Malware Analysis Report

2025-04-03 14:25

Sample ID 241215-yh272awpcl
Target f57c403a3ead05ed899fe45c29b525d0_JaffaCakes118
SHA256 ff15ef38ed9be8752a845c3581c3eba3c443981bf9ff6bf7235628b204056f49
Tags
socgholish discovery downloader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

ff15ef38ed9be8752a845c3581c3eba3c443981bf9ff6bf7235628b204056f49

Threat Level: Known bad

The file f57c403a3ead05ed899fe45c29b525d0_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

socgholish discovery downloader

SocGholish

Socgholish family

System Location Discovery: System Language Discovery

Browser Information Discovery

Suspicious use of SetWindowsHookEx

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-15 19:48

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-15 19:48

Reported

2024-12-15 19:50

Platform

win7-20240903-en

Max time kernel

130s

Max time network

148s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\f57c403a3ead05ed899fe45c29b525d0_JaffaCakes118.html

Signatures

SocGholish

downloader socgholish

Socgholish family

socgholish

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000cc12abd8dbff7143a2ef3a7616e1c155000000000200000000001066000000010000200000005193f53210fa7b00264a6e8debe3ee2b761dbc79e63c75df9447a5053cdd9fa8000000000e80000000020000200000007bd16b033c95708663ae2ffe28b01f468d2c38ab6eb888d6d6625f9c14f22f259000000049cf8d032588f8c68090ce364df863c796d989067b6997d3992b353ce23ddd4e36a5bdf3cbcee01f5f72971372d601d925f53443d16a93341296c51af1da31aa0be5907c88c3d6388b652f2a03e6ffd0d8810365797ef3a89a4b5a428ed7542716c244cc818fe10ba8e8c5bd732f00e32db0868e2468b7ca535035e7a245359a5942986277ceed28a653ec7b7fe5125940000000d10605797e16670d3d153b89546a92b3671b630e2d3d1aba211438b38d741792dd6655c9feefa88294bf3b0a541cbb765fc5e6b2114de9b3ec40e3f7fb5efb47 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c052095b2a4fdb01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000cc12abd8dbff7143a2ef3a7616e1c15500000000020000000000106600000001000020000000d74611e23c97c1f3512e87f0e0dd74f39413d702af9b11c40ac2db0610e06362000000000e800000000200002000000070b1f887911b7a82636d0b39ca80206cd11101cad8ac61c8d8da0f97dc02b033200000000296d8e404e3d8b80d62429f1b5084ac347c882de765605c4563a6efc254a0b840000000aaecf2893fc5a8b16ae128a1c78cafdd9b5dba5e1a2e517a3b9f33b27af94477f310850244d39696105f2ee295855af90cab27358db7786026cfc2cc295365ec C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "440453951" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7E82BE31-BB1D-11EF-B656-D686196AC2C0} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\f57c403a3ead05ed899fe45c29b525d0_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2088 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 img407.imageshack.us udp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 yourjavascript.com udp
US 8.8.8.8:53 www.ashadee.com udp
US 8.8.8.8:53 soalantemuduga.com udp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 apis.google.com udp
US 76.223.54.146:80 www.ashadee.com tcp
US 76.223.54.146:80 www.ashadee.com tcp
US 76.223.54.146:80 www.ashadee.com tcp
DE 157.240.210.14:80 connect.facebook.net tcp
DE 157.240.210.14:80 connect.facebook.net tcp
FR 216.58.214.169:443 resources.blogblog.com tcp
US 38.99.77.17:80 img407.imageshack.us tcp
FR 216.58.214.169:443 resources.blogblog.com tcp
US 76.223.54.146:80 www.ashadee.com tcp
FR 216.58.214.169:443 resources.blogblog.com tcp
BE 64.233.184.95:80 fonts.googleapis.com tcp
FR 216.58.214.169:443 resources.blogblog.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 38.99.77.17:80 img407.imageshack.us tcp
FR 216.58.214.169:443 resources.blogblog.com tcp
BE 64.233.184.95:80 fonts.googleapis.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
FR 142.250.179.78:443 apis.google.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.214.169:443 resources.blogblog.com tcp
FR 142.250.179.78:443 apis.google.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
SG 151.106.123.220:80 soalantemuduga.com tcp
SG 151.106.123.220:80 soalantemuduga.com tcp
DE 157.240.210.14:443 connect.facebook.net tcp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
SG 151.106.123.220:443 soalantemuduga.com tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 172.217.20.170:443 ajax.googleapis.com tcp
FR 172.217.20.170:80 ajax.googleapis.com tcp
FR 172.217.20.170:443 ajax.googleapis.com tcp
US 8.8.8.8:53 platform.stumbleupon.com udp
US 54.165.207.73:443 platform.stumbleupon.com tcp
US 54.165.207.73:443 platform.stumbleupon.com tcp
US 76.223.54.146:80 www.ashadee.com tcp
FR 172.217.20.163:80 fonts.gstatic.com tcp
US 8.8.8.8:53 rack.0.mshcdn.com udp
US 76.223.54.146:80 www.ashadee.com tcp
FR 172.217.20.163:80 fonts.gstatic.com tcp
FR 172.217.20.163:80 fonts.gstatic.com tcp
FR 172.217.20.163:80 fonts.gstatic.com tcp
FR 172.217.20.163:80 fonts.gstatic.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 76.223.54.146:443 www.ashadee.com tcp
US 76.223.54.146:443 www.ashadee.com tcp
US 8.8.8.8:53 www.google.com udp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
US 95.100.195.176:80 rack.0.mshcdn.com tcp
US 95.100.195.176:80 rack.0.mshcdn.com tcp
US 76.223.54.146:443 www.ashadee.com tcp
FR 142.250.179.78:443 apis.google.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
GB 163.70.151.35:80 www.facebook.com tcp
GB 163.70.151.35:80 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
US 76.223.54.146:443 www.ashadee.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
FR 142.250.179.99:443 ssl.gstatic.com tcp
FR 142.250.179.99:443 ssl.gstatic.com tcp
US 8.8.8.8:53 ocsp.r2m02.amazontrust.com udp
US 8.8.8.8:53 ocsp.r2m02.amazontrust.com udp
FR 13.249.8.192:80 ocsp.r2m02.amazontrust.com tcp
FR 13.249.8.192:80 ocsp.r2m02.amazontrust.com tcp
US 76.223.54.146:443 www.ashadee.com tcp
US 76.223.54.146:443 www.ashadee.com tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 2.19.252.143:80 crl.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 23.192.22.93:80 www.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 d38f88ebb6204d4106e2a0f3d5e7063a
SHA1 59d57e659ee4386b96d0c971e363f26f07b8c3ee
SHA256 26f02e4a3f7eba78233a5406e3cfc894ee9aaf6853cd843f7796442a92b43176
SHA512 35d9ef2c425c9010cb586c7fd8affdf9f329e51ee9c086c66eaf14444a533310e65b53d3db82240e76e8c938d1806070b9ca64b1996937c2e2623717f27338c8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 f8c93ab9fd559aa293c101b138cb3858
SHA1 29d12c5a3fae2b579f8b26bf02f5bd5d1938a366
SHA256 7a85e5dfee14cbdbf6cf9a6e7109fa9fbaf7ac9677038676f7d647da8ff7f1d0
SHA512 78ce05dc16006e082bd2490fee0c09b5791718dc9212053196ce860ebfe6307899a12631e953c365a29d809c00739cf56e58fb8a347c09696e2557508483fb90

