Malware Analysis Report

2025-04-03 14:27

Sample ID 241212-ngsl4avkaj
Target e6243a5f8c1f2bca729da90f27a55b24_JaffaCakes118
SHA256 54b71c35989c32ffd5707297a24b0f9d54d5b016cecafb202e7ebb175952f509
Tags
socgholish discovery downloader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

54b71c35989c32ffd5707297a24b0f9d54d5b016cecafb202e7ebb175952f509

Threat Level: Known bad

The file e6243a5f8c1f2bca729da90f27a55b24_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

socgholish discovery downloader

SocGholish

Socgholish family

System Location Discovery: System Language Discovery

Browser Information Discovery

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates system info in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-12 11:22

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-12 11:22

Reported

2024-12-12 16:23

Platform

win7-20240903-en

Max time kernel

130s

Max time network

150s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\e6243a5f8c1f2bca729da90f27a55b24_JaffaCakes118.html

Signatures

SocGholish

downloader socgholish

Socgholish family

socgholish

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c071fcf0b14cdb01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000c9ec5f8e7d648428c7de885c7d5718c000000000200000000001066000000010000200000000dfd72d9377834bc81644bb15fffb302c8f01661f8870048678b9e8e88e5e938000000000e800000000200002000000070e4fe2350ad22795a20ac3ccb3793a7a1136f0c9c6611e1bac61c5e3c6f3bb7200000002eb0d0ee7b90b3e7fac2f6bcd1975188898f833b1e5b73ae12bbf870a434b99d4000000020ece85f1213817a969964b18f2fada539c5c3cf8c5a251a54dc43e7b908683ff3681ba4606cbc6b9cc770e233504aeed441583cbfeb62704297eb2fce06c66c C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000c9ec5f8e7d648428c7de885c7d5718c00000000020000000000106600000001000020000000cef3f17be7ed07e5e2d05db37785591d3c8665bed8155d3867ae4e438965d049000000000e8000000002000020000000a3fbd7b6f16e7ed4b2a06c8b2b556c86988bae8dbc34fd3e1a9984cc6df0b926900000001452bbf046daca7e750b858d2b4f4830417418524f850c64bcef0a52d881006291623c328168442e10ac72be6cd9c27f409af8893ed06704f57f7a408535a3c08c5c4fcfc2ee4006e27ea4a68abcca14f742feff456293f1550ee64424dcad50f0121eeb639c61e3936be2f4091bc23e4e60d9ad4a357bbb64f2a5cba6975be942918f2de78cb1347601944eaba5e4d640000000cd123bdb1bf2c6b4700d3dde2a9090521f9f439d02ff9890dff0f0b8aa7ab2167a3404fc75466d9fd5da711ebbdfa4e304113d02e4d1afe2a1c8e125a22a0f0b C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "440182335" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1767BD61-B8A5-11EF-B594-F245C6AC432F} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\e6243a5f8c1f2bca729da90f27a55b24_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2292 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.ashadee.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 static.ak.fbcdn.net udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 www.mediafire.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 s11.flagcounter.com udp
US 8.8.8.8:53 busuk.org udp
US 8.8.8.8:53 feedjit.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 img2.blogblog.com udp
US 8.8.8.8:53 img1.blogblog.com udp
FR 216.58.214.169:443 img1.blogblog.com tcp
FR 216.58.214.169:443 img1.blogblog.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
US 13.248.169.48:80 www.ashadee.com tcp
FR 216.58.214.169:443 img1.blogblog.com tcp
US 104.17.151.117:80 www.mediafire.com tcp
FR 216.58.214.169:80 img1.blogblog.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
FR 216.58.214.169:443 img1.blogblog.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
FR 216.58.214.169:443 img1.blogblog.com tcp
US 104.17.151.117:80 www.mediafire.com tcp
US 13.248.169.48:80 www.ashadee.com tcp
FR 142.250.75.234:80 ajax.googleapis.com tcp
US 172.93.107.85:80 s11.flagcounter.com tcp
FR 142.250.75.234:80 ajax.googleapis.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
US 172.93.107.85:80 s11.flagcounter.com tcp
US 44.230.85.241:80 busuk.org tcp
US 44.230.85.241:80 busuk.org tcp
FR 142.250.179.78:443 apis.google.com tcp
FR 142.250.179.78:443 apis.google.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
FR 216.58.214.169:443 img1.blogblog.com tcp
FR 216.58.214.169:443 img1.blogblog.com tcp
FR 216.58.214.169:443 img1.blogblog.com tcp
FR 216.58.214.169:443 img1.blogblog.com tcp
FR 216.58.214.169:443 img1.blogblog.com tcp
US 8.8.8.8:53 busuk.my udp
US 172.67.164.129:443 busuk.my tcp
US 172.67.164.129:443 busuk.my tcp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 widgets.amung.us udp
US 8.8.8.8:53 synad2.nuffnang.com.my udp
FR 216.58.215.33:80 4.bp.blogspot.com tcp
FR 216.58.215.33:80 4.bp.blogspot.com tcp
US 104.22.75.171:80 widgets.amung.us tcp
US 104.22.75.171:80 widgets.amung.us tcp
US 8.8.8.8:53 s10.histats.com udp
US 104.20.3.69:80 s10.histats.com tcp
US 104.20.3.69:80 s10.histats.com tcp
US 8.8.8.8:53 s4.histats.com udp
US 8.8.8.8:53 www.facebook.com udp
CA 149.56.240.31:443 s4.histats.com tcp
CA 149.56.240.31:443 s4.histats.com tcp
DE 185.60.217.35:80 www.facebook.com tcp
DE 185.60.217.35:80 www.facebook.com tcp
US 8.8.8.8:53 accounts.google.com udp
GB 74.125.71.84:443 accounts.google.com tcp
GB 74.125.71.84:443 accounts.google.com tcp
DE 185.60.217.35:443 www.facebook.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
FR 142.250.179.99:443 ssl.gstatic.com tcp
FR 142.250.179.99:443 ssl.gstatic.com tcp
US 8.8.8.8:53 r11.o.lencr.org udp
US 8.8.8.8:53 r11.o.lencr.org udp
GB 23.56.238.72:80 r11.o.lencr.org tcp
GB 23.56.238.90:80 r11.o.lencr.org tcp
US 104.20.3.69:443 s10.histats.com tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 2.19.252.157:80 crl.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
GB 2.16.233.202:80 www.microsoft.com tcp
CA 149.56.240.31:443 s4.histats.com tcp
CA 149.56.240.31:443 s4.histats.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
GB 74.125.71.84:443 accounts.google.com tcp
GB 74.125.71.84:443 accounts.google.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 c0f6ca208021103ab8965c5fc8bd0d55
SHA1 809e9315e6a82318e1e523216c188a0073f91a48
SHA256 bf22ee486c164c587dbc9b4937257a43e91d0239d9b1fa2b8c3c9219ceb108b7
SHA512 9d95deb57013777d86de16d728de75dae85ca599ec57f2490cdc39538660b9e289f0cf19c62708a24ae6c6bb0da849d04297f202de686373f829de1b8ff6a4bc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 84525ac2c52cedf67aa38131b3f41efb
SHA1 080afd23b33aabd0285594d580d21acde7229173
SHA256 ae524d9d757bed48d552b059f951ffd25a7d963ae44a554cb1f3a9641e524080
SHA512 d898b0913b4005bbbf22a5457ad1e86345860868bc2e53187ad8267c07824d592160a27d850978ebfe78392db784fffb80b73e27418d3a71708383d738ea1d57

