Malware Analysis Report

2025-01-18 01:59

Sample ID 240613-jm698azdlb
Target a47e0626752bea099ba99ebf8a7295e5_JaffaCakes118
SHA256 5865b1dbd4aba15db34440f433bcbd00a951823fdba0223d34db45e780a8f666
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

5865b1dbd4aba15db34440f433bcbd00a951823fdba0223d34db45e780a8f666

Threat Level: No (potentially) malicious behavior was detected

The file a47e0626752bea099ba99ebf8a7295e5_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 07:48

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 07:48

Reported

2024-06-13 07:50

Platform

win7-20240611-en

Max time kernel

146s

Max time network

147s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a47e0626752bea099ba99ebf8a7295e5_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4AB29B31-2959-11EF-964E-D2952450F783} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a03905000000000200000000001066000000010000200000000e917ef05e34ff90deceda7f8dbe710cffca813800993a4ea76ae5294700da23000000000e80000000020000200000003261cdec6afaedd1d965c2fd9f70e2657f763aaf302b3d7877bc70d2548a03bd2000000071c7d69d22ea3e5169d6f2492b25cbabbff15e8b66e462efcb324fbbd3e3618440000000453527425543b4d3d2242caabac9bfe926080cb6871a18dc42884556ed3e9a0856b493fc05daa0bdd7bc2022433eb0b92537c1c7ac2acbc2d7fb0f97f7598ab9 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424426763" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70014c3866bdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a03905000000000200000000001066000000010000200000005425526e09976a1e4015b3c8f50d58303a7005640f4698e1b7be43ea08f1be61000000000e8000000002000020000000ac39f6d6ed5c223b657f0d3d56a004838af2c7105a64a788c2bcde5c160a53d990000000764c18a7c7ef3a3dbb841db7ff28df8d8779dea1e1f75f5b7a8067f4f7c2d5ee0962cedad73c45d126ff5136fb5a159c68f02f34c913b775b5c3b4e5736f01b713fc8acc8e32453cd2bdfa05f6085307189db59c32072c47fba7f9f51cd6515cf185afb6d65b3df4f98a828a43c9f4cfba523db0fda42d76fd45c6b7d8a5c129ba1cec51fd7f39f520eebac62134557e40000000ea098715db917dcffda3b0a839504edc638afa41aae17d498c935ca3d841f2b9c89a69779be7cba69b127f7a29ab0d377ade638d03fd726ff18cc4e1454f32b0 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a47e0626752bea099ba99ebf8a7295e5_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2088 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 pgperformance.com udp
US 8.8.8.8:53 www.nicephotomag.com udp
US 8.8.8.8:53 www.pixauto.net udp
US 8.8.8.8:53 farm6.static.flickr.com udp
US 8.8.8.8:53 site.americanmuscle.com udp
US 8.8.8.8:53 site.americanmuscle.com udp
US 8.8.8.8:53 site.americanmuscle.com udp
US 8.8.8.8:53 site.americanmuscle.com udp
US 8.8.8.8:53 site.americanmuscle.com udp
US 8.8.8.8:53 site.americanmuscle.com udp
US 8.8.8.8:53 site.americanmuscle.com udp
US 8.8.8.8:53 site.americanmuscle.com udp
US 8.8.8.8:53 site.americanmuscle.com udp
US 8.8.8.8:53 site.americanmuscle.com udp
US 8.8.8.8:53 site.americanmuscle.com udp
US 8.8.8.8:53 site.americanmuscle.com udp
US 8.8.8.8:53 site.americanmuscle.com udp
US 8.8.8.8:53 site.americanmuscle.com udp
US 8.8.8.8:53 site.americanmuscle.com udp
US 8.8.8.8:53 site.americanmuscle.com udp
US 8.8.8.8:53 site.americanmuscle.com udp
GB 142.250.178.9:443 resources.blogblog.com tcp
US 151.101.2.166:80 cache.gawkerassets.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
US 16.182.34.9:80 v8magazine.s3.amazonaws.com tcp
GB 172.217.16.238:443 apis.google.com tcp
FR 3.162.42.74:80 farm4.static.flickr.com tcp
GB 172.217.16.238:443 apis.google.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
US 151.101.2.166:80 cache.gawkerassets.com tcp
US 16.182.34.9:80 v8magazine.s3.amazonaws.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
FR 3.162.42.74:80 farm4.static.flickr.com tcp
FR 3.162.42.74:80 farm4.static.flickr.com tcp
FR 3.162.42.74:80 farm4.static.flickr.com tcp
US 104.21.23.250:80 www.nicephotomag.com tcp
US 8.8.8.8:80 site.americanmuscle.com tcp
US 104.21.23.250:80 www.nicephotomag.com tcp
US 8.8.8.8:80 site.americanmuscle.com tcp
FR 3.162.42.74:80 farm4.static.flickr.com tcp
FR 3.162.42.74:80 farm4.static.flickr.com tcp
FR 188.130.25.202:80 www.pixauto.net tcp
FR 188.130.25.202:80 www.pixauto.net tcp
US 107.167.56.150:80 autophotosite.com tcp
US 107.167.56.150:80 autophotosite.com tcp
DE 159.69.215.201:80 www.myrideisme.com tcp
DE 159.69.215.201:80 www.myrideisme.com tcp
US 15.197.142.173:80 trackthoughts.com tcp
US 15.197.142.173:80 trackthoughts.com tcp
US 35.215.94.134:80 pgperformance.com tcp
US 35.215.94.134:80 pgperformance.com tcp
US 172.67.166.43:80 www.firestation.org.nz tcp