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 771d07cf29fe54d1a10f303a142f902b
SHA1 b767518636c3513c889f36affa1813c5746b58b0
SHA256 6106f7a666f99ef32852d875abf1870c145de400a6072b6877ad5c35a9b96707
SHA512 717c157ec367c994afcdf26c7b3ce27cb5676a618557c83fe2cec2b776d565b3b2d2a0b04ca3e3c4d74ff7e1cda7d656874f5ed381b079214f3c9d48aec6bc5d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

MD5 e935bc5762068caf3e24a2683b1b8a88
SHA1 82b70eb774c0756837fe8d7acbfeec05ecbf5463
SHA256 a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d
SHA512 bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

C:\Users\Admin\AppData\Local\Temp\TarBF7D.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DDE8B1B7E253A9758EC380BD648952AF_86F2A83F54EA52E2D59C5D2EE00149B8

MD5 d5cc62469b85b1d4b547bc41c484de7b
SHA1 591c849bdd190ca79dfd48f6a2ec1d7204125635
SHA256 35594dd24e6f9722010b8e535bb05ae2da4e1a903626ff44e8a65d11d8077613
SHA512 aa9c82f0bb32bd2e60877c8f8fd3bd725dc6ffac1a118955b3733e219d2848f2b830c8309673d7b6f6211536f9feccd5966298ece30c555a729d50fde31ee874

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DDE8B1B7E253A9758EC380BD648952AF_86F2A83F54EA52E2D59C5D2EE00149B8

MD5 5113b9b2a831eddbb4cd15327979b41c
SHA1 9d687b20e749190cac6464e14dd7049aeeacba57
SHA256 ef55b1502900635aece3c70fb914be5c386d9595d99770b6bb71577811382371
SHA512 01f72907729f6bf1ebba6a3792cee4d3ab2534dac7b6998363f8c6941f5b41f1f7287613b3494934747511722eedc53fe3c0354ea8f9b11d26f266281e8fb383

C:\Users\Admin\AppData\Local\Temp\CabBF7B.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9c413584ad38457ab918d7125844bddd
SHA1 e06a9382da4575cdc41e4cfab69de9f11567994f
SHA256 066d02253d20e00c48aed72a25f050776aa38baef6ee315b47dcbd4fc6e65e4e
SHA512 94186e1efce587070dbacb264afba93f15cf0222b030c986c7e93a13b60d1b4e104ddcda10ee1f6382e4d803d8ee65010d3152140cb872f892b054ca3bfab98a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1732573a7d6b675f2606ddf05c5b465f
SHA1 f6fc9cdfefe02ba537d24ac9353883ce4fe7c752
SHA256 d7f0ddb8d005fbe76f5713c32b63d3145a5f01ee1dd1f1b9c99340443e28170b
SHA512 7996778048f5c150f377e85e619c13327283e3273460d3a3456a34e9449356781aab106131a6b4d09e8a538f1ac351421e1352d4f4cf0326429ec40a8f153f2a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c4e5d87066f0aa3c24f66f030de1c6f9
SHA1 1d3440c0d458787a12186c93f0652b876fa5a205
SHA256 61f7a0221c5c69733c3a4e0623ce981e215ec2001335d1376258b030e3cf451a
SHA512 8acf22f5572826f44d8e32ca1d3704c29735ed911d1d24e51ea01b2406b14b7e1f5f3b715659da0f55d1f8c997117be8fd06e39c95b545d916c5e0cefa1b3301

