Malware Analysis Report

2025-04-03 14:26

Sample ID 241213-fz687szjby
Target ea139ec71ae51491885a0159513cbd51_JaffaCakes118
SHA256 6da41b9ecd265d82a9f23683897c094173c3b558d8c539a2a30991a402e2238b
Tags
socgholish discovery downloader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

6da41b9ecd265d82a9f23683897c094173c3b558d8c539a2a30991a402e2238b

Threat Level: Known bad

The file ea139ec71ae51491885a0159513cbd51_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

socgholish discovery downloader

SocGholish

Socgholish family

System Location Discovery: System Language Discovery

Browser Information Discovery

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-13 05:19

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-13 05:19

Reported

2024-12-13 05:22

Platform

win7-20240903-en

Max time kernel

150s

Max time network

140s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\ea139ec71ae51491885a0159513cbd51_JaffaCakes118.html

Signatures

SocGholish

downloader socgholish

Socgholish family

socgholish

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000001846aaad9f67ff4da8eff601415ab5030000000002000000000010660000000100002000000033ad7143513f622f5a2ed1b7e02f996cfd9e1a1155ca374a269024923a56586a000000000e800000000200002000000009fe432eb6f44611ebc80e266c585a05062daa0a1ba39c30d4c5dbc937f5c982200000008d976a311b9c864d76df0447ccbc8917bf7fb3621b5143dc0017d050b93e39c540000000440b631b97157c6bfdd2c6b2d7b560539a0cfc472a97c5733490d973d41d20b9b451116479da4e5e8f39916ff2e2094f34097a53008f62c40639fb7c0b97ef80 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{DB19CB11-B911-11EF-9A25-6E295C7D81A3} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 9056b9b21e4ddb01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "440229049" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000001846aaad9f67ff4da8eff601415ab50300000000020000000000106600000001000020000000e02d198a57ffbffb8206d5be5f8f8806b522b86b849bba4315b53f34890bbda3000000000e8000000002000020000000e109798e520f151ffe456a20e57a6d8ca6a1826dc780d769777c96a28ceea30d9000000048ed73c58fc6e66b7adce06e5aaae44e285be5bf7a514ca5b83faaca4503e62eb72bcb0f8edacecab4348a41db10ca2a35d4b2d1420b69e98aa92bb4171760fc42b935db0a28824d4d99310ae475cf336c6caf445495b1e3a778038d880064a07bd71eab327ab580108992fa08355eb8a0ecdbbea44d9d4edbc6e20782fc8573f54ce9772e037f2e4b40e47612c8c1d440000000404e5f27a9e591740bae69da503e3696e08e88a8e7c8d5740069b49560f68a863ef4735d8d24ac9b31bc26b94cd90fc71bad9891d8463d84df56d31ccb281d7f C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\ea139ec71ae51491885a0159513cbd51_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2168 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 adsensecamp.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 i1128.photobucket.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 xslt.alexa.com udp
US 8.8.8.8:53 g2.gumgum.com udp
US 8.8.8.8:53 twitter-badges.s3.amazonaws.com udp
US 8.8.8.8:53 widgets.twimg.com udp
US 8.8.8.8:53 bloggerpeer.googlecode.com udp
US 8.8.8.8:53 www.linkwithin.com udp
FR 142.250.75.234:443 ajax.googleapis.com tcp
FR 142.250.75.234:443 ajax.googleapis.com tcp
ID 103.30.145.12:80 adsensecamp.com tcp
FR 216.58.214.169:443 www.blogger.com tcp
FR 172.217.20.164:80 www.google.com tcp
ID 103.30.145.12:80 adsensecamp.com tcp
FR 172.217.20.164:80 www.google.com tcp
FR 216.58.214.169:443 www.blogger.com tcp
FR 142.250.179.78:443 apis.google.com tcp
FR 142.250.179.78:443 apis.google.com tcp
FR 216.58.214.169:443 www.blogger.com tcp
FR 216.58.214.169:443 www.blogger.com tcp
FR 216.58.214.169:443 www.blogger.com tcp
NL 18.239.18.8:80 i1128.photobucket.com tcp
IE 63.32.140.173:80 g2.gumgum.com tcp
IE 63.32.140.173:80 g2.gumgum.com tcp
NL 18.239.18.8:80 i1128.photobucket.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
US 3.5.29.226:80 twitter-badges.s3.amazonaws.com tcp
US 3.5.29.226:80 twitter-badges.s3.amazonaws.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
BE 108.177.15.82:80 bloggerpeer.googlecode.com tcp
BE 108.177.15.82:80 bloggerpeer.googlecode.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
NL 18.239.18.8:443 i1128.photobucket.com tcp
NL 18.239.18.8:443 i1128.photobucket.com tcp
US 8.8.8.8:53 js.gumgum.com udp
NL 65.9.86.120:443 js.gumgum.com tcp
NL 65.9.86.120:443 js.gumgum.com tcp
NL 65.9.86.120:443 js.gumgum.com tcp
NL 65.9.86.120:443 js.gumgum.com tcp
NL 65.9.86.120:443 js.gumgum.com tcp
NL 65.9.86.120:443 js.gumgum.com tcp
NL 65.9.86.120:443 js.gumgum.com tcp
NL 65.9.86.120:443 js.gumgum.com tcp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
ID 103.30.145.12:443 adsensecamp.com tcp
ID 103.30.145.12:443 adsensecamp.com tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
US 8.8.8.8:53 i825.photobucket.com udp
US 8.8.8.8:53 r10.o.lencr.org udp
US 8.8.8.8:53 r10.o.lencr.org udp
US 8.8.8.8:53 www.blogblog.com udp
NL 18.239.18.21:80 i825.photobucket.com tcp
NL 18.239.18.21:80 i825.photobucket.com tcp
GB 88.221.134.89:80 r10.o.lencr.org tcp
GB 184.50.112.234:80 r10.o.lencr.org tcp
FR 216.58.214.169:80 www.blogblog.com tcp
FR 216.58.214.169:80 www.blogblog.com tcp
NL 18.239.18.21:443 i825.photobucket.com tcp
US 8.8.8.8:53 www.linksalpha.com udp
US 8.8.8.8:53 widgets.amung.us udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 104.22.74.171:80 widgets.amung.us tcp
US 104.22.74.171:80 widgets.amung.us tcp
GB 157.240.221.35:80 www.facebook.com tcp
GB 157.240.221.35:80 www.facebook.com tcp
GB 157.240.221.35:80 www.facebook.com tcp
GB 157.240.221.35:80 www.facebook.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 157.240.214.11:443 static.xx.fbcdn.net tcp
GB 157.240.214.11:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 88.221.134.146:80 crl.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
GB 95.100.245.144:80 www.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 fb335061dd2ff8692e97e862a0209a05
SHA1 c17f96cdd29639c087acb83b2941cbb984c26f3a
SHA256 dab40afcea5598bf47234632d53aba4ae6967deabe53a258efcd6faf37d5d42f
SHA512 d81d75753ee6813a19e9a79d38f12b42415f67ea4da7ea296ee2e25811e01b86261f6124a4616725e699408592fd4d837f6de583672764b11a9eddc1093fd724

