Malware Analysis Report

2025-04-14 03:29

Sample ID 240612-23tyyavale
Target a2d94e543ddb7af3498a22dd89bde717_JaffaCakes118
SHA256 cdeea783958ace66ef9df1816a53d4610aabb62170f9c3c6b6ca84d0aa9a21f0
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

cdeea783958ace66ef9df1816a53d4610aabb62170f9c3c6b6ca84d0aa9a21f0

Threat Level: No (potentially) malicious behavior was detected

The file a2d94e543ddb7af3498a22dd89bde717_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-12 23:06

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-12 23:06

Reported

2024-06-12 23:09

Platform

win7-20240221-en

Max time kernel

146s

Max time network

147s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a2d94e543ddb7af3498a22dd89bde717_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "233" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "492" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008a6db0db6bbd6547b9037461df7bea5b000000000200000000001066000000010000200000004b67b16f028b623d6d0f52a458d442e13ad035443086b041f60e3d7461b15703000000000e8000000002000020000000942ec9b470a4f94a876dbfead3e7e5e01e5c8a7bead31bf5d2b6e795ef9edfa720000000c00518dad020faa6b7f78701ae49e83e0b0240f5b92bf8a2a3472f55a541469b4000000065a8028bacc87fe350191b17ac83ba8c95b0dafc4c79712ad1dc61fd48fadde535a82f3c8aed39ee662537512f41694ef821666feb278f60a2e7793aa7085680 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "331" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "325" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424395479" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "331" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "492" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "407" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "233" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "407" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "233" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "331" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "10396" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "325" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{73EF87E1-2910-11EF-9CE2-EAAAC4CFEF2E} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "407" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "10396" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "10396" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "492" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a2d94e543ddb7af3498a22dd89bde717_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1932 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 realityshowgurus.com udp
US 8.8.8.8:53 platform.twitter.com udp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 w.sharethis.com udp
US 8.8.8.8:53 www.danlier.com udp
US 8.8.8.8:53 cloudflare.solutions udp
GB 199.232.56.157:80 platform.twitter.com tcp
ES 52.84.66.113:80 w.sharethis.com tcp
ES 52.84.66.113:80 w.sharethis.com tcp
GB 199.232.56.157:80 platform.twitter.com tcp
GB 163.70.151.21:80 connect.facebook.net tcp
GB 163.70.151.21:80 connect.facebook.net tcp
US 35.184.88.231:80 www.danlier.com tcp
US 35.184.88.231:80 www.danlier.com tcp
US 8.8.8.8:53 caroltapp.bravehost.com udp
GB 163.70.151.21:443 connect.facebook.net tcp
ES 52.84.66.113:443 w.sharethis.com tcp
CA 69.90.110.250:80 caroltapp.bravehost.com tcp
CA 69.90.110.250:80 caroltapp.bravehost.com tcp
ES 52.84.66.113:443 w.sharethis.com tcp
ES 52.84.66.113:443 w.sharethis.com tcp
ES 52.84.66.113:443 w.sharethis.com tcp
US 8.8.8.8:53 widgets.digg.com udp
US 8.8.8.8:53 www.youtube.com udp
US 104.24.20.71:80 widgets.digg.com tcp
US 104.24.20.71:80 widgets.digg.com tcp
GB 142.250.179.238:80 www.youtube.com tcp
GB 142.250.179.238:80 www.youtube.com tcp
US 104.24.20.71:443 widgets.digg.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
US 8.8.8.8:53 apps.identrust.com udp
BE 23.14.90.74:80 apps.identrust.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
US 8.8.8.8:53 x2.c.lencr.org udp
BE 104.90.25.32:80 x2.c.lencr.org tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
GB 142.250.200.34:443 googleads.g.doubleclick.net tcp
GB 142.250.200.34:443 googleads.g.doubleclick.net tcp
GB 216.58.213.6:443 static.doubleclick.net tcp
GB 216.58.213.6:443 static.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 172.217.169.74:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.178.22:443 i.ytimg.com tcp
GB 142.250.178.22:443 i.ytimg.com tcp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 142.250.180.1:443 yt3.ggpht.com tcp
GB 142.250.180.1:443 yt3.ggpht.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 fe0.google.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
GB 142.250.200.34:443 googleads.g.doubleclick.net tcp
GB 142.250.200.34:443 googleads.g.doubleclick.net tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar2321.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EDQW9R5V\widgets[1].js

