Malware Analysis Report

2025-04-03 14:26

Sample ID 241218-bqx7qaxqbp
Target f98dc10a31d49aadf099cf8981b79786_JaffaCakes118
SHA256 cd4a79079c1367b6ca2d40e188b56b28a8a9fe7a490702aa6a222e7421d36fa2
Tags
socgholish discovery downloader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

cd4a79079c1367b6ca2d40e188b56b28a8a9fe7a490702aa6a222e7421d36fa2

Threat Level: Known bad

The file f98dc10a31d49aadf099cf8981b79786_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

socgholish discovery downloader

SocGholish

Socgholish family

System Location Discovery: System Language Discovery

Browser Information Discovery

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Modifies Internet Explorer settings

Suspicious use of SetWindowsHookEx

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-18 01:21

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-18 01:21

Reported

2024-12-18 01:24

Platform

win7-20240708-en

Max time kernel

144s

Max time network

147s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\f98dc10a31d49aadf099cf8981b79786_JaffaCakes118.html

Signatures

SocGholish

downloader socgholish

Socgholish family

socgholish

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "440646761" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6AD14561-BCDE-11EF-9982-6A2ECC9B5790} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ad2097af04d40b4f9f761d03d4ae28460000000002000000000010660000000100002000000001dd2de9a327c6d225f51debc246bb4c50a17805bbd017bfb121f6b86c0e14fd000000000e8000000002000020000000254b7507acec5d046c4abde726c3ed47f5294cbb8173708f133d17ca0abd7f4a20000000fdf187b70bc98e3f78e1eea494b7416e9d3ce7cc4396b9daf76d758ee76a2939400000003a79746eac35282e8fee1dd4880e0e0a5a43252534f00fefe8284fb75545329ba884bcb35edd90cb94a76c157960bb2114878af332428ecd06bde7ebccd1967f C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c03d4940eb50db01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ad2097af04d40b4f9f761d03d4ae2846000000000200000000001066000000010000200000005fa471788bd47dd906b466bc90004848e9c0b16ad59b7334e1d0104047ce3502000000000e800000000200002000000001a8bc2f8e3797f1572271f03f6bc751c38832522b01c6dff42581057680644690000000ed1c25d97a3330003e00c506a4ff047aa2dffde4ed103b6132004466e1841b0761e7d48ce75efd0598bed52214f93a9dd24cdbb6a03cee7a98812d67c127b1c4aa01f0e619504b1eabcf82daa06bca921464885109b2fdba7f999adce55cb52a9b18199f7ad4fa5dd9ce706a8e95e8c168a1ed1e04a7f80590811ad63c9b701db92bb3b77a5d63a6dac3c2e99876f512400000003068f79e07bc5d1e9f04826b41532c0187684ba39526c8433ca0603efb4fcbfa43ed25da0d1ed8dca9f2b98124399709798dc4f4c56ebf8a5f7364098deab3bb C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\f98dc10a31d49aadf099cf8981b79786_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2668 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 ads.egrana.com.br udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 imageshack.us udp
US 8.8.8.8:53 img189.imageshack.us udp
US 8.8.8.8:53 img2.blogblog.com udp
US 8.8.8.8:53 curiosidades.uvaia.com.br udp
US 8.8.8.8:53 img1.blogblog.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 img163.imageshack.us udp
US 8.8.8.8:53 img39.imageshack.us udp
US 8.8.8.8:53 img833.imageshack.us udp
US 8.8.8.8:53 img692.imageshack.us udp
US 8.8.8.8:53 img15.imageshack.us udp
US 8.8.8.8:53 whos.amung.us udp
US 8.8.8.8:53 www.dohits.com.br udp
US 8.8.8.8:53 www.betolinks.com.br udp
US 8.8.8.8:53 www.aglomerando.com.br udp
US 8.8.8.8:53 vidavadia.com udp
US 8.8.8.8:53 gosteibloguei.net udp
