Malware Analysis Report

2025-08-05 15:44

Sample ID 240525-bjn1gahb8z
Target 7063dd810582d6f66e885d2cf9b6c276_JaffaCakes118
SHA256 4d0d7a1816edb5ec2d4dfd7d167db96502eb38752fe0dd3c1aceca7fd090b333
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

4d0d7a1816edb5ec2d4dfd7d167db96502eb38752fe0dd3c1aceca7fd090b333

Threat Level: No (potentially) malicious behavior was detected

The file 7063dd810582d6f66e885d2cf9b6c276_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-25 01:10

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-25 01:10

Reported

2024-05-25 01:13

Platform

win7-20240508-en

Max time kernel

134s

Max time network

141s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7063dd810582d6f66e885d2cf9b6c276_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422761305" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{98E9E3B1-1A33-11EF-906B-FA9381F5F0AB} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7063dd810582d6f66e885d2cf9b6c276_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1692 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 latuagrandesfida2014.polasesport.it udp
GB 216.58.204.74:80 fonts.googleapis.com tcp
GB 216.58.204.74:80 fonts.googleapis.com tcp
GB 216.58.204.74:80 fonts.googleapis.com tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab206D.tmp

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\Local\Temp\Tar20CF.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8d6fe76d0ea14d530f77563b0c3e204a
SHA1 e4cbd49edbbf4bb3281d0e57667128ebe685f5ac
SHA256 9557a8655ff7094a07b511f0aa16f7d5b70c90b9f713d7426135b35d9f6143cb
SHA512 85ead947cce44cefbb60d875384ca0d34f12d30c8718abbf2f90db19c6fefc0d88664bb2b8738860cfabc766acaa1708b9cf5a712e638e8bada6db5751dd4524

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 481cf8e2bf10591e84d6bd9910001030
SHA1 445119ed86f7dc90b5e7fb97c97f1f245482728a
SHA256 6cc85d5c7a5f53004905bdff52e243c7cf78e3959101fe32717ad0c999d89b66
SHA512 afda717d29f886d3c46e1613d7d7e495dbfd2861c1f9085844d027fd186601df7da93be733b1f7c7ba7358d850f84da0c320c106464d7d101f8db1a78db85f58

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ce6abd63df92cb2515b81b119a004c94
SHA1 c9c0d2247e6694667ceb136d63ea5431c5785503
SHA256 3c7eed3a37a1d9cd3630957d74b449090ae48725c826eb90c8bca0fe2a62bee8
SHA512 d34efb6e2e3b67e4d29697ac9f13ac6665f6fdee2f276d884d85fc6363340798cd63d9c95fbdaffe47261a035f03271855c08f79556bb2dba7e76b16948e7244

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 869f3ae7528ef3505f9e91938ca3c478
SHA1 9e37031b16aadfbb52f1aa911748d278935c6937
SHA256 18734dcdf5fad8e025773b4d9a424fa345f3d0649014588bbfcedab588f3e058
SHA512 1362e18acb567d02390b1ac63d8c39de3c53853fd13b31d443146921f2a8ecdbd4fbc71695779c6ec968a12b4541b0d4fe4da3fa451a4a8e689fe1e38394a9b4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e67f950433b37a5fa6cf2e8d66b96361
SHA1 0acc9deb41618a995780cba6af806b8735db4b77
SHA256 4342bc0031151b85ca112bba414e460146b83abb9442c63b6886fdacccf174fc
SHA512 6e2939111323238532d50965caa1a103fb04f8bef306684af5b04416cc5bffd390693320879cd814100ce292a8901bc18a9784bb8c4f985428177e493975ccfc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b614d770a3394dffcd0725778a6426fd
SHA1 fed673c0b49da050f111941a14a197f0f8a0cb41
SHA256 99f682dcf93b9b649cfca1905cee26e1eef05e5768e92deaf4aa36b2f6811ef4
SHA512 2577c10cb6516dbb1bbec0ef6ac022ad722cb1bff27518889c405066df9aa3304e8c43a6362a46637897a730e3699933819efbfc07e7bc8e7354272a51d0fb91

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fc41432d4cc1231b49de935e18514f1c
SHA1 cebafa37397546b8fd7db690faf9c2c38d16814b
SHA256 cd5c8587c5d98108737879fd60336ebd7356da07937ff5138cc049cd6f1e7577
SHA512 13ebd39ed46c1f5de734fb99c6427c9c359a088b32c1b605c72dbcfe69e5b7c250d0487da036c6094416141b1783147bd3bf7a04c128e595023216ce8fb44b1d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c0864515501bc4dcd2e15460af14de55
SHA1 32cdf2816965913b547d93688527307b40e14f9c
SHA256 9f35194e4d2ebee7ecfde09ca5a3b026dabd6c958539949de2ff6a4998e5406b
SHA512 053f179fbd421a0b75c88881ae69e79ae5e0c531e994337c73bf77ce3fb8a88496ec56488e6260a4c7ccbac1e4b237ed6553af4308ff73b7cca35a3399857724

