Malware Analysis Report

2025-06-16 07:05

Sample ID 240531-sxe36adc34
Target 877c0d5e4400092349d1d579542f150d_JaffaCakes118
SHA256 0bafc8982478cedfc9353bc000a5149abf61996c546e6fd0242b98a2a0054a67
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

0bafc8982478cedfc9353bc000a5149abf61996c546e6fd0242b98a2a0054a67

Threat Level: No (potentially) malicious behavior was detected

The file 877c0d5e4400092349d1d579542f150d_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious use of SendNotifyMessage

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-31 15:30

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-31 15:30

Reported

2024-05-31 15:32

Platform

win7-20240220-en

Max time kernel

145s

Max time network

149s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\877c0d5e4400092349d1d579542f150d_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000001332ca40d573d04eba4fcfc551e5296600000000020000000000106600000001000020000000c64534fd676892116a43362f96d77db4ae8e52e3dff0c81fa17ac370e7285cb2000000000e8000000002000020000000a528af9d1784cfc9705b382b33781134d03cdbc620694835810244aefbbc884790000000d51b7ed770109d262a1c12ae982104c719fb9bc0c66fbd154787b48bc2690fc9b8398dbfd816752bfde0f408126b50313aee300f0b7e46f9a1078a326c5f4e87e75a61139f720f4a32985ce19062ab155afc86957eefd9dbf345bf2a6c784994389c40d21ab005d4d48d797370d997a421fd5eeb820cbcbf2f9bf5f0cf435639a1be655af06da096cf23aba526a14797400000001e9514c5eeea37dcde49b0263d45d1e1b28ed36b89e19a076f939a7dd42e30f14ba374a0cde488ebc07d7f87e31ade8c83a5bfa9b6bb49ebb5663c4b7d0bc908 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A550C9F1-1F62-11EF-9FEE-EA42E82B8F01} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 501849866fb3da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000001332ca40d573d04eba4fcfc551e5296600000000020000000000106600000001000020000000b1320e559cb2e584c066ae11fb794794a328a6a32c50b741075d745a0d2bd1ef000000000e8000000002000020000000bd1c984de3599baac970792b2964e51b4b7c714c2dced27def9337e6e3dd0f502000000019bcd9450f5629c73a83e1a996fbcec609ab6455c2ce4123f122b6d4077a901740000000efb9201fc0359ec52909960775bb10eb4242b3e07a4e3b0eeb4304080805b50933273c4ebd72a916c18c2fd138b75f313f4f9f4de7208b1ff0a9a9840278cc5b C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423331269" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\877c0d5e4400092349d1d579542f150d_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2856 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 adithya.googlecode.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 lh6.googleusercontent.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 xslt.alexa.com udp
US 8.8.8.8:53 opi.yahoo.com udp
US 8.8.8.8:53 www.iwebtool.com udp
US 8.8.8.8:53 images.dmca.com udp
US 8.8.8.8:53 www.auto-ping.com udp
US 8.8.8.8:53 lh6.ggpht.com udp
US 8.8.8.8:53 track.bloglog.com udp
US 8.8.8.8:53 www.ping-fast.com udp
US 8.8.8.8:53 busuk.org udp
US 8.8.8.8:53 banners.copyscape.com udp
US 8.8.8.8:53 i155.photobucket.com udp
US 8.8.8.8:53 ping.sg udp
US 8.8.8.8:53 i1129.photobucket.com udp
US 8.8.8.8:53 www.freewebsubmission.com udp
US 8.8.8.8:53 www.gbotvisit.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 www.w3-directory.com udp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
GB 142.250.187.202:80 ajax.googleapis.com tcp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
GB 142.250.187.202:80 ajax.googleapis.com tcp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
NL 142.250.102.82:80 adithya.googlecode.com tcp
NL 142.250.102.82:80 adithya.googlecode.com tcp
GB 172.217.16.225:443 lh6.ggpht.com tcp
GB 172.217.16.225:443 lh6.ggpht.com tcp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
GB 142.250.200.14:443 apis.google.com tcp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
GB 142.250.200.14:443 apis.google.com tcp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
GB 143.244.38.136:80 images.dmca.com tcp
GB 143.244.38.136:80 images.dmca.com tcp
DE 94.130.218.80:80 www.auto-ping.com tcp
US 104.21.54.72:80 www.ping-fast.com tcp
DE 94.130.218.80:80 www.auto-ping.com tcp
US 104.21.54.72:80 www.ping-fast.com tcp
NL 18.239.18.64:80 i1129.photobucket.com tcp
NL 18.239.18.64:80 i1129.photobucket.com tcp
GB 172.217.16.225:80 lh6.ggpht.com tcp
GB 172.217.16.225:80 lh6.ggpht.com tcp
US 104.21.26.218:80 busuk.org tcp
US 104.21.26.218:80 busuk.org tcp
SG 167.71.219.46:80 ping.sg tcp
SG 167.71.219.46:80 ping.sg tcp
GB 142.250.187.202:80 ajax.googleapis.com tcp
GB 142.250.187.202:80 ajax.googleapis.com tcp
US 74.208.47.213:80 www.freewebsubmission.com tcp
US 74.208.47.213:80 www.freewebsubmission.com tcp
US 104.21.3.75:80 www.gbotvisit.com tcp
US 104.21.3.75:80 www.gbotvisit.com tcp
FR 77.87.110.40:80 www.w3-directory.com tcp
FR 77.87.110.40:80 www.w3-directory.com tcp
US 162.0.235.138:80 www.iwebtool.com tcp
US 162.0.235.138:80 www.iwebtool.com tcp
GB 23.214.156.154:80 banners.copyscape.com tcp
GB 23.214.156.154:80 banners.copyscape.com tcp
NL 18.239.18.50:80 i1129.photobucket.com tcp
NL 18.239.18.50:80 i1129.photobucket.com tcp
NL 18.239.18.64:443 i1129.photobucket.com tcp
US 104.21.26.218:443 busuk.org tcp
US 104.21.54.72:443 www.ping-fast.com tcp
US 8.8.8.8:53 apps.identrust.com udp
US 162.0.235.138:443 www.iwebtool.com tcp
NL 23.63.101.153:80 apps.identrust.com tcp
SG 167.71.219.46:443 ping.sg tcp
GB 142.250.200.14:443 apis.google.com tcp
GB 142.250.200.14:443 apis.google.com tcp
US 8.8.8.8:53 s10.histats.com udp
GB 142.250.200.14:443 apis.google.com tcp
GB 142.250.200.14:443 apis.google.com tcp
US 104.20.18.71:80 s10.histats.com tcp
US 104.20.18.71:80 s10.histats.com tcp
US 8.8.8.8:53 developers.google.com udp
GB 216.58.201.110:80 developers.google.com tcp
GB 216.58.201.110:80 developers.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 x2.c.lencr.org udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
BE 23.55.97.11:80 x2.c.lencr.org tcp
US 8.8.8.8:53 s4.histats.com udp
GB 216.58.201.110:443 developers.google.com tcp
CA 54.39.156.32:443 s4.histats.com tcp
CA 54.39.156.32:443 s4.histats.com tcp
GB 216.58.201.110:443 developers.google.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 172.217.169.3:443 ssl.gstatic.com tcp
GB 172.217.169.3:443 ssl.gstatic.com tcp
US 104.20.18.71:443 s10.histats.com tcp
GB 216.58.201.110:443 developers.google.com tcp
NL 18.239.18.50:443 i1129.photobucket.com tcp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.151.35:80 www.facebook.com tcp
GB 163.70.151.35:80 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 www.microsoft.com udp
CA 54.39.156.32:443 s4.histats.com tcp
CA 54.39.156.32:443 s4.histats.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 50307dd5a05eb1be118dd601a701c942
SHA1 be4994717eda8765bc6bd57384b314dbb1b42866
SHA256 003b0019192cb0ad667e934ed3b6b76f68e95a62aab33f28049a919a52d6d608
SHA512 92e0a914dd04769499f889160e66f4db6b771ed8fb583e52c9b7dcba15a908f590098d233c3f483c9f8a3b0662d2c5b652bba81888dc9e6e1707ecb2c0cc3277