US 172.67.166.43:80 www.firestation.org.nz tcp
DE 185.53.177.51:80 www.blirk.net tcp
DE 185.53.177.51:80 www.blirk.net tcp
US 216.92.112.193:80 www.wheelsofitaly.com tcp
US 216.92.112.193:80 www.wheelsofitaly.com tcp
FR 3.162.42.74:443 farm4.static.flickr.com tcp
FR 188.130.25.202:443 www.pixauto.net tcp
FR 3.162.42.74:443 farm4.static.flickr.com tcp
FR 3.162.42.74:443 farm4.static.flickr.com tcp
US 8.8.8.8:53 site.americanmuscle.com udp
US 8.8.8.8:53 site.americanmuscle.com udp
US 172.67.219.224:443 www.ajarai.org tcp
US 172.67.219.224:443 www.ajarai.org tcp
US 209.237.150.20:80 www.totallyautoinc.com tcp
US 209.237.150.20:80 www.totallyautoinc.com tcp
US 172.67.166.43:443 firestation.org.nz tcp
US 172.67.166.43:443 firestation.org.nz tcp
US 8.8.8.8:53 site.americanmuscle.com udp
US 8.8.8.8:53 site.americanmuscle.com udp
US 8.8.8.8:53 site.americanmuscle.com udp
US 8.8.8.8:53 site.americanmuscle.com udp
US 8.8.8.8:53 site.americanmuscle.com udp
US 8.8.8.8:53 site.americanmuscle.com udp
US 8.8.8.8:53 site.americanmuscle.com udp
US 8.8.8.8:53 site.americanmuscle.com udp
US 8.8.8.8:53 site.americanmuscle.com udp
US 8.8.8.8:53 site.americanmuscle.com udp
US 8.8.8.8:53 site.americanmuscle.com udp
US 8.8.8.8:53 site.americanmuscle.com udp
US 216.92.112.193:443 www.wheelsofitaly.com tcp
US 8.8.8.8:53 site.americanmuscle.com udp
US 8.8.8.8:53 site.americanmuscle.com udp
US 8.8.8.8:53 site.americanmuscle.com udp
US 8.8.8.8:53 site.americanmuscle.com udp
US 209.237.150.21:80 webapps.myregisteredsite.com tcp
US 209.237.150.21:80 webapps.myregisteredsite.com tcp
US 8.8.8.8:53 site.americanmuscle.com udp
US 8.8.8.8:53 site.americanmuscle.com udp
FR 52.47.133.116:80 green-tracker.com tcp
FR 52.47.133.116:80 green-tracker.com tcp
US 207.244.67.173:80 lostwebtracker.com tcp
US 207.244.67.173:80 lostwebtracker.com tcp
US 8.8.8.8:53 site.americanmuscle.com udp
BE 23.14.90.91:80 apps.identrust.com tcp
GB 172.217.16.238:443 apis.google.com tcp
GB 172.217.16.238:443 apis.google.com tcp
US 8.8.8.8:53 site.americanmuscle.com udp
US 8.8.8.8:53 site.americanmuscle.com udp
US 8.8.8.8:53 site.americanmuscle.com udp
DE 64.190.63.136:80 ww1.lostwebtracker.com tcp
DE 64.190.63.136:80 ww1.lostwebtracker.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 216.58.201.110:80 developers.google.com tcp
GB 216.58.201.110:80 developers.google.com tcp
GB 216.58.201.110:443 developers.google.com tcp
US 8.8.8.8:53 site.americanmuscle.com udp
US 8.8.8.8:53 site.americanmuscle.com udp
US 8.8.8.8:53 site.americanmuscle.com udp
US 8.8.8.8:53 site.americanmuscle.com udp
GB 172.217.169.3:443 ssl.gstatic.com tcp
GB 172.217.169.3:443 ssl.gstatic.com tcp
US 8.8.8.8:53 site.americanmuscle.com udp
US 8.8.8.8:53 site.americanmuscle.com udp
US 8.8.8.8:53 site.americanmuscle.com udp
US 199.191.50.32:80 findresultsonline.com tcp
US 199.191.50.32:80 findresultsonline.com tcp
FR 35.181.141.150:80 green-tracker.com tcp
FR 35.181.141.150:80 green-tracker.com tcp
US 8.8.8.8:53 site.americanmuscle.com udp
US 8.8.8.8:53 site.americanmuscle.com udp
US 8.8.8.8:53 site.americanmuscle.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 216.58.201.110:443 developers.google.com tcp
US 8.8.8.8:53 site.americanmuscle.com udp
US 8.8.8.8:53 site.americanmuscle.com udp
FR 52.47.133.116:80 green-tracker.com tcp
FR 35.181.141.150:80 green-tracker.com tcp
US 8.8.8.8:53 site.americanmuscle.com udp
US 8.8.8.8:80 site.americanmuscle.com tcp
US 8.8.8.8:53 site.americanmuscle.com udp
US 8.8.8.8:53 site.americanmuscle.com udp
US 8.8.8.8:53 site.americanmuscle.com udp
US 8.8.8.8:53 site.americanmuscle.com udp
US 8.8.8.8:53 site.americanmuscle.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 site.americanmuscle.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 site.americanmuscle.com udp
US 8.8.8.8:53 site.americanmuscle.com udp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 cb85f3fcf86ef0de7ef258539cae87de
SHA1 c73288fff07885a62f8c7033b348863ed3b8cad1
SHA256 7430a96d94b1faa5363b7656b323ffa416fd262e0405e498bb143dc93443963f
SHA512 dc152f2e8c8f7e316e84f7a1f3996e02c08d582d6d0e40b8bf7171e359ea952a80b7452e56690b30fe98b4655d4744e8529a930449ef1cd853e377f86294b2d2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 05c4f144228438b5ff1412abd8d44225
SHA1 4717b125a127cb6d7437b763d95e58a3f8aee943
SHA256 7200edd51ea7769a7fadf6ac3926ca1317a787488c242e78b46896233e54858c
SHA512 a714fab2ace9b8ea108ba96f3b5ea18774a971db2b9cfbb3109982584bea2b7c44f9fc718765b787ec90382401e1d4dab600df1aad443af55ef010a8e64aa101