US 8.8.8.8:53 vadiandonanet.com udp
US 8.8.8.8:53 www.linkbait.com.br udp
US 8.8.8.8:53 linkablog.com.br udp
US 8.8.8.8:53 img14.imageshack.us udp
US 8.8.8.8:53 img96.imageshack.us udp
US 8.8.8.8:53 www.linkerama.com udp
US 8.8.8.8:53 tempodesobra.com.br udp
US 8.8.8.8:53 img818.imageshack.us udp
US 8.8.8.8:53 agregando.net udp
US 8.8.8.8:53 linkstop.com.br udp
US 8.8.8.8:53 betolinks.com.br udp
US 8.8.8.8:53 img.youtube.com udp
US 8.8.8.8:53 pr.prchecker.info udp
US 8.8.8.8:53 www.gbotvisit.com udp
US 8.8.8.8:53 i.creativecommons.org udp
US 8.8.8.8:53 jc.revolvermaps.com udp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 dl.dropbox.com udp
US 8.8.8.8:53 venom1301.spider.ad udp
US 8.8.8.8:53 icons.iconarchive.com udp
US 8.8.8.8:53 apis.google.com udp
FR 216.58.215.33:80 2.bp.blogspot.com tcp
FR 216.58.215.33:80 2.bp.blogspot.com tcp
FR 216.58.215.33:80 2.bp.blogspot.com tcp
FR 216.58.215.33:80 2.bp.blogspot.com tcp
FR 142.250.74.234:80 ajax.googleapis.com tcp
FR 142.250.74.234:80 ajax.googleapis.com tcp
FR 216.58.215.33:80 2.bp.blogspot.com tcp
FR 216.58.215.33:80 2.bp.blogspot.com tcp
FR 216.58.215.33:80 2.bp.blogspot.com tcp
FR 142.250.74.234:80 ajax.googleapis.com tcp
FR 216.58.215.33:80 2.bp.blogspot.com tcp
FR 216.58.215.33:80 2.bp.blogspot.com tcp
FR 216.58.215.33:80 2.bp.blogspot.com tcp
FR 216.58.215.33:80 2.bp.blogspot.com tcp
US 208.94.3.18:80 imageshack.us tcp
FR 216.58.215.33:80 2.bp.blogspot.com tcp
US 38.99.77.16:80 img818.imageshack.us tcp
US 208.94.3.18:80 imageshack.us tcp
FR 216.58.215.33:80 2.bp.blogspot.com tcp
US 208.94.3.18:80 imageshack.us tcp
FR 216.58.215.33:80 2.bp.blogspot.com tcp
US 38.99.77.16:80 img818.imageshack.us tcp
FR 216.58.215.33:80 2.bp.blogspot.com tcp
US 208.94.3.18:80 imageshack.us tcp
FR 216.58.215.33:80 2.bp.blogspot.com tcp
FR 216.58.215.33:80 2.bp.blogspot.com tcp
US 208.94.3.18:80 imageshack.us tcp
US 208.94.3.18:80 imageshack.us tcp
FR 216.58.215.33:80 2.bp.blogspot.com tcp
US 38.99.77.17:80 img818.imageshack.us tcp
US 38.99.77.17:80 img818.imageshack.us tcp
FR 216.58.214.169:80 img1.blogblog.com tcp
FR 216.58.214.169:80 img1.blogblog.com tcp
FR 216.58.214.169:80 img1.blogblog.com tcp
FR 216.58.214.169:80 img1.blogblog.com tcp
FR 216.58.215.33:80 2.bp.blogspot.com tcp
FR 216.58.215.33:80 2.bp.blogspot.com tcp
FR 216.58.215.33:80 2.bp.blogspot.com tcp
FR 216.58.215.33:80 2.bp.blogspot.com tcp
FR 216.58.215.33:80 2.bp.blogspot.com tcp
FR 216.58.215.33:80 2.bp.blogspot.com tcp
US 38.99.77.16:80 img818.imageshack.us tcp
US 38.99.77.16:80 img818.imageshack.us tcp
US 38.99.77.16:80 img818.imageshack.us tcp
US 38.99.77.16:80 img818.imageshack.us tcp
US 38.99.77.16:80 img818.imageshack.us tcp
US 38.99.77.16:80 img818.imageshack.us tcp
US 38.99.77.17:80 img818.imageshack.us tcp
US 38.99.77.17:80 img818.imageshack.us tcp
US 38.99.77.17:80 img818.imageshack.us tcp
US 172.67.8.141:80 whos.amung.us tcp
US 38.99.77.17:80 img818.imageshack.us tcp
US 172.67.8.141:80 whos.amung.us tcp
US 38.99.77.16:80 img818.imageshack.us tcp
US 38.99.77.16:80 img818.imageshack.us tcp
US 38.99.77.17:80 img818.imageshack.us tcp
US 38.99.77.17:80 img818.imageshack.us tcp
US 104.21.234.48:80 vadiandonanet.com tcp
US 104.21.234.48:80 vadiandonanet.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 172.67.1.191:80 i.creativecommons.org tcp
US 172.67.1.191:80 i.creativecommons.org tcp
US 67.227.215.171:80 pr.prchecker.info tcp
US 67.227.215.171:80 pr.prchecker.info tcp
GB 162.125.64.15:80 dl.dropbox.com tcp
