Malware Analysis Report

2025-08-10 20:54

Sample ID 240825-hp1d1ssekj
Target c02fe31e4546f7610641ce77a96ba3ee_JaffaCakes118
SHA256 262d7bbc6753cdf310a0fdce5c1eb9917ec1e66dc39afc7e8a7476f22f84935a
Tags
discovery
score
3/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
3/10

SHA256

262d7bbc6753cdf310a0fdce5c1eb9917ec1e66dc39afc7e8a7476f22f84935a

Threat Level: Likely benign

The file c02fe31e4546f7610641ce77a96ba3ee_JaffaCakes118 was found to be: Likely benign.

Malicious Activity Summary

discovery

Browser Information Discovery

System Location Discovery: System Language Discovery

Suspicious use of WriteProcessMemory

Suspicious use of SetWindowsHookEx

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-25 06:55

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-25 06:55

Reported

2024-08-25 06:58

Platform

win7-20240729-en

Max time kernel

141s

Max time network

142s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c02fe31e4546f7610641ce77a96ba3ee_JaffaCakes118.html

Signatures

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430730796" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004ecca440099c424d92937bb9b1db2c920000000002000000000010660000000100002000000080c1ad6274c9eb520596955eee34b564b6c644877125df86391177aaa55adf7b000000000e80000000020000200000002921456a0555375af2d1125615189b74bd2ad4fb0a1fb047ae7a8e294eafa520900000002a3fbe67df29ad85bff38de49107c5248be58f1bf43eb2ecf011e0a4356abd9d52cda82d8543078a25158d5711038d1f7bdca4a36adbc30b60e8194749730083b00a6bcb91a0a93cf6c749e67d0712d89e26f0bdd6c3649a887c99c107541764e457a674f6b02959188b304d7ae6c2255d3f3b0c1e08ae191257f4ec1b6792640e40071d6adaab38d9048602cc01042b40000000fdc7d48503679a8da6993cef106638421e9b6dc64119927901add3c1f506c90254f9fed133e060f95cf6fde5d4aa5ba9052a250edd22489b89aff59a23bae4fe C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{03213711-62AF-11EF-8F8D-F6F033B50202} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004ecca440099c424d92937bb9b1db2c92000000000200000000001066000000010000200000007655ea5ec2c54028a2c88c4ef1220a54ff041ea5a620698246a1eeb613173c6b000000000e80000000020000200000004009830ef2b4b5d1abdd05e5cfc6ac17c30fc41ffeada93312426c5f17f9b60120000000555b93729749213e8a1f4b6809a4aee2619a57915c43b58b6539f8c2b9cca17c40000000c2b155f1cd6bf2c06c0f903b2f698ad0ba5c1eca358b6e36db5b542d5260941386285b8e4124bfe397c078c6abb45717e4ae38353f600f7566a4c4061343a269 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 10f5ced8bbf6da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c02fe31e4546f7610641ce77a96ba3ee_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:624 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.blogger.com udp
FR 142.250.179.105:443 www.blogger.com tcp
FR 142.250.179.105:443 www.blogger.com tcp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 apis.google.com udp
FR 142.250.178.142:443 apis.google.com tcp
FR 142.250.178.142:443 apis.google.com tcp
FR 216.58.215.42:80 ajax.googleapis.com tcp
FR 216.58.215.42:80 ajax.googleapis.com tcp
US 8.8.8.8:53 media.santabanta.com udp
US 8.8.8.8:53 ads.clicksor.com udp
US 8.8.8.8:53 resources.blogblog.com udp
FR 142.250.179.105:443 resources.blogblog.com tcp
FR 142.250.179.105:443 resources.blogblog.com tcp
US 23.227.185.42:80 media.santabanta.com tcp
US 23.227.185.42:80 media.santabanta.com tcp
US 8.8.8.8:53 adserver.juicyads.com udp
NL 185.94.236.245:80 adserver.juicyads.com tcp
NL 185.94.236.245:80 adserver.juicyads.com tcp
FR 142.250.179.105:443 resources.blogblog.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 santabanta.com udp
IE 74.125.193.84:443 accounts.google.com tcp
IE 74.125.193.84:443 accounts.google.com tcp
US 23.227.185.42:443 santabanta.com tcp
US 23.227.185.42:443 santabanta.com tcp
US 8.8.8.8:53 r10.o.lencr.org udp
US 8.8.8.8:53 r10.o.lencr.org udp
GB 173.222.211.9:80 r10.o.lencr.org tcp
GB 173.222.211.43:80 r10.o.lencr.org tcp
US 8.8.8.8:53 www.google.com udp
FR 142.250.179.68:443 www.google.com tcp
FR 142.250.179.68:443 www.google.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Tar60E9.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\Local\Temp\Cab60E7.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6b84b3527c099b378e57f4a5d9fbf832
SHA1 44b85ed3823ecfc3fe02b48256784a89e7824571
SHA256 09453ac6d935859236369875e21fe5be0f5bfc39b6781241cffd1c65775fe9c9
SHA512 b7370f91ca4240855bd9af25840282cf39214e214059a5a0fa025f80752086b7d0d06961d878e1adfbcf63483ca481f9c5697415e46f71647b95909ac49808d6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9652512c1b7370304fca4af00dc95bcd
SHA1 2b939e789e560e04065e3f3d460bd91eb700f687
SHA256 81f4fcff34a5ae6c8a418738ba0c4900de2ed773517068c187102d298ca3f3c6
SHA512 a8e9806ee75c6f19185569f00d932e5d36ad3e237504d297cb30d4c7fdf155771ba4908f9cfc064c0fdd14ff45ef6f67c68157a08830c2311f637ac79966f7c2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3c515e0c2d336d0b681fdb9270934761
SHA1 953b3d96adf474c6b733b29653e7d3f2e83b4c50
SHA256 7c20cca89c3b7209966486a91a9a98d1679861bde9d63827a793026cbf56681a
SHA512 ed78a4e733c045b70e60011349dece95b487df668a454c6738743d0a84a34a04ba4f8039836242b9437dcaa595c171e2d5c94ff71f8fb5cd87734f9f243e8439

