Malware Analysis Report

2025-04-03 14:22

Sample ID 241211-eq47tazrdm
Target dfd3a4836338803d94395471ea488a2b_JaffaCakes118
SHA256 aa766e38b99e62bd2713314ce47fe80186f096ca1c69e143cd63ad5d2039446d
Tags
socgholish discovery downloader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

aa766e38b99e62bd2713314ce47fe80186f096ca1c69e143cd63ad5d2039446d

Threat Level: Known bad

The file dfd3a4836338803d94395471ea488a2b_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

socgholish discovery downloader

SocGholish

Socgholish family

Browser Information Discovery

System Location Discovery: System Language Discovery

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-11 04:09

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-11 04:09

Reported

2024-12-11 04:12

Platform

win7-20240729-en

Max time kernel

145s

Max time network

146s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\dfd3a4836338803d94395471ea488a2b_JaffaCakes118.html

Signatures

SocGholish

downloader socgholish

Socgholish family

socgholish

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003f968235a6d845458b0e29a99c08a3f700000000020000000000106600000001000020000000ea4ef9e4c39d889184928cf452d627f4204ba8a7de8844047b2e65684a318d5d000000000e8000000002000020000000935b5a0d7ea7ae3ba0d8bc5a786887f29cfb891ee9f1926342054ecc1aefd4d2900000001423cb439933393b931ea7406d0c48683cd3a6c85992409f70eb6898b2664743cdc461dbf6188cdf9aa815cbd4658ce6ae4dc4944d088b8b8311422d98e36a183d434677e395cd25ae8a25ad835a47fd9e707d3cb400e5558437f3b9d8a702044bb997526b63a56290823bc0b5ba4030f041b46e0a7f56fb8ef3c49f3660055b2df62a8254d7ed11b2b0517ab82554dc400000008c402c081a7e1218f25fb5a2147b09ba69438ece7af7deaa107c9652db58f947a4229bd15bc1c66849af1bf518657bcf35db1784c8906fdb2793ba13f931037f C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f0cf3a96824bdb01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "440052048" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{BED966B1-B775-11EF-B81F-6A951C293183} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003f968235a6d845458b0e29a99c08a3f7000000000200000000001066000000010000200000007387fee1bd402a55a6de9682015932203525aba2ce09bbd80c4ea4e42b7f8e3c000000000e8000000002000020000000010616ea814f03290adb27da7936944ea64971c1da9daf570f0a91bb19001b3c200000006a5e7d272ee98ecaf1398bba6be616189cf4ef8c3570591cb1c2ba7051b0906140000000b675f086817958e09d0ea53afda51c3089c1413890fcd404d611bcd5657c1f9f88d4ac974861cd8eab10eda65f94d72419c470992d6c5bd7aa37e40ed430e36b C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\dfd3a4836338803d94395471ea488a2b_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2076 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
US 8.8.8.8:53 lh6.googleusercontent.com udp
US 8.8.8.8:53 lh5.googleusercontent.com udp
US 8.8.8.8:53 big.assets.huffingtonpost.com udp
US 8.8.8.8:53 scripts.chitika.net udp
US 8.8.8.8:53 lh4.googleusercontent.com udp
US 8.8.8.8:53 apis.google.com udp
NL 18.239.50.53:80 scripts.chitika.net tcp
NL 18.239.50.53:80 scripts.chitika.net tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 151.101.130.114:80 big.assets.huffingtonpost.com tcp
GB 142.250.200.33:443 lh4.googleusercontent.com tcp
GB 142.250.200.33:443 lh4.googleusercontent.com tcp
GB 142.250.200.33:443 lh4.googleusercontent.com tcp
US 151.101.130.114:80 big.assets.huffingtonpost.com tcp
GB 142.250.200.33:443 lh4.googleusercontent.com tcp
FR 216.58.214.169:443 www.blogger.com tcp
FR 216.58.214.169:443 www.blogger.com tcp
GB 142.250.200.33:443 lh4.googleusercontent.com tcp
FR 216.58.214.169:443 www.blogger.com tcp
FR 216.58.214.169:443 www.blogger.com tcp
FR 142.250.179.97:443 lh5.googleusercontent.com tcp
FR 142.250.179.97:443 lh5.googleusercontent.com tcp
GB 142.250.178.14:443 apis.google.com tcp
GB 142.250.178.14:443 apis.google.com tcp
GB 142.250.200.33:443 lh4.googleusercontent.com tcp
GB 142.250.200.33:443 lh4.googleusercontent.com tcp
GB 142.250.200.33:443 lh4.googleusercontent.com tcp
GB 142.250.200.33:443 lh4.googleusercontent.com tcp
US 151.101.130.114:443 big.assets.huffingtonpost.com tcp
NL 18.239.50.53:443 scripts.chitika.net tcp
NL 18.239.50.53:443 scripts.chitika.net tcp
NL 18.239.50.53:443 scripts.chitika.net tcp
NL 18.239.50.53:443 scripts.chitika.net tcp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.200.3:80 c.pki.goog tcp
GB 142.250.200.3:80 c.pki.goog tcp
GB 142.250.200.3:80 c.pki.goog tcp
GB 142.250.200.3:80 c.pki.goog tcp
GB 142.250.200.3:80 c.pki.goog tcp
GB 142.250.200.3:80 c.pki.goog tcp
GB 142.250.200.3:80 c.pki.goog tcp
GB 142.250.200.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
FR 142.250.179.67:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
US 8.8.8.8:53 themes.googleusercontent.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
GB 142.250.200.33:80 themes.googleusercontent.com tcp
GB 142.250.200.33:80 themes.googleusercontent.com tcp
GB 142.250.200.33:80 themes.googleusercontent.com tcp
GB 142.250.200.33:80 themes.googleusercontent.com tcp
GB 142.250.200.33:80 themes.googleusercontent.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.221.35:80 www.facebook.com tcp
GB 157.240.221.35:80 www.facebook.com tcp
US 8.8.8.8:53 accounts.google.com udp
GB 157.240.221.35:443 www.facebook.com tcp
NL 173.194.69.84:443 accounts.google.com tcp
NL 173.194.69.84:443 accounts.google.com tcp
US 151.101.130.114:443 big.assets.huffingtonpost.com tcp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.179.233:443 resources.blogblog.com tcp
GB 142.250.179.233:443 resources.blogblog.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 23.192.22.93:80 www.microsoft.com tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 88.221.134.146:80 crl.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 c222a44bdf6ee65ec24505e7d5330065
SHA1 ada38094aced27603949f33504be1714b0957b6a
SHA256 f555aa76d903ce970056b4f5d93448dae439ef5dee6f998907c42101509d37f3
SHA512 b4c1631ce07e34d5a9f36365cfa2031bcbb32ffadb640d33909a549680434b4ad9a3f850fb22465f664522c07bc78a07650fe9fe631433545292f27cbfd40044