GB 162.125.64.15:80 dl.dropbox.com tcp
FR 142.250.201.174:80 img.youtube.com tcp
FR 142.250.201.174:80 img.youtube.com tcp
US 104.21.235.213:80 icons.iconarchive.com tcp
US 172.67.130.119:80 www.gbotvisit.com tcp
US 104.21.235.213:80 icons.iconarchive.com tcp
US 172.67.130.119:80 www.gbotvisit.com tcp
CZ 46.8.8.100:80 venom1301.spider.ad tcp
CZ 46.8.8.100:80 venom1301.spider.ad tcp
FR 142.250.179.78:443 apis.google.com tcp
FR 142.250.179.78:443 apis.google.com tcp
NL 68.66.248.44:80 www.linkerama.com tcp
NL 68.66.248.44:80 www.linkerama.com tcp
GB 162.125.64.15:443 dl.dropbox.com tcp
US 104.21.234.48:443 vadiandonanet.com tcp
US 67.225.224.10:80 www.aglomerando.com.br tcp
US 67.225.224.10:80 www.aglomerando.com.br tcp
US 172.67.183.15:80 ads.egrana.com.br tcp
US 172.67.183.15:80 ads.egrana.com.br tcp
US 185.230.63.186:80 tempodesobra.com.br tcp
US 185.230.63.186:80 tempodesobra.com.br tcp
US 8.8.8.8:53 widgets.amung.us udp
US 67.227.215.171:443 pr.prchecker.info tcp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 licensebuttons.net udp
US 8.8.8.8:53 imagizer.imageshack.com udp
US 104.22.74.171:80 widgets.amung.us tcp
US 104.22.74.171:80 widgets.amung.us tcp
US 104.22.11.121:443 licensebuttons.net tcp
US 104.22.11.121:443 licensebuttons.net tcp
GB 88.221.134.185:443 imagizer.imageshack.com tcp
GB 88.221.134.185:443 imagizer.imageshack.com tcp
GB 88.221.134.185:443 imagizer.imageshack.com tcp
GB 88.221.134.185:443 imagizer.imageshack.com tcp
GB 88.221.134.185:443 imagizer.imageshack.com tcp
GB 88.221.134.185:443 imagizer.imageshack.com tcp
US 67.225.224.10:443 www.aglomerando.com.br tcp
US 185.230.63.186:443 tempodesobra.com.br tcp
US 38.100.119.121:80 linkstop.com.br tcp
US 38.100.119.121:80 linkstop.com.br tcp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 67.225.224.10:443 www.aglomerando.com.br tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
US 8.8.8.8:53 r10.o.lencr.org udp
US 8.8.8.8:53 r10.o.lencr.org udp
GB 88.221.135.105:80 r10.o.lencr.org tcp
US 8.8.8.8:53 lh4.googleusercontent.com udp
GB 88.221.134.89:80 r10.o.lencr.org tcp
US 8.8.8.8:53 www.microsofttranslator.com udp
FR 142.250.179.97:443 lh4.googleusercontent.com tcp
FR 142.250.179.97:443 lh4.googleusercontent.com tcp
GB 88.221.134.185:443 imagizer.imageshack.com tcp
GB 88.221.134.185:443 imagizer.imageshack.com tcp
US 52.242.79.71:80 www.microsofttranslator.com tcp
US 52.242.79.71:80 www.microsofttranslator.com tcp
US 67.225.224.10:443 www.aglomerando.com.br tcp
US 8.8.8.8:53 www.guerradosblogs.com udp
US 8.8.8.8:53 www.google.com udp
FR 172.217.20.164:80 www.google.com tcp
FR 172.217.20.164:80 www.google.com tcp
DE 91.195.240.12:80 www.guerradosblogs.com tcp
DE 91.195.240.12:80 www.guerradosblogs.com tcp
US 67.225.224.10:443 www.aglomerando.com.br tcp
US 67.225.224.10:443 www.aglomerando.com.br tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 ww82.spider.ad udp
IE 31.13.73.35:80 www.facebook.com tcp
IE 31.13.73.35:80 www.facebook.com tcp
US 199.59.243.227:80 ww82.spider.ad tcp
US 199.59.243.227:80 ww82.spider.ad tcp
US 67.225.224.10:443 www.aglomerando.com.br tcp
IE 31.13.73.35:443 www.facebook.com tcp
US 67.225.224.10:443 www.aglomerando.com.br tcp
US 67.225.224.10:443 www.aglomerando.com.br tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 88.221.134.146:80 crl.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
GB 95.100.245.144:80 www.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LPQ313RR\xfd7[1].htm

