff284e6a60c60e7732cdab632f0ac473b04676a2bf7b4c1d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e788a69362e1009d32b1d74d98522833
SHA1 b2e3d3a1f5570e271efbfc1fe788fbf7dd78f231
SHA256 e85aeea22db8bdb32c52a1aefb43f790757973401fc48c408727a07f72c9159b
SHA512 69293d3239138a25f8f7e41ae01d71b738321fbb2e3847561054a319dcf9f32686356146a5dba4f57540cfe901d14cc3a25d729add093653820376d40d2412d4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cfbadad5eb56c49f540522aaf74c616b
SHA1 e54bdf9d3f17f6ca77fd1ba3c0b3c64cf529be8d
SHA256 79c49eb0438882a3f66f5305fedd711a026a6d103e7358ecac326afbef70768c
SHA512 9e0d1b4e97cde85b9da6db5f3d5a900d16b8b9f893c32db1d91a9c162bdf66665db961aff0a2f2f1bbd24c402b0ba9030ac87093db6cea3c0f9a74d9b6735d2f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6ffb23b5e60c9604943d2f252e7bf00f
SHA1 edb9bea5d284fdfb1d9b5d3b5f364cf7a723f83f
SHA256 899e1f35723e017ae425e73393069be5114e25d6b2c628e3cce446d77420e3c7
SHA512 69efbe06dc29015a31f12cac6a2c36ca5986b2d90d53c8694b27957b8d15625c26b247dfd74aee4b0e5fe30d1f8690586edfb6d32a27e2836c3b0c05b0e43b0f

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\QP8724SR\www.youtube[1].xml

MD5 4d497b62328c0ff95f20f91ff94d62ad
SHA1 ee1a8653c542525d4cefd1fe03fc20be83644c07
SHA256 1294195301e1ef4223f0827162ceb816030abc1e81dd62f91c314f9afc2412b4
SHA512 e05a35f54e8858c7fb06d0cee0aef2ffdfa133baee7950b18d9734347e3d1c7520e0efccde30a0dfc279c8152a5a8a9d0e133f3d5df3f2301be64af87077beda

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0ab39d40e5a2fe0786eafd6697bc76fd
SHA1 e6ef964985891690c7c6391e7c5407165471f2fa
SHA256 66c493272e07010f98a80f5b80b0b55918e1b116ede3d13c6004852a347156fb
SHA512 641cdb818141115b88cfcc0b391d4cde0449dd5ba40a206fc6a0485b9a2f7d5f245180dd546e5a686fc10e116bea8e1176d051aac23f06fa31e43ccb2f4de879

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7557de85b759fefef6769d354a50af0b
SHA1 835ac509cfa0163d57a7fe7836ae669bbc673273
SHA256 86ea76248d265a485976b56d737b34986b34ac95e7fb9748cc3d3b2371242a65
SHA512 05a2ddb43ef3c97d67c82777607b999d8cbb67aab94ee151344add2e12ec98c6b9bae13666502101a8207f112d9d16dbaab3314e52b407b518be2243b5230cbf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d5e77452a58f1763c0e1f4b4e8d70b95
SHA1 3bc3d43d3d76fb0a022190240907d033d9af4dde
SHA256 dc27d29529906931e27776a024e421e8b6da2d0d3023fb89ef9b37ba02dc6ddc
SHA512 e0cd5902bf3be7d40840cd4b98793fd9f6058328b41a1b66c3cb53ed8f96b49d5d2b4111486641b35d4816c8fd5ef47b4927ffe73ab3d1cd426db7de464f092a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1ca2b1ae4e1b91ece26dc75cf78dd327
SHA1 8c02acc12795b504084c0c8954726d16c9767050
SHA256 9ec77684992a22bd0ed4354fc8b184695fd2c267b396169a68d24f585f3544e0
SHA512 89357cd433f8b9b5ae3e0a613c358ee3f877f07bdad53ac52a2db950cf082df39d2ae5bbdd803b65e9804ff5b7be0f281d95ba049e1effb866796f914fc94380

