Malware Analysis Report

2024-07-28 06:56

Sample ID 240614-h8vymszelb
Target a882af2fb6c16bb82545d9e67768d8ef_JaffaCakes118
SHA256 188c9b7ea8ea970f87c4cf2414fc800d7ad756c23ac12b7b7558d3ecfd69e1ab
Tags
paypal phishing
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

SHA256

188c9b7ea8ea970f87c4cf2414fc800d7ad756c23ac12b7b7558d3ecfd69e1ab

Threat Level: Shows suspicious behavior

The file a882af2fb6c16bb82545d9e67768d8ef_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

paypal phishing

Enumerates connected drives

Detected potential entity reuse from brand paypal.

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

Enumerates system info in registry

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies Internet Explorer settings

MITRE ATT&CK Matrix V13

Initial Access
TA0001
Execution
TA0002
Persistence
TA0003
Privilege Escalation
TA0004
Defense Evasion
TA0005
Modify Registry
T1112
Credential Access
TA0006
Discovery
TA0007
Query Registry
T1012
Peripheral Device Discovery
T1120
System Information Discovery
T1082
Lateral Movement
TA0008
Collection
TA0009
Exfiltration
TA0010
Command and Control
TA0011
Impact
TA0040
Resource Development
TA0042
Reconnaissance
TA0043

Analysis: static1

Detonation Overview

Reported

2024-06-14 07:24

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 07:24

Reported

2024-06-14 07:27

Platform

win7-20231129-en

Max time kernel

119s

Max time network

130s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a882af2fb6c16bb82545d9e67768d8ef_JaffaCakes118.html

Signatures

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\A: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened (read-only) \??\E: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened (read-only) \??\J: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened (read-only) \??\O: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened (read-only) \??\X: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened (read-only) \??\Y: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened (read-only) \??\B: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened (read-only) \??\G: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened (read-only) \??\I: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened (read-only) \??\P: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened (read-only) \??\T: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened (read-only) \??\W: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened (read-only) \??\L: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened (read-only) \??\M: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened (read-only) \??\N: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened (read-only) \??\S: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened (read-only) \??\Z: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened (read-only) \??\H: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened (read-only) \??\K: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened (read-only) \??\Q: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened (read-only) \??\R: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened (read-only) \??\U: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened (read-only) \??\V: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 407c3b0a2cbeda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000083248d019723424c9ab3a765a7061db0000000000200000000001066000000010000200000008f00605fd125de6b7064407eadc29e70e16f43b2f9ad2f6cb3807c4776863cef000000000e800000000200002000000038582a6ce1245cac59ef83e6307f8df534f9cbb3d7b6f5e036adeaf7f7521de190000000a5e382b04bb03695111be1703b9d6c18b47ae6a31e1550095067606600e0c5709f8a540b7c049abbf32ce1dbfdcf2b4ed0bd0ad3e79d4bbc5382441363ea779f0bf4d285933c2da5e16421003981e9afe1f8bc12e5f770b1ff8b4a64afb55684accdd21778191b330cae9b56760a026aeb893003401d3fc0571ce4702e48fbb150b854184621d828e493744620e4036b40000000ab562ea4587282e461f82f59b276817f7092d3fac8c4f5ac5302b8f725d0c03465d9890d9c8ca5810e12814382fadd6c1e42a286c515184500fd39f2300615f7 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\paypal.com\Total = "108" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "108" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000083248d019723424c9ab3a765a7061db000000000020000000000106600000001000020000000a28b55dae2ec2212a5c1874f4b1886844cb50418fca3e39013c306aaad5b794d000000000e8000000002000020000000d433bc3ba239b1afa6788e24eae54e461547c937d0823aae72e22960e1e87962200000006a580882fb948584f435eb0b1225ddc3acf63a81b849ae674f3daa2a2dc268264000000001ffb85fc427cfed608ca18f5c2ec3a09117ded8484a35f85947c9d7bdb45f15d61ab588ad75babc995c8a570922ee6cfc9e4d8724075d8fd288a12fd8acac2c C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{34FC9D11-2A1F-11EF-888E-CA4C2FB69A12} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\paypal.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\c.paypal.com\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\paypal.com\Total = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424511766" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "124" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\c.paypal.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\c.paypal.com\ = "108" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\paypal.com\Total = "124" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\c.paypal.com\ = "124" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\paypal.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1160 wrote to memory of 852 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1160 wrote to memory of 852 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1160 wrote to memory of 852 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1160 wrote to memory of 852 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a882af2fb6c16bb82545d9e67768d8ef_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1160 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.paypalobjects.com udp
SE 192.229.221.25:443 www.paypalobjects.com tcp
SE 192.229.221.25:443 www.paypalobjects.com tcp
SE 192.229.221.25:443 www.paypalobjects.com tcp
SE 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 b.stats.paypal.com udp
US 8.8.8.8:53 c.paypal.com udp
GB 34.147.177.40:443 b.stats.paypal.com tcp
GB 34.147.177.40:443 b.stats.paypal.com tcp
US 151.101.65.21:443 c.paypal.com tcp
US 151.101.65.21:443 c.paypal.com tcp
US 8.8.8.8:53 c6.paypal.com udp
US 151.101.193.35:443 c6.paypal.com tcp
US 151.101.193.35:443 c6.paypal.com tcp
US 8.8.8.8:53 lhr.stats.paypal.com udp
GB 34.147.177.40:443 lhr.stats.paypal.com tcp
GB 34.147.177.40:443 lhr.stats.paypal.com tcp
NL 23.62.61.171:80 www.bing.com tcp
NL 23.62.61.171:80 www.bing.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar1CF8.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d317f06ed2f24305fcd3c717507e3c05
SHA1 3b6afe62d06054e962ccbff33521431303d8cb5f
SHA256 fa74f39b9d98f2d101706c242781f1d884971f996622a7efd303120e291fe0e9
SHA512 9b9a97fb5da22b3f26a90220c0f54e5cd8e8dacd9901bbc1197680ce3b915ba78bb700a21a1e3202b1f4d487302fcd310042674894c8b4bb9959d868af6fe74d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bfc6d21f97f25490c6f59f10849412d1
SHA1 b431f79a8f69e9b315ee19fd45c8f6efe564e012
SHA256 4d983ce08b1ac0fa424b88acfff30a5410233ef943541007ddf3ac32272d91a4
SHA512 8b59fb164b71a0218e5ec63816c283f5a5bb738a5739666bd93d7b111a7a9a09ab22a13f7fa561db769839a39b57804986d76bae07df62701b0bd818f62a8d21