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 e04c27d02ce1e97a220d5c7ce5bc3c52
SHA1 56fc99a07ce54f3a3eea831ba52aa53cd07c23db
SHA256 1dd9c968273f4a85993e90f99e044dff669dd26f14c9c3002e12e757dfaa7e6d
SHA512 4cc5ca45256e823a2d51b287384ce5f6f42706fe81b2b242cdee4b6a01a23bfdb6fc19a7acb7774f989056b5c57115efeae5d6d460726b6135656cb3586b3a12

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 32be9a5bef1775103ae23e583d2a6506
SHA1 161db1f79eee07b33b2dfb9c174012c22d6b85bc
SHA256 7d0b48bbd6e10f63177e4e75d12c146a1b0bd214ce847abd5988465c06e4e6d2
SHA512 3b4c85a575cc472e2f869579342ae94fd1d374c37428b20b6757b75746f16450961a3524e08bb885b337a33cba9c2089a4ec820f6ef830949113281111d83b28

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

MD5 e935bc5762068caf3e24a2683b1b8a88
SHA1 82b70eb774c0756837fe8d7acbfeec05ecbf5463
SHA256 a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d
SHA512 bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 e229b1a0a5fb3aecffa86212c7928dc9
SHA1 85da7e653f6c88bafad7302584372454584c5b13
SHA256 aa0b484feefc365f71c57688ecc821d428991eb96561a461411dfa1f6619df2c
SHA512 2dee96c38470fca93b977d06f00c5300c2260f81af3db2cfac99623423f4b31238fa3f769a0e885d170b48bcbc4cea6a61a2a46eecd630424755882880ef10a5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DDE8B1B7E253A9758EC380BD648952AF_86F2A83F54EA52E2D59C5D2EE00149B8

MD5 21926a21a5899f6d5634fd912260bb65
SHA1 1874f88c3fd520d9c2e0d72d51331348d42559cf
SHA256 35f60fdb2ca7e9ce4496ec16143351abcbb3f87d61de70e7264c2e9bb9dd5e61
SHA512 3c57135f727f2c1d44e9cc3dfe644ebdc921c73ee769f48ce421b7237d63d17ea291e84fb5b0acbd278d53d2da88087154a8e29ae20ea976a51f3d86f8a5dcfe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DDE8B1B7E253A9758EC380BD648952AF_86F2A83F54EA52E2D59C5D2EE00149B8

