Malware Analysis Report

2025-01-17 22:14

Sample ID 240603-qn4ztafh4z
Target 91f1af2dae70e0b08af487c1cf5e32c5_JaffaCakes118
SHA256 8e6c1cc4dc02a13dad32efa429f30e9f6c6726765007bcbc41256e1b7dadafae
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

8e6c1cc4dc02a13dad32efa429f30e9f6c6726765007bcbc41256e1b7dadafae

Threat Level: No (potentially) malicious behavior was detected

The file 91f1af2dae70e0b08af487c1cf5e32c5_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-03 13:25

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 13:25

Reported

2024-06-03 13:27

Platform

win7-20240221-en

Max time kernel

122s

Max time network

127s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91f1af2dae70e0b08af487c1cf5e32c5_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000001078470bc3fff468e4278db47389ad400000000020000000000106600000001000020000000e9db4f00de8ab155a80c068cb5f5059ab4972c63ecf1268498421a2f1a7caa99000000000e80000000020000200000006055f9d5baed7fa359896b17d4ce901c2bbc45734c3e2643859111fa7aa82d89200000002cbdbc077360fc843953042bf4682a114d69bb87f5ac634e8384cdb411802cd940000000aae70f7f785e77e6d45829bd653f684195b0fd248e8e7522d029f1dc66a71005faec03dbf0418fd94bcd5ecc4f518330d7cde844eb107e029d62fbee0076f4c8 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423582992" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000001078470bc3fff468e4278db47389ad400000000020000000000106600000001000020000000ff0bc52257362cb0b8ab6b8ea4508a05afd50b23873e9eae592d78d65108bd6e000000000e8000000002000020000000a1b7fb9c3027cc53f4a02cdbb093c91e3d9df3f947c3ed123a133cfd09bfab7190000000c378abc1c0f02ab4b983923b1a9ccfb78beb0d7aeac451c3c9e89cb76dfac3be7d82e3cd628ff67718209494ba3ead1206e5aab9f41daa566596ef63825efd0fdd95778a27e6c6257b1f2ac8e4763e26b07e1a71f7deb62348f6d62b9fbfb7ee5d32ff426a9ba373dc58bcc52b924dc9fe21f7b94e35ced1dac177012fe5eb0fc180cd447e34e3e676726d12846fa7c040000000086e415b2b751063f6ce04b2ef145bd442a5f76aba2004396595b2f583cbc9078ee6198c25b4a06017a4fb0952df4607132d35868403f3fbda4cb09376983ec3 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 3015c194b9b5da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{BBF4C981-21AC-11EF-8FBA-CEEE273A2359} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91f1af2dae70e0b08af487c1cf5e32c5_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2440 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.techienews.co.uk udp
US 8.8.8.8:53 s0.wp.com udp
US 8.8.8.8:53 stats.wp.com udp
US 159.223.105.228:80 www.techienews.co.uk tcp
US 192.0.76.3:443 stats.wp.com tcp
US 159.223.105.228:80 www.techienews.co.uk tcp
US 192.0.77.32:443 s0.wp.com tcp
US 159.223.105.228:80 www.techienews.co.uk tcp
US 159.223.105.228:80 www.techienews.co.uk tcp
US 192.0.76.3:443 stats.wp.com tcp
US 192.0.77.32:443 s0.wp.com tcp
US 159.223.105.228:80 www.techienews.co.uk tcp
US 159.223.105.228:80 www.techienews.co.uk tcp
US 8.8.8.8:53 techienews.co.uk udp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 8.8.8.8:53 trends.revcontent.com udp
IE 54.195.216.147:80 trends.revcontent.com tcp
IE 54.195.216.147:80 trends.revcontent.com tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Tar1642.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\Local\Temp\Cab1643.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EDQW9R5V\js_composer[1].htm

