Malware Analysis Report

2025-01-19 00:33

Sample ID 240505-31j7dsdb77
Target 19cd0c54f12a6b7762c7620d92dfb040_JaffaCakes118
SHA256 599f6b1d344994419023d5a984c624ce6ccde06447ced012e161794722098d3a
Tags
microsoft phishing
score
5/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
5/10

SHA256

599f6b1d344994419023d5a984c624ce6ccde06447ced012e161794722098d3a

Threat Level: Likely benign

The file 19cd0c54f12a6b7762c7620d92dfb040_JaffaCakes118 was found to be: Likely benign.

Malicious Activity Summary

microsoft phishing

Detected potential entity reuse from brand microsoft.

Suspicious use of FindShellTrayWindow

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-05 23:58

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-05 23:58

Reported

2024-05-06 00:01

Platform

win7-20240221-en

Max time kernel

134s

Max time network

135s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\19cd0c54f12a6b7762c7620d92dfb040_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000112dd71d930ff24b8b2b71a2c228122b00000000020000000000106600000001000020000000cd36d09cf9fbe3a3d2c349cfa0e32900f1498b94d5a56c2d7f3ac3b31c527221000000000e80000000020000200000009731fe0598429766a45680b190f5ace0214f33d0cbf1b81cd1d66adef1bdef78200000007a3711c8ec5fc3bcedb9d181e863ce0aa8063b7a95356cf55999ec2970a273a8400000006f9a853c6d27f04e8f13be634c04457d58c59a5cb07a0eab6787b1bd3deb2ba30a5cd079dbd11557385fed6e964fca28ad5dcb86bd19a7d256c872f54f831282 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30fb1447489fda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6C78F891-0B3B-11EF-97FB-6A55B5C6A64E} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000112dd71d930ff24b8b2b71a2c228122b0000000002000000000010660000000100002000000002300ea3b3390dd4d5991dd0ce7d0ecd4a11c864f1ebe70b0a9e880a26e75e20000000000e8000000002000020000000e2bf916ab50b3f199d16a154163a5307a5d1e81aa9026404c6c1267de7e5da9890000000f675322f60f9075a1137f3c58b3d8d282cae0808e8f012a7c157734ddcf65b426aa9a472f8ce4f0ac55094f066c49a642e04dbcb12379bf5bdfe3e75033d619e98b990fe6500cc447888a0a06b5cb3f09c2a7543b33e4f693f96d89e3a80621eb5a5237fbf792db4dcb21b587cb570e16e2ca5a9be962cf4797aa31f594bfa2dc7feedc5c9622c5f91f5282601a2ef3740000000534e61abd9d85ec2d4d74e7ec218d81113590daefb1c61a117ead9cbca95012e53dec711177eafba4f62c288f731294b14397e54216d1f96db66dded0bda6ae1 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421115401" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\19cd0c54f12a6b7762c7620d92dfb040_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2648 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 secure.aadcdn.microsoftonline-p.com udp
US 8.8.8.8:53 aadcdn.msauth.net udp
US 8.8.8.8:53 ajax.aspnetcdn.com udp
US 152.199.19.160:443 ajax.aspnetcdn.com tcp
US 152.199.19.160:443 ajax.aspnetcdn.com tcp
US 13.107.246.64:443 aadcdn.msauth.net tcp
US 13.107.246.64:443 aadcdn.msauth.net tcp
US 13.107.246.64:443 aadcdn.msauth.net tcp
US 13.107.246.64:443 aadcdn.msauth.net tcp
US 13.107.246.64:443 aadcdn.msauth.net tcp
US 13.107.246.64:443 aadcdn.msauth.net tcp
US 13.107.246.64:443 aadcdn.msauth.net tcp
US 13.107.246.64:443 aadcdn.msauth.net tcp
US 13.107.246.64:443 aadcdn.msauth.net tcp
US 13.107.246.64:443 aadcdn.msauth.net tcp
US 8.8.8.8:53 aadcdn.msftauth.net udp
US 152.199.23.37:443 aadcdn.msftauth.net tcp
US 152.199.23.37:443 aadcdn.msftauth.net tcp
US 8.8.8.8:53 portal.microsoftonline.com udp
US 13.107.6.156:443 portal.microsoftonline.com tcp
US 13.107.6.156:443 portal.microsoftonline.com tcp
US 13.107.6.156:443 portal.microsoftonline.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\CabA363.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\TarA375.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\Local\Temp\CabA50E.tmp

