Malware Analysis Report

2025-01-19 00:36

Sample ID 240504-wxzz4sec2x
Target 13e9be4756aa037b5693dc6cc9a14be2_JaffaCakes118
SHA256 c42eb4f9e30b38069a29763d36ce5aa5c0fe3b0a21920dd044c98ceee6521e3b
Tags
microsoft phishing
score
5/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
5/10

SHA256

c42eb4f9e30b38069a29763d36ce5aa5c0fe3b0a21920dd044c98ceee6521e3b

Threat Level: Likely benign

The file 13e9be4756aa037b5693dc6cc9a14be2_JaffaCakes118 was found to be: Likely benign.

Malicious Activity Summary

microsoft phishing

Detected potential entity reuse from brand microsoft.

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates system info in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-04 18:18

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-04 18:18

Reported

2024-05-04 18:21

Platform

win7-20240221-en

Max time kernel

135s

Max time network

133s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\13e9be4756aa037b5693dc6cc9a14be2_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000112dd71d930ff24b8b2b71a2c228122b00000000020000000000106600000001000020000000f63fa964e5dcea584ce70807cec6c3cf9364b2769ce3d3254335052d6dac2e83000000000e80000000020000200000008e4fedf9a88aa78da186b22b46a98a153b8f0890aa6b3e1df9b75c3d8a418aa220000000f2fa5793cacd7e6be10e1783a09e2ef97938c32f00c485f5c89a05768ba0b94c40000000fc5beb7f113e5e6273a745457f415981fc8febeb54dd3678046f3c6012c65a605a029217aabc34a3231af6f050a5addf341802cdc9ff4ef71e04fb464f032cfe C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000112dd71d930ff24b8b2b71a2c228122b0000000002000000000010660000000100002000000073fcf20dc7c14f5757d5b340aa76e9b7c079cdd1a3253ba3368282114aedba54000000000e8000000002000020000000e9000544ca7ada233f2d35cd6acd35c9ab16b8b668c95c91fa871d90cbcd5daa9000000009743e47dfe12f3826ecfbb2ad58ebac19cc0a1e5dfd80c6e570c2670b9931ef7ba96f96f7610eed6a70ebab239ba723cc5ee37edab7e543dc40394a389c0bdab1008d5a164acc00cb21ada59b5a400e88d2f660b7ad2923b223249fd8aa85981f496429910fed5c69c8fc2fb295e70aa8faab4124cd4514fa6f05dc3039772318912cef43414e664f7e35dfcbe0fd5440000000c209ca34fbcde53ddf472077aeb44c2a8d461e402b0061f1e92e702682627f1d1e6b2f76c80ad4c7bb735f58ed88edf4f1e32f9f33a4a803cb9aa3da545f92d7 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 4033f39c4f9eda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C2136141-0A42-11EF-B35F-5267BFD3BAD1} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421008600" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\13e9be4756aa037b5693dc6cc9a14be2_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2140 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 secure.aadcdn.microsoftonline-p.com udp
US 8.8.8.8:53 aadcdn.msauth.net udp
US 8.8.8.8:53 ajax.aspnetcdn.com udp
US 152.199.19.160:443 ajax.aspnetcdn.com tcp
US 152.199.19.160:443 ajax.aspnetcdn.com tcp
US 13.107.246.64:443 aadcdn.msauth.net tcp
US 13.107.246.64:443 aadcdn.msauth.net tcp
US 13.107.246.64:443 aadcdn.msauth.net tcp
US 13.107.246.64:443 aadcdn.msauth.net tcp
US 13.107.246.64:443 aadcdn.msauth.net tcp
US 13.107.246.64:443 aadcdn.msauth.net tcp
US 13.107.246.64:443 aadcdn.msauth.net tcp
US 13.107.246.64:443 aadcdn.msauth.net tcp
US 13.107.246.64:443 aadcdn.msauth.net tcp
US 13.107.246.64:443 aadcdn.msauth.net tcp
US 8.8.8.8:53 portal.microsoftonline.com udp
US 8.8.8.8:53 aadcdn.msftauth.net udp
US 13.107.6.156:443 portal.microsoftonline.com tcp
US 13.107.6.156:443 portal.microsoftonline.com tcp
US 152.199.23.37:443 aadcdn.msftauth.net tcp
US 152.199.23.37:443 aadcdn.msftauth.net tcp
US 13.107.6.156:443 portal.microsoftonline.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\TarDA7D.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\Local\Temp\CabDA5A.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\TarDBD4.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\Local\Temp\CabDBAD.tmp

