Malware Analysis Report

2024-10-19 09:37

Sample ID 240613-1dw7bs1blc
Target a6aa0218315d1bc4ab1b9fb80af51e6c_JaffaCakes118
SHA256 5e3e12bc82b313f225730e4cbf31dbff19232f841eb64d7099a5143dca9bcc2a
Tags
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

SHA256

5e3e12bc82b313f225730e4cbf31dbff19232f841eb64d7099a5143dca9bcc2a

Threat Level: Shows suspicious behavior

The file a6aa0218315d1bc4ab1b9fb80af51e6c_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary


Enumerates connected drives

Suspicious use of FindShellTrayWindow

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 21:32

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 21:32

Reported

2024-06-13 21:35

Platform

win7-20240221-en

Max time kernel

119s

Max time network

120s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a6aa0218315d1bc4ab1b9fb80af51e6c_JaffaCakes118.html

Signatures

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\H: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened (read-only) \??\J: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened (read-only) \??\L: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened (read-only) \??\V: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened (read-only) \??\B: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened (read-only) \??\E: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened (read-only) \??\M: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened (read-only) \??\N: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened (read-only) \??\O: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened (read-only) \??\P: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened (read-only) \??\R: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened (read-only) \??\S: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened (read-only) \??\A: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened (read-only) \??\I: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened (read-only) \??\T: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened (read-only) \??\Z: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened (read-only) \??\U: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened (read-only) \??\W: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened (read-only) \??\G: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened (read-only) \??\K: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened (read-only) \??\Y: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened (read-only) \??\Q: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened (read-only) \??\X: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{74484801-29CC-11EF-92E0-EA483E0BCDAF} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424476225" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b7b5f588a9a5a241a128b74cd3086e5000000000020000000000106600000001000020000000bc32db7a6260582d501b6dd0c9bfc721ffba218958922856b0416abdb7ec0e75000000000e80000000020000200000002af2faac4fda2bbd2390c4fd26bae4b2a8c37d0fe53cf6103ed89a9a1e34480920000000d881cfdc1ac1cf2fe723343c99fa9708305c9ef08eb4a82f3430e150a3aab5ac40000000bf69a91d4316e37888815f5ad7c1ddb87836220fdc7ffc65b8ce520f5a62e1229eca5f0a7c6f544a8970ead584c8a90d70e094eb9540cd3d6d09bf75e5ab7780 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 7003757bd9bdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b7b5f588a9a5a241a128b74cd3086e5000000000020000000000106600000001000020000000097a502f3d44a928b7f84e405e419c1ec658f25bae7e7e4b8a513fc20016b5e1000000000e8000000002000020000000d150a4f2360d4c290f1a2aaffea8b52e21d4b4cbda33a50279a1c605c30b63a490000000fb8958969cdd38c0c69134bb49582598d515b316f5d0b637dda4fbeb12a3070d336c67e198330536cfff78b0a73dd132205a53df3f3cceec73dc46d12970dff39390f5a7047771230461a98fe51860f6dfccf0e233ecf607d24a617af8f17ceec701f74d998d01969bd9ff0a02f16eff7620958b8d4a25f2fde02d80ceb856a73b87c75e112d1f9e117ea33f530c6999400000009031def1de7da0e0289ebb6efb32298683be31d265a167d44240a7816639af72bbf7ae475a3f7dba7c15d0ebcae769888d9deeb37e2bdb8c59edc1f21b3816b6 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a6aa0218315d1bc4ab1b9fb80af51e6c_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1728 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.hotpotok.com udp