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 a8d04fd0b807a4da198660672671a754
SHA1 b879d1693bfa6550655e0d42c1dfdd6ff9867ca4
SHA256 5e32e012fb3fd2dc681006fd2ce85d41aada58a18063113de57d3d2886251f05
SHA512 ea87a4e1279309ca906a4c6c189f8ec23a22ca5cec3d1a2b674a97eeee0013cfb37ebef00df937beb29f9f49af3e76c7bd710b4e233998d325ea4524a6efb894

C:\Users\Admin\AppData\Local\Temp\Cab126A.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

MD5 55540a230bdab55187a841cfe1aa1545
SHA1 363e4734f757bdeb89868efe94907774a327695e
SHA256 d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512 c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

C:\Users\Admin\AppData\Local\Temp\Tar127D.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 1aa19a189aafd8e00f3aa49604c85e09
SHA1 96b88fde24ac1e71edd4e04e7331eb99aef0185d
SHA256 19e203aacdc402fd62a8866bfa0bc7dcf5f1f684173429acd892df62429c1905
SHA512 c279f871c68fe8139803a613333a256a5e9a121c23888a948c68cd493c8a8db5e26744849ccc19947f80786be51c777aa093a1279806a13ed4b22ba5d7c2d4b6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DACC52A1882A05AED14688828CFAE295

MD5 ba87b7446f6a6b49993913d5c8e298e6
SHA1 4713d0c79a42ca976506c80edb761cc3c77bcd11
SHA256 cf0910e4778ba87fc071a82b5e500ce7f33e5667d286e5663b126cf1461410b4
SHA512 0a326346861a5d7da1ef63235f0a719ed62b600b00ba5f1f1bb06f3800b0809ca6dcdfabd2d8169a4a9995083c624af7e03a42efa56c22a5d51cb440103de68e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DACC52A1882A05AED14688828CFAE295