C:\Users\Admin\AppData\Local\Temp\CabEF9E.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 2a4138dd60458fb6c2d7a17fc402cbc2
SHA1 3a2c68692b65302765cd593b7852c17ee1819b96
SHA256 9b141a980e2b427920a7f4dafacc0050d4cdaae902695b0b1d82ea1e92287f6c
SHA512 1c09584fd223c143293247f50e817271a769e248842cc555dc1ee5f5828cb1d3091a958abd04bcbe58d28d0cf6a2299ed334c65ebcdbfbf812636004219c5a2c

C:\Users\Admin\AppData\Local\Temp\TarF02E.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

MD5 e935bc5762068caf3e24a2683b1b8a88
SHA1 82b70eb774c0756837fe8d7acbfeec05ecbf5463
SHA256 a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d
SHA512 bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 1e0297d9a6c81ca9797248559974a0dc
SHA1 642f6a7c49e2152141bce6786a660eba4c797637
SHA256 6f745f4846234e3c73f8c26d4f51f2a45e13e5c6f889ac17aff594e55c58e9d5
SHA512 a56f7fe5c2648066703529d4063e9ebbb7d48251dfccffdfa2e8427cefe1926b30bf047a6ae7940ed66d5037cc32af33c677057616ed91372fcebf1c60f2a9c1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f85223ece8383dae6d0c0402a7cd1db9
SHA1 22b74cb269294039a758e41496381cfea9bb3b25
SHA256 254c450cd0637a76a3e5ef847232fb45c77da5652a86c98ca382fff5f49638ef
SHA512 319e37c80c864eda42cb9278381eaa61a8b2446cfb1a1014f59b2cd1f012a14daf4809e25d9259c35c846df5769c52912fbece145f7684b3cd45c6cd649d8286

