Malware Analysis Report

2025-01-18 00:57

Sample ID 240613-ltyyjaxepm
Target a4ef20ee11b94e50a024b0b0c8ea70b2_JaffaCakes118
SHA256 b5d84ffe3cb7ee413743cf59582c14282b878a8990a34272cb09a66532e80750
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

b5d84ffe3cb7ee413743cf59582c14282b878a8990a34272cb09a66532e80750

Threat Level: No (potentially) malicious behavior was detected

The file a4ef20ee11b94e50a024b0b0c8ea70b2_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 09:50

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 09:50

Reported

2024-06-13 09:52

Platform

win7-20240611-en

Max time kernel

140s

Max time network

141s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4ef20ee11b94e50a024b0b0c8ea70b2_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a0390500000000020000000000106600000001000020000000c2fda26f8f47c6566ac6fc52710e95f88669bd9cd7a29e2cc72dbb7b4937acd9000000000e80000000020000200000009df38fd704d2ada391f8f5468ccbb30049e58324d5e98f02c7eabb5ff377764a200000000cb4c1785fd262867d619947fffeca8e34287814f37178cd877317b75bcdb7464000000019f02320848daf5c3eceaf70371949406c4d242515210ca5289b86bb382ea5380facee74f74b830225af69bb0d78b42d5ba0a0003e3a9d90694f7f16bb521355 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a03905000000000200000000001066000000010000200000009fab06c5aeebd70cf700eee1b380f4018df7cad336672cee233c83e18f5e37ce000000000e800000000200002000000025220e1ceb35a4e5bcebfcd5b090b69f490c6d41485538ca34e2a0a4815a3f31900000009a566f5874d39010c414fafc3e6c4ddaec263640f35f70ce251bba0fc3a85a061ca2fb8e219a855c7513354409bb252eefb0048b40452b8e3b9d1e2bb8155e9af7192e5588e390673b4d32b09a425c5179638c530fc8e2094e05558e6973a3a738aa2c920ed24548fdff5e353ad61af552b915234db0b01b22e0cfc26602f1580d3dc96af4f2d8e3e70555c6ef30418040000000028b356f54f4571867613036a77c75812590a92ac75299c0ddd7617dc5968387254616759364db4031abb9e6a63da71f0e4da4f9ba2ab0c87c4674aa40d6da15 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{52E0DFE1-296A-11EF-AFF9-DA79F2D4D836} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 602aff2877bdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424434078" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4ef20ee11b94e50a024b0b0c8ea70b2_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2300 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 fgngvp.kk.sopqa.arg.r.de.a2ip.ru udp
US 8.8.8.8:53 de.a2ip.ru udp
US 8.8.8.8:53 fpbagrag-sek5-1.kk.sopqa.arg.r.de.a2ip.ru udp
US 8.8.8.8:53 rkgreany-sek5-1.kk.sopqa.arg.r.de.a2ip.ru udp
US 8.8.8.8:53 snprobbx.pbz.r.de.a2ip.ru udp
US 172.67.132.184:80 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:80 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:80 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:80 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:80 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:80 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:80 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:80 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:80 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:80 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:80 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:80 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:80 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:80 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:80 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:80 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:80 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:80 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:80 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 104.21.5.12:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:80 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:80 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:80 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:80 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:80 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 172.67.132.184:443 snprobbx.pbz.r.de.a2ip.ru tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DODQ7AEY\xhGyXplzVmd[1].htm

MD5 0104c301c5e02bd6148b8703d19b3a73
SHA1 7436e0b4b1f8c222c38069890b75fa2baf9ca620
SHA256 446a6087825fa73eadb045e5a2e9e2adf7df241b571228187728191d961dda1f
SHA512 84427b656a6234a651a6d8285c103645b861a18a6c5af4abb5cb4f3beb5a4f0df4a74603a0896c7608790fbb886dc40508e92d5709f44dca05dd46c8316d15bf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1aca6986641785485ec3ceb13db157db
SHA1 8a051be00f52cf535729485cfcb4680f1975c3e3
SHA256 3ec1b52bec85ab4e55f4c1ca6243c8e411d9e896a59ea2783dba5860a13e35ca
SHA512 82fc9f0e6b39160f571c2aad9155bc6a8a1f0c21f91bd99e3e567ad47834f8e577643b2e286877f620e377e5179a5a56d3842b588820f0c541cf865c563125f4

