Malware Analysis Report

2024-10-23 17:22

Sample ID 240827-a6f3psvajd
Target c41990300685da6a679df4355a56823c_JaffaCakes118
SHA256 2d2b8a48d05791c86cf5ddf0532f4611fa0d60c627d52bed63a006eacc52c23d
Tags
socgholish discovery downloader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

2d2b8a48d05791c86cf5ddf0532f4611fa0d60c627d52bed63a006eacc52c23d

Threat Level: Known bad

The file c41990300685da6a679df4355a56823c_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

socgholish discovery downloader

SocGholish

System Location Discovery: System Language Discovery

Browser Information Discovery

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

Suspicious behavior: EnumeratesProcesses

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies Internet Explorer settings

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-27 00:49

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-27 00:49

Reported

2024-08-27 00:51

Platform

win7-20240704-en

Max time kernel

146s

Max time network

147s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c41990300685da6a679df4355a56823c_JaffaCakes118.html

Signatures

SocGholish

downloader socgholish

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000d854e951ecdca4792ad3aea80f0355100000000020000000000106600000001000020000000d8429846ffcddf51f7d04f3e93e8a9fc03b89e64c997bdc869325489c5237e7d000000000e8000000002000020000000f2346a74323afa6c405f98a0e7beb427e8995b56d6a4d381b99704735a1717fb9000000033ba196082c791716b610fa02792e655bfe96730dfc81ccc33d51e6a7d641bae9385210489f3deb4c9fbdbd692426ab193bac01e36523b3ed4fca031f78e8cd6d65ac01c37ceeacae13c65a428c93ac359c51bf42fd5d3d72abedcda4b67b344a253fe3ebe2f1839206a67e8c657798ba567b93a33049142b9c92162adc544ad5e96a9f235572ef50298682bf9ef2f88400000003b111fea56cc3d800e146297d4af690e8592df561bd03f4a28f5fc644f658aec3a586390539001a1903a3095e473a75136a839f6e599708a3ad0be4b5e9f4080 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430881625" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{303D3C71-640E-11EF-AF94-46A49AEEEEC8} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000d854e951ecdca4792ad3aea80f0355100000000020000000000106600000001000020000000b319c577a64dc2fd14e9e6e269d7e1e2935543dc9370dcbcd82e276d7869af82000000000e8000000002000020000000e54dbc2d6243b5551e9d662d3223c1c8241a6c3d343cdfac252a89470c36bdb820000000d4832c29a957f5c994990d109a6bf397704221db33e60f0c3ea2957dc176225f40000000ebdae28f8e0c6571393b72db632433a524a6f97a200537302ce6517dcc95bf8cbfacb8b4db884205eab3ddbf49f87e60ec1265b401cdf4454e77be841edc4496 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a03ef3471bf8da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c41990300685da6a679df4355a56823c_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1648 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 s3-us-west-2.amazonaws.com udp
US 8.8.8.8:53 code.jquery.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
US 8.8.8.8:53 lh6.googleusercontent.com udp
US 8.8.8.8:53 lh5.googleusercontent.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 yourjavascript.com udp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 lh4.googleusercontent.com udp
US 8.8.8.8:53 www.newsbeast.gr udp
US 8.8.8.8:53 apis.google.com udp
FR 142.250.178.129:443 lh4.googleusercontent.com tcp
US 52.92.248.96:443 s3-us-west-2.amazonaws.com tcp
FR 142.250.179.105:443 resources.blogblog.com tcp
FR 142.250.179.105:443 resources.blogblog.com tcp
US 52.92.248.96:443 s3-us-west-2.amazonaws.com tcp
US 52.92.248.96:443 s3-us-west-2.amazonaws.com tcp
FR 142.250.178.129:443 lh4.googleusercontent.com tcp
FR 142.250.178.129:443 lh4.googleusercontent.com tcp
FR 142.250.178.129:443 lh4.googleusercontent.com tcp
FR 142.250.178.129:443 lh4.googleusercontent.com tcp
FR 142.250.178.129:443 lh4.googleusercontent.com tcp
FR 142.250.178.129:443 lh4.googleusercontent.com tcp
FR 142.250.178.129:443 lh4.googleusercontent.com tcp
FR 142.250.179.97:80 3.bp.blogspot.com tcp
FR 142.250.179.97:80 3.bp.blogspot.com tcp
FR 142.250.179.97:80 3.bp.blogspot.com tcp
FR 142.250.178.129:443 lh4.googleusercontent.com tcp
FR 142.250.179.97:80 3.bp.blogspot.com tcp
