Malware Analysis Report

2025-01-17 23:28

Sample ID 240603-qrdxssga21
Target 91f44cf571a0976c4f5de7a014041b12_JaffaCakes118
SHA256 9b1e2202d8d7c7c380bd42da5e2ca092918ce0e3908725c6211b85f316bc97e8
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

9b1e2202d8d7c7c380bd42da5e2ca092918ce0e3908725c6211b85f316bc97e8

Threat Level: No (potentially) malicious behavior was detected

The file 91f44cf571a0976c4f5de7a014041b12_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-03 13:29

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 13:29

Reported

2024-06-03 13:31

Platform

win7-20231129-en

Max time kernel

144s

Max time network

144s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91f44cf571a0976c4f5de7a014041b12_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com\ = "18" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 907f2321bab5da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4A6DBFA1-21AD-11EF-8A74-66F723737CE2} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "18" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "18" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b9f1b0f15ecb744ab9d6657412ef5eae00000000020000000000106600000001000020000000a61adc437ad9b1eb092cff663c175c563aabcb16edf8a0387fd8a145badca2b1000000000e80000000020000200000000653754dd7e8fbf5e97ddba9ad008f2212204fbbc783615f12a8df4ace05d451200000003bfadb04b87413bff2fa01d47c97809cb1082453c0d95bae9217edafc8285cc940000000076439143679054f9211e5a6fee6098e83668929b620250c5f0707d92afe7edefb7282f4ac55528d0ecd7462a2947f870fd90b7d6b59a730abeb184c1855ac70 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b9f1b0f15ecb744ab9d6657412ef5eae00000000020000000000106600000001000020000000e6f49f3bf92c2a32c13e1a1d1fbce25209a90ac29c2e37c9f3d5103ea8ceb46f000000000e80000000020000200000004d08c037cf4b47f3f000dcdf489c3a06ae05e4da9e16fe4dcb7df06524c7f635900000001b1b81ef287dd9afaa637f3a41d4869775353cf7e8180a152fb04cb50ec6727cba0060e13362620ba2c6c0968de2c16bb4c65af0afbd7173c5c3765f5a53f5f4e29c6172e667809faaa7ac212aef92f32ccc4841ffaaccd3209c4e30708433397ffce68cea64fa05c3167fcd2b63e12fcd0ae6fe8de15edccc8df5e71c4aeadb652895303a3577b3f06e47fcdd11d5f940000000bcbe1c11b001a3c36f3c36da251575877c5aebf0b8183c250fc617f549d4d200879181f382fc842c160abc8860171e6d6705d547887334331f8d57814f3de236 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423583231" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91f44cf571a0976c4f5de7a014041b12_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1960 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 code.jquery.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 static.ak.fbcdn.net udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 img1.blogblog.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
GB 142.250.178.9:443 img1.blogblog.com tcp
GB 142.250.200.14:443 apis.google.com tcp
GB 142.250.180.1:80 2.bp.blogspot.com tcp
GB 142.250.180.1:80 2.bp.blogspot.com tcp
GB 142.250.180.1:80 2.bp.blogspot.com tcp
GB 142.250.180.1:80 2.bp.blogspot.com tcp
GB 142.250.180.1:80 2.bp.blogspot.com tcp
GB 142.250.178.9:443 img1.blogblog.com tcp
GB 142.250.180.1:80 2.bp.blogspot.com tcp
GB 142.250.180.1:80 2.bp.blogspot.com tcp
GB 142.250.180.1:80 2.bp.blogspot.com tcp
GB 142.250.178.9:443 img1.blogblog.com tcp
GB 142.250.200.14:443 apis.google.com tcp
GB 142.250.178.9:443 img1.blogblog.com tcp
GB 142.250.178.9:443 img1.blogblog.com tcp
GB 142.250.178.9:443 img1.blogblog.com tcp
GB 216.58.204.66:80 pagead2.googlesyndication.com tcp
GB 216.58.204.66:80 pagead2.googlesyndication.com tcp
GB 142.250.180.1:80 2.bp.blogspot.com tcp
US 151.101.194.137:80 code.jquery.com tcp
US 151.101.194.137:80 code.jquery.com tcp
GB 142.250.180.1:80 2.bp.blogspot.com tcp
GB 142.250.178.9:80 img1.blogblog.com tcp
GB 142.250.178.9:80 img1.blogblog.com tcp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 216.239.32.29:80 pki.goog tcp
US 216.239.32.29:80 pki.goog tcp
US 216.239.32.29:80 pki.goog tcp
US 216.239.32.29:80 pki.goog tcp
US 216.239.32.29:80 pki.goog tcp
US 216.239.32.29:80 pki.goog tcp
US 216.239.32.29:80 pki.goog tcp
US 216.239.32.29:80 pki.goog tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 themes.googleusercontent.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 172.217.16.225:80 themes.googleusercontent.com tcp
GB 172.217.16.225:80 themes.googleusercontent.com tcp
GB 163.70.151.35:80 www.facebook.com tcp
GB 163.70.151.35:80 www.facebook.com tcp
GB 172.217.16.225:443 themes.googleusercontent.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 142.250.180.1:443 2.bp.blogspot.com tcp
US 8.8.8.8:53 lh3.googleusercontent.com udp
GB 142.250.180.1:443 2.bp.blogspot.com tcp
GB 142.250.180.1:443 2.bp.blogspot.com tcp
GB 142.250.178.9:443 img1.blogblog.com tcp
GB 142.250.178.9:443 img1.blogblog.com tcp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.225:443 lh3.googleusercontent.com tcp
GB 172.217.16.225:443 lh3.googleusercontent.com tcp
GB 172.217.16.225:443 lh3.googleusercontent.com tcp
GB 172.217.16.225:443 lh3.googleusercontent.com tcp
GB 172.217.16.225:443 lh3.googleusercontent.com tcp
GB 172.217.16.225:443 lh3.googleusercontent.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 172.217.169.66:443 googleads.g.doubleclick.net tcp
GB 172.217.169.66:443 googleads.g.doubleclick.net tcp
GB 172.217.169.66:443 googleads.g.doubleclick.net tcp
GB 172.217.169.66:443 googleads.g.doubleclick.net tcp
GB 172.217.169.66:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 fe0.google.com udp
NL 23.62.61.72:80 www.bing.com tcp
NL 23.62.61.72:80 www.bing.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4A9377E7E528F7E56B69A81C500ABC24