MD5 a4c3e4b3f212ccf9719236eaa8f728be
SHA1 e017a18974a9969ca60ca2499ac54b464d91a2ef
SHA256 0641546fbe6a6bf201d918796cf5efa992632208053037f369a6173cc2afd39a
SHA512 c4c229eec604f4022ab0d439eb8b95bbdbb554d809d4571745957f0da5dc740e4ecb13757273b9dcf9f431a5b1ca40d53a539e2ccfaadbf7c161dba6b8b2734f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a063c631e2379378c74710396377bcd7
SHA1 e6664c47444486f688c8ce60041cb5db76be2a00
SHA256 b4af17c572ea563b0c4b55ba0765f79e079e76701d61a6843522524561c048ab
SHA512 8d2eef03e4f683996c77edaf6061f952596f34f537af401ac4f09d8d37cb9a4108a923a06f54559f4ee115b7488ac6fc4f72b7f4ff067b9fcd76965c7edea1a6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2a919c1a15616b6d9421ea217cad32aa
SHA1 c189b1e04ab1c07537596855e1e2a2ebf5e27a19
SHA256 9c1bc16b2ff8344929f42a9b5c089da10dcd8b9fc29a0dae16d09bd39f2cd671
SHA512 2fa25e6784b14dd22b9c2bbb9d222746744a973bbfe0d552e1fbe2ec4b7fdccdd78a8794cf158cc047c9e297ba739e1e720fe16227f1288538cbd71053a60e93

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

MD5 e8aa929a1ecf5f887eccc26be5c523f4
SHA1 12ccbf1e41b43b6d3a4a765cbb5d76488fd33e64
SHA256 2f05ac34a73cedabff4277e186f85cd488a806d921271bb2f13de6bee41ca117
SHA512 82f908fe66d1bd16cbf0e52dffd8813fbb31c002b81c832332323b59715a14aadac3d1ea048329a5aed36d48a288cb1d17ddca76941dd51d19a6910d2f322e42

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 35294299da24af51602b9decc80139c8
SHA1 ea5414569b49eaf5c6f303413498794e42cfcab7
SHA256 e17ed0a58a6d26aa0e899570abcc0da319fe55c08e2c169ebc4e474cff96f697
SHA512 86e02e4f7ea9a0919a7ce83f5d4e40eeb329d9bae9c87a7f89669d11e56ed380b4c2aec0c62c99e7130e916ae253d6e88867520002d2addaaf90758bea16e430

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7e61a81b07a6508a9cda35d7fc860a33
SHA1 9577c3574ec15c4067a0eb73d74a96be848313f9
SHA256 1d766d5cbd7552e5865f9124036a63141db64abd0703cdc76864b66555e8eefd
SHA512 3219b2faebc15d4df48c236829b3c599a9fe59edcab04d15b208fa4d957c5088c949bad2c01fe1e031dc53b5a60da48c28fec04aae74e2ed8982a1a2b3174e82

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ce3ef287bb4e6e46951b097df13c5916
SHA1 9087ee6fb8e660dec93aefb333af1142614a6186
SHA256 5ca6b224cbc8bc12b4200e02c2d14e1604462054ae58272ad3c650f69ffc2ef6
SHA512 523097c0871f0e4491930259a31ad40abeee5b30f6d92b3fd01567bd833440c36a632f6900492d796886d777bb5c89c01077bf24d9a755dffbc2766a887ff14e

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TNPG4FQ8\plusone[1].js

MD5 53e032294d7b74dc7c3e47b03a045d1a
SHA1 f462da8a8f40b78d570a665668ba8d1a834960c2
SHA256 8076b082eadf0cab4a8823dbd7628a0b44f174c17b3221221c0e31e7c60307a2
SHA512 fe263fe86aea2ba1b86d86305650cdeee45cd1f7b4339f9d4fb81db776b78abedccd0ae77262f45d579751daa26f81385354b3d126fdb5577036e9dd1db33276

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d3b3fc5ac21ff3c2b577fd46581b2279
SHA1 ab07b0215b47236331cf9813d8d1ac34551b71b6
SHA256 4dc378431ec7769332cd51cb8342ea58cb037cd34b1a26f142b68bcc66101add
SHA512 1ebf9e1a58467bc666298e2a55844fe0820f2cdbb9d25c28c474b1175fb0c2e26c5972a0d824ccd621720eddeceae9ed174eab52e54d906e2d1b4520c700062c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ecf920971047df217c36baa73564f714
SHA1 ab761a5ac6ebbdf7daa5157809cbfbf1c712451f
SHA256 3f95ed7446645a7ef3c0480b72bfde3553a55a9ac160a2decec464892ae5d207
SHA512 ec9001edf69239c82f55a1b19156c2182c258a6a552fccc73026b91dea906a66263595aa158ae3433a25cf541a4ad7ec6e6e5a47b3fe8e6b83e1e8e591541d66

