Malware Analysis Report

2025-01-18 00:10

Sample ID 240613-qspqpavekk
Target a5ccc7f9712c791906a6b10d8c57e81e_JaffaCakes118
SHA256 9a65e941419bcbd2c518c1815c20d8dfaee673da2a06574b6784bc4519fd379c
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

9a65e941419bcbd2c518c1815c20d8dfaee673da2a06574b6784bc4519fd379c

Threat Level: No (potentially) malicious behavior was detected

The file a5ccc7f9712c791906a6b10d8c57e81e_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 13:31

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 13:31

Reported

2024-06-13 13:34

Platform

win7-20240221-en

Max time kernel

122s

Max time network

128s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a5ccc7f9712c791906a6b10d8c57e81e_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b2ef99a408ca8947aa87eaf4c6869ba0000000000200000000001066000000010000200000002be425a83d68a2d835e1a20fdffb5e09f0fccc72da8c6656f85bb482a885a037000000000e8000000002000020000000d59a4109cfbb3ce61ade9005edf5716f18ab234ba5fbaee80e64f4eaaa1a0434200000004a454414afda1abc02ebfcf2b274cb458daf0f4a81359d0a7c20f7d56a9bbd0540000000d61a8f47a9d84bebba938c155b45e6e2b662c66bfadd1de5d379675286cee5647675a712cc5e3c566c6003faf680fe9ff559df6be06d68092312514d8923e249 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b2ef99a408ca8947aa87eaf4c6869ba0000000000200000000001066000000010000200000004403f44f894e466e8fda5253a05365f406fe4e940e64f66fcf4b5001ddc9dccd000000000e80000000020000200000004a2d08c6e624137720ad8c8fd4a6a3aa762c4b55b949927c32983e2ebad43ec590000000cdeb471b6ef136d85e9fbb6136c277850e419fe080962d39602251c048587f9ad805269218ffca193940f41a2a829908e531e3b6252e8d45be42a8bc5e2ba491f6c36bb33bfa6c3f9f22aafd8fe7606713ba437d5d38d7ce50ff1bd54b0721978d9ca241d54f2963c870a733e0740a3cb2b260726d429ab5e6673824098392cd9548e6d14e5dabbfe0927575af81467740000000c06dd190efabfa8b53bd172d9f6eba562608aa7786f79afc5ab723a4f77ac9898b802b9c5045b9e2429c874a92737604e310ba5fcd652214291ed5cd7738c3ee C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 4030c51c96bdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424447368" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{443A3351-2989-11EF-BAF4-4AADDC6219DF} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a5ccc7f9712c791906a6b10d8c57e81e_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2868 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 js.juicyads.com udp
US 8.8.8.8:53 celebrity-leaks.net udp
US 8.8.8.8:53 syndication.exosrv.com udp
US 8.8.8.8:53 ads.exosrv.com udp
US 8.8.8.8:53 s7.addthis.com udp
US 8.8.8.8:53 celebrity-leaks.disqus.com udp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
HR 65.9.189.109:443 js.juicyads.com tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
HR 65.9.189.109:443 js.juicyads.com tcp
GB 89.187.167.4:443 ads.exosrv.com tcp
GB 89.187.167.4:443 ads.exosrv.com tcp
GB 89.187.167.4:443 ads.exosrv.com tcp
GB 89.187.167.4:443 ads.exosrv.com tcp
GB 54.38.144.153:443 syndication.exosrv.com tcp
GB 89.187.167.4:443 ads.exosrv.com tcp
GB 54.38.144.153:443 syndication.exosrv.com tcp
GB 54.38.144.153:443 syndication.exosrv.com tcp
GB 54.38.144.153:443 syndication.exosrv.com tcp
GB 54.38.144.153:443 syndication.exosrv.com tcp
GB 54.38.144.153:443 syndication.exosrv.com tcp
US 199.232.192.134:443 celebrity-leaks.disqus.com tcp
US 199.232.192.134:443 celebrity-leaks.disqus.com tcp
BE 104.68.81.91:443 s7.addthis.com tcp
BE 104.68.81.91:443 s7.addthis.com tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
GB 54.38.144.153:443 syndication.exosrv.com tcp
US 203.161.32.221:80 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab283B.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\Tar287C.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751