FR 142.250.178.129:443 lh4.googleusercontent.com tcp
FR 142.250.179.97:80 3.bp.blogspot.com tcp
FR 142.250.178.129:443 lh4.googleusercontent.com tcp
FR 142.250.178.129:443 lh4.googleusercontent.com tcp
FR 142.250.178.129:443 lh4.googleusercontent.com tcp
FR 142.250.179.97:80 3.bp.blogspot.com tcp
FR 142.250.179.97:80 3.bp.blogspot.com tcp
FR 142.250.179.97:80 3.bp.blogspot.com tcp
US 151.101.130.137:80 code.jquery.com tcp
US 151.101.130.137:80 code.jquery.com tcp
FR 142.250.201.170:80 ajax.googleapis.com tcp
FR 142.250.201.170:80 ajax.googleapis.com tcp
FR 142.250.178.142:443 apis.google.com tcp
FR 142.250.178.142:443 apis.google.com tcp
FR 142.250.178.129:443 lh4.googleusercontent.com tcp
FR 142.250.178.129:443 lh4.googleusercontent.com tcp
US 172.67.70.63:80 www.newsbeast.gr tcp
US 172.67.70.63:80 www.newsbeast.gr tcp
FR 142.250.178.129:443 lh4.googleusercontent.com tcp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 13.248.169.48:80 yourjavascript.com tcp
US 13.248.169.48:80 yourjavascript.com tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 142.250.179.105:443 resources.blogblog.com tcp
FR 142.250.179.105:443 resources.blogblog.com tcp
FR 142.250.179.105:443 resources.blogblog.com tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
US 172.67.70.63:443 www.newsbeast.gr tcp
US 172.67.70.63:7080 www.newsbeast.gr tcp
US 8.8.8.8:53 ocsp.r2m01.amazontrust.com udp
FR 216.58.214.163:80 o.pki.goog tcp
US 8.8.8.8:53 ocsp.r2m01.amazontrust.com udp
GB 143.204.67.183:80 ocsp.r2m01.amazontrust.com tcp
GB 143.204.67.183:80 ocsp.r2m01.amazontrust.com tcp
US 8.8.8.8:53 jqueryapi.info udp
US 45.33.18.44:80 jqueryapi.info tcp
US 45.33.18.44:80 jqueryapi.info tcp
US 8.8.8.8:53 accounts.google.com udp
IE 74.125.193.84:443 accounts.google.com tcp
IE 74.125.193.84:443 accounts.google.com tcp
US 8.8.8.8:53 www.google.com udp
FR 142.250.179.68:443 www.google.com tcp
FR 142.250.179.68:443 www.google.com tcp
US 104.26.0.146:7080 www.newsbeast.gr tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 2.16.170.49:80 crl.microsoft.com tcp
US 104.26.1.146:7080 www.newsbeast.gr tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 172.67.70.63:7080 www.newsbeast.gr tcp
US 104.26.0.146:7080 www.newsbeast.gr tcp
FR 142.250.178.142:443 apis.google.com tcp
FR 142.250.178.142:443 apis.google.com tcp
FR 142.250.178.142:443 apis.google.com tcp
US 8.8.8.8:53 www.frontpages.gr udp
US 8.8.8.8:53 trial.templateify.com udp
US 104.26.7.86:80 www.frontpages.gr tcp
US 104.26.7.86:80 www.frontpages.gr tcp
US 104.26.7.86:443 www.frontpages.gr tcp
FR 142.250.179.105:443 resources.blogblog.com tcp
FR 142.250.179.105:443 resources.blogblog.com tcp
IE 74.125.193.84:443 accounts.google.com tcp
IE 74.125.193.84:443 accounts.google.com tcp
FR 142.250.201.170:443 ajax.googleapis.com tcp
US 104.26.7.86:443 www.frontpages.gr tcp
FR 142.250.201.170:443 ajax.googleapis.com tcp
US 104.26.7.86:443 www.frontpages.gr tcp
US 104.26.7.86:443 www.frontpages.gr tcp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
FR 142.250.179.105:443 resources.blogblog.com tcp
FR 142.250.179.105:443 resources.blogblog.com tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 142.250.178.129:443 lh4.googleusercontent.com tcp
FR 142.250.178.129:443 lh4.googleusercontent.com tcp
FR 142.250.178.129:443 lh4.googleusercontent.com tcp
FR 142.250.178.129:443 lh4.googleusercontent.com tcp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 216.239.34.36:443 region1.google-analytics.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 4103c21cede21cf344955d79f5f87220
SHA1 27a810c177f163fbf28668bee674c0e865057b0d
SHA256 d10ee069105b107056114cbd3c1a25feeb99c0cfb59f4e6a9d7105dc943a0f58
SHA512 d890a2aaf627e858959825e9c1c14435a8deeff7d1c2c84670067a4f086a5d4ee1f29e3ab8b72c32ec4234cb13fcb9eb0f4cc91a5af4cceb577d91e4ea9f1fed

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 1ffe8f498bad862bc2a7dede4a6529ed
SHA1 7330b4be5e2af85c1f8355a113b5f6f51cd17c08
SHA256 d97d131ec62cc3eda2723d768dcc9880ae00b5276e44b5d081b962fff1944812
SHA512 dc1b20d15669157334353095ec8634cbe4402288c312f77f01879dc96fe5e3857dbfd1c066094302b916810989979bc648b3b34a42394f5300b76a87ff335232