MD5 6de2c4c3e13177b9ba7ebbdf6cb70f78
SHA1 7f7e4b09c380785d2a8232d1437ebd0a5902feb2
SHA256 e47982a989d10b7db6fc39bc47e02d0ee6a56ce82b07223246d0eb15ec5b8587
SHA512 c1b08e2a2f8d6a9625e3148f73aefe6b5bfbc35d968d57158b178607ab0267b733888ae9e559bfb0217ac10339f772bb9d2f193b075eb184fcc5385b0ed8785e

C:\Users\Admin\AppData\Local\Temp\CabBE61.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\TarBEE1.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K3VL8XEP\cb=gapi[3].js

MD5 84e3d54be3ffd25a24bf3a514490b86c
SHA1 490f4a059114c7704703a7c67d193083f551ea1a
SHA256 dbae2441d55a51b1d10c5591a2ab27141b3aebff8e75816a3a4b107fcde4b6f5
SHA512 718ddb866adab289ea6ed942b18ee9d74c185d5739c642340b6ee827265e3fce63b768021aa182a8fd540b4a1f82f555dc9e668c4cd187566fe19336bc3464e5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 81925e108d7592b4dd3bc26558548c9e
SHA1 5e43282b8f5b60645f46973cd3de64a3a1c0e768
SHA256 9583539b69ce47d2c52e12e86ed72332ede08d9fae958ea191bdba0e1f2d7761
SHA512 4d924b986b7447cc7129ee65e1d3173ffab554e7fb81274d61a110782977a9f570bbd31460545961dcde6f900f8503804190bf900c33b6514b2aec6938ceabdf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 af6619b12b319d1ebc0814d56b6b917a
SHA1 b47cb57ec9e6e3fecb32ba0033e562bf2e008314
SHA256 9004116c1244194cfb015b4b923d995693eccd57dede8e33f268226d540c1b29
SHA512 0d7f3399acc4bf23222bc321e555bc5d91eca4c6aec291faa5101eb32191af1a7d2a78fcfb5baceff81bbd9a92d1a014663a4fae7b8d163b720e57142f64975e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0fbe19b5d4829f6b6c0cae8e95d38cdf
SHA1 900687138ea26eda872852c3431edfda1cceeae5
SHA256 0e050d28b5cc78bf2b43c769869abc4235a8ed0e1e1898fa975cdfc4e9861fe8
SHA512 a6a0ed4563a3f90b03e83a6634e10fe6f757c8f6c4e18ce1bdc299aebac74ce73e07bfaac9352229a2ef7550250fd84e1915d03fb20613f181a79db33abe4b35

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 125a2c63e4f82e696cae507d3cdb4f27
SHA1 cb5d82f8d436e7c4cca05819f786b00c857ede2a
SHA256 cda8b4c29be96b7eb8f7327899b54b295704be04234be19d4206dc87206ebd5a
SHA512 50c1947f0edbe25ab71111873c00198329e267ef11a474adc53e9343b80794064c4965be76345b1d50f5ff832359b30d6bc7dd8ccab21c50b4170b9f6913ccc3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ec37d4c408f46f3057539928994947a9
SHA1 3a06511b5f38637096d7af6f87a95414aff8b8ee
SHA256 82f6d6047bc1cbcde8864ea71e5b84001f318150edcfcc42f9479a6560abd572
SHA512 e5a34f72655b72237618248ae0ada1a11c7abbd9a62144be680279931347e4fe263c222f0e85a8d03fdc2b5a2398cc186fc08dd3b6f13a6b6556d9801fc299dc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cbdffb493b261261cf7a161fce4bec00
SHA1 9fc5eb257007379d2a5bfbcaac08c715af8291d9
SHA256 db00d4cc9fc250075e21db859c55c8eb82ddeb4b934625fc94fd97399b59eda8
SHA512 ab9cbde3c3e799db53adc3df0bff0aad5586bb7bcb16c3356a86091a087cb8d04faebb93b384d94b5fc31674f65d770c5b0c46605954fb627840443829c393e3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 512afe2bd080c497e0c5893afa7a3719
SHA1 4fdd3c19bf9cae470bfc178751ae3c596bf90cd7
SHA256 0d17b16c9106bcccfd917c6a137faedd20534d5de667b10d3e604c6cd85acee0
SHA512 e8a67bf5b10e58a369d2c6ec5091dde26c1c2a1dc5538e5d7d427d66c223702a350747d85e1ad75cf7fcb56e058654fb0d8958c0c20e77de00d614d2eefd81cb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f63e46f98422ab33818688a081897ad8
SHA1 58d25b4d408ed5fab32fc07600850205a4530226
SHA256 597ecb6c8b45f991e76cf4059eb7c208d0ae79253996cb7760cbce4fdb28bd78
SHA512 a56b039511d5ddfcd10bc6c01b442cd4a70aee6d89ba6bfae33447fc3ac0a8dee7353c5b659608dd5fc7af15b8b6dbf1bffb36828e6641471eee747ea920b79b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fff70f7169295aae868fa7f4430408bf
SHA1 97530f8cfd26535d8c9cd93099b13d279737b4cc
SHA256 c39c4720f736559a3ee7914ebb8cafdbcf4b63c29927019aefb1b59d23369342
SHA512 becd10524ee6a4888ed8b8ebb2e206e750dcc0e258ce3ec56fe334db946c6ba92a2e60d55dbf6217290ab51039059643093e3cc353a2ac5d6df3b5fa4d275d26

