Malware Analysis Report

2025-04-03 14:22

Sample ID 241212-2b89jszjdy
Target e88e3c089fbc7f8cfd85e26ae293ab73_JaffaCakes118
SHA256 ae9595cc083559175ee18c76fc4e9fdf1609ee1f2e66d2e45b64f38e1eec0505
Tags
socgholish discovery downloader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

ae9595cc083559175ee18c76fc4e9fdf1609ee1f2e66d2e45b64f38e1eec0505

Threat Level: Known bad

The file e88e3c089fbc7f8cfd85e26ae293ab73_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

socgholish discovery downloader

Socgholish family

SocGholish

Browser Information Discovery

System Location Discovery: System Language Discovery

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-12 22:25

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-12 22:25

Reported

2024-12-12 22:28

Platform

win7-20240903-en

Max time kernel

150s

Max time network

145s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\e88e3c089fbc7f8cfd85e26ae293ab73_JaffaCakes118.html

Signatures

SocGholish

downloader socgholish

Socgholish family

socgholish

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 701b74dde44cdb01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0418E5D1-B8D8-11EF-AA6E-5A85C185DB3E} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005266294ce070c74a8f67efaff02f408e00000000020000000000106600000001000020000000ce9d0e7bd48011d9feb32e41e5a0dd4e2a1c2883d36d295a39abc223adc5b785000000000e8000000002000020000000147057bdbaa04e4afb1920d9ff8bf3fb1afc6c8ec5d7c759f3c0e28f65036f96200000001c76eb13fc2746fed7c974f84ab88becb99b3e9c1264cf771e79de6977f95cfc400000008faf951c2fa8b943f46ef6eec8831827c21b99fc9d3370a1580514146b7588cc54afd33aefa8b20d0b6e46c6881dbd271fe86c21cbcd743821278005114c5f0c C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005266294ce070c74a8f67efaff02f408e00000000020000000000106600000001000020000000545a4aee6c456286e1c2613259936c18775161de4084bbcf34136797d95ce711000000000e8000000002000020000000abc704ab3a0069eb69971030808618f34a0053172dc126aaa804272499cdacf590000000ea050b443d106fc145de5aeb31f698f6efbe00b76fe3b68043b213fdcd7e5aaff38fbfe9a227a658f30b500d684cbd8bc2f1c85ddbeb5d50d4245c1a310215268d88dd3f8e72b69905962809b384f46680b76f68d274c50893a171cfbdd1a93b99db1c6ca4314cd99f9de669a4fd05ce54b360af95110da3bc87fe36aa3609adbfbed990114e4887af75f2c20852ba1b400000003de36affcbe4970014c6c4b3b7b40463e25a618e63dec1288da73c7d00caf5d1e2f0b21d752eab40a6b31a1da33bf15fc87128e55ba57f7903b893ab4e017a3a C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "440204207" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\e88e3c089fbc7f8cfd85e26ae293ab73_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3044 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 i1128.photobucket.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 adsensecamp.com udp
US 8.8.8.8:53 static.inilah.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 xslt.alexa.com udp
US 8.8.8.8:53 g2.gumgum.com udp
US 8.8.8.8:53 twitter-badges.s3.amazonaws.com udp
US 8.8.8.8:53 widgets.twimg.com udp
US 8.8.8.8:53 bloggerpeer.googlecode.com udp
US 8.8.8.8:53 www.linkwithin.com udp
FR 216.58.214.169:443 www.blogger.com tcp
ID 103.30.145.12:80 adsensecamp.com tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:80 www.google.com tcp
ID 103.30.145.12:80 adsensecamp.com tcp
FR 216.58.214.169:443 www.blogger.com tcp
FR 216.58.215.33:80 2.bp.blogspot.com tcp
FR 216.58.215.33:80 2.bp.blogspot.com tcp
FR 142.250.179.78:443 apis.google.com tcp
US 16.182.74.129:80 twitter-badges.s3.amazonaws.com tcp
US 16.182.74.129:80 twitter-badges.s3.amazonaws.com tcp
FR 142.250.179.78:443 apis.google.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
IE 54.195.177.127:80 g2.gumgum.com tcp
IE 54.195.177.127:80 g2.gumgum.com tcp
FR 216.58.214.169:443 www.blogger.com tcp
FR 216.58.214.169:443 www.blogger.com tcp
FR 216.58.214.169:443 www.blogger.com tcp
FR 216.58.214.170:443 ajax.googleapis.com tcp
FR 216.58.214.170:443 ajax.googleapis.com tcp
NL 18.239.18.8:80 i1128.photobucket.com tcp
NL 18.239.18.8:80 i1128.photobucket.com tcp
BE 108.177.15.82:80 bloggerpeer.googlecode.com tcp
BE 108.177.15.82:80 bloggerpeer.googlecode.com tcp
NL 18.239.18.8:443 i1128.photobucket.com tcp
NL 18.239.18.8:443 i1128.photobucket.com tcp
US 8.8.8.8:53 js.gumgum.com udp
NL 65.9.86.120:443 js.gumgum.com tcp
NL 65.9.86.120:443 js.gumgum.com tcp
NL 65.9.86.120:443 js.gumgum.com tcp
NL 65.9.86.120:443 js.gumgum.com tcp
NL 65.9.86.120:443 js.gumgum.com tcp
NL 65.9.86.120:443 js.gumgum.com tcp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
ID 103.30.145.12:443 adsensecamp.com tcp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
FR 142.250.179.67:80 c.pki.goog tcp
NL 65.9.86.120:443 js.gumgum.com tcp
NL 65.9.86.120:443 js.gumgum.com tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
ID 103.30.145.12:443 adsensecamp.com tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
US 8.8.8.8:53 i825.photobucket.com udp
US 8.8.8.8:53 www.blogblog.com udp
NL 18.239.18.50:80 i825.photobucket.com tcp
NL 18.239.18.50:80 i825.photobucket.com tcp
US 8.8.8.8:53 r10.o.lencr.org udp
FR 216.58.214.169:80 www.blogblog.com tcp
FR 216.58.214.169:80 www.blogblog.com tcp
US 8.8.8.8:53 r10.o.lencr.org udp
GB 88.221.135.113:80 r10.o.lencr.org tcp
NL 18.239.18.50:443 i825.photobucket.com tcp
GB 88.221.87.128:80 r10.o.lencr.org tcp
US 8.8.8.8:53 www.linksalpha.com udp
US 8.8.8.8:53 widgets.amung.us udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 172.67.8.141:80 widgets.amung.us tcp
US 172.67.8.141:80 widgets.amung.us tcp
GB 163.70.151.35:80 www.facebook.com tcp
GB 163.70.151.35:80 www.facebook.com tcp
GB 163.70.151.35:80 www.facebook.com tcp
GB 163.70.151.35:80 www.facebook.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 157.240.214.11:443 static.xx.fbcdn.net tcp
GB 157.240.214.11:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 crl.rootg2.amazontrust.com udp
NL 65.9.86.15:80 crl.rootg2.amazontrust.com tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 88.221.134.146:80 crl.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
NL 23.200.189.225:80 www.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 84525ac2c52cedf67aa38131b3f41efb
SHA1 080afd23b33aabd0285594d580d21acde7229173
SHA256 ae524d9d757bed48d552b059f951ffd25a7d963ae44a554cb1f3a9641e524080
SHA512 d898b0913b4005bbbf22a5457ad1e86345860868bc2e53187ad8267c07824d592160a27d850978ebfe78392db784fffb80b73e27418d3a71708383d738ea1d57