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 889152a2f5db611390eb9214c8b394ca
SHA1 738f9a1804daca0efe6e25939986143cee2ddd72
SHA256 50edff2aaa3012d9b5e8f0067369bdfdce3cf1af6777f8409ca451daab8f7c0c
SHA512 670b59728e285bad891d7ef485c732f5d28770599d05a384bbded094f30876fc11b3485d5eeb8ee340744aa1ba900bcf1ed75461a044ec78df742e4d5ecbecb3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

MD5 55540a230bdab55187a841cfe1aa1545
SHA1 363e4734f757bdeb89868efe94907774a327695e
SHA256 d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512 c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DDE8B1B7E253A9758EC380BD648952AF_86F2A83F54EA52E2D59C5D2EE00149B8

MD5 a16e149a93948efbdded015c1327ab8d
SHA1 a9a3d6e9bc7d9e7a3c59a7265d935e0c3faf8fe1
SHA256 b896ccda2b412c79e881512b6de535e42e3d1b0b2d1ef6a14184822e81e8fedf
SHA512 432d64e75cb59ff55bb32ef56a1f3c7a7c5633183b106d33baf3fe810dc1b959b2b3b178bfd61aeb71aafeadf227e67c36ac072878e74d98b0152efeafc94a0c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c526250dd5001cc84f78216ac0d5cfde
SHA1 d7c6176525aaaf28a9a58f5c5b97979ed3be0569
SHA256 481cecabbcd3b5bb2bdd285e42dd6bbe7fbd7bd1ad7673a7300027dd2916d0fa
SHA512 cfd71590c7d0041d0bd17196a725b3fb110ac0f8a88829a6d9399c190469a270a98cb3107d5c3e094f9b8ab90ee4aa1276477873deddb339d1d695a686c2566c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d1f414361464bfc7ddb28a835cc3204a
SHA1 7e73ce06beaba17603d06fdc8cfbf2cbee417e9c
SHA256 49ea90aedc7f1da57edd761357a0aaa41da59284328b9438a5b24c44ff1539c0
SHA512 b81db2be07c40577897329d48823f2475829d8993eaad9bdaeded435ca7be315f4decf78e713de9ee97a783541967e052526a421d73410ecd5c1c1b4abd71057

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a9e7eba1b87dd68525cd64da67859efd
SHA1 6f57c09c65c72a091656cf70706d04010d968bf1
SHA256 db508e2c64163a35e5c6a7fb121c0e9c8ab66ce32713a4a6236fd433083ab6e8
SHA512 3f7dbf1df0542aae9922820544617a4f55475f59d729ba5a051067474d84311ed617f3238dfa189b0394a97bd84cd689e07c8b23776e19aa7cd9916a503a3fc3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 62290f7c2510c1af5c1d1b16f6f292b9
SHA1 3cda93fa1ae2022ea1bfb02bab509482d89448a6
SHA256 c9ef898d66955c460aa72e5ea5b11a15a0d4d8a6170f4f1f09aed1a5a2f468c7
SHA512 af58ed043d9859b2b54df4e8240f235f3fdd7ff8ac686846daece7db584507625f324f124765c9ada442f805a87ba2e29f4c89c83487205cb8be39337f381388

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 994da359568280ab44d1a2987c245e90
SHA1 7f19e807068ed489c327edf507367609275431c1
SHA256 89076c09645d9295837634e437f4f467c4c6e1f6e56d29068b82503df0ce0ac5
SHA512 d456ef0daa3c02743edc33db91b76995dac4810efdef6f6325eebb7047fc97e299b3214d24bb5457a25536b89f5a2637561f12ac0f1632791b9b89310749a479

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7464227b531c6ddc3c60f4534e2721cc
SHA1 0b2c874e25c44fd384fa0ab621a8c5710ab3565d
SHA256 ddab8e54f9a9629435b89046d3fd7953e4cb0d92b393b1d3608ae13abc2f5dd9
SHA512 85c4e61c0e603bda8d29f8276ebf2299df3ab9f172028c0ecb66cb86d0a694aff9f4eeb822ef8b791ec5216419698cebe825833dffd2ba31d30e95057cc3a541

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0beed7370892c1770210198c86d59b66
SHA1 a4342841eccbd880e1b270b5cb9e1901d69e7f01
SHA256 5312dbf8e34633e48518baf25400644fb36f1f10bee6e1da1fc4b68a4246969c
SHA512 c58f1eecc3a2e8ef0d1da1d9a90010fcb98905acefba9f3ab7905ea17bb487aa2663355945c928775e9c62a0d41134a1f9774613b9d24b98f3985afd1484e882