US 104.21.56.133:80 www.hotpotok.com tcp
US 104.21.56.133:80 www.hotpotok.com tcp
US 104.21.56.133:80 www.hotpotok.com tcp
US 104.21.56.133:80 www.hotpotok.com tcp
US 104.21.56.133:80 www.hotpotok.com tcp
US 104.21.56.133:80 www.hotpotok.com tcp
US 104.21.56.133:80 www.hotpotok.com tcp
US 104.21.56.133:80 www.hotpotok.com tcp
US 104.21.56.133:80 www.hotpotok.com tcp
US 104.21.56.133:80 www.hotpotok.com tcp
US 104.21.56.133:80 www.hotpotok.com tcp
US 104.21.56.133:80 www.hotpotok.com tcp
US 104.21.56.133:80 www.hotpotok.com tcp
US 104.21.56.133:80 www.hotpotok.com tcp
US 104.21.56.133:80 www.hotpotok.com tcp
US 104.21.56.133:80 www.hotpotok.com tcp
US 104.21.56.133:80 www.hotpotok.com tcp
US 104.21.56.133:80 www.hotpotok.com tcp
US 104.21.56.133:80 www.hotpotok.com tcp
US 104.21.56.133:80 www.hotpotok.com tcp
US 104.21.56.133:80 www.hotpotok.com tcp
US 104.21.56.133:80 www.hotpotok.com tcp
US 104.21.56.133:80 www.hotpotok.com tcp
US 104.21.56.133:80 www.hotpotok.com tcp
US 8.8.8.8:53 e-gate.gr udp
US 104.21.56.133:80 www.hotpotok.com tcp
US 104.21.56.133:80 www.hotpotok.com tcp
US 104.21.56.133:80 www.hotpotok.com tcp
US 104.21.56.133:80 www.hotpotok.com tcp
US 104.21.56.133:80 www.hotpotok.com tcp
US 104.21.56.133:80 www.hotpotok.com tcp
US 104.21.56.133:80 www.hotpotok.com tcp
US 104.21.56.133:80 www.hotpotok.com tcp
US 104.21.56.133:80 www.hotpotok.com tcp
US 104.21.56.133:80 www.hotpotok.com tcp
US 104.21.56.133:80 www.hotpotok.com tcp
US 104.21.56.133:80 www.hotpotok.com tcp
US 104.26.9.197:80 e-gate.gr tcp
US 104.26.9.197:80 e-gate.gr tcp
US 104.26.9.197:443 e-gate.gr tcp
US 8.8.8.8:53 apps.identrust.com udp
NL 23.63.101.153:80 apps.identrust.com tcp
US 8.8.8.8:53 qrcode.leipi.org udp
US 8.8.8.8:53 www.aaofusa.com udp
US 104.21.77.60:80 www.aaofusa.com tcp
US 104.21.77.60:443 www.aaofusa.com tcp
US 104.21.77.60:443 www.aaofusa.com tcp
US 104.21.77.60:443 www.aaofusa.com tcp
US 104.21.77.60:443 www.aaofusa.com tcp
US 104.21.77.60:443 www.aaofusa.com tcp
US 104.21.77.60:443 www.aaofusa.com tcp
US 104.21.77.60:443 www.aaofusa.com tcp
US 104.21.77.60:443 www.aaofusa.com tcp
US 104.21.77.60:443 www.aaofusa.com tcp
US 104.21.77.60:80 www.aaofusa.com tcp
US 104.21.77.60:80 www.aaofusa.com tcp
US 104.21.77.60:443 www.aaofusa.com tcp
US 104.21.77.60:443 www.aaofusa.com tcp
US 104.21.77.60:443 www.aaofusa.com tcp
US 104.21.77.60:443 www.aaofusa.com tcp
US 104.21.77.60:443 www.aaofusa.com tcp
US 104.21.77.60:443 www.aaofusa.com tcp
US 104.21.77.60:443 www.aaofusa.com tcp
US 104.21.77.60:443 www.aaofusa.com tcp
US 104.21.77.60:443 www.aaofusa.com tcp
US 104.21.77.60:443 www.aaofusa.com tcp
US 104.21.77.60:443 www.aaofusa.com tcp
US 104.21.77.60:443 www.aaofusa.com tcp
US 104.21.77.60:443 www.aaofusa.com tcp
US 104.21.77.60:443 www.aaofusa.com tcp
US 104.21.77.60:443 www.aaofusa.com tcp
US 104.21.77.60:443 www.aaofusa.com tcp
US 104.21.77.60:443 www.aaofusa.com tcp
US 104.21.77.60:443 www.aaofusa.com tcp
US 104.21.77.60:443 www.aaofusa.com tcp
US 104.21.77.60:443 www.aaofusa.com tcp
US 104.21.56.133:80 www.hotpotok.com tcp
US 104.21.56.133:80 www.hotpotok.com tcp
US 104.21.77.60:443 www.aaofusa.com tcp
US 104.21.56.133:80 www.hotpotok.com tcp
US 104.21.56.133:80 www.hotpotok.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 104.21.77.60:443 www.aaofusa.com tcp
US 104.21.56.133:80 www.hotpotok.com tcp
US 104.21.56.133:80 www.hotpotok.com tcp
US 104.21.77.60:443 www.aaofusa.com tcp
US 104.21.56.133:80 www.hotpotok.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 104.21.77.60:443 www.aaofusa.com tcp
US 104.21.77.60:443 www.aaofusa.com tcp
US 104.21.77.60:443 www.aaofusa.com tcp
US 104.21.77.60:443 www.aaofusa.com tcp
US 104.21.77.60:443 www.aaofusa.com tcp
US 104.21.77.60:443 www.aaofusa.com tcp
US 104.21.77.60:443 www.aaofusa.com tcp
US 104.21.77.60:443 www.aaofusa.com tcp
US 104.21.77.60:443 www.aaofusa.com tcp
US 104.21.77.60:443 www.aaofusa.com tcp
US 104.21.77.60:443 www.aaofusa.com tcp
US 104.21.77.60:443 www.aaofusa.com tcp
US 104.21.77.60:443 www.aaofusa.com tcp
US 104.21.77.60:443 www.aaofusa.com tcp
US 104.21.77.60:443 www.aaofusa.com tcp
US 104.21.77.60:443 www.aaofusa.com tcp
US 104.21.77.60:443 www.aaofusa.com tcp
US 104.21.77.60:443 www.aaofusa.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp