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2228ee1a435a72f13be5331274d031d6
SHA1 21e1f5e06806c90d17e98d90d2f3b658aa63fc6b
SHA256 df357e92c3ac4b0c7f9d4f7a8d0f1d654e8ea72e391f11807544324526b8e5fd
SHA512 6b3c82b3eb5bb21a4af5678fd4f8b600caadc8f42fa3a4658a279ef2425fcc62544e22c0bb7e283a5eccad57719ea991bdda034056957fad1c44f6b9ced687ba

C:\Users\Admin\AppData\Local\Temp\TarA548.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2bb7d8b29a3322806f506d12412d3ecc
SHA1 cbe93749ef0579f9276fcbdb83a5767198be03f2
SHA256 742d8ead9efd40a05d10c031819111b9e86ea0781a866f8f59cc7db56dc42937
SHA512 6d8d2c26532173d05cf10723008abac789a3462fbe56a1ed6dfb811389a5b39baef53e8dac009de22f6bdb6881c92618135248bfb71c597f399023a583f37223

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 55f5659918cbac2972b25ccffed682b9
SHA1 c5ef475c45015d9e5338cda71b72313c3dea75dc
SHA256 b0d3d4d931ae0ef87ff87d6c303d62cb10d9465925288e05cc04a4f97ac1f29e
SHA512 2833850b8bbcdfa696a6c91dcb0fd2543dbf8b7071aa32ffdeb3147f784f2d8addad71034fba52030763950a4fb22189442aa1a85e7b65509d107e5e89738e5e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 90bd82b225b29cb5e24e1b3702798e1d
SHA1 62111d5619c15193ed9ad41a9ded40d756dc0a19
SHA256 8eb8fef824cd68cdda639c7d00d2dbda85b4b0feaa885c347a94d1b5da1e1c5b
SHA512 045d84a3a62a39feb9ddd79eec7d5ffe1c3b0432d18de9558b6a67192524c0b993b9b411748fac866a23b217bcb637f45c5eb72dc7dc2d6733639daaa7492232

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e9f389a66f56756fef6a431ffdd28544
SHA1 a99ee103eaa2c33c4c153bd5d2edc35c0750de54
SHA256 72c8e6c6f930d71f7417c62606e4b46f229da8c6353d54002b750e3b564b6064
SHA512 bbcde9101321da76f86314df620f207186b307bdc93d1ff0ef0da7b26b22d0f9630a4a99ec9b37358d56d1517e68a74977a92ad69a81e848da1707e8011da222

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 22a067fc4c85a38727d43ba6fa975c00
SHA1 48bd56721537ca2bbcab322bd094309324cabee8
SHA256 e0e1723647138ffd9bd53fcd24dcfe220efbe58bf6a7277d8a40dd6e1ff8dce7
SHA512 7b20ad981c93c3f940ee1dfd700697704909e22f45bac818a124556f25516313592ee6b2b7a96695ff5007d382c7725e26f6d576c284e27d2301dc365e0901f4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0ea59232ef5acdf9deeddba7d3d47f6b
SHA1 e8c1749640e1d5ef3a00ac241b65192b5467c258
SHA256 f0127b390f977b6681618ea36ad8fb857bb1f1d1dbf4d8b4896ccc48ba534cec
SHA512 ab5a98517b77c23c17fe39ef6d65771ab6ab0a9e1b96b99f6ec32856806500c9825e2533d829dced58e0bf929c04cce8a8ef94513b3b328a282fec7385f25d04