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cf070088eeeeb64e83dcf839c082ed3d
SHA1 e45bf340d5e4544bd2bddbe5bfbf9e902d10d955
SHA256 acc7750b989bf350efcca8c3fd20d8798b7a9f891c3a7ecf9b7654e108db1c72
SHA512 9be5442082015c0ac773e131fc58433b89ffb5a8373f3601aea3ba790ed46b9b97c48ea00023ac6115cd159056e306ea5232de6f5fe932bf6afcf29f68144b8c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0d51cb210fe729bbfcc526048854f7d0
SHA1 b76c68f9027a3924d3b771b2d9709df54caa12cd
SHA256 ffdcfc4275d6c1dcda24cdd09312c216c9ea2b66f8f692be2eb0091e05759ee4
SHA512 8f364ec6983cd7eac254941b125f4dfbcb5bc0a62871f0a20d81c15516da9f0cb27819aa085348f36953fe00661dde17d3a1f48a796913a3df7c3c2aa70fa675

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 90f3b1497ce73a24aaad7fe1c641af71
SHA1 ca826b1dfac656495ae878a1b013d98c9dabfa0c
SHA256 cecf32aaf10536fffede551a40804d44e858d230344cbfbb9ab87a49d8543353
SHA512 2c379ab0ef67107b2858fda456dadd2ad34261785dec9f2d71b66eed0046e1188d1b63504be915e5dcd109c44b1ae8923ee462a43c81fc9edcf132774a58a4a9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f5b3eec81d104ed2c444e2db023ca893
SHA1 d4065de19f63757b6856ad0409d387da8c05f44d
SHA256 aa0d67819b75ed32fc7f45193de12297d9e4e88f4cc13a4d8fab12638b852820
SHA512 b7c96385c3e9fa1d4e35384ba61f0844446e123cf1a270b1dbb8d83c3fa91d03a09f12eae573b433aed9cb9c35a6f5fe39198b4bf69c343af886195550d555b1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7a776f8f1d5b242fb1661dfbddfa3b13
SHA1 b305b46881b4ee82d3697b80e915007fc40e658c
SHA256 326f619974e7bde6df839eb771db203c0ece3fc028b3285dbf7b022a7109e920
SHA512 b631af47f6df8e6943833573c504e6599088a4a8f22c18af504c091302de25bcd7418f7fe6c7f39e8d8fa6fd6f1096ca955307c2f53e4be8e33ee9118a4b90ea

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 22c455fa3e0db9c3c38d62d791944d9b
SHA1 0064646786c8c4da04b1e9f78bc5a03e806a5868
SHA256 9c741880800744e409fa83c1d306f31fd3d4efe7b18913a151057545726fc63b
SHA512 84f13837b06dc2a9dae2812687ad95baeddc740d6d0f4b7f3152563b8fcc376e7753b80f12c9497b74abfecf70309d52ae32dac359e33f28f744fc91a3f6c660