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 459b371a68a71e13586a11ce4f7e126f
SHA1 1f224881bc159043f03105cd242d0a37db264974
SHA256 6537ed63d39805ed0758422ddd58a1aecad033b905e6bb695f7eb60b432b2d79
SHA512 67280af81b161d96e823c147779cd74e64f9746ec9e36ed3f218cf3252caa3d970f86a987b6d2c7da4ddfeb3fcda0d8a62596ddb24e5e3eae7520ace16c7d252

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 45c6656ea700ad4c8ae4754ef79e9af6
SHA1 c99633f620926019df88a39f183f66a7e58a2237
SHA256 adeea24238596e43cbd696ed464c041726249c57872855f795f4b26536213483
SHA512 5f8884446bdf4a3ee58c7910deeb292331086649c750ce465e424029ac6bdc1b281fe3ae2d2267ac64cca7a6c448580b7e92d64e1cb8c98ae01b9d7cd37cbda1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 afbb04520b78dd15a176676134117ea4
SHA1 c7b0d29a77dff761b10a92364d902ce3adca7a48
SHA256 c82975633b623ea13301badd0925efda84cf1928e7424f7007aa1c4a18ad9c86
SHA512 d6e6ce5b8b74b809f95010c49f02ee8432301fd6892cf2a699e3d39e9910eb1efb18ba8a7e3c5e2410e1dc04bb0b7bd618cc6bb357688f44c25acc10d49628e5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

MD5 e935bc5762068caf3e24a2683b1b8a88
SHA1 82b70eb774c0756837fe8d7acbfeec05ecbf5463
SHA256 a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d
SHA512 bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

C:\Users\Admin\AppData\Local\Temp\CabB637.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 0746e7db4a386271f86d34e5351e4378
SHA1 ba5f439467dd3d9dbc4f9a0b6fee893b0ba582b4
SHA256 6af99e7a94d1d77d565d0934f80d6723cf84a70a369a4dece09f00bb45a2cd1d
SHA512 f02603791835ba25d3279c946e501f522b49ebdf4f3108bd6fbeae204a08f2e7638a6cec84b83bdf37f97a1e22f2b4a2dd95d45e13c893d1b79d926db7e4296b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 0460960b093e814aace7bdc0ea8b2864
SHA1 867a7029812b516092ca23c898a441cd76a3240c
SHA256 2163eee22f758eb59a0074f63de5186cc39e580a6452975ec00119e70f44a71a
SHA512 6e3ebde18ae63c2cf4ea3d6532be10bf54dae5cb92a70dce712484d5f7ea0b4ab92a916f86b9976c03979f7ea8289747ede6ed0a7fb344c9257bd6389b6ee6b3

C:\Users\Admin\AppData\Local\Temp\TarB669.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ecad9412e9a2e7ff56e9015667123344
SHA1 3e887f142278f058431a157b02d517ab42338549
SHA256 035e56a8537abbb66bd1435651192d6895937fbdbd69467eee4471f0c0ecb979
SHA512 2eef5fd343d8bcd6355d75aa60ef6638236e20acbe4e8216730bdda50390da8a8ad644e27eccdb03974ac54905b3cdac8bdbd812ebe5bd5fd7719c556a0433da