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 2ab6f91a1d0d37cae290117a53f4dd5c
SHA1 91a87e67142a23fb4158d6e43e8dc25c3cdce56a
SHA256 8b908a15d93adb93c60a5d64395ba4fbb7df304ec0e798ea33b536a264334993
SHA512 486edafbb4e0f9f8f3745459ee4777f74f1af33a34448f1d84923f94fb2e03979e628ba3f4ac73ed749596e246d15ac1d5fe0266c61a2c1295be045b8429687e

C:\Users\Admin\AppData\Local\Temp\Cab1805.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\Tar1818.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar184D.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fcc2157d62eec2656c6f60f0593ed7f2
SHA1 b9c137ad061af00e78e85b61f6374a9cce0cc17a
SHA256 c7115e1b601d42e85998b4f47373125b34d3cea09de4e65aa04f5ea22d845a64
SHA512 a34b4ea66ff8a0973b600286e1d761bdc67bdb11b4a8e2a79b72a26f84fbed231a673afeef2f5f33610d5cfd5e8cb173d47479759c33a9d450f63395d9683e17

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1a8fd82c8e96c4fc1838e1a6904c8977
SHA1 32a33a83cc0ac33f67100442ca9a82dd53de4979
SHA256 453bae399994bfe46a0199f3ce831399ce2c8d723015ab473c4e44ba1b7af018
SHA512 99b48e2af0f9cc61854ba079ad0f17bf14a28e89ed52156fa5afb3478671c860d003f0288448fa0f84f39a252c3f9653dcafa614f8793b1d956909f38349a721

