Malware Analysis Report

2025-06-16 07:34

Sample ID 240601-yv94eaed47
Target 8ba00c2e1b32f56b20384c52cc942106_JaffaCakes118
SHA256 a52ccc54d631a4e7e8209998b56ddb128f92ee4832ae9003eaa86348f7dd3041
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

a52ccc54d631a4e7e8209998b56ddb128f92ee4832ae9003eaa86348f7dd3041

Threat Level: No (potentially) malicious behavior was detected

The file 8ba00c2e1b32f56b20384c52cc942106_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-01 20:07

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-01 20:07

Reported

2024-06-01 20:10

Platform

win7-20231129-en

Max time kernel

148s

Max time network

148s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8ba00c2e1b32f56b20384c52cc942106_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60ea63705fb4da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423434325" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003110be0c3940a24ca4984bc15d742aa0000000000200000000001066000000010000200000008459b0eb1a1d20924fc67705ecc1aa2ad08750c82ddd64eca1f7811ef52857f6000000000e8000000002000020000000a5ed99a8f9a578f18eafce24d36d967a5deac2047b00b3edba11cc0b15e3a5b820000000a0d06a5c30b577aab9f41ce47bfe81eea7d43a8d7271caf0dc5bf738dbdb95b040000000e2a8db1cc9272771490958d1c256c79cc66f18dac7a6ba8e464f400fd537537e842399d7fee2e575e0ea47116d4f7e3e7e80a3162baedd2562d369d8ab555c79 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003110be0c3940a24ca4984bc15d742aa0000000000200000000001066000000010000200000006ecbffb83d5661537e298098d7ab49d4fc227439ea3cfc6fef5fef7b97121a74000000000e8000000002000020000000b2e0ca589c44f4ebccc920a7407991d28af886cb27cc12fa017633c87ea5be129000000082e2a3219acd4929963a7afdec14b22649f61d94fa8adb4d32d22ade21333406ec7a6d2819ae8dceedf7ac25a045ed9dd08b8aca396334b779fd954201019d1146a808ef87d8a3f5ea67f904c374a819f6afdf65769a6ce44d22472aa9f44c7f853fd931ee721900d8bab6e68481ad4130223ee7163452f914980989fb93bea66705af499133ac3dd9ebb36d76b4e9be400000005f1c9d1821e0e3bc9944b2cb291723a9982bcb00f87bee2b90c46956fb11d69e8546da19430c020aa733ce2a96a85f7630f5ab8e5d5a9fc6cc6daee1099bf3c8 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{977AC011-2052-11EF-9E06-5628A0CAC84B} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8ba00c2e1b32f56b20384c52cc942106_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2364 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 rover.ebay.com udp
US 8.8.8.8:53 ir.ebaystatic.com udp
US 8.8.8.8:53 include.ebaystatic.com udp
US 8.8.8.8:53 gbelectronics4u.co.uk udp
US 8.8.8.8:53 brontecountrywear.com udp
US 8.8.8.8:53 pics.ebaystatic.com udp
US 8.8.8.8:53 q.ebaystatic.com udp
US 8.8.8.8:53 thumbs2.ebaystatic.com udp
US 8.8.8.8:53 thumbs3.ebaystatic.com udp
US 8.8.8.8:53 thumbs4.ebaystatic.com udp
US 8.8.8.8:53 thumbs1.ebaystatic.com udp
US 8.8.8.8:53 p.ebaystatic.com udp
US 66.211.163.23:80 rover.ebay.com tcp
US 192.185.5.183:80 brontecountrywear.com tcp
BE 104.90.25.126:80 p.ebaystatic.com tcp
BE 104.90.25.126:80 p.ebaystatic.com tcp
BE 104.90.25.29:80 include.ebaystatic.com tcp
BE 104.90.25.126:80 p.ebaystatic.com tcp
BE 104.90.25.126:80 p.ebaystatic.com tcp
BE 104.90.25.126:80 p.ebaystatic.com tcp
BE 104.90.25.126:80 p.ebaystatic.com tcp
US 192.185.5.183:80 brontecountrywear.com tcp
US 66.211.163.23:80 rover.ebay.com tcp
BE 104.90.25.29:80 include.ebaystatic.com tcp
BE 104.90.25.126:80 p.ebaystatic.com tcp
US 192.185.5.183:80 brontecountrywear.com tcp
BE 104.90.25.126:80 p.ebaystatic.com tcp
BE 104.90.25.126:80 p.ebaystatic.com tcp
BE 104.90.25.126:80 p.ebaystatic.com tcp
BE 104.90.25.126:80 p.ebaystatic.com tcp
BE 104.68.72.211:80 thumbs3.ebaystatic.com tcp
US 192.185.5.183:80 brontecountrywear.com tcp