Files

C:\Users\Admin\AppData\Local\Temp\CabC0E0.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7795cebbf4dc8950b2d5ccd5c886aec7
SHA1 195cbc74ce2765d63835ece293f261620bd2d483
SHA256 6210df38ff05ce193541b6ba9625af2724d1f0056591adb59b3dc149e0958054
SHA512 20173211840d5c7ed5a06b7402a8fe4fe42d924b643eb665a906f3adadfd4b66c8217cd6212ffc12d12ee3e1b41bc0c5556d3020f624bac2b9da285c324be7ab

C:\Users\Admin\AppData\Local\Temp\TarC2B8.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\TarC3C9.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e216ab17e617a39b962f25b94db1f18a
SHA1 f3a3c5a983834f674dd73890e47d63e2cee6ffdd
SHA256 a6e9ddaedef9ea98658a9b944900c20c9a0d68715f286dfd45f177127ae9025b
SHA512 761071d25322eb3431755042124d3db4e0a2b5f9a7058ceb1a498ccadfd528126823c8e711547d3ea1496b503d6b69cbe5d749d75e4f6003a7d4390897b9ae5b

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5OCCPTL4\p-1[1].htm

MD5 ba76d5533aef4c87038f68bc19db8c1f
SHA1 dde6badaf6da3cf449d061f4ca8835b466a193d1
SHA256 18037842741c2e00844120981f361224037a48f2734a86f907550b6b6a89e4fd
SHA512 54a9b76d02d6025250152a71884d974240eff414102450b70f75b2cdbb80ce54b21a527526e4db65b5723a7083e53874815468136de61bb19eef85b605120368