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 3aaef53d56bbfa7b103cc21593b939cd
SHA1 525831f6d599e7c4d0e01677a5091f0a22eade8f
SHA256 5b69929632b1bb2b90b7bb4eac1c989ed2b45964f4c0d22ed8ca284038c5ffa3
SHA512 273f2fd44b63435b982970b30b54672f221fc0fac08a09108d0099987e130adadc2e4fc5a0c14bfcd84dc9090ee76c820f0dbd9258d0279340ca3be71b851de8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 d997cc7c8abfdd15a2ce562cdbb4dcd1
SHA1 1eb37517807f072ed207841a01e4bf547a0416e8
SHA256 a09e8a3151acad5969a7fa795b40986aada96259118c659c2fc951fcf1f81707
SHA512 47bf0156e764ce4c1a5c0785e9791bd971e2f5625983744523d4222d6b82dbec980043bb8d2344f96428e49319d036e54912e600285f0a6ddb332f432cf0a206

C:\Users\Admin\AppData\Local\Temp\CabD683.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 3d9948ed493ca797f1677fa458406b38
SHA1 46f5f557c216d529bd925c96d285fa19dc77d2b9
SHA256 a521b587d7b931d09458fb096861afc8f5c4d9f56b6b84251cc0a05e374e8aa7
SHA512 1d28294f34f95e50ac52d79aa3bd4c17f5fd6495225215e45d4a6fde9d130f61a9b3acc7b177685bd1b82b9268f31923f060e3aa0efb56b98774f0e165597147

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 8bc896f332a06c8b0cedec8fdfe62bc8
SHA1 bbb51ecdae2cb5c94922dd9377b3bc6b10fe5334
SHA256 f8fb04e3fd080bb1e3010e34d65f455cdde875c816d40828207b4191b3e8432a
SHA512 78a0f151ae5206c323bc2f0b72640b3fc17bf31e7194f9bc52de5eafd94ad99a8368db957ea7c9fbd4fcda47c66d8a004ba6b4a224bb8a580f161581456cd7a7

C:\Users\Admin\AppData\Local\Temp\TarD732.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