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 b6a753cfa374050d76676b38299fba5d
SHA1 f11447aa7a5f4d99dc682647efea8d66448f7a66
SHA256 16f3829dcc49a65ccbf4fb4630cc108e02e3180a91b6377b391a9bc618d5cd49
SHA512 39d05afd97625e284261a6da6e25ed846b7279d4175a1d05dd85da1c6f0736fc441edc930bedb81a3c04c1bc88a52ae0f3b2b637fc5a0de33eebe3435a2fa65a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ad80ff109cbcb14fce8aeeb32bcbfe53
SHA1 6553f808b67e3fc981fd613ac15a95b654c6c90f
SHA256 e1d37c3846b35247438e2c31085b3cc7d9667a4d8a05531f0c9e2bb5dedc0eca
SHA512 0f54868d5d639d3006c76663f5a78761d5614f91be5efffc0323fc16d03ce002a39a0a2faf7a43f261ffba5110bcee034ea0aa8b41eb63ea8f0704a5185c3404

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JZL1C4JP\fb-all-prod.pp.min[1].js

MD5 4aab1ec79a8a450412d19edcbfa74bf9
SHA1 67f3d6313d14e8c6685bbcda88783cbd3f9b73f6
SHA256 eb16d80daecb92f5a56606ad94672c3a8aebb683319084407c36b181754aeb83
SHA512 4949bf5696dbd105c742d2a52f6a6ba9041aac9b20acfd3fe4502b3611540719f7318c1f33f6f78b1f3362f0b37e6bf749383b21a3ec4ba838fcf635d07436e8

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\8AMURMSW\c.paypal[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0209524a1461d30ea7a8555b2b5201df
SHA1 c2deb2fa0149ff5d5358db787b1ab0ff4f76ff1e
SHA256 005846ef9d07dc5e213bc4122591285cb7b4ff73b780b41de87dee911b5ee07c
SHA512 185ac99da5328ca7d30fa106bce2b5cba5dfc467f4536376d9f879af01c95d233d467376c958063ddc4d1b607305fcfcea2f14faf99c575e9c16b13c66fafc84