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d9ed0c292f4fc1c579767d128ec59955
SHA1 4add88e7390f40c8cefef6f1999da60ffd83ebee
SHA256 8e448fa1ff97d461af14dd62f472f338e2bdd2fb23641ea412784cfb0e215ffa
SHA512 23619bed007aa83a78a9461340445ef2c2b809ce35fd4340ac1f20855acf991a435b98eab1e281d34ee54cc27ab7843f64268e781b2dff04601862b4af95fe46

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 114265712097961cd0a9ab70280c2a95
SHA1 38e998e276a87d0e3c195d060747d371fd6a93fc
SHA256 e4886e9a096a62857eadda9e1a8065d974c020e7ab96bddaa11a3cd42086e7dc
SHA512 27a8f37eba3cf742de4277af11c2712f98b8d0e8fec01bcca1e82595378c10c6544c2350ed04bb2c23ea5c35a144259846ae6c79a4b70065550ee9549495a80c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5cea436a8db40eb95bbc24e34b40322a
SHA1 b9ec1814adcedce5d81fd5bb576419e7235a6ddf
SHA256 511e0e6562dc66b56a05305b5c8322717a20a01d8c16d262760a9f10989f7fab
SHA512 8b42655ceb8f406c1ead840257237b6a68bd09e73c46248494d5dea233371b0dfe83d7d704bc41d2f964dd750060efd6b0f13f4fc599f8159b7b25f4c26c98eb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f8ab1601c03f81a6d01c4b91eba15a18
SHA1 c46a8ff2774592ad61bec43f0ab001b3660d0669
SHA256 8b1e844c4e4617a6061d66210f929cd2009bc8bb63b1b23677573ca9c04c4f17
SHA512 6d6f48bd9f090bdcc4723b5e391d24ead2d4f43431c0bcfe287a294ea497b8c539d5bd71dfa2159b17458fac0de33dae96a502944bf057c0643c161c5c825ee1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2ddb4bb7140a5c3a173ce5b6fbdccfcc
SHA1 387ca4a0a0ecbde3f8b6e170e39d7571057c0fdb
SHA256 b2a772ab1b3daf2be69c227339ab5b877c03f315a1dc4095d8cfcca28effb9d4
SHA512 07a7e2d474550a18bef4fd9e049accf94f0040e23b8bd9a5f645cd6b961153ebe9d0627b60fd17e4a15a2d8319a07d157314d4e2e4b86d2ef46424d3d7fb0feb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5ea0fd6cca06792d952186cd25166baf
SHA1 fb767628ba8c628a9f5d3ccc3e7602c7a2456e53
SHA256 18d9525c171203b9b5ead2202a13ccfec8dc1b138f19b1d40373bebc14a48c86
SHA512 3d6e4d218d7269b3b818ed5b3d8fc55aa0c7af68e7fedf0f3765350e5c706718678904bfa38f4948fb92c4919079aab51402c8398cf93db0d51570c02134a307

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 08c15166009d8b24988836bc38a68f95
SHA1 7989dc703243813818a11172021a22ce0ebb4689
SHA256 96e44dd819fd4d052ec5fd4022e4d5d421777bc0b2eeb61109eeda037962b3fb
SHA512 5138c4d481c6d8f9653344031d474ef1a955339004cdb25c3bb936338a464a60d13bb32489b63f7bae16a25567f4bda32cf2ba1011a63eff9bec7ae99af0a357

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f5708a1b1d6d4d43270ca8bcb84f67ea
SHA1 dc9cca5a4f2dd40aeafccbfced9adea2683008a4
SHA256 912abb9636221714814f76dd511ca7ab2e148bbd14d61eae24a9c3bf3840e7b9
SHA512 6686749528d7c63ce72fd583524462bbc6a6ff41007987f9c62bd034a0a4e89b40eedf2385e3953ae5c5d129549857a028db03d2dc91c4f68d9e943030b13890

