Malware Analysis Report

2024-10-23 17:23

Sample ID 240827-clg6daxeka
Target c43112f561fc5bebd1407e8799ac6859_JaffaCakes118
SHA256 7f23e7f4516b5c9ae034f3e193ceedadfd8d7423d4b585eb43bb91fa412dfa32
Tags
socgholish discovery downloader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

7f23e7f4516b5c9ae034f3e193ceedadfd8d7423d4b585eb43bb91fa412dfa32

Threat Level: Known bad

The file c43112f561fc5bebd1407e8799ac6859_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

socgholish discovery downloader

SocGholish

Browser Information Discovery

System Location Discovery: System Language Discovery

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-27 02:09

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-27 02:09

Reported

2024-08-27 02:12

Platform

win7-20240705-en

Max time kernel

131s

Max time network

148s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c43112f561fc5bebd1407e8799ac6859_JaffaCakes118.html

Signatures

SocGholish

downloader socgholish

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003125cc29be9a0e41b44a3d73dc8faf7100000000020000000000106600000001000020000000f3670a4f3c38ac65b076e4fe5ebd178ffecdddc8321734d3fd2d152cb3fc71fb000000000e80000000020000200000002ae69a0516c22a2bc5c0f2518795eedd203ba82465880c05bd1ccdd5bdb2af049000000012240ef47b370f936eb3f914898c6b14645ae1ebf60353bfa2b05a024e52920c90e65c691ba116d49b79aa132dc9be3d0009f8bdc33ba186b1810f41334539e08a3c1f33a0d9c536f4b09fabf1edd6e68fc035dbbc02760f2be8996afef0e4dda1cbb63e8308a66ba187d1cf3e93ce6f66b6a12cc1ec53b837abb077811f18586a70988de8bc37f5abad5c8c5a6e24d7400000001eeebddf1a321cb0ab7cb04a909ee3f2f5251a8ec090e894fe61c1abca50c24821260de9436c660217fd2bac25ef186bf46b1852050b4dfefcdd9f9afb9afa4b C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430886451" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f008575a26f8da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003125cc29be9a0e41b44a3d73dc8faf710000000002000000000010660000000100002000000076b008b4d68293d8b78e578f84ff13272b5f150e618ea359d7ed5c5dc8862eaf000000000e8000000002000020000000a0a02aaf79243202362891bda6efe973b61f3201334ebbd4a55962c43c157e3420000000538e522b4e86395a2fc682bc96312f94eb96491beede9a211bb8e3e21cf004c840000000c10f482e6101906a90f31608c56c3f0d548756d3eae549d86d6f92a743b444ec4f91494c629b0b0b344c253c93f4ca8fedb9bb0560c88b1fc15782a5727e91f9 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6CBE75A1-6419-11EF-8B52-DA486F9A72E4} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c43112f561fc5bebd1407e8799ac6859_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1996 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 yourjavascript.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 belati.net udp
US 8.8.8.8:53 berkahherbal.com udp
US 8.8.8.8:53 smartbca.com udp
US 8.8.8.8:53 klikajadeh.com udp
US 8.8.8.8:53 bloggerbersatu.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 img2.blogblog.com udp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 s04.flagcounter.com udp
US 8.8.8.8:53 www.viralgen.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 s7.addthis.com udp
US 8.8.8.8:53 img1.blogblog.com udp
US 8.8.8.8:53 feedjit.com udp
US 8.8.8.8:53 www.textbacklinkexchanges.com udp
US 8.8.8.8:53 lazada.go2cloud.org udp
US 8.8.8.8:53 www.gomezpeerzone.com udp
US 8.8.8.8:53 srv-live.lazada.co.id udp
US 8.8.8.8:53 banner.autosubmit.web.id udp
US 8.8.8.8:53 sepuluhribu.com udp
US 8.8.8.8:53 banner.adsensecamp.com udp
US 8.8.8.8:53 adsensecamp.com udp
US 8.8.8.8:53 klikaset.com udp
US 8.8.8.8:53 www.jempolklik.com udp
US 8.8.8.8:53 www.probux.com udp
US 8.8.8.8:53 www.komisiklik.com udp
US 8.8.8.8:53 duitbux.com udp
US 8.8.8.8:53 www.surgaklik.com udp
US 8.8.8.8:53 indonesianklik.com udp
US 8.8.8.8:53 rizkyprofit.com udp
US 13.248.169.48:80 yourjavascript.com tcp
FR 142.250.178.142:443 apis.google.com tcp
FR 142.250.179.105:443 img1.blogblog.com tcp
FR 142.250.179.105:443 img1.blogblog.com tcp
FR 142.250.179.105:443 img1.blogblog.com tcp
US 13.248.169.48:80 yourjavascript.com tcp
FR 142.250.179.106:443 ajax.googleapis.com tcp
FR 142.250.178.142:80 apis.google.com tcp
FR 142.250.178.142:80 apis.google.com tcp
FR 142.250.179.106:443 ajax.googleapis.com tcp
SG 152.42.169.9:80 berkahherbal.com tcp
SG 152.42.169.9:80 berkahherbal.com tcp
FR 142.250.179.97:80 3.bp.blogspot.com tcp
FR 142.250.179.97:80 3.bp.blogspot.com tcp
FR 142.250.179.97:80 3.bp.blogspot.com tcp
FR 142.250.179.97:80 3.bp.blogspot.com tcp
FR 142.250.179.97:80 3.bp.blogspot.com tcp
FR 142.250.179.97:80 3.bp.blogspot.com tcp
FR 142.250.179.105:443 img1.blogblog.com tcp
FR 142.250.179.105:443 img1.blogblog.com tcp
FR 142.250.179.97:80 3.bp.blogspot.com tcp
FR 142.250.179.97:80 3.bp.blogspot.com tcp
US 54.174.29.0:80 www.gomezpeerzone.com tcp
US 54.174.29.0:80 www.gomezpeerzone.com tcp
ID 103.30.145.12:80 adsensecamp.com tcp
ID 103.30.145.12:80 adsensecamp.com tcp
IE 52.210.174.128:80 lazada.go2cloud.org tcp
IE 52.210.174.128:80 lazada.go2cloud.org tcp
FR 142.250.179.97:80 3.bp.blogspot.com tcp
GB 104.96.173.184:80 s7.addthis.com tcp