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 270aaaf532b14074129d3759f53df199
SHA1 6144c55110cec3c10a4bb3cb64632e8fb028b1fa
SHA256 381063ed3d0bc875227ff577387bb3d1686b7d7836f80a7da712cbf048ca510e
SHA512 4b3c18f8885251a8b2e4172938ec13da73e88cbc75d3d2806c36e6c8a15bd7c23fda7185efd013e2cdafc0292543f43df610f85c73abbb89edc08ac1f765aa2c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 21b5eb5febf029589a4f2b52b78ee006
SHA1 25000a0ee195506abbde9562ae28a8437f87c285
SHA256 b8a29537c1235b9ced1302a2d7b6e981df4bf8c4e4044dad6ce6e49705b5386f
SHA512 fbc45742d202bc7490cc86e463a7f753b97d1e9e5910c59339cf3babaa3659b2f23236df6720007e0fac7a139ae00b4d445d9592fd03529a4e75c7dad8f38c08

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 74703e81774151e9f889c58675de506d
SHA1 77a5735d39aef0bc02c007767f2b71517c7e60a2
SHA256 e0008462bd5376144be4ee183df4c470aaa1f2b45e8dd2afdf3d18ed965a438e
SHA512 5d861ec85db08148025fe25471e183bd557626be0866edbe986a9f4e3d731693a94a9136c9a1f0118b922de97cc1839965fb7ee21d9215373ba707007a38f121

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d8c7f0c164e08c6ed905eb394a43f506
SHA1 e115d4608b08a82d5ca6c5ffca966284b957d4e9
SHA256 e67038bf5ac3f955677bd0985eabd6bff7108984659be17eade27d4c3207c05c
SHA512 3e578a41f2043ce4e4790da5714d9fcc75a1a60f4d35bc7cec3d8891e932bbb410ba2327be552a4b08ca3d50c1c635c423a0618189809533f035652159db843d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d8222491ca4be2d7b784e0d3611c28ee
SHA1 b237c7aa69c8c700719abaa2bc8161555beb2166
SHA256 028c20459f15f90c9d77335636d74c155e6033f52ac8128eb38075c87bf0b20d
SHA512 8ddefcb76178cf698da3370b0d7265b56976422b7fb876ecc165aa936a652b86de46b40991948bf9e951e90b1e5bcc9d310a76362fcafd669e2fe74ea88aab7a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bd0431f35780e2cabc9562af013513ad
SHA1 bec40a69604167d4d8176d11f48362eb81dde074
SHA256 bf3bbc7dbed64212becbe36fc766f6451f187a5bd019d45d2ed69d2149c96b02
SHA512 59ee4820e411d53be970ba1e88ce90d9638ba095d8776aaf49c947e571bd55aed9df6348a1ac005142698d9300c8b1ebfa981eef7d12182b70493accc14dc782

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d6fc409ed7474199ef89db53cac642ce
SHA1 6694fe8c7fb435444282bb12b9b862aa637fec50
SHA256 10b61c7115ccc34676926145c6dcdcc3d2c25c3b2774203f3b8ec82321364243
SHA512 da3f8f181260d72739bf354ee4a4d1084fbc89bee75268b66684c4c6360a94bd8970520fa16894a8951b20fe94251663071faf5c0d46e31cd4a302679067f1b2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d6bf36052593d4827ef322ad97c3ff15
SHA1 d26d563448cd6bb670c3e03137b05b83096ff124
SHA256 ef9f7b288f8608df879b017271e4d63eeda29fe0146ed69507a7b9898084b523
SHA512 bd2cf0ad785d7e23fd80ddd87c7a229f5688c95dd8272e20606d53e0d6706ebd2accfe3575ab378516b187bc23c4534de86b9bbe964c9042b467629c8af672b0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6cdc01ecaa39451c2f5fdcba1b7f4958
SHA1 ea3ed400d60c34475a45c5282ec05aa5b7c27d19
SHA256 83cf5a137d6732480ee0c085e099ecf1d2bfe9f0c7757c831320775fdb43fe3f
SHA512 a05eb83fdc922f3c904f99c380d0c574639430fe8f83f9effe17df1df534deb6a2b1ae2bd35df047422ccd65d6b52e89e9a7e7896615a8efc859343fd19505d1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 eaa3dd16dcc1d8b8a9a71192c96ed234
SHA1 5b8d5675defb3bf884cef3f62a66625af8af5c9f
SHA256 f78e2ed5b332ca53d6cebdcb292c185ae77b881ec9e1030f56cda86dfe4ce0fa
SHA512 7dbf2ada9c13cd9ee67909b19b2a6dfb72f7c70cdde55560f2946c88f8ba5c9718b67985feebbb668a48ca60b45902a8b406650d88d11f9c2314c1c354501f4e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fe0ec2680b7766a3534f6917ecac62ca
SHA1 321368e65b1277908aad20246c5b13dd9a283ccf
SHA256 8d6c1c49ccfe8c53ad2e7b5d0c9b326364f3a0f60336944e3f6d9f7ac61435c6
SHA512 fdc2311c777ecec714b329e40379ce52edc68fd63476a2a6b5c4e849e9939c51203c5307bb7ea2c27adb7d901a824cf7a59dfaa118a5616f3f96d664b006b915