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 093535974dfec21b59cdce6bdce24cba
SHA1 eae4ca6475bd0f608aae99699ea9a9c778dc32d5
SHA256 8ae03c6df83019a5048dd728b1991b08ccd5b972919f162ba4e64b51bbd1ecaa
SHA512 2e1694db7749404ec54d41811a9e9334a8b8108956e9a6a33e91c8d492e18fe0a3e464489629bc698a1e345e45ee5badf56deb215c9298aca3e56b9958b4fcf1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 124dda319a9440b54e045c3404a56b94
SHA1 3d57951495c4b6777b2e7619ed6315e1275d70d5
SHA256 dd3def5d9fa432f4ea8c5abe433b59594be7c639b7a0f5fd9beed6ff361401c8
SHA512 f868a5a9a8e74982194a7c8cbaca0a102276f23251b7af2d9924283889bccdd28c88dcd1051280cbc8adf9f049732dff4fe07b2ee57403273553f77a6b21ca9c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ebfa3d77c20f269a8ae6f677140d7242
SHA1 d7c25db0570e300a8ed5bc8a6f7d386ec0d2674f
SHA256 9a044802813a5a49b54660a6687395e86fd31a5876717a4e362f770635ebde90
SHA512 b5e2bd82924fc17dba4b1307dd4613eea222ad43a76a6e69c7737ce11ab3f6f25e1a104ffeb614baf944226c8c298881485ad4c993e5d68050c46c4586a84b9a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 527f173b5e116086a42d47c85a40976b
SHA1 35b4ce64eb54dcaaa1602b7de708585513681df7
SHA256 a3af6352765e6b628be106a7dffbce5c2572ef28d4c407da4c4cd58ad0cbdca2
SHA512 1dd74f54b398f21fde4db75293669976b50561e1b89b8d0dc42f6cbd8c8249107fa4d44a68a4037a1d433708a8dc6cdf4e2afb7e9142efcdb0f6b2574ca3080f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9951acc7e2c272f38c6480a1e16cdbd5
SHA1 28883cce88c3b82c11e0d1c06c70dbd379ecedd5
SHA256 732fbce961864e0694b8e624c51cb4a8fd606a9f93ef3354f2fba3fe795c4039
SHA512 d0634a579208bf24b797c720f6d9baa92fe660c92420c9a1843b5d3ff2911b56dee377cb53d123fcc342645ed90cd309a411661f9c50bd7c3bb4b1a2e374dd1b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 19f9749fcd085b6ed52309039c6a1e58
SHA1 90e89f0bf831a694aeed28f7a1b929c49fa2d55c
SHA256 eddd6a00f0feb92b99a573a00b5ea9e612355135024b4afd7760973026f9ab5d
SHA512 475bf96b32f9881c32295249de150028d7cfa3e841feb015e2191bac580097d1427dd4f3d3428967bf73bd8905b307b19b4a26cfcaf8ea2326d9284d342479cb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9f5b463f185abee9baa6efeacd90430e
SHA1 3886ba0d5bc1ad74873dfe063e522e9e23749ee3
SHA256 2651ea51c75bfe1814be855f07af71499dd27c76d928c5095a0ee6e9b6321262
SHA512 afec2fe02a954dfcb26afcf10edd9e5eff9cf68a1508b5b0919e868cd250cc77085b7a004cc3dc038d3449f039789aa1f33bf6192e628ae0b989d1e64c415284

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e62a1c6648173cfdaa1095950821cd4c
SHA1 5673e590e690df831e92c1a16a799e5f50198300
SHA256 8a3dafe2b38b6f7db16a6989ef5fdcf5c0464121ec4c8064db803e8eab26c859
SHA512 ce5a925df7a4ea907a4540fb3d7a5e03afde983088468a5650c370018346e7c30ae9d90aaafe7df31d7690f19a3e4e75f434b6aef271bb52eb2f5a07ea6f7c32