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e596bd2d5424d63570a4c342acba5ec4
SHA1 20bab7f8dc683af9c7b19479c69ab38dfb1aa920
SHA256 0bfa983dd8f2654cc9711a537842707c65999f9f107d4714cd03f791fbcad45b
SHA512 302804bcb2e7fc9e12b19102fe2ec6a1922cd3d9dcd844231c1cff8158ea533d2385061dcac5bad06f2f09876badbadf061c40c9f6943b4b83675c71ababf4be

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ad22786233d590145f27a6e9a054bb3b
SHA1 e387621a45b27c7e786d8597e0108dc5356d42d1
SHA256 bc169ea84dd04049a7a4cbeca8b1d861977af1380b7c529faf7904950a30531a
SHA512 aadfe8db14989015d763d1f3ed7555cc52baca6ec3e51723f03e2031f0f8bcc539fe9f32dfc1364e2517902d3020b69c50e702f13663c2ab2254a4f4052b4e92

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1600e5b8ea624dac9441af842989d428
SHA1 6c0323ff6cf88790bf1482d1989084feb452126e
SHA256 79c458b5b3f0a573b690d4905c95468ed83670bbe2be87edbd8caf439ddf21c6
SHA512 61262d8d9e1b0102b931d8385e1e0af35abf010ebfe59c073408206daf99a1b22e2d8b86a0120f1f4df4562537d7b993fcf3be3e84229534986db7a162d1727b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3063b39ede2cf0ae088f695d9d84a357
SHA1 0e63797e4152b61bf09fcd5fcb0c1a048ade625d
SHA256 2ead8869e25cf2edeef9c318b9c53a8277207a4d8d3f96a3354a3b2bff526e82
SHA512 d407c6b2df9fe002b17c2ce31d42bc5eb95ad9088fdab51d719bfe3c73d183cbb6bca6161f70145cf8d5f23a124f2dcc56e295fe4c9c6b7fdfdd19d6c6fb505f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4c95acef2f2f419d4cc0163a5e2277e7
SHA1 2fb7622609b51a341ab2bf043694438acb13a90b
SHA256 eab21e16595f8519c97e66f0c374907e33deb949dac5e1f68de149998d774753
SHA512 22ef311ef54f5fc994974007ff5fa99a641607d3149fd6e7231032de50884f581f7235e73cc8fd5f8e340425c9592d172a8bce95ad3a71396d7b049282046db1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1bbff9086ada6ec0dedc8efc93d35ac9
SHA1 f87c1c3b5d4947a888516f62620dfddf4c6a3c52
SHA256 6e1cb59edd53051e704cd79ebfa4e63766456a6e989bb692ca06fb53f117a269
SHA512 d9aed70e01a2c174449531f5563b9c467b8f4bc3806a685fcb1f675069a93a31e5021092e1aab7dd25f6db337f68ace652db6211c2afcae85583012e5b08f815