GB 104.96.173.184:80 s7.addthis.com tcp
FR 142.250.179.97:80 3.bp.blogspot.com tcp
FR 142.250.179.105:80 img1.blogblog.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
FR 142.250.179.105:80 img1.blogblog.com tcp
US 172.67.130.121:80 bloggerbersatu.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 172.67.130.121:80 bloggerbersatu.com tcp
FR 142.250.179.105:443 img1.blogblog.com tcp
FR 142.250.179.97:80 3.bp.blogspot.com tcp
FR 142.250.179.97:80 3.bp.blogspot.com tcp
FR 142.250.179.97:80 3.bp.blogspot.com tcp
FR 142.250.179.97:80 3.bp.blogspot.com tcp
FR 142.250.179.105:443 img1.blogblog.com tcp
FR 142.250.179.105:443 img1.blogblog.com tcp
FR 142.250.179.105:443 img1.blogblog.com tcp
HK 154.220.249.175:80 www.komisiklik.com tcp
HK 154.220.249.175:80 www.komisiklik.com tcp
US 104.21.69.181:80 www.surgaklik.com tcp
US 104.21.69.181:80 www.surgaklik.com tcp
SG 103.21.221.4:80 sepuluhribu.com tcp
SG 103.21.221.4:80 sepuluhribu.com tcp
DE 185.53.177.54:80 indonesianklik.com tcp
DE 185.53.177.54:80 indonesianklik.com tcp
DE 64.190.63.222:80 www.probux.com tcp
DE 64.190.63.222:80 www.probux.com tcp
US 206.221.176.133:80 s04.flagcounter.com tcp
US 206.221.176.133:80 s04.flagcounter.com tcp
US 8.8.8.8:53 www.viralgen.com udp
US 172.232.4.213:80 www.textbacklinkexchanges.com tcp
US 172.232.4.213:80 www.textbacklinkexchanges.com tcp
US 103.224.182.240:80 klikajadeh.com tcp
US 103.224.182.240:80 klikajadeh.com tcp
US 172.67.130.121:443 bloggerbersatu.com tcp
US 104.21.69.181:443 www.surgaklik.com tcp
SG 185.237.145.189:80 duitbux.com tcp
SG 185.237.145.189:80 duitbux.com tcp
US 54.174.29.0:443 www.gomezpeerzone.com tcp
ID 103.30.145.12:80 adsensecamp.com tcp
ID 103.30.145.12:80 adsensecamp.com tcp
HK 23.248.192.74:80 rizkyprofit.com tcp
HK 23.248.192.74:80 rizkyprofit.com tcp
US 8.8.8.8:53 c.pki.goog udp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
US 8.8.8.8:53 c.pki.goog udp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
US 172.232.4.213:80 www.textbacklinkexchanges.com tcp
US 172.232.4.213:80 www.textbacklinkexchanges.com tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
FR 216.58.214.163:80 o.pki.goog tcp
ID 103.30.145.12:443 adsensecamp.com tcp
FR 216.58.214.163:80 o.pki.goog tcp
US 8.8.8.8:53 e6.o.lencr.org udp
GB 88.221.134.89:80 e6.o.lencr.org tcp
HK 23.248.192.74:443 rizkyprofit.com tcp
ID 103.30.145.12:443 adsensecamp.com tcp
US 172.232.4.213:80 www.textbacklinkexchanges.com tcp
US 172.232.4.213:80 www.textbacklinkexchanges.com tcp
US 8.8.8.8:53 r11.o.lencr.org udp
GB 88.221.134.89:80 r11.o.lencr.org tcp
FR 142.250.178.142:443 apis.google.com tcp
US 8.8.8.8:53 s10.histats.com udp
US 172.66.132.118:80 s10.histats.com tcp
US 172.66.132.118:80 s10.histats.com tcp
US 8.8.8.8:53 s4.histats.com udp
US 8.8.8.8:53 www.ppcindo.com udp
US 8.8.8.8:53 developers.google.com udp
CA 149.56.240.129:443 s4.histats.com tcp
CA 149.56.240.129:443 s4.histats.com tcp
FR 142.250.179.110:80 developers.google.com tcp
FR 142.250.179.110:80 developers.google.com tcp
US 103.224.182.208:80 www.ppcindo.com tcp
US 103.224.182.208:80 www.ppcindo.com tcp
FR 142.250.179.110:443 developers.google.com tcp
GB 88.221.134.89:80 r11.o.lencr.org tcp
GB 88.221.134.89:80 r11.o.lencr.org tcp
US 8.8.8.8:53 ww25.ppcindo.com udp
US 172.66.132.118:443 s10.histats.com tcp
US 199.59.243.226:80 ww25.ppcindo.com tcp
US 199.59.243.226:80 ww25.ppcindo.com tcp
US 8.8.8.8:53 www.dynatrace.com udp
GB 18.165.201.116:443 www.dynatrace.com tcp
GB 18.165.201.116:443 www.dynatrace.com tcp
GB 18.165.201.116:443 www.dynatrace.com tcp
GB 18.165.201.116:443 www.dynatrace.com tcp
GB 18.165.201.116:443 www.dynatrace.com tcp
GB 18.165.201.116:443 www.dynatrace.com tcp
US 8.8.8.8:53 ww38.ppcindo.com udp
GB 18.165.201.116:443 www.dynatrace.com tcp
GB 18.165.201.116:443 www.dynatrace.com tcp
US 75.2.120.224:80 ww38.ppcindo.com tcp
US 75.2.120.224:80 ww38.ppcindo.com tcp
US 103.224.182.208:80 www.ppcindo.com tcp
US 103.224.182.208:80 www.ppcindo.com tcp
US 8.8.8.8:53 accounts.google.com udp
IE 74.125.193.84:443 accounts.google.com tcp
IE 74.125.193.84:443 accounts.google.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
FR 216.58.214.163:443 ssl.gstatic.com tcp
FR 216.58.214.163:443 ssl.gstatic.com tcp
SG 152.42.169.9:80 berkahherbal.com tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 92.123.142.59:80 crl.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
CA 149.56.240.129:443 s4.histats.com tcp
CA 149.56.240.129:443 s4.histats.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
IE 74.125.193.84:443 accounts.google.com tcp
IE 74.125.193.84:443 accounts.google.com tcp
IE 74.125.193.84:443 accounts.google.com tcp
IE 74.125.193.84:443 accounts.google.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 4103c21cede21cf344955d79f5f87220
SHA1 27a810c177f163fbf28668bee674c0e865057b0d
SHA256 d10ee069105b107056114cbd3c1a25feeb99c0cfb59f4e6a9d7105dc943a0f58
SHA512 d890a2aaf627e858959825e9c1c14435a8deeff7d1c2c84670067a4f086a5d4ee1f29e3ab8b72c32ec4234cb13fcb9eb0f4cc91a5af4cceb577d91e4ea9f1fed