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7c5e07264c3a2fbdc426d9e278dd26b1
SHA1 6ac63e854d7465161cbe2f18540cd32ed3afd64d
SHA256 d55e4f6a70b0bf1375222c5054fd3033a7846a8fe30c939a92f3f592668d8cfd
SHA512 019bac72eb6bc562bdb89becb2d0088e526ea763fde7169a0f12c82a550b483369502ed435b84687e9a055cc234c5c57e156e17b96b29abd53a45c0bc216a86f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

MD5 55540a230bdab55187a841cfe1aa1545
SHA1 363e4734f757bdeb89868efe94907774a327695e
SHA256 d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512 c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4514a297edc77de2ab0872cae575f6c2
SHA1 778329479b92d17623d0a1faf0e3f4cfb9d7502c
SHA256 d53c40d8f61a431e49cc984d57702588ff8e6fe0f84c599b3f37fd5ede449521
SHA512 6eabd6402979bafba79927aea336d34f4effd673551ef9714ccced6e920b36d64ee982ae5e89ef2d0ceb6ee47bebfc1099f290614fb336f6a7e82fa22e4bcb2a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5c3b93d3aa7d69947486831d2e98824c
SHA1 c36f309a12a8c985575951c92de81ea38ce1f42f
SHA256 8e088d39066bba5b6a00ef6445b877e96e4eeee47bc10d561d850299adce2f22
SHA512 1d96b9ee23c6971f4a90f0f4794ea5ca371046fdb9b7de3516c737e1c31a5c283d7f6cbec39ee3466d48d3951dcbd9694898b029bb0f5555593244221c415282

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e5c8bdb436b171ced95855940f15f5ba
SHA1 1a65f8687eefeec575dcb52c6a9d23aa49fd2784
SHA256 66b00f4ddb09f5346f9f02361a93d564a3f497279784252cac60a7c8fe665ca8
SHA512 00f5081ff2d5b017d79449bcc59b18934b6b1fd2589e0e2eac55e64816119c6a42e9c61e33a3b16d97386c21c31d46371b0b66212e1e52a0a08159e065f4aced

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fb76af6583d1b541f23f1fa14cdd9da2
SHA1 29b852222d62d9fc9145d862b159dd99303bda2f
SHA256 4b0d9a523a51dc4b954841fa1fc5a817e35e677ddec4ad169dd3b944715e05ed
SHA512 b26d981b62742e5da792752f596b6d4b588dd0f290039b2b619c722b524a19caf18cadac652f882354f8f534b344ff101f23583eede50847ae8a2e0cd15ef825

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AS91FDNI\awe[1].htm

MD5 e89f75f918dbdcee28604d4e09dd71d7
SHA1 f9d9055e9878723a12063b47d4a1a5f58c3eb1e9
SHA256 6dc9c7fc93bb488bb0520a6c780a8d3c0fb5486a4711aca49b4c53fac7393023
SHA512 8df0ab2e3679b64a6174deff4259ae5680f88e3ae307e0ea2dfff88ec4ba14f3477c9fe3a5aa5da3a8e857601170a5108ed75f6d6975958ac7a314e4a336aed0

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9UR26M8S\cb=gapi[1].js

MD5 84e3d54be3ffd25a24bf3a514490b86c
SHA1 490f4a059114c7704703a7c67d193083f551ea1a
SHA256 dbae2441d55a51b1d10c5591a2ab27141b3aebff8e75816a3a4b107fcde4b6f5
SHA512 718ddb866adab289ea6ed942b18ee9d74c185d5739c642340b6ee827265e3fce63b768021aa182a8fd540b4a1f82f555dc9e668c4cd187566fe19336bc3464e5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 298e18771b26e0b24b90c8f5ebfb24e0
SHA1 314db5f6be401d956e3916a5f375bee7e9734a68
SHA256 664cb9891dc946d9df66855b98df45ee22b4f69ea90528834cd4e6b651a739f6
SHA512 8b115529fc4f0427af3d6025a6d568f264a304f80ce1cf4383d882098281790ac9b611d92c917ed5ff317ef78ab3d4f39a7b3c47bfdc6def2c0fb91d76302ba2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b18358fdaaf4619634fc38010cc9a853
SHA1 fe61005405b29b8686c91fb079d26fc61424540e
SHA256 687bcf10bacf25117a331b6e61242263c55ad7924388f4dc0ebe86a01d10a371
SHA512 1ac18a7ad3bcad1e2bdc4d4fb584c146c0725aa806beae0a738fb1ed01660b6a7bfeed3c1163fe7c08a512a184d8f6934b0742aaed5c18ce36294eb6c3357037

