Malware Analysis Report

2025-01-18 00:20

Sample ID 240613-l4zmtatgkh
Target a4ff6014b0725f74bdb315b45447a789_JaffaCakes118
SHA256 17cd8b222935a8c3621c0b7d21ff52d23c96d06fd5f4e46823e2a6b33e418f79
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

17cd8b222935a8c3621c0b7d21ff52d23c96d06fd5f4e46823e2a6b33e418f79

Threat Level: No (potentially) malicious behavior was detected

The file a4ff6014b0725f74bdb315b45447a789_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates system info in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 10:05

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 10:05

Reported

2024-06-13 10:08

Platform

win7-20240221-en

Max time kernel

140s

Max time network

141s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4ff6014b0725f74bdb315b45447a789_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "1544" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "1462" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "282" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "1462" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002539691c9c50954d8f11e828d44201e1000000000200000000001066000000010000200000001622c868dc6c8bf3a8cb5e7dbd2a19c4b952b5e70628abcf59f6bc414bd6830c000000000e800000000200002000000043151d281d4c707fa1b559fbae9d8eeff93f9714dd55dc2c21deb2c17d3d387220000000a930a0540c65b4340fdbe0a3d93000b22cf2d74340d652600ae4298a0c03d51b40000000fb89960b4fbeeac4f349966e1be626cf4e0b38f630f556c2cd3578889d447728c01716af659e3eed8ff24a5b486daa59dbaffc483d0e31bfb24b6e28597efcf0 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{85FDDB61-296C-11EF-B4B5-5E73522EB9B5} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "282" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "197" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "200" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "282" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "1544" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "2956" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002539691c9c50954d8f11e828d44201e100000000020000000000106600000001000020000000103d1cf5b401911710cb4194cb1ce4f026c2348905c247cef730d9801247ec0f000000000e8000000002000020000000d792cd107d98395c15683d0975a6c4995d5a220c15aea1281c377863f4260ab7900000004ee47e1b759ca1e32207353964640e0d86f8b1c0d5bf474ae42fcb328a2aecd611e86977ac73a5e699acb770785367f0d95ba3a9ffd4b772a1598dd1db90a05a732be330277990c90de5d8df8dce90fd06ad72401e53676a9a4d559bae6af875cf9951f3be4e8f717ab83a66545c3b605e48223554fbd62f67bbcadd30682da17a5252841b185457b8c2c0f879581f1d4000000041b42cf1d1ba61d3cf850a2e79d3cf0af1f64bd14136c5ae04d33e3dff79dc63b8fc69cd75c519f02eb191b779e3b2f572d26a914f41fc77b90945cf4331e021 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "197" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "10479" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "2956" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "200" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "1544" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424435023" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "10479" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4ff6014b0725f74bdb315b45447a789_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2924 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 maxcdn.bootstrapcdn.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 lh4.googleusercontent.com udp
US 8.8.8.8:53 lh6.googleusercontent.com udp
US 8.8.8.8:53 lh5.googleusercontent.com udp
US 8.8.8.8:53 resources.blogblog.com udp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
US 104.18.10.207:443 maxcdn.bootstrapcdn.com tcp