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 055dc896ea9902c802853105c707baf5
SHA1 ffab9089089057e67b64dedec5b3371e64acbef4
SHA256 985df699e5ef53a19b7b7fb65f1d801479796b25a9a412038fc23634721b95dd
SHA512 8634d6dcdf524324eabbc130c4fe51e781bb4cec24a34a0641250081987b0eed299188047b69b245da522e47a6830332cc0e0061383ae4bca52955b89a0fe901

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 be84ff89d418103c77aa1e6d145725df
SHA1 7eac307190cf4cf78f71f1130bc585af204c9372
SHA256 114aabcdd815e07abea0a13866248c67cd5e8136489ca14639ad79c423e65dea
SHA512 6e4f06b8cbf1494dbcb3f3e143dd70bf3c96659783bea3930c09aabea86d10aa6902eae57ee66abad8a5e9e6b6787e26049db89537ac5baacb606c8910c7bcf8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 21faed977439940d57988bc15fdc9906
SHA1 1eb9ba82c51701961c1968f5d001e5023271ad39
SHA256 8c82892b6e32cfb65549d6d7f56c6fbeabac791b1f1b20d6dba895ed726c0cd6
SHA512 42b7d2b62536e9d35fc967c322cf8467616b7a9b285a84418e814b1327bdc67f618fae4620ffe4cad04c50e084ecee3e666a074abc916167e3adefdb59ec9c9d

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M0DW1CQS\cb=gapi[1].js

MD5 f9255a0dec7524a9a3e867a9f878a68b
SHA1 813943e6af4a8592f48aeb0d2ab88ead8d3b8c8b
SHA256 d9acfd91940f52506ac7caeffea927d5d1ce0b483471fa771a3d4d78d59fda0d
SHA512 d013be6bfc6bcf6da8e08ed6ff4963f6c60389baa3a33d15db97d081d3239635f48111db65e580937eb1ea9dc3b7fc6b4aecb012daeee3bf99cfebf84748177e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b707cd28aec770dc90cdf0579252de09
SHA1 18f26e6f415df7be8b5312bbf180e37fd4706740
SHA256 41996af6d69f1c5c76fd65db6d8a3a54c4378775f7c19698deee27720308fffd
SHA512 1df2f763a344b176d43bb6e04c1e580dbfedb6d7744e9ead94edb50a564ac6fe2f622a68ad8553e9e25b3a80e27b4d7125bc3a93c68617fdd57f59d819a1e4da

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 449d994fe62aa280299f281b071ce48c
SHA1 6df0dec038a4b084ef9795d8830313273122dc97
SHA256 7adca0562757a094ae2e70042a7f480ec0a0adf35301812d33a5e143324d91ee
SHA512 199a5e4d463321ce501c5498d26a77abe5a9bf82ca6a012fb1af569c78aab90f43c7287c9f5347129a8f4e9135a1c0e6117384ea1821c92113423a992a719f4e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dbb34ea7c6349175d1b4c02011929538
SHA1 84a9fba46aab92070524642df70dcf58c5908564
SHA256 3978fb59e0e4aacf25445f526dae88219f6ae10cd520cba1fb77e18f6f6265d5
SHA512 a272f63964e2bfff517a265fd61e4ae7f8a737975d517b73c894d2a21be3bdb7f770607647234e8a4596a34abfa4aad53fa507bacaa67289709d768c1b6e5966

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a60e75717c839f6cbf904f25fd26a6fd
SHA1 a2da196e86c18c4ffb5a3d1fccca313c2a3f857f
SHA256 3818afba385c814d0f401d149af7ef0852c35fbe11a01375f0be63144df0de3c
SHA512 9f9610b6339098e01a3e02922c83f05d54106cca303512a9fc354541328625df943aeb65f5e773fc2260676bb2ba033f26c23f76175335ad81b28d336a483107