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 8e17c363a2c96cec47a9f1d31e3d65be
SHA1 c18a2bb9a57a193dd953ea21f37586e4bcd2f493
SHA256 dd59c5aa9c4d952b771ef57314a2668d097325c7a5f41c29a54ea391a27b9faf
SHA512 2b0d4545e1c677b8e068ce246c893a8e9163c7c104d9baff3a546f737015e2f794380d0d18ad6d730b465a4dc5efee56af5152911517d36078616bebcae64c54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 886e51ff3d31a1a4fe002df4b640474f
SHA1 7b3a58696269427cce518d6558aad5a2786048fb
SHA256 2baf050961088a60e74a415028c7b8fa80d5857961fc756536ea030e7863c62c
SHA512 90dea6a7d5fb2e4b15f3640b174822a80239b23a703c346552e0848c27bb82a5cbd5b607b9b73a445b8d5ecdb75a8a57cad3f22c85f526c4803bc2af26bc9c2c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

MD5 e935bc5762068caf3e24a2683b1b8a88
SHA1 82b70eb774c0756837fe8d7acbfeec05ecbf5463
SHA256 a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d
SHA512 bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 261b198cee8a4dd15bbb27c8ab761d0e
SHA1 744f8366270aa7e7401882f0496970d40b3982a8
SHA256 2aac0ee4b48c6dd501c157c756563dabeeca7c60c2b43dbb650c2b6f94e0601d
SHA512 554f9b96ceded5cee478f1058d914b46d25fa35c8888df3ba9e5374649e3013c93dc7bced14b40041c148dab96940100321be29a7e4ce0802ddf65ccc666fe8b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 09035177325d97300fa7426786a5a068
SHA1 688a0b5d621138770f22c665cadedb05c022e075
SHA256 f41ed4498f51f870e3967c98ca447453386807459260f66ddc513e359a8cdcf6
SHA512 5848734c6a15bd12fe01704121d3264c1bd33fc30d74e2d18ba009d91062be137ec3837091b38570a1c01e97e37143dd334fdbf7acf4721f22cb54c04a6f45d8

C:\Users\Admin\AppData\Local\Temp\CabDE8E.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\TarDEA1.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C02877841121CC45139CB51404116B25_9CE832D646FBAFC5C4ACFC523FDD84AD

MD5 6971e5cd65eeec14cc93e34576c97ffd
SHA1 54133cb4f16e9df5bc1168861b03ff402a8fa1ce
SHA256 46852972ea7c84b833e542201f862f9622922b2ed3a7aa81987c0768d6a41b43
SHA512 aba961478431e7a06ee1b8a3086fa8d16f56dce1262d5e416ab3304170dde40d8f5d4cf9535b66d8d5aa66eb18c9398ef7258373cf78c8d57bb0bbf3223f0f06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C02877841121CC45139CB51404116B25_9CE832D646FBAFC5C4ACFC523FDD84AD

MD5 450dc0bbf8e07f9a8b110401eaed4678
SHA1 5e65fcebc3491e4b8ffaa466ff2a70d691a963ab
SHA256 aab791856f85cae786db8a8dd89d1f3b9964a7251f44941ad3133bebc8167622
SHA512 efbe3eb4290addcb52df1c718984042b3472362587c02de591bab64019bc0989e0090cd77b257acaf2544408e038164ea65427916bfd1019bd0da2cbac810d23

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ca6ebee2f720bc0abbc1ed8fa996c86f
SHA1 a7d7224c4e9da32278b52d4888e2cf7b2487942b
SHA256 6e1e54b2213017d293e9f89190e685ad69c3d8444a316f8f20ed419c2e1242b1
SHA512 69f86ba1e97ad69a45fdcf8a371464f8c097367591d585697ebff5b41a8f75d1ddd59f3faa3490a5826420b716e519b1183c6bff5d48d044df8040fa51286918

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2bc2e07e55573e21d21283c928ddda22
SHA1 247773a95899291d3f32c74c6e7eeeeaa086001d
SHA256 93bc5f06bb138825c2a47e03263df03ed8c1bc92b6722f543367ff588ffb97a5
SHA512 0ce4f997b404d7a0586072f29964be048c0b617ab7782eac05944bd080ff3521824d05adc4a57e429b7634383a7acb5f16a9ac7e86ea2a296638bcad6a5ef381

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\84EXSCRK\QHG14P50.js

MD5 67e216a27dda24bdcb086c2385b0cb99
SHA1 17141c80f5d32bec3691c5ab24741d8b7dd5f0c6
SHA256 9dc433b2142d3ba0803fcffa53f19d34da26996d20c829df6d694bc887325dd7
SHA512 802319543dc64cb011bc2684004e878a842b73aa55e4da1141ccb8650cbf42fabbf2b46c730760bbfcc7a140e11700244b9f5da78bafe9fca7ec7825c12b4255