MD5 58fcbab2eac3eb15c2da69f496572a52
SHA1 46a80eea2814aad8e23adf603f4a4cf3217a29ff
SHA256 ec0d84a3e9db0ebcb01b2a9335d6e2af38c67befe7a8bae50d8dbcbd6a615e9d
SHA512 18557ac93f821b391caeb386f0b437b7e2c34c8c7f53c10547575a4c51734b6216f6947a45c70a17c7945ee8a02edaa3e45aa028616f64dedaacdfdc02e4c76d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751

MD5 822467b728b7a66b081c91795373789a
SHA1 d8f2f02e1eef62485a9feffd59ce837511749865
SHA256 af2343382b88335eea72251ad84949e244ff54b6995063e24459a7216e9576b9
SHA512 bacea07d92c32078ca6a0161549b4e18edab745dd44947e5f181d28cc24468e07769d6835816cdfb944fd3d0099bde5e21b48f4966824c5c16c1801712303eb6

C:\Users\Admin\AppData\Local\Temp\Cab2933.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar2947.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 300aed81012cd53fc77f2cbdb93978fc
SHA1 07be41f4030153e2eb8518322f6c86cdaacd27a2
SHA256 2f49c6d6b3828908320668f1a79a1f81d086b350301d8f2e1254adaebcd0feec
SHA512 adfb0bf8c15a140af9ff11aa5fa75c20bfe0a8899bae78380bc33d3f066f847f8e9357ed953bb1f626bf89f2c2c88d85c2cc92c4c03d013d07467d5938714037

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b8d8deed1e906850d049de406d6e09dd
SHA1 d3431122ebfffbfedc1550e30ded79d7ccd8a07e
SHA256 e786e932c5b9653f23e3895401c1e7cdf006d4f3dfecf4f4bd9a34cf06832d4c
SHA512 0b76868acb26e0ff4c7f23a963192f2186d591c514c113d7c0617fcbe7811e09f6a82482f9e7005416d52b855c876d34a2626e569b48df9138426732d899d7e0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\866B843652A2D09BC5DA0ED65E5264E8

MD5 38d9a7d6b1f5cd44f0990b9074d2a44f
SHA1 99a3555d61939e34aa9feedf940315a8ff2430a5
SHA256 cb55692ba30045c11df82b012d23a70616770843764ee6094867bc9d8c8899e7
SHA512 99b21f17e6ce71269bae83320463861304fee4d5652b9bd35107011cb9353c708a76a22ab8d671c54893658c6320841e0a33fb0f9e7a3729005b1c490f5fb137

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\866B843652A2D09BC5DA0ED65E5264E8

MD5 553d6e7f1ab802ed816065629e3da1ce
SHA1 a287f161afabb9facd978505a3b0a1ca3f497100
SHA256 eb788727cf1ef9f2b8225c74f31cf8331cfe8176944c58c9a8f01af34da9d47b
SHA512 c18e78f75a300f54f13f884048a1705ac8ad5a1bf5c34052202eabc1cb3d36bc23238fd293a565fb6cce50b422665f678615f8329ce10cc5f19a0344abd47b14

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f9eda771c7bd7b1db75c99dca920dedc
SHA1 468e844f853b22fb9ff3e2357fb95bbe13180afa
SHA256 0f994773d6d7944df1008b136520ca2fead0b2238d17ad077911b2045a79ba98
SHA512 f4df165094d1d1029d4410916cd50cd62d1eea774205ffadc90af946fccc0eb0dd28d5bbed79dc3014b0016a3233cbb7d283e453c76231a117acec1092f336e9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e56759545c23b75373ccc9519ef787fc
SHA1 3bf2f1f9ceed0a2acbb7f4d4d124d8b80e1ec7f7
SHA256 019aeab9feeddf412042cefc95b0b0e9bdf933157c8881e6ef7614c1dd9ebfdb
SHA512 9642f52cf669f858cddc9d19e81b99117f0c1dbc9761b05d632692eebe619db8a7907eb125339d545a975af2bee93cd8f244c9e75e6b74f81646c5b1b1afad10