MD5 3e455215095192e1b75d379fb187298a
SHA1 b1bc968bd4f49d622aa89a81f2150152a41d829c
SHA256 ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99
SHA512 54ba004d5435e8b10531431c392ed99776120d363808137de7eb59030463f863cadd02bdf918f596b6d20964b31725c2363cd7601799caa9360a1c36fe819fbd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 87ea1709075a111dbf494bcb9af1f97a
SHA1 15ed959f30796871d0fe701e18a49101a3005c4e
SHA256 15371c48353ff6926ed3a93fea41c90451e191948ce33dd4cdbe9d16718193a1
SHA512 52705bef61435340c1b7956c9a75caf9ef312d0d728998b43845bed36ead57c13614e2ec05383d2f0bc7c0aace7f87cefddb2d5307c1c612a408f52b98b36c1a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar3E0.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 13ed5e0369cedc64c8437eb9a493a981
SHA1 880053c91809fef7b2a3d688143f554d5a05c0bd
SHA256 3560614f2f62c19498d2ad6c3b9fa8f232883167479de05e924a5a3ab19a8454
SHA512 18b3c940a3b722b58c476af4141ab987ed9f7557c1e52f3f20548b2c209abd67c943761d22e20ed59c36d69f8cd911285aff7efdf2d20f51c35cad62932aefa0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 5753f790cfa836309873ffd92c9c0d1c
SHA1 8df24f971ffb244a1b887fb4a5470ac9a3dccb25
SHA256 73d4c5b643f274195d5258fe682383e190448b82114d09ac441befa7e64feb4c
SHA512 0daafc44c791cde01fb280a22970cca858b49ad177cf2c0914580e1b358875ba6ce629ad8e7178baa48ca9c7bc7c878a160d47f2ca0df627f3c731c5faf5b605

