Malware Analysis Report

2025-01-18 01:35

Sample ID 240613-j1p8vsvamm
Target a48e6543cc3afc69373c550a52f68fd5_JaffaCakes118
SHA256 3136ce595ed091adbb3c86da5b87af469967cc151bd9ab959ee6982a5cb05f36
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

3136ce595ed091adbb3c86da5b87af469967cc151bd9ab959ee6982a5cb05f36

Threat Level: No (potentially) malicious behavior was detected

The file a48e6543cc3afc69373c550a52f68fd5_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious use of SendNotifyMessage

Suspicious behavior: GetForegroundWindowSpam

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 08:08

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 08:08

Reported

2024-06-13 08:10

Platform

win7-20240611-en

Max time kernel

142s

Max time network

147s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a48e6543cc3afc69373c550a52f68fd5_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000006963e0cd6030f7a8ef3203531517c3c2de483fe564e7b2d9015d8204d085efcc000000000e80000000020000200000006cae75f714cd68f4466aa347881f02e9484c3d11bee567abbf462743cdff7b2f20000000b731dd1c689149ac41fb3fe3c810a21f586139f9b5db2c444d7f8a2e53e54da14000000016bdc21ab985748a72a36f5a68ff4f3f39bd94d4d7e0dcb1964a24a54e30113122189e2fc960397e869159e96a55f8283368883f13aa6ac9dd025a2f882da102 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424427975" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c0920e0f69bdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1C83D2D1-295C-11EF-B489-E681C831DA43} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000c6915dd268b1b3d5a63ae70cd1c9b729686975035fc4d70699ad470ff0eba605000000000e800000000200002000000038c5eaf5ffa71aa7ac67dc15e3418800ecae9908c7b2d498270b787de4040b1a9000000024a1529247b84f266b310498a0d3c7c19e57b6d09841713175fcdd529610520dd8fd05e6cd99d2cf865e27e9a2626deba7abb727c6bf5df619f7cd4196ffe144d42f524504b1bd53860e7f102a49e11503fa2fa687023ec8cd82856a8e5e8fb531a7356d8fc64f983d0e92ecf02a4b8f89992605e932ce4704089b621f50d553047efb8aa9327184b4468b8aadfc6275400000007fecb2080c67e33199d2b7e4c069ad1816b4eab4d45cf486737f56723c49999f9cc578d76681d1330b1defdaeda950833a9a8de88d4f79bc4567df0f276d85d2 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a48e6543cc3afc69373c550a52f68fd5_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2264 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 paivaconsult.com udp
US 8.8.8.8:53 ns1.chatwithgreenbar.com udp
US 8.8.8.8:53 css.developmyredflag.top udp
US 8.8.8.8:53 traveltogandi.com udp
US 8.8.8.8:53 getmyfreetraffic.com udp
NL 185.107.56.199:443 traveltogandi.com tcp
NL 185.107.56.199:443 traveltogandi.com tcp
GB 134.122.109.150:443 css.developmyredflag.top tcp
GB 134.122.109.150:443 css.developmyredflag.top tcp
NL 190.2.139.23:443 getmyfreetraffic.com tcp
NL 190.2.139.23:443 getmyfreetraffic.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
GB 134.122.109.150:443 css.developmyredflag.top tcp
GB 134.122.109.150:443 css.developmyredflag.top tcp
GB 134.122.109.150:443 css.developmyredflag.top tcp
GB 134.122.109.150:443 css.developmyredflag.top tcp
GB 134.122.109.150:443 css.developmyredflag.top tcp
GB 134.122.109.150:443 css.developmyredflag.top tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 8.8.8.8:53 statinside.com udp
US 172.67.146.166:443 statinside.com tcp
US 172.67.146.166:443 statinside.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 8.8.8.8:53 apps.identrust.com udp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 8.8.8.8:53 apps.identrust.com udp
NL 23.63.101.153:80 apps.identrust.com tcp
NL 23.63.101.152:80 apps.identrust.com tcp
US 8.8.8.8:53 ww1.traveltogandi.com udp
US 199.59.243.226:80 ww1.traveltogandi.com tcp
US 199.59.243.226:80 ww1.traveltogandi.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 8.8.8.8:53 x2.c.lencr.org udp
US 108.179.252.182:443 paivaconsult.com tcp
BE 23.55.97.11:80 x2.c.lencr.org tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
NL 185.107.56.199:443 traveltogandi.com tcp
NL 185.107.56.199:443 traveltogandi.com tcp
GB 134.122.109.150:443 css.developmyredflag.top tcp
GB 134.122.109.150:443 css.developmyredflag.top tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
GB 134.122.109.150:443 css.developmyredflag.top tcp
GB 134.122.109.150:443 css.developmyredflag.top tcp
US 108.179.252.182:443 paivaconsult.com tcp
GB 134.122.109.150:443 css.developmyredflag.top tcp
GB 134.122.109.150:443 css.developmyredflag.top tcp
US 108.179.252.182:443 paivaconsult.com tcp
GB 134.122.109.150:443 css.developmyredflag.top tcp
GB 134.122.109.150:443 css.developmyredflag.top tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:80 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:443 paivaconsult.com tcp
US 108.179.252.182:80 paivaconsult.com tcp
US 108.179.252.182:80 paivaconsult.com tcp
US 108.179.252.182:80 paivaconsult.com tcp
US 108.179.252.182:80 paivaconsult.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751