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5OCCPTL4\p-1[1].htm

MD5 41c97e4eb6c6206aaba65e8dad69ba22
SHA1 8d6f87b8697387d2c9ac8d0911748c87c217108e
SHA256 72a91851b4d5d08432e65216ce940a2493583f0bf07be5c4be7dfea596a5a991
SHA512 b06aa347ae3cbfc6d5533bc0b5001469561a7dea5c3757ef45a27feab80b4e55e2e2a2da68d212ad17c90a5935ab0d252affefba61397f0940046a22bb2541c5

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EDQW9R5V\p-1[1].htm

MD5 fc9a40bd59e4044877b3340c911e8474
SHA1 c2bb54fdc15d864135b68874647fcbb44586c63b
SHA256 4e24e426ade521c845fb6ccf4a26c3968bb4ddc442bdb1bcec772b35d832e7ad
SHA512 88262f6e20212c6aa7233471f040ceb6386b37745309deb341e37c0b3af6df106a8e291881c525386e3817a98fd9e68b233d0513bc7710f1a441bb185cbd6160

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5OCCPTL4\p-1[1].htm

MD5 75f66979cbdde7082be3c7c460cbac82
SHA1 c28cb06135e370aa7c85eff1fe9bb5ce263d1a75
SHA256 dd9eb4637a1f3f85e7033cca05015492b5fd1b6bf1a2840059af572f0407417e
SHA512 d222e0c4855bd76cb27372e95d1a69457ae1f6d8b13e4627dcb0761fc6651298c5c03fe783fb7ce6e47e92818d1b4f9b9561ec733866a01572ce9a6377539ec7

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EDQW9R5V\p-1[1].htm

MD5 cf0c27d1f48f67f17bd30b7bf1b636a4
SHA1 56082847b289de964545b10c2221cb87158ed827
SHA256 6598dc4ec072d160b1534cfebbc384e7fce673dd3155b035d7aea9aa4839e4e0
SHA512 db4a7d25a1815ac2ca76be6c37a81d38755aadabb5b45d2a4c70f7ae3e5f0c40cda6f8cc444c3a460618cd72873fac881a2816c7f60f801476f9f8f0eb94e3a4

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EDQW9R5V\p-1[1].htm

MD5 71f4c461caa1b2cd7ed8c0e9f7c2a86a
SHA1 c5405cebb859607bde29eac98d0d563f8f5de768
SHA256 f973c6d77e95371b080a5912892199311abe20c50d9ddbe60ed258f9c61257db
SHA512 3a2368261ccd1db9cf261129442650c5a98f896bb10f935eaa490695c206801aec7a7861824c659dbc4a9b8656c6f4a5f436dfea53dc5f8c0bc4ebd72b5414f2

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EDQW9R5V\p-1[1].htm

MD5 65dea2e261f008cec3a90012d931be36
SHA1 2ffe5a26646f3dafa9c8ae626b4ad5d35213cdff
SHA256 95236d300cb629de148be2c4317b58091964597c68f0fdbb3ce8b636dc267265
SHA512 483fd61dc585e2636a7d63a76690bde1bfcb9c7c57749b14306b92da9d3c5fb6f70345670839e96ff6e439e55b9fb2ea50c0cba5606b37f72f6bb21ce734455b

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EDQW9R5V\p-1[1].htm

MD5 6b5fee9fef5b63b15756e34ab1706e97
SHA1 96f8423e688b85ae19f6c7b26151dec619479ee3
SHA256 a9964e961fbb900cf9301cd9b428808b5e3b345cb5783c75de19071d6123b65f
SHA512 149bd407794cad062c146aceb7f6e8157eb8fa3ff8f22672f7a5d9ce40c698b677f5fb699b22e8a70754735015c0fcbd3934c42fffbc8d529c9a17f9c741356a

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5OCCPTL4\p-1[1].htm

MD5 a9facf836021785d240e245484d9f16c
SHA1 1f264cdc96e0e3fe732ec56e475c84ec6a678e7d
SHA256 ab66314fed94c51a5461fe220b51b4cda062ffbd19b3877340a064ad8ce20703
SHA512 4eacecdcbea6e09573bd3fffc0a4b4fc987f61941ed4045f2df8aab7dbbd95ba1bf913bdd3a2acbb06e803b0f78e0745e3e08b0be55c5223e6c4b555c06e558f