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C02877841121CC45139CB51404116B25_1866E19A9EA470E8F26D259D51C89BDC

MD5 5642e1e56bd131a86fc4ad3eaf7e8345
SHA1 6b915c8ddfc1c5c9ae1b8cc6cca223d062927c28
SHA256 b50c68b8157bc1f0f19e81a99cafb2222f02423794f8cffb022ef594b28b1f39
SHA512 57b63900a935eca0cffd294c41954776cf252aaf3f0036d6ee38ff928fda45c2926010af9dfe7674540414caa1d2e809da80a08e5bd9bb1238e69f2e67e952f8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C02877841121CC45139CB51404116B25_1866E19A9EA470E8F26D259D51C89BDC

MD5 cea56e9bbaeac5be81f6051c1d9f3b95
SHA1 f77230d5680030b6ad6077e9ddd2d2ea76c3cf47
SHA256 86bf2b1a758370a0c08a44b455367cf04f992f08280cc00a2f9bb1d7fd6e1068
SHA512 02bca07dacc28e57f5fffa43286ffa8480d08d9bf9ddfecfb56f5643a6a320ca714c07bb3a8e9b6609349869669ae5e5f21e4bd2b66855b3462ce509fa4e8ee3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C02877841121CC45139CB51404116B25_1866E19A9EA470E8F26D259D51C89BDC

MD5 991810baeeec80d799c73c7b2ec8f10f
SHA1 f49d21a9435799d48e332053eebde7d1506cf959
SHA256 9d94c13b99b7d5dad72cf87cd9db6161d58d5a0c9c5576f719ba8be1b4ff5c20
SHA512 2f38bea52b3451e40d6a2d0e2666e9d0ff45390cb254493095b6ab97cbce3351e040ebc7886430af5f61235c7c9edd1351e3058df641b8fbaf61a4e6eea524cd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1805bfabb4acb18342709b1fb476ef90
SHA1 2956e7d281c5b705dbf6daa61b330699da4609ec
SHA256 2ecbb272be22fd670fc6731df2f37a48b48c1f1b39efe1c142a189b0afdc6d11
SHA512 494530a6a0006b9c4ae0861f873cf4bd3308225f7f7daa643ab8d3f6b64f8e8a550c5c6b62d5fde589cc345ba4ad7d7157128565a38101bfbccd89bb81a7c298

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b7d18fa0d72ee124eb8ed656d9722fef
SHA1 7affc7a74a1b6292a27590e17f09f42a16d4f56e
SHA256 2e57161398cf9c7bf81e4bed1a611dc9c0a0fa49b54b409c639c17f6680b4c1b
SHA512 cc6f1aef2482eaa1d1b9ba142e35cb7f5df46299fda0a877e655ed1c870c786b29753e70f82fa22663ecfb5dc7cb9d186cc062701d9152841913faec8aac6e0a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F59A01A8B782D93EA6991BC172CEFFB1

MD5 e21a59cd666e3ce7ee02945b92bb40f1
SHA1 73c2591f804a693e49162d91b9fac2531b54723d
SHA256 0c5a34490bbb2961bf3989709f12a04cc90dcdb5c943d78da2eeeec2d07c4313
SHA512 9ef787649ad7ae959f86d07c9958018c29b4b2c5bf4d6d94cbe865c058cbb4510f2689f349f0de3e57ad2756732f603f4e5e2876b9e222d533987f29d682d591

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F59A01A8B782D93EA6991BC172CEFFB1

MD5 c5dfb849ca051355ee2dba1ac33eb028
SHA1 d69b561148f01c77c54578c10926df5b856976ad
SHA256 cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b
SHA512 88289cdd2c2dd1f5f4c13ab2cf9bc601fc634b5945309bedf9fc5b96bf21697b4cd6da2f383497825e02272816befbac4f44955282ffbbd4dd0ddc52281082da

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 46e8ddaaad1616b07e942d8ca2f24b07
SHA1 a10ebf47e7f26e0f8bba8e1ecd713b9b0a8f8736
SHA256 a1fb94bae165206bd32f4242cbb42a8a848ae040df752e55bb8b2320c84fa4c8
SHA512 7a1f0f2367df541e0424402316bae3165029dc7f8212c935a8c78e75114c6a2fbd9921f088519c008c7d5072eae66ba4f23e28007e265779715408bdb6eb10d1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cc05163a2d2a2ca275bcd3e4b8dfe881
SHA1 094f1ad85e1429016201b4f645e2d926843921aa
SHA256 5cdd34a523fc80fbaadef7dee20201a6f68530736e1d1d6c1bb22f582fe0f4e3
SHA512 b42db3aed5dfdd0f4df57aca856692fab5e62f41868e6b6b661f5721cf776023977d920ec3455afe08c94e4d71b2083adde295e18c436460c67c2cecf934dd23