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 08:25

Reported

2024-06-13 08:27

Platform

win10v2004-20240611-en

Max time kernel

145s

Max time network

141s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a49eae9d454cc33c86e92907b3985336_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4860 wrote to memory of 4192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4860 wrote to memory of 4192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4860 wrote to memory of 2888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4860 wrote to memory of 2888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4860 wrote to memory of 2888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4860 wrote to memory of 2888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4860 wrote to memory of 2888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4860 wrote to memory of 2888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4860 wrote to memory of 2888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4860 wrote to memory of 2888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4860 wrote to memory of 2888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4860 wrote to memory of 2888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4860 wrote to memory of 2888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4860 wrote to memory of 2888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4860 wrote to memory of 2888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4860 wrote to memory of 2888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4860 wrote to memory of 2888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4860 wrote to memory of 2888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4860 wrote to memory of 2888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4860 wrote to memory of 2888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4860 wrote to memory of 2888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4860 wrote to memory of 2888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4860 wrote to memory of 2888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4860 wrote to memory of 2888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4860 wrote to memory of 2888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4860 wrote to memory of 2888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4860 wrote to memory of 2888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4860 wrote to memory of 2888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4860 wrote to memory of 2888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4860 wrote to memory of 2888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4860 wrote to memory of 2888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4860 wrote to memory of 2888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4860 wrote to memory of 2888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4860 wrote to memory of 2888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4860 wrote to memory of 2888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4860 wrote to memory of 2888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4860 wrote to memory of 2888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4860 wrote to memory of 2888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4860 wrote to memory of 2888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4860 wrote to memory of 2888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4860 wrote to memory of 2888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4860 wrote to memory of 2888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4860 wrote to memory of 2916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4860 wrote to memory of 2916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4860 wrote to memory of 2868 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4860 wrote to memory of 2868 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4860 wrote to memory of 2868 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4860 wrote to memory of 2868 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4860 wrote to memory of 2868 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4860 wrote to memory of 2868 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4860 wrote to memory of 2868 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4860 wrote to memory of 2868 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4860 wrote to memory of 2868 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4860 wrote to memory of 2868 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4860 wrote to memory of 2868 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4860 wrote to memory of 2868 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4860 wrote to memory of 2868 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4860 wrote to memory of 2868 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4860 wrote to memory of 2868 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4860 wrote to memory of 2868 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4860 wrote to memory of 2868 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4860 wrote to memory of 2868 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4860 wrote to memory of 2868 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4860 wrote to memory of 2868 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a49eae9d454cc33c86e92907b3985336_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa7e3f46f8,0x7ffa7e3f4708,0x7ffa7e3f4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,6280681588296361616,7427503101858034752,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2036,6280681588296361616,7427503101858034752,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2036,6280681588296361616,7427503101858034752,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,6280681588296361616,7427503101858034752,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3156 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,6280681588296361616,7427503101858034752,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3172 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,6280681588296361616,7427503101858034752,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,6280681588296361616,7427503101858034752,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,6280681588296361616,7427503101858034752,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5992 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,6280681588296361616,7427503101858034752,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5992 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,6280681588296361616,7427503101858034752,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1892 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,6280681588296361616,7427503101858034752,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2184 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,6280681588296361616,7427503101858034752,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3952 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,6280681588296361616,7427503101858034752,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,6280681588296361616,7427503101858034752,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3004 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 s.w.org udp
US 8.8.8.8:53 izumrude.ru udp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
US 8.8.8.8:53 maps.google.com udp
US 8.8.8.8:53 www.youtube.com udp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
GB 172.217.169.78:443 www.youtube.com tcp
GB 216.58.213.14:443 www.youtube.com tcp
NL 62.122.170.171:80 izumrude.ru tcp
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 171.170.122.62.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 78.169.217.172.in-addr.arpa udp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 172.217.169.78:443 www.youtube.com udp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
US 8.8.8.8:53 i.ytimg.com udp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
GB 216.58.212.246:443 i.ytimg.com tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 maps.googleapis.com udp
US 8.8.8.8:53 maps.gstatic.com udp
GB 142.250.187.226:443 googleads.g.doubleclick.net tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
GB 172.217.16.227:443 maps.gstatic.com tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 static.doubleclick.net udp
GB 142.250.187.226:443 googleads.g.doubleclick.net udp
GB 142.250.179.234:443 jnn-pa.googleapis.com udp
GB 216.58.213.6:443 static.doubleclick.net tcp
GB 142.250.187.234:443 jnn-pa.googleapis.com tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
NL 62.122.170.171:80 izumrude.ru tcp
GB 142.250.179.234:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 246.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 226.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 227.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 6.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 234.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 131.253.33.237:443 g.bing.com tcp
NL 23.62.61.129:443 www.bing.com tcp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 237.33.253.131.in-addr.arpa udp
NL 23.62.61.129:443 www.bing.com tcp
US 8.8.8.8:53 129.61.62.23.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
NL 62.122.170.171:80 izumrude.ru tcp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 172.217.169.46:443 play.google.com tcp
GB 172.217.169.46:443 play.google.com tcp
GB 172.217.169.46:443 play.google.com udp
US 8.8.8.8:53 46.169.217.172.in-addr.arpa udp
NL 62.122.170.171:80 izumrude.ru tcp
US 8.8.8.8:53 224.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 144.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
GB 142.250.187.226:443 googleads.g.doubleclick.net udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 56067634f68231081c4bd5bdbfcc202f
SHA1 5582776da6ffc75bb0973840fc3d15598bc09eb1
SHA256 8c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4
SHA512 c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784