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 435c5a1b41939fbd472bbadc0ab77a29
SHA1 8d662e784d819f7333252ccc6ec8bbaf615a3a76
SHA256 8dc21362c240cea61ebc3439b1a9816f9122c7ce92d780756c3a9fbdc4c54887
SHA512 fcec5eddbb09291da8eba538796db49da3096351287eb668267cf0fdac858cca4f7a2312bc9bf09979889107763c87502c4e476f18110ae66be0dd035f00a5b2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b12a32f9fd1cbcc18054798129ea94af
SHA1 eeef8661c5515fd3687fed01a6d608313d6fc797
SHA256 0f5b75ee355da48f35e64ef2e52cd85d5792b1f7c8e0308b41bb96f64570689c
SHA512 a916e889e23f2b9383a1c75c2ae21981adef460d30e8b58d3c6365748d21eb8eddfb184c2271642cfaf6ac6fa160b89fd048d8e0521430ab3e8b416a4ec5ef5f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4fa5593bc186db8de5d3f9ae17ff662d
SHA1 0558f3fa9603488d259f6444477aac6092e8513d
SHA256 d786a896aef64dea5294a7362cf670d6d8ee17ab149361fa9dfd556caf893c37
SHA512 4359d166188206a0bf56a7920ad357fc94058b97028ef55af17d8e4e15ac47f1e0c7ff8f37bf5ed7bc29e8ba72d1e3a3ea6bfaa855bee948742d6019b5f92cc3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e98c3825f42ce6f459bd302f31d9e993
SHA1 df16284f11ce4f79d02c89d4c68a38683dcc9352
SHA256 095538d523833ab83ddc51b76aad5fa0a7a39d53ff63c3685bb1a133cc182e30
SHA512 8c750bb0b0ac849b7d887b2b62f305818bfb8d810e73481f2a63e8477321bf7b13cbe8c50751aacc04f4bfaa97eac65d7b6b75ba378a009bd23402f883056efc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c20be48b3357d4fbd8790168cbe51c54
SHA1 57a44b32469a60156121fdc5fcf6e8afe73cb443
SHA256 9391a6d6041bcdd0676643d86f4f994558132ad8e47deff4cb2ec55c299eded7
SHA512 4a4eb15cc130195b2f50a271185905cfc0419ba91e4b47aa8817a66c470a3a4cea5d7e42df4f0fe6998a2a9a4a425dea3f1e7c4bea1bb9f084f522914ed0c25a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 0aae63e6019b7b1492ed1cc65da5c101
SHA1 bdfa36b59f9f6bdb52d2cffd020d60701e2a1593
SHA256 0e7467f4fac32cffc0617c9cc066d5c4722433bcd6797ca5e951d8426d2d0d01
SHA512 52ab28bc06c5644d4e4676078164689910b2f03defc9690f551734e36eda2e1e7ff09dfba3fbc74487f105a72c2e265170d218514c2cd9a232397c31f1711672

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 58bc716c7db19669e3d5ccb2ce765495
SHA1 e12698c487093e806f5a99f39cd2d2f820e25d6b
SHA256 dc6409db1ab9fc9933a788852b19abec8380f28854249254e292e323546c4da3
SHA512 987929d0b37636c5344ec3a361075e049e5efad5bdbd075723c3bc4c1eb90303d77fcb5010279c64ec64e412da3f5e1fc0280b76cb04d2e8cbf2dd709e9662a1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 861ca28657f46c65a677c9f637257f81
SHA1 ed267fdf03c2ba73330eeb3682a54f4f1d1de08c
SHA256 acef0f828f794c013224e18e4ac5796ff68418ec0041293ed1390fadca9b2acc
SHA512 770ceaeeebd52fdc5b91fd9229e6fdeb35976cebc72eeb381c71c01448d2613c3cd5d282c82fd6e7794f4ff0e5aea4b9b57fa7a14dcf47de303cc934a127a379