MD5 5bf392653f047dc5da9989489c981c48
SHA1 0f5aff988fd4ef6e886cf71add6040a98ab6dc4b
SHA256 b58081d198d08599e8be9a5679e82a7083860f4c71472a529d0132764b3ce0d1
SHA512 fc25de060e79aacfb7788fb6d9f100cc8fc369add942052f927e1a8f41709f9c984f11a5c8765d069b2fa255c558469f1fee3d5fb0d4055408e61d4ba6193baf

C:\Users\Admin\AppData\Local\Temp\Cab77F0.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1b3af4937eda0f8b368411409de1724c
SHA1 55723d7033eccd471d881b3fd930bcd82c688214
SHA256 7a3da59e4c4e71a93de65cfbd08cf1adaf227939a91cd65b64f39a40f2eb1b66
SHA512 c0f2c9b574d8b597cb5cbad8d4298982f08b5ab81b60d5410d5fb586d985eef5022cba2207928f285fe57e5675be6f5c3f04d26d8aef0a65b85a4a3318580582

C:\Users\Admin\AppData\Local\Temp\Tar7A15.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 65fc205b3cf07a13eeaf8e1bbd0c3e07
SHA1 2fc8edb829029564195e6e0eed3df096430019b0
SHA256 d529627053c5dbb41bdc293cf226dea2e4794d8cdd8808c340e4edc7cd91c27b
SHA512 6de5f65641fb9a1b55de2aae6d53458674be1fc81702f167fd440ef5d74c3b5afcd13a144f1e9373e81dc8ba5e80c9d8a681c5113a9395644e75f40d22efb8d1

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HWTP8BNA\pl[1].htm

MD5 555778f4bde0cd3dba70d99980ed18e2
SHA1 5074da134e1cc750b4e0f356a82f790d59d8cc8e
SHA256 482231349094beee037e80b23005f0f03bef2954633d2d13f2408ba4f62eabaf
SHA512 eedb2e163be4616359735892674ec63a084431116c25c5b46fee641ecf4099be001de969428e5c2c058cf550380ddcfa23d0d38956158efe9f6b245e0d01f785