US 192.185.5.183:80 brontecountrywear.com tcp
BE 104.68.72.211:80 thumbs3.ebaystatic.com tcp
BE 104.68.72.211:80 thumbs3.ebaystatic.com tcp
US 192.185.5.183:80 brontecountrywear.com tcp
BE 104.68.72.211:80 thumbs3.ebaystatic.com tcp
BE 104.90.25.126:80 p.ebaystatic.com tcp
BE 104.90.25.126:80 p.ebaystatic.com tcp
BE 104.68.72.211:80 thumbs3.ebaystatic.com tcp
BE 104.90.25.126:80 p.ebaystatic.com tcp
BE 104.68.72.211:80 thumbs3.ebaystatic.com tcp
BE 104.90.25.126:80 p.ebaystatic.com tcp
BE 104.90.25.126:80 p.ebaystatic.com tcp
PL 93.184.223.214:80 thumbs1.ebaystatic.com tcp
PL 93.184.223.214:80 thumbs1.ebaystatic.com tcp
PL 93.184.223.214:80 thumbs1.ebaystatic.com tcp
PL 93.184.223.214:80 thumbs1.ebaystatic.com tcp
PL 93.184.223.214:80 thumbs1.ebaystatic.com tcp
BE 104.68.72.211:80 thumbs3.ebaystatic.com tcp
BE 104.68.72.211:80 thumbs3.ebaystatic.com tcp
BE 104.68.72.211:80 thumbs3.ebaystatic.com tcp
BE 104.68.72.211:80 thumbs3.ebaystatic.com tcp
US 151.101.2.206:80 thumbs4.ebaystatic.com tcp
US 151.101.2.206:80 thumbs4.ebaystatic.com tcp
US 151.101.2.206:80 thumbs4.ebaystatic.com tcp
US 151.101.2.206:80 thumbs4.ebaystatic.com tcp
US 151.101.2.206:80 thumbs4.ebaystatic.com tcp
US 151.101.2.206:80 thumbs4.ebaystatic.com tcp
US 151.101.2.206:80 thumbs4.ebaystatic.com tcp
US 151.101.2.206:80 thumbs4.ebaystatic.com tcp
US 151.101.2.206:80 thumbs4.ebaystatic.com tcp
US 151.101.2.206:80 thumbs4.ebaystatic.com tcp
US 151.101.2.206:80 thumbs4.ebaystatic.com tcp
BE 104.90.25.126:443 p.ebaystatic.com tcp
BE 104.90.25.126:443 p.ebaystatic.com tcp
BE 104.90.25.126:443 p.ebaystatic.com tcp
BE 104.90.25.29:443 include.ebaystatic.com tcp
BE 104.90.25.126:443 p.ebaystatic.com tcp
BE 104.90.25.126:443 p.ebaystatic.com tcp
BE 104.90.25.126:443 p.ebaystatic.com tcp
PL 93.184.223.214:443 thumbs1.ebaystatic.com tcp
BE 104.90.25.126:443 p.ebaystatic.com tcp
BE 104.90.25.126:443 p.ebaystatic.com tcp
BE 104.90.25.126:443 p.ebaystatic.com tcp
PL 93.184.223.214:443 thumbs1.ebaystatic.com tcp
PL 93.184.223.214:443 thumbs1.ebaystatic.com tcp
PL 93.184.223.214:443 thumbs1.ebaystatic.com tcp
PL 93.184.223.214:443 thumbs1.ebaystatic.com tcp
BE 104.90.25.126:443 p.ebaystatic.com tcp
BE 104.90.25.126:443 p.ebaystatic.com tcp
BE 104.90.25.126:443 p.ebaystatic.com tcp
BE 104.90.25.126:443 p.ebaystatic.com tcp
BE 104.90.25.126:443 p.ebaystatic.com tcp
BE 104.90.25.126:443 p.ebaystatic.com tcp
BE 104.90.25.126:443 p.ebaystatic.com tcp
US 66.211.163.23:443 rover.ebay.com tcp
BE 104.90.25.126:443 p.ebaystatic.com tcp
BE 104.90.25.126:443 p.ebaystatic.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
BE 104.90.25.126:443 p.ebaystatic.com tcp
BE 104.90.25.126:443 p.ebaystatic.com tcp
BE 104.90.25.126:443 p.ebaystatic.com tcp
BE 104.90.25.126:443 p.ebaystatic.com tcp
BE 104.90.25.126:80 p.ebaystatic.com tcp
BE 104.90.25.126:80 p.ebaystatic.com tcp
US 8.8.8.8:53 rover.ebay.co.uk udp
BE 104.90.25.126:80 p.ebaystatic.com tcp
BE 104.90.25.29:80 rover.ebay.co.uk tcp
BE 104.90.25.29:80 rover.ebay.co.uk tcp
BE 104.90.25.29:443 rover.ebay.co.uk tcp
BE 104.90.25.29:443 rover.ebay.co.uk tcp
US 8.8.8.8:53 gha.ebay.co.uk udp
NL 23.62.61.72:80 www.bing.com tcp
NL 23.62.61.72:80 www.bing.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0968A1E3A40D2582E7FD463BAEB59CD

MD5 63911d9c3747bc04cd39689ef2ba13a9
SHA1 25a46048bb7bedb08cc2c2bdabf4d61a71effc4d
SHA256 cf28394c8e1a2e0bc799b2a261b9b57abff9ebe84ceec07c8cfdec36020f29c8
SHA512 e0d11e98ee61c9297701a8f37010e3562cd31e857d040bbc25d4f8ebe17fcc6cb7f16372ddd3296ccb677860cd5fe51ca857b154c4bf44c8ef85a641c17c6f2d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0968A1E3A40D2582E7FD463BAEB59CD