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 66928cbbceeb749f253f77d1f8d1a17e
SHA1 e9ae5ffcb7cffa4eb309ab84a31f470be8e51b7e
SHA256 c8d52447d740442bd24106f8e45a3c283c7146878d7a99c33d7cb003304cfed2
SHA512 369a184264526ebbe1e92e8318d12dc6d8619cc024040f6c0220a02c6bc26f4478fa9de203b8278a34f14331da1bb97ce3907f80b0e0997fd18af94594380a0f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bfdccf92fa062836b6fb69b68d183173
SHA1 c6811521f4a1760c37bba1b1659e34bb3832e6c4
SHA256 fe8e171111d70f682a10bb1905d61ceb1e55e47621c863aa1790b54763d63ebb
SHA512 cfb386c292d1acb08594f1bad65cdf336769954abfda6def41a7147c0ff061c2d46ff8475de969045b2996e587366dacc6d2636fb6618e5d1a6f8e5468e0d40b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d6014493903fb22baa85a5b8a2b1de2c
SHA1 e25d9e57306eef6b5ba5ecdff957c342d79c01ef
SHA256 057b2bc34373314a615ca90a000ce18bcd9c8ff7694e329ccc9d4c7cc61555fd
SHA512 ac8f2adaf3c997b4ea3aa4765d6d2ef31417da2bb67310dd509bf0ffb99ccb512361641ba8bd8ecc12f78a683d0c9a483a3bc45e700defa6f0d2963389e023d2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 bc935bd77d8255339d7c318b7dce7519
SHA1 7df2743c9bb3b4e0c87e4427a888e22ddcf43444
SHA256 bacf404d9c6bab837564d78e22a556632f7966339e3d53bbf562a8e8009226df
SHA512 37c43df3f6f5ef534612f71ca27d302da6dcb77045fd7b3c17ae9e5fad2c16330ecb24c8f86e28ad0f69a4a4430b80f11bb50544672ca715b6afa04afc1e6c8a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bf2778ada98a8c869b6ac4f8c30c06dc
SHA1 3ad992281f70c67ef1545d2f4f4d1df44db9a96b
SHA256 71b86446103e3aa64aacc1e5110f4d83ef6250bbe49b4c517c4dcc21653487c7
SHA512 79f3163d599c368f5d2a349586d554e2afb71d15b458cdbc805779567ff4cffa993ac8501c34037f7fc39de8ab3c79a6d52bc9f4f31f6bda7dbd456a56f6efc6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bc1f012ba8d7f3129708f90d741a50be
SHA1 d24758726fdefe260007a0c0eaf03ac4635c6448
SHA256 5d823c32d01518cf8e9b9536e19dc26b5ae8a77e343be22b5eb8a826fc5a17a4
SHA512 a26c15d36d00f4b80ef49ca56a1c442bd7f66b5277ad243614eb9b8f5c40870b98ba501b4cf51a61094823dac3c9a317ab3f9ebefa49df049535661366bb5d85

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0bb16dbb517664f53ff5ed4ab6d84013
SHA1 e5be32f6d66dadab180bcf4d5e5ef0b1af310d27
SHA256 8cc56752fe34505557fa367c47d4cdd6e6f9b6c3283235af80c845e457e9aafc
SHA512 bed29af4b6b3d3c0d841482210f14160ffd32155777bd16ca20427f28e8e531429c14ee3a1ed66fe946105e901409491987cc05f4482eba1de7c2043eb398cbe

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8452S9S3\2254111616-postmessagerelay[1].js

MD5 c264799bac4a96a4cd63eb09f0476a74
SHA1 d8a1077bf625dac9611a37bfb4e6c0cd07978f4c
SHA256 17dce4003e6a3d958bb8307bffa9c195694881f549943a7bdb2769b082f9326d
SHA512 6acd83dfd3db93f1f999d524b8828b64c8c0731567c3c0b8a77c6ddcf03d0e74ee20d23171e6ceac0c9f099dce03f8e5d68e78c374da2c055973f6ac2db4e4f9

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8452S9S3\rpc_shindig_random[1].js

MD5 45cbe9a36a384fe9273d25ef64ef8691
SHA1 325026cc1cb9022ccd8c9c2089597251419201cf
SHA256 d9959cd6fb35fa6a7aef91a5bb9bb5358e7f91271d84130de6d06910076c5c5c
SHA512 0a70b1b12658418caf529a01ddc4d7fd6c59276c4658028ce2b5f7dcea64ef91f353fce7e67349c8534b68fc53c0ff23c36a7260337dcd307b836e55bec43dc6

Analysis: behavioral2

Detonation Overview

Submitted

2024-12-12 11:22

Reported

2024-12-12 16:23

Platform

win10v2004-20241007-en

Max time kernel

146s

Max time network

153s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\e6243a5f8c1f2bca729da90f27a55b24_JaffaCakes118.html