MD5 e935bc5762068caf3e24a2683b1b8a88
SHA1 82b70eb774c0756837fe8d7acbfeec05ecbf5463
SHA256 a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d
SHA512 bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f5844118d279adfb75949273e4214ff8
SHA1 66df674172a11cf6a82c039018053715875a9d41
SHA256 9f24d000c83f2eb6ddfce3b00300b58c83bc4e98a965dfdfb2b3973ee61e65ec
SHA512 21d32680010309a044f913ececb06bf48871747dcca40b2a82b09218f5cbb0c9adc6306dad5280d74da402024f806df4668f0d38a5ff20a697d410558d18bfb8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c02f9631894d3dd7b868751dbd8f3db2
SHA1 6b8e1c0a31465d5821584bbb8afaa4ab68dfcafc
SHA256 8f3ed050ead52cf97a05ed6412d5c25d1a7807a4350f75784f554f870989fde8
SHA512 3b31fd5dcdfeee4a3beed114d62a937b2612da87cebbfbd68be1ec1e50fa0fb8fc881aa28472628d010a84cd11bbb739d70d4829dfb3f9746b9f07609d845033

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

MD5 55540a230bdab55187a841cfe1aa1545
SHA1 363e4734f757bdeb89868efe94907774a327695e
SHA256 d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512 c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DDE8B1B7E253A9758EC380BD648952AF_86F2A83F54EA52E2D59C5D2EE00149B8

MD5 2ba59909b24c92de41e489a9016f655b
SHA1 469f8e2bcea989f3565966c9d13a7afe130f46ac
SHA256 93605b8d001d7c0047a3eba27ca063a62c7929d7cc008abfbb6f31395cd968e2
SHA512 7fe3bde2ce84b0016dca49461926e1279650fcec9cb6c92599e74fdcbb11fbcc3e94e8b4cdf0ef6402f024f3e72916617072e5e38f56490c2333f8689a54473e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DDE8B1B7E253A9758EC380BD648952AF_86F2A83F54EA52E2D59C5D2EE00149B8

MD5 a16e149a93948efbdded015c1327ab8d
SHA1 a9a3d6e9bc7d9e7a3c59a7265d935e0c3faf8fe1
SHA256 b896ccda2b412c79e881512b6de535e42e3d1b0b2d1ef6a14184822e81e8fedf
SHA512 432d64e75cb59ff55bb32ef56a1f3c7a7c5633183b106d33baf3fe810dc1b959b2b3b178bfd61aeb71aafeadf227e67c36ac072878e74d98b0152efeafc94a0c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2d76f8cd5bd15e806a48a2bb1c1f4046
SHA1 9f8605ce62f29e4547a02ceb57ce1e31af8abb0d
SHA256 2659a53c2d6e2735dc4eeb1787d1ae3b206f66e797f315e2c9adc56feacb7947
SHA512 fab6b86495210c07852b75f3f5ba4b80d0a6c0cc18d58e8fa73514a0729decbd110dfef2fe55041775996d2f6ee9e01c7f0f92a0e58022546eb4f88b982f531e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

MD5 5a914ad4dd22cd9d4ebd598d49ac9d1d
SHA1 c05c872bb0667f3cdfd3df27f98319f3018be440
SHA256 6c31ea936d626e31fe59f17c2d3d1acd71b11dbf254f5954d8a4bfa16fea65d0
SHA512 777fcb4164d8d5da7906be47cb3fbf2e56d995ef4fa8ac27ec48f65901670cb8fc9ec06b66f2ae851e136ca86c20c1950f5d9f28998dc7e49f26f4437cac90d5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 42e70e9a9a2560900c34b418549100a2
SHA1 731004dc209fe1e7be4a20657509a94c5112ba1f
SHA256 ce3daeeeec23f09a8d4056690ce05a06fe8950d94b08c6462a5c63d7c7566a6e
SHA512 6db73c0c33c9dfe2a242cf296df899f1d7d6a8d41fe30ffe37cbfef32b70bd1b55e6d8ff485283ac5262290c12ac0d5bad80d56108650100221a0d9db55d2fb3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 828c9208b9cc9a65a50d16497b915c0c
SHA1 a436fb736831b120e8e2958943f8675d4ecda093
SHA256 a92a9e7c6d537f355b8a88a4b18199648a0a00527a37be702390fb8b947b37d6
SHA512 170180cc060e1276e141a461bd2720d64a709bf3c38a1ace13ee43c86bda849bbe02a8b910585471be13d4dd9b929100cbecaaa47ba9703e982a1b72822f57b2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b40440bfe8d4a95f3a04c55d9d77ee70
SHA1 45ac40112f3d0f33e019d4ab4368371b42227267
SHA256 60df7bfc5cc9811f700711a78a582d05da06f8720805bc5a2eaf8cb2bf05fd6b
SHA512 5fe6b8d2f170ae8d08a5c4d834edfb48eb58c7ee2f1e12336903120decd7cbcbc40d6993d7b5b276700bb0a2e090e4a61b3a8219eb35ca49abe277358653aa1b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 918a43af75aa76c18782eb260ad5bd9d
SHA1 2c4e9e1bfe55c6704bc44e3aab9caccf2ccfc8b9
SHA256 039715bfb090ad85355e1c3534a01489c799e2ae36b3165b171d9a4d171e7490
SHA512 2a796a2998cf7463fd95491982d3344237041bd10c3878d94925e6aa51c312125ba480a2140f497b2a3e6300bee907b5a37a3dd66f4d48e34cbad2cbcdff4bab