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 abbdcba2a9d7fcdd1046b0f3adf3d240
SHA1 9b57d9e8f2cb6386b43b418552ed55699e371fc6
SHA256 0850cfd16e7211999253ff9ca957288afceba8c2c699c757f56f954cc6f3f74b
SHA512 4c7b062a03265924bcd910d5cf6ab89b1a4394f1a67c57c50dff41feb0db9fb8e3cc33ec9b8c5cb4d118e6b56ede51a515c4a08ec46c7d7dc6ea577b5e1be95f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0f818bcd51ef837e1a2cee8fae6f802d
SHA1 86117e4f92c693109e8a95b892effe3fa166a084
SHA256 b14b6fae4d94c9fc6b481815e929e11beb599fd873b9507b0a5288eedca9fb37
SHA512 570ee97b67db7cf388bf53ca14218d9709367530948365689ad6142137d1b1d64e5d6a6e45d42bd8b9eabf5ca7d86006b5d738ecfb26f81e75567ff04055cb08

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

MD5 c9b456af6253cbd85a97c89008084690
SHA1 5f913cb7c8500a59a87e9c53cae298b38c65e08a
SHA256 384f1532f3dfc163da872127cbc571c796e16f96fca4f98e75a3df29911722f5
SHA512 cb88c2d8372861d0d320e037c33534436276b815b9e3aeb858ff426a990c15130e4efa0170a13731ed6339727b8a98eab8c4ca2bd60d043a5d63ee18f143decf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

MD5 55540a230bdab55187a841cfe1aa1545
SHA1 363e4734f757bdeb89868efe94907774a327695e
SHA256 d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512 c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CY2G78MW\platform_gapi.iframes.style.common[1].js

MD5 682c26af19b240f98d2cb951721fa54d
SHA1 18e58b652c7f82a55ab4b1910693686049e25d62
SHA256 96428f0f585a874c185d560538ad83ebfad0365d760fcf9fcefe80add9e3c980
SHA512 078aeef086271b7f9cf0f6e3a1e7908d7e38465a1a7a4de6f2a785147e9130551a2995e80600824da9341d58e5425d4505518e90eea9ffe1c64f4f41825a9660

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I819HQXH\cb=gapi[2].js

MD5 0fe383a7ddb9bbaefc3105b3297f5583
SHA1 f80c9d789f251909c7560bd91a9e1b9a10c26362
SHA256 d7ad4aad4e48174c30ef21fc32c9380659d2c99a5c39680e10ed9752139d8683
SHA512 31de1f59377bc76e5d602d02273867ce750bbbccb7edc8f2803c0188002ecae6752ac3ec31c2108e64b0d871b01e6a8a06711969dc68bd9823303def0e7c1ee4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e7d89753f9492efe04a9de2c3aa61892
SHA1 7554ae745534e6e8865edcc5cedbe072dad55754
SHA256 af9351fce5e1cbb718fcb5384562f4ea7c16b0aa8edc1cbd57c0cc19d1daff4e
SHA512 23295eb6388d5dba5368a5b9b220ad100ae3fa2b226efa3662850335e44dc8942a94930aaddb8a02108012313be9f996ab5b64be76c7bd33595debf6d750bcee

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 082e5d40b3a5ad64486baf2cf9e377e4
SHA1 b010a8d6e9109400ad6dd528f16d5daddc306a93
SHA256 da98e01ce44bfada57eeb7a70a48a6bd92f37dfeabde77145cad147a91aa5abb
SHA512 dae3d825d6a02c6f52fbbbb20d883fc0bff0e17f2a2f272dbc0cba1bdafeb8b4a954113e2347f2e39bd3c22c08e62bc0ecb16f608e3027cab70019a8ad671e05

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ecf124fafb2ee58eb625a15060b52618
SHA1 814a2e2bd350b2d0793a1b89cae6dc29981b4cf1
SHA256 2d78f0ceb117c55bc166e3b2cc657d1033bde1f943554bff8167665602ef3dd8
SHA512 8cae8faed7ccad5b58ac1e99a90547a32dd24d7a819ccec506e359474db553b93749c3b9fe0474b2e7a6ec63b368ee54f096e8d6e6b8a4ef7ce154e793e81e60

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ff8d1e6f5d00194cfc5b2399c6da7b61
SHA1 27955c6045042bfeee3afb5c6797ce521b7f4bae
SHA256 75d08fc996fa599a09addf4d2e50f0d91fff9c242a7c0d705664b5ea8944a7e2
SHA512 5b32703c51b2c00f7f36b9416666a1ccddd47a4ccffc46e372ec15c23a1bade005970600f23f411dc316850db17344d9d725d9a3cd2f22d17589e2872a187637