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 00454c757b0ec1ebaa6e293bdc6db94e
SHA1 e56515a8c43c687f839c26f9a4865e677419229c
SHA256 cd021df0f83a7da80d006c4bc4ad7dc59c8bc7d0b1ebf7b1431784e301ac525c
SHA512 d04af8ce4135d2bd2a08b2e2f301605f09e3625bb1295d783d5f64a6f1d93267953e6d46c7475a1233c9391103d84524433dcbdbe0ff81694efb2da870ef2ff2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 10b9a760be534f644117361c648eb09e
SHA1 59ec69d5f41eaf08c1eae3d65f3a4cf2240a13a4
SHA256 303641c93dcc9cf30e175cd58fee1f9df2195332466f043725257d09cab2b7ec
SHA512 8d2598f43fd02c050b7d50de843675db6a56a647002e7d368ac4e9fc9a7ce173a98bb7ee03f1295fecaee4ac0f02131616dfbc68c63c62e5ed7f10e50320533f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 eceb253b77567046a47bc0ac8bf2ef98
SHA1 c8240931dee8e5afa27aed57f9dd7f06872517eb
SHA256 5568513bf731b09564d2b9e29fe003ae19278d7993e148d3a7dc2558022a477f
SHA512 e388dbe483b0404c7164797ce96ed7a9f5ec892f0f356cf410a48518104f64113c0cb52de9acc186bf44e697835d50747aef383d9043dbbcd4b0964218943b4f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 563ef060eb330d878fe32b493c9ee96b
SHA1 1d9789993337743787cb5fc5fc4cc5163837fce1
SHA256 e0b0948a7f5db4159631cc3a2b03b5f3cccc40d951c704a58e5bb2379e1e3db7
SHA512 c66f64862e63eabcea400549733738d3c343e79e1eb91f3fbb83c1375fa362c31241a64b9fa744d19996a4f96ca1d635a091168e66f8e5e439d640ea317e6034