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 375ae855141f3e4d5967c5bb310b81f6
SHA1 efac296bebb28bb7d66bfc4e255dc66b877fa6b1
SHA256 4f7ca0575fc9b41d9bc3603e39e711830fffee4965e269fbe5bc4864decffaac
SHA512 91624b197d9ba0fa452ffcaa0f3ce92c97976de3257abd3f6d9822a159a563fb6532408e64828833d57db30032f92e6dfcbadcb90572c83f342bf09b6d26de76

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 206b1236dbcd29e8785be7f7daa62851
SHA1 87c75a8e196cd5c11b58e78e678bf4de7e5d5976
SHA256 784d12bb34156e449c1b286ed621291697685353cdd077f3315d81f737163b1b
SHA512 8ab23de0458980463c5071ab3391ebfab84be8c1339998f641789806a92afb82778566c7fa812a1c613ade5c9c3d2ff55119423f8d0be41a1a02ef8fe1507a54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB

MD5 1d2011418bfd869f7d540c9dbcf12441
SHA1 476f9a865df96b7ebf2392ea097913c07e09d7fa
SHA256 2828c7e29e497294b2500f0382a8d2f96be414be90f894aefad2e282822f9127
SHA512 3fb1652cce56a2715985beff7f621ca2ee6c738d3ab67fe776c415528b0134b0db8ab4006822260419a86d53d3abacfa5e316dfe79acb8ca36efb12d6cc6fe4a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\35DDEDF268117918D1D277A171D8DF7B_D1CACE8B8F535953C3F7CB165CDAC369

MD5 77a790df0eadf1cd5dcf3be812e6b972
SHA1 cfb5f0964b6d06f9012a52d318e354fbaf236160
SHA256 6dee9eeab017639d8b79557b088574a948d12b2d5fe6f92f15f0f16f85a42339
SHA512 7160f6b38d9ff1c3ca9840a11affb7871c8291802ef8c432483e9606efd8055ed763ec12bea3dbfc1adb124853d4eb33ccf8cf5a6236d93f2a35771428603e60

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d9cff94bea9e4b443f97012c41f07105
SHA1 e204d16820275352dfefa56275e60bf41acae5d1
SHA256 2539965322e9f806377cccdc080661290201d27b1ae6534ee5498e7c3fa984ab
SHA512 36b54b63495307e5055858a18ec46be190574c980d592113eca9b89b20ef206065d1c317ee004923df2782cadcc4318f625a14a3e948864911c7a0f7b45f7a67

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4f866776a3df533515b8e0d2068275eb
SHA1 8507d039d7432cbdfc9082e55a33b02889021098
SHA256 afcf0f5be97c3d204a68cf57ca40217e12dc43c9fa59e6461b3cba86df0839b8
SHA512 8373545670069d171f765e935e291c0aca662dde1f4a3747bf7d793929992789a53d66f95b0143ccad278ff75c81f5cd363d3c445846c3600270974a7122dc79

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ed220fdf96435fc8a608988891696574
SHA1 e7b7ed41bbf7e3cea11feac8a1da9c6c8bf69c1b
SHA256 7392ae7064104c3162e423c9cad34bc6bdb5b3cb75736b3e0f0c673b0aabc52d
SHA512 c8aaf8775be598925fa2d7d1b462df29f357d29cc8b803137e5b82617cb1029ba43c7679676128418e75677edeb5da0bc9b920c64361755ef8b90870525666de

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ad5d21c2f7c354388bf1f40bc626e3e5
SHA1 e4beff94c1bb55d7f9bda784f547c8e493aeab96
SHA256 5553a545c56c57cdaa03bbfdaa6d75f364260700799a5a101b0bd5f1c46000ae
SHA512 d330cf6ac00e72275704e2dd8fc15c855a62e4b449bc85496f09029fcc95ccdebacce22d90c4f37b3964cf9ecf7685c837fd2c649e9780b7920a3c9bcec83942