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d9027f92bc2146ad80100928f8355d00
SHA1 03fba8c174fb0f250033e4d26f927e3f441bd81f
SHA256 3c1937c290f2288f5e7df49d5b0b04975bb19771151265fc8675738c5e603055
SHA512 3121b8c6689772e9acc97f64797145c4d599c41459e7375cb85db82b95186f0e8ca434915a74487f2856a55f938325096f7974364cdfe91c077b429a6e45d7e6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f6d2c65b986156d324ead205ed0c46f5
SHA1 b4b37b839823299cfb51545478abbed02b3ed83f
SHA256 c4004bdf42c3585c535ef6aca92e0bc6db192631ba86ed71a696c238bb12604f
SHA512 ea97104aee7e2df30ec8ca5939687a6c29e00024b6a8237fd904c52a9527760c1d60219a0ab0801bf0e7d7c29fbe02f8f0dbeeb415044e11eb3f37df70f03b5e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 71c15f1ef6fe4cb7c88247ca5058c98b
SHA1 6233731b9b2d759aab84325e078f4ef1cafc0793
SHA256 edb82c56239432bc0ac0c5e6544689686321eebf85b3bc4bd25eb651f44b209e
SHA512 7ca6aeb37d224327bd78f9c8186679b171220056fbe01f535d0c48932c54ecd2320b61ebde8d629214dc2551ad4eaa4a9219e48cca1af2dda204754353f46d21

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 14fd1b54ac4a4743d668c65a01d21c78
SHA1 fc4bc35cf66d05e34cc90ccf961b2754fd426e33
SHA256 940cb0df076fb9c603dca08519afd7ebc1e240d58ae010bb53d7e2888363dad6
SHA512 e0ebafccefbc47f96ed7952a2556dc2fabd375f650677499be4ff7f25712fda6ca0b52965032e99d03483ab0893fa4eb161b3c689789febf377ec04b5f07231c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 506b4d55681d58ed3c588101bac60458
SHA1 5cfaedd261d37cbbc22f17b408802683223232cd
SHA256 5e25ccd5340d09a564f8265ad581216431d99cbf1420f6abc3963a27e1ee8fb0
SHA512 357a7261bc325ce08af6e5ce443f576a39a1d6934668c80e1db5902caf56c400083e21883f70c58328f9b03d15fee64b541b0c7dfd5622dd16aac90d1334ab0e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1e1ed6a9dc49031c43e6d0f91375dae3
SHA1 f2b830fa75d2fb785b8b401d9cf2410a39f6e4bd
SHA256 f370055dc9b7a7a6166f1572a3af21e83fc96fe14c8f69eb30b02e2bc7301d4e
SHA512 4b433f6c8b2bf3e5a8cdd2199ae43a69133eefc71657013a2048451cc551cb6b2d526e1db54d5416583c4cc5d04bdb4395388d1165b0d00adff3a2c5ff2bf67c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 68d3ed21bf8d6c2334c62c92b434c712
SHA1 41d2855023c369747387f7ddedad462a3623427b
SHA256 707e56f613b8603b4f7551adbeb389e712ec42d8f25bd7c78bd59dbc697c88d6
SHA512 ebdc5940c010cfbe90e55d892eeda3b6c933ebb1f4a8c6266f434b31acf44de61624c88c0a970887865d1fe6b492aac2c197ee4bce17af328c945cd96527f72a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3ca5da7f782a41851bd3c69d0f759d3e
SHA1 fc44c55a3d8cab20c22f0303fb91aa8998040d02
SHA256 01d731723066b9dfa5b729ff30bd0a057536db4007379ef893b745727071995a
SHA512 a280215e59c7dc31f6df8d3756c30c5ff6a69f70d167324cde63c94d5edfae78b1e8c857bb2a2b7cf12b4f3cba20d4c6e815627f6b304150c9bf9a3c16c1e42a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d58c71bb69311a52c59f56e01c6f7d3e
SHA1 769463ff93dcba977c9193b5a0b5195ebcef57e3
SHA256 b86755e2df4d58b002a16e2b96c3401dcaad061a757bc766b7e41ff3fa74445d
SHA512 df83431a607bb35c4e21f1563e58a5fa45f9f585eecde5e60d953d80e90e5d57d399de0a3f939a62846b41424ad12ae7bb9cfda55cce5bf0d5783a418f37639f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 0083a2bdd98917c8144c63be299d49a6
SHA1 0d0cd0292255a9018d6e84644d9b6f65a4e4fe74
SHA256 9c3cdc96e58941dc5724878059241fbf409bbe9d30680f88210a922454d5df73
SHA512 c99e6cbdb12aefd9e3e4677884442ca5ead85b2ccb055c39c93a930eefd89dcba2cdff077ce258ab2879ff7bf22b7d1498596b24255c56728387294595d85b07