MD5 4f8e702cc244ec5d4de32740c0ecbd97
SHA1 3adb1f02d5b6054de0046e367c1d687b6cdf7aff
SHA256 9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
SHA512 21047fea5269fee75a2a187aa09316519e35068cb2f2f76cfaf371e5224445e9d5c98497bd76fb9608d2b73e9dac1a3f5bfadfdc4623c479d53ecf93d81d3c9f

C:\Users\Admin\AppData\Local\Temp\Cab1750.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar1766.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 03078cc777d6ebff7114d1d6e68fd79f
SHA1 0bd31b6867300256883c2edde87656cbf84a7756
SHA256 0c37b612a415fa0408813bd6d0e689b031250d23620156538a3b03fe03ea3e3a
SHA512 25432508fc8592824c8288d3fc70663e9d6e14e9832574b1634eb828dd59f9715c77846e95037e07fae54824b1fc5f0e0e9081957b6fc971cf846299658e7fbc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1075685fb4793024ed9fa5fe8351624e
SHA1 19696fe8b4b179e51a988feb15c3247d084ecaa3
SHA256 0fdd7c43b0d435eb78e23b0859c45986b5eb1dc092124a4bc3c7dc359c74b8ca
SHA512 0f032463c3dbb359cda4af8d44f769f2f0271371f04dbe8b8b196423031077a52a2bced905fa0e4c91ccf1f05d7608bd0e55f55ebd84b4d038b05149399ee9a8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 773dea95a5cb2ef8e49a75c72bbfdaf5
SHA1 1c3d88860a4f4d00fdfc13d3cd5e42f09d2515b1
SHA256 24b0cc86e79d513ebfa6ac0d4ad2e804be787feb623dfe0f897bfcb48ec982d2
SHA512 08b2b65a6fdb008f86f72bcf1d2bb548b81e1efe99f1ebcdbbb2d6c92ededa6d86f865e8642e80dd2cd526edbc370375f2cfd5975923a290544f6ab5ea377744

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3c86c6800a0fc859f68dbd0397ec4c3d
SHA1 bfe62ac29ad22facde87ce3a6f9c7221f7f667fb
SHA256 46e317092301981d8c7360df3e9b85407b218ac1fc72a3dc412a5b1da5399a43
SHA512 57eabe31f4654d84d10b1b8d34baffeab52fdef83616a500e3970a4c635f62f5660173b926b3baee6a82b34d3eb1064170beff8d4a6c9466048d69b36d841205

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dc39dc6149541919c8033e7c8e2a765a
SHA1 e104b90db6a8870a74dde90168c7fb4e79471101
SHA256 32a9c281d33d42c63ffb2849864619c4210b235a066b996c7162d0426d733a93
SHA512 7257cc2c0d299ed11b4f89ac4995838cc1e44a425278d000d9e8184a558f36d1fd5bbe708c0876e3b9b3a5ea0dac581b5a0e2f919a14317145db3b3523704b92

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3f0a4a258b711f030e401fb968b6c060
SHA1 67c3b93a8a9bc8b0af67a65b59feebe0b232cefb
SHA256 9f7ad33afcfe8fd0061716151ea980c7b9ef58174e04863f523210d9c82f877f
SHA512 54a91da7bb1d5d46c6d056973f759e1120c46e5c43795bf29d0bef89605103eee9e100e630a76bded85ee2c87fb829f4f6f979be7c2f7a033835cebaacbf1ae0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f10a1ed307dc79e98bc730be8bc4cd2f
SHA1 30ac116295ef6d37d76090a6d4e1ce9e9d92bc28
SHA256 67dacac1943bcd7638ae25efc7d52d7c9ea7a260415de5690409340c5fc1129d
SHA512 7dc58dc3cb144a0777be9d0bf11ec418222ffe9ffcb8a0361d771c36ea1f67ce6f773becbd6b1604a57c3014e939a87b94c54dae1cbb92ca296ef88ab1bbf079