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 6e894c82ed3925459a7750c2dda59972
SHA1 7b46ac61cbf5c4b4deb9e4e616a67e3c1b1254bd
SHA256 b33a0903e7639efb5e46c77c96e5214455fecc8b35f6b92598feeefdc8617fee
SHA512 98903383e883b005b1ea427a5c9fc345278513a6d0e1b20552f332660373968d4979431614fa5a07e345fc5009496911b36616363b2135908d5d6052e3c87ce0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 40be2ec428a73a996b6584f13f604e3e
SHA1 c8d4c5de565090a2e08a4c9749b5954e2cd2a88c
SHA256 d5cf4233713a3454b469f7ce7ceabae02270e847768cabb1456d7903d6aa8105
SHA512 edef116246e4a81d7c00b055e351e0b3b0b7809fe7d02b39dce8dc6abc71e0f5aa43937de47942e76b13b01f3186fcb3cf09043f916c4e1cb9d57c7b0b9831a0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 410610970bd6e0c837ea695d5b3c2e53
SHA1 0735992e161fe2a44dc6a68acc662f83dc48f405
SHA256 dd4401c18e92be8bb2e51181fef30df31298c53553061a7b68d8f9c7d805af5b
SHA512 a7c34767bdb409ac0535ce9a9447b3411bd8270936ca46af248a914be9f808e5de645cbf5f58b638d846705f1eb8b25ab460c236213230d4a124b816aa64a406

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_827A2BD464611B5891D523F77B43FEB1

MD5 b37f09309577b4745e2236f8d0c0f115
SHA1 99e591ae181cf44d1fe18401805dcba52b86fd5b
SHA256 aedeedf33ef39572d63c9ee019d55c8239495d757599fa13b11e2e63983892f9
SHA512 996e37dfb79c420709e8548d8eeacd55b2f0d982150739f754ccfe1295ef12cfca7f8e91a76ea1ca9192c0eaef9151bd42af0376464af05735294347134229c6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_827A2BD464611B5891D523F77B43FEB1

MD5 3cbd995f8bc61a3669d6dccec2391d8a
SHA1 39e5903bb99f1d045f6b0c2429b43ea8e2d551da
SHA256 d302d7266945490d5d06e91e1c2557830688004c572f39343357dfd57ada50e5
SHA512 6335e0e9db04d46564a47818a02c3ed714ee705dbc70ecadf252f2813ef62ed14bf739ea545d69e3214d21600a2d9257013545ab3bd7eeba17fe1fb07b2a22ba

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M6RHW0NZ\f[1].txt

MD5 5fc4ae3029201e9e9b9bed01652c89d9
SHA1 c1a6808a75f16a563e708a668975c30cb93c8d94
SHA256 7a6bd794bf00de33a7e2c86935108a8a822b57e8e3f50e6cd4c34439cb0fba14
SHA512 5a7ee5e70c2642acbce2287c36e6897b2215759a7c3f4adbdaf0c462d5c46484bc387e16da0278b425a9794dfe1e167fbddd2e69021a6cfb1d6ce0534fab0f7f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 40ef6bd8ae4019387dd72af67a1bd5a4
SHA1 f8a85fa9113b8f91bc0baec2a2ada38ae576ba16
SHA256 458b3d34ab9521b840d5f2b3fab94cea50ccc39e81eb96a89a89b4394056f04d
SHA512 fd5d7cb22f3d018cf9c3a6ae9b5bf83dcc68bc69b08ba8af2bfc29cc708573d45bbb3469d03b29227769dea5394047bea2fbce4fdce04f6af304faa6ad898b37