US 104.18.10.207:443 maxcdn.bootstrapcdn.com tcp
GB 172.217.16.238:443 apis.google.com tcp
GB 172.217.16.238:443 apis.google.com tcp
GB 172.217.16.225:443 lh5.googleusercontent.com tcp
GB 172.217.16.225:443 lh5.googleusercontent.com tcp
GB 172.217.16.225:443 lh5.googleusercontent.com tcp
GB 172.217.16.225:443 lh5.googleusercontent.com tcp
GB 172.217.16.225:443 lh5.googleusercontent.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 172.217.16.225:443 lh5.googleusercontent.com tcp
GB 172.217.16.225:443 lh5.googleusercontent.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 163.70.151.35:80 www.facebook.com tcp
GB 163.70.151.35:80 www.facebook.com tcp
GB 163.70.151.35:80 www.facebook.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
GB 172.217.16.238:443 www.youtube.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 2.bp.blogspot.com udp
GB 142.250.180.1:443 2.bp.blogspot.com tcp
GB 142.250.180.1:443 2.bp.blogspot.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 developers.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 216.58.201.110:80 developers.google.com tcp
GB 216.58.201.110:80 developers.google.com tcp
GB 216.58.212.238:443 www.youtube.com tcp
GB 216.58.201.110:443 developers.google.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 172.217.169.3:443 ssl.gstatic.com tcp
GB 172.217.169.3:443 ssl.gstatic.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
GB 142.250.200.34:443 googleads.g.doubleclick.net tcp
GB 142.250.200.34:443 googleads.g.doubleclick.net tcp
GB 216.58.213.6:443 static.doubleclick.net tcp
GB 216.58.213.6:443 static.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.178.10:443 jnn-pa.googleapis.com tcp
GB 216.58.201.110:443 developers.google.com tcp
GB 216.58.201.110:443 developers.google.com tcp
GB 216.58.201.110:443 developers.google.com tcp
GB 216.58.201.110:443 developers.google.com tcp
GB 216.58.201.110:443 developers.google.com tcp
US 8.8.8.8:53 soydaria.info udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 fbd13b2ede05bc7dcfe2dce382b4f600
SHA1 187537b5b90399be03facc53f345dd596dcc2abf
SHA256 77c3f721f7e5c6ba91fcb9ab705051072cec6f900c4347c57eb6b593373d434d
SHA512 1cccd89bb20d1af9b406b265db4954e4bd626aac3b6c9281a3d0bf94dd0ac34920fd30cca79c6fb01b6c8ef06edb5bfa1513e7f2a613f6b780e10e9f1d76c07e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 cb85f3fcf86ef0de7ef258539cae87de
SHA1 c73288fff07885a62f8c7033b348863ed3b8cad1
SHA256 7430a96d94b1faa5363b7656b323ffa416fd262e0405e498bb143dc93443963f
SHA512 dc152f2e8c8f7e316e84f7a1f3996e02c08d582d6d0e40b8bf7171e359ea952a80b7452e56690b30fe98b4655d4744e8529a930449ef1cd853e377f86294b2d2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 c573d61298a8a4ba286857db471aa01b
SHA1 9ab7d7945ec908610ebc696ff8bf19e8bddf0855
SHA256 79e30cfbfcd12bb6cd06876ba368b73a24d153611260acf78d415e854b7c9b5e
SHA512 d0750fc43507fbc00012f31e7cb20d3ba4167acab1a950fa368593eb60fcaf1abbfcb825e32a05965e92c2ca695505ab0776d09a70db6d0652677bdacb55b6dd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 0fa757d3709d04e354eeeb3e9c1a586d
SHA1 09d58ea2a2dbc97e3ce7eaea6ff902cff2834853
SHA256 8d40370e90f51769e5f0953fcfb6d8187b3922b94d67ed5ca776ced03bcfdbee
SHA512 273256363c41cc4fc5dce57000110ded1e726a21c8453f4536a8b7ee57a848ef293d08f085a1f7422521e240814b9da0af038432c7d38b4f8510ca261393b989

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 e2e2bfa4bb7b4af1d2527c1917898359
SHA1 762fde62d106436ececd214d6b9a733c0359a7a0
SHA256 61e61fb9edb825aa561bbd3e9f41a5602d7f53623c7250e2a454bee9873e94fa
SHA512 323d44634b5590fda95a9c4483d24ea8760fdcbab1c611f22cf5751b49aae29c73f6d474dbd3acade63bca4e517eed6f4f32f0b8192e419b92e68d48c328b6de