MD5 285ec909c4ab0d2d57f5086b225799aa
SHA1 d89e3bd43d5d909b47a18977aa9d5ce36cee184c
SHA256 68b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b
SHA512 4cf305b95f94c7a9504c53c7f2dc8068e647a326d95976b7f4d80433b2284506fc5e3bb9a80a4e9a9889540bbf92908dd39ee4eb25f2566fe9ab37b4dc9a7c09

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0968A1E3A40D2582E7FD463BAEB59CD

MD5 68ddf6a1110011af12c9fe85f8465fe8
SHA1 28657e4023669843099cb618e1a1cb045ac25968
SHA256 3d9f1b116917f6347124e07aeaf498e56f0933128139e906e6d297751b0d83ac
SHA512 33bb226291d9e3bd9844dd6e5c9bea1f49e3083dac28be7fe0bbdf0226a1bac8711576fa335973832d6baeb13e0cffb1980fd99ea9f95a93e0bba58e271ac734

C:\Users\Admin\AppData\Local\Temp\Tar9F3.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\Local\Temp\Cab9F4.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fb8a68e87deea3ed13c6456f1da86895
SHA1 846df68fed33d291eaf8555af8890da4339d1245
SHA256 95189834e7bd0fe30e1bad40de7e41b6cf119cecad5a22fbc41764b17e897238
SHA512 dd04c1254b487d8e70fd73ec71bd277b6c10bc3a53f0d9f51649e9cef1f38889255ceda86deff5259d75ab9b60e11848cc0e30de12aad1c83e4587f8eb46f2b8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 8315e4fdaea27c67c1428ed7c575b167
SHA1 824a6887cbb833f878cfb39d85b3cc0e503ca7e4
SHA256 13fb49ee0f27ed6afa83bb04123fec827f8804ad850016e25941b26bf8ec0ea7
SHA512 2a48c40c62a004b3e320194ad2cd8468237adea7d83914cdb6ed3294469efa1e81784911bac7e59f69086793b4d03b61c7cacbe1ddd67aa3747c30aca82ff746

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 f1bb1c6f0c92a3c8fbc8242fd5135234
SHA1 0768fc973f77410a9358621836b3cc7cef4e76e5
SHA256 c548b7c79d40b70f44a8dc93f6ded6db8bed418aa7044b7b40a14711e98a02c1
SHA512 b3b227de181b7f877f209da203b81eb29ff40d7833faec425f66baa301b1f9f2f2e945794a5fa05ce34613f9a3efbc15d058ba9c2b0e9d3071b4e249146d88c5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e32572e2c6ca000b193394864150684e
SHA1 94ad77a6a7e1ed31f52720c4033994b65acde106
SHA256 3cfd37420cf606d18bc157c0b95417b8b1d1622abfd82b3bc2589b3afde1fc9d
SHA512 9e07edba697e40e429d67daf079445c557c5667472edb962c78b79edc6e03b9a2f2be5b925027401de40638677bb73d5d0f135b48d30e45fc6e8b7e9b39b48ce

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6a4a45494fdc2be21d147b1feb837e2e
SHA1 4bc222b8ef77ed57be4b5ea3449dcd8afd9e94e3
SHA256 eda189563fa242dc548f603a8ec07e0a399bd0a95a06ca6e776604855d98a075
SHA512 9c344e2dca89334ec992782f8ca787575b347a04fc18f32628a0716382b2039f9134024698c4ac1fc787711ade3a18678f9ffa14dab2a949791e3f5c487e078b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E

MD5 41e9b76087f0002149f864a5b5976878
SHA1 e15bacda19108188323d6c48a766b5a51b3b87bd
SHA256 a07307f446c38137a6c01910f1ef276d5fe778cd7cfed20afafa327a00e45a35
SHA512 642c75a94ddc1cc8e7d73ca9cb5fb93015b9498d23500fcdad5a35a69e6fa28e7e5344251888898f22b117d4f5dce45593bf018de152f4611c3314ced9669f66

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E

MD5 d8ccf258f1e7a12df56d59b3ed62ae03
SHA1 efc3df6aa5560209c00bf43a001271343dc31162
SHA256 046f98c5955af4fa041daa6cd505c896b878f578fa24c2273a50a6bda8c8ce4f
SHA512 826468d4982d34628c06bb13efe48019b0d6f5aa540a9ee63fd0f9c31c98f135b192d724afaefcfedbd66eb0c0639326456df52f1ad170668b3f268f34cb6de3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E

MD5 c0941b8f29123cf9a4fe1a96aa842e4d
SHA1 1dc9871857c4b42dd92c72f63923fef4dfd622ca
SHA256 3edc248c4ca2af1c73864cf18b3fbc6cae1214328f491598f33a948c0ccd7c0a
SHA512 874f191a7cdda8c79d87114afaa5bc59aa39e1af166b8c6729a2ca2cc2f8e4dbfd2f3ade88e99b17f33d9089d22f7ab1c3775299065072d714d8839b0ba943b5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E