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 56012b49d8ad95b98be2e2789ebf5caa
SHA1 b361eb90df888c9329ca75d6abc518a15d623029
SHA256 2096c21132ba9950fc0ba89796fe95cca5eaff8d33a961017c566a98d7a52ac2
SHA512 a5f84a8fa7b99a870fd58cf0bb1458a26d044c7b413af38ab92eab9f4d3524f96fabc106a8da6a447ec83c799a7cd6335954c2a03d0dd2f4eea41ff5da4bbcbf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fb3d90e4171a288aeef69c8be8f72b31
SHA1 242c7e28fda17018975c93bb7d5b9645ac59ebeb
SHA256 3f962c6e42fc8442a72ad1767bd3ce5ebdf6cf2fd56bf352af4eed4b7d422f46
SHA512 de1ab5e76d03de02b4741255d08dc69752b688a67dccdb903f331c2ff9688368fa62d1bf098945a047cbdb4b671107951125fb6a1e2888d136a8f316b2c9edec

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ED5KE2IV\platform[1].js

MD5 ca058c47f91fde91fe2689ab8e0b8a5c
SHA1 f49a88830ab0aedec26386d901232aba544e57d5
SHA256 376d19623973dd693148671943ac4e30194fc816761688e08ddfe9dc8553719a
SHA512 8bc32d1ea3217b651c9842f222612361c129ec5397f176d9724ea154012ffe774818d58292e6eea22deea5b466ae9667a878b5c1bbbf386070d74ed9764f2ab8

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M6RHW0NZ\cb=gapi[1].js

MD5 f9255a0dec7524a9a3e867a9f878a68b
SHA1 813943e6af4a8592f48aeb0d2ab88ead8d3b8c8b
SHA256 d9acfd91940f52506ac7caeffea927d5d1ce0b483471fa771a3d4d78d59fda0d
SHA512 d013be6bfc6bcf6da8e08ed6ff4963f6c60389baa3a33d15db97d081d3239635f48111db65e580937eb1ea9dc3b7fc6b4aecb012daeee3bf99cfebf84748177e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 31fa655acf3e27bf4320f56c0a166482
SHA1 b54bcc9511abfbce088d78ebfa0e213b2c69fee9
SHA256 e6528bbf62b7e4b41aae738462635c5a362bfaca1798fecca1bd5ce5ec1712ff
SHA512 7d2984e999a8454e32449cbb3758cfae446485e432ddda31947123aa9b5594522c93b70488f4e25d8c747acf1d50747562f46d26eb1e9a6a7469a898b1388c3b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e1a84f01e6bed4377b68abac143bc3c4
SHA1 dc01b782a0cc6ba4aa4338df280244f8029624b9
SHA256 c6f83336b65eb08cb5e520051fdd079c2014fc30065d01909cb8a08104b49a7c
SHA512 9ac6a8a02eb922f352a576270311d4210d91fdef58d7f5081e93ff52441dbce19fed831eafc29b37a117651a1e0480ef9dd9e2eb414024621fc6f42966a4c0e6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6b552cd161b30e9658045d080665ca97
SHA1 fdb095c3ab426694e271792cd1ac80ec46f17286
SHA256 195bc1d7c3e749698350a5f8f8f0dddd0243386ea47c47750c6f1a4c73dbfece
SHA512 5b5874ccee5c0cd171190a599c714752e4b788d4a4ae0432163a7463638346ad2a4b6bdefe0b8fb5f3e73cb9dee518fd74d2036d3f3ec2729e3cc3ecba17a61b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bd7272ea6b174816c8c9814c25362570
SHA1 4c8638852ad36a18438e520050180e5b4148fb80
SHA256 0d56e8cccf6b0d9b6895f9734cd2da068eb46eb18061605e6c49c97690cac3d8
SHA512 b1947a4438c9151b5efe367c0e1756ed0abf1fe1d78a8a7b7a5d7fe99b032e962d549a6c4f498efc6537306d4274a68df01b10c3d4750200748c0630973b8761

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fe7ac6b1f1064c9f0730a33a36c977dc
SHA1 ccd9be37504a66f0693c6e5362aadd62b059191b
SHA256 5217db23637b04c9dbeb492197a84b3d6a6546904db73e4f8e3fdbbe9308b76b
SHA512 189ad4dc4852e8ad3fa5b5ba60e5dffb71fce4a5cda74a466d2de295e57c41a4d98096d89fd3d333593e9503a5e9629ebe937dcd47c59ddd2fb7955f505e6d03