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 a9a2f05b904f9f5b20f1335600aa0f25
SHA1 c0b192b8f678e409735c01dc3bc6d8a7ccb01a0a
SHA256 f857fa32834af7f6393355648f228c6e43abac5509f2026a7d4a18b2417f78d0
SHA512 534749e86227160761d80a2178fb0d6232cebec3ff946ecc6add354f1e4726aa8fbbc279f35ea8ed196abd38ae9d476a9ffbd5981dc6f541e0d0b6ab3c1d1518

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_95776108E5303B05527E9B63C6628F47

MD5 0373c72d34087edc98d1082cbeca2c5b
SHA1 96730329be73dca6fab7358d43bc50102f76ad0c
SHA256 fdbb83fc90bee9f2f724dbabd2fca8ee817118083f4a8b36f4b99fc6784def98
SHA512 a2ff38a208418d61d137b4759b253a636e521095eb6860fcb4bbac063a27269eb758d7bb79bebc0acfcb9058be0284b6432f73c6004ea98767e530f9f7e992a6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DACC52A1882A05AED14688828CFAE295

MD5 a4c3e4b3f212ccf9719236eaa8f728be
SHA1 e017a18974a9969ca60ca2499ac54b464d91a2ef
SHA256 0641546fbe6a6bf201d918796cf5efa992632208053037f369a6173cc2afd39a
SHA512 c4c229eec604f4022ab0d439eb8b95bbdbb554d809d4571745957f0da5dc740e4ecb13757273b9dcf9f431a5b1ca40d53a539e2ccfaadbf7c161dba6b8b2734f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_95776108E5303B05527E9B63C6628F47

MD5 31c72108356bcbb5569409aa463923e3
SHA1 647712555d187d6763bdafc3e9c2ee9645bae56a
SHA256 16c8fd04d2e7f175e0092f4e468aaa9b762e79720e99683c787e4ed130404cdb
SHA512 4768ecbf85c6c15bad385b1c5b6937e4243aa4bdd0163ef49bf219047b6d9920a535a860cb29cc02dd5a427f170ff43d4e6e7fb5b3505233d24d671e84205e60

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7ed5249074c8b7c8997b4bc7dd4fafde
SHA1 6e9a9ff0f80bb9e22f812da46ae9085664e5287e
SHA256 7d297c9b1c7806bf3e556152617be6cde243155a246511b068b67fe703af09f1
SHA512 d91d19d60dd8bcb8b392ecdbbe8530bb7f34dd7e88dc898c4a8131121a52fe737d1057b547870bedd1d58bf60b8fae33b04183d60f6fe95b1d042823e4232c1d

C:\Users\Admin\AppData\Local\Temp\Tar281F.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\Local\Temp\Cab280C.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar2911.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 80d96c29ab42f90bae1fab9c3647f683
SHA1 0eeb0bf7db4306b78d3c896982a30a1945837558
SHA256 8c0e96adfac967a570aa9441f576997a31cc0bfe9f13d76e09f27971aab8a902
SHA512 edf8d9a2f4a0650298599a69546c9ced10332ac767b1e4b5f84ab84ecf974a077811db0a6cc14f82bbc54a7f136fecf5fb52e84fc822685f5b7de6e773305ac7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9b599b315fd5e0b99dc3f42c692466ab
SHA1 93dcf2cff8796c810bed30451bc06713a82fd7e9
SHA256 718eea69614cb0125e7041a760c3088d713d2554e975e03da4a3d5b09449b69e
SHA512 5c744476a406b5d4c8a77e49bc577bf569b2b0737a968ac406919231c38d1f3b012e79762279bb128b48a7bc206f8a7ff74c51af31dcc36623ee667db487d2a8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\35DDEDF268117918D1D277A171D8DF7B_ECE7F7010BB93C9A4DC5F5FA51303BE8

MD5 89c41c11e8a28af8d93d4cdf308d577b
SHA1 a5c85dbffe820a0e641d911d2b692b65021605d1
SHA256 bdcdfecd79c8078fb85952d14057fe7570243c2ee7c5b75ffbeaf92a66981a79
SHA512 3a1ac6400a40b9a649328b5d63ff41811ed4cb2524b5d304536381dd5a31fb3bd2cdef0f4771eb0ddb38617e839c6bb33842035c7c58c7fe396bed8db3573d52