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 559cca28a3eef7572ae3edad3fc77694
SHA1 4b7b7b1b646f08e0c48c18f7ee167a39409b69be
SHA256 31454a0112d0844e988dfac4585b7dee5d300f58df132f8537bfc0192bc66af1
SHA512 b5882f6253cb39bff3e2e256115391aa621f616556b8e848a6989286e91d167c5336f8acedbef99ed48c86e5685c927ade2b25dc361923e124fed7bc8680e6bd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ce7266073a8d1a903a7fd0fa79afa0e9
SHA1 e68e6825c707e9ab864f3559b418d5fff3e9eac4
SHA256 198ee017a2f7364dd80fe89d7d013dc18d1a7eabd8fea3b413a67ff730f60592
SHA512 f023e212e2de2986f8cc768c162076d228bf1524726fde9597aa514b68c327a90ca76b725ef96c68aa7d7c95112298fd3187f76ad809d31b49de7169cfcd84ba

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c3afb48473331ccc69488d0e67db4a7f
SHA1 22bf00937c609822fe501a6427ab58965e14137f
SHA256 6e667e3a84311b84c95917359dce82d75af11b9e5ce88b0ec51a6798d153a671
SHA512 1e3abff755b9f68ad38d1fd1c417fd5f028c4f17707ff4db832b9b947166f9235906ac941167943199f09b77b971b3fc7c691ccb872373cc9db468f42d57e364

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1c69e7dbfa7d48e9484f124b453f4bcc
SHA1 3f9e447f0f4c0df4c27498185c8326e76e025e48
SHA256 e4060920845a488957ff877018b8e20f4afdadf3b599bf23ded353bee4b3570a
SHA512 3d1ed814f339119dbbb413576adde90238eadade8203715566ab68b91deb935301a576280faf4673ee32ed6a6612e4ec48b1baa6eacdcb3fc411cb76477d0585

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f413b08675f9d7fc74acc2909fdcef60
SHA1 be73d2268f886d38063248e5174b4a59f39a83d3
SHA256 fba53b888d3f67f928513402d76ba1d0c0726e1daae6062f066a0348c1ced9b8
SHA512 5efc795ceace3291b7626c90052a0a44d53702efbc0bbaf9ee4e9e04850fd537d3899df9f14e1c310054e368f20bebe7b7184dd60d8caefc97ba5066bbed600e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0e07ce5493676c96a6af029d815178a0
SHA1 6b9aa4eee0955d5f6f889e36efeb5662d3626c09
SHA256 3d0ac6912b894314ef584fca209c1663bdea48c9b6733127446e02ac0ac99c79
SHA512 cf5038dc30b9ea41d50f86a34fe8b674652df129913e90af78f96db79d39840c337e1b8f9703469572ad6bf95e2c3e2ee68fd4cd4fe97711cad43186dc010b0d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cc4917342a051f11e041171cbdb633b0
SHA1 888d0d1e2467892b37c36c47d6d9a62f66836d09
SHA256 dd42bf57d7dc4afe027bdea02b884a4ecc8ee0e46a655108b07c1e4a139f86c0
SHA512 69938143800e60a6a29dc0168b0d99008b130e29e04d128db4d67c93e3aff26fc7b49b7db6fc1b4a31ba836d30232cdc6f1c4c82676f9512d025023d18b775f7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4a8abd874e3539ec0f1482cbcb8e0c43
SHA1 399373a2964734546a1b40a4ca02e53e47a1ef94
SHA256 b180ab83c36b78564c58d040c4c5aed77eff1672ae2f7f68a5a23bf53cb90580
SHA512 7dbbb3f486027efb871398726ff8411710c8cdea52bbb1b45f26aa01ead2173ee00848f8f84aad5f498491aba47b25fce19129ac2cb02a87a67adda433e8e9fc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 68892f943fb1b0bac068bb74c24b5ff9
SHA1 1b67dc28c48ef57efceb7917dc567c4852b28bcd
SHA256 f8f3e1d8981c8c69f1b116a6836a70898d4625fda0e8e56e5bc19b1537c66c91
SHA512 ec4c1c6325e40ad87fca92ca768397c8945bed6016ace57f294d4384ce2bdbaa34eb23d0806d381b7b242fe6971b49f83d8191db8e0b89324dc5e5778033424f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 43ceb25bd1680d29ef35f8e5870787ed
SHA1 48f01ed504ede69e581b6db5ae7828e1a35cbcee
SHA256 6b787c91a588ce3380b0332301b661c8791a1d64616bece78e93657a3725bfac
SHA512 5d1a8d5711eb1885abe51422e1dbe354dcba545c6a5269586118f8eb1c265f8d440f0ac00d35ad5bd5d8b234ff604f0972942207fe3211c5b68a9a11b0e7c754

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 893d66c951db97de5c9a83c6bc2a20e6
SHA1 12c5ef5784f81fc6ce54eb6069dfd2af6acef719
SHA256 bf34af61f11d986778c5f0f8e8633c64bfd471b8bce30a3865ac160efe4c25e8
SHA512 b1b2c64d02818f8ed228ad2a700599ec089bb7c821560737ac18cf3bbc0238aa4470b8d804dddb5cb66adad4e2fd90de780ee251c622fbe5c85bb26b2e831073