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7ef304228e88aa8337d0a3263b418c88
SHA1 611fcd8a827427d4799adac61d13f341c372d0d8
SHA256 46ee1ad56d56fa3f57d70ee374e417a0bb0aaef40cb888bcd0b6066486d942ea
SHA512 096ff9b937ed064cf42eb95b490ba8f92b6277cd54fe5925db169ef4db24610f96244d4949cde858c480114350dde33a0715a5018b2ff54fd5f15dc34cf81a59

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1e62d72eb225b3522f35cf18a5ff6ba6
SHA1 8da0c6a9245df1879695ecf65aea70178656390b
SHA256 0a57bebe4970bb9f218103cca8a59b969ec24ed630aa4b472f0bbe7020f559c8
SHA512 5a246f7ba66ed2900e2428c771e4e731d83d4d2b1c1773f9b58dcba2ae523d79e3aeef8ce000fcefc4df3646e8d569fd05ca1aa9d7afec8aa69ce92785b6a010

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 9e7be29470236cd5b8a13097f8b5fd99
SHA1 e3b8890398b32d1aa3ceda61d263fe2f93ec50ce
SHA256 c2610531efa290a4bc87d15230ee1c02bb3a192f455e6d1b019cf1a23c6eeb3a
SHA512 e0fd0b446c9c13324844bee973723e30b083db1f0ba0b29489985759eab4f4176b4203f0a8b1bff6b61ab08253eeedca28528e75404c3b6d59ae8071fe1149c5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8791a2d79df96bb546f6f3b082fec9db
SHA1 ec6353dd94a6a4e822409045cd0ab44c50fa0de5
SHA256 21dc0905c7c948d235f0de60f6ddaca4ad80891476bde61c064a0632955a9eb1
SHA512 68e773a8c36c2ac5befe20486a8a3b958a487eba461b9978c05a1292821920307c27146d6b6dbe41bd5a06751e36da3fdf23ee0b2c63fc4e59fcda02657f62b6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 01f31006ebf0f9cc2d27b3582ea6c07f
SHA1 3570a8332319974822c24050591a7781bedbce61
SHA256 7a9fd32af36478f0bd4681474c9a3784c8b5613891652fa77ffb0cfc4f2bcb77
SHA512 803e1cbe9dacd2f7496819bde767c4c5115f158e475ee2099f72667803c208b22bb2a740a34d7bb1e56f94913ceb2d047d1312d29c7192e49072991c4ae64a97

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e3524a3ef2f7fa7a95a79f157641cadc
SHA1 c4850d57ecfec81c476fd431a262a1ce6dbb10d4
SHA256 16ecef547554337c000ef035a366759cef01772cd333b3fb4ef3160b18900bde
SHA512 e0becd850b80caf138ffa4e20223787dac271ca9a586b6792063e3accaeaf5d8de161349dc16ecb77900cb7c16fa55158698399ae1bfa5a70e41ac82464d42d9

C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

MD5 da597791be3b6e732f0bc8b20e38ee62
SHA1 1125c45d285c360542027d7554a5c442288974de
SHA256 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
SHA512 d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 34e70bcb1e47a1ec266432bf366b9d1d
SHA1 c4c89a2f342825c5275f0134f44ec2097528c3c3
SHA256 d59df5c758712e02b3a2da263ffd71af47b0f15277b18651bc6535923142c1b2
SHA512 0bfc93ebab47d65d460a3e47157924c04bc04c820803aacbce239999a77518b9ed6fe64a7436db4b4adf81d8b0cc06122dec335abaee5bae2a666eaeaece24af