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\65RZ7RFP\www.youtube[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\65RZ7RFP\www.youtube[1].xml

MD5 ef2b7893cfb4c1055f3c452320cd6f58
SHA1 e402cb6cf52a5fe3695e08fd21ffe50076c3b176
SHA256 238bd85c1c4b218af0a70156be122f0bc10f7e8ad0f6be3fbd468366e28b839c
SHA512 60afa6138b69a516a662ea9e57926483b4d2dd3656c08199334c841b758e667ad250a68eb7ce1e8d18c34d9a6f663d12a2c2cd97aeaf80a380a8cc17dd4874ee

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EDQW9R5V\cb=gapi[3].js

MD5 0fe383a7ddb9bbaefc3105b3297f5583
SHA1 f80c9d789f251909c7560bd91a9e1b9a10c26362
SHA256 d7ad4aad4e48174c30ef21fc32c9380659d2c99a5c39680e10ed9752139d8683
SHA512 31de1f59377bc76e5d602d02273867ce750bbbccb7edc8f2803c0188002ecae6752ac3ec31c2108e64b0d871b01e6a8a06711969dc68bd9823303def0e7c1ee4

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\65RZ7RFP\www.youtube[1].xml

MD5 5c0ac074117f2633cc98426b1a7680d8
SHA1 88250a06d45fcea133546977e25a36d5d782b235
SHA256 bca6747971a13220de0a59b4dc89dc896adbcea0d05af2c50541a3179a3694d7
SHA512 0846d444871c55ec549b2068cd089ec647aa35343d29fa8eaf04df95d6e9aec629d8cae121f9d4fb99d50e3b67b04af84f602b659dc19c10da5356b101768117

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\65RZ7RFP\www.youtube[1].xml

MD5 f01eda55af85fd34fc6bc4ab5856c476
SHA1 580d4052ebe7717b89d572c9403e00cd5c8f4bb9
SHA256 86bb5eb7fb0193dc99d800574b959a376b3bd108130d623176d40db6d7ad85e8
SHA512 bfbed18e232acf45688436286f463c35329ef2817b37ce2fbc274b21a0dc83943b3d89ff3be4031cacb433d9ebd3ace3dafacfd76a4358cac64cbb68250d19a8

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\65RZ7RFP\www.youtube[1].xml

MD5 a463e84a6b3ec23ac80bfbffd5ae34b3
SHA1 1fefdfe5b1f9a89c425686b785229b2526b6e74b
SHA256 819f2e5517e2b4569ea5bf5d79b148d9bc611c68617c6b7c118f62738dea1465
SHA512 cb68fa235b19208f057aaaa3db6ec87bd88440bdd8a2ae20977bf6f55ca738cd18f578c7fb25e226ccbcb9efaff2121e9cc3a9408de7fd864ce48e843f340baf

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\65RZ7RFP\www.youtube[1].xml

MD5 716b2b0f51b8963b6b3555eac94e0650
SHA1 b9fb45961dc4b503e3c00e8c64b057ef4ce3e84a
SHA256 aeeae004b5b57c8418a157583c05c381422f7f0600f8fedfb0dd05e950dba1fc
SHA512 6faf58a0b8cc5ec29fd7bc9f08d8758cf4f3a0231b796ae7d0eb72a76393b1bb2d93f25fea2bc41268a5bc74966f61a5aaf597afaf3768d2c3d654a8f1a99214

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\65RZ7RFP\www.youtube[1].xml

MD5 b9ef7e21fba005570fb48680af51f794
SHA1 2d13ac8ca332020b4962e7930312bc0e063f336d
SHA256 51d89a00ecdd0afb02b7be78885db792a243835750871adc008ad8875ecf06ce
SHA512 82103c3fbf593c7eae12e7434b59019584d6894f4d3d93bb3846e8d17d24b834d4fef0d0e6ac3f9959eb7de685f2f4203852fb85127bfbc083cff3a1bec62810