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cdf678f1047db0bae69013e3d3b50268
SHA1 850858e69cba6535d289e572ac775e9211ebbfe1
SHA256 af74bf02dd05a4405bcbb9f1a6b80e36513847c682d02cb3f74b8c07f6559cd6
SHA512 1abf9f0e335912d07d8e6ed9c2b60511c8f1745537e2750ec76f7ee188458fb45e1a65d3468089fd68166dc5c050bc31aa589255254ff8cbffe90a3aff28808a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b8c05429d2cbdf9c7e1586da14dc0f41
SHA1 9efb55efcd0a15f580c337fb01c3d88306f21672
SHA256 85f4e0aef999db80721976fbdd37437cdf2f708a2698fc01b21b7fd1fb0e6e52
SHA512 b3de397d840f297e08f1a84b2fd4cc5ae8d4b1a49c8617b38ec99627fd11bf9301da6b2c8a36b626e76db7d8279f1362ba37a1171fc2d4ee2994d6380eec3881

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c4305bf6d1002898359a6d053d0765d3
SHA1 01a3d0b59a7a39b075da5c2d685fad99a7a8c618
SHA256 d48ffa7d879d33e63770e3814be674e5b324ae0d53fd45b9c3b6dd8ffe7e8018
SHA512 037e8e9a92e76a3093f935eae1c508340bcc42d05e0ff19f5a59057a015d152dd34febf483cdc6c5b23080d93d918cb71436abb99f3ccd1a9f8758134780ac02

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3e6ab83c9af974cf1dba96baafd49f58
SHA1 e737adcedd6294826771bec04d027076e8f60cce
SHA256 b3e6c1f85b52ea005079236530e1f2d539a59fb55887bfe86b1ee05db4817605
SHA512 2ff58e53b115c55b4fe2164e0baa605ac22823a289c0ebe3747c3d1ea47e9dc60050eac360dd5b2611cd3f0cc925147ab61fe5f24c61d158fd1d7ce8887fc086

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 20dcae39620158927659f23165b952db
SHA1 f32343ba7bea87dc753d544e143d68da84ae05fc
SHA256 12ee1d968c5f1375b7c6d2f730b4410915cb172cb792c777b94e0125c180d633
SHA512 de0fc2cfc9090b224be65756f4a00421a42591d3bdd1b4d24716e559f9a13799e6abcba68dd58d02f9cd493390a2ed4f99145c4018632a0f728f571ddc6c8f27

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 9b50cbd3f2ca4c105746d2d30f4db87b
SHA1 f99104012f9c5e154b6e4ed5dea8c496836929b1
SHA256 739ea0d7bc29b220fef4e2acdb655a1441c5312e544c27a142ea3c491c8c3583
SHA512 5e69f27c5d96a4968dd4afa74d69e75542870a225bf0e02bf7d88470056800a8916a2ff2fa220a3ae8d47ee3cfe52c8185a8453c0e89bbd3b0827505cf631c4a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 01227eac1ea907e20fc9a7f1b06594d6
SHA1 4b7fcec5d495fea3d8225ad630b2daf1fcf82d6a
SHA256 a66ff8fa7f993e6be2712ff18972b11dbb179c3ce591a53fbb52143e6d1e694c
SHA512 325f148bb8b4e1f0c7fee7111d0861ca197a13a4d2078cc9361b6f5b4d60f3377dd111acc645cb96e6fd49223e251e2e2846d21084bcd37b400674b275492a7b

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AS91FDNI\2254111616-postmessagerelay[1].js

MD5 c264799bac4a96a4cd63eb09f0476a74
SHA1 d8a1077bf625dac9611a37bfb4e6c0cd07978f4c
SHA256 17dce4003e6a3d958bb8307bffa9c195694881f549943a7bdb2769b082f9326d
SHA512 6acd83dfd3db93f1f999d524b8828b64c8c0731567c3c0b8a77c6ddcf03d0e74ee20d23171e6ceac0c9f099dce03f8e5d68e78c374da2c055973f6ac2db4e4f9

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9UR26M8S\rpc_shindig_random[1].js

MD5 45cbe9a36a384fe9273d25ef64ef8691
SHA1 325026cc1cb9022ccd8c9c2089597251419201cf
SHA256 d9959cd6fb35fa6a7aef91a5bb9bb5358e7f91271d84130de6d06910076c5c5c
SHA512 0a70b1b12658418caf529a01ddc4d7fd6c59276c4658028ce2b5f7dcea64ef91f353fce7e67349c8534b68fc53c0ff23c36a7260337dcd307b836e55bec43dc6

Analysis: behavioral2

Detonation Overview

Submitted

2024-12-15 19:48

Reported

2024-12-15 19:50

Platform

win10v2004-20241007-en

Max time kernel

148s

Max time network

150s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\f57c403a3ead05ed899fe45c29b525d0_JaffaCakes118.html