MD5 c2157f3553b880c3cbcf7027bf686a83
SHA1 49e8bdb67315ee712673d7f697a2f51bcbd12775
SHA256 045fb77cf14740d0b9ac0e51e5bf717e7129bf5d3086e24ca711913081994a5e
SHA512 26b11a25ec87659f24436eb147e8a862d9041b863f1fa7c4936de58a8911a2a34e0356224ec4a02891c014862f56453af815beb4bc1ff2d517c24f6dd2a31ad7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B46811C17859FFB409CF0E904A4AA8F8

MD5 3e431954d4b6ce66f09dff9c8bf470f3
SHA1 0272ed80bb6d420abce30f3d9a60f241e9419d46
SHA256 56541ce30623c8606f7059cea8d85c1225cb87d8f4d0ba2dd2da450b2dba1520
SHA512 6755b8c505fe77e88a6655aee556a3bbabde12e60f6591ad2eda68319ff8ed13763c5c002b646e1343da6625dc4260edbdcdf138583e9db3106859f2932824ce

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751

MD5 45ca93d77755d53f3e9253d6c647ae2b
SHA1 b8a35a647e0017f3e5715222e8d810ac3931df6b
SHA256 833e2ae8c94b0a1080dc9bb0418b43e531796414dd24e43352761613c9c956dc
SHA512 93220f692b62ba4634cf51f047bf00d0b17553487c6ef85676727e41ce85de9bc83aa6f0393e9328845db0022f3c4443d4211bd975e17afdeb0a0b8e45cbb5ef

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751

MD5 e192462f281446b5d1500d474fbacc4b
SHA1 5ed0044ac937193b78f9878ad7bac5c9ff7534ff
SHA256 f1ba9f1b63c447682ebf9de956d0da2a027b1b779abef9522d347d3479139a60
SHA512 cc69a761a4e8e1d4bf6585aa8e3e5a7dfed610f540a6d43a288ebb35b16e669874ed5d2b06756ee4f30854f6465c84ee423502fc5b67ee9e7758a2dab41b31d3

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UQFHO95Z\dnserrordiagoff[1]

MD5 47f581b112d58eda23ea8b2e08cf0ff0
SHA1 6ec1df5eaec1439573aef0fb96dabfc953305e5b
SHA256 b1c947d00db5fce43314c56c663dbeae0ffa13407c9c16225c17ccefc3afa928
SHA512 187383eef3d646091e9f68eff680a11c7947b3d9b54a78cc6de4a04629d7037e9c97673ac054a6f1cf591235c110ca181a6b69ecba0e5032168f56f4486fff92

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\39GEHZPO\errorPageStrings[1]

MD5 e3e4a98353f119b80b323302f26b78fa
SHA1 20ee35a370cdd3a8a7d04b506410300fd0a6a864
SHA256 9466d620dc57835a2475f8f71e304f54aee7160e134ba160baae0f19e5e71e66
SHA512 d8e4d73c76804a5abebd5dbc3a86dcdb6e73107b873175a8de67332c113fb7c4899890bf7972e467866fa4cd100a7e2a10a770e5a9c41cbf23b54351b771dcee

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UQFHO95Z\httpErrorPagesScripts[1]

MD5 3f57b781cb3ef114dd0b665151571b7b
SHA1 ce6a63f996df3a1cccb81720e21204b825e0238c
SHA256 46e019fa34465f4ed096a9665d1827b54553931ad82e98be01edb1ddbc94d3ad
SHA512 8cbf4ef582332ae7ea605f910ad6f8a4bc28513482409fa84f08943a72cac2cf0fa32b6af4c20c697e1fac2c5ba16b5a64a23af0c11eefbf69625b8f9f90c8fa

C:\Users\Admin\AppData\Local\Temp\Cab3D70.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar3E4D.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9b900a70f3535035ce1a8bfb9747b533
SHA1 0efdb5d17c3c1779bc470b1e1a35f279530ffe8d
SHA256 fa327e0b01e48755892f4bd466d97a67a5bc4913650c88294f6406f9afccd73d
SHA512 5e6abcff579757f74c9e8e97157aaeb2dedd4c3024876caf3ace2371c544e40b57a1271a70e3b1dab3a55b38b344712e66aeef1e2708b81f034c56fd4c15b548

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ed7973f7bb59258e775756790d1b8014
SHA1 153e098c428dc1218bee01d6775a0a429cfb21f5
SHA256 38955ac4017578db269757c37b7a6f5e59fd0a404340a4f4407eb0dc23f41a28
SHA512 56858bcf92c232d87b1919192f131a0b23f13002883642aee1c956d43189ca54860147783b52ad309102511eb7b37f943c523619084307ac3d6e3be62e9034a1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c7cf8a1de355b501a5d610e3967e5b87
SHA1 8bf5aeb3b617886b35eb27f584f4352de954d5f6
SHA256 8d3cf9f21f20d669ac149813db109ef5e094394699b37a5efec63a2e701465b6
SHA512 ff729ed60806d18f825303d65ebd065259ea27c228ab87b3a432af09f02db4dc84fc3b1c404eae6140e296739df5bf0f4977ab9f8b390491e4400569eecfe5fc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ecab6e8adf6d72d69576ff5b4b6d843d
SHA1 e9db62d9373399a75db4dc873e179a025c26bae8
SHA256 247fb66fc126bdb161ced1d8219f40cfc39905a12ce0885cdb2549c1ddcdb859
SHA512 a64e398c0a24b9354eb76fc96fe488a2a5e99ef7804bdbac4ba4c3b593b3e6d40c62d26d02444471a2b19a8c0fb634ce9ddb380676b4da96138fbc970298c469