MD5 db992ba8892695db91a4168e0987df3b
SHA1 69396ff9350e431367d8aee006537cc2e5a63e74
SHA256 bd42afb3d2441de27bd45c0426147ac78c3ec6664ca7ae6b99e7d74c21ce760a
SHA512 975776fd7000b0f8ad0582acc3c5512a8845a44966426600f4101c50e23a1b3b5e27ff3928623c50a023262e29e99f42bb8f9ba37c617f5a6a1bbfade62ffe2e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0968A1E3A40D2582E7FD463BAEB59CD

MD5 46f500675af9fb331ab3c8ac95da5cb0
SHA1 c5f037e405263aafdb9b7b3e067b4b4907b9744a
SHA256 0ec6f3779d2dcb3c2f1c3ab9ae5b3ec4c1a3091232ea817d925911b025f35c22
SHA512 8622e58ee90bbb310b867d38d24acaafd728398a60c14d6727b6d2841ccd4a10a77a023cd701e6cbe344afaf6b24dd7eabeda51179a0a41039851443f582369d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_BACC6CD2B29F18349081C9FD2343833B

MD5 e179b3bb13b2fa492860072feefe002d
SHA1 f08d0846f89079cf5c7496c25c9121a9ec73ec68
SHA256 9db668f073799480d1e9b934785cbd0f216c52fc3de394f5213bb51252ecdb3d
SHA512 2dc63bb312172115c670da6de7f34d133e6a8298d8130d5162f35ea8ee80ebf2760911839e493861a3f01a870c1c9cc40aba3b7f47189e1a58bb3cae28b5ce3f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_BACC6CD2B29F18349081C9FD2343833B

MD5 e7d99d9a9a53470407e8392722954733
SHA1 e08c8c1929a03e8be2d96b2f5fa943aadb4b2574
SHA256 bc5fba2e5453b03e39ba4a2e28aa024eb66640126848123e3df98d8160cb2447
SHA512 d27db0d199e214337ea75b68ad93394ea57780afbeacb55e1f15f761d7ebb9ee94e63ddbe40076155e15135dfdcd6aa1330b67d0183225197c6c712400a5dabb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_BACC6CD2B29F18349081C9FD2343833B

MD5 be4d1cfc234504ebac8dfe39ab479d20
SHA1 49eef8bb080971cae626f1b0eccca6508ddb10bf
SHA256 0cdab82964d9d7c9381d48c3cf7fa3d2d69d9db6b734bd38b8ddc856e379f70c
SHA512 dcdc00a361667539c456f183b4afbaeceb26b5b1f00ed3063344c4f569d4c6ad340e32196ef27ecaafe5ffd17603f61442b8ba4488c9edcc9d5cf0929d6d7fcf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_BACC6CD2B29F18349081C9FD2343833B

MD5 4e79263c2410958764ac0bc625455269
SHA1 f05f55afb9ffc9a938d82a79c3c93802fd42916c
SHA256 dd6bf0e3548699e94f6ec27f598374762667fe399c0d9081049956a947311ba6
SHA512 ab825525bf9916fb0a71f50eb13442fd2bd8c7429e6055277506701330b309fe6835274a4adeb77c94a95d9ff4f0ee25e44bb111fa257621918ee94262618207

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XFF9V435\0[1].gif

MD5 b4682377ddfbe4e7dabfddb2e543e842
SHA1 328e472721a93345801ed5533240eac2d1f8498c
SHA256 6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
SHA512 202612457d9042fe853daab3ddcc1f0f960c5ffdbe8462fa435713e4d1d85ff0c3f197daf8dba15bda9f5266d7e1f9ecaeee045cbc156a4892d2f931fe6fa1bb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 30c5d691872192f39fc5039a238ccbca
SHA1 383bcaa8c016bccf7c8e727f75ebe0d7a1cb807a
SHA256 3f8323639efbbdf5e9f17523e43397cfdc9d916e78dd4d9b1a28b1a578f6a3f7
SHA512 0e8e120871aaa49089e4edebcefb16d39004b6506d14deacd5ff5e56ed56797266efc1c945db969f7bc61aaf4192192196391b684d8f9104431db39593003136

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 b9f2c6b3b69d8dc006c3e80280faed6d
SHA1 315f67533788f40f5042ad15a6e14d9e51d8e314
SHA256 15ffdac608f4be0456bd25a3457297a5a6cc1a57049b188f4284daf76f22c082
SHA512 a8251562fcc61f7a9026be275b0dd0e5a04ed730bebab6a46c174dcc2f71c1fb737c3eddc0d74a6071283e9f71a1e0eb142a0c5a7c29ca127cf8a45cee6fb180