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 16b082e4c07acc8ab43d89b291432e45
SHA1 a6126f038cbbbeeb19664c9eb8a2a4ad7c95e444
SHA256 54062740327a7a54446cdafa736357d93d18fafd5e8bf9651cf221a4f1e2b097
SHA512 be1e53b4b0ddd3344a481d00c04e15de86f6d8e31efdccd9e9bf23237173268bcb9f5f6ed95b859c1d342ea684f39bf64ce1f58080895f4867fce5a884a5003a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fe5684dc38ce05eb20f382bc9d2f5880
SHA1 e62095d4af5569e5ded6ed26fc3a7b0bcdbab111
SHA256 b926bf79b887cfa6d92b3f28f1800f74be8ece600b03e45e0c4f2da0379880a1
SHA512 4cf12b7a751744c9dd0cbcbde4c2f2671322d2163c0637dc785b3dcc35212b3d2373944089ea025745cb6f15a35e0f9cca25cf818cdc2fa05ebbd8938c52df9c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1c0f135a0882ba9882584d2b94bef7b6
SHA1 a8f000d5c91a2000a3595eea339d35e8beea4511
SHA256 56ba9af5268069a71dbd942e5ef77d3049f3e315130bfc8a7a393f200f049f96
SHA512 412256c24adb6aa3b39e98953e74a3bd5a2ea7dc71c1742efe3e306b3a1db97ff3d7a1c62c6b1d96df43f9ce29d55d4319364207ff45f3ff319d4ac851adde15

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6064110faab56f0911a98702a720c9bd
SHA1 7e28be935cf1c049d60f1571090b9d45f9e0dd23
SHA256 7564e40f3eb3978a2866d49fed5a2fb2dd08fadab8ddecad8ddd37f47ae29a0b
SHA512 eb65e4f49b75bfb60b28dc4d53ad0a53c1afdeef35682b632f47f3cd62c71134f9ec3678a2a89e455815399226e654b195ca389ef7338284560326ed7019fd65

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 173beb7f30ffdcb2d01711841c71ce25
SHA1 b1bda4a9064099dafdf7868517a93486a685b8d5
SHA256 28ec7bf6aa241be4e3b80527e1c903a32d4f658b4fbad9dcd3f8242b6ba8389b
SHA512 64a1b25465ef78fb352541d19224d169b4cdb80722f2b067abe30ef1882a5a0277bd098e48ab7f9a0f4c357f182bf5739f240c7429298270668107514ce80d0a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9ecd2ecf1f5eeaeba7c5b1b6501ccd98
SHA1 09a30c61a67703bbfab2a821919c53ec2f2db3fe
SHA256 99c9d4532ab0f733618bd7fe22271599b374cbe8653643e70e7355b5690b615c
SHA512 b1eb837c78331530bfd4f36b82d74a9be9f8a10cf8887eb8bfa6ae33fb93288f52c4c4ad91c198e27e894c9324147fd0a8eae5d08894a83f491b3bd37c048e17

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 39821795cf9e2e7752e6302009eed3f6
SHA1 d28b839851b51473cd57b558d0d72b263d8a66a8
SHA256 34c46df51946cea8439fa1d48492d13a26edfe6846b7c8675acebe50da412d51
SHA512 396257272df7bbed9096614bf8bab92eb3df01632aded6e51b6617b141336a4492df45dabe2c0f95df0fb91ba66f6b374958a3c95e14ce5859dd4bbd683fe6ff

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b45f9c40e9b9ad89e01df09305b59933
SHA1 39036500514cd8fdc854f149f15a3790a12d4e74
SHA256 94413bd4893864b0da894f9975ba9630a72e5257d454e96ea3a7ced75cce7ed0
SHA512 7458720e91181be76dab46ec118d913aa41c27397af6ef5c01ef528f86e2d8101b87314fd7a4d3448487b089dc482723789f1756db8916712c651ae37a8ffe04

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4eaa329b10abeb765499b63a97d01d20
SHA1 aac90a284067fae9cfbe20a83aeb057e748116a2
SHA256 f6d5c3b26af4be22995bcb1a25af268cfd535d911b394518425080ca0610377c
SHA512 ad038d9ac5c7ed18394b733e429edcb1811b0b0f7fe7d96de0c8d3f7d1ca1cbdca20c88f5344c9ca06eaa71c4d4bec3be021c784ebd314c04a6ebc04c93ea584

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c755165234abfdc5eb7f43f9862f1eae
SHA1 afd40f33408dac7261a36c74aa214ef2e5ba6566
SHA256 6b35df244dadad977c41651becdd19d7657c2bda0c3637b9c784ab9e5a75e89e
SHA512 03e1cc94a763d539d43026f2b64e52dee52e2958a40df3d8e33740da6fc4386f13d09a9e51944b3b7bea12d2f8ef5607604d2cd29168cc553dc1f0b226292933