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ab94cd96110fc36630b4bfd240717703
SHA1 47eb87f9a6c81cb743455ed0004963eeb06fd3dd
SHA256 479783f5e3c976ad7acf59152a914f69dc1d45cb72fab4e31077715e237c0f80
SHA512 73ee6ff4a3de671a4db910265b28e2667368791aef7d098c1dd1aac8be2d455c96e82cf02ffe4c3e34b54ecc14aa9487946548ea82a1a31ecee6df6b9b54687b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 aec31fde02dd3c87283f1a72eac44dc1
SHA1 7ee2ba1fa3e849c434a2f8f8a666a880f543be2f
SHA256 c3c24a1a21836d86957eb0fbcf26c477dff0054e43ae66eb3bc5042adf331cc1
SHA512 402de83da996aa4584e4b90fabaccc0f45f017ce6291cc52ed5b516f4fbbc533e68f43e22f980641ccadbf847a4cc3ff44783f2f0ec1ac649a8e748908c66fd5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 81f7d205ae5c2b855c189cca87cdc713
SHA1 cf3645f22d0c75c90c490fa09af1d4abda2f06ec
SHA256 13b387c5dcb35f42804cc03dcc3f0d94686aa1574cd2cd0014f143caa41b1b26
SHA512 caeb9b65de86f7ed97b427e9f7eb212343a9962d81fa3a217c1d4137e43c92254b483f151691c8cf5f7434b40d0511d5d87c141baf6b58538bbf27fde7f0eb34

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4822c7d8c8a78eab0f1a323fa79c1385
SHA1 2ded6a23f0837a0e6ec81e9e380da3e42631bacb
SHA256 530ac89717c7c023a7f36d75571860f766042a8c1760db7c7f0ce87451867b48
SHA512 e3675935f447b871092a6ea8ea26dbd19d1448b4189fe388ca02331ff8ed818428b52694f10626a9e56036d5e15d735386805d9e9ab8603024df64b492df9e91

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 14656eae4b8fc43ecee292f5480b4774
SHA1 89e7eb09c5a8e278084e289ba9bd3b6e6795da8a
SHA256 614948d1ca11a40f65cb3a521448e09adc9b738abed129706747f2d9cd25bea7
SHA512 3d9b6ec8a851b2bf7a10de7e1cd2be3cb4a239769ea409a023660fd91d86063a59b0ce724e173603d724b40349654c3229cbaff72aae8f997b8a96b7100e0364

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4e91df74b28cc5ad4cb91b8dfcf0235a
SHA1 6e740c10d5391d153109ca06100f2bc2df78fa23
SHA256 bc2a159e0c74e454225a03df876ba24d9471cc26b4d971efbb01fa7cd4662dd9
SHA512 484b56318b11891e2a9c49f1f4f706fea4cde8df6a2ece3fded72099be35253713413a6c8ec29450bf34c9cf2567673c8b9ea8740221c45155f978fb043e7a90

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 74a5101cf4460b97ed668f32f76c1d24
SHA1 d755b8db618ae7647d1d3f9d203aeed72aadaefe
SHA256 e611fd2f17f896cb0a49bc96d83cf0c816878a43eb90f6167372f432a57729fc
SHA512 198ba3242211b1dc774aae22320fb3bc1e92800b28d2c7d5d223e9a1db45d7d231dd868a3ddd58acd29ceda19e4b8d9160f8f992a518bc2711015d39c3e573ec