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7a4b7cde629ad0b8f10150ab3e40d341
SHA1 521f815f251eda65b638396c3f5468941be42d4b
SHA256 5fe1651274ed0ffc6907d8e4bb038c86a40c31356225fe6fe03d6592276fc4d4
SHA512 14a574485d88f5ac67b0320447b0b37f8970b6a3b65abf8c01d8eb9d16e42432529892fbcff0db596a7d9b5f0cda2d1b0cdf292e178bc1ce0469d903eac12df0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e6ffd688e78162ab8160cc289e1a1197
SHA1 9a309546d50e98640ab5c52098e3329d4a89a842
SHA256 ffc589ac3969a9266500927a0886e790f2e0c7fa115ff1cf1c706de560025e24
SHA512 fb6d5f6b523bd47ca8e9c170ea472517707facaab7cf353ab0179d8cd638e798f573879491301563390ebdc081c9602b2d82be9d8eba7983f9c6a6da1a788954

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 497d31e1ad153ef8b0a6bcd7b12f47e2
SHA1 5866c6ad86937f3a5d44c01cf9384d4526fe262c
SHA256 ff7165e782aeee9bf4b167ac839f716798f905b1b1ef5c38f37bb011e69aebaa
SHA512 854d15359fbb98f527de0bdb7227f6b61e96db3df48db994fc7cd10bff7074ef467da4bc4e9745d8c12f140445180e880effd461e0b46d36edcd1cd555703b9a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1d76709bc3b3439b730db2b9eb12441a
SHA1 74752fd47eceffe3a7d3324679c0ce736761669b
SHA256 334e0bd8c2737066cab2219f4106bd63eeb3024526813e24cf25c90ca075f3ba
SHA512 6ea121bff156dea469c61233c5811800530ffe4f31c9f67399b1a2f7a0bb85753c98d3937a7d3fab68735461d61513fb00e4a3ec3c23db65f5698a58e70aa344

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 94c2b2b78a856356ccea2a2a198c9535
SHA1 e538a53a2e31277056b78748bffb9abb7262a77c
SHA256 999639c27db465318e4b506f8f838e06138d43cf282f2619ba586a6a65b1f5dd
SHA512 fa325ec53ebc6a07edfeb462574028081f29238fd02c5407ae41feeac8c65024ad423da82a3977d91a69faaf322e686e4fc280318c7401ea0ee9d028bdf4dcc2

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PJARS8CM\3604799710-postmessagerelay[1].js

MD5 40aaadf2a7451d276b940cddefb2d0ed
SHA1 b2fc8129a4f5e5a0c8cb631218f40a4230444d9e
SHA256 4b515a19e688085b55f51f1eda7bc3e51404e8f59b64652e094994baf7be28f2
SHA512 6f66544481257ff36cda85da81960a848ebcf86c2eb7bbe685c9b6a0e91bca9fc9879c4844315c90afd9158f1d54398f0f1d650d50204e77692e48b39a038d50

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PJARS8CM\rpc_shindig_random[1].js

MD5 6a90a8e611705b6e5953757cc549ce8c
SHA1 3e7416db7afe4cfdf3980daba308df560b4bede6
SHA256 51fdd911dc05b1208911b0123aed6b542e9d9f04c94d7504c63d89ca259ef679
SHA512 583636571c015af525cddd5b8dc2ac9964aba5a7a9b0acd3908e4aeb4c2ee74cdfaabe49b0aa13d7b142748542426864e91e88e90d7f73bc647f0bfecb0ff7bd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 48cc16656efeb5bfe3b6293068b62e9b
SHA1 8c63f5c7142a77456561851a8c80054ace3575f7
SHA256 05d412bc26f08ec7b2078863c586eab51756fe3af7bbf913e3fe7e86cd4cecc9
SHA512 a431a7a34a07828d95334a5af452751b1c5305f758026984377fa2834216c79af86b85c0a233e64f3ff305bba0d19ad7fe3bec294e89afb3a31ef189a6e862ea

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f489d8a83e6442bdec6afc7754f2b90c
SHA1 fcd33069865dde909b3c804aa4feb0d59e6b69f6
SHA256 17242c3e2a13179415a4b580d642746b6d27591c933e7e578142e1ef5a23ab00
SHA512 bc0beb0428d2b56705c2683feac152e1747befcaf61ebf4616cf3139117453bea9982f05f4041f89acc3fbe524770ee69904b7c835c453cf412a629fe0c25326