Signatures

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4400 wrote to memory of 3996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4400 wrote to memory of 3996 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4400 wrote to memory of 4920 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4400 wrote to memory of 4920 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4400 wrote to memory of 4920 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4400 wrote to memory of 4920 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4400 wrote to memory of 4920 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4400 wrote to memory of 4920 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4400 wrote to memory of 4920 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4400 wrote to memory of 4920 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4400 wrote to memory of 4920 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4400 wrote to memory of 4920 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4400 wrote to memory of 4920 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4400 wrote to memory of 4920 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4400 wrote to memory of 4920 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4400 wrote to memory of 4920 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4400 wrote to memory of 4920 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4400 wrote to memory of 4920 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4400 wrote to memory of 4920 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4400 wrote to memory of 4920 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4400 wrote to memory of 4920 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4400 wrote to memory of 4920 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4400 wrote to memory of 4920 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4400 wrote to memory of 4920 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4400 wrote to memory of 4920 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4400 wrote to memory of 4920 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4400 wrote to memory of 4920 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4400 wrote to memory of 4920 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4400 wrote to memory of 4920 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4400 wrote to memory of 4920 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4400 wrote to memory of 4920 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4400 wrote to memory of 4920 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4400 wrote to memory of 4920 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4400 wrote to memory of 4920 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4400 wrote to memory of 4920 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4400 wrote to memory of 4920 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4400 wrote to memory of 4920 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4400 wrote to memory of 4920 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4400 wrote to memory of 4920 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4400 wrote to memory of 4920 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4400 wrote to memory of 4920 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4400 wrote to memory of 4920 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4400 wrote to memory of 2404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4400 wrote to memory of 2404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4400 wrote to memory of 4884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4400 wrote to memory of 4884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4400 wrote to memory of 4884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4400 wrote to memory of 4884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4400 wrote to memory of 4884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4400 wrote to memory of 4884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4400 wrote to memory of 4884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4400 wrote to memory of 4884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4400 wrote to memory of 4884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4400 wrote to memory of 4884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4400 wrote to memory of 4884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4400 wrote to memory of 4884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4400 wrote to memory of 4884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4400 wrote to memory of 4884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4400 wrote to memory of 4884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4400 wrote to memory of 4884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4400 wrote to memory of 4884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4400 wrote to memory of 4884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4400 wrote to memory of 4884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4400 wrote to memory of 4884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\f57c403a3ead05ed899fe45c29b525d0_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffab23f46f8,0x7ffab23f4708,0x7ffab23f4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,6502264022311900308,6158906867593668907,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,6502264022311900308,6158906867593668907,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2432 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,6502264022311900308,6158906867593668907,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6502264022311900308,6158906867593668907,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6502264022311900308,6158906867593668907,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6502264022311900308,6158906867593668907,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6502264022311900308,6158906867593668907,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6502264022311900308,6158906867593668907,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6502264022311900308,6158906867593668907,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2700 