MD5 824beb891744db98ccbd3a456e59e0f7
SHA1 57082a005d743ec4a7f928a928bd7bd561078c7c
SHA256 173460e89e6a7244218badae2016f65c48a3eae9d400802273eeca18b07336f1
SHA512 6c19e304af16ae43504a44eb60c542526d0d8f635e4f57ab557e93999ad608be99c25354898ef4826defe63f8ba72e4d09c5eac445efbde4587534ca202958e2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b8a1be6162eebadae0dc593ccd4cf9e5
SHA1 407f7dda6199bca105190a98f196d92db52cf628
SHA256 ba312ed7bb59ef169fb378851aa49684ab205b9ef7c7e102cffc92439ac369fe
SHA512 3aadd48c4ca88dd47ed7995834586ca7159cbe87f073886df5ed0b2ac71bb19bdcd5a6edd645a9cb97ec6976040538c7bebd90950ead9fa31b4b434dc676ca77

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\F6H4U7TQ\www.youtube[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\F6H4U7TQ\www.youtube[1].xml

MD5 9de46a634966540a91ac120e70cbf524
SHA1 d7b8ebad181aa3265d6260de8569de46cb7ac58f
SHA256 185c34fdcfae9837de8d916600bf27b1c258fa441db69d680c79363a6a45420f
SHA512 8a9b07845bc96b72f6369ad45e6e6469c18cb64c37daf45c8118495b4ed74d27a4283d0a0abd39c2dc78980bd188a86ed54fd73a5b06f427d9881028449a4ddc

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\F6H4U7TQ\www.youtube[1].xml

MD5 5bdbdce3bc4545b30c6bfb5f205363b4
SHA1 8cee1fa4d30eac9b4573c8a71dce5074122c2916
SHA256 e4b54c7013c5a9735926731fd7c42315ebcbd693f7b07c143c074c3c93d2d4a7
SHA512 969d0ca428657774928427a4f8c957be160c3cf570c2aacfd3de2b57d3867a587201acc328313ddcb817b3ccde21411292e8481d9287bc6eb805a065690e5e41

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\F6H4U7TQ\www.youtube[1].xml

MD5 f60902e0b572807784956c42a970b440
SHA1 bd96b25d25ddf4ac5283fd05f3d4720b28b975f0
SHA256 a0c827123d6564bb8aaa584d2d0552792d1759429d842098fbe46c6e8c7ceac5
SHA512 ee01efe0841eff445c3a9d84b5899d08799727e08659cec49aa3411dfc3d75a12bc48f88619fadd16d26894b78847b340ac19282209ab05761e0260f3bac303d

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\F6H4U7TQ\www.youtube[1].xml

MD5 b6c854486f94208b8f72fb3e2678e71d
SHA1 698fe3f78eb71d9d5dfa3e70bb5f1e167751f6f4
SHA256 bc7ac897602aabb28cdebec3a657d6c90b0dc5ee039ffd26225790f84960bebb
SHA512 f04817d85d2e856aac6e91049db5c6d9d643037ab001ff63078ad7f86dcbda7d0043a588ff95cdd23da047841e160b7a57270bba3be82e8992fd34ab98d6c852

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\F6H4U7TQ\www.youtube[1].xml

MD5 f72e8c865257f4d5954d6d77bccaa033
SHA1 4cff95768b14294bd1325c26695bd64cde2aee98
SHA256 e0637adbbc479d52dc2614fe3edd17432567053bfb66cda13fd43da00ec346cc
SHA512 864c1652f23aecbe68ba1e0307fb3a6fad231da77f737749ea2c2c9673868d3ae74d50eeae5b1bb73ecbe128e5c4644e62535c84e63ec6ecdeca2f2414645f38

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\F6H4U7TQ\www.youtube[1].xml