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c7185cd523a53dac97f33f9fe6fe6c80
SHA1 d6a52fa90a93f38c4803ad1a2176b2b8186b5d33
SHA256 c73ebd60b585eb25eee6991b022b20e10ca4b1a8e466b61f05c1c00a2f4dfbce
SHA512 ee032a33e0c96f5161af21387647c00b40d7b4b6c9c7fea18afaf5094e1271934e8c8fa4192bfa3f2ac72668c00841502ac65e97175a13748efee51cf5183af9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 453c48975205b4273e6a7c9e997783bb
SHA1 81f3da5d5ba2d4d6c4cc2545772b60ffe93159b8
SHA256 dbdc54202bde8026ae9f8e5286edd50018d3d5fa8d6eda558cd11bac586aa52c
SHA512 b3ae4c018ded3131081f102353ae9899d7d05a8584723040e83a678a58c474d4963c94584c8b22c085a3a7d49b53caa5e2d697cba86e6444e45a985677440254

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 60bf3ce11fde79c1963e6ebf6d63065f
SHA1 dd95cc2d47424858d2a42d621d3e6a4498ac5b83
SHA256 b6c28d23809115d8c34f38da8c16c9e78a65aaa67a462346cb8a9a1718003a67
SHA512 92a6c8e1aed8bcc7a9f46f25fb07164b747bdd9786e2d6deb5adebcee6b1c0e3c7a16616afc942c5b511058f62f2375bfb3f18ec852a2cc8f72e4dc6995b6920

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 169118afe864f734345a6652836860f0
SHA1 2c048b8cf3960ee79fb2f14473421bde6f93e5b5
SHA256 6ee60a196a63663aea59af9316f667a5fdbac8a16f960e9fb096e70409bbfabc
SHA512 f08f6a310308c6389ed2d6209b3899a03082f49b20436e90a5f2f9a1fa7b4379d4d07e5ac70606a2e9fbd0ec61483ac0db2da219a82a27d084b7706431b25164

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4b7dac1e013caa9a3e21ce36c9cca08c
SHA1 3e065e6ceae37a9725a2a5a4b1a7ef517c24aa85
SHA256 c6b7c0cbe3867d72ccf29c28af77a8671ce1bed2dd5c037474af262b41e80ef9
SHA512 2e7c8cc554db9f9c28685ff83befcd1b4c04fe109b0d5c4532abba68a45904a5445f65050cee233e3f252897549ce6471093977f4e30318854c7978fc45b650a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 00cc648070d1a7e7ae3fa642c89897c5
SHA1 6b0c0db2092a1e96d8652db9a24d14e7c0e5d378
SHA256 13f46a059b7fbe783d1a3f1cd1977e0a9f9aa6f77517abda84c2ddc452909095
SHA512 ed3c694dd997afec1891add1e92f86386c9c919327a924e699826f1e3de7401dff856eddc8cfb08780e9924c825b3a96d1c994763f4ea88bed48d5187d23b8aa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ab3cac8577bf638a21129e78755e01e7
SHA1 f3c777a06aa8eab5230c5b373a3ef82e3bf590c7
SHA256 31c2a1c8660f396551d33969aeedf1c17eff9414c6546ffe7c7977fa92094e4a
SHA512 c7c8fff817fde4cf88bb6a75c7f6d867eef430a20020862e3bac88fc858df574bb435456f608c1c2d67558000c74b5a9b8d5f28849cf4e139efe8dcce7274751

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 25e50405f890f259f910a6fa53c38aa6
SHA1 6002583764a98a45a895008fe6f1d35c529b6d89
SHA256 b977686665872bfdbd9f37b984886c69b1759aaaacd95a5f157d7345259902a1
SHA512 5ad06efb06d44cff19148ab64fbccef5e9fd76650d72ed3f4636489696ab25b4faaa9ebf00320db8872274afdd0987411d8669799db8eb3d6b01fb74ec5eb4e5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 454b5a6d04bc56867b739f1e41654ab6
SHA1 8a6ab6b5cc1d144e74f777c638fa6ec389f1057e
SHA256 924c884977ff0ec8839e4f368e8bcd12d7f8a3983c2f868b482dd0afba1f16f0
SHA512 d4f7c72f8609788ed7eac2b40cfbc2d68436aaed5bd2fd656e8777ca9a3d6c8410d88925cc47d8f4fb9b2d682262eb2ed10050f17c1e2b687f51b5a1895fbafa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 40de9694c2077f5731551136d2faba6f
SHA1 8865ba1a7f9b80c7087e29427007c39596458541
SHA256 4fff69aeea9bcae6fd8a8a410d75fa4a094b246f643f28635d7042c0f4b150ff
SHA512 f5df2663d693f8f7b15f40530c9692350c80ca195c3606d5864a64215f2d52ca3fd69c1b828f6c73f1797e9157818282379086ddf4d6d2e9e8bc388cffa27216