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a25bd7ddfa8e915b3b19aaaee785583d
SHA1 3e4315e3309c49f0515517c106a426eb6749ef26
SHA256 1a4690eacb20d5251865dea564291d7156208ba92039322782c5242af7ceb1b6
SHA512 2a8c378824134c200fd413aa2294582fdb7959358e60a646d43123599dfc77ec50adecb088bca904780445f46e8943908f007ad8fea6d662fbf5d92df20c0ae4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 49729d9ae8c4887b9234f3b22d8ec7f2
SHA1 3da833e9194261f104db009675b246f465273ab0
SHA256 e3f33692ac27ff93d1e93e06d973146f3eaec26776609aa63b84af084f18ab70
SHA512 a527097fe72e55f21ad073796abe6e508e39be06316038d596e4cc4d677c1a677c7d4759885c302779cb7a62c61660632a7b2a284721e9d648d05c51eeb6860d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 caa73240fa3e20166b8dcf76f5897823
SHA1 57003eb9500fcdf7b57492cda358d40ad38a1d75
SHA256 824949e3802857c583107ac72d979ef94300c61803b03cb09d532e7e6b9a78eb
SHA512 a00af8ea6548649b3157e3f11ce8f8bc5fdd1955df4b48adbd80d3b909e0ad5a72c7fba8b4946f5569acf311146a6116babec33dcc1e8380e3d9af78ff4a927d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 eb20cffd97ed154196b3e42626cdafdb
SHA1 7d7d3f44f2863427677f125ae7dbfbe9faadfe13
SHA256 6da23d2c20ca131c8a634f54a19069ef4aa65e31b181ee0df9a706b5acfe62fa
SHA512 e647e6cb76e55098258751602f9acb0ecde4e2b652ce68ffff797ff7d0c4d73ab36d40aa084fce5b551c236e19c79e7a871ca8e78ae713cdbd4a036b71f1fa43

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 235f556b44c15f8c72abab4c479ba155
SHA1 1879d2c748a00844b78c74d3441a7edc033d5cdb
SHA256 bd113b3e34db0af6424e268b9bec10e888a733be4fe5c8439a6c8e3568d7011b
SHA512 f4d0edd1c6d9ecccb41f835616f39e76b02dd166a8d273590977479b2f8f3c13ed86068486efa72b4caca5755601539da89a33428c4344d01214a6c4cabde49e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 25bc7501c0b9bc82f6be5183fc700318
SHA1 6614c1d16f3e51b59c03adbb190d95e407c3eb48
SHA256 f7bb0ff93de1e0b7de8502f0e968021ed5fae6e26aa06e533efa96f90ad45dda
SHA512 714944f4a307329eabf39abb3fa05994acda887b6127911201ba485798597b3973f84e5dd74022971a7c996f2d7abbe751d6baa02fbdc2a3992ed84ab99e6572

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 613e2851639bd5b79fb99bb5e62adaaf
SHA1 b08b3dd467755927eb51f69f48112e270a518b5d
SHA256 3b5bfc6d7bae782af145fb58599617e8110ade141b23b1372fcfeeea9922df00
SHA512 929e53d141a730a9320f38b5536df5dba935a3508016648d38d96fdf2c673e3fd00a91bf79c4a01e18f5da7a61393c96d76fae813af3eae128c792b22142db6b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 38260dbe5b2d568a187050720fd16a5f
SHA1 14a5392b40887550d559adcf02ec15f6cffd6934
SHA256 10bd3466e4037a3f2fd49cf99488a553b52ab6ff939275778e673985068eab02
SHA512 7093cd368bd4cb12bf5d94f7e0a85b351e24d67f04d3ceaa005a5b4e41a951a5fa93fb6ba587d4c977534324484d8657b806cc15b91073a9724acf7cc918d50c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f70330aa8d6a21d8ddea1df27581d791
SHA1 e02abf8f2d718bc8acfe0a3aef22c8fa934fad7e
SHA256 01e3839b31b2ea5692f3afea35f8c5b9bed88c31026af1592f478a1579e0c383
SHA512 a8d6935cfe529d0bb8e4392f8d2a3d74e702195eb284d26fb2f99e9ec0d030475ad93ab46947cbce66f7332d1ff276421428e6e21e4baa05e519b4be41d2ceb9