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0ca30c241791d52aea44109d7809acbe
SHA1 03fc31faa1ba8bd571dada517339a9768ebab022
SHA256 2a9f5df40fa106371dbef799c3b24d7d2201fbf25cde2ae51ab9d226d5218e5a
SHA512 9b8bb2c85b00f05c204eab5a74b4616075111ea06a20503e13acfcc526a27f3aed8afb97f7108d6eb479dd9d4d8db5c546b018b4d0094d888a323dc9c34a6753

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 96a6e30a76c99669f5bd3a22fa53517d
SHA1 22964faa0458a5c330d2b60215619814386cc9d8
SHA256 783ca21204565cf9d8b55a74e685bbd87eb25040077e31a63bfc0f426dfe4ded
SHA512 7bd82f3f47f125d2d3dc9bc457d1d3961e2ae9fc5fd5631375715aaa5165c980c6e795c68b15fcd5ba37aa4fb89175d4fcbd64af6b68a05ce890cc439f028bd8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 08de407430946731dd63f74b1fe19b41
SHA1 31a0bc5b161f3582e39e70a671865be6fc277087
SHA256 bd58cae34e3014afbf946a7b31064dce5da57dfad4b2eff1e11ed234c1fb7f7b
SHA512 490601ebcbc940f78210476f33c5bd4266bf9fb982ff251dca9f13f72f770782f64102ccc5f32c1a3ae5ed2221aa2a16d2e25f1b5b95af7ff198711dc95d6f85

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5c67874405cbfac5459faafd7a5281fe
SHA1 970efc74c4711b6ee5a56d01cd805ea482a2d712
SHA256 b2241cb2438d33cfa4356480fd9856e835c93e8d26d112462b7d197a6446666c
SHA512 974255bdde6d974c1ec0e641582609ab96e1d53d729b95a562e7ce4782c808cdf6a3979729dc5de6d4683268007e1ceabddfd960144e376b0d88a2981ed00a47

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e7702ec1a5829d2e0298b1762f40601e
SHA1 1cb3702bf6fdee1b5839fa0402aaee62c876c73a
SHA256 8e456ea3657cf663108cf10395606ce410e107b0693520ef9d648ce8fc8f3d1e
SHA512 61fe632c4d38cb12222df249128176ff3afd1ab877a04f8460409680e1b6ef60d2be9c875cd5e30bc4f7cc71574924a90b1320b8d90c827e35d3940e690bfc6e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f9d9f671f78fd285bd016daeadf9aba6
SHA1 674bccb99b6b05f274a48b6e45f8c0e59fb46e45
SHA256 b74e9f67d2eeee3ac3a5b45ad3aa0d7b5154df11aafbe397dd664cc28f1b1bff
SHA512 c75efa2c6314595ecb4f63e0c38495563dbeeacf5a7f41f7362f88a1f46cad977319b351715c811fce901d342faabbc4114a2397f5888c2b6f70e0a6515b8e8f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 28880e5b795d8ab479503b4ae93c544c
SHA1 e3572e8eaea0f094e1a76e62e4dbacd5311d6f40
SHA256 a8a06910288adf199ab139ed23a9d8477f6655b1960dfe864e771b2aad32864c
SHA512 d8fb6bf2d45f7f0e9c31ef8bcdd668c4a7747212454324d84c42d2015153b83f38d32971902ed7f30c58752b886b8768593ecc9f27037313b992189cd5774694