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 89006f7d0e2001a57db7d71c063f5e4f
SHA1 a10a0d9b787eca9607594e492e3f663bf8c6f774
SHA256 faa6fb586d1a8b564c72c3bdd360fa86c8ae459862a3410aa7303158979ce795
SHA512 1ca065ed5eec25022245f61628c91458b3b9adbf7140e4fb6dbdc373e062a4bcbfc5290304d96c8e9d08b4d292207a654afeabc4c16c874bfb18b15927c18a57

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 52447c2bed325ec02167a6fcfcf236bf
SHA1 979b9459c641f48bcd00be8b5e8bb5bdece279aa
SHA256 3cd1d5451aafd6d5ae9752f197ac9d72d601de86fb675f7b402d345b49034151
SHA512 ef26ce016edab63d7d78a42f1d0fcae1cf9adbad7bb9d123408baa50085f12f1c5ffeb3a6260c3c1dcf1e429f94e51e198db97f62f728f731bef40fadc08ce7e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0b79707a4e3be0d24562793158f5c1e0
SHA1 36c52aaa54517b330be3f13054fe363f2fe0c9ec
SHA256 40024e1da6ac978049908086955f63781395e9ceb9aacc3a968bc135008e9346
SHA512 6646336409dd90f739f3fd3c6b7f5d9153bafee2a52362e1ae749bf16791e0c87c99df6ac7556901d636739a77b445cb78efbc2a9202e38df406eaafc1e516d9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e55cc9eb3f8d4461f8670c15f48c6933
SHA1 b492c3165b542e47efb93a0b1afad953ed2bfbf7
SHA256 daee19b830673a32f48d1ba531ff3ba5e5f57c121a300c8f5a56aa6354e723fa
SHA512 5be1609aea5f4fbcd4d4d893049e9ed35c44a5b01545b46c301cde4e7b24b2e467a1f86000bbcbee011b5860a48f1b0623107f406bc0ac995775ab251c2a1bb8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6346436b219c2e72603d418bb9dea19d
SHA1 1bd68f5ec0f242b236d610c6813227e19b21eaea
SHA256 a47854a23ae80368a75078cdcc998d74f82eff336c6f5cdec5eb864ef69443b1
SHA512 7205be49497c97fa6bba7958ac720537081fcfbcfde9b06ecdb4d907cbb08a6b8115a8933b54191ec9a4adad33da6d5e07cd8fb7a6000a7654af0f4a7b0a6f22

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8f1235077db20c6781ea1989a3049f61
SHA1 1cb213508344b9d8b9cd49fa286b877407b3a5dd
SHA256 18bf5388a5a4df0737f7aee4412280df2776448af9b14abc21780205dcd7c4e9
SHA512 60c0f94a3057ce2bdea305ff3ceed6c3ebb798d8c20d60aa9cbb89db613db41b06e489dc04020e380bcd46fa15b2b4334747d333a7d3b2ec4d23246a6e523481

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 4066c4d5a52d4405c979143906dda528
SHA1 02ac27a5b45dd5d9514782bd87a7787320cb8f7c
SHA256 45bcf70cb70963bf88b47d3f72f9e6fe32baa25e9a2c43672e6f1341bb30fc65
SHA512 f40a66b61d6e4baab8d126a37ac450819212fea100e403d54a0c4604e617f6ccee84535f9644688c7bf091d748452c5f22c0d43bca29c4b69e4d8cab976336a3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 59ed3b88cd00dd6eac6e66137dd39e52
SHA1 02a31a5d8d896629fe1db3238b9738d5d3f0cb79
SHA256 832790759b5f764fc52a400cfd98a6f39b8a518202298e9f1a330166c32a68cd
SHA512 6a66aaac887b00262851a1e079f1c4828fc72501bd54ca372c757000d83c149acdadb0c93adad8e2f744a3dcffc2ed427dabe17c113ca1f5934767f75ab0e1b8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a1102ff87534ab43cd27f48f5ed51545
SHA1 b7eca664c10fa2373882d20fac5ff7baa706ea0f
SHA256 075185d27136903c3370ee280e59cfdc892a830a19aa2b07c51f929643bceb05
SHA512 51d51cbab63a7405b8909abaa1877c6d094eb63a07389b8b2b0b88c7305ad44a967b422ab3ac6343e41732531aa3d6ca6fc1d86ae35553bf281d7a97d7e3a4d3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8083d90b3e65989afacaaf480bf26afa
SHA1 97dfe5d8fd4ec899a979386055885916de6e715e
SHA256 19e85b8917d4b2dee19c9b2b41ae6dff23d4af5b1a96bb9a7b79f06943abdf48
SHA512 40c40f1aeba1068897ff5e624da8ae3ad91e181e792eedce4def3dd873882ad5498ed5da00601a10a276b19772b51cb66dcffba17b76d26acb82640c38a041af