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2fb8f1c058c20763dcb65e6b7b709f24
SHA1 d3648f0f7550014391445cea7f400b9194819ecd
SHA256 d26e0f9541dffa2228a7b6b47241c1817603c79df2898bb7045d145de6a57ff2
SHA512 0fd649f8603b50b2a93ce66084bcc986adb3e5b90d5d650aeeeac1e38048cac93d81972fe7d81a4e8e834f1315f5f7a4040fe2feee5e1aa437dd9776b358d1d5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4fb151d0ef78d036c6404db90a6a2ab2
SHA1 3be31c37117a4d2f604852a858ee795b8cd8432e
SHA256 19a6aeffea4772af97434bb69de3587a0938520d3fc15859f17c9d4696d69c0c
SHA512 0a0e1b540d7a9a38beb752b5e430f0b6ce65485feba1147a6133e93ef6a47b83796953e06983ec66c97d7d5b0ceaf37bbf4202c6c92eaf89613a41bd90eb92d1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 24730bf2827ec7e60484bb4663048a23
SHA1 0319674fbd51f9a6a6254887c553b84de034fd07
SHA256 086306af7489a5ac67a23e3faf05d0f7216b5eeb2448e98669c331feb6857529
SHA512 1f111a60cbbbc88f4f20e3edb0073310f14af2f6f60d6491cfabd3d9b3e9351a95be0cff92ad9fd2b8a38acba12582abe2a099d39bd3a712f0b1999d0fdff1fd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8b74bedca77dd75c21b9a65dab5da0cf
SHA1 467ae71402c85595bc9ce6ca52ad38fef753acf5
SHA256 bc21f035514e91d0e3dc4c50e7e13d153df231c28194517f6d3be9c6396b5301
SHA512 1a36457a7a6dbb608799455ec2febd88c9c6bb9fa342f66c461d636ea8db1feabc26d40fdd86d050685f4eb5f440e2a2c2a946d45ee06d377f5ab9a4a7df6046

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f30e80ff5a00061ded74ee1cbb4f2651
SHA1 201060343798a2066b9fa0f60c2c9f7f46945880
SHA256 f7b053d0260d3c24135a1c9ad58d424ff11e3859265be4bcd6946795052d3377
SHA512 b3417a5671308e47886035d3290d250689a2e853e9859e9df0282834264a675bc74f078370c97b69536d3eef1ad97d4855a710450c4626dbf83f651ff49d1e12

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ef50af7c069af208b8e2ed577569ab55
SHA1 cc3a04bf91165684597ab9469e7c89bdf57bc6fe
SHA256 619902f494781030d8b8bebf03151e18e0f68a00422738be6597f89170d8e7a7
SHA512 ce91b162c82cc6330db81a742e50647589963c2db58b35d6be523e6a812b2c5a81b25170e36afc5bf22194a8eb96ccb21eab94f1f739cf134c861a34f4cebea4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b240474cf5cad0f9eb422afbaa33f0c8
SHA1 fb1d9bc9866054f1671a84532b8db2f83a47e240
SHA256 57a32e594ca81f5cad0d58b33c9eb28751ff5b7aa4858ed667792da539673621
SHA512 bf457212bcd044f9c89e8b68d5a30c83e83ad7ea9c0c25d4590ac4474b31e0748116b99b81ef949b8810f8f8b7f83aa86989b9acb232a225c86eed233b9976e7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5138f1a8d16446965e011d2f602e9cff
SHA1 ecf7e76762ce0e70c359711b8fc2b177f20104b2
SHA256 092a69c0fc4099a8c034e287399a032e29c3e00f9c5f4465d328176118e25842
SHA512 2bbf5c4de7eae4ec07a614367835ee0fab6e39072f9ff7360eb10c4ea82f5bb8038858fa6660b514a3aae972b1984e62cb2d6896f88aea801fc9809e3472c422