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f753184c83bbf1b72087800a6452e4d9
SHA1 a10f6bfc0d1f23f8cf864d37f2d77465351a24da
SHA256 2b187074ceb8f89cdff12b5f16897425cf59cf8c2c63f8c86f7b7421450f8a8f
SHA512 8544f6665e0f6abf57ee07a0271b8ffc80784141415a6bb1f9d796cacdf1055ddacc4ad2560ca316affeb2e80904015302371b226e63856b37023ad1bfa5291a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 556882422ddbe9f2d542addaa61d1064
SHA1 2e8e9c490c39c026f2eb98c94fac2cd4e2164da3
SHA256 3bc9bef7dc5dbf37c859c6ac7fb929c99290aaeefa8d5a1eab0c2b38cab64cbd
SHA512 57d62b5f6937e1cb053f3d46f4a7b44db4310f1e2ae7da35f81ba7bbc63fa6f101ddb3a7d2b6e78be05550e5a5179d1cfca83953d182d10c56ee03f47379bc8e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c188d58cb8a5bfae0fbb121d03488e37
SHA1 7be3d329d7716f029ccdc97c8669709cb3d7836b
SHA256 8287f3096ecf59be4bcaf67382c6986264ff1be3a6d39cc6e88d1c1ff68e2b38
SHA512 934b731c483173b050c6ea3087d65d7441d48f83d08b775e679045e794c9c616ddbdd7659bc30178eef7b101eabd7cea6409ed80bb893f376c235dad2ffeb61f

C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

MD5 da597791be3b6e732f0bc8b20e38ee62
SHA1 1125c45d285c360542027d7554a5c442288974de
SHA256 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
SHA512 d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4c6d2fe279a1616070fa505db0dc613b
SHA1 a519dd097784ef49df451b2ff3d65f19ccb0189a
SHA256 4654401198d900da0fece00157ebce42046b5d8301c437d2d47e7edcef963518
SHA512 6ee864759d621b74223590fb53ba025a7119b32cfa59a34a79c25a903c391048b8eef19526a47edbea349a1c4576915ab973a031d5a439fe75df638d8f57911c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9c61512f8b86a5480f86db4382603388
SHA1 ec7c337772f9246fa3abd6d55911bd2eb81e5bf1
SHA256 4e9cb41b02a934e9fb214ff75a7692699afa25b42e6f3011521f0c56e4b34660
SHA512 7135665685e15227dbcae806bf14984e80bb709ba4d72e9cd77968380d0adb4ab92fa2bd9d450be0008bc5529852d836500a206659fa7fcfbe05e0876567d1de

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 637f37898b31c23d3f9c98103273fe31
SHA1 631b62aaf377e688687d1d331ce9c3d6899b20fe
SHA256 576164d58fdc9e1eda2911ffa3b28e9d2c6ea807bb7299a443479e98114340a5
SHA512 0ada0f013331afce093ff6bd525c26fac2b561c7d17d6f62234e46121cf6cf347e6abc2da030ac165dc8ef9b390366bc731727c43dd2ff7ed9618d06f57ccd29

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4cc1ceccb467ac079e6f19b47da7d2de
SHA1 ccb780479136832ca7c7fc11a71d312f86fc657b
SHA256 7325773d3c8b6cd9fbdad1691f79100132db55bdcc2e57f325cca3f91635d480
SHA512 76ea29cad51f7d81d3a8096e6c2d1508a47fc6d532e4eb49c328fc79f1433bd212ba326847d8d13ea77729bbb58a3c34b68039337f666babe07eef2e68a9b0d3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3ac47475fcad6d0eabce011aa5e349ee
SHA1 bd52dfb08918bd5251d1d67781489be7dcd2b231
SHA256 d233fd1e0ba447a9bd91ba9bd3e4c02eaec6071d41304b806f84443dd6be15ed
SHA512 3f1d31739f43f8d1e423da48d68bcf40376641288302622d3a5d65bff21244af13ca4e84df5f12e1ade4b33cf4d9dc181b814810716ec4d29407f32d803e995c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 88756151d64e76a3cb9c8193819c1f87
SHA1 7edb1954490b64006b9cc32ef9eb38c2d0f390f2
SHA256 75bb90d7f0b64c679c33b3b4f1ba03a2b9674831a457679c60e9a9cc225fafee
SHA512 a61de94d766898920c0fb231bd0c666a87ca78e42fde11b511f3ea5c06be49416572f6fa3e292dee3111ab7240da6f4346bec938a5d5d5bbcb4ebf0a78d8b18d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 40439d0086442cee66595298bfd99a66
SHA1 72df4a1f988a6a61b0c29bcf366c07a668a311ba
SHA256 f762db817cc994bef0ed2ff6a4eb0eaf14a6a770fac15e4a975ce235e12d3b89
SHA512 d8de449457bcdb7164aec09eb8327a434c63a4f1049cbb96b17f9bbce6a56ab48fa5c9063cb8864795c4968a70ff3c464ce36620f4eabe759b77de9094193649