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e15a115bb0ddc950eb46bb0fb3a2e438
SHA1 c91160e88d4ba81fc589ecba1348a4d4100f424d
SHA256 760ccfb091c91597a56e579ac8e3f759dc8f889af967af9572fa6a22cf7d1017
SHA512 befd8cf1574525b5d3b055d62202a8ac26a00bb06e0d492ffda1109b75c392a48c422d8cf86b2c94bf1f198869bd554eb5c16783eb66263a11c8fc3aeba7cb1d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 81fd931ad8f379979c57f830e5638bb4
SHA1 4a9f3c8ff45d75fcd5e1f7ae41e6520d24fe0d55
SHA256 d96df0fd68a3656aae142573e6a796ea1a85a2b2101e004659d79bbdfe540a80
SHA512 b87da4bc99d068ed8442ed6b84151348d882a1f35c06505959fc6bb0c7ba00fc8ba33ea17e19ff1b13a80395492b40a073b0f85236bb631e96a86f9c740eb6e1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b2e3527af3545134b66babe8f838bd07
SHA1 f7132f8d8a5db8f63c4d1085a67fe7464fbe3dce
SHA256 407d7052fe6d6a4c4cd59dd3ac55f0749f051737703b7d33758116409c420d8c
SHA512 cea5bc8263467e4fdda4b54d2f119b34663786abf8b327834e93a2a65981d29872f72b024397efc73c47a0e6316885bc506986a133ad70f02efebc6da8b7f580

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 479caee413ff75aadadf1d69326a2da3
SHA1 ff2de1a4c3c5b6bcfff156f2da06db157b04c361
SHA256 bc7d703a6f39b9b1fe596107063e39b7867d3f93c10ef625bed154c22ebf3864
SHA512 149fac990cda10088ebd1885ffce81ef2adf7a2ec6b594ea51d0b365916fe26dee0bbed104f6c2c2cb59fe3fae29e47f4a583e240d77a03cd42e6368602338a9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dd9320fcfe5c1c9f2e8d77a2c90089b3
SHA1 86b00b03bee4ca87d218c1ba1e87143169324e94
SHA256 850a4f4f4dd3f2682b83f884816fbbfaf3903d817967beb656b361f05a846dad
SHA512 e6b5de6f0616f35538333d9105b9137df8a2a48b44eb73284ada5358a4032c96c1a8fe43f592564d215b5c268325df5b97f67535f79915834211b2d45a6eb09a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ac42ee124f5e6e4facd5dd9e9fd8f7bd
SHA1 8ef67348a91a6ad3d8f535c3328f631ed231b5fa
SHA256 25bfdfecc13e7e743bf3607afa0e601471e7f83f11dcdf2cdbfcd3ab5a524f06
SHA512 d24408a942fbd8419954fa64dc2e7f6f0d01d295c7d0b05bf382f6bd9b76023acb63d975b40d0a369558b03df0164d69bf6c8910551358512d7e727ab878568a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0037cc2dd4a93396e8d781cf61a44f2f
SHA1 40ecd526ac13e8de6290b6268c4b6fbea63a6b79
SHA256 e86147a7f37fd993cab763ba123132d0aa3a168e49571b09cd773c4f146e3e9e
SHA512 7dcfa8f2f09034e27655281b3e2c8bffdaf13762dd45dadf7aacc02ff6aca70a62f710ee33385906f13566aab2abcd91f20f9aecf6797f69f8b8bc30926d9acd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7101be30a1b106104eec1e44bdf3461e
SHA1 4316514008b5b8b0c46d7b4a5e0118efbbe20bdf
SHA256 b179925b2fea26b1d4b732f8565e368f27daf8e23eadc6d02dceb88242280c97
SHA512 c41832415f7823d08ddeeec43aa32d095c1f73b750b3328bcd002f32815f083312f08f6ede442d09d6b5e83ddc7559e138690d8d7769e125dedc37c66ee996ac