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-03 13:29

Reported

2024-06-03 13:31

Platform

win10v2004-20240508-en

Max time kernel

149s

Max time network

151s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91f44cf571a0976c4f5de7a014041b12_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4880 wrote to memory of 4684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 4684 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 1464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 1464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 1464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 1464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 1464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 1464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 1464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 1464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 1464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 1464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 1464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 1464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 1464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 1464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 1464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 1464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 1464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 1464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 1464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 1464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 1464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 1464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 1464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 1464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 1464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 1464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 1464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 1464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 1464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 1464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 1464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 1464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 1464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 1464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 1464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 1464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 1464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 1464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 1464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 1464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 4592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 4592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 3196 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 3196 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 3196 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 3196 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 3196 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 3196 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 3196 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 3196 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 3196 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 3196 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 3196 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 3196 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 3196 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 3196 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 3196 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 3196 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 3196 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 3196 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 3196 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4880 wrote to memory of 3196 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91f44cf571a0976c4f5de7a014041b12_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffca1246f8,0x7fffca124708,0x7fffca124718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,7579312147918647756,13989461203394729219,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,7579312147918647756,13989461203394729219,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2500 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,7579312147918647756,13989461203394729219,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2680 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,7579312147918647756,13989461203394729219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,7579312147918647756,13989461203394729219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,7579312147918647756,13989461203394729219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4616 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,7579312147918647756,13989461203394729219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4632 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,7579312147918647756,13989461203394729219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,7579312147918647756,13989461203394729219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,7579312147918647756,13989461203394729219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,7579312147918647756,13989461203394729219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,7579312147918647756,13989461203394729219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6260 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,7579312147918647756,13989461203394729219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4588 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,7579312147918647756,13989461203394729219,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,7579312147918647756,13989461203394729219,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6272 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,7579312147918647756,13989461203394729219,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6272 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,7579312147918647756,13989461203394729219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6252 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,7579312147918647756,13989461203394729219,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,7579312147918647756,13989461203394729219,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2020 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 code.jquery.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 apis.google.com udp
GB 142.250.200.14:443 apis.google.com tcp
GB 142.250.180.2:445 pagead2.googlesyndication.com tcp
US 151.101.194.137:80 code.jquery.com tcp
GB 142.250.178.9:443 www.blogger.com tcp
US 8.8.8.8:53 static.ak.fbcdn.net udp
GB 142.250.178.9:443 www.blogger.com udp
GB 142.250.200.14:443 apis.google.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 142.250.180.2:80 pagead2.googlesyndication.com tcp
GB 163.70.151.35:80 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 resources.blogblog.com udp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
US 8.8.8.8:53 img1.blogblog.com udp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
US 8.8.8.8:53 themes.googleusercontent.com udp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 137.194.101.151.in-addr.arpa udp
US 8.8.8.8:53 9.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 2.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
GB 142.250.178.9:443 img1.blogblog.com tcp
GB 142.250.178.9:443 img1.blogblog.com tcp
GB 142.250.178.9:80 img1.blogblog.com tcp
GB 142.250.180.1:80 2.bp.blogspot.com tcp
GB 142.250.180.1:80 2.bp.blogspot.com tcp
GB 172.217.16.225:80 themes.googleusercontent.com tcp
GB 172.217.16.225:443 themes.googleusercontent.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 142.250.179.226:443 googleads.g.doubleclick.net tcp
GB 142.250.178.9:443 img1.blogblog.com udp
GB 142.250.179.226:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
GB 142.250.180.1:443 2.bp.blogspot.com tcp
GB 142.250.180.2:139 pagead2.googlesyndication.com tcp
GB 142.250.180.1:443 2.bp.blogspot.com tcp
GB 142.250.180.1:443 2.bp.blogspot.com tcp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 225.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 84.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 226.179.250.142.in-addr.arpa udp
GB 172.217.16.225:443 lh3.googleusercontent.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 coconut-pete.blogspot.com udp
GB 142.250.200.1:80 coconut-pete.blogspot.com tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 1.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 93.65.42.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 439b5e04ca18c7fb02cf406e6eb24167
SHA1 e0c5bb6216903934726e3570b7d63295b9d28987
SHA256 247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654
SHA512 d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