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6502264022311900308,6158906867593668907,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6502264022311900308,6158906867593668907,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6502264022311900308,6158906867593668907,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6240 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,6502264022311900308,6158906867593668907,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5512 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,6502264022311900308,6158906867593668907,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5512 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6502264022311900308,6158906867593668907,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6502264022311900308,6158906867593668907,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6512 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6502264022311900308,6158906867593668907,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4132 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6502264022311900308,6158906867593668907,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,6502264022311900308,6158906867593668907,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3152 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
BE 64.233.184.95:80 fonts.googleapis.com tcp
FR 142.250.201.170:443 ajax.googleapis.com tcp
FR 216.58.214.169:443 www.blogger.com tcp
FR 172.217.20.194:445 pagead2.googlesyndication.com tcp
FR 172.217.20.163:80 fonts.gstatic.com tcp
US 8.8.8.8:53 connect.facebook.net udp
DE 157.240.210.14:80 connect.facebook.net tcp
FR 216.58.214.169:443 www.blogger.com udp
FR 142.250.201.170:80 ajax.googleapis.com tcp
US 8.8.8.8:53 yourjavascript.com udp
US 8.8.8.8:53 www.ashadee.com udp
US 13.248.169.48:80 www.ashadee.com tcp
US 8.8.8.8:53 img407.imageshack.us udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 resources.blogblog.com udp
DE 157.240.210.14:443 connect.facebook.net tcp
US 76.223.54.146:80 www.ashadee.com tcp
US 8.8.8.8:53 www.linkwithin.com udp
US 76.223.54.146:80 www.ashadee.com tcp
US 76.223.54.146:80 www.ashadee.com tcp
US 8.8.8.8:53 1.bp.blogspot.com udp
FR 142.250.179.78:443 apis.google.com tcp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 95.184.233.64.in-addr.arpa udp
US 8.8.8.8:53 170.201.250.142.in-addr.arpa udp
US 8.8.8.8:53 169.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 163.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 14.210.240.157.in-addr.arpa udp
FR 216.58.214.169:443 resources.blogblog.com tcp
US 8.8.8.8:53 rack.0.mshcdn.com udp
SG 118.139.179.30:80 www.linkwithin.com tcp
FR 216.58.215.33:80 4.bp.blogspot.com tcp
FR 216.58.215.33:80 4.bp.blogspot.com tcp
FR 216.58.215.33:80 4.bp.blogspot.com tcp
US 8.8.8.8:53 soalantemuduga.com udp
US 95.100.195.176:80 rack.0.mshcdn.com tcp
US 38.99.77.16:80 img407.imageshack.us tcp
SG 151.106.123.220:80 soalantemuduga.com tcp
US 76.223.54.146:80 www.ashadee.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
FR 142.250.179.78:443 apis.google.com tcp
US 38.99.77.16:80 img407.imageshack.us tcp
US 8.8.8.8:53 platform.stumbleupon.com udp
US 54.165.207.73:443 platform.stumbleupon.com tcp
US 76.223.54.146:80 www.ashadee.com tcp
SG 151.106.123.220:80 soalantemuduga.com tcp
US 76.223.54.146:443 www.ashadee.com tcp
SG 151.106.123.220:443 soalantemuduga.com tcp
FR 216.58.214.162:139 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 48.169.248.13.in-addr.arpa udp
US 8.8.8.8:53 33.215.58.216.in-addr.arpa udp
US 8.8.8.8:53 146.54.223.76.in-addr.arpa udp
US 8.8.8.8:53 176.195.100.95.in-addr.arpa udp
US 8.8.8.8:53 78.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 16.77.99.38.in-addr.arpa udp
US 8.8.8.8:53 73.207.165.54.in-addr.arpa udp
US 8.8.8.8:53 220.123.106.151.in-addr.arpa udp
US 8.8.8.8:53 30.179.139.118.in-addr.arpa udp
US 8.8.8.8:53 51.201.222.52.in-addr.arpa udp
US 8.8.8.8:53 www.godaddy.com udp
SG 151.106.123.220:443 soalantemuduga.com tcp
US 23.192.20.17:443 www.godaddy.com tcp
FR 216.58.215.33:80 4.bp.blogspot.com tcp
FR 216.58.215.33:80 4.bp.blogspot.com tcp
US 8.8.8.8:53 17.20.192.23.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 platform.twitter.com udp
GB 151.101.188.157:445 platform.twitter.com tcp
US 8.8.8.8:53 platform.twitter.com udp
GB 146.75.72.157:139 platform.twitter.com tcp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 92.12.20.2.in-addr.arpa udp
FR 216.58.214.169:443 resources.blogblog.com udp
US 76.223.54.146:80 www.ashadee.com tcp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.221.35:445 www.facebook.com tcp
US 76.223.54.146:80 www.ashadee.com tcp
FR 142.250.179.78:443 apis.google.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 kiambang.info udp
DE 157.240.210.35:80 www.facebook.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
DE 157.240.210.35:443 www.facebook.com tcp
US 76.223.54.146:443 www.ashadee.com tcp
US 8.8.8.8:53 accounts.google.com udp
DE 157.240.210.35:80 www.facebook.com tcp
US 8.8.8.8:53 35.210.240.157.in-addr.arpa udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 developers.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
FR 142.250.178.142:80 developers.google.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
FR 142.250.179.99:443 ssl.gstatic.com tcp
FR 142.250.178.142:443 developers.google.com tcp
US 8.8.8.8:53 www.google.com udp
FR 216.58.214.169:443 resources.blogblog.com udp
FR 172.217.20.164:443 www.google.com tcp
US 8.8.8.8:53 84.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 99.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 142.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 164.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 infojawatankosong2014.blogspot.com udp
FR 216.58.213.65:80 infojawatankosong2014.blogspot.com tcp
US 8.8.8.8:53 65.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ba6ef346187b40694d493da98d5da979
SHA1 643c15bec043f8673943885199bb06cd1652ee37
SHA256 d86eec91f295dfda8ed1c5fa99de426f2fe359282c7ebf67e3a40be739475d73
SHA512 2e6cc97330be8868d4b9c53be7e12c558f6eb1ac2c4080a611ba6c43561d0c5bb4791b8a11a8c2371599f0ba73ed1d9a7a2ea6dee2ae6a080f1912e0cb1f656c