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5OCCPTL4\p-1[1].htm

MD5 25749430620cf016c47cf166e77c505a
SHA1 e9c945deb6a15be638e1ffa92a2df519635748c1
SHA256 d65dba92acd34a77cd5f4704f2565f7a39295a91055ac0e2f85b2b11c3f2c7c0
SHA512 f1a20974a4c5afc335ad3c7dc007c787c847f31498b038091739b7fdfaf30b1346bc368216b02e347768974065a37fdb8923dcebe7972209cad61fd8869ab94d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9fbd3294c9c49946d3cdbc09fd8fe71d
SHA1 f35a4219af8235b6318313ede38945a88ff434a5
SHA256 d5b99c00f61fe2da1af09f5ecc126f618537528473b20317704c2b08efa0f6bb
SHA512 5bed63031d396c267578137f4984381a6085c62de82b5b1cd457e49e4de4f0dcf278f7b8aadc5721b3924be372dd30071e3b103c6212e83e1dcaef9393c21f67

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9579f02ab42246b368dd77c8bb027e42
SHA1 fc6bcb9b7a9a8a94113bd0467c546e5626e2ed39
SHA256 b909ad53bd3fe3d974633b8d07fd53739b2b08e76d09984c473ddb77488fce57
SHA512 d574100bae9e20c47ea3e0cd9cf93ebdd14c1c53ca5e440880c100aef229e0f780b8491b8ca0a92faf9ef5c7529256fd7092434b6c7311146304741b50cfc68d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d109923d2830c22d2f81bf58465ac602
SHA1 1e66210aac42282ea5d5c8716f164bd2f1981a0c
SHA256 e050efcbe4d3d2f06ca0d0ff75a5a15ccbc0f315ab4b4a0d0758ec9d685a2a12
SHA512 da9edcc73601d12200ca4508da36c79498ce985c5aa6f8d435d39ae6f95ff97e826ad5142dcc3eb00a2001d1ae3a77123227576acf5dc7e933ba8ddf0bc0a159

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0cad4e40a32a2e6df3862f8aeb7b92be
SHA1 67d4c6ba4234fa9613f4e7c64212b7c05a8e9180
SHA256 d49ea0de6dc518bb562a19e84a1f12db844f76354ad62a7db68339cd20cee863
SHA512 ca3042384257ec5eb46e42a887fdd1df1d7a52afe7ac817c67db203521f182f63cc85d33cb8fe3cf7a9c1e1ed28c98af56e21757362287795cb46f26751deeb2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ee66ea0298816f5a252d8216e37d00d6
SHA1 db935b29d6a66a8120a13adf8c75e51b3e3beed3
SHA256 d8c7d56fe482f97800317ba425155f69ed45405fa91f5fd7973177ab9e99ce0c
SHA512 36808df80748fed5933094b8d1bd9475c3e17a7351a0c8f31c3ef16419716f463a650734b2163af1c7c8e8ad3bc16596d9dc05a066f0b770e8f4a65d33835f27

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0a81629031fd600c2db907e7e40f943e
SHA1 1f48ec9b1e779b75f37c52c4f50f621a2e2162ff
SHA256 274fb8f7f6a25e54803223392e29826f4433b12a278e49eedc58b791d0f76c55
SHA512 2e7203570cafbfeee291a1a1200da62ea5469fd14ab20f5ad13d35257aecd79bc4669edba3032e5f2678d303f485ca957485e28c488f7d1d1dfe20806ae03603