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 021503f579e02e311d3c9368ae58ae97
SHA1 d931f0d9d879b3ab4dd6509cd7dd01c66b78e5a4
SHA256 b8f7d4f68a6898880eafe68d92e37e169f5bde276fe412f6b71a47a02b164243
SHA512 ee24ee8925bc594c1a65b50f822a638bbb1c397450adbcee4e20cc130ed5213be472bd0448a98d5a4e91c3069e8f03922f97af174daa91841a285a7b4502fede

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 19bdda02cd16390bb6b4ca295b08e413
SHA1 70c13b68f107a4ef20a35bac7d45f1b2b0f3c03d
SHA256 fa47cb5297a78d00a8d83de4d32881c6d9430e7c01e92219637733dcd9dd07fc
SHA512 4268e9d22925f739ef5029513572a4de51e322cddbb4e5714f59d150ddfb5c416f1645f682de095c730f9d8d71d4ddde9dce562ba8b26a985c8d299bb4c3e1ae

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9880f881d4dfefe5684b3342d7b1b9e2
SHA1 a0e9fbf4844f50deab637667a9b789792d9ac921
SHA256 d14cffb458cff51913624bd4bf9dc8a52aec8630066e919c9090d3d4ea26f7c7
SHA512 bb9e11d506892c3f424192504fb8d0746a50c25241e6f65a9eb4cc0b6d1a09538cda0e431a4b94f7968c755eb9146fec7c7bca9bdaa46033776ae9a39a5e7c00

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5e0ab74dce6841cae434006bbe07612d
SHA1 ea85b8220e0bd437f3dbf6a057042401dd7d4728
SHA256 60a55683639993b906d994c59a560ad6fea2df77e2a7f0d87b31a479c7afd2ac
SHA512 ff29dcb0d1210c342454d02ebf7d3157731431fb57a75a3e81c4111fef940b3567626ff8dd98019774dcbf598b49cddc9d10fac339a8a2852b18bfa20008cb57

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b9d8c143d39879cfa22fe37de776fe2b
SHA1 9c19e3a0983131f6903810fdafe3855c807be872
SHA256 308226fe423f06555abadc38cf00c590d4d71528511b0ecb6f2552f52bfc1b83
SHA512 7c1e967ca6a241843c2a402028a0fdbea055e5d590ae82dc0a3de5def9961ab65f8766ec7d270ac070e21f03d00e194516c63b95a70c7645fec229c8f18d35b0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d081c0b1e85315f389533fd861d18dd8
SHA1 839930b81782e34ad0dd1b5deebc5283dd7f2334
SHA256 455d9753071ec2dcf9611552769b02a447b9adb1a8ccff4b131b0b343d514925
SHA512 209cb95fec32bd0ca174a9bee2ff3357fb043eaa944035d0741dee1bf86e02f0fae43a2072cee171e073bca5b253f5f725a4149a28b0a0c022e3156787a8434e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2c88e4a9f47292dfb1e7660d4beafa33
SHA1 9a3982c5cb0f7dead3fdc2641c7150586aaf2fba
SHA256 acc5fd058e555c9950d3ade616edd7037976a501573cf20dfe345084a3687f64
SHA512 00b9372e5b5c5b65e6e5f47ac6e85e565c2a5e64559b35856f1c92a247cbfb50a30321335c2ab5f7a48eb198c61369b411e47ff168af04b2c4d536f44ff54208

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fc2caa8bbdfc92ab86877d58f7b3f5e2
SHA1 13b3be52e19c422ae778fcbf1698976c0ba7f2d7
SHA256 3a361804d94a4a4228d5a9e1392e9fe0ab7e8378d484ccf3a3a89ef992049ad4
SHA512 a889b6266ce45e556e7b21336b81cb9847993204e1e32ad95966b1b15991607f8df3b5525632d767ad8af4d222b271c33a96bf9b4ff6a9de75933ef5ec0f710b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3311fb63141de7b2b0d9b9443db893e6
SHA1 87bceea3f9ef595e966ea8d8474413c4df072c83
SHA256 8695041150c67fe0e546bd1dfd4142e145ba4ee4ee08bfbdc9088bd91f058c19
SHA512 00f9b5b6c16568796d0c2ca654b612a2a6af6764c5b8150619aa4c7a0e53f8ccf18c7db19cb7ed113f016e8ce9972c6a36ad0c2c8ddc552ac2d1a6c99cff3e16

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a668e0415d98d0ae4c679c1f772f1940
SHA1 dfc1920e7975c653bf84a1a373f78af2110bb7bb
SHA256 76dcf8f99fd19e66cb8ef951813efab331b761bef8953e48e7505dd560f1b041
SHA512 f136361d151eea58085dfe10bfe03139f861f18c49626d1b3374317f67c22a1fb85647cc2db4efcb7e253ad5cd15f2b3a5312e57aedfbeb914700962a102da0b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 bffe1c8b1a0e94a1dd1772bc6f3cb17d
SHA1 75a352f3f9df40838aad91c56262b2bf2ee29523
SHA256 96717fa708aa72c1166ee69d1025b81c95b0fd0450cf21c3d1a69a47f1152370
SHA512 266e8a87d0b993c6b1d11a80b357d6ca0d8f96aa91dcff431250d8c183c24cb1e8cf6397125273c8f5225321e6a20fbda6bfde9388711d30d18a33e632cfba75