MD5 de248ce90fc9679d290b52b3a5333bc3
SHA1 4366080ee346e0f97183fd707a71417ef5e2e15c
SHA256 1fb42412912212915f5c77146781609d28ce1e3b900d1965949b7005d611b929
SHA512 e554b470755c9d18552a25a00fe82960c2ba685ff5a8dcfa496aac32af38f662755813b374f08edcd5d02c70a06488c7fdc10ac64047d0bfa123c287bb73b974

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0e086c84fd4ba34fe80c1c40b069507a
SHA1 b3931330ec796e6e070a24bfec75f3d7f2cb416b
SHA256 7292a8735a390f4f39bbd1e1627b1bb4ee20ecd2e8539886fa2a49b2a03c4d81
SHA512 97ecece77433f569de7257fb01d223976613d66c44abf2bd7601a4c0bc5e12c22237d52cecbcb6e279d461cd7e6ac3eeee6eab10aa2dc458712c736324d66c80

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f298d27a925c95fb0a20248bd262b149
SHA1 835057fc25a0d039f5778055fcaa9ce29a927da0
SHA256 35f21907dc6986e5e123d546c2336a32dabcb7ecf0edcb9a594e4dd18c8abacf
SHA512 a341a38cc714fa542f565d90e535385e91a61f0cbf211d6ee2eb1d7ead029a11a6ed1fbd1f52d66f3b719a7317a70850e62e76df63660c4b268fff091e6d6719

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c22d72c455302afc0d8d64c038679b78
SHA1 ee9733c3427ab801bedac0c670664455d3a09bfd
SHA256 ddcda31c6e7cb63c47312c968cac58ccfbb43c5704f916f2d9132a5858c0b073
SHA512 14e54d91bbcc8aab6835c29fd58894b2aa0dc1f0a875195f12b601b4b8c90af838e3d2a1525cc6c5de85650e4df6bddcdbe5c640f48c505d9b979206f6b90b65

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d3d821dc53cd07fd80a10d3fe7531f6f
SHA1 15e22408734f89b620bca48692c3f79f1c86b15e
SHA256 0a676488a74726d969138b86ee26e7cbc5a0a1fa6ff85a09e40b23a7cbdfdf03
SHA512 284af8f58153ae44a9a9f8c565820dd9e69d5243eb6bab81bd6867c0e5e53199e51d754b132002f7e93894c9f9d89bfdc3d5b67a0cf2e4da5f5f06da63fc24b8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fc1ce58bce5fe2b2dfaeec106bb4e2c9
SHA1 97b11d6466ac36b62e54555a3ebc3d530c968383
SHA256 a46c4b0b035f0f4abbdc68d3999e6d258ad93d9853c43ff775123408ef4972dd
SHA512 a6e7d7be1da24892e65880103219104b0e4692955b568466d90814de78ebfe2edd751bfecd9531d120a92ad5bddf90c5f2057d36c1e6b8c5f95a4db6a9bdf48f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fa62dacbe6ab413e9cea386822685fae
SHA1 bf78f06ddfa68956414ae490db9a57eb23661377
SHA256 0e63e952425656738621c47a39809d59798682c00de229ae74f2cb238817b068
SHA512 23dc70e03da344b87589046c2c40a72e8bc3b36a303d8dd4c354d858dbf4abc235f33caac7fbf8ed43dfc46c4898063530b1c2f301d34527828115fe4a4da3d7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fc52b993fcecaea2233c41bb2c9fc319
SHA1 3edffe78b13be93bda35c234c5610e5e2227e7c6
SHA256 fcc489dc8554f44c224646f473deed1d79407979d03a11ccbd47b9418d94f556
SHA512 8ac51b383064c6ad2533219fc4e84e3b425e49d1b76ddf8ef2acff2a39271d84c3b2e1098b36812114b812068ee12fd3d0c5a16e8a53557783f0c589adfab1dd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 63300df3c8d0f3cd01671629854d8835
SHA1 43dc48e6c7363a604af34f48be2a9edaa691e97c
SHA256 4d79cf175248f227b3fea4bfb0986fe933363b3ea0fb4423c662f18141a7b9e5
SHA512 012c964d6867fa827918da2dd029e1fc089b098dee30f0399c98dacccbf3f5d4066af14b2b31e82457f3b560e73e3d25828d8ecb44be4901c159401e79b82d93