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4875d8803735400aba5e497e4f0c4f2b
SHA1 fa1d7179bc53fe2b6a2f909bbdba94a5a397b0b7
SHA256 c6f547963b8d344d000ba56225c531eab508755a55a536eb20596650a691af09
SHA512 b8203ba48cc0efca50f040c1bb786ce001bab0fa1a44b730afaaf9d7cbb08af358d2fd9c9942fc2f6755c255bee8a735625232eecc63fcfc640b8a93f0b1632f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f6041d62ffc97473d9cf5468ff4468ef
SHA1 be41e4e2b17ea445ab5b7c414cc7eca387814f8e
SHA256 feb6e46e3a5bba40ccce85d72c2e9503e0c5bad2f134b53f47225f5aa349d97a
SHA512 8bc65b79d7fc47e22340b6271cd573e642e1d101715e6f6d41e978f44f169e744b1c2eca3631d8920b1782a72194d654cd33ec3d3887042a995ae9267ab99b7a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3e09f4f7b9d3627936af96d32637271c
SHA1 7e6a326ea99308eb68b3d6f7766f4930310af174
SHA256 e8541ca3fcdf625ebff6f09c95036647d1dd9c376ab5709196774bdee8d261d8
SHA512 707410ca87d0df19e23692460fb3bbed8a31ffc7e4445f6986e02eae3d6078b5f85f00acceedff4528fa9f69cfda6fed9a6dd5185a7c7212a1447b715e20106c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 555bdc5a9ad4d575c26162fecbdfdd85
SHA1 2bbd2625726e12d5efb76802d9d932ea2a90c3d9
SHA256 14833860c2a0ed4baf00069c319d27954a602e946a9af8da6937c2e68c053f95
SHA512 b1a1843f1dcc5a16a2ff63a762e49a90872e0bd47411a11e1681aa3489a95d53468a88d59545ab625a606f6c024e1bb1d07888e5aabfe09c1fc86c68b70b3e38

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 51b674f980617fe646c5e054631178aa
SHA1 ee1ec6d0bb6885b452c0133e77d344ee62160c0e
SHA256 6d7e63af453626d46cf2cd7ced4b7bdb9a7bd0923c9bf97feaf2fd261c9c6ca6
SHA512 526b37a1c3849df24d4235da9eb2576113b39ac999f4bb937446e724a0268be14bf51a0cbd3b0a968f82f02ece126d21dd9ea030e3a25367c414f0d7d647543b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 351b2a65c3b4a12238f9ac379317c7e7
SHA1 f7b715a169c30fe663a08b6beacc2632b8380358
SHA256 8b23eed219b94a58dec0c578c1952dee6b306032899a9d998e8f8586371e9d13
SHA512 ae24f0050fa00a9603028722c909e3d23bf63d1904d8290982f708cc98266c5a0ed94ba8594ec27b30610fcc9a848178e7a886bc2789d882f096c9ecdf001e74

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 53a4c925e4a60eb6e3c51af4047867bd
SHA1 f8e4110669afa8992bd4934a0c2dcafdcd2df7fc
SHA256 6d8d1606a3c89c5129f74d9ac50ecab73e64b53b277ae4a5c9e5791ce5096db7
SHA512 6527abf0cdca10422b81c027be47769bf4bb3274095a5743424b5b69a5398b61393319e2ec56c83b9f05178c13cca315c64ac03c06fec65a37db7d1b91f5a27e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b1ba5c65d8831dc3d1d68f9cc4449ac7
SHA1 b7d9b8a4b12c2388e3b67957d5e67e3e80ecad24
SHA256 c1c44b909674c4cc1ed1c47b586cb018ce66415df97f469f9b559edb64e9ee8c
SHA512 2324906d92184057960e7278be065296aed977cea0fa63fb0be04c35b09dab721d90eb7c5e62cecadb3223b28f47af47428b90675e0e3d531af3278aa7ec99aa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f03e0102802e5d4c6b44f453b176b266
SHA1 16378d84da317f63efe34c0468ece0c1fca47a4a
SHA256 70ff0e283264c1c8be602fb880cfaac397df957259cee8c965ed677d2552a8bf
SHA512 f9841a015f99b8770529c7f73a3a1282d6aeadaab9027803a78987739277b181c74577ae9f33b474ea0470dbfaa277624bce364a1169b460f9aaf61c2df5b1f2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 139a9924e0df82fca557edfa371ba6e5
SHA1 5bacfcb5a27df001a1bd2ed7fe222eee0e3d4981
SHA256 42939bd6f5bf19362f48cede816b9e4776967b7f2195b842af77d689790955f2
SHA512 04ddea0feb8524dc7c0677eb4c9a40499969bd24034a820293f9ad77ced653f215adeeef37b083809b308d64986e26c45d61f75fa7d97c4d366d0aba5db33920

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1442498de008c41fa6b634afa5381e3d
SHA1 a13a8a1593745cef73fafe5a99b144a941a6acb2
SHA256 77d37598347fc01639c4a7d7cef78daa62991bfdfdc5773f702814f46bcd2294
SHA512 aa03f49a5f64122604f81e6bfa4fc3131bdb1b174925d81e8c7a7077c1ec749049c51d9ff2affa1981c22ae870566e6ccb90d01dc17ab2f9ccbae3926e2ab646

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 2c8205ccb3ae877d730f1ab85af3f4cc
SHA1 f74b9c195b8b5d09e8471dbf91f5ab299f5519d2
SHA256 a2809ac7a72a12a53aa813096654a136cda8404b3d5399a4eb1ba85dd42be157
SHA512 1f565c91c7cc9c80fb508df6e59bb1f249143d5af2b21fe725534efa66883d08ff9c9885006ec0ea378343bd1e2fb71871cf24d4762fb0cd7eeab3a54fec3335