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 027048aa5e2b271a87fcd4053f0c3f49
SHA1 b976645aad94e93c39f135e5a171de2b8619e8aa
SHA256 289d459418d787cecbd1310f7f1ce973e6d2c6d1881d7b87d7442f33751a5924
SHA512 4c68d9cf0cf0c9de10451ee66f3d9d296235a7da114e4210338e3c6feaad870f193b567110d5b202bf3bf58c8dbec2414e09de7e33d3613146d8fe14e681f46d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bf69b1a9bd7043a0588e2e3d00d7757e
SHA1 d59d3e32b9e9c197f8b47057280d77ae3e2d870d
SHA256 55c5052c88499b8581489d712eba3a0074d4154a9c4bbb2ec73a3d3ee68fe9fe
SHA512 f26d985840d13b18c1b5659616528f2cc4523293f4a6d81d7832c11a6a4df813f1cc518623266753211a27109bd25139ca7fdc39676f9071e9e70263393ebcf1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9627950c08a81a89153d35da3c9beb5c
SHA1 d27851883fbbdbf4582d808d67d808e9f4442766
SHA256 8b62fa686df0ec8724acf5d7318bbea22b081bf9b45a92726fe8171f07831f75
SHA512 a582579469a423551dc73f393ac78ec5acf242b05756a36c77324c8a5e231c1ba0c9d101a187ba870d52113a729ab8e4acc2870994befa41dcc2b9f3502c799c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 39bce1f7422e935e2ca6081062eeddb3
SHA1 9a63d1a954470a5cceb98fcb2350a2a02d074301
SHA256 fcf45dfddb0da4020ba66cfeaa810541b575e550bab2359e8b34433fa7579605
SHA512 b1d700af952f050f5eba75e9e140af354c76d4a50c50724ca682918029266d2adda634c3c372377830ebd54e69fbfd85c951193fc464dae92d1f16c61123fdc7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 48cb98310feb8ebc78f0f06e48cf5bab
SHA1 0bb70eda0b4705ac394ba11e19573530eee46f9f
SHA256 6ecd12d1d0cc6a1bac33ffa8349c48ee7aceea9c975e5acd10ef92d94d909372
SHA512 a0001a9ed1123c855db0eb827a112e14f509ddc18b0f5bfeda72881705781ef51574cf0c5c2470b5005a2c7afa00699413cc25b04d57e4e3e3cce84a544c60e6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7a9bed42487aa5faaeb1ea28731bbfb7
SHA1 bebfc3795fbc8e996054a573f0c30cd10b579fd6
SHA256 d2e720a30959516c48c81ca58577ab80bec992d70ad60b04e225075210d19c9e
SHA512 1cb42f94c0f560d88f9606b0d726a2e771d5b66ac7bfa65a6c5c65b986b24a95fd70ddf0600bd62eae24b7ed6b43787ff77ebe0f426eca86af28fedae19c21fe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 19f6fc344bef0974ff7ea0a1da9fefdd
SHA1 53367216f268fcacbc6d90260d896c97c48d91dc
SHA256 a23f0cf69c6be5e4de860256c8d221c9e6464c53c1d205e69456a3e785c21ee8
SHA512 f4b0abb6c8ed175248ae20c3d42c70e3e8d8ea1908a7fe2b0a38f206fe746087aaf22589e803fda318c0ff5f6dddf3c154bbedb516d42bcd8945869f23c99401

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d6be85c4dfe520121035131b0cf0ae58
SHA1 b4c3c706cb9b40af9a9e69482a7857d1262bc08b
SHA256 c0dc2616174f543bca10a2e0e2bd467066ca703907b341213cc46e80c3b45207
SHA512 37569bd8e59b8059328d33e20f42c2f73b80eefa357bacf70700fddc76d9e050d5106f365f3a89fb33181e3b10ae948145bfdbcdf5061e23cd0f76a495a0691e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1e11a244e0989dc15c2b5e0e8d402490
SHA1 6cece1c081c9341baab2467cf446f640007d05a3
SHA256 d3b610e6c1b641d2afb822cb3a10144c64c59820520a837ac3f5ff3cf3954e41
SHA512 7c509d1d7e03c6a2002c6b8646e1067eb70671905ff199f958314da4224f75a784679116ee0572933e665e1038b4470234c058d471418a34adbd20d859c95776