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9b1c14423af574aa384cad7ed9c62c2f
SHA1 94ba366509b1bf6953e6789d16a61c70db3092ac
SHA256 9388df08cc9e659e6a7b759a2bc5f9c2cc3fd607e13e12e13127b93357397a1d
SHA512 53d24a7956951e72144ba96317329081d0f1a96f22b4d3f48a8d0316202eff8503ea651f71ee3beeec6df3d475e4b953e0a56d44afd8a7c7cdbbf7bef463d5aa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cb3317351fb711bbe97ca16caaf28b58
SHA1 8a32d20360922c841cec5ce65991a0108d9a0f82
SHA256 e270e1d04dea2d029d70f0f0fdc1fbc3fbccb4bd18a1efd688363c2c5acae93e
SHA512 0fc38f15ab2c02c353d5e90d7c63387f26c146c7b63d3187af982b0b2eeb9eb6ff851a5d6f71fee8467b40b83dca39d2704f3a02c5a4af6f3595ff28edc21d47

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 745895409e0904f71c86cedb85de16f7
SHA1 e46e0daa80f72b652c46cf41d1ecc3cc9689fe14
SHA256 d42c1200196680cdff1741566509e47445d79a4f993dad878bcb2ff972310616
SHA512 f9eac410c050a6cb114f1955d110287772a786446321a13b4cd8b562ef778672199849133990bd8724e9d6f92d15eef200fc7f84d1b0654c4828599060a0b084

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 078788347143b19c1e68f716011ac33b
SHA1 0969e05c31f7197e6515deb45fb713e0f8427654
SHA256 2a38fdd3548f12a3598e981fba424982a18532cb12c265d0622d01c04cc5adcd
SHA512 04765bae42ef6fa267aa32beb300470508119b2e76f48707ee45034978955bfff3aa37396b6e8c392f68027c5b65e3e98df1b08cf4b7cc21825a7a8843a56752

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 48916e70ec03ea264cbdd125a6018b20
SHA1 cf65484a0992fc91cce1356d00ca50e2ec16b0dd
SHA256 5dfe1f66844183c7b9cfc081c4d37825ab8398e5a3306dac7c57a131b175c4c3
SHA512 f1648dbf766f803168adf5a97382a8c3df09d2ce0b33e260d4f685e09ccc2c176c5505f6a6ead8c51f59324e7f4b263bf2581168dadd4ca6d9bd12e7253e451f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3593611c61bf286680a0f69afe639f00
SHA1 8b497d1cb218c8f2e9c4455075c0cf5b83a69242
SHA256 27bc2e74b5a4145ce8b127971702bd42c62b5132c5885eff4f97dbce4aef4ce9
SHA512 307262cc3dab6424cc8451bb9b058aad3a705ccd1a18302888e438f80dc1d39abc9c0561312a6af04734ecd2b227e7c2da033f7e5e44430323918d3763f5e45b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 42cfba3db5a02baf50eebb08beccf455
SHA1 a9212f6813af6bcd9e5e332eb6479e9c883168d5
SHA256 474aad2306129969bf31ec1a3a08f8f3a9f5955001173eb764febca1663fdbbc
SHA512 d35451e91a10c8899616425855b82a02ff444eb450f23c9245402b6caa0973cd22c6e08e9af519825b69673424b6ceacc8b30309542809f9ec6233860199ee63

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 aac7a01d7d955a5133c916fa43f5420b
SHA1 214fb9d38b6095e37f226c29195f588e595d370c
SHA256 c23db9cbe6396d5120c5e182212a564fa9bbb2795747e748ed114a0e56ed8e2c
SHA512 803a3d911f35dc407eac218d21fcb8ca75191d640ecfb391e5667a384d518b9fb76e0c818e1d4398a3ef1437edc9e93b53cd6ece40d2bed271f1f9397e206777