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 61f9a5f645e9ee0e9b6f43ee29f8472a
SHA1 aa3e847b83c2234eb1f2c267aef0a92cad0c1ec8
SHA256 584fb7cbe1111410c8178802e169f05434cb1782e0636d778724294e2385f187
SHA512 7863025832cc80f77634f3e29821b26c2aea7efc0e157f2e670abecf7d1ca6e99cf02a2cddf3df7b5ca49ba90d260113904ffd1cef5a098db08147ccd4febb15

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-25 01:10

Reported

2024-05-25 01:13

Platform

win10v2004-20240426-en

Max time kernel

149s

Max time network

151s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\7063dd810582d6f66e885d2cf9b6c276_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1224 wrote to memory of 1968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 1968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 4260 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 4484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 4484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 3228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 3228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 3228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 3228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 3228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 3228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 3228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 3228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 3228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 3228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 3228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 3228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 3228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 3228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 3228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 3228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 3228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 3228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 3228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1224 wrote to memory of 3228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\7063dd810582d6f66e885d2cf9b6c276_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffccfeb46f8,0x7ffccfeb4708,0x7ffccfeb4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,17736237336785096031,17515241383284436699,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,17736237336785096031,17515241383284436699,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2344 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,17736237336785096031,17515241383284436699,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2624 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,17736237336785096031,17515241383284436699,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,17736237336785096031,17515241383284436699,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,17736237336785096031,17515241383284436699,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4864 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,17736237336785096031,17515241383284436699,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3148 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,17736237336785096031,17515241383284436699,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3148 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,17736237336785096031,17515241383284436699,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,17736237336785096031,17515241383284436699,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,17736237336785096031,17515241383284436699,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,17736237336785096031,17515241383284436699,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4216 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 s7.addthis.com udp
BE 104.68.81.91:445 s7.addthis.com tcp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 91.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 latuagrandesfida2014.polasesport.it udp
GB 216.58.204.74:80 fonts.googleapis.com tcp
GB 216.58.204.74:80 fonts.googleapis.com tcp
GB 216.58.204.74:80 fonts.googleapis.com tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
GB 216.58.201.99:80 fonts.gstatic.com tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 s7.addthis.com udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
GB 216.58.201.99:80 fonts.gstatic.com tcp
GB 216.58.213.14:445 www.google-analytics.com tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
GB 216.58.213.14:139 www.google-analytics.com tcp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp
IT 81.29.196.71:80 latuagrandesfida2014.polasesport.it tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8b167567021ccb1a9fdf073fa9112ef0
SHA1 3baf293fbfaa7c1e7cdacb5f2975737f4ef69898
SHA256 26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513
SHA512 726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54

\??\pipe\LOCAL\crashpad_1224_LWGSMZZSJRTEAZGO

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 537815e7cc5c694912ac0308147852e4
SHA1 2ccdd9d9dc637db5462fe8119c0df261146c363c
SHA256 b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f
SHA512 63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a029ade0c7352fa93545a353b17ff1c1
SHA1 8d4abe1c2706fd5532b19ce9495b99861adf8cb1
SHA256 6a9a03c67c68243400f371eb9511b16a7e76b73513edb5e5ebfe4114e0d12efa
SHA512 e4f2b0f52d14b2e0a4206e4922f8e8857c81d375f5f836db86dc44cdcccd8b787da716dd20bd02dc36dba10bdc20f6a1a5626262d8ba9e241b2002d738e7a824

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ae4aa8eaef26cdc515af27e32ecb5872
SHA1 34c90317c4aad964a22bade9837d9a9059a55e47
SHA256 5a319bb1ea6146b29ffedad418d0a839838909d8d398bf488c1506f60ebc3a58
SHA512 21fa34bf73a71fa1f58dd3f5b4cf3bb68156f2678079fa6b2c2e88fc5b1059d99a925d7e309e75d35150bf502a433f0eaf419aa7ccd8bb49c1d5504a1aa3e3e9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1966725d26e1e692b7beb762af135906
SHA1 96bd1e42c9955ae60b2897add5fa4efdefaef384
SHA256 7a1cb42bcf0d7562796f1f40d3ce8d0c9e969e7daf1361ffd3be8ad4a5c7bc0d
SHA512 1b466f0274e29d82e971073ddc657f5af1da8c52caa16da733e4c61c618bc45d1758f61c1c9e2a60719004defa998f8edb62ace4f6587f13708b89d15f6d51b2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 026acdafe325d05d0faee56956bbc2e4
SHA1 5bd3b0980b1694604d6accec9007e9cb84dc2e4e
SHA256 7f6b02ccb3c6233d13708cb4e7b49e3a2c21b9bc41cdb07fea37186a0e40af3f
SHA512 a665769bebf2384d41595b4f4920cc22a57c7fa3321394dadfd1d3aca942f39da98f06f795ca9b8652ac8afe7ddc106a57dd91afc671eecb0efa99ba8d768d71

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389