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 437819e548a0e6b1fd30250d645150cc
SHA1 fd9d7ccfc57ce373b8c8fd46d4977df578d80693
SHA256 0bca0b9145c8f8ca6476fac16035896694eb7bffea04611edc5c5f30d430a4d2
SHA512 42bf0d29e1304aa527681d059b060e49110a24ccce1ea7a1841f0b45e0cfe036d7784f68452c64911da84238a7144eafa65cb8e0de32504e0251ae3c2a743283

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3621932b5273920784f656fec0bae41f
SHA1 7f588ea004ebed8716389ffd99c618a817aa33b1
SHA256 db7a314a5c77be4c8f60d92a91964c31080506a76ee8ebcff729546c5947cf27
SHA512 491c5f54a69bb025bbe6aed17fad39821e87ff04aedc540ae5c89d944c58c07a0b8e822b1f472496821c8a159b204fd98a6ee2d93c6bcb0f311eda01c700e55c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 544b73d7a521ebf16f204625763deec2
SHA1 ce04a925a3ab3c0d35646d86f2f3716c8b8a52f2
SHA256 f6447d9988d5040a549fa6b01022b8da45624a6dff17f66d68c01ad49582b458
SHA512 ce41fade47ec610b2f5b0ddab7af9c5962fa4c3f80eb0e023e88513b47ae2d5bbfa0a74678478781064d3b4a543eaccd9e577d95c4bef853daf1da0419f7a17c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1173a27a18ac253981f1c677cb117105
SHA1 fa2aae88b6c8a7fcc5720392f855ed5275115514
SHA256 02200d8a3eb5c9e70fd7bc5239d40fe21ee62bde8d32f8403371b0488c95067c
SHA512 ee844a4aaed9395c05fcfbb0f85176800e3e6d241e5777044090d0a3104d381f18fd832caf07328f47091bd712e36cf756de12cc89d5e022b4d686226973ee37

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 44a5ff8f6fb52ab6f9976ff3e59bc8f9
SHA1 d24e0bd766f9a2122ba898ae7f048a5298b3c79f
SHA256 2bff90a8613a959ac6d6b65e698eb73d5a7a9905f2c032eb50e47cc423c11ed4
SHA512 e23364d7cda5ac91b7ade28a54288a57fe84dac4c3e9c2ae14938b1029042bb5cc12eea53be67333be8f086ade98a602be3b016d977b4d456801875d3a7a74dd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9b29bd7cadb857ced58ece9188031b17
SHA1 d5fbcf2786ae8c1824fd9648eb3a458f2ceb395d
SHA256 a220d31658998ac7020371fce94df72fafe44282c924b38917a36d98fcd96a23
SHA512 c1520097952b9c11ebdae22b3574c67de90782ba2b3daa75feeb25cbee68a1210e1a9a9fd668d063d7df11f771d86ca370a7d79fa00912d336591448b93c274c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c56da204e0400c72e46521f23e94f68d
SHA1 8391fb73f6164cf43945312698b22b5eba312222
SHA256 3d6b47db7c14dcc7576b366bc4b0517cd0c1ba5e6e8d9f7e4e93877d5f3ff46a
SHA512 5eda8d9c4f7c554424160851823fe60dcf1f264a61901c7f3651666644aeaf16bd9775b710f9d88f5ba92da337d05488e211f8987f12a3eed1f8d2504c7d1274

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 aa74150e910d303ab17d7e86fe9edceb
SHA1 a8842d6d23a25075a8cbe93abf12a6f9cbb98823
SHA256 a6e14c84e9b4df602d8d150118666529de5ac2cc0a13ac5a96ee6cf5fec5fe76
SHA512 3932d6c54c22d50369877cde98a92efb81cd83aec6283476f5228f5ecbf313da9725173045e4dfd9c4f433376c5ec8d19a650b2a4e2b0debb16d761c50c0caf5