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 393ceb9d0e1164ecb10b270594aa2905
SHA1 ca8fe6d1cad42a07747008b08d8ad82c62b0302e
SHA256 a7cd1e9d3c1883df45cf58c88bada482fad0899a11d58e6d4de5150efbcc576e
SHA512 37169b6f4cae34b68a508d0c413fd64d8c1b6db3378ab4ff0017e374960063cdc3e3b7255cfbfa5d01ea6a73aaa1411087eeda991fe2c30136ec2860c2c354c8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 667df328ba3a40b4a0c4dba3813b6fe1
SHA1 16317ddc25aa0982fe444218e2de1c69b09b22a2
SHA256 7864043a7d9b2c1cf339966b77d02df41ac4e05e3747fea199a6acff5fa7cd9d
SHA512 067f7f747c5eda4a20e84e60a6f3504b52c63cb920b90abd1a2fdd873d06889dd840090e9643edb5dc6b9acf7e25ceae323cea9aa29cafb9c04ac94baeca6c93

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a107361860e9a59e2882865e2049ce23
SHA1 ba8011aada716e960d0bd3da1da2f12e3f0eccee
SHA256 50a55e903efcbfb0877e44c80243270f509396f39975c869d8bc444c30481894
SHA512 3158d21a4050d1261a2d5033f071ba3f6c06dac679d8e1344635c68e60de3685c71da6dfc3b097c133871833449be7850e9519f55dbc78e0e63af5dc359b1c0e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 c41bc9e8a4cd1e2e5123ddd992a30a15
SHA1 0cbc1b6e0d378e9e75f7c04f643f5a6acf44a660
SHA256 0ea2b844347ddb1f735d570e35279af7ac23cf7bb8f69a6cf0853a7d37a4fb82
SHA512 56c66b42cbdd2922fa5904cbb0fc610ecc98b81790a43b65bfc1b754b5b9d28c0b33d8500fb98e7fee0288eb70a2c43e9fe4f01319a9e89a3b46e544158db85a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9c67b66be7aee0e4e17632b34f606b0e
SHA1 fee8e4870fad65c7eefc08875e807a02c01f1fb6
SHA256 78e20ffe97163237241a6935c0d90af2585851e45f99893307efa9af24a917df
SHA512 54e2982ab8ae7fdbef68684d88a7531e2fc45cdb4e09041e4f91f226d48551c18805e2d2b7221f33f0eb8132e6079e711e6953561ace21f5aa1bec75a1d357fc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 56f80754bb7f1c9ecba1ecb7d3eabfd3
SHA1 d42fc672c0a0c71c89ec5dc2c694e62bd736bd2d
SHA256 edb726cb24fd303a156c3fdaeb15dfd6e2d2a97081840df97c508efa191c8422
SHA512 ef44d762df253b7d6b8ab36cfa4c423f136e1c66217afc9f4610162ef9cba1bf8988cc89330faa42a988bfd1ffd4b7e3ed7e29abb31f31a0f8858afbf6fabbbd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 da57fd5533886a418cf1252f4ca786b3
SHA1 f5cc70431bac1518cc1f6af4cb7f2e1986702e8a
SHA256 a344e4c0c39c44732b9bc70634ec6a78939dd9a0f2130b5b7a510f8aaeadf820
SHA512 922f7456951dcf609d65fa24a2ba7fa09d5a931bef625cabb613279a2600f1a981078ac9d95f613ebc1dce7bd35399eb0f5a1dcb06df24aeab308fab970ad597

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7404c197116e5ae4c1cf495622ac19bb
SHA1 761c3700d9330c2aa7b41c2a5f7b842365f6f885
SHA256 c557a914f841cc36632eebcdb5c401299a87e8a8dca173f2d25f0dc6ed2b9b52
SHA512 d008f696ebae725b6ac2e9668cca69282871e504477a6abd29ac623fa1f40459d27b67f208d50083a13da6cddb6ad28d6f3c11a1ba376ba97b493b2057ff5059

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2f4721f1e633576d91cdaaa24d7cedaf
SHA1 522f2708ece3a453d05a4506dcf5cc37593ad74f
SHA256 4ebff525fecc922b92934c7c9d986c90f03c8791b14a73b61bddcaa14bce14c7
SHA512 97589d30a90521b721e78d9b421b4269669a162a08cfbcf82948585e4104b8ed63ce54b856a8f2356c1b37f34b8cc4be9420351be8bb66738cd9f11f9280ff60