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 99daf9115f3a7059548e98cc57a9a134
SHA1 ece0da9222d92a5ed0f20f621662efe8c7009c49
SHA256 1a474ea297594d331690ddbaf4d4b24f73cd7a6e2f9b7cb9fff8b0bb2cd60dee
SHA512 3ed1a5dbc10349c01be1a4b7909e717f6c5b73c9b7446d443327aad4a1d486085a19f690f1e7e53b290e096fa768264fd10a7d3879247c201b6da768c3756a13

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f72985bcf5b0debcc821b1ae086eafd3
SHA1 94fb43eb080a8e607dbb6eaa7f2b1fd8561eef72
SHA256 132cc4d1df77f29bc468ffc178f2efafac761cb834595faad7111d9197157381
SHA512 f9694c362d4ca0ca99157171d3a03051d83562729bb5a9eb7695f4816e8f5998bbcf0621b65ce20093ede63c1e1f183f735e125c6e9d0c6a4cc55cecded982ac

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 48b70e78454e09c569eea090bf07e876
SHA1 5dc581e54337a517f14b7d8fdcc63f1b05163522
SHA256 6a77d315d2c3f989556953b1dff4745043ab4d704c32ccab67a9f1c73bd21007
SHA512 4e1bdf56dd9a074c3069c946217a30b41b546a37fedc4753b79e0f77cddfff325cbe28ff45d4918658a9c135f2f28bd8b79b4d470e4784c1e1a5b9ba928b4335

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8df29bab31a876b4c2c004969149b3d5
SHA1 a20903ed7fee8fab9119262e9b67608416fb688b
SHA256 1a5bd2c47b300462f0388d43308490b8e8bccc420914afae415762287c9f074a
SHA512 b1ff8fce9a97998750ad58c4947f1671173a7581c42f2e002a65603c4abc3022abc4649fcbf53bc2c7b301fcb6602f87c1b27a81c3c7fc5b6e06171b372d5291

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 34a606a2fe7bc42a28fb983b9d68f24f
SHA1 15a0810533e12bada2545772913eb9dee1533021
SHA256 698015a782b36f528b4d1ce7050d0e537bf428f7a90d2680c2cfa0a463bddb06
SHA512 3a63b2759e60eece0521e8238b800dc1d3a2ad6d188b67008dc76cac6fb4597e1a0754093740ac11187775358074657feec7c3e9397da237cd7e7a4ab8c438c7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a4f2a255c83722c3c300748f47e6457e
SHA1 230104461a3a96936e0bc1335bbf5622b3b7d2ae
SHA256 b7246d86d750e407bce74622a28881a522c472a87656a84ea8f1428fd892f3b7
SHA512 1005a6b05e152ab351b7b58d624721a64e8c5d7602a03dbf0ef05c96f1c31933bb2e70b4e159e4406b3487bdfd0d63fda8a3afa1d097f087e3096b2ee5258f9f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dc027a7b53bf228ca134b2d581f921d2
SHA1 dda4e3828e609287783d2d5c45046b5cc446a0c8
SHA256 2be22494baea033a86a26b805222d23108548ad2b256f79acae26a9c98f3e42f
SHA512 7c0bf724531ed8306c14ce452118fefc280017ddd7284b6c367bd984392f9513ada202332123b1148f61fdf0f27afee36cea7ceb1e612a8b01c2169496786180