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 89865662d55f2c05cebcb6e79ff6078e
SHA1 b701d4d61f59bc75f16833c44cf312e636969a33
SHA256 abbd3c61e180b1e2353f3f7b20bc97f3519d6167a7b5fd9cbfa2194d2830672d
SHA512 cd6c1db439d334f516643f80e9cbb9025396d7815ba304bb3d42437b7d8a3e452578aecca19bf322ec73379ba20e65aa80ebdf409444e1ca40ac5a3ff2db963f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dc6d4323169fdc10e9c8dbd1ab7ca5a4
SHA1 465598ee562b5818b9ef25a2beba8c310aabddb9
SHA256 3aeab68ed01f00bbcaba64190b68e69fe4c8b28c518e2a989841611fc470e3cc
SHA512 a46e5a5b3bced70fa84527e59943fa0178d20536a508b3488ac53b3f8f98c8acf8d0437e0f9bc7027abb0c6c6ab8d8254372dbc38640ffbb2cdbf8de7e3bce5e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e175e81196569e147d2164e818914d8f
SHA1 0009f6e9c0b8d011a601fbd71861765c1acfcd24
SHA256 f16a137b61407c409b153cd668d30cefa92637612da9ed23429601aba5b38e77
SHA512 1dca185396db3e805638455859ae120a97b70cf46b3e5b3dcc1ce54b60b8df20eb9cf2980e88783ae5a142d13e85f15378cea38a897ff0e1fce95215fe7fc5e0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 3da77c2894a776bb8438855e9bc0b3fc
SHA1 2281d95e9129af43394baa935464b1d50af8d777
SHA256 ffc8205ad111d432e1d9febb00d785cbbcf7e3a0b450cfe69eebbac4b023bd38
SHA512 4578f9c76bb951a5f41972ff3195a5e7f3943471c7ba329124bbe5940abfd0ecf89ad88318f96e1d25e66cfe5ae5cfc691906d20c345aec47a6ce6de1f946ddc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 556f40098d4da739687556e5904db342
SHA1 5d0e92bb9a773c3fa5c24086afa35dd5c5c8aa03
SHA256 855fe169e5a6055cec25505e851e2ac5c941228af3c9fb35e5ced9e12752a4ac
SHA512 489524063ba980506a6ba32483a7226ddcf1603b60170d1729241c5ac68515faf33a1542d37795ae1dcb8c15a13204374aed8afef11abfeda37a5df950096efe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b1ffc74263f7f8d43553c790a5797756
SHA1 00888d5837e52154105aa905bccaf18389f8c430
SHA256 2b1724413f1c08af064ae75be86fdc90ce611839bca6d61a0bdeebc24a3f4096
SHA512 f3818b94b2199c45c9cc84d6fe6d5a4a9db8db9bfb420eb09a8541b826568a9d6388488fadcd3b19cfe2f7397fa9b29622f91f68e80c6b48278f995f87a77afb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b709bf03880915dc89988709a58c9ef1
SHA1 e825a2c54db5cb34084bcf1c5b27e1511da6eecf
SHA256 072bd0974d84e016e14efdfdf97cd34137a31bf1c80080e9028bda872c87a4f9
SHA512 470c91faaeb858e73de96403023679a3b785aa374aeee9d74d13215f21c7b767e432e0ed423e85b28c95ca59d2f2b91d7cc3513cf9ddfab6083124ee103ba4bd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e8d998a4aecd4a0106e454e6a23fea6e
SHA1 596beaa7bd94188da45c1e85c5d934cb1cf7ef56
SHA256 e89f52639daf89601d7cc9d43105fb7760740377d084e579c3d5aec6b2cf3e49
SHA512 1539e9692b21775d822728b97d86cbf105761ab6fcac35e480b7112739761f43f7bd58dc3e0f839b6c4b3fd6e048766ebee3f0d5d69336c09c35d437e850c1d2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fe89c13275efe7db47c29e99fa6885ac
SHA1 f7ff38c57dd284f02f0069854f0e9e055a0269fb
SHA256 6f90cc40388b945e96a59a16bc16c9287c9ba7a4aa592bbf6902b0a100e885bf
SHA512 df53bbcece88cea8273157d1913374e0b661428a218c23eb7ce5cf8012aac0c39e362ef4dc8f6c5d9a2cab2b9c638b77f2b7c25bb90bd0ea82b67032c1549bf7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e2b7f878e60cfce9ca967a74ea2eeb5c
SHA1 c64efd4bd770bef3b3bc8dc33374d69d9bf7b8a3
SHA256 eae499672adffd024bd2aa286fe932229e9d65fa3bf0ff6fa10157019abca7e0
SHA512 cd3e3a46654458e949243723e338414b2d1ccaac81be312ccb21c6a18564e2f9c634887e94f96ea83866e57cd6e81f4566d8f797b3487265341891db1e496a1b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1c3666e784712f1ff8e96d236e9b8ced
SHA1 9d1d5feed5b08f194d2fe23d78f9d6c853df6f42
SHA256 f9dc587a5b757f4fbd66a80db25c805a9d12ca894b29b73099ab6524ebb516a4
SHA512 5e848087ca5bc4d6edef2afa94f00433d2b771061529e5c301ac2dc490de183537ed1e8111e29bb834b51021929d80a39e4acacadcd4af84900699e06f655c83

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2230bfdec0f358873c88be823a50d564
SHA1 c0985c72c238407ed33bacca19368f8ac513e7f1
SHA256 a4022cc0547c4520a24a1ac2b1bd67880c9fa9d4df662a31c917d635092245db
SHA512 a294a9991a0ec956d682a27d115e7b99e62f7c6a67a4312b37e4fedbe23b50d0b7ab786092d47d013402711c212725ba374c1635fdbbd4f1a2fdce32b865d04c

Analysis: behavioral2

Detonation Overview

Submitted

2024-12-18 01:21

Reported

2024-12-18 01:24

Platform

win10v2004-20241007-en

Max time kernel

145s

Max time network

150s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\f98dc10a31d49aadf099cf8981b79786_JaffaCakes118.html