Analysis: behavioral2

Detonation Overview

Submitted

2024-12-13 05:19

Reported

2024-12-13 05:22

Platform

win10v2004-20241007-en

Max time kernel

145s

Max time network

145s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\ea139ec71ae51491885a0159513cbd51_JaffaCakes118.html

Signatures

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3628 wrote to memory of 3384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3628 wrote to memory of 3384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3628 wrote to memory of 4504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3628 wrote to memory of 4504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3628 wrote to memory of 4504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3628 wrote to memory of 4504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3628 wrote to memory of 4504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3628 wrote to memory of 4504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3628 wrote to memory of 4504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3628 wrote to memory of 4504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3628 wrote to memory of 4504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3628 wrote to memory of 4504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3628 wrote to memory of 4504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3628 wrote to memory of 4504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3628 wrote to memory of 4504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3628 wrote to memory of 4504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3628 wrote to memory of 4504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3628 wrote to memory of 4504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3628 wrote to memory of 4504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3628 wrote to memory of 4504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3628 wrote to memory of 4504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3628 wrote to memory of 4504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3628 wrote to memory of 4504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3628 wrote to memory of 4504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3628 wrote to memory of 4504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3628 wrote to memory of 4504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3628 wrote to memory of 4504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3628 wrote to memory of 4504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3628 wrote to memory of 4504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3628 wrote to memory of 4504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3628 wrote to memory of 4504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3628 wrote to memory of 4504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3628 wrote to memory of 4504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3628 wrote to memory of 4504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3628 wrote to memory of 4504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3628 wrote to memory of 4504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3628 wrote to memory of 4504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3628 wrote to memory of 4504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3628 wrote to memory of 4504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3628 wrote to memory of 4504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3628 wrote to memory of 4504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3628 wrote to memory of 4504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3628 wrote to memory of 4680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3628 wrote to memory of 4680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3628 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3628 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3628 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3628 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3628 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3628 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3628 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3628 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3628 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3628 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3628 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3628 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3628 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3628 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3628 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3628 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3628 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3628 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3628 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3628 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\ea139ec71ae51491885a0159513cbd51_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa586746f8,0x7ffa58674708,0x7ffa58674718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,3052950330658897189,10796914091138387711,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,3052950330658897189,10796914091138387711,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2480 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,3052950330658897189,10796914091138387711,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2892 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,3052950330658897189,10796914091138387711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,3052950330658897189,10796914091138387711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,3052950330658897189,10796914091138387711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4780 