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 132dda0bad2c5706c33ab3f63f6c8747
SHA1 e1ca5d8715fa699f14438ec159ed048bea53872d
SHA256 b804398b942b4cf46c67f90adedc056c6d9b5b938e9d0658ecda8160d0bc6256
SHA512 160ece03165697cd4954d047017d1f92783d0878fb44ee66f21a3f7bacb9b29119fb16ebf3a1755cfa6127ef76ef4cbf832a243ef4f78f0e9960f77c5e3be0fe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fc042b6ee363e81cee8033328d91abb7
SHA1 69c6bdd797c3822d87ef680f86fff4ae6d14aa33
SHA256 34ad1bfb817434c9274593ab348e15d91d99eb0e63e25a4a0413b9cfe3cdfefc
SHA512 2b7e719f0dbbf7d0edeb8b2c09e927935b7eb66f7317f1b72c0c86b4a11fda6bcf7abc33157715b63bb85ceb0cd891e35f0096f17ce42b882dabfc716e08e522

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 81da3345cf98c03a047fda846a98ec0e
SHA1 7eba98fc2d5c4f5d7e764f3035e493c727349361
SHA256 b97d5db4537702c1ca022ae01012caee0d134967d0f42f720b1d1f894a05165f
SHA512 a53473c4e422c6476cd779c8f11daad787c12578c5fb06ab0991d270377baeb23fbe76cd5125d41fa2d6ddb427df1e0c19556ec841358ddefac89d231b363ce8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 561073a23372b69e83d50267c238e3e0
SHA1 99494fe8a71b7088042f437d9e8ab3d5f1cdc546
SHA256 0954a02a1fe0cbb3b55c969c032d28f5c2bef91ed530bf10ac7ee8b10dd88d39
SHA512 2e824accf6e345feb0b7087e5675aaaf6c45755a38788956ad70031480d0bd915dc1ab1ed418a828fdbaa64d54ff8c8c26eb2714681df43810d82eb872552080

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 1eede452280c62e10b8c917938dce273
SHA1 56119230a395e429281b8e1da2eb734803a741a9
SHA256 534c58c11886cedcf019c16aa3e252ea1f3ca2934233727afd30f8420a8a7ee3
SHA512 d55c8b55c39c54ab8f1542760f2e48202ae9877d0409836da010dd205c6cd9220490da3cc20fdf66a7dc0450dd6c3cf412fdd5cea47cf54eadc0a0b149f558e6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 03f047cb01db674f15b2c2feffc390f9
SHA1 88f2de73e5782b348c91662b20de0410f83fbfaf
SHA256 3a19a83d4a63f35e22b0bee1c8bdb94eeff9abfe4c19d76a436b027b19102351
SHA512 46be8766e2e3d204beca273445983981b106d5838c13e172c3ae05a3f368f6ae4ec64812c6d13fb1efa54f0f013da0f6a6ff246a347c53a70b35b9e945ff9523