\??\pipe\LOCAL\crashpad_4880_DPFPOKLVIXJDRURG

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a8e767fd33edd97d306efb6905f93252
SHA1 a6f80ace2b57599f64b0ae3c7381f34e9456f9d3
SHA256 c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb
SHA512 07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 50b719e73f6f946f7c45363ad4c1c879
SHA1 d03b8f0a6d05de47189a94e98c931814888e6c76
SHA256 0af6746cc2465d39267e8c10daddcfbe765f6539f0cc0247dbdbffeb1ad5e972
SHA512 a1772eb31ddb87b3f11679ca3b575654f4a3eaeb5c2abf761a251c62c975e692531d743ae9c90e9a46fe92a6e93b252253b4e2f262257e25dbc5b4a0f85998d0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

MD5 23536ccfe05b737ae639fe63ee4cc435
SHA1 6d2e9822835dc3e6117a4d2addfc8f241fbdbc82
SHA256 6ae9edfc411ede03661a3d910fafddab3d6b313d1f4668dc8c5a84c5ab23a3ce
SHA512 f416e36b2322bbebd211fd1ea69c88883f00c7b00f14474a5fcce4a408840c0d1b0304eb8941509a38157d0583485f638959eb7d5b9ae668aa88c1d3eee8dd0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ccc9435f1162de39724e2a3a5615bd97
SHA1 550c313d80b4eba919df33e9ff071f5c4cce05c4
SHA256 6ee5e7ef27131bb5ff63922eec353f09f9e2ca2079ca244b56af14c27a17b22c
SHA512 457d6e96f2f94e88207e2967690d7a30bf72b7ab9f6c4722fab88e9ff404784bd24f550c8c9383520227bbe8c5336b81fce1c5639d02c7df770397fe954e8fda

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a1defb253e78126802653eb53efd6cc1
SHA1 cdf1e3ad83ecce7f3700254fcb97e30066e8790f
SHA256 bf2e83b06a8c5301cb6398be6f2e3d7ce74b195318bee033fbeb39fe93b5312d
SHA512 07f547362236093aba4efa9e20404a803c656ed6ea8c249911c3639c5fbfe994a488718c08cf5c68bb7c2de45efe3b4254163576b4b3435f8a2973b9f9727cea

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 a872003908a748ed3634a901724cdae7
SHA1 d7fe6668ba36c2631d3d3e5218f572e5ced3c0b3
SHA256 5fd5348b20859ca5e08a8b5b094a0a3c33ca4bf58afac1f0afc2d9bced9ce30f
SHA512 55f1574affd7262a2bba87cc6337d1d219b9978ac171da57ae6a827b0d8419d09667670db74b90576873f4571e70cd3a3b1fea63df96d426fc0eb5d64f71c8a6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3f9659a09e3f8805eb5a066b42305cdb
SHA1 5c4a3e3dba67f93bf4956ba8ddd0acdde8c2f21b
SHA256 b48d9a24c2c2da25c62511a1998293cb610d0485fc424dbbfa71c906b1965287
SHA512 0345172d349a3ae8517f4e99315702693fa89f9fdb02d071cda36b0de74c3f5565a19385ef0b0306d7142cd27f4f5eba1e3b190eb5e6474de0fca90c7df86297

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

MD5 7a0949d24ce1450bcebccb26b395dfda
SHA1 d3ef22225e1e937492dd6d5d5503fca9f7a33ad0
SHA256 0fd53300436a35de1d4e3618773a9b0daf7f556a40745b638fa2b186a7287612
SHA512 fc56b898a592fc3ce67264c173fd723e95fc2c0e39e697fca9f7f37a3be9596edc5b38c5422b2f6e5e8e4edb7594050a84fc3fa08eea587a465d706dff8323f7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 bf4aa8744fd7925c2354f467a2654ab9
SHA1 b51fdb261ccca1688385716f88563d33512c1530
SHA256 03aec5ed196c31f380368f191a2dd2842f9f3a80fb0146d11a0df130096fea8c
SHA512 eb306a27bc741e198ff5711945bb87483539c1e7d0ca63c27d34795c7cc8d44b258581a177426cb1761d98d239b995c10aa25ce27209a110b29bac2e467f99ff