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 4c468318b45408b81805c8bdd4f71524
SHA1 aac96152e3732ecc024ab07f73270a5ba92f9aec
SHA256 5bdb62819a38ef81427467f79c6f3d1e04cc544c498f87d92886cf611e385708
SHA512 ad4a18edc55faa099825295722680fcec0913e7d92395edb47c5dc12bcf7537db7a74944d9c5054e6de60c4be5da5dc92b9c93d8a1137d15f0ef7c592243e6eb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6b6f0da8fb95de7a052b1ef6c740db10
SHA1 e8f6bca634bc0c0be0c7b1210e871320f528e340
SHA256 91f41168c1f0037bec10f9bdecda4f800a2c1efad4976a25b55a15a1052de6b5
SHA512 0955501e15dcc166e61c0337f9a9d35193eb21425e1f9cc783067c3c7f08228d3fe2dd5862f18c0d51d3c6f9e511f0842a81f395343f3a62f1c29152d28f2adf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 13a144a61fc845565b621b22184542ae
SHA1 37a61a3ff6199c1224e86290d09149542bc2f463
SHA256 4b09c9ebe644b4295bc489a6976105c87760b2c705f39474692d935bbe13adac
SHA512 9af4e6d505c5f41fe7641521b1a6baa88377e498b9d7b9ba261848d411685a9883334c33ee638ab7a85bd7e259fee97968ccfc46d822df472c683170bcf8ebdf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 977d451f70934cd76ff71184a998b833
SHA1 380505144e127497d2d984ea08c197bab044a28a
SHA256 3b53b10b591a73f86e8467373ecc4e0d47eb98608674b283ae48a6e1593f867c
SHA512 717785e87e9cb4e0e86414590864132b6070f5127cd7589c83c3c4c6e650b96e72d7b7e3d1eb08c37fbbd5bdcd3ebceaa5970596fabf0b12dbd98d9372375de8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 09e273e6a334c9e62544f1d377951d4a
SHA1 3fb3966a99560def34a7da8110ea28a4099d6a4d
SHA256 0910d7b55acfde2efb537908c47622d76141797dc991ea6c56bc497c4a3d6ad3
SHA512 4f6ece05b03eaaf29809c15ed5d77853dd0e3db6a56088bf04fe9c386a7ab429c796f01364ab5cc68a28db713362e8e7aaf6d71365e14d399f5da97aaee81336

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 edc705d7278921b7ae352988ee1b50b7
SHA1 3e8ec978b22bd462d63a373644feccbca17fb8d7
SHA256 83a33716ec544fd9d7cb56614fa1aae782f8d4e1b112791c1e2ea2403a418478
SHA512 c0a09ac2f379dd14a73a29bd0567722670738355f906dca7fa9a3960a1f741921348486b346236138f86727de10ab4e2868378bd70c4381f39c8c7fd41a23fa2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 43ffaaec17ddcc0ea48a1c3abfe8a99f
SHA1 14ab934f1c41fc0366de3d610fdeeb320793baa6
SHA256 0d819a4faf983ab40a7cc87701c039d902369e1f99577edbf97bdcb28b45c27a
SHA512 c35bc005e8178c46e483220406912e73d5e79a0056f304e4a1cc2ee44879df503f925f8633003373efcd1592d4e3e18ba030352b849e79c3205dcef902d33939

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 df4e0799a7f0daa188c73cc50c978aaa
SHA1 87f19ace55769faef3233f9a809c8f52e7001827
SHA256 841fc932379f96803f60c4f8b6cd568dc43d2b7664c919f7eb13fd9d427447da
SHA512 36410b513902409df0ec5ea8ff58a279733ba77ef22b2f9a06081f1032b5e25ea34a59ffae8b4cdbab0ece54639c6b5b38f860144643c1be888d54c927f4fa63

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9e3a8acdef3a860b99bfe04952c666a0
SHA1 9e8f2bf4ff167d035a12af5c0d46e711e785b396
SHA256 26e64e02a06a012c7b4fc52023d2b186df7c184e0daa8270e18b8fcc2da54a84
SHA512 e5e6d5d6e8116b6c63dd96da41293a336c2ced78521e4bd34e1d3b35feedcb6780b70390c80041375333b4f2017f75e7dda89e51f8c90768dea10c1f4d11735b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a391f3f7794a8a145f26181dffb409d0
SHA1 10aea00010d120209d89abcc0159f1dc665ec6f1
SHA256 645b7a2104f814bb1929a89cc438662dd356c2d6f749a57feb12c57682a2ae6a
SHA512 d256c9085e0105c5d9d005b504191186e92f55c44eca8ac9700ce82876b2b016cb2bd6be7fadc3b4bddcd697bd40831179e8921c7db8ce2340602e30a32b55d0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5e26bbe92b0d1cdbda0b152b93d8fc74
SHA1 6457b9e445b189f8bb49111c3d7fe4dd94305de2
SHA256 51b92d2feaa7bb3d85311e3facd5c96380ba0ebec972dd30107e342e4c536bdf
SHA512 3079267612a2cd3b368122d17ed56dbf423cfd714b6154fe5bf643f4c9938404cf71c958fc8b57ab3121b4eb674ad1dbd5f173857d1c678e8cc69a8d3f23e2d2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3be871eea9dd6e68467853c937f3007a
SHA1 e04880eccb5cfc80450aec494c49c4be8f963373
SHA256 0a89ba4e67f7c09df6942b2079af75dfa5ba5ae8f3ad116409b0df330df49f97
SHA512 aea513c27897a6a082eb3072449929c375eeff3f4ffed571a837680b9dc72f8262830ad9ea826e1c3a58f473a0a0e7eb64e0124bda01ed946de5a6ed8b8407af