Signatures

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4252 wrote to memory of 4380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4252 wrote to memory of 4380 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4252 wrote to memory of 4572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4252 wrote to memory of 4572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4252 wrote to memory of 4572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4252 wrote to memory of 4572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4252 wrote to memory of 4572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4252 wrote to memory of 4572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4252 wrote to memory of 4572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4252 wrote to memory of 4572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4252 wrote to memory of 4572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4252 wrote to memory of 4572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4252 wrote to memory of 4572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4252 wrote to memory of 4572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4252 wrote to memory of 4572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4252 wrote to memory of 4572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4252 wrote to memory of 4572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4252 wrote to memory of 4572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4252 wrote to memory of 4572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4252 wrote to memory of 4572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4252 wrote to memory of 4572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4252 wrote to memory of 4572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4252 wrote to memory of 4572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4252 wrote to memory of 4572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4252 wrote to memory of 4572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4252 wrote to memory of 4572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4252 wrote to memory of 4572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4252 wrote to memory of 4572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4252 wrote to memory of 4572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4252 wrote to memory of 4572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4252 wrote to memory of 4572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4252 wrote to memory of 4572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4252 wrote to memory of 4572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4252 wrote to memory of 4572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4252 wrote to memory of 4572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4252 wrote to memory of 4572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4252 wrote to memory of 4572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4252 wrote to memory of 4572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4252 wrote to memory of 4572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4252 wrote to memory of 4572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4252 wrote to memory of 4572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4252 wrote to memory of 4572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4252 wrote to memory of 64 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4252 wrote to memory of 64 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4252 wrote to memory of 3208 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4252 wrote to memory of 3208 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4252 wrote to memory of 3208 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4252 wrote to memory of 3208 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4252 wrote to memory of 3208 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4252 wrote to memory of 3208 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4252 wrote to memory of 3208 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4252 wrote to memory of 3208 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4252 wrote to memory of 3208 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4252 wrote to memory of 3208 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4252 wrote to memory of 3208 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4252 wrote to memory of 3208 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4252 wrote to memory of 3208 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4252 wrote to memory of 3208 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4252 wrote to memory of 3208 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4252 wrote to memory of 3208 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4252 wrote to memory of 3208 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4252 wrote to memory of 3208 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4252 wrote to memory of 3208 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4252 wrote to memory of 3208 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\e6243a5f8c1f2bca729da90f27a55b24_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd426a46f8,0x7ffd426a4708,0x7ffd426a4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1936,1539591671302627397,9461863968950472997,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1980 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1936,1539591671302627397,9461863968950472997,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1788 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1936,1539591671302627397,9461863968950472997,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2668 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,1539591671302627397,9461863968950472997,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,1539591671302627397,9461863968950472997,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,1539591671302627397,9461863968950472997,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,1539591671302627397,9461863968950472997,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,1539591671302627397,9461863968950472997,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,1539591671302627397,9461863968950472997,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1936,1539591671302627397,9461863968950472997,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6248 