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

MD5 e935bc5762068caf3e24a2683b1b8a88
SHA1 82b70eb774c0756837fe8d7acbfeec05ecbf5463
SHA256 a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d
SHA512 bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J8I3CVQY\js15[1].js

MD5 4beb0b1c8bbca69316e6eadcd83b1bf0
SHA1 602491c5f60960bf4ba7c3d2e600681a06ffcaa1
SHA256 429e7004f3f8fbe42cacb984c36a9cda33efdacc100a276b12e82c6ab78bf7ec
SHA512 3bc8560d56f39ba09da8a3582587b9ca727dd9fa60582892a2a8a2d7de42fa0fa057b28986a0975b84589d8e9ef320f976b3731a19ea17c83388c1309041b8f9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 6500b46f551587e10a13ca45eaa28c51
SHA1 5273ecf728effd06e4eb331e1502a3af2e0134a9
SHA256 ae9118bec7c348229939f8fc43562a17017c8c5b823c13d85bcfccf4865d69ab
SHA512 f97405032360f8eb9c0f3621ade598d63c03089e10a32f6b6d3357fc05e41bbde3771d6f77124bec801d679c8c4e13ca294ee76509afcccae09edac53dfcff75

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GLOK2QLQ\2109501[1].htm

MD5 21ea3b74d8489325e9a4cd480a50bf0d
SHA1 09896b50b607c27f68250c5986ff35af83997a5f
SHA256 ccff2a751f0b6782ffcd1cf2d7c206847b4ec18d417b67d0e165e4599690c893
SHA512 23f0a570e678f5dd5bf517f86646827a4d62da66d1a55425b91c4192f77b6228578bff125b1bdbb7715c529d47144bbe0c26049d594d01b2f7738dd739445dc0

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GE5J41S2\plusone[1].js

MD5 950e589a42fd435b2b6daacbdbbf877c
SHA1 78dc5743d4b541018adafe3a2b49b6be5f1c7944
SHA256 c5e3093bd5e8a58f04846013ead66d36ca25457a0475c9c72d8cde60e598fc0e
SHA512 cf2aa139ee4c2f79ad5dbca6239e4d5179a21f54cf2c3672c45915b3282bda5f5fa702c241d3b5c02805cdf1b48427d34e86b627904055a46ff6ef11be2b2104

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J8I3CVQY\cb=gapi[3].js

MD5 ed72d618fe48f6fc42c19a4b58511e72
SHA1 80a2da4af91d56ec81c7b672afaaaa72c83a4414
SHA256 5bfd37a756bc7772aa6c520102870dafe2d3b808c562412e30f122a7908f8ad0
SHA512 5378b71a33f67309f788b9fce32daea44051e7e9a6aa326bdd783456ee9eb2f4817aec2ad1e837afc1853acba59080b0114d32c040ea731ebd703f0a84dd7ae1

C:\Users\Admin\AppData\Local\Temp\TarB1A7.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\Local\Temp\CabB1A4.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 80691a55f4f56edfe52ab59c852f4b65
SHA1 5a0808b789b9c3ef217abee1d039976067d14292
SHA256 e3772e536732dd3b5ce9cc0b0435fdbc245d448d726188e9549a97fd812a4db9
SHA512 00fd303418a0b264f3866116bffb59a6493f01f058f826ea273dd4feb1c68eefa13a0ae6be0c2c0c6a3dbf045a55df6c0822b4e1aab06a71de594018ea836bae

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d62cc37e49798926087e08d7517b30cd
SHA1 b7f31102c76af14dbc2d383dd25c7aaed60b101d
SHA256 4eec69b5176d0cfb29c1a5e1710a9018d5553466c80d54c9aeb44c5cbf18903a
SHA512 0f46231700df076e1c1a08efdece51ff198275db995e7b795fe75d0ae0b5a4c0bb9762cfa447a0c4d9ead1a2bcb8ddf57f9906aca9f00147119a1625f350dda1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 4bcdae88711bdf75fe5733d6b872c5e5
SHA1 30d3aa5644655f1627a358c7d4b5b50c7116fbff
SHA256 e4a76fe58165754e54de14df19306d8eb5e9a8788988956e19ea01b1f432c21f
SHA512 35e84e496e625ba728426eadf33876eda018886cae4ee6f675f1ce426f90ed76a41982192ca6a91195cf96f35e83e8de2b629e5721e98f7d91a5ed31b0381334