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OORQXHVT\ads[1].js

MD5 5bf11a14a06c7782e54ff17d882f94d6
SHA1 6bb7a5b5ceae064acebd6fdcaed0787a03c458d8
SHA256 273c95ab65884bfb12154bf674975fa538719d095fcf78c27504e52cb391c68f
SHA512 1bb92b93fc5a5b95a32404c4d811f2e6a944ea48143301da804ca3fbf39722065d44910707c68d71878ba90472ef993de2bcca7705418a60089d70d8a51e4b08

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OORQXHVT\ads-iframe-display[5].htm

MD5 a07ce70af9ccb6eb59692e89cd414f99
SHA1 dee7919cfc320f86f1722bbad04116f2f5678160
SHA256 101d99d2d77d1822eb4ba5adc241d1f002c7841252b0fbbb175a1243d0452bf2
SHA512 5b3f62b92400044be00420386eeb5220f5b2309248d48788f8f9f69b99b486bd653f6ba7ff5b81409be9c23195d288112b58cab65820dd2241762c0abbd4aa28

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dbce4b75ce15d6260f63e67d2e12e2b9
SHA1 eb1434dfbd60e7a8f48ffcff8194cb16d4abcabc
SHA256 b15a17e0e691ccea6e13ecad55c724c9a7d39f2a4b3b36d8c2a375dcda853436
SHA512 3b520e27b8921f0c762a3c5b88a58d72bea26c780f20c6ff01e0bb26c0f2a1198ec31bb303eadc2eb0b1417f9ce220a551bedeaf70906ab7ca13908aec76bc7f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 222c37526c511d35219751cf26c2a9d4
SHA1 9cbf94a0839c88518bc3050013454a93bae450e9
SHA256 5b774cfda9229df4ddb220e5ff74b87d00cf1e889c72a904a4cfbe75e406ce40
SHA512 230a048cebd914000edecee68a7b0f8ca9e7d49b66b71fe7791ea95d3c1cc0753162334963ffee4675db90db5dfd7099f46933da6b68033f5b45f5f1cfbc5b70

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4fdd061f6ed70d662a6f5e0e7c0c9d54
SHA1 565acae5d57d050dc088d1d49d097e4799cbd993
SHA256 98e3bb07b5302085b2afd8e0ea526968f36730cb126a3a2ebf3946374eb8c93d
SHA512 6eb816d412da564fe35da39712ccbbbe748af3294d431cbd93d44458a7cdc5502ca9c4380e2cf55cf72a655a952044ce31fa76d6bd8c196d8c8dc3a4d0c9356a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fabe5e2f147f1fbfacf98a946d22bee2
SHA1 30afae0195f7e68c03763f319c1a507daab7f7e5
SHA256 1a986c7bf849d2492299457e496013e8fecbb522386de41400b1878f6023aa46
SHA512 9425e4c38869d39ed0f7a1c80d747f948336267d19279248e3843148ef69d9f6b5e5a6f07a91abb89f8cfc53776385c11881880fbf6379986cba9408ccf54516

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6ec219c4b9da2a6bf507e916021cbcd4
SHA1 38ebbd4dbc3b64838837c368442741150ce018a3
SHA256 e30094fc1798e8392561163ca03c6a18b441cf64717c19b58d7f8bce5989415b
SHA512 7faefcd33e9c193b9f32db58d11c403ec15104ff05ddc0b6df7a6f7409c02daf1a6010909477ee6912fe39591d0edc3c254b9e2b94e5bc9e4051414684bf46b8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c2c3d86a986ce1e56b5ddcfe2b1b140e
SHA1 7334e9c061102b505be4053f9860bbd1f2921003
SHA256 614d4ecb152afba0a0f950c447995820041241109a979a31e3fc8d6fae029424
SHA512 5200e119a00bad77ca522390ee7ce3550971f5a545e1b062bcd0f9a30d65e80f3342739a3e7d5a0d719c700899194a92ed0cae3727089a29171df2d663f9bb41