Signatures

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2172 wrote to memory of 4944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 4944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 3940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 3940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 3940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 3940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 3940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 3940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 3940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 3940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 3940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 3940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 3940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 3940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 3940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 3940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 3940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 3940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 3940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 3940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 3940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 3940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 3940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 3940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 3940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 3940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 3940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 3940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 3940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 3940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 3940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 3940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 3940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 3940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 3940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 3940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 3940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 3940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 3940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 3940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 3940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 3940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 4756 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 4756 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 1932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 1932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 1932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 1932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 1932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 1932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 1932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 1932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 1932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 1932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 1932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 1932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 1932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 1932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 1932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 1932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 1932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 1932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 1932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2172 wrote to memory of 1932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\f98dc10a31d49aadf099cf8981b79786_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa8b7646f8,0x7ffa8b764708,0x7ffa8b764718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1956,15552191615665073606,4096852093859117982,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1956,15552191615665073606,4096852093859117982,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1956,15552191615665073606,4096852093859117982,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,15552191615665073606,4096852093859117982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3168 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,15552191615665073606,4096852093859117982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,15552191615665073606,4096852093859117982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,15552191615665073606,4096852093859117982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,15552191615665073606,4096852093859117982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,15552191615665073606,4096852093859117982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4592 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,15552191615665073606,4096852093859117982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3008 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,15552191615665073606,4096852093859117982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3476 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,15552191615665073606,4096852093859117982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,15552191615665073606,4096852093859117982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,15552191615665073606,4096852093859117982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6208 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1956,15552191615665073606,4096852093859117982,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3840 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1956,15552191615665073606,4096852093859117982,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3840 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,15552191615665073606,4096852093859117982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,15552191615665073606,4096852093859117982,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,15552191615665073606,4096852093859117982,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,15552191615665073606,4096852093859117982,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1956,15552191615665073606,4096852093859117982,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5280 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 ads.egrana.com.br udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