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 53014627000f996f95459f6bd4269c56
SHA1 bb1e1f710a0450202420b74507e0bfed960fea05
SHA256 c52cc8f91dca7131713c9daabe1ef76a39d3f1f19f8a895837608a4de8cd94f4
SHA512 6a9f89dd72c91e66efeb9c6d4f6bf6780c597ec7d68bb9bbcf6fabf36994b0f21499c8002533693a880dfa4cdbb95afce6833f2aae15db69912077c5d1392cb9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c1547fac1b01859688ba918d2c1a0f7b
SHA1 2df58e7ad6e3bbe41c58b7d1582457614f62a201
SHA256 03690954edb1cfaf6161ac99422221928cd52d66cd4e57b72e1cc841bcb80506
SHA512 87a26c453d9af0cbd72a0c8b4e79fe46b71e512e7906f688e04bca1cf8ee47eb2b29541dd0a1f4c9eb34409a07ee550eedea24bf4cdce3f27fb34e26e1de8029

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3dae9b52c39c04c7bf35645845e0595c
SHA1 152406a29840adffdbc1bc30f69b9f311e2ecb32
SHA256 b6afc0e2f598189880c78a8b2a68fb6b71fe87992d485926e5a16e4a31adf4ce
SHA512 34c9da8a024d7b3203839479e4fe3157008f1a155a92f4facb210f8ef01415e624aed92ba0677b4dbe5c8983735046ae4638ecaad80b68dcde1b341779f387f4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b74b4c1009939cbf3303ec9e85f52b98
SHA1 6a1bb4e536a1d40416f75b6eda17c9795ab48676
SHA256 095942bc204e2a8ce57e5e284f53467c22f9e8c99e117661106a745b397a98d3
SHA512 bcc1be48098b4eb267073772d0ff93c96bffb3c37a2a6833db533cdef4cabd4f847b063bf51eba4a8be02850822a26a3e6abfab9a9fd8b4f94fc4cc36f4afbff

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 4eff4e0592e294dd255254bbba4a32c0
SHA1 b288b9beb1f3fdd6f4200edaf17ab9e0a5e5fc19
SHA256 3fbbd65ebde238884c27a1368851941ebffb1d357942ce043aab243742c1648d
SHA512 15735e9bd37167d9c50258435cf3f4de2530aba55782e5c4d9843ee2c180b5b3b87964a85f6002df84fc03d1e3dc59bb3c6c9b69f67c4bfd1e978a1b63ecafba

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 71794b2f58965ddeae6d492aad9268a4
SHA1 68cfc571989ae7a8698e25e4b3aafc01783873c2
SHA256 b8d6e2dfca02da80ece46e4cb6e7b0a86889ad5c1fbbbb1e28706e11598c21df
SHA512 b28cccbb80f632ae97878dbae4a4144c36b6d9e7bcee7b88e4f8e28e03a10622bbafa586f81c1bbccd554df769770a68f8304fccd469cfc8469433d0825aea16

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6163602613d2603ab60f07da96795159
SHA1 45880289d8a1e829c19940105c2e7d5673e2e3af
SHA256 2c33349155aeae5dbe5d698a35be93071408ecea6edcc9da726ebfe301c7f8aa
SHA512 bbc2d243bfade81c44cc936bff569eb3913f90990a9f7dae696b22e944a16f4edc6eaae75436345e489ce7d658875981c81c7e03d8e612f31409a4f89d37f61d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 88af36e61b5af7b3d88c3b0743d43472
SHA1 7b36b2d42ab6b4aede159a5ced89022ca934fded
SHA256 e73cb1529da28955a2d7155a469026a4f9d8e1f3e7db383138d49466a1885197
SHA512 b0fb0529e41b3f3956a0ecf602a805f428b60138cb5b0d9c945b8b9a6603a3378059fa30e5133553ed8fec55a9d9979e5c3f180a8e9b5d017fd63f30856a4861

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 944ebaef100d501aa5a1cf648b4ba4e1
SHA1 7fb5b6aeb35645e919531dcf5d73e5996129adf9
SHA256 91af44082905beca557ac56b51606a025a82780a725ed6c8515d9ea019d7e523
SHA512 4f8499dc2ad8ccc0d9885a441d65af4dd482ed4130ca8737af14b75847d1e0522b19076a5054945e41b9e9052d4febeea79a6a205f24f68b2bdd75891020f3d7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dfdfe340b4c92a45508c8da6879652d3
SHA1 544b7858b9689860435478562f16e5a7ff95e5d4
SHA256 2c2a20eb5a5bda19ce4689689531fe12ff726430c3455159ba860adf5cba20b2
SHA512 2fba5eabbd5a6879a75bed2fb617976c35bab3f61407a9a362906be4effb06d2580ac83ab85d8b1ec316a4fb2390a604cf58443447a28a3ed54708f5e0c0517b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4d1e7041a20e2118cee882693931a170
SHA1 d6b2f5f05490daaf7ea844e4e665d19eb3e254c5
SHA256 0630e5d673c178297d3a47ecb6db75ec434d0c67c8c17df1b9153295c5278d91
SHA512 ff6da4652dd077409bc7834b2522034df86e71e811ce882bcb9286d15ec03277931a9bd759dbeab3e9ea9cdb848b157973703ff70925d40f4099e7d5a6f8ad3d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e284045da4f0f7ba22d76bcb8e02821e
SHA1 3ad3fc36d570a642a55af3940015fe7de70be044
SHA256 a8d8e58d0c48c01460ca1767af0b5c32864ffd4fd8ab25d7197b6c0d1e7e4f11
SHA512 b5a8b147f6b364b9c0b16e01490e314bb56b3f2264335503ec919363a84e48eaea2ffc6b256a9d2c06dd1f33021c0142a43ec15085d118ea2d0c62a32f7122e7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 75f5b77d43664e975c8fd5847fe6cfc1
SHA1 ba908508bf71ac17a0756b712c2844b6b2cd95a4
SHA256 7d569d9feef22ed65d44439b942850a94db728991e0ba36eb917243e2a41262a
SHA512 f47437c9435792eb9399e01cdd1cdcbf3742cc76bcfe1806c58760fc03c83dfea098545f1de94f9af85085fdebc3e03a8d87332f01485b9459892520aa122f0e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 eff2e512c1897eafcc34d8a79f9768ce
SHA1 ac56f6efdbb291a27ed244d91841deb698299e98
SHA256 2743f193c40fe33c62c02394f15f4d1b50ee09133c506e294b637f85ae7ae67c
SHA512 4c62522e075f6e81e7ff670e36c37e08105c236bcd36b3f67db196775ef73d16c41b20948aca738befcda2186919ad368279cdfac813448bc8531c3de37b4499