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 785b82b6bc8698f91f110c2e319a6edf
SHA1 2b6b312eadafbf30121fb33e19f4c96546e276b1
SHA256 78fd253fde01ff6f7ab9d6cab75aadbe56d1855f220d59182926199bedbc50b5
SHA512 d70b1896b79289b5e842c6adf2bb2684e2c0f0c2ddf89d69299b7bf32888e834bd02debf47a5d32fcc6657c84e6a908997bc4ce1d94c4a351b430c876c243a3e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7092a9e69bed411fa3b2f69bdfaed763
SHA1 ff2efb342cad6f3105276bf2f3d7af937f9fb7e3
SHA256 3e9ecad156ebf812c076159a4051e2610767c814ff5829e4f9a96bf219d05908
SHA512 94a47f72f00926b32a2985236881189a998726f525d841260b99a115db0e4112169f75449b55e48fdc1e1949a7332057f7392bf3273df8298246e9d1d468ffff

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5139d41257d0b6ae2d40c6700154efb8
SHA1 d9937b5f8bc63832841bc867ec6c5267caf630b5
SHA256 5bbbc399ddbb32b3f0b2ac81b6d4e913d8db06931fab31840df166d2620b8f7b
SHA512 155df20d4b8f54aa264da8d06b601a750247a8e66db5adc012ae65dc02f7c00b2377bad141d270db6085b8d7f2317a3cc0d453c548ce5a633f1021c446a0e049

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 16a6930bd7cd0624f04b29b840bd0172
SHA1 af2e15d31f98e3965c4a7d279d95a08de0f673da
SHA256 bb8a8cc508ff67d2fb7723f2a20474132e0fa9143f19a39c1d71443d3ac5759c
SHA512 def3d9a3256ff17abe5da70af839038fd5c6d1269b49d70c97ac87d9698c54850a308c98421fbbda1c8203c276c793e2013beba5518a4c8c8806fcd27d3d0d3a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 e41435c4c8d24be14b018d025eb1d112
SHA1 f25240da732c3ddd1cd46baebdcc2c8e835959f9
SHA256 773ee26575e96a474469263ec2b6b7f90ba67b247376e620548d766fbeefda57
SHA512 e64dd68f4cb72aa0cc7cc5accf07a22ab33e09532e079c892ecc0860b102aef04acf5218595c5c90fe5b44ee4ed6bcbce8af0e40b4b229a940f37606a6154697

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e19970cdd73cde141653337ff1f8f451
SHA1 807765bba58bcff279293c67e95959be90b59c39
SHA256 2378d5d156d4c66eaab88ba93856f1766d0070ab21987f7bd764b9fb61b5fd5c
SHA512 2d4f23cbc5f5469ae7eedb9d9a752acabb2fd933d1c7b891999f968acb009435b9dc041974e2857eb7a66c64e0d31cc53b44b21b73c1e2caa73b5d03ac92d3d1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ff902741d805f35100beb2ed12c4618d
SHA1 d88361ba5c3fc14e438d12c2692a2a75adb400af
SHA256 b7f66efeb9fdecf9d487c6e00c592d52a582b2d395440532213a2a64e6b342e6
SHA512 dd83ec5b4485bbdca22ae5cae20f73273f4e71e397c723aa9783a47c8be7ab970a59d7f8dca10f9ebe6d995d56d8f1b0df91454a9b2f6174158bd9e802951ef9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c1f595e750c27f62899cdeecec39d0bb
SHA1 a69f43af9a194d8bca393529d61ddc1daa6321a5
SHA256 4a34500eaaec227f5fab0869d4e1ff7b63f4c54a50aea365cc86b9999504a6ae
SHA512 9fdfb37a40557cc8d393d3034e8723ec68082607f86aa341d4e253786ce2d317fc368a14afb2c1ff243cf08b0d71e931a67ca1f14f18a0b6da441b73f7785b01