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 50df56ac421b7506245dfc8fb8d01ce1
SHA1 cb94663662a4900ec18207ab6ec042e57d44c4d5
SHA256 f31398c6d59015dcc3b78ebef8aed82cdff54908fa7b1a02169361372306be15
SHA512 c861ceeb06b8be2e9e63f477f2e7e72f614c559c8e3cc8b7d377523d055662f5c4fc232748fc1540ea36fb93113be58f22ff927c9afd18e2e92eb73a3c8e71b0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5b66a93e802e440e2a269f79b7ec055f
SHA1 505c97ddd1cc34835e99865775838be74cae16f8
SHA256 b12508739234d6165f166a3c4dcdd84067803d8cdd892d2080a808855d149e68
SHA512 64a81fdf15bf1508b2e6ffa1f2c92c2b2543e6dc57b71912b8fde9cc7461fb6bda63184a6df3c8c5349936a9b98dee371f33b4ebc41dcf0d0dc0c3beb8cef6be

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bb5c57aac4f25d1174bf796505813e6a
SHA1 0e795ff52f3700e78bc6e9e0a5d0e8badfa07abb
SHA256 dcfcabf76ab8b7d1f7a5e930c4b28e5418003e1f27deb40a4b3db4302b91d577
SHA512 dc57e02a1eb7e1723806893bb23651d5f23a40df4df46bfbfb07050b4830d800250c570d584f39fed1b256dc69c5b60fa8443df0b28794e5efb4221d6b41f101

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 07:24

Reported

2024-06-14 07:27

Platform

win10v2004-20240611-en

Max time kernel

149s

Max time network

156s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a882af2fb6c16bb82545d9e67768d8ef_JaffaCakes118.html

Signatures

Detected potential entity reuse from brand paypal.

phishing paypal

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2476 wrote to memory of 4432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 4432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 4992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 4992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 4992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 4992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 4992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 4992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 4992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 4992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 4992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 4992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 4992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 4992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 4992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 4992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 4992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 4992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 4992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 4992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 4992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 4992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 4992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 4992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 4992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 4992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 4992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 4992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 4992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 4992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 4992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 4992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 4992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 4992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 4992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 4992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 4992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 4992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 4992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 4992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 4992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 4992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 2016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 2016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 4976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 4976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 4976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 4976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 4976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 4976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 4976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 4976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 4976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 4976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 4976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 4976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 4976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 4976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 4976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 4976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 4976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 4976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 4976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2476 wrote to memory of 4976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a882af2fb6c16bb82545d9e67768d8ef_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9a24f46f8,0x7ff9a24f4708,0x7ff9a24f4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,1496644006065732313,11812360084556779007,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2204 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2196,1496644006065732313,11812360084556779007,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2196,1496644006065732313,11812360084556779007,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,1496644006065732313,11812360084556779007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,1496644006065732313,11812360084556779007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,1496644006065732313,11812360084556779007,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5876 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,1496644006065732313,11812360084556779007,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5876 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,1496644006065732313,11812360084556779007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,1496644006065732313,11812360084556779007,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,1496644006065732313,11812360084556779007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4216 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,1496644006065732313,11812360084556779007,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3608 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,1496644006065732313,11812360084556779007,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4960 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.paypalobjects.com udp
SE 192.229.221.25:443 www.paypalobjects.com tcp
SE 192.229.221.25:443 www.paypalobjects.com tcp
SE 192.229.221.25:443 www.paypalobjects.com tcp
SE 192.229.221.25:443 www.paypalobjects.com tcp
SE 192.229.221.25:445 www.paypalobjects.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 73.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 25.221.229.192.in-addr.arpa udp
SE 192.229.221.25:139 www.paypalobjects.com tcp
US 8.8.8.8:53 g.bing.com udp
US 13.107.21.237:443 g.bing.com tcp
NL 23.62.61.97:443 www.bing.com tcp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 237.21.107.13.in-addr.arpa udp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 92.12.20.2.in-addr.arpa udp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 15.173.189.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 c39b3aa574c0c938c80eb263bb450311
SHA1 f4d11275b63f4f906be7a55ec6ca050c62c18c88
SHA256 66f8d413a30451055d4b6fa40e007197a4bb93a66a28ca4112967ec417ffab6c
SHA512 eeca2e21cd4d66835beb9812e26344c8695584253af397b06f378536ca797c3906a670ed239631729c96ebb93acfb16327cf58d517e83fb8923881c5fdb6d232