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1a339ee48da9f34a7ecb0cd44200470d
SHA1 cff779238c205cacd750ef54b8fdb23159e43131
SHA256 2179d6a82b2e34b50032b3ad74330041b8e5bd559ae860d2ebd77bde365758ae
SHA512 6ac517467872bbe0d55772ddf569301e83d6e28090656e15e2c2825efaaf7c53f77867c87153f99ed59307268e5e4001b7debb1b0fc06e72ac4fceca184dd0e4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3efb07647d8cf9c333f60cf1754baceb
SHA1 7d9f492bd00b1b0d19b04dfd64fa0bea524c86e1
SHA256 0d2b052c9fc19f5fa2752b307b76e5cb98dfa7f53aaf9a3d6b01959af13497a9
SHA512 f36759b31bf503dce1f4b75f20d920972dfe54d0792b48a361fde1b99896081660a31e74abf84a5c3982dc8bf1e97982a96496ed98f7d99c94ba3a549719f8c3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fec2a73d6dc8398b2b8953cda6c531b1
SHA1 6675d40b1d31b97024cce0f78a1f4093b96cd85b
SHA256 4ffbe8c79427c8f7af4631786adaa4bcfdf81dcb4ff966d32ca4a62fb7dccf21
SHA512 9df018acf68cfeb9f3e3daa0b03cd19b2defabe7cedf620d1d9a83ab9f4e3a9082eb3f81b9e66ad788755c0b04501ebdf19e8ee22a68fd07078e0c712cc73122

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 620bc8aada9c5036650f682dfd1407b2
SHA1 6f2c41b17a9ad111ed96def2777735500ad7df8a
SHA256 cf990382d9dddf8f03bf777a39a9e9ae84474902bdc355b5383d3f2dd2af96fc
SHA512 d2000196df7753cede348dff468513d247c0ca12e28bc19298dbd1b3fff4f8f3e454524e5d27b9abbc0e3ff7fcc4eefa62974b7c4fc36922688b16f939b6bdd6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 18b99f255d93408faa00ae35866c7830
SHA1 942ed926675ca19bb339ed0c4ad08725cca7ab80
SHA256 7aaa70ddc60ef65a9607a11abf4eaf2b80941f7a5109f0ebd89d2049c0c9dd6e
SHA512 2948da4b618e24fcd608697bb2e2b6b18524ca6997d4822531d947c1ebb6c8e53ffaae35a6c1a808c92f41dbfe93c0210a4a796dc3be026a0b544fc75678dd8f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 71ee0a7620cbd7e74588b4c041a3caf6
SHA1 dcd3986f31526590b99d344d73a8101a6439b2a5
SHA256 f05edbc7d5eec25d4abfd0f4c69d052e71534d7c72292c47dbf7fa019598942d
SHA512 edd0135b4e36258e60fa16181be3e872cc74431839cf96d8f9fd1abad63f8cfc682b9ffa86f294084ca4421ac22cf3dc92048aec76907cad7759e7f64e1b3fc9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b779919eaa7660669e236d1cd2d30425
SHA1 87ac154b0a6125c9887d194ce92e873d35c8c2db
SHA256 7d63c285ef2c1fff23c60c9662da262e3c2bd00be4f2dbcd2cfa55370fc8a5d3
SHA512 d7ef554007e267a1d37dcf4f8fac716f24dc9b253db029074c9adb7e9fb70b687ca980b7cf35e3d47b7e62a882d6979442c6b2604a3da1c67b9cf078e6c1f553

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 998963d99d0d62e11a23ac8d93c8d542
SHA1 070d6031812d28a080e1972ca56cddcf36ef631c
SHA256 b6fd5b7d2456e6d88d636b9e5275d08613034ad9c2a0a1d45a8fcfcad1ad94fd
SHA512 414e08fb74798fdf1ad0f8759d50e153e5ad5a1fde85ab6c0d3e47553af6a12176e6fecd5df2cc9efc650ab8c3c3697c8660b19ff83ee1c14451293e3f8dc209