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0c89da1b146a3592a4267809c1da674a
SHA1 07fe62d70758849cfb135e029d1959bfaf98300e
SHA256 3c44e5000c3dc13c2377e0ba64f5dac8363ea99b37c28d3d761dac457e8fa072
SHA512 d98540b04439bc2f62b1b3aa55c4cf04d8e541eac658f7aba31204f66010058e4b17b7d176f9aabd75baf5716c766a0cc62b57e544ad83878b74d0bea52848d4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1f7385cebd3a59a092df9be392505596
SHA1 88a1d88275786c40f71758a11f7c4751b2a34bc1
SHA256 0837a1327972e3db9cc2912ca4a041f011ffa69f37a89fe1cd01fcc64020b069
SHA512 3beb7aba7232da7e8c7c2c374d8df0c341c74cedb9221376a457680753ecf42d23747694d7c148a3b47f56190b677dd4900cdb7059e682ec2b3b2f08e131a895

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 db9ad9aa1de14d3377c66a942438863c
SHA1 51416199d7dff3bc28122243b7cda1865fa4becd
SHA256 c053dfb6219df91429f9dd3763fa752072e8f603960285474a460aea27978757
SHA512 9f8e2f18db91808a283ee13ee3b14a287a86f9370567645225c59e224931ebd6dfea15aa25d5d8a0e0db31d630aaa599fad653583e0f47ec96ae0f533cfcb03a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6239a626a948ad56b247518cbf3a72eb
SHA1 874171cacc388459be1168ec7315aee0506f49fe
SHA256 041618214b8b9090f4e4d7dab7d7711037116f5372172bb93afd03db1cd14950
SHA512 62469d13579411b03980e995d529974fe8329b84307558aa134bdb4a8fe2cb4bbfba7d7db29b2cfd31d92e48095ef4ac445f5d444246de496c4edd223778eaea

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 64eaceb8e60f7ecdd4baa4e16e4579e5
SHA1 470843842f44ceaa6a4f82be67033867e6b04ef7
SHA256 53172d1c864f8a0649ee5e08b6122011abbb83eff5560bd353bfbcf8bead118c
SHA512 0b1f31bc256c5a231e7e8894dcc05610aea7ea61e6f3a0df480968e481f9080479ea9dcf6a1f8ba1e1dae53b7cefad8bbdb089eefed8df1a264426fcfb8469ee

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c0196ac14ba4fdbe1137b4dd206a13e5
SHA1 241fae4a2b13f34a70ceb13ccbf26fa7b85e350a
SHA256 b635fee8354525fb0451ba6b167d9aae26956cf3b5aaaa69a3625edaf2b94e97
SHA512 d1a738a41f554532bb5d497964ee1ff490a97521d3150650a528c9056ff7ea122c20fc45cb24ed34840194ef591180de44938ff62c54263965057707e4d5ae18

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0ec8155e1036a6deb5ed42f94b5ac802
SHA1 fc56ebef8e5fcf0b15ef43a71cb2d678226d64fa
SHA256 456e69ce7d702b0bbd1368aa4e97549447fb20a68078ac57178f5ff97460abbf
SHA512 67dbb9ddbeb031c665537228656e312e10169dcf118ddd7009a43c1dbc2d8e9f36a9d3d2db8823c2609ab4b10096b6271100fba6e31a08fca4601d9e1898ecdc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e897cdbbdd9fa71b8c203760ae61ad6e
SHA1 4e3fbe1606062fb71ababbcd338a73080f1e7b31
SHA256 1588e56c842534e257edc05e7b9b8b08f86c6d3cd55f22b970c2222a526ab516
SHA512 738683c51cc773c2c2e1f59b26d3febaf527475148d0ad3822abb7c3751ff615a5c9e28a8a2a83ee6f567b3fe5455be35d77bfa638104ce1747716b95cc0ff1d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f697951ecc7f3af05807987be9f1e27c
SHA1 c003804f4ee8dc4a1c0c7b4e43516cf75d9c1012
SHA256 f0d1fc1f65c1a378cdcd0db2749be5dccffc7ec4dbe99210364bed2bb63b1eb9
SHA512 06e91428a42ce38d5ff13c78ebce044e570288271154453e84dd2cf83d770383c43ec3346e6cd63addfaead273c6d25c9ea31580ac9c0d5c814167b860807b62