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e0514a1751ae5820d32da7113a8f23b4
SHA1 bcd173263c904a80294fae5c5cff245bfb8bae56
SHA256 20101d464af83e74294df25054a32a72d34dd3add134c41f584134a1f1c2f2b6
SHA512 bc95606db0d0bfadd5f484ab8feb7e0479e790a5a2ecff7ec400672ee433dd69cc1a28237dee0f23d31bf4482e47b6ac0cc49502c10854c90f2d63edf58dd7a4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1070bd7a0779e0eb9774a7ece0a8d4c8
SHA1 7a81c1a3934d30806d735df910c031db64e4c9a7
SHA256 0bc8fdf84268ce119ae8a3215c55855b51ba6f54e26dc31ba4f3b43f10613038
SHA512 a1cf55a5c30193cdb6356d5303bd0e5f80804ec768e835d37063b19612eebd2f4be307771e2a34d0e1ff7f4ab11fdbb93b0a3f53d2551cdf48c0972f47ad05f6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8319af4368a9772e169d5fe415af3dd1
SHA1 c2de21c9b4931f779bb6ee258ed000ef01dce706
SHA256 11001620c2edbec85d145fdbb7565de4f8b23f4ac3549c456859584fce10bee0
SHA512 ff5380d0aa669924328e460d1780c58ccef2b59f311aea24a4926adcf8e3976b6a45a697a2aa6827d774fc13f3bbb4b05f7eb060f3f21a196065ccf1027c82b0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8382f6e31107a7c1e29c3a6458597110
SHA1 6812c9ba1e6db78de91a65cadcd524b463e855c8
SHA256 fd968afe36e8b951407be344c8ef1ecead2835f0ae1b9c2d65d83965a41cdc10
SHA512 072aebf89cb4e30b993768a31a97e0061373ea5c8066ddbb7bc5a83e5e46bd5753deb83c45a19f10dac255fba1c5c292fa1e050623f0eb10151de77db4f1a1b6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 27a627b04045c9f80269ba91c69dca19
SHA1 00f2bf6d60ffab15230c5e3f42494ec5d84125e8
SHA256 4f60c44933852a759954523f8ba11f0b8a0a360abff49f4de63f3cc5e21a4861
SHA512 53c670c2c1c81a7e62c5869c13953aa3bf9033497c785413136fd16d07bd36fd710d20e94fb3b5cdbb0012be89f6b81cf1a5ffc7d1586fd401d7ab7fe157dae4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e10f5bdd7eedf6eb69656fb15f864046
SHA1 900cc6338b750dcf40a4aac76fb88b72bb531ac8
SHA256 1658b91f7e21796d85a23f4efaa0cb34ecb420f577c11049b3c623d9ea4ca606
SHA512 12f47193f4ec1afc1111d766fd5abbc94974c9bc23c6aeb6039b98721d11f9b909a0979e3d367e51edb0b41ea370b0f23832a79f98b7da338b64074382892726

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7a43938fbac9ca349058cf296c9781c5
SHA1 c7d1c1e19294016e35e316ff49a8b23906a17dbc
SHA256 04e621c737997f3a9d4e128d7cc8a32982ad01e51887a07e4e691c3b91df53f6
SHA512 96c9884d3dcef3f3057fc162b1920d80717ce2f1a4085927b29bce7830854c982b9756f24a22abc4d3b0a48653a3e6a96d2210c554fcc63d6b4fbc0c8dc75e53

Analysis: behavioral2

Detonation Overview

Submitted

2024-08-25 06:55

Reported

2024-08-25 06:58

Platform

win10v2004-20240802-en

Max time kernel

145s

Max time network

139s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c02fe31e4546f7610641ce77a96ba3ee_JaffaCakes118.html