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8a1e458056e14e985beb29d76de2d025
SHA1 cac99b00e894a6ace0eec10ddfabcff66b2def1c
SHA256 22b2c30e915330be2a4de442de78f78fa6844c48548eb765208bb243f5d40389
SHA512 943cce79b40f18c17485e276febe0e3f045957177f3c491405d9e3ed141e7ee2902a3d0f4186d9c5833739e2b0afce69e7c5faebb8c46e53d31c4332a61d11f3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b1f8979eda463f71f4ddc6753731c862
SHA1 ac4c7a2f13be77b6d6b1d9a36e2d095be44766fa
SHA256 26aa70d6a1c1d73f1b01b98df6eecba9e477f4cb809ce8cdcbe8f6af67351e03
SHA512 68d7a9db47cb6cd3d17419156767a231ec6c506881aa3858cfca48eee043b89e4a30f78bfd97d8ba9b38bfd96af80ca1f27813d3a64ee07fd464ffae30bd5da8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 419c11f1dca14bbc91e5cc2ee81ff567
SHA1 5498eaa8e221ff7b05e687c3b8274a87007309b6
SHA256 b6fa4c43b33c840d71fbd659c190e4cd63f61c7e9347c8a5afbce3b402130acf
SHA512 3e4b00ede6b1fa6c07a75bf12e38b690d59458ef3c11b764fc0425312a60e23d730e2d83e88fd5f6d68d345f4ce9e34c25756701c9e1659e05e17dba0bb861df

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bc728467fc42a042629e5ae6e94f764b
SHA1 f14165f150608c33f637ab9b44ce84dec919be05
SHA256 7e238daf4d694ca2144ad31c54c653b1f215376b292ab20fa34eab6ab3478893
SHA512 162493e27bdc591deb622297b44cd3463f21c5f7140dc3b3b632b6f88b0363293985a54ff12715120e83d876cc8a5987db8569698ed269e3ef092c25bf74e4eb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7fce36fff7659d4c94319a0f867af0e8
SHA1 f274b624febd0d1937b017ffc17d29043ffb96e0
SHA256 96554414bcafb9603867c5712c4e25a3bb6de0c161953cf3727934ea56651c3c
SHA512 1b57e9eb472a7c6e5e3e9fe1c70432dc56480bc22214a4b3fb653e0da60e80f23ffd12ba0739d7bc569dd1a1040a22b0ae3cdb10e8b3ee356564aa76c50cf07d

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5J67VDZD\1380534674-postmessagerelay[1].js

MD5 c1d4d816ecb8889abf691542c9c69f6a
SHA1 27907b46be6f9fe5886a75ee3c97f020f8365e20
SHA256 01a956fa0b3ea8cb90d7032608512bc289c4170bf92759352e40062d5be2946f
SHA512 f534f057e46998bd1ff2c423ad2cf04a880c4a5259e95aee5c6ae34ce7121ccd07ad1bce5d4c3a51ad04f7411b0625da78808326b13d2aeefec502988e113113

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GLOK2QLQ\rpc_shindig_random[1].js

MD5 45a63d2d3cfdd75f83979bb6a46a0194
SHA1 d8e35a59be139958da4c891b1ef53c2316462583
SHA256 f7067f1d01d9c60618becbe4df3d61778244108459226e2e8a818cfbc2c18ae6
SHA512 cea9c9eb8ff0c43048ff371f135148438fc1a2614bf8bbc3518cf430c37778edba3452ce92b4236679cd1a4123af0ca320f530b1c20cedd0883b545209c048cc

Analysis: behavioral2

Detonation Overview

Submitted

2024-08-27 02:09

Reported

2024-08-27 02:12

Platform

win10v2004-20240802-en

Max time kernel

145s

Max time network

141s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c43112f561fc5bebd1407e8799ac6859_JaffaCakes118.html