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e8945f547120e8918b43d46f4040fe92
SHA1 722471ee781e4b5aea2171f2d1ab1734084f3512
SHA256 f4b62dbb9d571eb9842675138c6b06df61786aa23f9904e64c0ba03123ada383
SHA512 02ec1a9f8c013072082de07b1acf14ed4bec73555b3fb251b477de88394a68ee2b7f87de2f401d4c0fc57bb51b33ca38022eb56faebd4127fd873abbd0a29a8d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5e699894d5233b940d6a896dfbd60075
SHA1 c10e9055cdcd492d79ca4cbd4cdebe7783d17b7d
SHA256 4271f8dda94f8506e87b03514b51ecf24687c7257013adccae6ca9279de289f1
SHA512 3bd02733b142e31698175363d6c8a8441a5010f128ff9dfda48b333630adc50dc4c7012ce893ae8d967b3aff27b86a61baa122a0223753aff57ae34aa66f1d16

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 42c1d024b4c2f4193846a15ec4c7c743
SHA1 9d60b89f1eb8a26a48069dd5454a9170d19ba9eb
SHA256 32f1b2e514a56a78f7c000ee75e6230452e293396bd9251e4cfdb414e84fbac0
SHA512 7ee9a29ccb3f1db0334d632a1df7be4e523963321bd4b96f216c2796f29dc3f1468d2c8ff68493f34f4dd4e3e9f384abd3191546b994f20dc5da8ebb5ba4f027

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 311ccfd72f19c5ec07e23d7064b7aff0
SHA1 dd4baf5010e66bfde069da54503cb2a26c11d0a1
SHA256 690a64565e73c507871f5a07b676af1a81fef76a2b8cf2a764071b39a1cc7782
SHA512 726d2c4a618cc393583234c7fee129b8bbcdfa3a0e9c2748c0d24c1123a0bca2a48698b179960e8e4fcf70c393356dd233b43a75cdbac90c789f3f1f3be444d9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 df2bfe31478c820f14bd3c4b18f061a8
SHA1 d48aa72c51523b62a86d187decd0972164f1a8d6
SHA256 76e80efdbd33d0aaed9ac71d554e9fede38a4d5b0df198e013b3829110532816
SHA512 93d7b78c9e04633b9f2de4a5ef058555ead6e08a2bdf19478a5ab77ae91389a32cb05c39865ea682a35dd39682328a1ca6db6898eef18b5be487249f6579d628

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6aa0abc62f705746bbc1fd4143d40564
SHA1 871231616c6a6acbc63c40e6b926a2778f8cb6c9
SHA256 1e7725b9d00dc20f70c4cb71a40a34b6dac659b068dd06c2f0cc637f48ac411c
SHA512 7c46a1ef83275c32d83ba36075c3634e1c4197d512e391e7280c5ddfe46f31ca45deb8e13a77eb32c9cad7713912b074fbb7750b4793a5c3f2418096ac5c93a8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 df55f36bb9c863a92b9f3ac9623bc7ab
SHA1 16e3fff37e24eaaadce10a81710959398c304662
SHA256 9260b1cf850fd0009dc4cce50e1818189700a7dfc69c00d55029e620c8741fe7
SHA512 55da2608395d8d79f48228927c2ba860a1516434901816e9f1a3f7e866ef4be295384d526ae5764458946eb3d85637ea43788c698d66f69de898d24fcaab7faa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2543b9b3eadc7249311f25f8bb23ccbd
SHA1 c6852929e1b60c3588495185849946a3b45aa2c6
SHA256 74fae9e7df1e38c72fabbce928f30b5827aa6ba9c6e234b1534c2af8f7881d0a
SHA512 b736da55f606f6595b0a2e9da4151d9610b8303412768a58af655a33e53b24c95443a9472c85aedc76e53ffd024df27bb4d4f0cdf33d54daa0d8d4a2e3fcccdd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 221ed5d68f215fda32580d072bdd939f
SHA1 b9bf6313eb83e229e2576b074fc0d5d6fc35168d
SHA256 e243409628b19aa498c1bbccac2d7e1b47da18ecf1c722524caeb057bf2d9cf6
SHA512 b925ceda05c2b39d174f46aefc982838665cf9a15a7c43a0a3847d9b85cd592973568f26c6967e9c5c1219a4a54ddedc25c0e25a511911647f66acb9f3a1c051