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYNL6UIN\3604799710-postmessagerelay[1].js

MD5 40aaadf2a7451d276b940cddefb2d0ed
SHA1 b2fc8129a4f5e5a0c8cb631218f40a4230444d9e
SHA256 4b515a19e688085b55f51f1eda7bc3e51404e8f59b64652e094994baf7be28f2
SHA512 6f66544481257ff36cda85da81960a848ebcf86c2eb7bbe685c9b6a0e91bca9fc9879c4844315c90afd9158f1d54398f0f1d650d50204e77692e48b39a038d50

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYNL6UIN\rpc_shindig_random[1].js

MD5 6a90a8e611705b6e5953757cc549ce8c
SHA1 3e7416db7afe4cfdf3980daba308df560b4bede6
SHA256 51fdd911dc05b1208911b0123aed6b542e9d9f04c94d7504c63d89ca259ef679
SHA512 583636571c015af525cddd5b8dc2ac9964aba5a7a9b0acd3908e4aeb4c2ee74cdfaabe49b0aa13d7b142748542426864e91e88e90d7f73bc647f0bfecb0ff7bd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f72fc543cacbef89d53040181ba86514
SHA1 858ca81d38f52ea431344654dd6f932e6ea6bbf4
SHA256 3cc4b709ad6c7b3940b1cbd31764c7ab3d79702e62a1cb44bff358b6159a379c
SHA512 faf84aca0d754f57a134c2ca73b144a094485ed803c54235e84f1ccffa0a965564b8d5e10b8c4ae5d2093c892492ea39d57626fd36910b5257131ec03874b691

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 98e5bd2b4640fe1c806514b14fc30d84
SHA1 7e8e9765d03bf35d530d74a56833b351e5285b9a
SHA256 6fb814e22c4c996151494c7a6ac37eccb633d992db9fb034bdc2e6b29470024c
SHA512 40512c1b08b83c6d16bf431c13bf426841b70f777808021daa8852cb672578c96d978d949c97c59c52e7394d3b13462a2c4dd10df8999a241a2e2dc994099100

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fe3d625f0ab3337cbc683c1cfbd5b133
SHA1 513ac7c68487adbccc14e4ed09bf217be2ca62c7
SHA256 d04276af1c035c75d5a6824386dbce4250e578af195dbfd291f1c9b7eb62ec05
SHA512 2ca2e26cc1ce03a8995834bcb2bc72895f12972fbe67a917075b006fc188965f29c3979291fe4a8307d9877f4df1ac2ef3be09c6565025981ad58dd6769e8298

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bc221f18d91e46267d6292c834868bd0
SHA1 5bb1dc9ac8d4857debf0119a51e301e7c556da11
SHA256 704f6b07a157f4baacbef89db408b83b191875b429031c66a27046fbba6ee912
SHA512 295212530b92bfb3302b92dc4f075fcf6272c68212aef2d7b2fa926100cc882a88409b3699ef37eb8e812dfa472aa696f32591eadbaba4be68ca0f04789b145f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e1cb4cdb586ec8b0d7ef3d7122cadf5c
SHA1 6268a342f8de63a6ac3d73cec7513999a03ef199
SHA256 942ad5e9198eef8c726e4bee0c4d74bf705bd2b80d76243b328072b428f1266f
SHA512 93252be995ac6e8f6137d2510c45eed91bed89cc0b5ea99158af89263095061816faf6ff507e66c83e2f2335dca13f78633f1c5374d0746545d3d7f761c74c88

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5ea941ef323129e7f90e24027640f914
SHA1 17078d25723e4629b7ea2129408f81095eaaf92b
SHA256 8375456aea2fd8c24fdfde4a7543d442705a2478c795ccb2d6e483ee91b4ae8d
SHA512 c28992372b431dd7e5a0f8d43830796b787dbf8e23c610f0ba39b2c2890dfb549ade42c71ae35705cc5a1a4b8ee70275b78ca50a36b67e1183a5578b17f57923

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4d3acfc1abd22b40aa13f49db915d8ba
SHA1 7317d3395872e93b62873535c183beb3521d8fe3
SHA256 5bc4d0c2ae6e6ca954682ba0e1092d0fc6457dcea4b064f24659134d9db6e3b7
SHA512 42c2e5860dbdf06a90fe055185749646336d4050eb219481026ebb86df576a88066c5e0eff12d91bd5713684578c2f4dc51aee2c84f600a9db669608f9afba96