Signatures

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2368 wrote to memory of 1876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 1876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 2624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 2624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 3948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c43112f561fc5bebd1407e8799ac6859_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff90a0446f8,0x7ff90a044708,0x7ff90a044718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,2045086928959880093,12576622657052059901,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,2045086928959880093,12576622657052059901,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2180,2045086928959880093,12576622657052059901,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,2045086928959880093,12576622657052059901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,2045086928959880093,12576622657052059901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,2045086928959880093,12576622657052059901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,2045086928959880093,12576622657052059901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,2045086928959880093,12576622657052059901,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5784 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,2045086928959880093,12576622657052059901,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5784 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,2045086928959880093,12576622657052059901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,2045086928959880093,12576622657052059901,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,2045086928959880093,12576622657052059901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,2045086928959880093,12576622657052059901,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,2045086928959880093,12576622657052059901,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5856 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 yourjavascript.com udp
US 8.8.8.8:53 translate.google.com udp
FR 142.250.178.138:443 ajax.googleapis.com tcp
FR 142.250.179.105:443 www.blogger.com tcp
FR 142.250.178.142:80 apis.google.com tcp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 105.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 138.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 142.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
FR 142.250.178.142:443 apis.google.com tcp
US 8.8.8.8:53 www.linkwithin.com udp
US 76.223.54.146:80 yourjavascript.com tcp
FR 172.217.20.206:445 translate.google.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 g.bing.com udp
US 150.171.27.10:443 g.bing.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 146.54.223.76.in-addr.arpa udp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp
FR 142.250.179.105:443 www.blogger.com udp
FR 142.250.178.142:443 apis.google.com udp
US 8.8.8.8:53 s7.addthis.com udp
SG 118.139.179.30:80 www.linkwithin.com tcp
GB 104.96.173.184:80 s7.addthis.com tcp
US 8.8.8.8:53 adsensecamp.com udp
US 8.8.8.8:53 feedjit.com udp
US 8.8.8.8:53 lazada.go2cloud.org udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 smartbca.com udp
US 8.8.8.8:53 belati.net udp
US 8.8.8.8:53 berkahherbal.com udp
US 8.8.8.8:53 img2.blogblog.com udp
US 8.8.8.8:53 bloggerbersatu.com udp
US 8.8.8.8:53 indonesianklik.com udp
US 8.8.8.8:53 www.textbacklinkexchanges.com udp
US 8.8.8.8:53 klikajadeh.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
ID 103.30.145.12:80 adsensecamp.com tcp
IE 52.210.174.128:80 lazada.go2cloud.org tcp
US 8.8.8.8:53 s04.flagcounter.com udp
FR 142.250.179.105:443 resources.blogblog.com tcp
FR 142.250.179.105:80 resources.blogblog.com tcp
US 172.67.130.121:80 bloggerbersatu.com tcp
SG 152.42.169.9:80 berkahherbal.com tcp
FR 142.250.179.97:80 2.bp.blogspot.com tcp
FR 142.250.179.97:80 2.bp.blogspot.com tcp
FR 142.250.179.97:80 2.bp.blogspot.com tcp
FR 142.250.179.97:80 2.bp.blogspot.com tcp
FR 142.250.179.97:80 2.bp.blogspot.com tcp
DE 185.53.177.54:80 indonesianklik.com tcp
FR 142.250.179.105:443 resources.blogblog.com tcp
GB 104.96.173.184:443 s7.addthis.com tcp
US 206.221.176.133:80 s04.flagcounter.com tcp
SG 152.42.169.9:80 berkahherbal.com tcp
US 8.8.8.8:53 developers.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 172.232.31.180:80 www.textbacklinkexchanges.com tcp
US 172.67.130.121:443 bloggerbersatu.com tcp
US 8.8.8.8:53 www.viralgen.com udp
FR 142.250.179.110:80 developers.google.com tcp
IE 74.125.193.84:443 accounts.google.com tcp
US 103.224.182.240:80 klikajadeh.com tcp
ID 103.30.145.12:80 adsensecamp.com tcp
SG 152.42.169.9:80 berkahherbal.com tcp
US 172.232.31.180:80 www.textbacklinkexchanges.com tcp
US 103.224.182.240:80 klikajadeh.com tcp
US 8.8.8.8:53 translate.google.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
FR 142.250.179.97:80 3.bp.blogspot.com tcp
US 8.8.8.8:53 img1.blogblog.com udp