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,3052950330658897189,10796914091138387711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,3052950330658897189,10796914091138387711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,3052950330658897189,10796914091138387711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,3052950330658897189,10796914091138387711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,3052950330658897189,10796914091138387711,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,3052950330658897189,10796914091138387711,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,3052950330658897189,10796914091138387711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6260 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,3052950330658897189,10796914091138387711,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6240 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,3052950330658897189,10796914091138387711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,3052950330658897189,10796914091138387711,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,3052950330658897189,10796914091138387711,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5960 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 apis.google.com udp
FR 142.250.179.106:443 ajax.googleapis.com tcp
FR 216.58.214.169:443 www.blogger.com tcp
FR 142.250.179.78:443 apis.google.com tcp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
FR 216.58.214.169:443 www.blogger.com udp
US 8.8.8.8:53 adsensecamp.com udp
FR 142.250.179.78:443 apis.google.com udp
US 8.8.8.8:53 xslt.alexa.com udp
US 8.8.8.8:53 g2.gumgum.com udp
US 8.8.8.8:53 widgets.twimg.com udp
US 8.8.8.8:53 i825.photobucket.com udp
US 8.8.8.8:53 bloggerpeer.googlecode.com udp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 i1128.photobucket.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 www.blogblog.com udp
ID 103.30.145.12:80 adsensecamp.com tcp
ID 103.30.145.12:80 adsensecamp.com tcp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
IE 3.248.159.113:80 g2.gumgum.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:80 www.google.com tcp
NL 18.239.18.21:80 i1128.photobucket.com tcp
NL 18.239.18.8:80 i1128.photobucket.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 172.217.20.162:445 pagead2.googlesyndication.com tcp
BE 108.177.15.82:80 bloggerpeer.googlecode.com tcp
FR 216.58.214.169:80 resources.blogblog.com tcp
FR 216.58.214.169:443 resources.blogblog.com tcp
FR 216.58.214.169:443 resources.blogblog.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
NL 18.239.18.8:443 i1128.photobucket.com tcp
NL 18.239.18.21:443 i1128.photobucket.com tcp
US 8.8.8.8:53 js.gumgum.com udp
ID 103.30.145.12:80 adsensecamp.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
NL 65.9.86.102:443 js.gumgum.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 twitter-badges.s3.amazonaws.com udp
US 54.231.162.233:80 twitter-badges.s3.amazonaws.com tcp
NL 18.239.18.8:443 i1128.photobucket.com tcp
ID 103.30.145.12:443 adsensecamp.com tcp
ID 103.30.145.12:443 adsensecamp.com tcp
US 8.8.8.8:53 134.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 106.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 169.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 113.159.248.3.in-addr.arpa udp
US 8.8.8.8:53 78.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 21.18.239.18.in-addr.arpa udp
US 8.8.8.8:53 164.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 8.18.239.18.in-addr.arpa udp
US 8.8.8.8:53 33.215.58.216.in-addr.arpa udp
US 8.8.8.8:53 82.15.177.108.in-addr.arpa udp
US 8.8.8.8:53 12.145.30.103.in-addr.arpa udp
US 8.8.8.8:53 102.86.9.65.in-addr.arpa udp
FR 216.58.214.169:443 resources.blogblog.com udp
ID 103.30.145.12:443 adsensecamp.com tcp
FR 172.217.20.162:139 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 www.linksalpha.com udp
IE 3.248.159.113:443 g2.gumgum.com tcp
NL 65.9.86.102:443 js.gumgum.com tcp
US 8.8.8.8:53 aba.gumgum.com udp
US 8.8.8.8:53 c.gumgum.com udp
US 8.8.8.8:53 gumgum.com udp
US 8.8.8.8:53 widgets.amung.us udp
US 8.8.8.8:53 www.facebook.com udp
FR 172.217.20.164:80 www.google.com tcp
US 104.22.74.171:80 widgets.amung.us tcp
NL 18.239.50.47:443 aba.gumgum.com tcp
NL 18.239.36.84:443 c.gumgum.com tcp
NL 18.239.50.83:443 gumgum.com tcp
GB 163.70.147.35:80 www.facebook.com tcp
US 8.8.8.8:53 8.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 233.162.231.54.in-addr.arpa udp
US 8.8.8.8:53 30.179.139.118.in-addr.arpa udp
GB 163.70.147.35:443 www.facebook.com tcp
US 8.8.8.8:53 crt.rootg2.amazontrust.com udp
US 8.8.8.8:53 t.dtscout.com udp
NL 18.239.83.86:80 crt.rootg2.amazontrust.com tcp
BE 108.177.15.82:80 bloggerpeer.googlecode.com tcp
US 141.101.120.11:443 t.dtscout.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 157.240.214.11:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 171.74.22.104.in-addr.arpa udp
US 8.8.8.8:53 47.50.239.18.in-addr.arpa udp
US 8.8.8.8:53 84.36.239.18.in-addr.arpa udp
US 8.8.8.8:53 83.50.239.18.in-addr.arpa udp
US 8.8.8.8:53 35.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 86.83.239.18.in-addr.arpa udp
US 8.8.8.8:53 11.120.101.141.in-addr.arpa udp
US 8.8.8.8:53 3.bp.blogspot.com udp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
US 8.8.8.8:53 11.214.240.157.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 connect.facebook.net udp
GB 157.240.214.11:445 connect.facebook.net tcp
US 8.8.8.8:53 connect.facebook.net udp
GB 157.240.214.11:139 connect.facebook.net tcp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 8.8.8.8:53 whos.amung.us udp
US 172.67.8.141:445 whos.amung.us tcp
US 104.22.75.171:445 whos.amung.us tcp
US 104.22.74.171:445 whos.amung.us tcp
US 8.8.8.8:53 whos.amung.us udp
US 8.8.8.8:53 22.49.80.91.in-addr.arpa udp
US 8.8.8.8:53 kencew.blogspot.com udp
FR 216.58.213.65:80 kencew.blogspot.com tcp
US 8.8.8.8:53 65.213.58.216.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a0486d6f8406d852dd805b66ff467692
SHA1 77ba1f63142e86b21c951b808f4bc5d8ed89b571
SHA256 c0745fd195f3a51b27e4d35a626378a62935dccebefb94db404166befd68b2be
SHA512 065a62032eb799fade5fe75f390e7ab3c9442d74cb8b520d846662d144433f39b9186b3ef3db3480cd1d1d655d8f0630855ed5d6e85cf157a40c38a19375ed8a