C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

MD5 da597791be3b6e732f0bc8b20e38ee62
SHA1 1125c45d285c360542027d7554a5c442288974de
SHA256 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
SHA512 d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 487ebd053ad6fc206fbd62bda61c72bc
SHA1 b3c61b0904a36fa9cf1207df0698908b28855022
SHA256 3e01a04a9925f4d6bac390546d3b60aa05ce70da6146a4a649e566d91fee520d
SHA512 361aaa6ef0ce1d773a5f59d00714d61c1fd296adee559d445f422d46cabcf595f4d9f84b004a7ba058dc9eae77e2ebf9cdbbba9f888b67cc6b9081c7194a196c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 234742e74a84e68268942a6698b74b31
SHA1 c2bf9d0de568415931f20e807f183c2bc2d307eb
SHA256 2a77c181081156269891c2e0afef98db529f9b25bd59999fa99b9c60ea2a9145
SHA512 ef5109186277da57737baa596001817e780eeaa3fa76d2dfd357b92bec4c3739ac076fb0f6c19514bfeffd79e6ed72f6c9cf626dd12142f23e3befcb5f51000d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 032b90735e7c34ffa1d2526a3cc16eab
SHA1 65807b3c92331335f90b32fed062c956ef12c567
SHA256 c261b2f9f8a0c74cacf2315d968684882b27cf35b35a5af1d538b09779f2dc72
SHA512 7aad1f0feafe2abcb947c35b0a369f9464b859efd937b025e050a80e8e3500e9971fbe98a828a79c3c03148c511605c4b8e57aa097c574afcc04e511a228a29a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 63af0515c3c9857be40e527e6bc4f4db
SHA1 99ce8690039f7ceb389745c020c8cb449ae373bc
SHA256 6c0c2c91face92d2d9d5d60bb53062367b1eef6c0ce10251aa3b9d3d81a2013c
SHA512 04f792c08198202629056b342e583096ca837f34efa11e4d614c4d2f0493680173d2baf4a555ced727deb5572de582d2c94f2947637404bd70125067d66bcff4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 39350d2701fa7c855a3e1d95b5aa7d45
SHA1 3408fef91156e1b7f31405c3f12078abef0e0a05
SHA256 d06bc4eddd55986ab0a18041972e9de9d686d21303d4e83dc0af9f63a28356b4
SHA512 7d69079eddab94f2e5f31af6526fee6ef5a9844880fcc0fecb51895d0605c141b0b9e4d63b9d3d974fd5461f15317b42145a8de1f502c3fba6d27e55a48e588a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bfe670f7d0f787aab47ccc21644c1804
SHA1 cdb4ae4cc3d19f0cd43fb392cfdb66bd28d9cb09
SHA256 c0970e6e86947a717aaad4f34f08bc5368429edca4f192647788bce85b46d2ab
SHA512 dceb67462e14445c6b3ee3a26ac28747ff269df1e2e2c0e026a6c808fd8ade4dc9dedd36710e5913aadb70f83652d547184041f4220f23876d501b12047092b1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b8ea9adb5bfed378603d5be06d875f49
SHA1 b5fa2710269882ef8af23b6ecbe0d12923678919
SHA256 a40668a608a9f4036fefa894c039d6474cd75e22f767e19ff78601fe4aa91270
SHA512 8e40f3f032be3e97634fbaf7eab224cbd6b5b8d3a3d5020c95e0ce673ad41decb9887b5d218c7dc188457bcebb31f8caa54e57a11af8ec4deff1e29195c6e29b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1c717dc6a6c3cd1998d45c2de563423b
SHA1 a5c4432f1ea52b3563a7161cbabb04afd9208bca
SHA256 828872a7f44a8a3b99788d63ecc342285ff1dddb40ac6c1878ff0cd3b4e83595
SHA512 80d092b5b330255bf11bdcc5075cab46e0fc6f8e4e8e0cd3cc8f14f1142d9f118f9412c25c847a7f732c9d2de49b724f94646fec7422c05bca240abef2974730

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d73c9b70823c9072af06d795b6122ef5
SHA1 1a44a7d8fcd8b3fce6b60542c2658cf7b83c7c5e
SHA256 ff64872a1b659136f9c66836dc2bb1e2926c90461c73276bfd8940b805d493ab
SHA512 8597ac1a612d17d87fa5cd4c25ca77a82220e218015cc8b5d68e265ec8c9b00cc299f80897e3f786ab35a12c3b6135c0df89f2a382f0d9ce91b5375a144753f3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b34c90e1fc432de50b763cfd97935808
SHA1 d1619bdf173765eef796721730c2812671ccd8cb
SHA256 30da2b8cac35b4e2dbcead1bfd83c7c9b65111498eeb4551d660c577b3908c45
SHA512 ee700feff6dc90eadbeae9a8b1ce83c3d18fbfbc0cfb91f483bdee62ebe8a64755fc621ac6e2501e3dfdbc9a23c0a187783426c17c7d8042ef799e7f9b722af8