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\65RZ7RFP\www.youtube[1].xml

MD5 bfb6bc1ddf23cc2e7b09d38540b05ab6
SHA1 c631c11c331fceff767213e13789d3c5c1ca6cfd
SHA256 db253e7a797e986825fd86b8a9e2c37f797bb49c5d0aa4230ce05cdf47d36e3c
SHA512 2de908ea911d6bb384029660f379efa0e4f3899b41357764e2bb96a51c32c720a3c0d7054a09f8cac6589120fafccdd9d8154d51db3bf6535c4add1b5bbaf9c2

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\65RZ7RFP\www.youtube[1].xml

MD5 5beb6489f51368cc0f07047e8b271ecb
SHA1 dc8b57140528f832ee9c5c0cdf2bad2703e849d9
SHA256 4d6d255495404b7468cafd12c353cf74749470836a526e2458f0ec71d1bd2037
SHA512 359c5ab4b6a7a212c839a2a2fe8874b45f7d3ae45413d68bacb5cdbb784842148ff2e86d30e08e1f75cd1c9b2d77111990a2dfbf0d7e8e31c04e20dc47208f9c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0bdcc2371804c3c59ff505e9ce67755d
SHA1 82c26a95ab8b3b5aed8b76d4f6a5482197923cfb
SHA256 189171490a5ccb59b0f83e6b6511af39b4036a61a7f910b7a47b0563158cd9a5
SHA512 8db87e5c10b2944730e0fce21bb21736006ed1ae4d2c28d9afd7a7b7d89e5400ee5784b73158f3324210097e965326e6f31bad1e3967a04cb0574d72e7d35c3b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a6ff8dba1890ddcf11f1fe62c4420893
SHA1 d39bdae0471e6264ae5ccfa495a524535172b121
SHA256 33716bb33e862b16887306342751dd8e6fbeb7a9a4b8f5a4546c8867f6c23db4
SHA512 a1ae47facbca22841ee4f06ac3ce11a44b0c30a75df70d5418e468c781448b2df3f0d857d86d73495d0aed3f0fd817d81f07632cdb94dfac3ae5f5ce505220f0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c836a497581e4492848a5dfb54f540fd
SHA1 958a56b5fadc859cd010cc9c2245ccb9827bb67f
SHA256 c8ba88257d33f02b62e9b94f0ae823dc7003e0a619ff1186ae333ee207e256d6
SHA512 899ceee66c455eaba30c1975a74a4cdc00143f45ed6262a594bf1e7848d282d06d773838338460f7baae59e40d0d3d185a62dd8b3e7de3ede2f443d40720879c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 dda581ab58d4dd74eeadbda301f7ab8a
SHA1 5eb8a61e3b361c9ecb4d29f2617be43a3fd84fa9
SHA256 2b5b4de63683482b7b532b6f24aa1f8c8a25bc8b74e205cf2be69fe54409212e
SHA512 34fefd3925bdfddf7da49cfcbb2079d234c162def730a21b3592b5e130fe41adbb429571bc9097a291e95f1d51e5fddf38ce8db7397078ec69153cf194e17005

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8ce631309802171d35f6643b287a414e
SHA1 22b7bc9233ebb538937bc5488b4a510daf6e4fe6
SHA256 17b73610ebb7741745646b686eb9d23a36e01fd8d7c9a4478490ff705602a865
SHA512 3da08ea0e5bcc84ee4ae4d732b1cf0fca89d77ebfb11da68d813952424c63904049b865641ddb82417ce9130eb592ffbd6d60a3950e46ba28b10d706f2c46404