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1c59a10dae8f25e479882d648a061702
SHA1 6ec792d4a774dfd19fde9b76feab41cc2e30647d
SHA256 09a923f0d707a2a85bd918d1140047a6943306855fa8c2c4b6936e5558cc7ad3
SHA512 8b1f259326fa59ece3782afb760aa85d6775bd7c045089c3c3ba4510b8ba468a3af52117ae35f8d6bdff968b22c13bbbeb5859a3449143b6d31d9b95e55cd6f8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 eab1be11a0777987e7dc182afde8363e
SHA1 cda5c1f9f2ebe8945e42915963e03afd83be0d13
SHA256 a6d958b3a5367a36c5abccc355f737d2b0bc9e802a8a5bbc578d5613557bbd42
SHA512 0b0655d22a7644544eb068ed260e16ed99d2b24bbd730668d3ef27b88c08b3587842abab674abd8b91e705ca1cbd5cb1c127f2332fecef6d35c4c5ec5bc3e693

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ee8d17e3d550593b605ce5cef3e5956d
SHA1 6af5180fb0a8324dde733e3497b9beed87b0e935
SHA256 5a707c74d2111c61ed0169ec174ae378d7205ee6d24458464047cffcb9f15e3d
SHA512 6562c73c00d290b52eb0859a67579e96105e79411a7ef1900c54b97f4c5c6aa821b3600b5b1ddd12e930a89524c5a40e38c51b5493e60a2827e2f4563211b3d3

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-03 13:25

Reported

2024-06-03 13:27

Platform

win10v2004-20240508-en

Max time kernel

145s

Max time network

150s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91f1af2dae70e0b08af487c1cf5e32c5_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2364 wrote to memory of 2160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2364 wrote to memory of 2160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2364 wrote to memory of 712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2364 wrote to memory of 712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2364 wrote to memory of 712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2364 wrote to memory of 712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2364 wrote to memory of 712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2364 wrote to memory of 712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2364 wrote to memory of 712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2364 wrote to memory of 712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2364 wrote to memory of 712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2364 wrote to memory of 712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2364 wrote to memory of 712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2364 wrote to memory of 712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2364 wrote to memory of 712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2364 wrote to memory of 712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2364 wrote to memory of 712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2364 wrote to memory of 712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2364 wrote to memory of 712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2364 wrote to memory of 712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2364 wrote to memory of 712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2364 wrote to memory of 712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2364 wrote to memory of 712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2364 wrote to memory of 712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2364 wrote to memory of 712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2364 wrote to memory of 712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2364 wrote to memory of 712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2364 wrote to memory of 712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2364 wrote to memory of 712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2364 wrote to memory of 712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2364 wrote to memory of 712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2364 wrote to memory of 712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2364 wrote to memory of 712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2364 wrote to memory of 712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2364 wrote to memory of 712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2364 wrote to memory of 712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2364 wrote to memory of 712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2364 wrote to memory of 712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2364 wrote to memory of 712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2364 wrote to memory of 712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2364 wrote to memory of 712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2364 wrote to memory of 712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2364 wrote to memory of 3968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2364 wrote to memory of 3968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2364 wrote to memory of 4816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2364 wrote to memory of 4816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2364 wrote to memory of 4816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2364 wrote to memory of 4816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2364 wrote to memory of 4816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2364 wrote to memory of 4816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2364 wrote to memory of 4816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2364 wrote to memory of 4816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2364 wrote to memory of 4816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2364 wrote to memory of 4816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2364 wrote to memory of 4816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2364 wrote to memory of 4816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2364 wrote to memory of 4816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2364 wrote to memory of 4816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2364 wrote to memory of 4816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2364 wrote to memory of 4816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2364 wrote to memory of 4816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2364 wrote to memory of 4816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2364 wrote to memory of 4816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2364 wrote to memory of 4816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91f1af2dae70e0b08af487c1cf5e32c5_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb533746f8,0x7ffb53374708,0x7ffb53374718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,2727859109153984327,16451690174947442813,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2264 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,2727859109153984327,16451690174947442813,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,2727859109153984327,16451690174947442813,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2727859109153984327,16451690174947442813,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2727859109153984327,16451690174947442813,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,2727859109153984327,16451690174947442813,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5824 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,2727859109153984327,16451690174947442813,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5824 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2727859109153984327,16451690174947442813,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2727859109153984327,16451690174947442813,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3668 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2727859109153984327,16451690174947442813,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4496 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2727859109153984327,16451690174947442813,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3664 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,2727859109153984327,16451690174947442813,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5996 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 s.w.org udp
US 8.8.8.8:53 s0.wp.com udp
US 8.8.8.8:53 www.techienews.co.uk udp
US 159.223.105.228:80 www.techienews.co.uk tcp
US 159.223.105.228:80 www.techienews.co.uk tcp
US 159.223.105.228:80 www.techienews.co.uk tcp
US 159.223.105.228:80 www.techienews.co.uk tcp
US 159.223.105.228:80 www.techienews.co.uk tcp
US 159.223.105.228:80 www.techienews.co.uk tcp
US 8.8.8.8:53 techienews.co.uk udp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 159.223.105.228:443 techienews.co.uk tcp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 134.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 152.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 228.105.223.159.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 192.0.77.32:443 s0.wp.com tcp
US 8.8.8.8:53 trends.revcontent.com udp
US 8.8.8.8:53 stats.wp.com udp
IE 52.208.252.17:80 trends.revcontent.com tcp
US 192.0.76.3:443 stats.wp.com tcp
US 8.8.8.8:53 3.76.0.192.in-addr.arpa udp
US 8.8.8.8:53 32.77.0.192.in-addr.arpa udp
US 8.8.8.8:53 17.252.208.52.in-addr.arpa udp
US 8.8.8.8:53 pixel.wp.com udp
US 192.0.76.3:445 pixel.wp.com tcp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 pixel.wp.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 87f7abeb82600e1e640b843ad50fe0a1
SHA1 045bbada3f23fc59941bf7d0210fb160cb78ae87
SHA256 b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262
SHA512 ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f61fa5143fe872d1d8f1e9f8dc6544f9
SHA1 df44bab94d7388fb38c63085ec4db80cfc5eb009
SHA256 284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64
SHA512 971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6