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c4f3e40ae8b477389530c3a5baf87bab
SHA1 d361eda4e46dd6a98e8c97bef8e803769e1bc985
SHA256 55e4af974bbf3d25d941eda179a4a6ed5237d4c65c769851005846696485d193
SHA512 92476d8a6ce8fcf0e6b67e58a498957c747b12e60a2c0a6d0e1c94975dfd58ff63d269db71dc041a401b6c1f95f6538850a9747bcb0154f0f8abe43b0fcd9d70

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 40af3258659e6cee101f85463e1ef781
SHA1 ce42d8696ca3a74cf9463c24f4d620c8477b6381
SHA256 0078be505df13dd75c6756941f36dab2f781e09a873ea760da509bc1dbd82087
SHA512 0f46357799222c92b61eb1c2ff5330408740f0354be123349549cb462912e293836b085e68e5c60d28f812d3ffb1c78735dfce43849fe098cb77278090b67b4b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a9cc8661fb041200fb08d40b335fec8a
SHA1 c3321ebca351538bf2f3e58dad89380eb2cc7394
SHA256 795a635d7980802a9bf805fbae951d89465a685ff1714e6c73883c35804eedb1
SHA512 1325dfb9a14f1b97085c092c003b556584d15fbe291046e81422b9ef8d3287c40c8ed3b56212336275aca0241152a6000e1a40b33794b0c7e0147321d7909a43

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e06e08fe37fba0ce44feae71771fc681
SHA1 16a4f0bb838aa21c82144e14c991edf4d3f6d2b6
SHA256 652efdef75ec3599b4643ff834b1f2d1b734da8b06dc930e12ac7735a037caeb
SHA512 2f868e4d16eebb11085edc5969a58a325f0543960e29d7dc2d5711c2f9b55f387708cebfcf4be7a08c161ce6ee28c46dd884dfe8c3999a458e0206be7d0dc7a9

Analysis: behavioral2

Detonation Overview

Submitted

2024-12-12 22:25

Reported

2024-12-12 22:28

Platform

win10v2004-20241007-en

Max time kernel

145s

Max time network

147s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\e88e3c089fbc7f8cfd85e26ae293ab73_JaffaCakes118.html