\??\pipe\LOCAL\crashpad_4400_TDBZUCTRWFVTVTRI

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 b8880802fc2bb880a7a869faa01315b0
SHA1 51d1a3fa2c272f094515675d82150bfce08ee8d3
SHA256 467b8cd4aacac66557712f9843023dcedefcc26efc746f3e44157bc8dac73812
SHA512 e1c6dba2579357ba70de58968b167d2c529534d24bff70568144270c48ac18a48ee2af2d58d78ae741e5a36958fa78a57955bd2456f1df00b781fc1002e123d2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 567c660ba629a857da0cec2fa9702042
SHA1 9c9126b9fddb251f8293cee544f5f67aea641426
SHA256 b8a99d225a1bca0394647b7bde83e6c57b336bdb001d6f65b137ddb692b090f3
SHA512 ab32ed38c80fa9dd93d7c4ca8d90156c0524d3ef3d876ef4cf8ec0420e47f6d04850b2a0415294cc90ab172758e991d599eff1e24173299311b7edfbef51ca53

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 18f1ccd71870055edf6ef865af399236
SHA1 816f94dcbd58a81b012a9d9143b55db2e3c705f2
SHA256 525265ad60be8fa9519a0dc66167c2231c05d82e5bf0c539b50f934074df411d
SHA512 36343651819252f32519028cf3ac858cab314b74bcdf1ddfcb5c3632966f72a718855e363714424a35d1cc9cf16c02eba06ed4c9e635e99790084aade4968665

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 32f867c11acabd8a795b0ed4dabd5ad8
SHA1 a6e9445effaf36ca9707c23886ab527b1c4dbc94
SHA256 cbfaada949de5805350a19c39b270dedd2f84957d0aaf70e4d0b93ba8b3dd7ce
SHA512 02bc64d8f76ab66bc2a156407d203a2e422001f93ee41145bd7ba9e9392d5200071e3d066ae4b7018cf4d28fdd86e08ad0d36ad91793837d435ef3c8fb829e92

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

MD5 2ebfdbd309ee762211b4a2ac39708c4d
SHA1 b002922c672dbe1dd4caa02af24d0b1e7da616af
SHA256 54ae97d445b166859fe3ba6241b97abbac0aa0d158c72352b774d60ba3e81797
SHA512 d1687b7a6da07a72963c96a1e85661046d3d3c96f88445302afa09721fbe211a5fb8881ff14b346b0ebe8a20f5ced21979e9f58e256427e57b85d565bef17720

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 0e6aaeef95537c56d0259a12e4c195c2
SHA1 a4c1a5339123c024608665faa00d33bf2ca1b6f5
SHA256 2d0b2a366a2239e1541e847aca0005a4e6817e84604f17ffa34f249f57857ec7
SHA512 1f23c2d6dfb6a255ca803f015e7c9a4f333ce5bb2ef693c533010ef480ba8706a109b0fa03c22d5aedacfc049fb353dde6faec97a5c641f3854ca1002d14a759

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5859d3.TMP

MD5 42df0e86a02c6dfb09b4c9a9388aba8f
SHA1 4455b4a84f2f331fec27dadd57f3521e70402302
SHA256 ee212f8988dd8bf056502826b12421cd3d3788a9bc9531a68647638a5eabe907
SHA512 ded620d6153612284ffb85830307b87eafb7163be235f1d9fae15605f6a76a36963ebab2e48a9c1629c7370960869bf32ac4a1a3f7e5eeafba727cb36a9b2bcd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 a8d6f10155b2b3ebcf577ac56350a67a
SHA1 4a5a3f32e30a1539a9dc83542c4b95144f67fccb
SHA256 a16c45bf084a59b84228ceaa0932aa6a45708722ee7c3301b22b126895d89ab4
SHA512 2be6a682746cfd173bed4faa640232869cde03dfe7c22f2de17a603602114319c1f523abe4035fba432ec9737bbe9470901b64789af29d1f15535661ce151c13

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b92ad312e9d045040d6715819949882e
SHA1 e5902ad78ebd94f7a6e23cd8b4a46fad955a61b1
SHA256 2d8093837c993cf4b58dcfd5a5e6f82f5333c04d2e786b32c687dd520e47e090
SHA512 0367bd826f61e709b51c8bf966fb7cb7d73b3abb4ca06dd2c505734413eac3ea69d3dc5a88bdfbfe87a055471175681620521b9795d0d253088f84048c61f531

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 75da16bdc88ae2f9e6e5d6efd3ff83d7
SHA1 43cc6004009dcf612bebf1d87c596e89a9bcfa96
SHA256 22852dcb13a94153a13e65ec783b2d3b29466db1f663b76158734bdd5d9fad3d
SHA512 3efbc8c41be3e1ed5c27c0d62991c68c40d74957035c321ca0cc4db797f611f23ad6fc8a5b31af6586f25d585db1bba4b18094e26cfa26fdf3fc855076a122aa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 69cbebdbfeb3d4e76f10be3605510b20
SHA1 e8f88f9c8527495a7b9f052f62e9d8099466bd85
SHA256 be22de859673327bd39aa73b87d5b1a7c058849b646a9d6e8f77f6e792dc623a
SHA512 ff5789c457dc9a2e410478104bce34c37d90ab663bbc62b97d492baa831505b895c11911bdca33c8d0c0dfa299370c554c1340971aceb0f9f60c3d62fc7ab71e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 1aab38946d71dbf8544f7732fdfabed6
SHA1 2edc89efd7afb9739df413743162472b90f70002
SHA256 7399f678df3f613559c8140b475992719b3b23e7b52456f1a7d0a45ad0eaa8c8
SHA512 d2717bcfe70216e83375efc1e945fd6bf8b689a13554e76ea014137a7cb5e88477c3cee0e4e3bc00439c4d2a138ae3705696d7b406d58a9e960b1d1aaab0b922

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 70c489210ede0edf638673d8680c7907
SHA1 b82956030e0ec2f48f6b4b8b730c93d2b879a82f
SHA256 0a9ad866538cc62f9586aa067eed5464cfaf1af96f2b3b9c673c778c9f3e9b7a
SHA512 bc4cb4f6d746d748799c3f8e8b0852157c82f724043ce34fbe0a45e04457c20c9134461d34fe807f0ae8531fc8185f1ef48738aa1eb0d0e0f8d8564a49016563