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 db08e0819629795b764c14bfd9496340
SHA1 e8eda6f38cb88445900e4255350bca6fe2a491e3
SHA256 1459b32dd641696743bd7dd8be505f431019017e17945dd3c3c56acd91e99919
SHA512 90b0ae4eb88c6fcbe0e89057dca93d53cc735b8739b56e51fd174f9952d6790205b8c2682403c3866a3180b61499d1d81962b93a48e0ff312d3dd5ccb3b061c2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 ca2d2295d80db846da665826c830045b
SHA1 73edc9938db916c9312b922757fb56edfd703fc8
SHA256 4368d1ed7402261be73b7743b8ebb1bde6cdc38bedd23c18a59270ddad757c59
SHA512 9fda596ca11fa2463996c1bde2d19a243e111f00b5c53143eb3ed513a9fe6e1a808a32d5ccbc0c01e99c4294f21ca7fe2217a84efebdcb83e42b0ddd7cf8a797

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f204ba18140f277de8e0870383303fe2
SHA1 9d0cf6b1e97bc5dca4002b8b4ce8e98cea49813f
SHA256 568da09c4fb21c54e5c4d29046ca81414ce3fca0c1c44062c4137ef81492b7b3
SHA512 8cd56001c25397d0afd312d6e7759a584163adaf9c509d5eabbbf5bc3b77ad2f974e5b54ef166048f447f3abcee3ea0c588f2b6ff26f8d3665795e6c0c6c397e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 27adea2e2c97257279345e497e9fa392
SHA1 4e8628f9ea0ed34b4a2585dc61ae1a6a83f1c373
SHA256 ee8e810e38a68f655a3d0b9b161e46db3e40a3c8cccf4c5b02c728728b63271e
SHA512 ef5eb1da783bf35f1416b682ac6f780db32fe060cb94bc3610fb6890b6b4f6202ec17f43a22a7b183f8141eeab0c79c1d41e978479329a28dc220042cfad2429

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3862b5b389bb102a7a18ed2c712924e3
SHA1 34c098c47155153ebe535a21ccdf479b60f646cb
SHA256 57b2670b882fbfea0bba4220cbe480981a32e12f249444330e8c0cf6a82bcea5
SHA512 dedceba63d52ea9d44983ce05216cec4901149908cf7fd84f8aadca1b6759a82ccce6aaf2caf410cc58ca47d81e59042e1e328b924d0b2d440b854a14ac66f05

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c5f910c3e82bed1a34bb4c0d943f8f62
SHA1 2f63f20baf07fcbf5ff8cda1385eacfb6f1d0209
SHA256 28e19f69430e6fa2af1f12dc8ae844db4b2c732850633f1663a1b493680666e5
SHA512 2d04b31269a549a17d92bf7d88cb533c4e714835bfcc24eb4dc49bf0e3cf6af405507fc20493b5502d1057f05652ae56ab116e089abddffa5769db305a9d9379