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c79d7dac4cf1d610576152b45a8f1436
SHA1 72c417f19f953708b70da907fc2b82ac966c9dcc
SHA256 90bd4a307c56e6e66b278e52f7e30d7f02171f5c3583d1c4aec88280d6ad7e12
SHA512 465157966d7bfb9bd059bd162f9c174265e040586895aa14963fe57124c82369264d813cb964011c3c6ce795cf24ac34c531ec0cd934931a5ce7aa28bf298c68

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1b6da39dd4e7e6e7300246afcabb9187
SHA1 187b53c55302ec19f9f53f5a398daa9ce0cd3214
SHA256 bf1b4f41913d2e82e4e912f2c4b59917e6d5aca9b6469c2e10621cef2657bf29
SHA512 639ee5a4e06a4ed27fc6af0a8fe8bcbafedd4122bf4c618fb3a7340094a051ec697e1e51f700b251228b9d5488185d3750c60e701f423f3670e78e90f456e52e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 940e4827c4c0bcdd6dfbf95d02946f8e
SHA1 04626295a2bbbfbd9241ecd3783b69bd6c6d3a52
SHA256 251c5f7203d3132baa3e4e7fe0129aaf1291a41aee6f3a0c8590dbdc459c259a
SHA512 d410389aa9784469ba7ed6c7a1cf978a6172cb11188464480ecc3d1566a892ff4e51946ce3672178a54dd4d07ffc3c55b7c565b029e7425863a3d1f618f9fceb