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bd23299a408f177089e202a84b54e0e9
SHA1 0453a13fa7e6ea3d4e3d258cec7e666c488eac1c
SHA256 8b33b4609b06085195ad6a72080fe596226bfeee704210add3515c40905c049c
SHA512 8b161c7a83a76578bce3c49a2a9d04ec226ccd862a1a8d137807dae8196fd60875cd9ebec0d8a43a39e5d0eb3ebf64ea50ab043b5eb8499ba56fe2034bcf7e49

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8e0674bbc58b9024c070f63074c50ad7
SHA1 63e4658689011eda90d607e987ba815ee6af4cff
SHA256 cf4234bcb5a3afc90b153d3ce76991ba5978a1cf96fb7d4a395611150c8dd61e
SHA512 d48beeba5ec8e3b548bc19a7a6fc19304cfa45e00b2e6cd8d937aa491f6d22f0bc6aa07586444d0c8cb0ddceffb168031bb864358ccbd964b022c53ad3f6906d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dd2fa8e572321762e43534429efc534d
SHA1 9c862a11f90ce8c852451795348594b4a07e867c
SHA256 1746c549295e6040dd5476e7b4f158b8f102050b7f3cf9b0b6d7b6ea183344cf
SHA512 e6d47981b9f4831b11a1ce9545023345c412f4d99f245993b1e74a9c849a9dc61b18abb7c81bc40a6df5444a35c988abaacdd4ef6688dd289585af072de4842e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 69596fc015530eee029b3e26a59b8021
SHA1 d516814e1dacf88e704f70131587305203e2951c
SHA256 2732e27e05bfdbb17fde84ee9b818570ca0d9c093d11ed350b026cf4d812a741
SHA512 ed58e810e091625be87991365ac14f6d7a7fa28e6fe703d8c90661b7024cd8d4c5349b4b386db784f4c26819a8efa377a31c3fca907bfa9077001590e3547f88

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d66a45835a560e65f669ddbae9b24959
SHA1 ad235b6d9e299b8d2009c1108c3d0f71ff265c61
SHA256 663458adbf9502b583a1ec3d69354029e9d39d75ac06f4ea78bc63839fd7972b
SHA512 c31b2bf8a6ca6f8cf78cb9ef01f2c0bfab7fea0c986f86fda8a2cf5fceca314384b23fec3ffd84b1573d3cccf763c108568b545f50935a67d74f6e82a1f5551c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 57602508a1ddabdde55cdebc9605e728
SHA1 3212d5d6bb609e2e0045d0d8c62404325e763d36
SHA256 0a5c43d694a7572a899a1c17c648028f8df64366261f937deb2596a7e816f62c
SHA512 3f28acb44be2e8bd58f33814e833b74e1323eed31a800798d5735409a6fe77e9b3f133ba7390f371beabad6fa9895dbc8d10856e395a6b924942d333a568537e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5e29d830255271c2351e8979892968b6
SHA1 e42be8781dc7f4686adcb6728930de9b6942e199
SHA256 8dbc55baee1f7d9c267922b2fe0fd386c43d51b8bcc35177df49a376ad8bffa9
SHA512 ff7741eb6ab728a3df36e952cc7f6012b328c6912cc1e3d540c5932c34d0965f2632c8a0aeef88d780f007ebf57ae051bb3f87d58e846d6b5feb628b86085ce9