Signatures

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3212 wrote to memory of 1792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3212 wrote to memory of 1792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3212 wrote to memory of 976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3212 wrote to memory of 976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3212 wrote to memory of 976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3212 wrote to memory of 976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3212 wrote to memory of 976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3212 wrote to memory of 976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3212 wrote to memory of 976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3212 wrote to memory of 976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3212 wrote to memory of 976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3212 wrote to memory of 976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3212 wrote to memory of 976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3212 wrote to memory of 976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3212 wrote to memory of 976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3212 wrote to memory of 976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3212 wrote to memory of 976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3212 wrote to memory of 976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3212 wrote to memory of 976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3212 wrote to memory of 976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3212 wrote to memory of 976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3212 wrote to memory of 976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3212 wrote to memory of 976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3212 wrote to memory of 976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3212 wrote to memory of 976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3212 wrote to memory of 976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3212 wrote to memory of 976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3212 wrote to memory of 976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3212 wrote to memory of 976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3212 wrote to memory of 976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3212 wrote to memory of 976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3212 wrote to memory of 976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3212 wrote to memory of 976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3212 wrote to memory of 976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3212 wrote to memory of 976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3212 wrote to memory of 976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3212 wrote to memory of 976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3212 wrote to memory of 976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3212 wrote to memory of 976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3212 wrote to memory of 976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3212 wrote to memory of 976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3212 wrote to memory of 976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3212 wrote to memory of 4964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3212 wrote to memory of 4964 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3212 wrote to memory of 764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3212 wrote to memory of 764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3212 wrote to memory of 764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3212 wrote to memory of 764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3212 wrote to memory of 764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3212 wrote to memory of 764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3212 wrote to memory of 764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3212 wrote to memory of 764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3212 wrote to memory of 764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3212 wrote to memory of 764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3212 wrote to memory of 764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3212 wrote to memory of 764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3212 wrote to memory of 764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3212 wrote to memory of 764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3212 wrote to memory of 764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3212 wrote to memory of 764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3212 wrote to memory of 764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3212 wrote to memory of 764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3212 wrote to memory of 764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3212 wrote to memory of 764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\e88e3c089fbc7f8cfd85e26ae293ab73_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdcccc46f8,0x7ffdcccc4708,0x7ffdcccc4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,11486003309192818051,11309920833967528334,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,11486003309192818051,11309920833967528334,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2496 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,11486003309192818051,11309920833967528334,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11486003309192818051,11309920833967528334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11486003309192818051,11309920833967528334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11486003309192818051,11309920833967528334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11486003309192818051,11309920833967528334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4172 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11486003309192818051,11309920833967528334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11486003309192818051,11309920833967528334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11486003309192818051,11309920833967528334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,11486003309192818051,11309920833967528334,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1932 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,11486003309192818051,11309920833967528334,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1932 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11486003309192818051,11309920833967528334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11486003309192818051,11309920833967528334,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11486003309192818051,11309920833967528334,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11486003309192818051,11309920833967528334,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,11486003309192818051,11309920833967528334,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4976 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 apis.google.com udp
FR 216.58.213.74:443 ajax.googleapis.com tcp
FR 216.58.214.169:443 www.blogger.com tcp
FR 142.250.179.78:443 apis.google.com tcp
FR 216.58.214.169:443 www.blogger.com udp
FR 142.250.179.78:443 apis.google.com udp
US 8.8.8.8:53 adsensecamp.com udp
US 8.8.8.8:53 xslt.alexa.com udp
US 8.8.8.8:53 g2.gumgum.com udp
US 8.8.8.8:53 widgets.twimg.com udp
ID 103.30.145.12:80 adsensecamp.com tcp
ID 103.30.145.12:80 adsensecamp.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 bloggerpeer.googlecode.com udp
US 8.8.8.8:53 i825.photobucket.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 static.inilah.com udp
US 8.8.8.8:53 i1128.photobucket.com udp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 www.blogblog.com udp
FR 142.250.201.162:445 pagead2.googlesyndication.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
NL 18.239.18.8:80 i1128.photobucket.com tcp
NL 18.239.18.21:80 i1128.photobucket.com tcp
NL 18.239.18.21:80 i1128.photobucket.com tcp
FR 216.58.214.169:443 www.blogblog.com tcp
FR 216.58.214.169:443 www.blogblog.com tcp
IE 52.214.135.164:80 g2.gumgum.com tcp
FR 216.58.215.33:80 2.bp.blogspot.com tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:80 www.google.com tcp
FR 216.58.214.169:80 www.blogblog.com tcp
US 8.8.8.8:53 twitter-badges.s3.amazonaws.com udp
BE 108.177.15.82:80 bloggerpeer.googlecode.com tcp
US 16.182.108.81:80 twitter-badges.s3.amazonaws.com tcp
NL 18.239.18.8:443 i1128.photobucket.com tcp
NL 18.239.18.21:443 i1128.photobucket.com tcp
NL 18.239.18.21:443 i1128.photobucket.com tcp
US 8.8.8.8:53 js.gumgum.com udp
ID 103.30.145.12:80 adsensecamp.com tcp
NL 65.9.86.102:443 js.gumgum.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 20.49.80.91.in-addr.arpa udp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 74.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 169.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 78.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 8.18.239.18.in-addr.arpa udp
US 8.8.8.8:53 21.18.239.18.in-addr.arpa udp
US 8.8.8.8:53 33.215.58.216.in-addr.arpa udp
US 8.8.8.8:53 164.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 164.135.214.52.in-addr.arpa udp
US 8.8.8.8:53 82.15.177.108.in-addr.arpa udp
US 8.8.8.8:53 12.145.30.103.in-addr.arpa udp
US 8.8.8.8:53 81.108.182.16.in-addr.arpa udp
ID 103.30.145.12:443 adsensecamp.com tcp
ID 103.30.145.12:443 adsensecamp.com tcp
FR 216.58.214.169:443 www.blogblog.com udp
US 8.8.8.8:53 www.linksalpha.com udp
US 8.8.8.8:53 102.86.9.65.in-addr.arpa udp
US 8.8.8.8:53 30.179.139.118.in-addr.arpa udp
US 8.8.8.8:53 8.39.65.18.in-addr.arpa udp
IE 52.214.135.164:443 g2.gumgum.com tcp
NL 65.9.86.102:443 js.gumgum.com tcp
US 8.8.8.8:53 aba.gumgum.com udp
US 8.8.8.8:53 c.gumgum.com udp
US 8.8.8.8:53 gumgum.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 widgets.amung.us udp
FR 172.217.20.164:80 www.google.com tcp
NL 18.239.36.106:443 c.gumgum.com tcp
NL 18.239.50.48:443 aba.gumgum.com tcp
US 104.22.75.171:80 widgets.amung.us tcp
NL 18.239.50.53:443 gumgum.com tcp
GB 163.70.151.35:80 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 crt.rootg2.amazontrust.com udp
BE 108.177.15.82:80 bloggerpeer.googlecode.com tcp
US 8.8.8.8:53 t.dtscout.com udp
NL 18.239.83.27:80 crt.rootg2.amazontrust.com tcp
US 141.101.120.11:443 t.dtscout.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 157.240.214.11:443 static.xx.fbcdn.net tcp
FR 142.250.201.162:139 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 3.bp.blogspot.com udp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
US 8.8.8.8:53 106.36.239.18.in-addr.arpa udp
US 8.8.8.8:53 171.75.22.104.in-addr.arpa udp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 48.50.239.18.in-addr.arpa udp
US 8.8.8.8:53 53.50.239.18.in-addr.arpa udp
US 8.8.8.8:53 11.120.101.141.in-addr.arpa udp
US 8.8.8.8:53 27.83.239.18.in-addr.arpa udp
US 8.8.8.8:53 11.214.240.157.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 connect.facebook.net udp
GB 157.240.214.11:445 connect.facebook.net tcp
US 8.8.8.8:53 connect.facebook.net udp
GB 157.240.214.11:139 connect.facebook.net tcp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 whos.amung.us udp
US 172.67.8.141:445 whos.amung.us tcp
US 104.22.75.171:445 whos.amung.us tcp
US 104.22.74.171:445 whos.amung.us tcp
US 8.8.8.8:53 whos.amung.us udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
FR 216.58.214.169:443 www.blogblog.com udp
US 8.8.8.8:53 kencew.blogspot.com udp
FR 216.58.213.65:80 kencew.blogspot.com tcp
US 8.8.8.8:53 65.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a0486d6f8406d852dd805b66ff467692
SHA1 77ba1f63142e86b21c951b808f4bc5d8ed89b571
SHA256 c0745fd195f3a51b27e4d35a626378a62935dccebefb94db404166befd68b2be
SHA512 065a62032eb799fade5fe75f390e7ab3c9442d74cb8b520d846662d144433f39b9186b3ef3db3480cd1d1d655d8f0630855ed5d6e85cf157a40c38a19375ed8a