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-12 23:06

Reported

2024-06-12 23:09

Platform

win10v2004-20240611-en

Max time kernel

148s

Max time network

151s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a2d94e543ddb7af3498a22dd89bde717_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 184 wrote to memory of 3672 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 3672 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 3528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 3528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 3528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 3528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 3528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 3528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 3528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 3528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 3528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 3528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 3528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 3528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 3528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 3528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 3528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 3528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 3528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 3528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 3528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 3528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 3528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 3528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 3528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 3528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 3528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 3528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 3528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 3528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 3528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 3528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 3528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 3528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 3528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 3528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 3528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 3528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 3528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 3528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 3528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 3528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 4284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 4284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 3092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 3092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 3092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 3092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 3092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 3092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 3092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 3092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 3092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 3092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 3092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 3092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 3092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 3092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 3092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 3092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 3092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 3092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 3092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 184 wrote to memory of 3092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a2d94e543ddb7af3498a22dd89bde717_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff8c9246f8,0x7fff8c924708,0x7fff8c924718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,1379192876455559046,16309870361051588645,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,1379192876455559046,16309870361051588645,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,1379192876455559046,16309870361051588645,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2656 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1379192876455559046,16309870361051588645,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1379192876455559046,16309870361051588645,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1379192876455559046,16309870361051588645,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1379192876455559046,16309870361051588645,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1379192876455559046,16309870361051588645,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1379192876455559046,16309870361051588645,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1379192876455559046,16309870361051588645,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3464 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1379192876455559046,16309870361051588645,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1379192876455559046,16309870361051588645,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,1379192876455559046,16309870361051588645,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5620 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,1379192876455559046,16309870361051588645,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5620 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1379192876455559046,16309870361051588645,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3516 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1379192876455559046,16309870361051588645,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6148 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,1379192876455559046,16309870361051588645,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2452 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 platform.twitter.com udp
US 8.8.8.8:53 realityshowgurus.com udp
US 8.8.8.8:53 w.sharethis.com udp
US 8.8.8.8:53 connect.facebook.net udp
NL 192.229.233.25:80 platform.twitter.com tcp
GB 163.70.151.21:80 connect.facebook.net tcp
ES 52.84.66.41:80 w.sharethis.com tcp
US 8.8.8.8:53 caroltapp.bravehost.com udp
GB 163.70.151.21:443 connect.facebook.net tcp
ES 52.84.66.41:443 w.sharethis.com tcp
CA 69.90.110.250:80 caroltapp.bravehost.com tcp
US 8.8.8.8:53 17.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 21.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 25.233.229.192.in-addr.arpa udp
US 8.8.8.8:53 41.66.84.52.in-addr.arpa udp
CA 69.90.110.250:80 caroltapp.bravehost.com tcp
US 8.8.8.8:53 cloudflare.solutions udp
US 8.8.8.8:53 www.danlier.com udp
US 8.8.8.8:53 widgets.digg.com udp
US 104.24.20.71:80 widgets.digg.com tcp
US 35.184.88.231:80 www.danlier.com tcp
US 35.184.88.231:80 www.danlier.com tcp
US 104.24.20.71:443 widgets.digg.com tcp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.179.238:80 www.youtube.com tcp
US 8.8.8.8:53 apps.identrust.com udp
US 8.8.8.8:53 ws.sharethis.com udp
NL 192.229.233.25:443 platform.twitter.com tcp
US 8.8.8.8:53 www.facebook.com udp
BE 23.14.90.74:80 apps.identrust.com tcp
US 8.8.8.8:53 l.sharethis.com udp
GB 142.250.179.238:443 www.youtube.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
IE 63.33.219.166:443 l.sharethis.com tcp
US 8.8.8.8:53 count-server.sharethis.com udp
ES 18.154.48.44:443 count-server.sharethis.com tcp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 8.8.8.8:53 250.110.90.69.in-addr.arpa udp
US 8.8.8.8:53 32.66.84.52.in-addr.arpa udp
US 8.8.8.8:53 71.20.24.104.in-addr.arpa udp
US 8.8.8.8:53 231.88.184.35.in-addr.arpa udp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 74.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 35.221.240.157.in-addr.arpa udp
US 8.8.8.8:53 166.219.33.63.in-addr.arpa udp
US 8.8.8.8:53 syndication.twitter.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 104.244.42.8:443 syndication.twitter.com tcp
US 104.244.42.8:443 syndication.twitter.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.179.238:443 www.youtube.com udp
GB 142.250.178.22:443 i.ytimg.com tcp
US 8.8.8.8:53 twitter.com udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.180.2:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 static.doubleclick.net udp
GB 142.250.180.2:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 yt3.ggpht.com udp
US 8.8.8.8:53 44.48.154.18.in-addr.arpa udp
US 8.8.8.8:53 8.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 8.8.8.8:53 22.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 2.180.250.142.in-addr.arpa udp
GB 216.58.213.6:443 static.doubleclick.net tcp
GB 172.217.169.74:443 jnn-pa.googleapis.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.180.1:443 yt3.ggpht.com tcp
GB 172.217.169.74:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 6.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 74.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 25.24.18.2.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
BE 2.17.196.137:443 www.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 137.196.17.2.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 9.24.18.2.in-addr.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
GB 142.250.180.2:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 2.173.189.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 b4a74bc775caf3de7fc9cde3c30ce482
SHA1 c6ed3161390e5493f71182a6cb98d51c9063775d
SHA256 dfad4e020a946f85523604816a0a9781091ee4669c870db2cabab027f8b6f280
SHA512 55578e254444a645f455ea38480c9e02599ebf9522c32aca50ff37aad33976db30e663d35ebe31ff0ecafb4007362261716f756b3a0d67ac3937ca62ff10e25f