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 13:31

Reported

2024-06-13 13:34

Platform

win10v2004-20240611-en

Max time kernel

131s

Max time network

143s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a5ccc7f9712c791906a6b10d8c57e81e_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a5ccc7f9712c791906a6b10d8c57e81e_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=3976,i,3595107284059830391,18018199024659337217,262144 --variations-seed-version --mojo-platform-channel-handle=3904 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=4044,i,3595107284059830391,18018199024659337217,262144 --variations-seed-version --mojo-platform-channel-handle=4588 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=2704,i,3595107284059830391,18018199024659337217,262144 --variations-seed-version --mojo-platform-channel-handle=5364 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5372,i,3595107284059830391,18018199024659337217,262144 --variations-seed-version --mojo-platform-channel-handle=5440 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5384,i,3595107284059830391,18018199024659337217,262144 --variations-seed-version --mojo-platform-channel-handle=5576 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=5956,i,3595107284059830391,18018199024659337217,262144 --variations-seed-version --mojo-platform-channel-handle=6044 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --field-trial-handle=4868,i,3595107284059830391,18018199024659337217,262144 --variations-seed-version --mojo-platform-channel-handle=6340 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=5696,i,3595107284059830391,18018199024659337217,262144 --variations-seed-version --mojo-platform-channel-handle=5836 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
IE 94.245.104.56:443 api.edgeoffer.microsoft.com tcp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 13.107.6.158:443 business.bing.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 56.104.245.94.in-addr.arpa udp
US 8.8.8.8:53 celebrity-leaks.net udp
US 8.8.8.8:53 celebrity-leaks.net udp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
BE 92.123.52.36:443 www.microsoft.com tcp
SE 184.31.15.35:443 bzib.nelreports.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 76.234.34.23.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 19.53.126.40.in-addr.arpa udp
US 8.8.8.8:53 221.32.161.203.in-addr.arpa udp
US 8.8.8.8:53 36.52.123.92.in-addr.arpa udp
US 8.8.8.8:53 35.15.31.184.in-addr.arpa udp
US 8.8.8.8:53 216.197.17.2.in-addr.arpa udp
GB 13.87.96.169:443 nav-edge.smartscreen.microsoft.com tcp
GB 13.87.96.169:443 nav-edge.smartscreen.microsoft.com tcp
GB 13.87.96.169:443 nav-edge.smartscreen.microsoft.com tcp
GB 13.87.96.169:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 g.bing.com udp
US 131.253.33.237:443 g.bing.com tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
BE 23.41.178.83:443 www.bing.com tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 8.8.8.8:53 237.33.253.131.in-addr.arpa udp
US 8.8.8.8:53 83.178.41.23.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 13.107.253.64:443 edgestatic.azureedge.net tcp
US 13.107.253.64:443 edgestatic.azureedge.net tcp
US 13.107.253.64:443 edgestatic.azureedge.net tcp
GB 142.250.187.202:445 fonts.googleapis.com tcp
US 8.8.8.8:53 64.253.107.13.in-addr.arpa udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.253.64:443 wcpstatic.microsoft.com tcp
US 13.107.253.64:443 wcpstatic.microsoft.com tcp
GB 142.250.187.202:139 fonts.googleapis.com tcp