\??\pipe\LOCAL\crashpad_4860_UZJXKYLWGVAETUEY

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 81e892ca5c5683efdf9135fe0f2adb15
SHA1 39159b30226d98a465ece1da28dc87088b20ecad
SHA256 830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17
SHA512 c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 171d2bb75148441efe258b748ba59948
SHA1 38fcf29b03956733c3eaae3ea8fa694a72b572b5
SHA256 22b7bbb382699262253f72095176fe778abec9fc420be0e54b6af27f2a78d65f
SHA512 a384b1090b7d763a2dc0460bc6066b052c599242feeee5e10b137cdc9924b7e699b93ae7f484accc54986481dfc3755e9e109203bf43255750a9fb7717a98162

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6a22521eb31bdb84d6fba854a6e669f3
SHA1 577f11dff61911640da065dcbc33104106c2a770
SHA256 99ef1cc7410fcdad789c04954f4ae0d09da1a863e831170c5271e8b03a410652
SHA512 2bfb5e78b4313876a907c872ad02cdb93c36caaca62ca0257353e92eb7307f5662a367c52b28596ea224139f7bb245f298aafb7cf58ecc5ea571a13fb30171b7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e5b62f2aa41b3d2b5cd80b5c48520f69
SHA1 dc42b9f2922d85897499087e6b6e6a05e8c8ea20
SHA256 e2b800c399391b304d1b220542c6c31526a4901c4ee4457c45c8d7d6e801ee1d
SHA512 30d993bc71b1d401ec3aecdb162192e543b9318ec364059aad2ae5849046557a865cacbdefd58dce4c87d1d719be7c87a4988e5c858602ddbd15e4c8bf0c4ffe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 50f5f063cea16e62c89df8d03381444e
SHA1 ead7c667b87487cabc1f243e9fff93af6a95f622
SHA256 3af27df928df40ce740fffedf91a35bc941eac94b70a1cd0a2d6dba67692c259
SHA512 14fe714149ea9118fa3609764ab1c14d57f2828ee173ec53b5bffad139baac3a35fe4cffac69f77cbb7d11ea682e1c16ae3cc4bf09ec41d46fdf0d8d7234fa7d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 1088b653f40848d25d527841e1f6913d
SHA1 f81e2d1f1ae578252539c6bb95a20cc70d34b2d9
SHA256 7f1ce9b16e400f12fe77956eb0a17c8b35cf9d00e0ced61c64fa6990fa09c1ef
SHA512 134bd4c68d362d1b2e6782e328fd62848efdf9a7cfe41da6bec77f92906bd86089cca62ab7a662671ca6d0a66f3679f30aca7a3f106d81a9f0552ef06618fcb1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 4e0a56fe00d5b9f763b974187e5a158e
SHA1 bbd6ecee5b65d032fe578aa724d3530448919543
SHA256 490883256dfc720cebe2f1dc48da75dd1689f07e8d18261ec3015fddcad1a9a8
SHA512 a60c199d894e9394323299005463cbe845be3a6c842f078259fde282897c0e99f55a8f2f675f5d609892aecdb25138cb5154b49c480ff85146b9ec4fa373c7ee