C:\Users\Admin\AppData\Local\Temp\Cab365F.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar3660.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 87ccdac5d50cf3623103a4dd4a35f2af
SHA1 3b66329afff1aabfb6a0cc2c49dd0af3e4cd338f
SHA256 3939a187280fa4bb4064f4aa9172e03eab7a0dadf177fe9e3598fe5bb4061d94
SHA512 2558df072bff3d2b37ec6b7f6580336ede0eb0f11032d1f5ee2499bd9a215981b5e6c22264277287e902b321c412cf5b6078c1f14fac3c79f57149fa65a3c132

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3ed3dd69fd0ab5402d4c207cb40a7a08
SHA1 83e35dd08f01dd27e040e7e672f63021fa86d12b
SHA256 b3257d61330dbac8091339d3555e6d75fc1fef470740b944183b4a2afeefd764
SHA512 d4efa2589ec45e7e5ed21720f8d23b7e6361441ae8ee5f8f781980c8ba53bbae79bef54fa7c4147b771cda30b4c214cb8388933b8e90f25c8720d94fb66e2e31

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1f095a00b78fc3a33d75f32ff0094dae
SHA1 eb3b22b2acb68d97ea9fa717ee2aa88ae11b6d58
SHA256 2f09afe33004528421ffb03efa01238da0eedd2e7b94297afaa948541dfd2828
SHA512 e7f2c5e72c1c55bf2992357e8ffcd00d427c7091044df478ed0e9e5923aebe901f2848f13d000e377834382ccbc0fbb788cbf1e6e4d6b316355697487f515ea7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ecf24048a21e5c9cc5a4d087981f6cb9
SHA1 cbd779103f5a788fba589deb448e188623ad0f3e
SHA256 c3f893957e83af0763029ae73f76351b09304166c864e8d5a1adaf0910a9e89d
SHA512 8361bb3cb92d15db16b155d318b75bcca72dc564caed084186b67de03c235c0311adce04f76937dcabd4815b9af06c4a376f4a4a00ce3bca90c3ec03035da23c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f9cf8823584493e529ffeeaede4d4642
SHA1 6e719f55a8ec447fbcc08d5f9650b6a311721374
SHA256 f305593527eed8253f8b24e348fdf17da71839f526cb1356ec29131bf2b662da
SHA512 86984eb67d6a443c838ebcdef3f81eb5fe0dd3fb826fe696123924665ffd2a529a6fdc63789c965557df00d6afa31dc0d3f99ce866377a8892df2665852f9f47

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ea07a27337130210963ae56abf7cce38
SHA1 0cd8c14d1c478a7a55244c2dbfb5ef8d3a283629
SHA256 08926be7f29ea12a8121fac237a8145c8b428de27a279036ef86491f15874cf8
SHA512 1fd9297c3491022ca6e15b8cb7a1c6240386edbf8deaba7a1a2e9e7e4f08a1a20977e76827068c0e8583461b6c35a0645973dd82cbbe415526b65fbe392c88bb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 078243e0ff56ac977ee0b97b8988afb3
SHA1 0a0757440a4be53bbb276c4a09785f414b80ea17
SHA256 8ba91537566a2c2d12f87e3c9644a5e64f749a6b496ec62f882d5ac1a2a147fe
SHA512 35e43a81d507b499aa36f160e5bf763b8b8d5521a2da3640f91f036d932d08f3d4b2a99e7c10345577f158c0ded30bf359e12a6c53ab2823c91b8808e5ca4b47