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 012bc8f9ed5b8e762326c38ba282bca7
SHA1 5628c9b327822b5a321824928908b8e38a1541de
SHA256 73f097a74472ae0f38ae1a29b41cf296e9a4eb5383326bfc954629c2c9afb319
SHA512 c2c582fdd883232f9748407265ed97f468122ff730dd9c40dbae959ea91aa6461a7f2e3a4c17feaba1f631e8fab1b88fc2e367e190e19eb2b908734c353bd60a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c9e9c0eeb8c9e97d1dd767355ad2224b
SHA1 77408b3587f5f9c6021655901f29d5c4eaa7b215
SHA256 9a4286b90733a1840bb0ef5b50ef3f8e96ae5c9ad297c8e5188e31b5bba2f53b
SHA512 0e4bac07fb26959bac47ca8a5a4701dc39b5ab12daed0fae66437ae0b1720ab7c60add4cbb0b997c665bf6e31d1c817ed9842c20d0d93ecf085d11a3d4ba004a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cf4a79510870c4932713d878d74429e7
SHA1 f018a7903c80fa282505591c4bc6d035d7a16955
SHA256 3aee7529bcb783d6a17fcb86d565085d0fb67d45458683779b0633478d13adbc
SHA512 b958799c6691e431490bb513fdb6cde44d65dabec4ba3922b686bcc26902661a91cbd43ab83b6f389fa7effe5e884d05ccbc29d85b4527da1d2bd7281d60b83b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5a7a5130b8611f2764e63d9c124e95e7
SHA1 828bc980f341987bae8da08bbf538830b55f72aa
SHA256 58434c81bb31a399f5c2c1ca8362353738d9f63f7b8bab0b92464c17806a798d
SHA512 b6641c4d776bc7cbc4c2d496fe84afebf6c4a2ec27bae3b9d58f05a7c60df76baf7322465505b7cde1539f6ea2b2b8a90918e1893f0fe921f8029750f7233a1b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2c9bf0f594ab0d47bb1fc1d718825cc6
SHA1 e5964f74fa50db7dba28bd8c1e7f6572076acdbf
SHA256 ead448b65e56d545de8dc621ef2fd66425dd89e2c214450b52593f0fabb23aa1
SHA512 a63b1a78d13d9c0e5b3c1a0dcd4a455ac9d27af8fc6d905b23d750d0bf80bda5351b5aa59507d60d4592b517ff2bf4731253eb76b3e9f2260e7dc9950729300a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 3446568ebe691e08094adbba4b509901
SHA1 d33b66b77bd1765bcf31e58cbf151e669feaa1b1
SHA256 f1c65b8030f15a62e4356c989147fa2d268ef6713f09a6a1c49e5265126c5662
SHA512 556198112b012b97886ee39a8e7f991f2d6e0097d785c72f2efbf5c72c1088d36b7cd605e7d1da46fe93d37973b41ba0048ada18baa462efac9bdc92c23877b1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a55855d26447ab2d4af80a15acea1ebe
SHA1 d278695676a9717024ce85284dbbb59e911874b0
SHA256 427ba24f4d2b1b7c2e9a01e660d5584fe374c9f5d134a02a76b1a5d80d21d77b
SHA512 8a2b1e3f8716c43043867dc38abca848c4e926bf6923440ccc476c858db60a91a05d06fa2e07bfd13d4f0641c63701dfbbfd450bcb531c22ac7c3b7b8a484f17

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2dd37a67bb32d6e503766f82300362ac
SHA1 93b1b391dcd9184d44aab2ab2f018906e44be63d
SHA256 cc7a48cbcd1fcdbc06edffc51bd870b2b03ed358b50708e321387ae4bf4d18d9
SHA512 dbb84b6b2cd1ef8fefe9b5d74b4d932f053ceab1bd558aecc9263b4193b5fec6db112c539429ac775038924c8fd71627b8e907b4d6bfcf23f319955b128f2149

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f5cb8d6dd70ce4c649d5f8b3f0b283c9
SHA1 eff4a3478526891239cd0d72157f4c7f2be8f16f
SHA256 1455660024b52005208dd4ab69fae14006f9e1183c7e901360abc77e09f93298
SHA512 b0338598fb30affa123679af8b97df89d8f37de325d58e81b844b169c685a96d7731564045b778cbe7ee4b4efdd2b995a36a05a5e7fa09686a9201a7c040e23f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b3f915d17329289c30b155fb4aee31a0
SHA1 56ba697c83d50095dcceff1fd1e32804483ac190
SHA256 4eace1b22247f0d9ddcf2ded37efcfe91ed48ce8483daf4e8e373671ef044140
SHA512 b5fbc6e03618d6400b4a91fe9a9f442c714f67d4a407226279266e4a06223d050549d98b1efd75ab4856ad9bcada4cef1db80923e6474a0d70641a4de316124b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 32661886f9b143c538ee3092768e1913
SHA1 6d7526f1ef2e79509cdb0e1512a11cdb278dbd73
SHA256 fe33ea9aac5102b616084fa6053dc47cfb01aa260b37f12888ceba7444d03ba8
SHA512 b629eefa2a97b6f0b5ccc621671b562d845984c5f7e3221afb09ec7c1ea50aedccf2c644fbedc123d255b32b722db98660cdb8fa58fd5674baef0964ea997292