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4b53aa04b79d4316105dea99e7cdf3f4
SHA1 7c6f296f7d551ad0dbeb9037e73eba5138fd32e3
SHA256 01347893a2c77c9c17233410254977390f971b888e2ad1e5449001cac3d839d6
SHA512 19f0dd06509cd7068f240a1f70eaf00a96d361bfdf9b9a33579dcec146d5bd9839fd9677b13db9d690d3a84b01853b8b07a892441df1b42279be230a73ff61be

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 087179ddc161fdb6c42d1b4b52739d6b
SHA1 f96aac22f6aa15713246b65d4cb0c8d9d6ae7899
SHA256 5b59b01d51260e7f2c738c61fec584121a24344980a110314d3b1048d562fd1e
SHA512 5b2ba14b2440fa783e41ed772b0eeae70f574d9a4bcb37804f6216b33d09df077228adee86d3fc84b4b85a625895457ccd0ed592f9530048283df41357829904

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2218bcab90221db2a8330d071e95dc7b
SHA1 8644ad316b3c7469e504886d69d16be79f91aa57
SHA256 1d3ff89170abd8ec968f9228e94c162cb55f61970ede85f1a3db31f3923954fe
SHA512 5931182e9ed6c6833d79796ce5a47e8ed22b207e62c01bcc518c259fb00592e49bc97d29a451c0a5a54e30d0463750ac756ac040cc7f544e02f6bc4225abcab4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 cc49e1fcfedda2baabb15762ec30efa3
SHA1 44c8c7f263b90246037797ba93fbce5aa5c33fe5
SHA256 004a2caab919b77b1f95f21647c9c1e7828f574f910c3b0ee5797c545726d5ec
SHA512 04c337621a8ef4bd93518fd2e865f0104115e24691dc1d2859d0b2e85795aa5a2b7681e30febec227f86fa0ea0696c40ff33eeb695bd323bdd271a7dfb39d634

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 332804a5d8b7b0500e49fb729249dc98
SHA1 bd42f2015d4733b4cf8c522d6323301ae08fe9fe
SHA256 cb1f6612c7888d7996e1d4d4ba78e80edabcd185a484033b9b8067f79c40d063
SHA512 3be7abb3664f7c084d50adb777173252173a7209db1073b141e23e8850a2504d73f3fad8585b89513eca0fbbaec96b4502a9de9ccf9be6372630d1f725033c81

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6a23ee813ffadcf510bfae4e40f8691e
SHA1 27055b4c44b40b89a3fda8f574ecff26404fd728
SHA256 d1e8f0d665308f32304517caf59bc03c53d16ab56547f744146cac34c6cfab3d
SHA512 93e91e194730f33e61f101084b8fe80928a7c6ad886287f00735f367317b00023f64b10808bf2b7ac364c408c184748240ebdc69fd3e7580f5716e92a0644854

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c3fb43134d0ea6cbe4da4029148ba422
SHA1 3648d79f2b5edfe64fc999c2e83fba58eec74962
SHA256 910fdc6195cd16ecd4074b0ca7396987e35a64dc670d25e013f018f85f18bb38
SHA512 a35c1e24226a11bd77b5891989f7442d454925a80cca3517fd476aca5ac146e4a7cbe817c5b805458b3a645bb1e11037341aa33484caf1973746a09862776785