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 27a8d97afe12a1889265a856913537b6
SHA1 b99c821b321fa913aef1e045d488a95194357744
SHA256 b9a0b44ea921e4beb9d4c5c061676d4954170276bebfadb6de94ffda6dc439dd
SHA512 13ec1db4be8e408e553914d1f6cd05cd231e64ce06f51c821df1b9843eb7d6534e2110e72eee43dd82d7b9d1b3d2c3df9282f873d6839a2270ce1a858dcd7de1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0905817a53d36316f9e8d29bcc740857
SHA1 5fcd7eef5bb46a8361f68e4e8a815ad22be30100
SHA256 8f1158d99122747fe98955801db9740caae3fe4d4bbae511284222fc55bf1ebe
SHA512 5e7234c6e8c71666cc7261e79ad315191df8f9a2b4b3f6b2af34d36e7cb6d52ddc87d91a967e6fe4b1e1a713ce21a24a4a6399dcb3e51c4da4567d8ade076d13

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5de5282ccf4bd65c5a6a776b96f8323b
SHA1 fb6568a375673563da3295cfb291054f209f20ed
SHA256 eb092c9d84b5872b2bd7053527ede4f41697e273ea0958c546072df9f548b79a
SHA512 cedf87a5c0a530a01e3414f1f5ae331df24307f711e8b95394f15e852685dcc21e216da9ed86a2fc7a0e46bf4f545d30e8c8b6ae128769fc226ed88b74577d2f

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J7FHNNOW\platform[1].js

MD5 45e854a35529759d934c731304a43d38
SHA1 a8df66d8d97fdaf183b3b8b806233b4ac0659eb2
SHA256 a545c66e7db300836d0f8e0c5c407c6b44baa277e32d744e08d331c7c3d6ffb9
SHA512 5efdd24697fc8247f9a1f8ac3e80df23efdfee54a25f8b63565276338177b36b90fb3a5f80c8654f91922e3f668798d37b4379bb41bb4059965f915287729e48

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J7FHNNOW\cb=gapi[1].js

MD5 cb98a2420cd89f7b7b25807f75543061
SHA1 b9bc2a7430debbe52bce03aa3c7916bedfd12e44
SHA256 bea369fc5bdd5b9b473441583c46b9939232bf1f98c1cedf6bc2241c4f5068d4
SHA512 49ccede4596d1e5640a9c8e8be333f9c18812d58f02b2b15adb54172df1387439e9dc5afc4ccd9d8f0f75f092318bed68d3cd577338e88ef4f9373de8a07c44e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e9808561f11af4d65f7888d3f0511244
SHA1 6bd1a8aa14e77df0c8172b1bc39b2a331b25a7e9
SHA256 9816bb816899d9ec1633a82894aeab2c2b054a8f4940b226ca7537d8de72e19e
SHA512 a5bd11b50c336ddd304ce52214efe0a3d2989583b4f56f8b5f1d8d5fbdd2723335584925071b1e63251dce8a17e2e451e08bd0e656bf81c554f26030109f3a47

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e3a7b6c01454a3b0572ff353ca20cdb5
SHA1 d47fe694f6fe1324cee4f0d7242c69003985a158
SHA256 2f0eb5a491114e64cc4fbbd3ba98374ff9b886531bcfe57ff8962f7f5ea43874
SHA512 b7175b3e138cf1a5e08b8c14acb22b2cd2bf8dae18181791178f93fa907147d1573ba16949df5e92b0707b9dfeb109179464df9c3a8349493ee5822ccc3efddd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2f6a23cce2bfdbd87fd799bb7c4fa806
SHA1 6662e336f85ae7ec9deafc884260bc9147c8c267
SHA256 907880f03c647ce9c79c6cf94d908e0e7f0f59591f33f55229a5c86c01aa6713
SHA512 93ce21d3ef38223aca23f01199a5608096d3b9298a05401d735a41d5e606d19dad996dc0142d9fcdd1c0c4623bcc65c45593f9c2b1be0d86aa59535ac879a25a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ba1583c42a5aca907b5a4039f6c77daf
SHA1 3796ef68a07fab30da0e756e9e4f3c8a97f574fd
SHA256 61b16ba5e74d7008ea92f00936d188c46ad9ba48e45ad5ff5c9e506a6328c5cb
SHA512 f5a0f2ad6ab1495ab3e4c46d603e17c72c14670164c342141a06ad6de4a16641d06a1bd77023606369b77274478b4a4ae8e37c8aad8a18c596a94b69de7a0cce

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f8bd8e7a2c1ee01e56c4a8afe2d310a0
SHA1 c13492b8c0267c8b7b73d31d0d22dbf7a3d92e84
SHA256 ef149324e31a0a515a3659fcab15abf9c4ada6b2835d2ee4b0482958b8ea08dc
SHA512 a583c5229d2938af3f5eeb405bc6174e0fab29527bddcad6445a0c540889e948a82df8340ac7a6925b0d5f20d37ad697ceaa9eae6f62098cb121742281344e69

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4efa53a7b46b6d974d676cd9c7c82841
SHA1 e0fd672f180a2fda43c397a43ca2df66cc675ec3
SHA256 45b35cf6996e0e799b37687d6e4a386447bb02202043459d38e54f30509b4ffa
SHA512 08e985d7a258840c20e282910f9c948150f6b42ae47ae0aa011b32c332a381f2796c62eb8336fac8376693fb38337589b923946f56afdceb19bd9cb356aec1db