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-31 15:30

Reported

2024-05-31 15:32

Platform

win10v2004-20240508-en

Max time kernel

145s

Max time network

139s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\877c0d5e4400092349d1d579542f150d_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4008 wrote to memory of 4280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 4280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 3116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 3116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 3116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 3116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 3116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 3116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 3116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 3116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 3116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 3116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 3116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 3116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 3116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 3116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 3116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 3116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 3116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 3116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 3116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 3116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 3116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 3116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 3116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 3116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 3116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 3116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 3116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 3116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 3116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 3116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 3116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 3116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 3116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 3116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 3116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 3116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 3116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 3116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 3116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 3116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 4732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 4732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 2644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 2644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 2644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 2644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 2644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 2644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 2644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 2644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 2644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 2644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 2644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 2644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 2644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 2644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 2644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 2644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 2644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 2644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 2644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4008 wrote to memory of 2644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\877c0d5e4400092349d1d579542f150d_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe32e546f8,0x7ffe32e54708,0x7ffe32e54718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,12124337837984298685,882128071146781174,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,12124337837984298685,882128071146781174,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,12124337837984298685,882128071146781174,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,12124337837984298685,882128071146781174,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,12124337837984298685,882128071146781174,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,12124337837984298685,882128071146781174,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,12124337837984298685,882128071146781174,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,12124337837984298685,882128071146781174,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,12124337837984298685,882128071146781174,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,12124337837984298685,882128071146781174,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,12124337837984298685,882128071146781174,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,12124337837984298685,882128071146781174,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,12124337837984298685,882128071146781174,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6152 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,12124337837984298685,882128071146781174,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,12124337837984298685,882128071146781174,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,12124337837984298685,882128071146781174,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,12124337837984298685,882128071146781174,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1812 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 adithya.googlecode.com udp
GB 142.250.187.202:80 fonts.googleapis.com tcp
GB 142.250.178.9:443 www.blogger.com tcp
NL 142.250.102.82:80 adithya.googlecode.com tcp
GB 216.58.201.99:80 fonts.gstatic.com tcp
US 8.8.8.8:53 apis.google.com udp
GB 142.250.200.14:443 apis.google.com tcp
GB 142.250.178.9:443 www.blogger.com udp
US 8.8.8.8:53 xslt.alexa.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 lh6.googleusercontent.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
GB 142.250.180.10:80 ajax.googleapis.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
GB 142.250.200.14:443 apis.google.com udp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
GB 172.217.16.225:443 lh6.googleusercontent.com tcp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
US 8.8.8.8:53 opi.yahoo.com udp
US 8.8.8.8:53 www.iwebtool.com udp
US 8.8.8.8:53 images.dmca.com udp
US 8.8.8.8:53 www.auto-ping.com udp
US 162.0.235.138:80 www.iwebtool.com tcp
US 8.8.8.8:53 lh6.ggpht.com udp
GB 143.244.38.136:80 images.dmca.com tcp
US 8.8.8.8:53 track.bloglog.com udp
US 8.8.8.8:53 www.ping-fast.com udp
US 104.21.54.72:80 www.ping-fast.com tcp
US 8.8.8.8:53 busuk.org udp
DE 94.130.218.80:80 www.auto-ping.com tcp
GB 172.217.16.225:80 lh6.ggpht.com tcp
US 104.21.26.218:80 busuk.org tcp
US 8.8.8.8:53 banners.copyscape.com udp
US 8.8.8.8:53 ping.sg udp
GB 23.214.156.154:80 banners.copyscape.com tcp
US 8.8.8.8:53 i155.photobucket.com udp
US 8.8.8.8:53 s10.histats.com udp
US 8.8.8.8:53 i1129.photobucket.com udp
NL 18.239.18.64:80 i1129.photobucket.com tcp
SG 167.71.219.46:80 ping.sg tcp
DE 94.130.218.80:80 www.auto-ping.com tcp
US 104.21.26.218:443 busuk.org tcp
US 104.20.18.71:80 s10.histats.com tcp
US 8.8.8.8:53 developers.google.com udp
NL 18.239.18.50:80 i1129.photobucket.com tcp
US 8.8.8.8:53 www.gbotvisit.com udp
GB 216.58.201.110:80 developers.google.com tcp
US 104.21.54.72:443 www.ping-fast.com tcp
US 8.8.8.8:53 www.freewebsubmission.com udp
US 8.8.8.8:53 www.w3-directory.com udp
NL 18.239.18.64:443 i1129.photobucket.com tcp
NL 18.239.18.50:443 i1129.photobucket.com tcp
US 104.21.3.75:80 www.gbotvisit.com tcp
US 74.208.47.213:80 www.freewebsubmission.com tcp
FR 77.87.110.40:80 www.w3-directory.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 162.0.235.138:443 www.iwebtool.com tcp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 9.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 82.102.250.142.in-addr.arpa udp
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 225.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 136.38.244.143.in-addr.arpa udp
US 8.8.8.8:53 72.54.21.104.in-addr.arpa udp
US 8.8.8.8:53 218.26.21.104.in-addr.arpa udp
US 8.8.8.8:53 80.218.130.94.in-addr.arpa udp
US 8.8.8.8:53 138.235.0.162.in-addr.arpa udp
US 8.8.8.8:53 154.156.214.23.in-addr.arpa udp
US 8.8.8.8:53 64.18.239.18.in-addr.arpa udp
US 8.8.8.8:53 71.18.20.104.in-addr.arpa udp
US 8.8.8.8:53 50.18.239.18.in-addr.arpa udp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
NL 142.250.27.84:443 accounts.google.com tcp
GB 216.58.201.110:443 developers.google.com tcp
SG 167.71.219.46:80 ping.sg tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 s4.histats.com udp
GB 142.250.178.9:443 resources.blogblog.com udp
NL 142.250.27.84:443 accounts.google.com tcp
CA 149.56.240.132:443 s4.histats.com tcp
GB 157.240.214.35:80 www.facebook.com tcp
US 8.8.8.8:53 apps.identrust.com udp
US 8.8.8.8:53 www.facebook.com udp
CA 149.56.240.132:443 s4.histats.com tcp
GB 157.240.214.35:443 www.facebook.com tcp
NL 23.63.101.153:80 apps.identrust.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 172.217.169.3:443 ssl.gstatic.com tcp
GB 163.70.151.35:445 www.facebook.com tcp
SG 167.71.219.46:443 ping.sg tcp
GB 216.58.204.66:445 pagead2.googlesyndication.com tcp
GB 216.58.201.110:443 developers.google.com udp
SG 167.71.219.46:443 ping.sg tcp
US 104.20.18.71:443 s10.histats.com tcp
US 8.8.8.8:53 75.3.21.104.in-addr.arpa udp
US 8.8.8.8:53 40.110.87.77.in-addr.arpa udp
US 8.8.8.8:53 213.47.208.74.in-addr.arpa udp
US 8.8.8.8:53 46.219.71.167.in-addr.arpa udp
US 8.8.8.8:53 84.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 35.214.240.157.in-addr.arpa udp
US 8.8.8.8:53 83.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 132.240.56.149.in-addr.arpa udp
US 8.8.8.8:53 153.101.63.23.in-addr.arpa udp
US 8.8.8.8:53 80.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 3.169.217.172.in-addr.arpa udp
GB 142.250.187.226:139 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 8.8.8.8:53 platform.twitter.com udp
PL 93.184.220.66:445 platform.twitter.com tcp
US 8.8.8.8:53 platform.twitter.com udp
PL 93.184.220.66:139 platform.twitter.com tcp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 e.dtscout.com udp
DE 141.101.120.11:445 e.dtscout.com tcp
DE 141.101.120.10:445 e.dtscout.com tcp
US 8.8.8.8:53 e.dtscout.com udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 raja-maya.blogspot.com udp
GB 142.250.200.1:80 raja-maya.blogspot.com tcp
US 8.8.8.8:53 1.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
NL 142.250.27.84:443 accounts.google.com udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 612a6c4247ef652299b376221c984213
SHA1 d306f3b16bde39708aa862aee372345feb559750
SHA256 9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a
SHA512 34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