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ca44946cb97b2bcbc72e8076ef0be8cf
SHA1 0214a92abea001387f2a030eb9eeca03dc426125
SHA256 57b7c8b1bd383178e00a06c114b92e5645c4e6d8751baad27f49aaa5637eafdd
SHA512 9ef7b169ecf4460c8fc3a913c8b6beb1de2bc5b0db1cb0c28ea8f7dc7b72a430b3af4664ff9f97a7bdbe258ec575142516063dd37f072bce62b228f3fba4b81a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 37fbf706076f9dfac460cd8e0a863a88
SHA1 44768637b5c962120e6923e5e5c81142e8bc45b9
SHA256 5606ec4eb95aac82297695c9b58012863890c65b8c4d9da05a40cbecbb94e4d2
SHA512 4572118f04164ed00769b1f0dc1d6d64d5b9a848fd4dd9ace755659fe4221c43d63c80b81c99d1f58c63268232a7fc50aca884dad3969f7da9154c9eb2afc07d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 95a1edc75563d83ad8ac91caa4376e64
SHA1 827e9e93041708c128996412d59e6aa37ba78caf
SHA256 98cad31c8a93c350226dfa488d6170c7919e839557463647c58c4322f9042f9b
SHA512 8d3a8eb285432484c600411aa025b7b38a30270cd6fbea3de159339f3f2a3bc6970b806b56fa8e9d635aae79ba3f8683e2c0736ebf9095062d36515d968696aa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 07d80149dff5305408b90f4943b8e88d
SHA1 a09c4ff25e30fd5e7f4446a39280781561ced503
SHA256 266e8089bdaa2bc1b1ced39dc806ba8b058ac5c7b4e04341696acdc840b97748
SHA512 9950b1f53b67a5ac47699eb4e7ec43768ef4847b654b4b5d8b9ecb47c89179650e85a5f7ff33a05ad6d2a9f3df81bfdb2ac8bda764fcaf6e6e82cdf8a8a5629d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ac4fc1ef22e81689a9e1dfdd3ac8c5ff
SHA1 6c14fc9d57d615fcbb7de320694496310246ca6b
SHA256 3d75dce9e2450592405c7d7af71effcc93e5320ac2b7b4a02ca180c431fbe844
SHA512 e85398350e082ffd4aca14ee56048c7ddd639eb4683e46a9c06635cbf819950453d167a621ac6905a13d7035cce8fe70b1e24826caed2c4d3fc46a403442d083

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1c29d46e50fc409750d6c80d2cd7a04e
SHA1 1003bd3ed5d0be31b45b476255e9f46e8152a9fc
SHA256 1964c40e309fe8b03b2b25d074002836bc09088bf63e9b2135946355af9c1be6
SHA512 f00f54deb0d3be00e06a929bf5f1cc2104adc8f7797f46b26fc6e2c37152ee595be56314ecbe83fb587ffbb90b8f4a225237d9acef4cd3e987e9f258dae75c66

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 36acddadd23f0726e08222c3bfaabaef
SHA1 cc8892122d5614c899bdb7a68e464fbe633ddee9
SHA256 e1573c9f7fd9f156cb9e99881aefbdd9e529938c67c895dc0418a003659b8c14
SHA512 8437ef3a1abe5296890c99a39c5c4f87546f8058624d12653e85b39283c13d1191d075af351ff731a8397872c78ae230a9c7ba02295ce9f8c06866aba9dbf79f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 88d65cf20468f57b4255175c1a2d4bd1
SHA1 9823b18746335d37fad4d01c05abf6032658ffd0
SHA256 4bfd947aa13ff4cfe8c71284478a87fd774307cbec187255728e1e44b21ce312
SHA512 e5445035d6f489d1df86bdb93bb7a8c7dafb5aa12343b9740601421ce800d1e28a4f865b331e14dbd9fceefaf9e56bca2e90a4892a6720bf93f7b26d95f11212

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 de38c1bc30f1ff64b60684dc7d7fccc4
SHA1 a49d5f4e13e70f0a7c29492a46076fbe1d0aa14d
SHA256 b60be800dbb84742eb6c430b51c3c3f39fdd9cee3a3a74c44fa4c7242bee288b
SHA512 5e428e57b463f22ccda48276a137f49d433280ddc35884c5d0a350850fa0d4e68964511212c35bd04a0a9c482dd53cd44c8d3da7e41ef6301ca22c6449d2c62a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5f2163f38777fd697705a30d097964cc
SHA1 6e2b90fbf11dfd72028f64ef47142477a48e75f7
SHA256 4de63b8cffc70266e1d7bad714e28933bd8198aa68adab5425514242ccb2d219
SHA512 e35433159218f538665aa5afe961495b4186db21e590a5ede54da826761c23eeca2a9d1975d03b0fa541db2ef896f2cd3229becf02aa7377c0bb345e61a83167