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0abdd39160c898cad435a6d5a9867556
SHA1 1157a51fec9d341d858ec9367bd8b9ac6d75eb9d
SHA256 a2271fb52cda23b002e07898238c8f82e532ee39bb6518cd5a122a95b9d77d5a
SHA512 006f7bc8d6be580ad2827155fb4de972e97ecb1eb4289d6406d0ee6d80320cc0c1fa8b5dc75a955dae686f45ae5dc6c8ba65e15ddaa48abc0548637d0f45f246

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7e3422708a775b22189006dc3958c23e
SHA1 edf6988ce650751551f34ed53011aace28a0e5c5
SHA256 b56e188e1d84fc57168c0257e0765eae571c30e88d3155b2b8317d56c275a88f
SHA512 8753a6d1811bd251216d39b207ace494d9b74ed6932cb52fe1f4247d97ae126bec65f65a6239ce367fdcc58ec36508354235a9a5313b3153241af7fcc0485de1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e23dbb547c128ab76c20ed055d5a4368
SHA1 8663a63f4705e841582227b2ce5d929bc7133aac
SHA256 de2c12c87f43c316fa66a9cc5ee7e6271193ac0608ae146d264806d33e969be8
SHA512 0f7999eb6912af021b1c79c245522bed5bb0a2a71b4d469bc88220dd5abbd6869fc85f8dfa5c7136f8e23824459cfbfdaa43e1035c36c0b021a2c98ff7b9d777

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 655bc380b215d2858581e7fb26884f2b
SHA1 5334dfa69302b4ae6ec8835d902f6a7cdab9a4f4
SHA256 97d6c0243483ca8e4f588fba88d1b07e55bb9cd4bf3c93a8ef35fe4d310dba46
SHA512 f49399201168a2dd45ffcc33939cd6c1c7676067afd422ded0666a848ff050f1fc030a5afa1775dd760fc40286d3bfdc1130d7c400691966dcde129488ab5fc1

Analysis: behavioral2

Detonation Overview

Submitted

2024-08-27 00:49

Reported

2024-08-27 00:51

Platform

win10v2004-20240802-en

Max time kernel

148s

Max time network

150s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c41990300685da6a679df4355a56823c_JaffaCakes118.html