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b5c276f70e828409ea6dc2bfde1658da
SHA1 bdd28a4afbf7a21a783e45f9ea073d8deedc8892
SHA256 c9854136302f3728182c8676373a13060835c5b7ee7969dbbf38ed71bad6a5c1
SHA512 71c82e6bb22bef9b7cba4accdd6f660296ea62a77f2fb453dbf7f6e9ea60f8edd70fd8c85e1be92a46dc5a72b55f2143212d7e0658363449f7ad1d877e89000d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 decb20b00b1827ab6035d17fc9134195
SHA1 4edf3a05c8fbbf94ffd9ce90bb4410b85ec9bb6f
SHA256 20f207901238fb606194460212682736c43007e39eb11ead39aac71f39e17e19
SHA512 a318ddc24899f93cd38e9f8e3770084b60a9113b186b52aafc43bec115d4b363e2ef349b78fba4f31246545570e6b3ee4eb5f8097eb73cc6c91dd80095cde0c4

Analysis: behavioral2

Detonation Overview

Submitted

2024-12-11 04:09

Reported

2024-12-11 04:12

Platform

win10v2004-20241007-en

Max time kernel

147s

Max time network

143s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\dfd3a4836338803d94395471ea488a2b_JaffaCakes118.html

Signatures

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3412 wrote to memory of 1116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3412 wrote to memory of 1116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3412 wrote to memory of 408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3412 wrote to memory of 408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3412 wrote to memory of 408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3412 wrote to memory of 408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3412 wrote to memory of 408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3412 wrote to memory of 408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3412 wrote to memory of 408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3412 wrote to memory of 408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3412 wrote to memory of 408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3412 wrote to memory of 408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3412 wrote to memory of 408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3412 wrote to memory of 408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3412 wrote to memory of 408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3412 wrote to memory of 408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3412 wrote to memory of 408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3412 wrote to memory of 408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3412 wrote to memory of 408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3412 wrote to memory of 408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3412 wrote to memory of 408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3412 wrote to memory of 408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3412 wrote to memory of 408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3412 wrote to memory of 408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3412 wrote to memory of 408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3412 wrote to memory of 408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3412 wrote to memory of 408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3412 wrote to memory of 408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3412 wrote to memory of 408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3412 wrote to memory of 408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3412 wrote to memory of 408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3412 wrote to memory of 408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3412 wrote to memory of 408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3412 wrote to memory of 408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3412 wrote to memory of 408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3412 wrote to memory of 408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3412 wrote to memory of 408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3412 wrote to memory of 408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3412 wrote to memory of 408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3412 wrote to memory of 408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3412 wrote to memory of 408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3412 wrote to memory of 408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3412 wrote to memory of 4732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3412 wrote to memory of 4732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3412 wrote to memory of 1104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3412 wrote to memory of 1104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3412 wrote to memory of 1104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3412 wrote to memory of 1104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3412 wrote to memory of 1104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3412 wrote to memory of 1104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3412 wrote to memory of 1104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3412 wrote to memory of 1104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3412 wrote to memory of 1104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3412 wrote to memory of 1104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3412 wrote to memory of 1104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3412 wrote to memory of 1104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3412 wrote to memory of 1104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3412 wrote to memory of 1104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3412 wrote to memory of 1104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3412 wrote to memory of 1104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3412 wrote to memory of 1104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3412 wrote to memory of 1104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3412 wrote to memory of 1104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3412 wrote to memory of 1104 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\dfd3a4836338803d94395471ea488a2b_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa046f46f8,0x7ffa046f4708,0x7ffa046f4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,16295373525109779553,7319816822677750004,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,16295373525109779553,7319816822677750004,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2532 