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6bd45369d8c1f29b5fd05d9afa9f11f6
SHA1 ff1c9ea89126f9a748cbc566af017190d2a150d4
SHA256 a5914363e5f47d7b81dc81c7ea3447be553e28ac955b5ec5c18012a2c51fc9e5
SHA512 d667d1a29de4e997d8f1464591fd935836594348a1ba250a57149fdc2924ef522715da32350a8cd81c6632b4d6860c8720200dbfed756449f54804c488c869cb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d41566b7c2ecb22110a39171db5577b4
SHA1 ecb06559399eca9ed52cad245f672493ce4bacda
SHA256 8c21c0be7fdfc3ee3bced6ac8d181c6319b48fbb016af092e05ab0e1c8a3940d
SHA512 cb8bb2b2066d1e3f5ca69a358f865bf10343fbb38a950f7e5efbe346a870aa62f6e92b5a269a4e7d7258027fd5d40e268d550fc7b1372f15a12ef3e26301e90a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f3f9929a64eb2434843828781e368d2b
SHA1 6e9b48fa08ce0fba6deeca0142b5377a62f26278
SHA256 6d60429b3fc79e64e0385702db9cde4463b88a606d43bdf66e2c812f47c8587e
SHA512 659323f717ffc4f5cb8023c01ba74d7aa9d7784d85ddd9353a89a55131df7f34fbf99684af3976c098ed06b6472a48410898952f3d50d43cd63f1951d0ec92a2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a68f13c62b8c3afd7577704deccd0421
SHA1 384d90694394ce7e7b01c267e84cf1059ebe6947
SHA256 2b038fc5234ee547b999b43242b3c5a96ea2a161c564dff9e6043f9b520498e3
SHA512 955af30fb7bbf5390e5c27d956e6bdf603f4e71911b5243c5b50cc0a342d4f57a8730b87e92fc424e272292c86b05e25c8ba692162cf5383376ef36020eb33b6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4cfd600f12628daea30a39c4b0e33a37
SHA1 375e3eee0f6142d3f93595441172556408636d87
SHA256 401648e6f6c01307b1c03a3550bd1151c90cb15c14b0b96352a51427e35d1a17
SHA512 d922431aa84353b726815dacac284bd74686add39c58ff7b96d47eb70e6c1ac2e3a63ca70c23371d794f020a13089f2b8cd448f35b75a8c2e297986ff02141c5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a6a81326070129923422f3ebe5d6d9e4
SHA1 5b5dd84a66bf5a2063dbcf7e47f3b75f3d29cf56
SHA256 9f5f5472917b7b2a0d765f0771242bf119715babdf0e07166c8db86109bdedbf
SHA512 76886dfdbb2cbb3347799257c2e9b2119c585b199c433907bef1d8766a8109eaaf60ea908e99b3a9f1adc23727990e31c09f4cbe49ef0947d1905e9a269418a7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a2f03f9d87258671cf7a28010b689d20
SHA1 d2536c576a785b846a60410864a745e0a8d541ec
SHA256 e29d3a2643e2d77c1ae94d9983b4b224c3f884267b80c4a84a3690c1ecb097a8
SHA512 143f48723371086936c938e6d1ef6628ab78ae7c45a87f40fb8f4281e6f0aa865220684646874e25d71a2f340f0a95c891217a030b83243fbd4e805b55a4930d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 14f5713ec28725a9080e301bc4db2e2b
SHA1 793255bf950b3c424f2222364a4eb8a3ddb131f5
SHA256 38e1d38a01b6039c2a27e9f00bb7305628eb1b7d116a093263ff181f59318183
SHA512 cf05afdbd4dee7a23f7583ab1d932c67549931bf59816604badbcee05a1693b341f1f6f28df4311cb07694e215fad59fb1e5ea14ecdc6b41cba5ddca26330d24