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 01e6dad0dda6e5865c9899b89765a528
SHA1 d654097ff6dded42e8f6e305a45d18928ce39883
SHA256 7a5795a4886e759bcc48cdddcf5e1ceeaecc6dc3df31431a87f137250632a808
SHA512 c8ab06c32b697f1c9207cbcb143fc189cb8a0dedb9b12b311fff1ea5bab71cd7a411135be03cdaca87427f7a87470008f04294e1c85dfeb95bdfb4c9d69eccf0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 734eb5abe336adfef45f30fe584b5f8e
SHA1 5bea53c6f051b2e4b6dfc67456bce1209cd8703d
SHA256 c37a45f1045886cb9c154cda7b87bb324fcce3c6f7f9e2f1c3bca1d3fbe12e78
SHA512 768fed422157c42ba6bd68dd16b734843b16beac7cfbc20f8fc3fd4c960e5512dd77462f453531b9fb08cb5b07706365550f06aa786860ff51cc11981e7c893c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8937eacd1b296b2582e4d439a27adf0c
SHA1 82aa5366e42674f00f807d36c3126a7eb3cdd99d
SHA256 8a71d835d8895666ccb25e90a28484d503d63fcba3ffa1bade07a3363fff3a77
SHA512 05cde5e5059c334c2d679ded8d4b4d06401064152af2e224512a6df5484fc0d0a1b0c8b205606855e4db64b0dfa63646433c7124b6c1edeae28542002aa13952

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a99f350f1e8235c3977ad2af59aed99b
SHA1 3d690aa4a88ce5d657dfaae72b5ec49376dfecd8
SHA256 c05d19a04a18e7388efa64be972d462b109f3264e7915b57cbe5cc615ccc18af
SHA512 2a8f53dbd7d84940897f532f2296854591836b438fa943ab7d54477588d8dc30dcd48e6268a915eb20e9788966c11a86582a68efebc311e33f10d69a6809b685

C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML.bak

MD5 5b6c2d20aab0b82ca5ac20d8700b8305
SHA1 b91fdcd819837bcb7493961b6bd3608b959e07dd
SHA256 c9ac3116dd7fabb542f1cb1c3cc4147ae8cc390c6701ccd5466b5ff6d8cbf179
SHA512 d9770ae52e3b9b681e21524e374a1ee6aecc6e776bdce6061858d5646488e52a7f0870460024558f75a711f106c06f5cab6abe3aa448a715f09779ca95b667b7

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5OCCPTL4\p-1[1].htm

MD5 9cbf55562ec8bc7de107aa26bfa61f51
SHA1 0de58d932d4e7a04c5312657aca750e62cadc21b
SHA256 95a8ecb8b7b59bd8dacf784e7cca2f38bc308170fdd2481b5ce2863cde8ca135
SHA512 dd298d7664fc9d65853fbdd8bfc7b6b9957a4ad8133ffe2de9886ba5ae253f328be3d7233cf8d905e0938e0ca7d54b6d38c96f3cad76fc7ee38993ebd72319c8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d96fc9020d3ed1131bc55ff14669f76e
SHA1 8a1be782f8840388a42e124e037a28fcee8364c7
SHA256 40e4de578627b791e9fc671309635be38e83346d1964c625c24c08f04b3b28d3
SHA512 36b2d74e41c84db5da1d3a094f47a8b010a36ffdf5a2fc28e419fc74834c7e6185004bcf4a4b77bd615ff479ea3bff056fd8883fe36ca8c357f80ab3f1fb3ae2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d16b626439e2b14250a21f455df4c06e
SHA1 a04c6c66450369a09376079651ed7fe128e75254
SHA256 df2c6459f6852655dff8f2b4db642c69f94a6aa6c9039f1c523e186c6234f22c
SHA512 5fc1d35f6ad793bc81210511f2297e907e56e821376501ba089446000486b07b57b4d7d00470dbb3b9c7ee0fbe08b946ad8bc9a3042d3b5bfad08218a13e9525

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c899cab70eabbcfc32a6c5563b8f5ea0
SHA1 6c53005490c9d554ba31fe090348d0c0f6bd1318
SHA256 1a19a7b92d3b976c83c823a5b8f055ac05c031979bf097acd0c9da6f1e1f31c8
SHA512 0c18e5bbd2a8fc8a464717a3bfecdc15388d942d8b8695ecb74b88a408d7e6c38924abc2169b9ad1d334b39e071af429a479e4c18b6530ffcd786bf8cab41254