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-01 20:07

Reported

2024-06-01 20:10

Platform

win10v2004-20240508-en

Max time kernel

149s

Max time network

149s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8ba00c2e1b32f56b20384c52cc942106_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5072 wrote to memory of 1780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 1780 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 3652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 3652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 3652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 3652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 3652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 3652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 3652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 3652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 3652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 3652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 3652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 3652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 3652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 3652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 3652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 3652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 3652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 3652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 3652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 3652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 3652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 3652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 3652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 3652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 3652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 3652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 3652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 3652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 3652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 3652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 3652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 3652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 3652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 3652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 3652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 3652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 3652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 3652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 3652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 3652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 5012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 5012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 2904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 2904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 2904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 2904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 2904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 2904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 2904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 2904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 2904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 2904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 2904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 2904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 2904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 2904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 2904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 2904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 2904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 2904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 2904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5072 wrote to memory of 2904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8ba00c2e1b32f56b20384c52cc942106_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffea6e846f8,0x7ffea6e84708,0x7ffea6e84718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,17374628722326451249,14477526389592453421,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,17374628722326451249,14477526389592453421,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,17374628722326451249,14477526389592453421,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17374628722326451249,14477526389592453421,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17374628722326451249,14477526389592453421,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17374628722326451249,14477526389592453421,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17374628722326451249,14477526389592453421,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,17374628722326451249,14477526389592453421,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,17374628722326451249,14477526389592453421,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17374628722326451249,14477526389592453421,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4540 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17374628722326451249,14477526389592453421,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,17374628722326451249,14477526389592453421,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5056 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 gbelectronics4u.co.uk udp
US 8.8.8.8:53 ir.ebaystatic.com udp
US 8.8.8.8:53 include.ebaystatic.com udp
US 8.8.8.8:53 pics.ebaystatic.com udp
US 8.8.8.8:53 q.ebaystatic.com udp
US 8.8.8.8:53 rover.ebay.com udp
US 8.8.8.8:53 brontecountrywear.com udp
BE 104.90.25.126:80 q.ebaystatic.com tcp
BE 104.90.25.126:80 q.ebaystatic.com tcp
BE 104.90.25.126:80 q.ebaystatic.com tcp
BE 104.90.25.126:80 q.ebaystatic.com tcp
BE 104.90.25.126:80 q.ebaystatic.com tcp
BE 104.90.25.126:80 q.ebaystatic.com tcp
BE 104.90.25.126:80 q.ebaystatic.com tcp
BE 104.90.25.126:80 q.ebaystatic.com tcp
BE 104.90.25.126:80 q.ebaystatic.com tcp
BE 104.90.25.126:80 q.ebaystatic.com tcp
US 8.8.8.8:53 thumbs2.ebaystatic.com udp
BE 104.90.25.29:80 include.ebaystatic.com tcp
US 66.211.163.23:80 rover.ebay.com tcp
US 192.185.5.183:80 brontecountrywear.com tcp
US 192.185.5.183:80 brontecountrywear.com tcp
US 192.185.5.183:80 brontecountrywear.com tcp
PL 93.184.223.214:80 thumbs2.ebaystatic.com tcp
BE 104.90.25.126:443 q.ebaystatic.com tcp
BE 104.90.25.126:443 q.ebaystatic.com tcp
BE 104.90.25.126:443 q.ebaystatic.com tcp
BE 104.90.25.126:443 q.ebaystatic.com tcp
BE 104.90.25.126:443 q.ebaystatic.com tcp
BE 104.90.25.126:443 q.ebaystatic.com tcp
BE 104.90.25.126:443 q.ebaystatic.com tcp
BE 104.90.25.126:443 q.ebaystatic.com tcp
BE 104.90.25.126:443 q.ebaystatic.com tcp
BE 104.90.25.29:443 include.ebaystatic.com tcp
BE 104.90.25.126:443 q.ebaystatic.com tcp
PL 93.184.223.214:443 thumbs2.ebaystatic.com tcp
PL 93.184.223.214:443 thumbs2.ebaystatic.com tcp
US 66.211.163.23:443 rover.ebay.com tcp
BE 104.90.25.126:443 q.ebaystatic.com tcp
US 8.8.8.8:53 thumbs3.ebaystatic.com udp
US 151.101.2.206:80 thumbs3.ebaystatic.com tcp
US 8.8.8.8:53 thumbs4.ebaystatic.com udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 126.25.90.104.in-addr.arpa udp
US 8.8.8.8:53 29.25.90.104.in-addr.arpa udp
US 8.8.8.8:53 11.24.18.2.in-addr.arpa udp
US 8.8.8.8:53 214.223.184.93.in-addr.arpa udp
US 8.8.8.8:53 183.5.185.192.in-addr.arpa udp
US 8.8.8.8:53 23.163.211.66.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 23.149.64.172.in-addr.arpa udp
US 8.8.8.8:53 206.2.101.151.in-addr.arpa udp
BE 104.68.72.211:80 thumbs4.ebaystatic.com tcp
US 151.101.2.206:80 thumbs3.ebaystatic.com tcp
PL 93.184.223.214:443 thumbs2.ebaystatic.com tcp
US 151.101.2.206:80 thumbs3.ebaystatic.com tcp
US 8.8.8.8:53 thumbs1.ebaystatic.com udp
BE 104.68.72.211:80 thumbs1.ebaystatic.com tcp
US 151.101.2.206:80 thumbs3.ebaystatic.com tcp
BE 104.68.72.211:80 thumbs1.ebaystatic.com tcp
BE 104.68.72.211:80 thumbs1.ebaystatic.com tcp
BE 104.68.72.211:80 thumbs1.ebaystatic.com tcp
PL 93.184.223.214:80 thumbs2.ebaystatic.com tcp
BE 104.68.72.211:80 thumbs1.ebaystatic.com tcp
BE 104.68.72.211:80 thumbs1.ebaystatic.com tcp
BE 104.68.72.211:80 thumbs1.ebaystatic.com tcp
BE 104.68.72.211:80 thumbs1.ebaystatic.com tcp
BE 104.68.72.211:80 thumbs1.ebaystatic.com tcp
BE 104.68.72.211:80 thumbs1.ebaystatic.com tcp
BE 104.68.72.211:80 thumbs1.ebaystatic.com tcp
BE 104.68.72.211:80 thumbs1.ebaystatic.com tcp
BE 104.68.72.211:80 thumbs1.ebaystatic.com tcp
BE 104.68.72.211:80 thumbs1.ebaystatic.com tcp
BE 104.68.72.211:80 thumbs1.ebaystatic.com tcp
US 8.8.8.8:53 p.ebaystatic.com udp
BE 104.90.25.126:80 p.ebaystatic.com tcp
BE 104.90.25.126:80 p.ebaystatic.com tcp
US 192.185.5.183:80 brontecountrywear.com tcp
US 8.8.8.8:53 211.72.68.104.in-addr.arpa udp
US 192.185.5.183:80 brontecountrywear.com tcp
BE 104.90.25.29:443 include.ebaystatic.com tcp
US 192.185.5.183:80 brontecountrywear.com tcp
BE 104.90.25.29:443 include.ebaystatic.com tcp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 rover.ebay.co.uk udp
BE 104.90.25.29:80 rover.ebay.co.uk tcp
BE 104.90.25.29:80 rover.ebay.co.uk tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
BE 104.90.25.29:443 rover.ebay.co.uk tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 gha.ebay.co.uk udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 17.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 16.24.18.2.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 439b5e04ca18c7fb02cf406e6eb24167
SHA1 e0c5bb6216903934726e3570b7d63295b9d28987
SHA256 247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654
SHA512 d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a8e767fd33edd97d306efb6905f93252
SHA1 a6f80ace2b57599f64b0ae3c7381f34e9456f9d3
SHA256 c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb
SHA512 07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 97b233ed6503ddd9d200746e81ddd273
SHA1 ea2731e887d2de8740dccb1bf3af3a0c28475ace
SHA256 252a5b09a25e7eb2e520470203c073d4ae4e65c0207fbbf139851b6f934ccd9f
SHA512 b8a0f428eff16184eec77fef71fd1f3f322e2cb37ad85278f28d7fa7596bef2dbd84d8f1804b33fdc98a2faf01f1e28d689d4918647081e57235779a7d16e99e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8A4AA6A226E1870F0261713C59F1CB84