\??\pipe\LOCAL\crashpad_2364_DOWFLOCGEVNEKMNE

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8cad6c7661060aeec155e05cac50f330
SHA1 f175b465ee5dcf6e008a14f5def41993a529e100
SHA256 3cdb8d1c79a8b091753390536c91be9f4bd7709c7e1a040f208fab5edcd00e5e
SHA512 0485dbfb91b7a87af6de8e97f92406fa40e011b37086d545fa759f6867b7e9ed111c1a859b67fe8ccb7238c30f5f4d4c2bf0a511592e6c54caa8ebe4e71fca41

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e5bfa1d039fc9882934747ab7c4018fc
SHA1 e6f59711607bb0a7707ef926191f1581cfabc57e
SHA256 24b963fdb98ed138554a35d1bc1f3625194ceb51fd4662695978dfb986624107
SHA512 2ede6530af8e603608161c83a3bf4d4fbc9d32036524fd47bd0c842a278638a34057c606dd9fb4a30cc00553d1660270122dd0f98cc8988fd440de2dc1912dfb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 cb58c3a7da7427dfa317907608ea7d34
SHA1 3434a21eb221878ad17cfd8f2046dc901a2ec1d6
SHA256 582807b4f30f3050dfd3aa7d2d9784c5920261e800e55a09662c52063270e078
SHA512 cd039f2477303f65767bf5e1d2870f816ef8b7d831066f698b519078cdf9c9e55fd77787892f84204157038bf565b09ea56e5f526104459a764dbaa6dc436b70

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 ee5fe730aff55eb691c36fb1df94ca3a
SHA1 081d1521118289dd9693f9e828d3463a8b2e5987
SHA256 ef6a28132d26d38d27a599b1a021dda84d08424d52a54f52ec17347bfe123f38
SHA512 46206495f59993558618c3e27622770ee34489f86365837706bb4a56f586624641c0af92d5ebcb3669695e1243768ebe5c3470681739059254572d1187b7ca71