Signatures

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4764 wrote to memory of 5084 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4764 wrote to memory of 5084 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4764 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4764 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4764 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4764 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4764 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4764 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4764 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4764 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4764 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4764 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4764 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4764 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4764 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4764 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4764 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4764 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4764 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4764 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4764 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4764 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4764 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4764 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4764 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4764 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4764 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4764 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4764 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4764 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4764 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4764 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4764 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4764 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4764 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4764 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4764 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4764 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4764 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4764 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4764 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4764 wrote to memory of 4688 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4764 wrote to memory of 4704 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4764 wrote to memory of 4704 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4764 wrote to memory of 4164 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4764 wrote to memory of 4164 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4764 wrote to memory of 4164 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4764 wrote to memory of 4164 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4764 wrote to memory of 4164 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4764 wrote to memory of 4164 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4764 wrote to memory of 4164 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4764 wrote to memory of 4164 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4764 wrote to memory of 4164 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4764 wrote to memory of 4164 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4764 wrote to memory of 4164 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4764 wrote to memory of 4164 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4764 wrote to memory of 4164 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4764 wrote to memory of 4164 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4764 wrote to memory of 4164 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4764 wrote to memory of 4164 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4764 wrote to memory of 4164 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4764 wrote to memory of 4164 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4764 wrote to memory of 4164 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4764 wrote to memory of 4164 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c02fe31e4546f7610641ce77a96ba3ee_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffade5446f8,0x7ffade544708,0x7ffade544718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,4564078217469601218,15938866153053964638,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,4564078217469601218,15938866153053964638,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,4564078217469601218,15938866153053964638,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2652 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4564078217469601218,15938866153053964638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4564078217469601218,15938866153053964638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4564078217469601218,15938866153053964638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4564078217469601218,15938866153053964638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4564078217469601218,15938866153053964638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4564078217469601218,15938866153053964638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4564078217469601218,15938866153053964638,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6148 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,4564078217469601218,15938866153053964638,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6604 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,4564078217469601218,15938866153053964638,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6604 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4564078217469601218,15938866153053964638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4180 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4564078217469601218,15938866153053964638,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,4564078217469601218,15938866153053964638,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1816 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 ads.clicksor.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 www.blogger.com udp
FR 142.250.179.105:443 www.blogger.com tcp
FR 142.250.178.142:443 apis.google.com tcp
FR 172.217.20.202:80 ajax.googleapis.com tcp
FR 142.250.179.105:443 www.blogger.com udp
US 8.8.8.8:53 www.blogblog.com udp
FR 142.250.178.142:443 apis.google.com udp
FR 142.250.179.105:445 www.blogblog.com tcp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 adserver.juicyads.com udp
FR 142.250.179.105:443 resources.blogblog.com tcp
NL 185.94.237.74:80 adserver.juicyads.com tcp
US 8.8.8.8:53 media.santabanta.com udp
FR 142.250.179.105:443 resources.blogblog.com tcp
US 23.227.185.42:80 media.santabanta.com tcp
NL 185.94.237.74:80 adserver.juicyads.com tcp
US 8.8.8.8:53 developers.google.com udp
FR 142.250.179.110:80 developers.google.com tcp
US 8.8.8.8:53 santabanta.com udp
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 142.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 105.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 202.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 74.237.94.185.in-addr.arpa udp
US 8.8.8.8:53 42.185.227.23.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
IE 74.125.193.84:443 accounts.google.com tcp
IE 74.125.193.84:443 accounts.google.com tcp
FR 142.250.179.110:443 developers.google.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
US 23.227.185.42:443 santabanta.com tcp
FR 142.250.179.105:443 resources.blogblog.com udp
FR 216.58.214.163:443 ssl.gstatic.com tcp
US 8.8.8.8:53 www.google.com udp
FR 142.250.179.68:443 www.google.com tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 110.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 84.193.125.74.in-addr.arpa udp
US 8.8.8.8:53 163.214.58.216.in-addr.arpa udp
FR 142.250.179.110:443 developers.google.com udp
US 8.8.8.8:53 68.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.blogblog.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
FR 142.250.179.66:445 pagead2.googlesyndication.com tcp
FR 142.250.75.226:139 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 147.142.123.92.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
FR 142.250.179.68:445 www.google.com tcp
IE 74.125.193.84:443 accounts.google.com udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 sarhosuzsarhossunuz.blogspot.com udp
FR 142.250.75.225:80 sarhosuzsarhossunuz.blogspot.com tcp
US 8.8.8.8:53 225.75.250.142.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 accounts.google.com udp
IE 74.125.193.84:443 accounts.google.com udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 719923124ee00fb57378e0ebcbe894f7
SHA1 cc356a7d27b8b27dc33f21bd4990f286ee13a9f9
SHA256 aa22ab845fa08c786bd3366ec39f733d5be80e9ac933ed115ff048ff30090808
SHA512 a207b6646500d0d504cf70ee10f57948e58dab7f214ad2e7c4af0e7ca23ce1d37c8c745873137e6c55bdcf0f527031a66d9cc54805a0eac3678be6dd497a5bbc