FR 142.250.179.97:80 3.bp.blogspot.com tcp
FR 142.250.179.97:80 3.bp.blogspot.com tcp
FR 172.217.20.206:139 translate.google.com tcp
FR 142.250.179.97:80 3.bp.blogspot.com tcp
US 8.8.8.8:53 www.gomezpeerzone.com udp
US 8.8.8.8:53 srv-live.lazada.co.id udp
US 8.8.8.8:53 banner.autosubmit.web.id udp
US 8.8.8.8:53 sepuluhribu.com udp
US 8.8.8.8:53 banner.adsensecamp.com udp
US 8.8.8.8:53 ssl.gstatic.com udp
US 8.8.8.8:53 klikaset.com udp
US 8.8.8.8:53 www.jempolklik.com udp
US 54.174.29.0:80 www.gomezpeerzone.com tcp
SG 103.21.221.4:80 sepuluhribu.com tcp
ID 103.30.145.12:443 banner.adsensecamp.com tcp
FR 216.58.214.163:443 ssl.gstatic.com tcp
US 8.8.8.8:53 www.probux.com udp
US 8.8.8.8:53 www.komisiklik.com udp
HK 154.220.249.175:80 www.komisiklik.com tcp
US 8.8.8.8:53 30.179.139.118.in-addr.arpa udp
US 8.8.8.8:53 184.173.96.104.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 121.130.67.172.in-addr.arpa udp
US 8.8.8.8:53 128.174.210.52.in-addr.arpa udp
US 8.8.8.8:53 97.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 54.177.53.185.in-addr.arpa udp
US 8.8.8.8:53 133.176.221.206.in-addr.arpa udp
US 8.8.8.8:53 110.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 84.193.125.74.in-addr.arpa udp
US 8.8.8.8:53 180.31.232.172.in-addr.arpa udp
US 8.8.8.8:53 12.145.30.103.in-addr.arpa udp
US 8.8.8.8:53 240.182.224.103.in-addr.arpa udp
DE 64.190.63.222:80 www.probux.com tcp
US 8.8.8.8:53 a.nel.cloudflare.com udp
FR 142.250.179.110:443 developers.google.com tcp
SG 103.21.221.4:80 sepuluhribu.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 8.8.8.8:53 duitbux.com udp
US 8.8.8.8:53 rizkyprofit.com udp
US 8.8.8.8:53 www.surgaklik.com udp
US 54.174.29.0:443 www.gomezpeerzone.com tcp
US 172.67.211.5:80 www.surgaklik.com tcp
HK 154.220.249.175:80 www.komisiklik.com tcp
ID 103.30.145.12:80 banner.adsensecamp.com tcp
SG 185.237.145.189:80 duitbux.com tcp
US 172.67.211.5:443 www.surgaklik.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
HK 23.248.192.74:80 rizkyprofit.com tcp
SG 185.237.145.189:80 duitbux.com tcp
HK 23.248.192.74:80 rizkyprofit.com tcp
ID 103.30.145.12:80 banner.adsensecamp.com tcp
US 8.8.8.8:53 www.dynatrace.com udp
GB 18.165.201.116:443 www.dynatrace.com tcp
ID 103.30.145.12:443 banner.adsensecamp.com tcp
US 8.8.8.8:53 163.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 0.29.174.54.in-addr.arpa udp
HK 23.248.192.74:443 rizkyprofit.com tcp
US 8.8.8.8:53 222.63.190.64.in-addr.arpa udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 8.8.8.8:53 4.221.21.103.in-addr.arpa udp
US 8.8.8.8:53 5.211.67.172.in-addr.arpa udp
US 8.8.8.8:53 175.249.220.154.in-addr.arpa udp
US 8.8.8.8:53 189.145.237.185.in-addr.arpa udp
US 8.8.8.8:53 116.201.165.18.in-addr.arpa udp
US 8.8.8.8:53 74.192.248.23.in-addr.arpa udp
US 8.8.8.8:53 107.39.156.108.in-addr.arpa udp
HK 23.248.192.74:443 rizkyprofit.com tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 s10.histats.com udp
US 172.66.132.118:80 s10.histats.com tcp
DK 157.240.200.14:445 connect.facebook.net tcp
US 8.8.8.8:53 s4.histats.com udp
US 8.8.8.8:53 www.ppcindo.com udp
CA 149.56.240.132:443 s4.histats.com tcp
CA 149.56.240.132:443 s4.histats.com tcp
US 103.224.182.208:80 www.ppcindo.com tcp
US 103.224.182.208:80 www.ppcindo.com tcp
US 8.8.8.8:53 118.132.66.172.in-addr.arpa udp
US 172.66.132.118:443 s10.histats.com tcp
US 8.8.8.8:53 connect.facebook.net udp
DK 157.240.200.14:139 connect.facebook.net tcp
US 8.8.8.8:53 132.240.56.149.in-addr.arpa udp
US 8.8.8.8:53 208.182.224.103.in-addr.arpa udp
US 8.8.8.8:53 ww25.ppcindo.com udp
US 199.59.243.226:80 ww25.ppcindo.com tcp
FR 142.250.179.105:443 img1.blogblog.com udp
US 199.59.243.226:80 ww25.ppcindo.com tcp
US 8.8.8.8:53 226.243.59.199.in-addr.arpa udp
US 199.59.243.226:80 ww25.ppcindo.com tcp
US 103.224.182.240:80 klikajadeh.com tcp
US 103.224.182.208:80 www.ppcindo.com tcp
US 8.8.8.8:53 ww38.ppcindo.com udp
US 75.2.120.224:80 ww38.ppcindo.com tcp
US 8.8.8.8:53 smartbca.com udp
US 103.224.182.208:80 www.ppcindo.com tcp
US 8.8.8.8:53 224.120.2.75.in-addr.arpa udp
US 75.2.120.224:80 ww38.ppcindo.com tcp
FR 142.250.179.110:443 developers.google.com udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
FR 142.250.179.66:445 pagead2.googlesyndication.com tcp
FR 142.250.179.66:139 pagead2.googlesyndication.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
IE 74.125.193.84:443 accounts.google.com udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 hengmenroom.blogspot.mx udp
FR 142.250.75.225:80 hengmenroom.blogspot.mx tcp
US 8.8.8.8:53 hengmenroom.blogspot.com udp
FR 142.250.75.225:80 hengmenroom.blogspot.com tcp
US 8.8.8.8:53 225.75.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
IE 74.125.193.84:443 accounts.google.com udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 2dc1a9f2f3f8c3cfe51bb29b078166c5
SHA1 eaf3c3dad3c8dc6f18dc3e055b415da78b704402
SHA256 dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa
SHA512 682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25