Signatures

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2664 wrote to memory of 1140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 1140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 3204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 3204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 3204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 3204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 3204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 3204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 3204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 3204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 3204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 3204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 3204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 3204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 3204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 3204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 3204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 3204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 3204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 3204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 3204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 3204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 3204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 3204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 3204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 3204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 3204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 3204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 3204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 3204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 3204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 3204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 3204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 3204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 3204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 3204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 3204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 3204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 3204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 3204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 3204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 3204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 4716 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 4716 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 3280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 3280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 3280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 3280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 3280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 3280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 3280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 3280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 3280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 3280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 3280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 3280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 3280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 3280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 3280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 3280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 3280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 3280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 3280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2664 wrote to memory of 3280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c41990300685da6a679df4355a56823c_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd790346f8,0x7ffd79034708,0x7ffd79034718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,10530301559248688318,1891193063904548416,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2044 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2024,10530301559248688318,1891193063904548416,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2024,10530301559248688318,1891193063904548416,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,10530301559248688318,1891193063904548416,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,10530301559248688318,1891193063904548416,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,10530301559248688318,1891193063904548416,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4892 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,10530301559248688318,1891193063904548416,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1256 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,10530301559248688318,1891193063904548416,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4700 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2024,10530301559248688318,1891193063904548416,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6224 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2024,10530301559248688318,1891193063904548416,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6224 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,10530301559248688318,1891193063904548416,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,10530301559248688318,1891193063904548416,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1696 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,10530301559248688318,1891193063904548416,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,10530301559248688318,1891193063904548416,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,10530301559248688318,1891193063904548416,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6104 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 code.jquery.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 s3-us-west-2.amazonaws.com udp
US 8.8.8.8:53 translate.google.com udp
FR 142.250.179.105:443 www.blogger.com tcp
US 52.218.237.16:443 s3-us-west-2.amazonaws.com tcp
US 52.218.237.16:443 s3-us-west-2.amazonaws.com tcp
US 52.218.237.16:443 s3-us-west-2.amazonaws.com tcp
FR 216.58.214.170:80 ajax.googleapis.com tcp
US 151.101.66.137:80 code.jquery.com tcp
FR 172.217.20.206:445 translate.google.com tcp
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 137.66.101.151.in-addr.arpa udp
US 8.8.8.8:53 105.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 170.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 16.237.218.52.in-addr.arpa udp
US 8.8.8.8:53 translate.google.com udp
FR 172.217.20.206:139 translate.google.com tcp
US 8.8.8.8:53 6.39.156.108.in-addr.arpa udp
US 8.8.8.8:53 yourjavascript.com udp
US 76.223.54.146:80 yourjavascript.com tcp
US 8.8.8.8:53 www.linkwithin.com udp
FR 142.250.179.105:443 www.blogger.com udp
US 8.8.8.8:53 www.newsbeast.gr udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
US 8.8.8.8:53 lh6.googleusercontent.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 lh5.googleusercontent.com udp
US 104.26.0.146:80 www.newsbeast.gr tcp
US 8.8.8.8:53 146.54.223.76.in-addr.arpa udp
FR 142.250.178.129:443 lh5.googleusercontent.com tcp
US 8.8.8.8:53 resources.blogblog.com udp
US 104.26.0.146:80 www.newsbeast.gr tcp
US 104.26.0.146:443 www.newsbeast.gr tcp
US 8.8.8.8:53 accounts.google.com udp
IE 74.125.193.84:443 accounts.google.com tcp
GB 163.70.147.35:445 www.facebook.com tcp
US 104.26.0.146:443 www.newsbeast.gr tcp
US 8.8.8.8:53 129.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 84.193.125.74.in-addr.arpa udp
US 8.8.8.8:53 146.0.26.104.in-addr.arpa udp
FR 142.250.179.97:80 1.bp.blogspot.com tcp
FR 142.250.178.142:443 apis.google.com tcp
US 8.8.8.8:53 www.google.com udp
FR 142.250.179.68:443 www.google.com tcp
FR 142.250.178.129:443 lh5.googleusercontent.com udp
FR 142.250.178.129:443 lh5.googleusercontent.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
FR 142.250.179.97:80 3.bp.blogspot.com tcp
FR 142.250.178.129:443 lh5.googleusercontent.com udp
US 8.8.8.8:53 lh4.googleusercontent.com udp
FR 142.250.179.105:443 resources.blogblog.com tcp
FR 142.250.179.105:443 resources.blogblog.com tcp
FR 142.250.179.97:80 3.bp.blogspot.com tcp
FR 142.250.179.97:80 3.bp.blogspot.com tcp
FR 142.250.179.97:80 3.bp.blogspot.com tcp
FR 142.250.179.97:80 3.bp.blogspot.com tcp
FR 142.250.179.97:80 3.bp.blogspot.com tcp
FR 142.250.178.129:443 lh4.googleusercontent.com udp
US 8.8.8.8:53 jqueryapi.info udp
FR 142.250.179.105:443 resources.blogblog.com tcp
US 198.58.118.167:80 jqueryapi.info tcp
US 104.26.0.146:7080 www.newsbeast.gr tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 104.26.0.146:7080 www.newsbeast.gr tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 97.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 142.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 68.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 167.118.58.198.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 30.179.139.118.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 172.67.70.63:7080 www.newsbeast.gr tcp
US 172.67.70.63:7080 www.newsbeast.gr tcp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 104.26.1.146:7080 www.newsbeast.gr tcp
US 104.26.1.146:7080 www.newsbeast.gr tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
FR 142.250.178.142:443 apis.google.com udp
US 8.8.8.8:53 www.frontpages.gr udp
FR 142.250.178.130:445 pagead2.googlesyndication.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 104.26.7.86:80 www.frontpages.gr tcp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 86.7.26.104.in-addr.arpa udp
US 104.26.7.86:443 www.frontpages.gr tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
FR 142.250.179.105:443 resources.blogblog.com udp
FR 216.58.214.170:443 ajax.googleapis.com tcp
IE 74.125.193.84:443 accounts.google.com udp
FR 142.250.179.105:443 resources.blogblog.com udp
US 8.8.8.8:53 trial.templateify.com udp
FR 142.250.178.129:443 lh4.googleusercontent.com udp
FR 142.250.178.129:443 lh4.googleusercontent.com udp
US 8.8.8.8:53 174.20.217.172.in-addr.arpa udp
FR 142.250.178.130:139 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 babushkag.blogspot.com udp
FR 142.250.75.225:80 babushkag.blogspot.com tcp
US 8.8.8.8:53 225.75.250.142.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 2dc1a9f2f3f8c3cfe51bb29b078166c5
SHA1 eaf3c3dad3c8dc6f18dc3e055b415da78b704402
SHA256 dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa
SHA512 682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25

\??\pipe\LOCAL\crashpad_2664_HTREUOOEKXIOEOSB

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e4f80e7950cbd3bb11257d2000cb885e
SHA1 10ac643904d539042d8f7aa4a312b13ec2106035
SHA256 1184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124
SHA512 2b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 88ff21b9c1cf498957e011a4a599cbff
SHA1 600cbd0d4d7c1d5e5993fde25e90d906d2732f78
SHA256 f5072aa2de5d162bf1de68e911ede3da37da9a892d3842f9eebfcbd0108947d4
SHA512 998ed6a39d1b7f04480631952414c694c8a6b4696e7065f3d86da7bf69d3943c8f219fb48d5971d75c73723b538ade57c513c5deb84f0a8b2e6d168b9c38f048