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bbc4e13deea67fbf6d8148385328c20f
SHA1 60edc7ecbcd3a5a07b0ea6aa0ae70edadb72d885
SHA256 a65213dae2b904b89773b595d5c9f6dfcc07d85414f6b7955fd82907a065e327
SHA512 cedafbfbf66c9bda302a4d1570d56bed62dc462aa84ffb763c14684f1a507180f2f86f3a2478c7fa498400d1afbb722fdcc851713f382d16082a2bdffcd06898

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 08:08

Reported

2024-06-13 08:10

Platform

win10v2004-20240508-en

Max time kernel

145s

Max time network

124s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a48e6543cc3afc69373c550a52f68fd5_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2568 wrote to memory of 100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 3076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 3076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 3076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 3076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 3076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 3076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 3076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 3076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 3076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 3076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 3076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 3076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 3076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 3076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 3076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 3076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 3076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 3076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 3076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 3076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 3076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 3076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 3076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 3076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 3076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 3076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 3076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 3076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 3076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 3076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 3076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 3076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 3076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 3076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 3076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 3076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 3076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 3076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 3076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 3076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 3276 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 3276 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 2972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 2972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 2972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 2972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 2972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 2972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 2972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 2972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 2972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 2972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 2972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 2972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 2972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 2972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 2972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 2972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 2972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 2972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 2972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 2972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a48e6543cc3afc69373c550a52f68fd5_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa82ad46f8,0x7ffa82ad4708,0x7ffa82ad4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1976,2433242349079940025,7909560678090796222,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2004 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1976,2433242349079940025,7909560678090796222,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1976,2433242349079940025,7909560678090796222,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2704 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,2433242349079940025,7909560678090796222,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3140 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,2433242349079940025,7909560678090796222,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3152 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1976,2433242349079940025,7909560678090796222,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5004 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1976,2433242349079940025,7909560678090796222,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5004 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,2433242349079940025,7909560678090796222,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4440 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,2433242349079940025,7909560678090796222,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4460 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,2433242349079940025,7909560678090796222,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4224 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,2433242349079940025,7909560678090796222,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4316 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1976,2433242349079940025,7909560678090796222,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4816 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 s.w.org udp
US 8.8.8.8:53 paivaconsult.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 paivaconsult.com udp
US 8.8.8.8:53 paivaconsult.com udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 eaa3db555ab5bc0cb364826204aad3f0
SHA1 a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca
SHA256 ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b
SHA512 e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4

\??\pipe\LOCAL\crashpad_2568_VORYBDGUIGIOKMDD

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4b4f91fa1b362ba5341ecb2836438dea
SHA1 9561f5aabed742404d455da735259a2c6781fa07
SHA256 d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c
SHA512 fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8c4dbdf734a446bcebe8a02ab7a41307
SHA1 8c05db3bc666ff7272422e8722aef9d759fd0810
SHA256 9c85e5bad9c6db337a7ba7662fd1e15016968e62d5935f5f640aa0e1cc5818d6
SHA512 d5003d6dd5f412bdbf8012e53f838b9dc205b837a010366efbf3e0105c0f238ae2b74c0d82f731c54c48654b9f08d08f72f3237293625dd4dc4c849493e1b35a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ac62ab7899d98f9d326a453382fa0f8a
SHA1 3c17f7cc9391f18528a74a998ed0b31ec64ec5ae
SHA256 89f0ab1bf5879d8905724c2216e74e5e58c5562219547b1c0b1a4ac4e86d7cb0
SHA512 07cb8fa2a967ac56859f42bea0c36251468a4ec83d2f4289c707bcd9321a05527896d1db5ca9489bc56c8f9d51913c29176d4093dbd0066e704c09bc5371a4b4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d20c222a469069db9652dd43329a07d1
SHA1 bde22606f223d4c8de30205a01a8a5f234ad71d5
SHA256 8b5ccea1f2adc117c1d4a20d08c8c50695092d5b49c3c2fc24829ea4b6768e17
SHA512 d7f5340ff834e17807bc4156f3defaef676f056025d9711c9d1f484348c9b689a07739a1f0e6eb88b666a01aab4d7852f1ab133f9c335bb8fa0238694dd87d59