\??\pipe\LOCAL\crashpad_2368_IYTKVCWGJESLQJWR

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e4f80e7950cbd3bb11257d2000cb885e
SHA1 10ac643904d539042d8f7aa4a312b13ec2106035
SHA256 1184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124
SHA512 2b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 054fffc9f2500701948e9a32e45e80a8
SHA1 4b056a28be3f44b54a285434c6ccfff039acc4f2
SHA256 2bf26f6889da8870b8bc6d31642c6f45d3fa487197c126c50d28964f3cb16198
SHA512 af9c200b3097cdcb1e0f03ec46d0ad229df3d63c74c1419d81d8db96e3f6a8269827d28f4fd9751d9d5d2e4fb90c6a106ca81993385dff6e44093933f96827c9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ccc167303ede0b96885b0739cf142822
SHA1 bf657521d4993f586f12acf7121b63c75d3d3ff3
SHA256 d873858035861bb577261cfb00567aca9f03a0cccbf2cbb1025a856558fd80bf
SHA512 34295867c67440e2ea33ef15d9eefaecc17bdc91dc9b14bd9ab53918e3626b6f081b789aac2d718d3e26b3ad4c182a4c84600492f9f6498d975c7ab2e34262fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3e3b6e08bb92e26dabb5e9de08ad4d79
SHA1 acc719c3c231c9d00ba949cd67d5550523dd1e1c
SHA256 92abc5a42aef893b450fe59930bc8f8b220db15c36df686b2c1937ff01db9dca
SHA512 91ce0656dbe46c4a1f01c2a6f59721cbf9d81b4db56af0d2c8f238ddf711c90aad78f08ad5ed9c14731c6f9627db0a29013eb5ed6d9bf866bba3db20d5034e91

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 02b3b30676f3a187e6194889ba445fd8
SHA1 eb212c417a2d49638596af0387d40dc1afc45b63
SHA256 72e06f5aff0bcadc6def1eb908ec6ed26f7d8ce906f8d5fc9ff3bef390ed73ab
SHA512 645e735a400b6c22cb6ea073bfc6ba32b37e45c5a9cc585f9f345a0c297e32df16897f221517d077e87f4c53ab5bdd01710b7ce1710b85fe46c3b32e821866ba

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

MD5 aa6a698d1c7fc6d35265b10af5570e9c
SHA1 00da372ad4964a5d5b8afff7fe1b207ff284f232
SHA256 02f6ae7bda59fb1a20d3386021fb972ced348bf724fea42157225d416f9f049a
SHA512 f5b2f732e899cc0fed577e1ef1c51c154ede5d206543e8ac7c1fabb182901f8e93e137b63f12cbb87b3f570a283a368bfb1b9d637cc5b1c4f1669ff5cfbf306b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 cc824d7b8a72976dd87e86989213bb6d
SHA1 03c40493bd17e1b1429281db39f72a256854b41f
SHA256 1355800e604b98cd014c7c64b1e17653f4778abadcc71fbf6d5b3673f6b136cc
SHA512 5eaea8b2d399c47cfdca504db0ba6514ad69b7ae1648b9f80096a939810e740e0353be4a0ae0da6da32abaf5bc7766c8c5568edec207b6a314e887ebb3995a12

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 445482d6452857fe80b4be79286ea8cd
SHA1 88cfb1fea65dd9c8c6899558c2a5648762cca446
SHA256 673c6b91435d9cd80673b44efa419cdd199c1087f984519d11006fd40e5df2f2
SHA512 aa09a40514f1eb48098106318454d0fa68d09dc5915f7555ee1f0efd3b2ac8905360bdd85803938e2415b7ae4b21ae3433c35e573fd62bd0e3afc09447c6b6ac

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe585520.TMP

MD5 9122f55abd9613d08bf029c31e3a8d44
SHA1 43c55b3481c03b953e7d53f937fbec03edbb0963
SHA256 c4dc65b910bfcbd827bb1a931c942a24f5351ba6d5ad8443f544e13593332d3f
SHA512 d290e3c178e8ee5932f7baeb9294410026c1fc2ace32d0930e309c893dd687dc6123f17009683876ec4edbba2b852a100b4f54853ad7ab6c65bedf3678f1dbd5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 0f847df080d718c77874f91c61eb2f18
SHA1 c391392a512073044871b8e787466af4a2fd9320
SHA256 cade211334ef3d6757b4807f3614431b62cd49e7ae0b6d1482ffd1080eedafe8
SHA512 7e3508d0d1246b94737e1529a5f0aac961f33fc556970d13e70cc48ee191e9f84109219818071864c30e77f3b50bb450fd4e0f8a3331b4e173ea4d91eb92f58e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 efffc77d6040f78c7ffbe69b2ab3c09c
SHA1 a279ad71aa58b22ebb2625abd074d67a3a167bcf
SHA256 4a57bdc166fb80b6a8b8924748f9305f2656bbfc7fcf0ad8ce75c758246896a9
SHA512 f70b3b972969dd9d74ceefbc69cd197655beefa5829d66ffd633346a0e244985228b84b3e47c5c58b579b66c1a9a505c02bcb634aaa0e4e8dd9177051d192522

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 37a7d7c55c7174ebbdc8ebd554f35116
SHA1 e62114463a6568fe68496a158873e3c5836b6184
SHA256 891c11bab58b466e2ea9f988b338a8a87adcae866666a214c7d51a7de8493b85
SHA512 4f0dd68c51542ab117a000807924a409dcbce5d35caddde5e5de26008f47dc2dd9aa5a32159d575a05a14352cbcbe6ac239105878f90473bf6d31d49df53ae1b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 ce37f8e1f3ae54831426194548fc14af
SHA1 981c09e33c349dc140a54c6ac01cda4072d84716
SHA256 ce8d10a4ea3db4b8e69e7aa72291753425dca10d612e1aa61695e421df927e21
SHA512 f1d805f0ac592a644342b8124cd5f23238daf3bca0459cd539a929e5b3d91999281c7ca6b85c367aa5ef194a9ab447a127eb8e2347122ddcf60f1374eec9b7a8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d4fd16920b92ab19e22ec42bb74994f4
SHA1 f1bd088f67aee142de0a8679359b61ea94f27838
SHA256 5504db47609ef7fd4bcdc1415fdf52f4545084460b4a99278bec9e810e012b86
SHA512 606534cdfbdc3362e69d5a519d0fad1dab7cb252b2f33ad31c2d06412aa7323fbdaec5db3e97b6b82632c7c866d41e560125e5a8ca6171d3713eaf0a8d2bb745