\??\pipe\LOCAL\crashpad_4764_PCNORXDOIQRMCLPH

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 d7114a6cd851f9bf56cf771c37d664a2
SHA1 769c5d04fd83e583f15ab1ef659de8f883ecab8a
SHA256 d2c75c7d68c474d4b8847b4ba6cfd09fe90717f46dd398c86483d825a66e977e
SHA512 33bdae2305ae98e7c0de576de5a6600bd70a425e7b891d745cba9de992036df1b3d1df9572edb0f89f320e50962d06532dae9491985b6b57fd37d5f46f7a2ff8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c4dca89d364d2e724166aeadd6164b91
SHA1 d6a6af9c2285c73bfa95f645ddd78d90f62469a0
SHA256 26beb698c7bc92cb1f1e2b97a516b25aab387450322646f9f6d3a3b5020e73ee
SHA512 f3aaac433bbb49980db23a2d9be3af587086db4ab02f4dfb8826ed0a1cd0c3c1b5bf0fc4a465761aabe725d4dc924eca1ce054bf5332221836bb562be55165b4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 3782517badbb9e7498bcb8f20a896ba2
SHA1 2354a280d64ec15230583682f46b1bfffb4378da
SHA256 33f7259582ee9fd1f2216e49ffa0be1e3ffeec3f7feea610c4a34a61ab56f2db
SHA512 b6edf195e4f24063d443759fab33582fd58a92859b5bcb9f9858b298f085621d67621c3757d1fda7eeb1a8720dce90fa89d8dbd378a86abb7ff3f802c52f1673

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0e69550dc0d3903e62dc192e26346e71
SHA1 0a68fc12c0c4f7e6456a3cc19cbfb2004983ba7c
SHA256 7285236182df5ba13da20c42c69d20174e6e0f2afbfce94a7eb8de55fef86ae7
SHA512 c95be440f955c92e224ce2506557d0456f3e8aa419d7e2c96b5877e457e4d58c2e58acada5cf7bb436acde0b0b986ee9f8e8b08ca14eb7f0d757f2c23663fef2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 3600e51a0ce45c5210f02b726ea1462d
SHA1 05b1059290ebe397c089271109d71691e2b53a7b
SHA256 2654b05ed6c9acf91ba86489504889f79a2bd376479128b7ddeec788d4958d6a
SHA512 041d69a9bd9813d899980baa1796bd1729b7beaf47cc6a042f4e73f973277e735396e553f0a1c076e29e25f003749aad7231f3ac2a4dd82ac1f8a602f9b30d96

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8a6e9bfa56687fc2e94363c093342127
SHA1 9cbfef578fcf7a0b2d4e94183741021a0338dfc6
SHA256 ee2efe926415ecc3ddac332bf388ebc9a399737003769ffd8fddc25447687f22
SHA512 76d2dad9dd938ecaa67e177df10ca5f0a11eac522dedbed35f8217a58bfc5bfd3826589bece061d447bbbf418dc027e165e8d6a487a1b7b8bba38fa0b7af8b04

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 e01ca439e40d02246e24672e5291ae56
SHA1 6d1ea7ba571e7cb5623be8de45f0a96d143215b9
SHA256 3ec3db4e8c5e2fc160175ec91a1d6dcaf2a1957c5b5fc6ac33d15bbb421a6987
SHA512 9b3c4c1c2cc21fd0d2b2eae30fb2497542e0f4d2b10b5d61846e0577431cb107219e121ee25472c9149edfd9008a74969e1561c4c96202d6ed9dd4b21c2c1472

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 da1f5f2ab3d1c9a77377da098c28e825
SHA1 449e199a991acd7d87a310c4da3dc1e7393fcc9e
SHA256 8110b8cf0b618fa31229b981f59c138118f600c624bdb4377060f093754aa6a8
SHA512 b505227a40f3d132b173f3cbdacdbcbecf8a0d216ef6a37ced0cde73d83fe5d49695d4cd762221b6826e02e1594c543fbd5f0a154bc6ddadbe265979a5acc486

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 cce1e4a64d17e7378055fbf896cbfd77
SHA1 240e757f8773facbd29b6d388a0e957f87c78982
SHA256 8c9b34aed2f4c4435eb54e86022647dc3ce9c7bfb861bc9bfc11e2a022147f74
SHA512 11503dbf74b7bf0cc1b405e4a836d5d6c654732c214ae8dd4b26cbff12172eead699379bf01909c5e51e949d92f7309808d27676ff09c4d86c74642330a77a6a