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f0c32c187f500752aa37d991735637ee
SHA1 c4ff350054032f31ae61d968e4a8d95a95995698
SHA256 b14a73288000f6a6b5fb00154169181bc95a94642cf39c2d2278367aabbcaa0c
SHA512 797b8a2cacda2a81d6286776cb70ff7f8c0ff740d61ca35cc03703e210345ab303d3a640d91c0e45c8c985c0db575e653968d1d4b89a0d3a32ebc9d5dee66b05

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bd14075ff3746b5cb192e1f814b58aac
SHA1 4b67028f4c94e5431721fb913ff0124315efab2c
SHA256 1943aac613d6d1dcbfdede48ee60639f2bc5833aca3ac7645bd67fe10221347b
SHA512 23eb4f1a5549d334b1ef4fce4f2c2d046c2522a7443da4c1e0174d4add09a2eb0e1af3645d61c8b6b3a9d9c40650a908150ff27671d4612c7c40cab26cbd9ac9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 717d551fe3ea20aaae0ba5900d8eb1a2
SHA1 e4fcad2f859a9d7e26a596751336abeea003dca8
SHA256 96418bb8d28b74e1925747095b06ee43fae8ac5eb38aeecff44408508b0b3a64
SHA512 5663b2474b1a17deba3f7b4567b59eb3facca6bd815882f1ff63621713af51d3660e059d0ba2f5396f9e0c64a82a0470a4629105d66a27ac512c6dbe2dbd49b2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 654782d61bfc2252b799d9590e9291a9
SHA1 13c95ce6fce70f62158ee9a9fc8fbdc6c59d3c62
SHA256 c579280862cee447ef2a4e04cc5253f78ab94c524001d0fd073f3f7803a7d438
SHA512 cd26f25477499b7c8d4b45fec9060dde2d350d4eac097cb2004fae2909407bdab3ea37d3052a9451ae63c947d147ee0659d2931959492818fd5c26c0acab422e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 52c0f4a924669588052a97c418a5a687
SHA1 07a5bacc39396d81a1b6a58a9913f2e4302c9c41
SHA256 0ad2cb7544c21eb0b824840d37e2b9521344a0725c9f6bb525ea97cb700cd2e8
SHA512 aa06bee9e463fa31496886407a9266c221ea5da0f464a6656f12ca85f53e985ffc27679088092309fb4b60e56b708e6630513a39dd9ad9ce675eb4fcc97576c9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 471a2cb8a83ded5afdb32ee353a70fb5
SHA1 e2b4edb1c134e790cf802941d6563df7ea1c3c96
SHA256 0cf114c914a3aa9c9326119a1941553593cf9b7ef0086a3d209da8ce276c69f8
SHA512 74ac86fd101001a0ce75af6e3028e19d4e79a4e44f72ad558c9f4978ed322546c5f617f9b10d33e790aec03389d7d809e546abcb98b399ce5bda35983a98d996

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 847c060502fd6ef9eb15b83d29012fce
SHA1 5671d63321cf9c9181d572bb6125229506275df5
SHA256 53235034be5bd7011b0b86424e542445e89a575a7152d8816eba2de933c650c2
SHA512 7e5061187f3852068d47760702d6197c7e884e3f7a4c97010c5aa9050873fec06ef4d6d66c7814aa8219aff9a014356c07f773ae76657622df15a48e36b51c51

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d958de6ba3ff79f8c0fc9840591f779e
SHA1 a82bdaf67c1b81f52db87c513d217eaa28bc5d6f
SHA256 fcd034eec2e2672bfd9fbf896a11bb7162d5556c149165ff61c450ff4373d18f
SHA512 4fb287ce2ec24ae3b399b276174d25c38590441718f24e7e6b21dcdbbe22cdca6c490e5c1e69d2afd465658b607ac4ed82c292356757c90542ef4c9b44d38b05