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1936,1539591671302627397,9461863968950472997,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6248 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,1539591671302627397,9461863968950472997,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,1539591671302627397,9461863968950472997,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,1539591671302627397,9461863968950472997,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6028 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,1539591671302627397,9461863968950472997,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1936,1539591671302627397,9461863968950472997,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5400 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
FR 216.58.214.169:443 www.blogger.com tcp
FR 216.58.214.169:443 www.blogger.com tcp
FR 142.250.201.170:80 ajax.googleapis.com tcp
US 8.8.8.8:53 static.ak.fbcdn.net udp
US 8.8.8.8:53 www.linkwithin.com udp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 22.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 169.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 170.201.250.142.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 feedjit.com udp
FR 216.58.214.169:443 www.blogger.com udp
FR 216.58.214.169:80 www.blogger.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 www.ashadee.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 www.mediafire.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
FR 142.250.179.78:443 apis.google.com tcp
US 13.248.169.48:80 www.ashadee.com tcp
US 13.248.169.48:80 www.ashadee.com tcp
FR 216.58.214.169:443 resources.blogblog.com tcp
US 104.17.150.117:80 www.mediafire.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
US 8.8.8.8:53 seductivex.com udp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
US 34.205.242.146:80 seductivex.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
US 13.248.169.48:80 www.ashadee.com tcp
US 8.8.8.8:53 s11.flagcounter.com udp
US 172.93.107.85:80 s11.flagcounter.com tcp
US 8.8.8.8:53 busuk.org udp
US 52.33.207.7:80 busuk.org tcp
US 8.8.8.8:53 www.hugedomains.com udp
US 104.26.6.37:443 www.hugedomains.com tcp
US 8.8.8.8:53 img2.blogblog.com udp
US 8.8.8.8:53 img1.blogblog.com udp
FR 216.58.214.169:443 img1.blogblog.com udp
US 8.8.8.8:53 widgets.amung.us udp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 8.8.8.8:53 synad2.nuffnang.com.my udp
US 172.67.8.141:80 widgets.amung.us tcp
US 8.8.8.8:53 www.facebook.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
FR 142.250.179.78:443 apis.google.com udp
US 8.8.8.8:53 s10.histats.com udp
US 8.8.8.8:53 30.179.139.118.in-addr.arpa udp
US 8.8.8.8:53 78.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 117.150.17.104.in-addr.arpa udp
US 8.8.8.8:53 48.169.248.13.in-addr.arpa udp
US 8.8.8.8:53 33.215.58.216.in-addr.arpa udp
US 8.8.8.8:53 146.242.205.34.in-addr.arpa udp
US 8.8.8.8:53 85.107.93.172.in-addr.arpa udp
US 8.8.8.8:53 37.6.26.104.in-addr.arpa udp
US 8.8.8.8:53 7.207.33.52.in-addr.arpa udp
GB 163.70.147.35:445 www.facebook.com tcp
US 104.20.2.69:80 s10.histats.com tcp
US 8.8.8.8:53 s4.histats.com udp
US 8.8.8.8:53 www.facebook.com udp
CA 149.56.240.127:443 s4.histats.com tcp
GB 157.240.221.35:80 www.facebook.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 developers.google.com udp
FR 142.250.178.142:80 developers.google.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
US 8.8.8.8:53 busuk.my udp
US 8.8.8.8:53 t.dtscout.com udp
US 8.8.8.8:53 whos.amung.us udp
US 141.101.120.10:443 t.dtscout.com tcp
US 104.22.74.171:445 whos.amung.us tcp
US 8.8.8.8:53 accounts.google.com udp
US 172.67.164.129:443 busuk.my tcp
GB 74.125.71.84:443 accounts.google.com tcp
FR 142.250.178.142:443 developers.google.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
US 104.20.2.69:443 s10.histats.com tcp
FR 142.250.179.99:443 ssl.gstatic.com tcp
US 8.8.8.8:53 lh3.googleusercontent.com udp
FR 142.250.179.78:443 apis.google.com udp
FR 142.250.179.99:443 ssl.gstatic.com udp
FR 142.250.179.97:443 lh3.googleusercontent.com tcp
US 8.8.8.8:53 141.8.67.172.in-addr.arpa udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 8.8.8.8:53 69.2.20.104.in-addr.arpa udp
US 8.8.8.8:53 35.221.240.157.in-addr.arpa udp
US 8.8.8.8:53 127.240.56.149.in-addr.arpa udp
US 8.8.8.8:53 142.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 10.120.101.141.in-addr.arpa udp
US 8.8.8.8:53 129.164.67.172.in-addr.arpa udp
US 8.8.8.8:53 84.71.125.74.in-addr.arpa udp
US 8.8.8.8:53 99.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 97.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 195.20.217.172.in-addr.arpa udp
US 104.22.75.171:445 whos.amung.us tcp
US 172.67.8.141:445 whos.amung.us tcp
US 8.8.8.8:53 whos.amung.us udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 e.dtscout.com udp
US 141.101.120.11:445 e.dtscout.com tcp
US 141.101.120.10:445 e.dtscout.com tcp
US 8.8.8.8:53 e.dtscout.com udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 121.118.77.104.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
FR 216.58.214.174:443 play.google.com tcp
US 8.8.8.8:53 174.214.58.216.in-addr.arpa udp
FR 216.58.214.169:443 img1.blogblog.com udp
US 8.8.8.8:53 aminxfreedownload.blogspot.fr udp
FR 216.58.213.65:80 aminxfreedownload.blogspot.fr tcp
US 8.8.8.8:53 aminxfreedownload.blogspot.com udp
FR 216.58.213.65:80 aminxfreedownload.blogspot.com tcp
US 8.8.8.8:53 65.213.58.216.in-addr.arpa udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 74.125.71.84:443 accounts.google.com udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
GB 74.125.71.84:443 accounts.google.com udp
FR 216.58.214.169:443 img1.blogblog.com udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 c2d9eeb3fdd75834f0ac3f9767de8d6f
SHA1 4d16a7e82190f8490a00008bd53d85fb92e379b0
SHA256 1e5efb5f1d78a4cc269cb116307e9d767fc5ad8a18e6cf95c81c61d7b1da5c66
SHA512 d92f995f9e096ecc0a7b8b4aca336aeef0e7b919fe7fe008169f0b87da84d018971ba5728141557d42a0fc562a25191bd85e0d7354c401b09e8b62cdc44b6dcd