MD5 42f8529fe545103fdd848980a8647f29
SHA1 ca7788c32da1e4b7863a4fb57d00b55ddacbc7f9
SHA256 a6cf64dbb4c8d5fd19ce48896068db03b533a8d1336c6256a87d00cbb3def3ea
SHA512 1a3994c12d65e9c96b4c4ebcf79e8b291b620177520a7d0482a2b6043dd150a9f2ce1627d130309390e3ac6be98af5f2b50c1993c478976d0c9a9638c46a61bd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8A4AA6A226E1870F0261713C59F1CB84

MD5 5ddba47b2854c2710b86a476f4734a51
SHA1 a40731d3351acc42bf96c9745ce568a7db1bf3a8
SHA256 add21e8a2b19c7799708557aa7be3402d24861c89bfe0db95aa8f647224a9adf
SHA512 04e8b1e678613e0d4ba9a3b9d09f73c8455de5223e3a956e89531b44ff82f5dd0c57bb4448bce5cedcc9581728bb745d3fdc89152672febe97b005e72ebd46f7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0968A1E3A40D2582E7FD463BAEB59CD

MD5 285ec909c4ab0d2d57f5086b225799aa
SHA1 d89e3bd43d5d909b47a18977aa9d5ce36cee184c
SHA256 68b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b
SHA512 4cf305b95f94c7a9504c53c7f2dc8068e647a326d95976b7f4d80433b2284506fc5e3bb9a80a4e9a9889540bbf92908dd39ee4eb25f2566fe9ab37b4dc9a7c09

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 2324b954747c9c296b8505e69c63290d
SHA1 bbf18c81b82d011cab5a57628535853a3beaf75e
SHA256 07b4a5b4944869f130780df9c193c2f196c3aefba35ee54875f94c91396d68f3
SHA512 c5411c184d6b205b5e28bd89e28d1ab713105118e5c6890f568aeec2d66f29729d46017d710f3519e2437bb5c2091ea92c34425f09f6297aa746943158a27b56

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0f8c128e5d8946cea232c7048409b477
SHA1 efdc452352a902544febe95f27d0496ff5584ed8
SHA256 4c8a529c6c4a0ada9ae17a19a24091dd7c065826790ac1d5eb2fd4cdbca4cfe7
SHA512 54ad79f4f10a1b211147791c705be2691132a732cc68313a3b7583af9cc76d75b79a9d4edeb323ec977820bc1671ece31d7d15e099eb1b6d3ccca43513dbefaa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5472fddc15dc21ec26303a99e36f3393
SHA1 8f375606af446f12abeceb840353e8ff9af0e7bd
SHA256 71bf5e584956e5b59acb9fcab18a5aca1cbfa9fed6b6cafa829ea5afa6810d84
SHA512 fe7df0369a9811198ab626c38a6b7fdd43869b8c1401bc02a09077346aaefea7558091d7e60c6adf3dafc638a8d5a4bbd32ce647ffe93e5173cf97bccc07d7a5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57be3f.TMP

MD5 e9a141eff2921935bf4677dca91c20d2
SHA1 43c4c6c966a77879d3698cbfc0111198169dff78
SHA256 faff5aa8f808b3127a53fb5e3761c5caca2decbcd877e010b9d820b399d202ea
SHA512 cbe77992856cea07a11be846e688b8f7437a6ee91a97489c356c032ca7f0f7b5740ad15bfe63eeb75fa6d2938bc8c14729eae7b10b8720eaca835fa01d0796e5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 afe45db9a7e81ee9fc6fdd55b004d1f0
SHA1 17a76fb57fb230eb8e51bb2d9847b6772eddc0f1
SHA256 fdbd8fd1fa40828a8f372c6fcaac7136ad6b67d1bf3c03f1c596b00db2611e2a
SHA512 d7501f5d2d9474774a31b73b93260c9dacf1ebad279d7860653fc75c54ebe8a815696ef3b4bf5ac17e1e07040411a4e4c738388f0e81d9d425598e8ad50cded9