\??\pipe\LOCAL\crashpad_4008_EHMLJMNSXYDYSQFJ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 56641592f6e69f5f5fb06f2319384490
SHA1 6a86be42e2c6d26b7830ad9f4e2627995fd91069
SHA256 02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455
SHA512 c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 93f96e8b19a9bc7dcdcfaf3f3206e863
SHA1 6c4cbe815c49697b7372fcc84a5644694bfed0c0
SHA256 5a2a2bc1595030296a4e833daf0254e241b1557677f20525f4ee327b0e6e4a38
SHA512 9a77ee4b84c7b44e71cd98033010c2f250f12e875d10cc4cdf82b668b3ae6631c94228745363077870ba6712ede22f8cfa9e952576c758d705e3a3caae54a47e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

MD5 5616f721730aed4b065c02bbb0467b90
SHA1 409ece76fc30ebb849f6d42db57e5eddb833d58e
SHA256 c4ec7246883916ee5fb0fba05688dae00a073cab79ff59ea5193d95b224d5877
SHA512 0c9601b7848f7c823d491deccdab26ed01c002445593ef82641ef659014a195a2190d0298337e0b8e22addfc65a3f395fa47a000c33bca76b45c033e8b513fcb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

MD5 55540a230bdab55187a841cfe1aa1545
SHA1 363e4734f757bdeb89868efe94907774a327695e
SHA256 d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512 c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

MD5 e1c71f7c04be834f5587230db2ad24b3
SHA1 f3bab9cb99d9f343bf7ed3981aaa7450515d2424
SHA256 9fb6c768068467b58cc773a3907f3f5ec170bfe02ca8f301f6a232a9daf5a899
SHA512 205366b4a3ca0dae58722a19ba24088dd8db483db9d14b376434024b064715ade720347ff5de87db014e32d2ef8192e71bbbdd3c885d5a8581b4aafc6e88ce51

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f4ccaaf9745da1bdf3240ffe77bb70fb
SHA1 e6f966d2ab5ebd28cd5d28829cfa0e0ab07f9780
SHA256 e0f0d2888a2b0e1da1464796af4c0510e2aab0c5dcd2a5af4a766ee8af981f18
SHA512 e0610a0679a2df3cd4653fd2918fd9c89938fcbb3c03025bc65faa18baf8694b233926c252f66235b3369c748f185e3e8c31162b1da079b0414d8572536095fc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 bca862d191bc6d77d1672f32f33efa38
SHA1 2f437e43a4d692266337781f0ce7854c41ec977e
SHA256 5c4ebba44d914d153a3ebfc027b82f68dc3847210bb16b9f504ddeca098c2d2a
SHA512 c53f360ca9a620615f866d6c60cdc3b508e53a7f0217f29a767ce6041c8615058c8e85576be66a3725a7476b2b062b9cdf17ab6c20dac38c234f209f84a17315

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 d7a79623e766fb940ab42326af296e9f
SHA1 22cb0e90ed6c9b02d84f8d849d37bbe960b8551b
SHA256 32fd151a77b7d969b154a28759c7278e8d622a32e1d4030b413c61729e317671
SHA512 ae91e67dd6de84134e57864e3594480610e33a82dd902a4c1ef058cde49e85a204a5829c539674548196240551d8348a83a36aa25c0a4f7b198d276e9ed84c19

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 72c6c280ad025e246ce11b752b34e86a
SHA1 21c6226c7e2f5b7156987dabe210f974af171304
SHA256 daa21d3d7afe49a32b575bcca51560c35dc2bbfe974800d4bf7e3b53a4fcc68b
SHA512 f65c953c057b94e7403f8f659b1ecbabe5cffee62aeddd08a232fb447f7c4c66c5ca64a1e59b1003ade8b7da2d279d0045d3ed3c7cf7d821c183ab0a6c607f2b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 26f334fd4bf19ddb2a316679bed2e6d6
SHA1 31f00b2ff3400a23b8b8e946d99185598fa6ddec
SHA256 30a7f4dcb5a57652b021df40c0d83c2cf43a1d7a432263f4843db4fbcff3c881
SHA512 1eed56a17a819a13d7d6504ffc90d4560acaea8ac30d7b9e34d7a0dcf8e016f8f11edd509271ca0588fa89a2c093883e2f5af55b0383c0a8e486b2c6f787ef8b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c446e7a468e66622ee5e94c4bbd1767d
SHA1 5347289c1a624ce82f58537eed20d6c4e8648858
SHA256 3edf2ef5e11f14bdbf2038e65ae56aa7755b935dde37084f9c78254162a70009
SHA512 5fee8bb2e65abb987106ae0156225464af432f8b736464a9ae2612c9f2835afb389a6606c1d0c612d7ce649f94faf26a216da6acdea2224abc50f97dec125a3a