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7faf33216f5e590694ac4be0452193b5
SHA1 399769608f766cd253e1f7db55673d2375d3cc1f
SHA256 5858960769560edf1bb145a6eccb72bdddceae91a88a9ab3098aeab8cd2f30c6
SHA512 5218b76bf8aace19d1445fb8ef8afc17179aad5de4276cc82421c8dbea8d30f928e7d185c3374bbffd806648177f98208f9a8841c72336ecaf678a6174b17a18

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fa87a4de909f15befad259ac486ef36d
SHA1 0f3a94fe66b0712552a505e7514fb29999f2400b
SHA256 6dac4ada607c93d35e0605408dd67cda756658d5dba238be2f29f353fc51b39e
SHA512 bc7bb10267ae8305a6ca1094e3f508b5a49efaf7cd4ebbdc5b750383562ac8389c93921a2c11bffddec8ade1b0392dd232cd1a18cfadc81b0826b1ed61c2b911

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 de9d95a095adabb0441bbbf448d4111f
SHA1 00ffcd75139960e002042eaf6a2571112ed2f066
SHA256 2ba2b27dcb2d15eff0632de459b193d1c8dd20cc114e6c081ed2ef2709d32945
SHA512 3aa13573b39da56f8267092be04347dd0416a8e6688a1e65c7b1f79ae88b2f158874ab2d1eccf08325da0aa730c68524eed940ae775d7a083222175f1a39f5e9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c2e71ec6f8bdf4ccb16d2c7c3bdcf7ee
SHA1 bc4465d19be3c680e6e927dd8dea60ffc80a9221
SHA256 8cf00056cce6fbddb56b4a9a8fb043a923e07c20f0305101481c2ff7e6caa90d
SHA512 5b94e06e3f9dfee72a5ec475cefcbd0d6baead79ae86d5194a30053406b97c142ea8b0df0ef1251071ce84fb863ed20a5e3cf6dfed993afb8b33199f9067fd9a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6f56d7605eade20fe7c331ee9fc361c3
SHA1 c89f95ea1d15231091e378229dd6012cd961a133
SHA256 d96087683b9ba9154063d349be9bc02293390c760a3002cf3b5e54158f22c610
SHA512 26de1e88abd6004901dfbfabfc5fe61a85415769b5bd19ffa1245d18617ca5c64a74e7774a4d4b1b4fa9c8620bb83fc0ddf6777251921ffc9342f19400ac0c10

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9d98337e824224efa7efe473c8c035c2
SHA1 7c313a060ed1789630dc9339c1bb727bbf11248e
SHA256 3846915d8fb170f76b3d3f626158a30092a95662cb359fb7bbdc085991555ede
SHA512 acb26d201b249ac2a8729f17dd63d43e62587b6f9e3855cb8bcaf498eee0194e62185731991c9146a07249729359de2103b7f4ff50421be131f47139f7923d2c

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-05 23:58

Reported

2024-05-06 00:01

Platform

win10v2004-20240419-en

Max time kernel

145s

Max time network

137s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\19cd0c54f12a6b7762c7620d92dfb040_JaffaCakes118.html

Signatures

Detected potential entity reuse from brand microsoft.