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 10:05

Reported

2024-06-13 10:08

Platform

win10v2004-20240508-en

Max time kernel

147s

Max time network

149s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4ff6014b0725f74bdb315b45447a789_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2020 wrote to memory of 1288 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 1288 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 5028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 5028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 5028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 5028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 5028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 5028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 5028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 5028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 5028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 5028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 5028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 5028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 5028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 5028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 5028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 5028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 5028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 5028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 5028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 5028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 5028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 5028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 5028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 5028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 5028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 5028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 5028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 5028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 5028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 5028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 5028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 5028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 5028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 5028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 5028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 5028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 5028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 5028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 5028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 5028 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 2936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 2936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 2460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 2460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 2460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 2460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 2460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 2460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 2460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 2460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 2460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 2460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 2460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 2460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 2460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 2460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 2460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 2460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 2460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 2460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 2460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 2460 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4ff6014b0725f74bdb315b45447a789_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8ace946f8,0x7ff8ace94708,0x7ff8ace94718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,17782308953745339373,4682336051882061754,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,17782308953745339373,4682336051882061754,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,17782308953745339373,4682336051882061754,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17782308953745339373,4682336051882061754,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17782308953745339373,4682336051882061754,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17782308953745339373,4682336051882061754,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17782308953745339373,4682336051882061754,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17782308953745339373,4682336051882061754,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17782308953745339373,4682336051882061754,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17782308953745339373,4682336051882061754,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4836 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17782308953745339373,4682336051882061754,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17782308953745339373,4682336051882061754,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4352 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17782308953745339373,4682336051882061754,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,17782308953745339373,4682336051882061754,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5448 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,17782308953745339373,4682336051882061754,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5448 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17782308953745339373,4682336051882061754,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4900 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17782308953745339373,4682336051882061754,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3572 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17782308953745339373,4682336051882061754,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3876 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,17782308953745339373,4682336051882061754,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1768 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17782308953745339373,4682336051882061754,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1368 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 maxcdn.bootstrapcdn.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.4.4:53 google.com udp
US 8.8.8.8:53 4.4.8.8.in-addr.arpa udp
US 8.8.8.8:53 soydaria.info udp
US 8.8.8.8:53 193.142.123.92.in-addr.arpa udp
US 8.8.8.8:53 soydaria.info udp
US 8.8.8.8:53 soydaria.info udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4158365912175436289496136e7912c2
SHA1 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59
SHA256 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1
SHA512 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

\??\pipe\LOCAL\crashpad_2020_PBXORVIDGPLXTVFI

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ce4c898f8fc7601e2fbc252fdadb5115
SHA1 01bf06badc5da353e539c7c07527d30dccc55a91
SHA256 bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa
SHA512 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 dd6568153327db0a1e03948fe53440db
SHA1 107f5d1535e4e59d72b8dbb3bc16bbd51c0f4caa
SHA256 fff81e1af6f176f34b53fed412af8264798143b0e42149e9c1afdab041a2b78b
SHA512 dd31447b12f3b4b0c940c30f889853b5bb40ed34682ef2ecbad386de7605f3fb64b225398bc455f0c03cf1aebf5c20efe34ceea9d0c102ccbe7aac62f2cebd0b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f01a68e35f830f45093b589996f8fbc5
SHA1 2a8cbf46be288de6e27a66f7920f2db58e419679
SHA256 55d84d22bee37ff5dd630e255e553040faf517a3f2d0596421b9eee8366fa35e
SHA512 dccbee00ac1f6b8c2932d720a9f780b1bc82e7c5931441f1bdf82ce5773aa677a8363c869b2fd43e388c9cb7268795a1fba60f7da1f57dbcd8554df719057a8a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 53a6ad842d533128824a290ed7347076
SHA1 abdbb2665e0a065eb7b1853864bba6629d9d5cfa
SHA256 5cdd16a7e719842d9b91fb2e025a83f9dec17f9f1eae6be39838f8ff8323654c
SHA512 e80cfabfd5072e1f27b9ba6f15b02b3a087f057c5c5f2374cb374e06a05e765d9ed1e0798997850ffa47860ecfac36e274532f8c7ba0eabbfe1ec3e1128ca8fb