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 102832a94a6b6dbb9045e2ad57196aa1
SHA1 190bf3d67eae0a4d3ba4a589efcb72fd4d79fc78
SHA256 323b83686141963f1b6900a9b57828dfd8ad6d2d674db3122e38ed331bed17c1
SHA512 dfe753dea90bcb8146cd1024c8798cf26d30b907b545574d6e180c66e4346ec384059293c638febbae29b1a83c9978aef3010271e4451efd5f3fcbd3e409f80f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5ecc2d37b11cb240acb2f9142f03d691
SHA1 f4357de6a9e3b55ad37fd80257951dd070665dff
SHA256 207a0c4a5974dfe86cceb9deb2700d8018b0e36c536ba227fd74c93358179258
SHA512 3c1275ad1fc79ffe3e910bff42996d043143734586a638db149d1e311a400f6fb05e061b9979a04adf07bcf34b4869a44fcdb2cb9da18d666ae1d6f9af29b4fb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c057cfa78bd26ecec90999b9975a74f1
SHA1 97467d2c3e58c36d515db0832ccc2709cc09d876
SHA256 2ec645296dc43caf353990826f2f0c37c482c01a47b691f7921a6678d638082e
SHA512 76bfce8d5076655666b637ad759aa905cd5ae89bc5c378690066e575f11e68b76eef1709bed6ea2ce752d7c42a1f4fd49dba2ac6523c85d461cebbd877beca7a

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 09:50

Reported

2024-06-13 09:52

Platform

win10v2004-20240508-en

Max time kernel

145s

Max time network

129s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4ef20ee11b94e50a024b0b0c8ea70b2_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2492 wrote to memory of 4616 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 4616 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 1684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 1684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 1684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 1684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 1684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 1684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 1684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 1684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 1684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 1684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 1684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 1684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 1684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 1684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 1684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 1684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 1684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 1684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 1684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 1684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4ef20ee11b94e50a024b0b0c8ea70b2_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd6b7d46f8,0x7ffd6b7d4708,0x7ffd6b7d4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,16659722106821635630,13697887793804518263,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2032 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2028,16659722106821635630,13697887793804518263,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2028,16659722106821635630,13697887793804518263,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2944 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,16659722106821635630,13697887793804518263,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,16659722106821635630,13697887793804518263,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,16659722106821635630,13697887793804518263,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5004 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,16659722106821635630,13697887793804518263,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5004 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,16659722106821635630,13697887793804518263,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,16659722106821635630,13697887793804518263,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,16659722106821635630,13697887793804518263,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,16659722106821635630,13697887793804518263,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3484 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,16659722106821635630,13697887793804518263,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4376 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 fgngvp.kk.sopqa.arg.r.de.a2ip.ru udp
US 8.8.8.8:53 de.a2ip.ru udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 fgngvp.kk.sopqa.arg.r.de.a2ip.ru udp
US 8.8.8.8:53 fgngvp.kk.sopqa.arg.r.de.a2ip.ru udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 612a6c4247ef652299b376221c984213
SHA1 d306f3b16bde39708aa862aee372345feb559750
SHA256 9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a
SHA512 34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

\??\pipe\LOCAL\crashpad_2492_PEJMMKIMZAHINPYS

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 56641592f6e69f5f5fb06f2319384490
SHA1 6a86be42e2c6d26b7830ad9f4e2627995fd91069
SHA256 02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455
SHA512 c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a92852b1c52e63ad6900843fca109f2a
SHA1 bbfd9b57e4c52e82760009d507087f520f39f730
SHA256 d3c330ef0a06ffa2a5c24f7bd50390f296caf6be2518363ee23d7406969a05b2
SHA512 7278c8c187ca10d5a03d1387d10a3ca0677b42ad9a75573ef3e5befaf4f072ef872e1d31045d0646b5c8e6ff5222847746a7257dc45890421c4331b6b26bae12

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 84597e48596840d551dbe880601c50e4
SHA1 2860d4eda95491fe54977a0ecec5047c21f55dee
SHA256 167b267291f5695094ab8e9349675f250e761c95a27b3993bb3e8818597a08e9
SHA512 f55c60a908799cac40deff39bf291bef070416428f13e6e976ace12f384f2a6a94d96d41283d9eccf3cd73e76dd6fe1237e0a3f488d36e3bfb71d133ba64d5f7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 82f672640ed39f29e8c13ea9a0d4de39
SHA1 919c628c0a785cd992a80fa0367a3634911bcf7a
SHA256 0f8b9ebd08d16a7d81c5a5824696fe2a80c18962af493546327d2137c2479674
SHA512 3d09cb3d1783a559e1a8bfc04d0aa88f877e21bb2d585da0a6de9868955545c61d025c65d9503028db6037755460ac9a74ef0994d5a3b68cc324ca33dd40ff7b