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,16295373525109779553,7319816822677750004,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16295373525109779553,7319816822677750004,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16295373525109779553,7319816822677750004,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16295373525109779553,7319816822677750004,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4168 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16295373525109779553,7319816822677750004,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1812 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16295373525109779553,7319816822677750004,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,16295373525109779553,7319816822677750004,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1284 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,16295373525109779553,7319816822677750004,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6072 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,16295373525109779553,7319816822677750004,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6072 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16295373525109779553,7319816822677750004,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16295373525109779553,7319816822677750004,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16295373525109779553,7319816822677750004,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4108 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16295373525109779553,7319816822677750004,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 scripts.chitika.net udp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 netdna.bootstrapcdn.com udp
SG 118.139.179.30:80 www.linkwithin.com tcp
GB 142.250.179.233:443 www.blogger.com tcp
NL 18.239.50.53:80 scripts.chitika.net tcp
US 104.18.10.207:445 netdna.bootstrapcdn.com tcp
NL 18.239.50.53:443 scripts.chitika.net tcp
US 8.8.8.8:53 crt.rootg2.amazontrust.com udp
SG 118.139.179.30:80 www.linkwithin.com tcp
NL 18.239.83.27:80 crt.rootg2.amazontrust.com tcp
US 8.8.8.8:53 22.49.80.91.in-addr.arpa udp
US 8.8.8.8:53 233.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 53.50.239.18.in-addr.arpa udp
US 8.8.8.8:53 27.83.239.18.in-addr.arpa udp
US 8.8.8.8:53 113.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 30.179.139.118.in-addr.arpa udp
GB 142.250.179.233:443 www.blogger.com udp
US 8.8.8.8:53 apis.google.com udp
FR 142.250.179.78:443 apis.google.com tcp
US 8.8.8.8:53 big.assets.huffingtonpost.com udp
US 151.101.2.114:80 big.assets.huffingtonpost.com tcp
US 151.101.2.114:443 big.assets.huffingtonpost.com tcp
US 8.8.8.8:53 lh5.googleusercontent.com udp
FR 142.250.179.97:443 lh5.googleusercontent.com tcp
US 104.18.11.207:445 netdna.bootstrapcdn.com tcp
US 8.8.8.8:53 netdna.bootstrapcdn.com udp
US 104.18.10.207:139 netdna.bootstrapcdn.com tcp
US 8.8.8.8:53 lh3.googleusercontent.com udp
GB 142.250.200.33:443 lh3.googleusercontent.com udp
US 8.8.8.8:53 lh6.googleusercontent.com udp
US 8.8.8.8:53 lh4.googleusercontent.com udp
US 8.8.8.8:53 78.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 97.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 133.66.101.151.in-addr.arpa udp
US 8.8.8.8:53 33.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 114.2.101.151.in-addr.arpa udp
FR 142.250.179.97:443 lh5.googleusercontent.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 code.jquery.com udp
US 151.101.66.137:445 code.jquery.com tcp
US 8.8.8.8:53 110.179.250.142.in-addr.arpa udp
US 151.101.2.137:445 code.jquery.com tcp
US 151.101.130.137:445 code.jquery.com tcp
US 151.101.194.137:445 code.jquery.com tcp
US 8.8.8.8:53 code.jquery.com udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
GB 142.250.179.233:443 www.blogger.com udp
US 8.8.8.8:53 connect.facebook.net udp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 themes.googleusercontent.com udp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 142.250.200.33:80 themes.googleusercontent.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
DE 157.240.27.27:445 connect.facebook.net tcp
US 8.8.8.8:53 225.16.217.172.in-addr.arpa udp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 connect.facebook.net udp
DE 157.240.27.27:139 connect.facebook.net tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.151.35:445 www.facebook.com tcp
GB 163.70.151.35:80 www.facebook.com tcp
FR 142.250.179.78:443 apis.google.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 173.194.69.84:443 accounts.google.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 84.69.194.173.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 resources.blogblog.com udp
GB 142.250.187.196:443 www.google.com tcp
FR 216.58.214.169:443 resources.blogblog.com tcp
US 8.8.8.8:53 169.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 themes.googleusercontent.com udp
GB 142.250.200.33:445 themes.googleusercontent.com tcp
GB 142.250.200.33:139 themes.googleusercontent.com tcp
US 8.8.8.8:53 www.blogger.com udp
GB 142.250.179.233:445 www.blogger.com tcp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
FR 142.250.179.66:445 pagead2.googlesyndication.com tcp
GB 142.250.178.2:139 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 mileycyrusus.blogspot.com udp
GB 172.217.16.225:80 mileycyrusus.blogspot.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 61cef8e38cd95bf003f5fdd1dc37dae1
SHA1 11f2f79ecb349344c143eea9a0fed41891a3467f
SHA256 ae671613623b4477fbd5daf1fd2d148ae2a09ddcc3804b2b6d4ffcb60b317e3e
SHA512 6fb9b333fe0e8fde19fdd0bd01a1990a4e60a87c0a02bc8297da1206e42f8690d06b030308e58c862e9e77714a585eed7cc1627590d99a10aeb77fc0dd3d864d

\??\pipe\LOCAL\crashpad_3412_CCSTTYCOLUWTJWIU

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0a9dc42e4013fc47438e96d24beb8eff
SHA1 806ab26d7eae031a58484188a7eb1adab06457fc
SHA256 58d66151799526b3fa372552cd99b385415d9e9a119302b99aadc34dd51dd151
SHA512 868d6b421ae2501a519595d0c34ddef25b2a98b082c5203da8349035f1f6764ddf183197f1054e7e86a752c71eccbc0649e515b63c55bc18cf5f0592397e258f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 42ddde6c2657419bc630cf8f4d0ef85f
SHA1 442336ee0456bbac69258552c79a108c288157d1
SHA256 9b2482643626dfa7afa0fbce719ecfac1673e9805a6c28ad6ad5b095d7a33a43
SHA512 66b1f952e3a04b4e13fcc33a0e6cacddfd14e0cf5608959aa20dabb523ba79eb898ed3ff8eb9824d25d915779d4c5d27a8be495f5a415978c032df2303630284