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 48d7111c39c7d381b33404402689af29
SHA1 6c3ed8a8c6569b8bb2a2444d1db6afe5672eff77
SHA256 8812715765f87fb6642c334c6d1bfb135605e0fb14d91756e7a9f755ee7c33a9
SHA512 e89fb6b9d1deabacdf3b297fbbbf0f0486bd3d7319cf881abcf7fafae21a4c59417af66c625e56341c0a1e594e68c5a353adca250cc1478ca531e2569052bce8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9c36e63b492e94331cbef6b0a42b9a18
SHA1 1dcb36d9f28f158f645881e20a7972139671e7b8
SHA256 dc395af7d525fce5c100a2eca010c914862725a2a161ddafb22f43b4e049eb50
SHA512 55f5bb7c6ce4555e1c0848b040dca8532bd7cb654fcac73d435b68b54a6cd41d072932ae1b207c7072fc85b80ca16d619cc1eba3aca6f6e6a7356cee3dab8eb8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c6574fc6a1e1c187f949a42a0403f559
SHA1 5ad9a4063a8b60b301ba2c037169fccef58160c7
SHA256 a01d749cfe1db28418553c6a3cf65176f7f1ad5534d73314eaab1762ae751297
SHA512 7359fb98d6b2d314477bbb852c30bb6536f6423f46322bd0f3d5a4fa18208ef7651c949b0c9bd672b10bb0cd6a90a0389d357dbd6ffd022aae6b41e5c831c3e8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 361960ef3b3c32d53332b358c30a753b
SHA1 58adcb36d656c98957da6f766895c88da9e29344
SHA256 c4f35980de5c73ad07060b9d315309bb43e11aaa18a7bc11622af7ff245fe4e3
SHA512 353042b500e0c352990722da6f1cb3a41767002a166d89836733bb4b8a0b9fcb5253d586a050dc96971f3fffcfde485109222499757a410f5a1b7824e94621e6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c93beb01bc738aa29d69bd70664ead24
SHA1 15f8b068f584494089c8cf821cb3dab34b467f6d
SHA256 ca287428c33a8d809ffb2d06a6ae583204492da7a74a1c004c7de938d0058035
SHA512 e58f7ac6c4a6687957e4182395388b358362ccc81016188f978ecd64e15e30006a13a9c173902dc8cbee0b2c5bad2a4a260a3c424789071aea84d7f6ddd42304

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 84e584d3c070296246a47a5873fdbd11
SHA1 d6400cef9739b05959075b2b015c58326b8047c3
SHA256 4b1959c7337bd1dfec3d95035fe6f806549f9311abe87a04b2da556f4b179dc5
SHA512 e946591e68f0b67af1f9bbc18b044f1ae4094d5e0a6f296529651b5e3c49723805e07d41b41eff9a6d7d581b64c71e146698659d3e9f70976b111e155442d320

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 89925fece61f1e404a4350cc1d606117
SHA1 63f9c69377692a1397e17a2ea34025636f80e46b
SHA256 d056d34cbd8bde26b767ee1470642ba8b675229daf51bd2eff5ac8b4a6acccc1
SHA512 0a25c4075dc5225350e2a9a6949f724876a9c89a4899c0350d749e4c00bd895e05f47ee8536f4d413679c45b6556c7b832481e12bba5f4fa0b1837f836bc2a0c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b0c4d10ed9e7340a3f982c6438b5a428
SHA1 ba91954a5eba32e3e287016e127fd8706b1b817f
SHA256 80650263847a4392ac07bc776a464787c29c6e6f5129e822af400d7b2fd8d9af
SHA512 1b430a165dbefef99db754b6cc8376621bcc44db08e02897b862fa0cdcffa97dee40267503e24bce601a05b8e380e3ff52e6bdf67d5076db356fa75c93ccaf8c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a4051ae5466edb4e46f02eb1b2f1d325
SHA1 15b55cf98393615d07f4f06e2cb15e6e5554afc0
SHA256 1d219ffc4f6eaeb3a898fa9d7375b1c4d20dcb312fd5d18594e5639569fcc293
SHA512 d19629eff426bbfea139f369b355f8dfdd3afc80de956c51b36aae64b1ecb4c30b16d7b16a7e5f11b641c74a16c9d749359db13613504bdfa3614b819a383168