\??\pipe\LOCAL\crashpad_184_PLNTWMIXJGPPUSZE

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 c5abc082d9d9307e797b7e89a2f755f4
SHA1 54c442690a8727f1d3453b6452198d3ec4ec13df
SHA256 a055d69c6aba59e97e632d118b7960a5fdfbe35cfdfaa0de14f194fc6f874716
SHA512 ad765cddbf89472988de5356db5e0ee254ca3475491c6034fba1897c373702ab7cfa4bd21662ab862eebb48a757c3eb86b1f8ed58629751f71863822a59cd26c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b65d4a54cb585cdfa2854614f3305a0e
SHA1 2d9c8010b58ab117c8e0be3269cd8c394b48a23a
SHA256 7d232bc3898a33084aa63d660a59e74e74858608c4f03fb7705ec8a8f086d62c
SHA512 804981d89f6a728becb43949d78ee03ba08ea1fb8d11e431d364c10083db4d6b75ff6546926d87923e37ac33915da350d9711ade3d6cd5520acdfdc98351ab54

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 4b7cd25410b849bc0c1a8bc7b2c6aeac
SHA1 7321a13136331be3467825499d1125ef2b3b7252
SHA256 e3e9ce8c6c4633ca8859d95fd3bea2cb89450a7d775e5c646c30f704e3657c8a
SHA512 da5cda31fbe0cc16e03c5eebc87e9ac846f92870dfcd75d7295dd8f2371efb9f895f2c14f1715977917b83d4e46fc4c63129e0a49acfcd5cc4f474155e18610f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 13ba1edf4eaa4e75fcf79d426939d3e8
SHA1 8461682bb5521e3460af21e88b51e5cffc966fc8
SHA256 0ba6e086c887222df536876196bb5700544782c3c859e6ba6166db4cb0a2a16a
SHA512 fb956d0302947410b61062c99f7afea941cb935b64c84396591e1c66da0a77190b2e5ba1e2147b537a90e0514681d4df03b5e2e11fc44341839b874009ab95ed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 a9d5ef97a0f49bfe38a76ec35ea01a57
SHA1 689938dc4f049f32c38c914840e3b93ee17cccef
SHA256 f0199301af62c4abeee37759b310026c537bdd8531ac0145ecfe94e576e2ac19
SHA512 2203b1ef33f4e379d17f410b404cd48c27f23b19c62656ec51696ec8e9c30e2240b1e069897e66ca2946f962a626bd3fe86b084441cee6dceda4188e1ccfc525

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 2a25e6f19f9bf00bab36c8ece9a642b2
SHA1 981f306ce3b1db570131280b9c76a36a82820a92
SHA256 7c4014ac73dbd2737274078d68419a03489b5dbea8b33dba18e6d4fb1102ddec
SHA512 c1ff9df5416cdfa8565c145f27796cbd7d52fead673f40d74f4ea3b7a4876e15b951cb582515a77764d8e59f675a76f3033812beedcb9c6b8af16d0d854123df

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 c0c1cb639ebf428b42488e3666502b5f
SHA1 d1024ea97dab1e7f5852055508ad95a16386372b
SHA256 0b9324c7baabd4cf8c03b9c77bfe24101fc2028f2330cd9dfb36ead2d996171d
SHA512 cf0d31e11e482c08a0291bb75ac6d86a4a9e607ea3367405367522da29f91a89aee5da1cc10a20f385d15d06d76c7616698b217ea48ae1acb5a3943c5503b84d