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 56d4cd60e70279ac90bd4b37784d2e9f
SHA1 ca3c95de4f0cdb10e0f001967e410823d1429c95
SHA256 a8e1b8850c97463acc25109403272abb3fd363e2cbe70c72aaeb73242b1d77d4
SHA512 e2d639bd8b8cfc24796161a3ff9cd513c5d817bb77da4b39654f4c93e34b5a2b2a0ae1d15b9267110f0fa0439e0608dab23bee04bbf0cf36b4acc1092be23419

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e985411f5dd769e6c2ac39c2d23b2345
SHA1 16c82dcf153589febdfb4311b295fa993f55e8c8
SHA256 2a84e95677bcf2ebeadea19c712f4074aecb9288b4256bbef4ac57c1de8b5943
SHA512 140c05f4a5685cbfe031c32a5a7033346cfab0cf07ba04d4b3daa587b9d389a478dbf7d02a5e5194a38ef22a59569538dc1e57265282eec6c7f206dba7181b2c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 86d32da776084944a87d12e3e8143ce7
SHA1 af858b12a6d0ae06e8080f86d68634e70f1a619c
SHA256 c8bb402ac3c6030e7a3a465418c675032bdc90ff8b3d4d12b773c16105e57caa
SHA512 0888a5e9668fcb1a50fa68e603800417824ec0f5d69fbb90f61f6b6e6e786b68016487bc4143238b7e64b9bfc6bc33c7bed9902a05cea9a68c8f1f115a35cac5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe583302.TMP

MD5 652376c9f028c5bb7dc6624d3380479d
SHA1 e137971a422b60cea036b5bbea9ef57d27cee96f
SHA256 3b34c9f336c9611dec680ed3f820af850b7adc17d51c21d5652e9bdce8ce5795
SHA512 5777061dbf06483e1705c5eecc714d1e91c94d6b1852c9ff89b6e737958003abb83267ce5c486e098fb9c77bd271964c4aae17d4f92dae07dd07602462bdd15b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9f66086061f2e3f7bab269deec74e439
SHA1 c66f91c8ec67a895e57974ea567402fe339c398e
SHA256 380265582e8608b27a3cb6b02781184725d1085380e8dccd1dc15c5070eec6ac
SHA512 fbb877089af4e3f4bf4c0cd6150fbe6206cc4f19cfb82c875d3e6f0db864b1449285143f5438c875765b07541d907603b78f5af8785d60dbb194c74ba2b7aa8c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e04887d86078964eeff2176880e4fb9c
SHA1 a4c08c6722ff30a3b8583f59ea1c575624466ded
SHA256 2d4359fe29e0e6e5824cdf1bd34d834d117118e81fbe402723cc05ee32a908a1
SHA512 334d410790f78bd5375b15f6237f67c4fab4b2bdf7dd3658b148856db9b11cf60a87e631b306449b74c8d81c42f882f9c88a14e02b563b62798d212beaa5cca8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 71d54d23a9d8818cd769c2fd78a57c91
SHA1 b807062608567647fe4a68388eb298d95e982f4b
SHA256 ffcb16becf570b44475899e652c2ff5d9c895cc3bca54049690c2be0b0159eb9
SHA512 339a858c565b515d7b30d091db06b10d6187497f6f5d883276cc8fbade569b7f32fc15888e81e2c2c2a8a6456000cf3e227b8031623d98c912c0b32e20243dc6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 42fc9929aa3a81d6f37658937fdee428
SHA1 6a37a105212b69cc5648cc796e3286077ab0f9c7
SHA256 a344ec4ab0f9c4cdd61f11d71aafb2821b240e53b4496badab27082f84ad7517
SHA512 d3d1ae4f9752a82e5d297cf84c585eba68d9c5e944c46b677b02811cb67463541b35a847653755014da75f99f8beca97e65af740df970e9ebbffce653c2e75a4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0ab8382300892db528816094a5056b6b
SHA1 d89f2373ac0502ae344a534e7cc5e37355c29378
SHA256 df49cf3c919217aec5aeca804ac918ffaf1ccbeecc1a1090f0c4642f70c8cd76
SHA512 b64fbf6df8d96212ddb2a94b364c2ec9e045f36e6f3ef71f8357e6de590ac4c2362747b98937d70a5c1307e50d0caa30a990ee52d06b8c0b0f15c32a828d3cf6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 16df075e0b40cb827b4b34024d6135b2
SHA1 1443bd9f4511333081bafab23840a07e448dcf7e
SHA256 8d5baa793a7e538d38affafdc647680bf96cae3a21f4b44b27ef48bb3a209bb8
SHA512 240577e8ff97fe5d12aff804f63801a321e138bfdbc34abd4a93543d7a8fbb4a20c8094dc012ab5f118227b85d6262de094e8edc7b608a32c3a86de020d505bd