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 21:32

Reported

2024-06-13 21:35

Platform

win10v2004-20240508-en

Max time kernel

147s

Max time network

150s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a6aa0218315d1bc4ab1b9fb80af51e6c_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1576 wrote to memory of 1076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 1076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 3528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 3528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 1640 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 1640 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 1640 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 1640 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 1640 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 1640 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 1640 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 1640 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 1640 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 1640 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 1640 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 1640 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 1640 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 1640 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 1640 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 1640 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 1640 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 1640 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 1640 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1576 wrote to memory of 1640 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a6aa0218315d1bc4ab1b9fb80af51e6c_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd6a4b46f8,0x7ffd6a4b4708,0x7ffd6a4b4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,12252306779591476276,1800885886550729026,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,12252306779591476276,1800885886550729026,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,12252306779591476276,1800885886550729026,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,12252306779591476276,1800885886550729026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,12252306779591476276,1800885886550729026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,12252306779591476276,1800885886550729026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,12252306779591476276,1800885886550729026,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5320 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,12252306779591476276,1800885886550729026,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5320 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,12252306779591476276,1800885886550729026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4612 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,12252306779591476276,1800885886550729026,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4448 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,12252306779591476276,1800885886550729026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4508 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,12252306779591476276,1800885886550729026,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4460 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,12252306779591476276,1800885886550729026,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2052 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.hotpotok.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 www.hotpotok.com udp
US 8.8.8.8:53 www.hotpotok.com udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 612a6c4247ef652299b376221c984213
SHA1 d306f3b16bde39708aa862aee372345feb559750
SHA256 9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a
SHA512 34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

\??\pipe\LOCAL\crashpad_1576_CXUNTXAGYBDFVAQY

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 56641592f6e69f5f5fb06f2319384490
SHA1 6a86be42e2c6d26b7830ad9f4e2627995fd91069
SHA256 02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455
SHA512 c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\2ca51da4-5d03-469c-b399-8ace58507e00.tmp

MD5 9dff10c3e1d6cddd611f6e1cde49fd5d
SHA1 8baef7e83f6358c8a961a882cfa507eed9b57024
SHA256 00f6bd25f755a4e551d4262f6e12ed16eeebcb3b33a7cf61bfb56f332a297662
SHA512 f3f1acd5adf1227ac3e1e3d7df91ab6a82564a7f56642e3534b6e26e4d44ca451167bc4d793500840fd78de3ae3bb3e540b02d1ae1a3bb9b634065d16ddee953

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 bac25aea2e4428884afbd7cd3fa57d77
SHA1 a25b312dd764dadf28514971fec5f9200de51183
SHA256 9f2b1b4ec3db4156b29bf2985f87061a100eb351bb03fb4eb2c369e24d625af2
SHA512 9e20dde77f4d8e7cc1f58232f6834b15d832245212fb37e138feddadd8e82dec215d9a9ab148287856236fef578c14987791ca5340830ff90b0b0d6f3b97cddc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 87bc63c8d55210dc9e025d6551b359c8
SHA1 f29a1e0477d9f5d27ce2b751a55a7ae5d3ccced0
SHA256 06ef593d47d42600e597fecfea8f7b0faae7c45ae1e3ae0e45ce72301de3c0db
SHA512 59bdfa12796ea463dd882963068d4008d7ee6706d74f091c3b68ab4b21c3497f6f1ccca6b3179c6161e261d69097ed5825dcef8cb5d5f57436b8d7f8b057ec3b