\??\pipe\LOCAL\crashpad_3212_LUBUGZFWHVTUYRLH

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 dc058ebc0f8181946a312f0be99ed79c
SHA1 0c6f376ed8f2d4c275336048c7c9ef9edf18bff0
SHA256 378701e87dcff90aa092702bc299859d6ae8f7e313f773bf594f81df6f40bf6a
SHA512 36e0de64a554762b28045baebf9f71930c59d608f8d05c5faf8906d62eaf83f6d856ef1d1b38110e512fbb1a85d3e2310be11a7f679c6b5b3c62313cc7af52aa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9312f4b9dfadbb2df103e2165e198f10
SHA1 0c6064e067806e80b3b88ee20f79fbf63e2977e7
SHA256 556bc720c3b4fe6a14010b88ad673486710de45ad7f6bb6d231f9ef0ac01f020
SHA512 d4ddbe33936377f24b47ee4df8af3c9e0dbd9b7d282a2f2fec3eb025c6f2b7b1ffe88024c5b0b937805284d51474f4d9593c4e1283c1a5f4f2a28a11be4482e8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

MD5 89227c3022039a08affb0601f35d09ae
SHA1 cb635db23a571c62e6b5429efea92a477c6863c7
SHA256 6efd8a897fc70d1ae105bd3743b0dfb0dd9631c9076e30b03b952792fbde02e5
SHA512 b1371cd7370595c3db6fc7f11775e073b051c3e778bc6983007fd86a2f5bfe338d3f46cb716c17ec19fe7991455e4345c094ec7180a13cbeda455fdb4acf833f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 1f0dfda9abfe4030d151e888a0779f5d
SHA1 058e5f097725a1426512c0ff3757317d601591fa
SHA256 bb44ae52fe18b85aaa74900ec587b72fed76f9d0fb063f4f2119d146e9d5b8df
SHA512 41c14a06dc6e1457dc3c7a65f43c0df9769bb08b7f9d751c74e0f0b4d43f2c4989d181e9e8aeff85024000c89aaef3f3c389afa024d8b02a2c6c0b3048a38b24

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6d2641469deea59e0085dc0df2f9c133
SHA1 75d5ba6d850e64f08d7e97d09f1b6725368b7dbc
SHA256 df756729bf5de0b2307320324a248a0f58fe8778d57f983e8b8cd82cf9537b77
SHA512 a80c67bb87163a8627c31fea0cdafa4fe1b9b58972ad53c7aa7fd723c03f372ad6f9f68c31db19b38cd6011226fddd9dea80f5b92bc034c88413e65a1351f680

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 0b2312c25c9a6d4adf0517d90ce8387b
SHA1 dea8576689b9cac3bd531f4ae4717a7dcfd80fc8
SHA256 72629ba35a67b18c3c25ad3197d6358cfdf2117e3e828a9a0737da1eb2a0a112
SHA512 b5eb0f754a4747fec2b5bb737604347674888453e5d97c04e635d4ddfe3fa91708e971d2a3d14babb187edf739065201ab59732d4f948c0978c398bc3037b0c6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0345453d72578933e8ac732811aa1697
SHA1 b9a4a61060992327e4da95aaec792aead31f3829
SHA256 b9f63874c7319849ddc0fd9e97d036197d3fab48ba2cdf9041e288eac386551a
SHA512 66ae378f19a79663592f74013f12e7ede9a5af30944811d76c3ef9f8710d8b4e089164e92934d208f97228b87f39eda88bdce68b931088a3cc4b225660cca1fd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 f510725615d5871b48377dc7cdcbc174
SHA1 b1efe082f0c50ba017dd6a48ce3ca097a37325ac
SHA256 3efe74adab7d542ba5043a80d7649ff2faa5f14c6da8466ee7e1aaf174f4e251
SHA512 ef0633eef367dd8b9f8f5e0076cb26ab8516421d2cbd1fc74725bb2b0d97f1e59ae259845fd311af59827aa7041f7a61f6f802f1ecab0adbf708a5e7ea7fbb76