BE 23.41.178.98:443 www.bing.com tcp
US 8.8.8.8:53 98.178.41.23.in-addr.arpa udp
US 8.8.8.8:53 prscripts.com udp
US 8.8.8.8:53 js.juicyads.com udp
US 8.8.8.8:53 js.juicyads.com udp
US 23.235.244.224:445 prscripts.com tcp
HR 65.9.189.110:443 js.juicyads.com tcp
US 8.8.8.8:53 110.189.9.65.in-addr.arpa udp
US 131.153.42.228:445 prscripts.com tcp
US 131.153.42.225:445 prscripts.com tcp
US 23.235.244.226:445 prscripts.com tcp
US 23.235.244.212:445 prscripts.com tcp
US 131.153.42.227:445 prscripts.com tcp
US 23.235.244.227:445 prscripts.com tcp
US 131.153.42.229:445 prscripts.com tcp
US 131.153.42.226:445 prscripts.com tcp
US 23.235.244.225:445 prscripts.com tcp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 prscripts.com udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 www.rsguboxyb.com udp
US 8.8.8.8:53 www.pzopzjlhqbkgnp.com udp
US 8.8.8.8:53 syndication.exosrv.com udp
US 8.8.8.8:53 syndication.exosrv.com udp
NL 95.211.229.246:443 syndication.exosrv.com tcp
US 8.8.8.8:53 ads.exosrv.com udp
US 8.8.8.8:53 ads.exosrv.com udp
GB 195.181.164.19:443 ads.exosrv.com tcp
US 8.8.8.8:53 s3t3d2y8.afcdn.net udp
NL 95.211.229.246:443 syndication.exosrv.com tcp
GB 89.187.167.5:445 s3t3d2y8.afcdn.net tcp
US 8.8.8.8:53 syndication.exosrv.com udp
US 8.8.8.8:53 syndication.exosrv.com udp
US 8.8.8.8:53 syndication.exosrv.com udp
US 8.8.8.8:53 syndication.exosrv.com udp
US 203.161.32.221:443 celebrity-leaks.net tcp
GB 51.89.185.237:443 syndication.exosrv.com tcp
GB 51.89.185.237:443 syndication.exosrv.com tcp
GB 51.89.185.237:443 syndication.exosrv.com tcp
US 8.8.8.8:53 syndication.exosrv.com udp
GB 51.89.185.237:443 syndication.exosrv.com tcp
US 8.8.8.8:53 syndication.exosrv.com udp
US 8.8.8.8:53 syndication.exosrv.com udp
US 8.8.8.8:53 syndication.exosrv.com udp
US 8.8.8.8:53 syndication.exosrv.com udp
US 8.8.8.8:53 syndication.exosrv.com udp
US 8.8.8.8:53 syndication.exosrv.com udp
US 8.8.8.8:53 syndication.exosrv.com udp
US 8.8.8.8:53 246.229.211.95.in-addr.arpa udp
US 8.8.8.8:53 19.164.181.195.in-addr.arpa udp
US 8.8.8.8:53 237.185.89.51.in-addr.arpa udp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 8.8.8.8:53 s7.addthis.com udp
US 8.8.8.8:53 s7.addthis.com udp
BE 104.68.81.91:443 s7.addthis.com tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
GB 195.181.164.14:445 s3t3d2y8.afcdn.net tcp
US 8.8.8.8:53 s3t3d2y8.afcdn.net udp
GB 89.187.167.5:139 s3t3d2y8.afcdn.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 91.81.68.104.in-addr.arpa udp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 8.8.8.8:53 celebrity-leaks.disqus.com udp
US 8.8.8.8:53 celebrity-leaks.disqus.com udp
US 199.232.196.134:443 celebrity-leaks.disqus.com tcp
US 8.8.8.8:53 disqus.com udp
US 8.8.8.8:53 disqus.com udp
US 8.8.8.8:53 c.disquscdn.com udp
US 8.8.8.8:53 c.disquscdn.com udp
US 151.101.192.134:443 disqus.com tcp
HR 65.9.189.15:443 c.disquscdn.com tcp
US 8.8.8.8:53 15.189.9.65.in-addr.arpa udp
US 8.8.8.8:53 134.192.101.151.in-addr.arpa udp
US 8.8.8.8:53 134.196.232.199.in-addr.arpa udp
US 8.8.8.8:53 c.statcounter.com udp
US 104.20.94.138:445 c.statcounter.com tcp
US 8.8.8.8:53 c.statcounter.com udp
US 104.20.95.138:445 c.statcounter.com tcp
US 104.20.95.138:139 c.statcounter.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
BE 23.41.178.41:443 www.bing.com tcp
US 8.8.8.8:53 41.178.41.23.in-addr.arpa udp
US 203.161.32.221:443 celebrity-leaks.net tcp
US 203.161.32.221:443 celebrity-leaks.net tcp
BE 23.41.178.107:443 www.bing.com tcp
US 8.8.8.8:53 107.178.41.23.in-addr.arpa udp

Files

N/A