\??\pipe\LOCAL\crashpad_4252_KLLKSYBIDIYDVART

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e55832d7cd7e868a2c087c4c73678018
SHA1 ed7a2f6d6437e907218ffba9128802eaf414a0eb
SHA256 a4d7777b980ec53de3a70aca8fb25b77e9b53187e7d2f0fa1a729ee9a35da574
SHA512 897fdebf1a9269a1bf1e3a791f6ee9ab7c24c9d75eeff65ac9599764e1c8585784e1837ba5321d90af0b004af121b2206081a6fb1b1ad571a0051ee33d3f5c5f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ac0dc3563e2bb42a36a306f1b6db6e41
SHA1 1c8e3b537c28533bc933077b9719db9d4d15943b
SHA256 65aa2a80a37edd828ddd2160c3b55487b8a65b469ab7243e1c441e384ee42cc4
SHA512 ef8bb937cf9d87e9181915942f2742630b6a6813f57bd64f3df34cd7867972993b672848350272356bcb0f3a3424b16d94dec1a09dc3cb7081255a59d4e6cf25

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e765b8ad29ce3522311d46af9e5a0fde
SHA1 08e5b5e031610ea69969d9a478e1465e02a1458f
SHA256 f8e69301fb7fd0ab33c4f46b8abaf2e8793a9e847e65552c4ea6d415cc103e1f
SHA512 f057e91844b7188b60a7a0c94460f1a2e51fd15dc5954f8034d4531bcb0e72a18186d06a84100c31d09421fc57777447c71f97d2850e3725b01fad7aae1dd321

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9af2f33a81b615aaf8c8c6107e4dfa4a
SHA1 97b352cda3dc2460256e2a15b8c56a575f7728e6
SHA256 fca2802e1236f7cc19dd626889155d1b302f4f9abfcdf07298b7493bd8de61b1
SHA512 6e1426556e236be9922499e848ff8a783b23aa6b8813997dae6aeceea049aa22c4cdcdea9ac984a4055c190ab49d6f440521f04939726414cddd078450bc6cd9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 c74db147d854e1e463c1f48b51abed84
SHA1 0ffee08962d6a329e31f1dbf3b76affdb6eecbdc
SHA256 391c4b9d21c28ffad23631e2adf62594c5067be7e22e44ec59d9b2e2483a0472
SHA512 fe4c4fb37a4827ad825f7c2b786e37f8632c960036d17c5ed3891bec30d7369c541e93f78b61422a99d13f0b7d0e4353736403d508180fa37bee792a58af4f38

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8f4aeaa7e0077baca32d5f038fe85325
SHA1 f294e14e1c2f3b81dd0e1da6e4cc831e9b0d9d94
SHA256 f33550f72191b2b430fe8268f5f40424696ce1bb1c5a6b4609af678b983f91c9
SHA512 e6c444238b993d9d478a0d6be2a2d4a60a3545decfc2023b56fde07eb45aa6d63155d7c7c5f7e181c0f2187a3187facd0cf6e15a5f9da5b1dc78d198608166c1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a24a3782b5ac8cf856b03231e4ba2ef0
SHA1 ca3deff811c1aee1d14c624c533750a213ae8baa
SHA256 664e37243c3f29070f6d3da0caa7f32897c2bdec396d02ac25fa31520b6ce87b
SHA512 6aac7853e669b33d070b168815e7f7b4508c0c87ac4c03c9f46d9a77a3e2ecd0364a19541b956b3884d499627e3ae529a693569ed544a979967523ddc91f16e6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 84aa8cb835bb1cdba3a32cccab0695a8
SHA1 1b8445aa12ecf63619e299c84b1acaf191ce79d0
SHA256 25ad9264133c999731440fbe49d43624fc3e63dc09154c17e30a7b7b3a52bb45
SHA512 e6d41e8f6294b14d4e43590e36eb9e9136926d26e5848885db5548d1a84c187348e15c61acb87c9429f87e7da465c52e1a01f870136ca28e3dd9f721ecd18b98

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

MD5 84ebe76785a6b4f02669adba2256a23a
SHA1 dcf8bd82c503dad0bf7022b7d538a775e2135789
SHA256 c8e6ed08a0a76567cbc9f6e1d3570f9d45d5bf6711c44f6bfa148a3bfc3e8bc7
SHA512 53f27bdd0e72f0c5a6323e9543e5912435a8c23b17b9f46f494f099ca9f293934cb946c90bbdcf1d4859c73ffdc68342c7705e22144c190e8ec6f45dfadc9d86

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 b242fe5d3ccec0f3e2148fa5a0a19190
SHA1 d884f0cc8a08b9f2fd00a4dea7f04e44d37c9459
SHA256 e9478948017d439e37bd82dbcc9c4d059a29d691f4e1e1e4e0ee91a794bacc3c
SHA512 8bad00a60a8177ad09f0e5a631c93b007d51f718017128f2589d7f931c53cc8ecb075cc57b0f4fff4aa74e2003c9e7347cecee9551bde3e0f157de36ef5ed8bd