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 218b49f18872ab96521ada70ef550499
SHA1 a17af54c89bebf6ebd785409e5d9ad690398eddc
SHA256 8f3c9beb907610ca2d5462e73f1caa5bc153ccdb055e7d2941d32074d36f0e02
SHA512 3e358fd52a6508a7952e92e43203c2e73f6dc47b436a35b0f166dbd5908e2baadf342250f0eff9a4c7dd128707852245b567336c9fa01c0efe21e8b5377d9dad

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 692e22559f6c9b1640016f278e91bf5f
SHA1 3c908f592abc1ba54c3b22dfc74679f78a37c854
SHA256 417e8335ec8c0515f66bf1227d75e341c9973cd953861dc1b2c18e4588b2bd1a
SHA512 981dc162d4dbd0095a8fa03880433b2852a86ef60d630056086e193f86b301ffc5737f4851f8cf4b35989b1005ee00a95b9f2e89fcd4fb569c867f45edcb8406

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 13eb1e143c3107266234b5c113f98e3e
SHA1 c45516c78f7246c2ae3be2279d9127631a994c57
SHA256 34985f309715bfb00a5a0e3e4da0129987980b6b0024050b5f8c9423ea38fc08
SHA512 475a0311d04ff95a40bbb652695a36b116a7671d8fa6bb91473de5b8fea93c48003ca12986c9f11e47ed559521f6d6799e364dd76bee244995c6a446c3d9f40d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1938f7c2ac875c0cd37d986fb3705898
SHA1 64a039d43bc16af5cf4383fa9d957bc496b5110b
SHA256 0983034d2e2918ce2578b24a700e3d6afc69e07d395ede64f2f56e84f26481a3
SHA512 7112cafa192e1dcf5a8601cc308a248f74084ba10d9069b234c79d2cab8399ee12df8c1eb6bf9730bd64f12059e6c850de42ac880538758928c2fce1d3e62355

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 556e65b51b513ebc08ec0fcb28edc109
SHA1 cc55cd9f1bf1ff6f544575ef714b0f07b16dd7aa
SHA256 c9c8cf42f20a46f164e1e1e3a08f4a6de41a15260fa068fe788a4346f40c23e2
SHA512 b4f8e5fc74864c657918dc6e8ff4834bf217c487ca1caf0396e0b091848332c269de1446ab1e66fb7966099b140956c4010067ac6f693461508a052b04db71bd

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-04 18:18

Reported

2024-05-04 18:21

Platform

win10v2004-20240419-en

Max time kernel

145s

Max time network

150s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\13e9be4756aa037b5693dc6cc9a14be2_JaffaCakes118.html

Signatures

Detected potential entity reuse from brand microsoft.