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 07:48

Reported

2024-06-13 07:50

Platform

win10v2004-20240508-en

Max time kernel

147s

Max time network

150s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a47e0626752bea099ba99ebf8a7295e5_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4364 wrote to memory of 4708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4364 wrote to memory of 4708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4364 wrote to memory of 4344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4364 wrote to memory of 4344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4364 wrote to memory of 4344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4364 wrote to memory of 4344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4364 wrote to memory of 4344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4364 wrote to memory of 4344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4364 wrote to memory of 4344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4364 wrote to memory of 4344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4364 wrote to memory of 4344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4364 wrote to memory of 4344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4364 wrote to memory of 4344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4364 wrote to memory of 4344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4364 wrote to memory of 4344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4364 wrote to memory of 4344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4364 wrote to memory of 4344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4364 wrote to memory of 4344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4364 wrote to memory of 4344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4364 wrote to memory of 4344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4364 wrote to memory of 4344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4364 wrote to memory of 4344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4364 wrote to memory of 4344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4364 wrote to memory of 4344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4364 wrote to memory of 4344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4364 wrote to memory of 4344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4364 wrote to memory of 4344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4364 wrote to memory of 4344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4364 wrote to memory of 4344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4364 wrote to memory of 4344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4364 wrote to memory of 4344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4364 wrote to memory of 4344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4364 wrote to memory of 4344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4364 wrote to memory of 4344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4364 wrote to memory of 4344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4364 wrote to memory of 4344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4364 wrote to memory of 4344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4364 wrote to memory of 4344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4364 wrote to memory of 4344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4364 wrote to memory of 4344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4364 wrote to memory of 4344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4364 wrote to memory of 4344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4364 wrote to memory of 1148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4364 wrote to memory of 1148 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4364 wrote to memory of 3432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4364 wrote to memory of 3432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4364 wrote to memory of 3432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4364 wrote to memory of 3432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4364 wrote to memory of 3432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4364 wrote to memory of 3432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4364 wrote to memory of 3432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4364 wrote to memory of 3432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4364 wrote to memory of 3432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4364 wrote to memory of 3432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4364 wrote to memory of 3432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4364 wrote to memory of 3432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4364 wrote to memory of 3432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4364 wrote to memory of 3432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4364 wrote to memory of 3432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4364 wrote to memory of 3432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4364 wrote to memory of 3432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4364 wrote to memory of 3432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4364 wrote to memory of 3432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4364 wrote to memory of 3432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a47e0626752bea099ba99ebf8a7295e5_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffca1246f8,0x7fffca124708,0x7fffca124718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,9640634878148845737,9902845707021755285,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,9640634878148845737,9902845707021755285,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,9640634878148845737,9902845707021755285,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3012 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9640634878148845737,9902845707021755285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3136 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9640634878148845737,9902845707021755285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3144 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9640634878148845737,9902845707021755285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9640634878148845737,9902845707021755285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,9640634878148845737,9902845707021755285,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5904 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,9640634878148845737,9902845707021755285,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5904 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9640634878148845737,9902845707021755285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9640634878148845737,9902845707021755285,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9640634878148845737,9902845707021755285,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9640634878148845737,9902845707021755285,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,9640634878148845737,9902845707021755285,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2216 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 www.blogger.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 lostwebtracker.com udp
US 8.8.8.8:53 green-tracker.com udp
US 8.8.8.8:53 pgperformance.com udp
US 8.8.8.8:53 www.nicephotomag.com udp
US 8.8.8.8:53 www.pixauto.net udp
US 8.8.8.8:53 consolidatedauctioneers.com udp
US 8.8.8.8:53 farm6.static.flickr.com udp
US 8.8.8.8:53 site.americanmuscle.com udp
US 8.8.8.8:53 www.wheelsofitaly.com udp
US 8.8.8.8:53 cache.gawkerassets.com udp
US 8.8.8.8:53 images.forum-auto.com udp
US 8.8.8.8:53 image.eurotuner.com udp
US 8.8.8.8:53 carphotos.cardomain.com udp
US 8.8.8.8:53 trackthoughts.com udp
US 8.8.8.8:53 www.firestation.org.nz udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 439b5e04ca18c7fb02cf406e6eb24167
SHA1 e0c5bb6216903934726e3570b7d63295b9d28987
SHA256 247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654
SHA512 d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

\??\pipe\LOCAL\crashpad_4364_UWGDEIWCOJQVMFGX

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a8e767fd33edd97d306efb6905f93252
SHA1 a6f80ace2b57599f64b0ae3c7381f34e9456f9d3
SHA256 c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb
SHA512 07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8a668e415b14670a3a84d88c0a7921ce
SHA1 98baffc359678ca31a6a7f932d9b1727b0b250d8
SHA256 c769174ec70d8b260dae03a89b98251a34a6798ebdd74757a6e7aa453c4948e4
SHA512 78e7569f6eca5bf36a98a5ac19734a4e59d971ff90f7bcd6ea8f70cf61ac7a1892eba9c2922880a1164915b23d3f11195a8805f9143b856fbb9b8aaa807d0a91

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 700c265a587c11b46b4d4ea0bc27a9b6
SHA1 a18e9be0407638fe6e60465ed1f10033d49dd65f
SHA256 74e7dcb0a69429d4077a428a655f1e812bfe4910320e95f361f900a4a7b157be
SHA512 0af15c7f8692927689f2e84edba8d3f91db59cc6c3c985898606f6cfd34903e0fa2c5aa0b094374ab604a44d1d64268deb75adc9d7fede7df47fa215d8268c36

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145