\??\pipe\LOCAL\crashpad_3628_MWEHYLKRPHQPUNJO

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 dc058ebc0f8181946a312f0be99ed79c
SHA1 0c6f376ed8f2d4c275336048c7c9ef9edf18bff0
SHA256 378701e87dcff90aa092702bc299859d6ae8f7e313f773bf594f81df6f40bf6a
SHA512 36e0de64a554762b28045baebf9f71930c59d608f8d05c5faf8906d62eaf83f6d856ef1d1b38110e512fbb1a85d3e2310be11a7f679c6b5b3c62313cc7af52aa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b21a9753d71155e7e634b20f3803128a
SHA1 8154a9f8b0ef9712363589faa339e702c77f47de
SHA256 c83cfa1c431bd62a2cd0f7e0dc1e8edd91ea283133fe0bdbe89c987fb2255829
SHA512 242be436647ba49fba40c1be37e8b1449517f630fee3b2be56e1633ff7639a91078dc33db24ccd5da8fb56baeb4e2fcb80868c3d5a354cc602bb2e1c5bb0a6d9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

MD5 66d982f290c6104f35a398b5e3c35496
SHA1 357020ab7c675f80eda2b65858419f0a34763fae
SHA256 bab7b2b89357856c3ed345aa4af75ccf2af8d947b54722d4dc0132e8c81f00ad
SHA512 09bbeb91a326a1c973eb4112ebd3cb85968afb014f572bade79552b6b34622f1af624fa983cde602665dbefcb2c6f7507b72f05f5d142f106294c73d3f1c4509

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c10b4216feed45f37c182c24979c5373
SHA1 6f3a846dbd8b1ecd2fdfa681d41e610803ae4e5a
SHA256 d0296c96d2dc2f30ca6866b9a85879e0f577ebf9cce3d5af289b4425d80a84b1
SHA512 d55b5766ac4393baee3362b81cf1237874647db9dd5b106ee622784f0dcfe8931019983cdbcc5fbed43dd9cbc3ba1b9b946b34ada8d205a7fee7caae97d228eb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3f45803bfa0a30cef6c716d9dd51b568
SHA1 fc417b36c9ad2a8225be5e98bc4a559681800efc
SHA256 2b08a69600a415a36a344df6304130d91bdc7d90e7bc16281a152986e737a39e
SHA512 fbbd619c2629b1217a63bab5bed96712760c3381404ca79abc3c9ad1b1c52153a3c9359c7079be7cb2dd59e68ce8a867009b8adaf84d3c77effdf22e8e77057c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 c91816d401ffc9375c1eb6170e0861a5
SHA1 ab5abc03d312e99854e19bf332c739b328693b6e
SHA256 b0698234642fe354ebfc39a241456c3c4b77c75a50a7cede666ca49bf9bb3d80
SHA512 9e8fe144b019ba5da9fb507cd548e41cbbd8b0270c0a4fbbec459385dfaef7326e867fa6e75df3011642bef3b283edeaacc02fbf18e2a800e69c5de28a2c93d6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9a0065a62b0b558c2162c8ba8b5cd7bd
SHA1 167ee8f7e39c32649d5fbd3a1a6bf240ae6f0a0f
SHA256 e33116edf126d8d819122699bc2d513a3eaceb0b955384184d03dd1b147e9094
SHA512 d94d3fdfad3d9b4eecc6de1ef58753e0c41dafe9932fc6d07f1ee5810b60cd08748b77dab3c2f12493387eaf9a6dcd38a17a211d7db7ce262791b968e711f5fc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 4661a14fa2070945a1ed740c30d657d8
SHA1 2d15df0bcd0f8b82fa90d2bbd212eb630ca9e03d
SHA256 024d1cda2542c2311e72b6298a2aa969162776865ee98d9d41169a3b959e6053
SHA512 6f7410d43ee4aeb0c765ce19bf58c2356898c27e0288b85cdaa4586441bb32c2f893039bf330a0ffc455fcfa52649085c37e2516e3f32c437d8431b010ea0b28