\??\pipe\LOCAL\crashpad_2476_KLRVEHAVFPRUXBBN

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 dabfafd78687947a9de64dd5b776d25f
SHA1 16084c74980dbad713f9d332091985808b436dea
SHA256 c7658f407cbe799282ef202e78319e489ed4e48e23f6d056b505bc0d73e34201
SHA512 dae1de5245cd9b72117c430250aa2029eb8df1b85dc414ac50152d8eba4d100bcf0320ac18446f865dc96949f8b06a5b9e7a0c84f9c1b0eada318e80f99f9d2b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 40ef591179793fd87994e4da7912dfc2
SHA1 1113982a9e8ef7817fcda2c7d6a19bf7edca1fcc
SHA256 b507ab9ee67caa0a1787995f1979c94d95004d0da4a441f2450b6ef8fdf3dbaa
SHA512 a50eea269832b6fa6697d36c171b94dc0c9ac51213a2a6af2e6dfcf01c5944c4bc587125226f72a6349f07a4a1ed477a9c93b5a2f78f71cdff72f3441e5a6655

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 94d5a74dd8b2a5ac2fcc4d28112c94c2
SHA1 0c671fbc44a798b77ad31c5e815a9a00adb284d9
SHA256 c34584e13ce030aa6d26404e00b23169a9437a4f1b66f1bbeb33bf4ba92b3fd4
SHA512 3fcb5aaa25467eb0e3099a538400a43ec1c9ce4eeda9a97e94691f45fcd6a1c76447f13868d5099c250612ad2c410232ff87a6532ecb5b973178b608ac964f2a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b492476b2f603e59a5148640d31b08bd
SHA1 515c259f2cb63a9f0ddd4a6812e282a35c5028bf
SHA256 0a0e6ba45465dc22984444fe5c1d9d57165ca27d41a3b4dc28914192137afc6b
SHA512 af9f3cf9f669e74239038185b84387dbb38d507bbf6aa14f52a604bb7b5a70d6f92188e13e583819e87f9cf25607b778aed97090c5fe9b75298d8de45a58b155

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 10224b654ea603e19e16ee8809b73d2b
SHA1 47d5913717ed0cafcd20b4e844388452a35a56ce
SHA256 4921c41326bb9d9e2423e10c79b6b1b71b3b64e414f30cf84648029004529d42
SHA512 c06ab6f604cadab13411ded3c94dd862b9eeead5d8e343acadaab5f167aa4337f88e0ea7971c7a1db19b77875708a00dad4646b96da6d86b3d47a2125220cc71

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 7c147196a5ff5643586497b62e325410
SHA1 0b2679a52cbd8fc811a60d29be4811b19f85ec24
SHA256 6666ca53593e068f5c1b3d4101d0497725cbd225647af75d52a4d4e088a0eb18
SHA512 86fe25b382bc16537bbf17269175cb8ca986fa27a6a5a999717f188cebcab7c51f53d570e857307d82369a2e21eea741534cdbd8c225512b286b7d4a1ee3fd92

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b74a.TMP

MD5 0fd1742fb581593a6f774204402d8198
SHA1 578827d0ef15905b02fe2ca77105ae33c1c9d53e
SHA256 062f5c45f054cf0197e5dcb9cba1fd41095b53a5521c869081c9ecba57a02669
SHA512 bddca7e564a91312545a0650673464274174fe8843f00f1516d758dff0a89dee8a5844cde088fd661f838288cb6dfe206487a868c3f81b968d32b54f5973133f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 efd079652ad21c50d69ad30ccf61a40d
SHA1 000bc74057bb6ab42d2a160349e1597edb211bc2
SHA256 045646bc1a87f1ce57c87ba8a6ed5332e36f71e667ac712be1df2fef80385f8f
SHA512 35f643af8bb12bb445e3e6ce7577376dc69010ddf8d7e76752d703cb50f091bdeb9947b9718baa6e9e286d69df19a794522e446f29d58dc26dfea571045f51ab