phishing microsoft

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4812 wrote to memory of 4448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 4448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 2592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 2592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 2592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 2592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 2592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 2592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 2592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 2592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 2592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 2592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 2592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 2592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 2592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 2592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 2592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 2592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 2592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 2592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 2592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 2592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 2592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 2592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 2592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 2592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 2592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 2592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 2592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 2592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 2592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 2592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 2592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 2592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 2592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 2592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 2592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 2592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 2592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 2592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 2592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 2592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 4732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 4732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4812 wrote to memory of 5080 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\19cd0c54f12a6b7762c7620d92dfb040_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff80ad846f8,0x7ff80ad84708,0x7ff80ad84718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,2130295394499588949,2933817938443239096,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,2130295394499588949,2933817938443239096,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,2130295394499588949,2933817938443239096,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2892 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2130295394499588949,2933817938443239096,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2130295394499588949,2933817938443239096,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2130295394499588949,2933817938443239096,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,2130295394499588949,2933817938443239096,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5320 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,2130295394499588949,2933817938443239096,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5320 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2130295394499588949,2933817938443239096,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2130295394499588949,2933817938443239096,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2130295394499588949,2933817938443239096,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2130295394499588949,2933817938443239096,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,2130295394499588949,2933817938443239096,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2736 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 secure.aadcdn.microsoftonline-p.com udp
US 8.8.8.8:53 aadcdn.msauth.net udp
US 8.8.8.8:53 ajax.aspnetcdn.com udp
US 152.199.19.160:443 ajax.aspnetcdn.com tcp
US 13.107.246.64:443 aadcdn.msauth.net tcp
US 13.107.246.64:443 aadcdn.msauth.net tcp
US 13.107.246.64:443 aadcdn.msauth.net tcp
US 13.107.246.64:443 aadcdn.msauth.net tcp
US 13.107.246.64:443 aadcdn.msauth.net tcp
US 8.8.8.8:53 portal.microsoftonline.com udp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 160.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
US 13.107.6.156:443 portal.microsoftonline.com tcp
US 8.8.8.8:53 aadcdn.msftauth.net udp
US 152.199.23.37:443 aadcdn.msftauth.net tcp
US 8.8.8.8:53 156.6.107.13.in-addr.arpa udp
US 8.8.8.8:53 37.23.199.152.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 31.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 69.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 1cbd0e9a14155b7f5d4f542d09a83153
SHA1 27a442a921921d69743a8e4b76ff0b66016c4b76
SHA256 243d05d6af19bfe3e06b1f7507342ead88f9d87b84e239ad1d144e9e454b548c
SHA512 17e5217d5bf67571afb0e7ef30ac21c11ea6553f89457548d96ee4461011f641a7872a37257239fa5f25702f027afb85d5bd9faf2f2f183992b8879407e56a0d

\??\pipe\LOCAL\crashpad_4812_CLIIEAJXUJKBDVXA

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4e96ed67859d0bafd47d805a71041f49
SHA1 7806c54ae29a6c8d01dcbc78e5525ddde321b16b
SHA256 bd13ddab4dc4bbf01ed50341953c9638f6d71faf92bc79fbfe93687432c2292d
SHA512 432201c3119779d91d13da55a26d4ff4ce4a9529e00b44ec1738029f92610d4e6e25c05694adf949c3e9c70fbbbbea723f63c29287906729f5e88a046a2edcb7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a62f6be65878eacd5c3cdf6bb5081060
SHA1 4188464023dd517c72329331e409c48225176d69
SHA256 77b130649540f8595e0ebfc0fb591a49361404d605b4149a42039f92d099de49
SHA512 4aa413bea9b8b6f4dd8970dea55bb39679b4e284f2f56b15f60ddd48c146dd55b43a1581f645ae95a031eb35458694b6edcec10303c2527130809cafd785f35e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 9908eaff50e0839f60bc619c99d2c4be
SHA1 b29172cb0f4d6422b0f6224eaa1f13129ae7c320
SHA256 0af892c5f38bc57d6afc2bf6f68b874f40e8c00118f5d268f2208673bbd8333b
SHA512 91c0bb326b9c3d1d08c6a5b13c0201d3d1b1b1687e26770d873cfd4206c91c0a4565706307429896c2ce741aba69141dad5c308f1a8d6eee416f94cfc3170bab

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e8b1ea11aa3d54b5fa45ddf8e9bab5ef
SHA1 3daf1b7f92d3957d88d81c5fa7e6021dea905b3c
SHA256 83b21ec1952f9a897e0e3de184f8d4533562bf0e5ded161bafdab69cbe4e83d2
SHA512 f4434c9bc66bcbd9836579ab9ce467d645c46f2a396fea92df5e3af1456b33a917302de187c197ffd86e443975903138ed2a336345e17ddceaa396d71a2fd078

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 d406b808db03486c92a1a59238b1e5b0
SHA1 a06abab63f4139c38acae4c4321e8c1887bcad58
SHA256 53f8cbcb57ccf678366099900cbf010017e5ef1e8fc7ca60d70c6f15eb774570
SHA512 d3281d8e015fdcdd8808e586bffae6c63555eb27fdf1078c6d9dd52f804f34428a5880a0bcb37b82ebc110da6d91242775c54a53f8b0e2819fc46580537ec649