phishing microsoft

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4876 wrote to memory of 1588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 1588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 2036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 2036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 2036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 2036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 2036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 2036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 2036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 2036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 2036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 2036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 2036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 2036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 2036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 2036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 2036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 2036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 2036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 2036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 2036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 2036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 2036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 2036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 2036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 2036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 2036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 2036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 2036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 2036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 2036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 2036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 2036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 2036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 2036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 2036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 2036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 2036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 2036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 2036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 2036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 2036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 2060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 2060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4876 wrote to memory of 3500 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\13e9be4756aa037b5693dc6cc9a14be2_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcdea146f8,0x7ffcdea14708,0x7ffcdea14718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,11323779290956489558,18204222987575064692,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,11323779290956489558,18204222987575064692,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,11323779290956489558,18204222987575064692,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11323779290956489558,18204222987575064692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11323779290956489558,18204222987575064692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11323779290956489558,18204222987575064692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,11323779290956489558,18204222987575064692,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5284 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,11323779290956489558,18204222987575064692,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5284 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11323779290956489558,18204222987575064692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11323779290956489558,18204222987575064692,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11323779290956489558,18204222987575064692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11323779290956489558,18204222987575064692,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,11323779290956489558,18204222987575064692,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2016 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 secure.aadcdn.microsoftonline-p.com udp
US 8.8.8.8:53 aadcdn.msauth.net udp
US 8.8.8.8:53 ajax.aspnetcdn.com udp
US 13.107.246.64:443 aadcdn.msauth.net tcp
US 13.107.246.64:443 aadcdn.msauth.net tcp
US 13.107.246.64:443 aadcdn.msauth.net tcp
US 13.107.246.64:443 aadcdn.msauth.net tcp
US 152.199.19.160:443 ajax.aspnetcdn.com tcp
US 13.107.246.64:443 aadcdn.msauth.net tcp
US 8.8.8.8:53 portal.microsoftonline.com udp
US 13.107.6.156:443 portal.microsoftonline.com tcp
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 160.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 aadcdn.msftauth.net udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
US 152.199.23.37:443 aadcdn.msftauth.net tcp
US 8.8.8.8:53 156.6.107.13.in-addr.arpa udp
US 8.8.8.8:53 37.23.199.152.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
NL 23.62.61.75:443 www.bing.com tcp
US 8.8.8.8:53 75.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 134.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 69.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 919c29d42fb6034fee2f5de14d573c63
SHA1 24a2e1042347b3853344157239bde3ed699047a8
SHA256 17cd6de97a0c020cb4935739cfef4ec4e074e8d127ac4c531b6dc496580c8141
SHA512 bb7eadd087bbcec8b1b8a49b102b454333f2f9708d36b6ffc3c82fdc52e46873398d967238c3bfe9ac6caef45b017a5fe3938ebf5f3053e4ef9be7b2752b563d

\??\pipe\LOCAL\crashpad_4876_BSYOWFLGHNGTWCSV

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8b2290ca03b4ca5fe52d82550c7e7d69
SHA1 20583a7851a906444204ce8ba4fa51153e6cd494
SHA256 f9ff4871fc5317299de907489d466e630be63d698c8f7cb77cc81faddbecc6d2
SHA512 704ec8122cc1c263dff67ddbb5c20ee0db8a438674d716bc3be5b266ee5629a219b0049d721f9eb2dd8f2d8fda0163659eaa4d3e1f0a6e9072a8ffb92bb2b25d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e380cc8cc05b5b93b3a75060a776bc19
SHA1 d5972aefdc74bbfa7d4e2f9675ef2e0c53e0bf9d
SHA256 82efa7799f3a2fd146dd42f8e85121816b3c8eb2f2dc722aaa17d3dac22137d1
SHA512 2fbc2546d25bc60ad85f37804a1d98922fd78e546cd64c70f776baf5d7dd85ece05b381da34c165a94137ecd359136ab6c977d9255cfab4e97da7428caaa2d65

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 aea1f49f357c8243283b01e1968d0715
SHA1 d32c1b0f9ed01c324583eb641481ca5d858c830c
SHA256 982548f2e69a792768efe58c0b84a7b51b63f8a0147b3f81061371c822b1396d
SHA512 0ae0c66f0a8b30f1eca62260c0c138490582f3c5580d12160693f7706dc4e531795812363d3df15eec62d892232a964c58d91b333232dc6e1a24e7a19cba86c6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3607e2f12d23207af05aa3a7bca4121a
SHA1 96708388ac5b58ad9f168c812c66c0120f7d8cb3
SHA256 74ae9f324bc62f8bc88e403457c5cff8b025214892f46de07b49b55327d64906
SHA512 edd0ed9da9fa80f8a65c1b954bd681195945e6a8e63cebbcabdd1e175155f7247e308e50418b3f0898564dfee235162824d865b623d6a51d909200d8642f33be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 d406b808db03486c92a1a59238b1e5b0
SHA1 a06abab63f4139c38acae4c4321e8c1887bcad58
SHA256 53f8cbcb57ccf678366099900cbf010017e5ef1e8fc7ca60d70c6f15eb774570
SHA512 d3281d8e015fdcdd8808e586bffae6c63555eb27fdf1078c6d9dd52f804f34428a5880a0bcb37b82ebc110da6d91242775c54a53f8b0e2819fc46580537ec649