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b6d12fb0b78bf8c3616d55107f1aff67
SHA1 2b9da0e0e99caab2b4fa3e9a3981c9c872eb8e01
SHA256 5105fea3a06fb630c68e8cb5e7306df98d5f4b9846fa39a8ecf40d3c660912a4
SHA512 429699a07c444190cb786b876f2a4c958ab764a968d83307d158d422792b8f5c18e03096802f80bb70585f373f4b2374075397db2ec7f53e07b9a0d39d49daf7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c3a67a2271bfa476183ec31fe9d5df4e
SHA1 e63482a071808797bf5eee302bd3c0ee16f1a46b
SHA256 bc07c06e92e19825aeae7fa728d08bb374b1403795bfe80d32a286c51cbe4764
SHA512 830bd6750c091ce647f63d565ad2710797e5975bb845a8f550728d247bc0a97afd7223d5afeadbc7437d3aac4e916aa64e6e76dc532cfa972e4fecbff02b38fd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 2de612ad1561b1becdc33c35b5c68cca
SHA1 4b0f9e62d2f53ced95c68e9fc7ac75bf3c2bae45
SHA256 719b6c6e27f4aa83746a73ee1e2c0c753ee064fc37a3270ff8dfefbec3dca7f6
SHA512 1405d774c009cbc209b08a519843f7704be0182202fb60a84e2e9088d58bbad4c5af5d2b88280bb7b4f39990a63fca70581ef8e51ea9cfb3a94145412bb981cf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 760019b9373f959edff3e40127e8fc5e
SHA1 25ede2850385c2e7ca5e29218bf513a7d44c749d
SHA256 53a1d79abcc985f1bfffbbdf0b60361e54f3c9c92360559ebe3d6572c96f8e06
SHA512 26da48e3393c8847501bb26ae434314f105dcff9dd6add6a008f4dbc4e9a986a3d64bc4b7660f673eec709d2a87e8830980995688e79c539aa2ab8d8cbd194f7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 5d1bb0352bd793337db670f646ea3fc8
SHA1 30f5d95b16b15cf7c78d28d13dc2f6213de87413
SHA256 126a25036be980cb312e65a232ea528b9250fa28c990becfd789b475751778ff
SHA512 2856638ec184f31dd91a4b1abb4e8d2f77a2b19a3d26442676f5d026e3856801c668c49828887da8618da60409b60acdbcf264fdde7520e30f3a5593a080c705

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58d7bd.TMP

MD5 0fc371dd1a27d3042557c19157323218
SHA1 597b4b66322b82b9de36a823dfbbbf0aebe3a56d
SHA256 2405ccdccb7f48df78f2f029a5841424e54313d361a759953529f3eaa1fc49d6
SHA512 7d2d5dc9971cfcf9ca762015c6e5369a56b6016e9156eb6ff731872327cffd9244a0b4208adfd249ee61e569f072fd3980c640f7854fa0a22b1eb5f6fbc4efef

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c72a621bcdd70e84579b33919009073e
SHA1 a9e8d43411433855691374e440bd656c78a62ccb
SHA256 1363fff0584cd35724ba84e12ebbea1c3e41d19208836bd85d107676da45bf72
SHA512 f095321eb1101f6f61993093cbef33991a55225830864c2796ff3f92f5de7642e3ba6976048f50a6e47f59fd45fdf5f056a73ad086ae61f4f020ebccc24a4f48

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b0eea211a4f888fb9e3e20414ca59c34
SHA1 5f0f837f17ef5e87d93350173983af9b35bbf4ed
SHA256 8a26bdb63166c8917b6c513e9e0c2ec2ff8b9f35f13da58c235107c068c85cbf
SHA512 3b6d51df0faf7f3a21589b4c45085e03821fb4a5b6bf875b56592731deef15275ad9615e91cde22fc4bb0e24394b737c0265b17eae9cdf2491a24e57f6eb8844

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 15f7f70affc2336034a59fe37a41f74f
SHA1 a4b5bdfe1c366e02544b61f1f0aa86e646224cef
SHA256 977a25c719e25e303d42d66820e11e55346cbdff8445fa118e09bcc80c0bd527
SHA512 950d6ad50893a72e42906a8084d1c15bd6a334cea90ea1515afe308fb7f38dc860c06ddeb1be790e8213a181dd28fac2aa21f728ae28df1729529979081aafaf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 bcad08549dda81a47459610f4fa452f8
SHA1 4986aee73d9bbe9aca81626b2947b9cb4bd482d2
SHA256 99ec4684286c259eab0cfd38439a60861f01062cca9a13cb4f6ad74a9a53cb26
SHA512 04a1f2c832ee90c4d2a9f7b230fe2d4136908ab087f66232e09fd2dfc9335c32f2e482942fe6b85edae3ec5b272d5f036ccab522c35abe3c6ab711eb4a6cf070