FR 216.58.214.169:445 www.blogger.com tcp
FR 142.250.75.234:80 ajax.googleapis.com tcp
US 104.21.36.14:80 ads.egrana.com.br tcp
US 104.21.36.14:80 ads.egrana.com.br tcp
US 8.8.8.8:53 betolinks.com.br udp
US 8.8.8.8:53 gosteibloguei.net udp
US 8.8.8.8:53 www.linkwithin.com udp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 234.75.250.142.in-addr.arpa udp
US 8.8.8.8:53 17.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 14.36.21.104.in-addr.arpa udp
US 8.8.8.8:53 dl.dropbox.com udp
GB 162.125.64.15:80 dl.dropbox.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
GB 162.125.64.15:443 dl.dropbox.com tcp
US 8.8.8.8:53 apis.google.com udp
FR 142.250.179.78:443 apis.google.com tcp
US 8.8.8.8:53 4.bp.blogspot.com udp
FR 216.58.215.33:80 4.bp.blogspot.com tcp
US 8.8.8.8:53 imageshack.us udp
US 208.94.3.19:80 imageshack.us tcp
US 208.94.3.19:80 imageshack.us tcp
US 8.8.8.8:53 15.64.125.162.in-addr.arpa udp
US 8.8.8.8:53 30.179.139.118.in-addr.arpa udp
US 8.8.8.8:53 78.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 33.215.58.216.in-addr.arpa udp
US 208.94.3.19:80 imageshack.us tcp
US 8.8.8.8:53 imagizer.imageshack.com udp
GB 88.221.134.152:443 imagizer.imageshack.com tcp
GB 88.221.134.152:443 imagizer.imageshack.com tcp
US 8.8.8.8:53 19.3.94.208.in-addr.arpa udp
US 8.8.8.8:53 152.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 img189.imageshack.us udp
US 38.99.77.17:80 img189.imageshack.us tcp
US 8.8.8.8:53 img1.blogblog.com udp
FR 216.58.214.169:80 img1.blogblog.com tcp
US 8.8.8.8:53 1.bp.blogspot.com udp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 img2.blogblog.com udp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
US 8.8.8.8:53 17.77.99.38.in-addr.arpa udp
US 8.8.8.8:53 169.214.58.216.in-addr.arpa udp
FR 216.58.214.169:80 img2.blogblog.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
US 8.8.8.8:53 curiosidades.uvaia.com.br udp
US 8.8.8.8:53 2.bp.blogspot.com udp
FR 216.58.215.33:80 2.bp.blogspot.com tcp
FR 216.58.215.33:80 2.bp.blogspot.com tcp
US 8.8.8.8:53 img163.imageshack.us udp
US 38.99.77.16:80 img163.imageshack.us tcp
US 8.8.8.8:53 img39.imageshack.us udp
US 38.99.77.17:80 img39.imageshack.us tcp
US 8.8.8.8:53 16.77.99.38.in-addr.arpa udp
US 8.8.8.8:53 whos.amung.us udp
US 104.22.74.171:80 whos.amung.us tcp
US 8.8.8.8:53 widgets.amung.us udp
US 104.22.74.171:80 widgets.amung.us tcp
US 8.8.8.8:53 img833.imageshack.us udp
US 38.99.77.17:80 img833.imageshack.us tcp
US 8.8.8.8:53 www.dohits.com.br udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 171.74.22.104.in-addr.arpa udp
US 8.8.8.8:53 img692.imageshack.us udp
US 8.8.8.8:53 img15.imageshack.us udp
US 38.99.77.17:80 img15.imageshack.us tcp
US 38.99.77.17:80 img15.imageshack.us tcp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 www.aglomerando.com.br udp
US 8.8.8.8:53 www.betolinks.com.br udp
US 8.8.8.8:53 vidavadia.com udp
US 67.225.224.10:80 www.aglomerando.com.br tcp
US 8.8.8.8:53 gosteibloguei.net udp
US 8.8.8.8:53 vadiandonanet.com udp
US 104.21.234.48:80 vadiandonanet.com tcp
US 104.21.234.48:443 vadiandonanet.com tcp
US 67.225.224.10:443 www.aglomerando.com.br tcp
US 8.8.8.8:53 10.224.225.67.in-addr.arpa udp
US 8.8.8.8:53 www.linkbait.com.br udp
US 8.8.8.8:53 linkablog.com.br udp
US 8.8.8.8:53 img14.imageshack.us udp
US 8.8.8.8:53 www.linkerama.com udp
US 38.99.77.16:80 img14.imageshack.us tcp
NL 68.66.248.44:80 www.linkerama.com tcp
US 8.8.8.8:53 48.234.21.104.in-addr.arpa udp
US 8.8.8.8:53 img96.imageshack.us udp
US 8.8.8.8:53 tempodesobra.com.br udp
US 38.99.77.17:80 img96.imageshack.us tcp
US 185.230.63.186:80 tempodesobra.com.br tcp
US 185.230.63.186:80 tempodesobra.com.br tcp
US 8.8.8.8:53 img818.imageshack.us udp
US 38.99.77.17:80 img818.imageshack.us tcp
US 185.230.63.186:443 tempodesobra.com.br tcp
US 8.8.8.8:53 linkstop.com.br udp
US 38.100.119.121:80 linkstop.com.br tcp
US 8.8.8.8:53 agregando.net udp
US 8.8.8.8:53 44.248.66.68.in-addr.arpa udp
US 8.8.8.8:53 186.63.230.185.in-addr.arpa udp
US 8.8.8.8:53 121.119.100.38.in-addr.arpa udp
FR 216.58.215.33:80 2.bp.blogspot.com tcp
FR 216.58.215.33:80 2.bp.blogspot.com tcp
US 8.8.8.8:53 img.youtube.com udp
FR 172.217.20.174:80 img.youtube.com tcp
US 8.8.8.8:53 pr.prchecker.info udp
US 67.227.215.171:80 pr.prchecker.info tcp
US 8.8.8.8:53 www.dohits.com.br udp
US 8.8.8.8:53 www.gbotvisit.com udp
US 104.21.3.75:80 www.gbotvisit.com tcp
US 67.227.215.171:443 pr.prchecker.info tcp
US 8.8.8.8:53 i.creativecommons.org udp
US 104.20.6.134:80 i.creativecommons.org tcp
US 8.8.8.8:53 licensebuttons.net udp
US 8.8.8.8:53 jc.revolvermaps.com udp
US 172.67.7.63:443 licensebuttons.net tcp
US 8.8.8.8:53 174.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 171.215.227.67.in-addr.arpa udp
US 8.8.8.8:53 75.3.21.104.in-addr.arpa udp
US 8.8.8.8:53 134.6.20.104.in-addr.arpa udp
US 8.8.8.8:53 icons.iconarchive.com udp
US 104.21.235.213:80 icons.iconarchive.com tcp
US 8.8.8.8:53 venom1301.spider.ad udp
CZ 46.8.8.100:80 venom1301.spider.ad tcp
CZ 46.8.8.100:80 venom1301.spider.ad tcp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 63.7.67.172.in-addr.arpa udp
US 8.8.8.8:53 213.235.21.104.in-addr.arpa udp
US 8.8.8.8:53 100.8.8.46.in-addr.arpa udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 104.21.36.14:80 ads.egrana.com.br tcp
FR 142.250.178.138:445 ajax.googleapis.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 38.99.77.17:80 img818.imageshack.us tcp
IE 31.13.73.35:445 www.facebook.com tcp
US 8.8.8.8:53 lh4.googleusercontent.com udp
US 67.225.224.10:80 www.aglomerando.com.br tcp
US 8.8.8.8:53 www.microsofttranslator.com udp
US 8.8.8.8:53 www.google.com udp
US 52.242.79.71:80 www.microsofttranslator.com tcp
FR 172.217.20.164:80 www.google.com tcp
FR 142.250.179.97:443 lh4.googleusercontent.com tcp
US 8.8.8.8:53 www.guerradosblogs.com udp
US 8.8.8.8:53 t.dtscout.com udp
DE 91.195.240.12:80 www.guerradosblogs.com tcp
US 141.101.120.10:443 t.dtscout.com tcp
US 38.99.77.17:80 img818.imageshack.us tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 67.225.224.10:443 www.aglomerando.com.br tcp
FR 172.217.20.164:80 www.google.com tcp
US 8.8.8.8:53 www.sedo.com udp
US 8.8.8.8:53 www.namesilo.com udp
US 8.8.8.8:53 164.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 97.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 71.79.242.52.in-addr.arpa udp
US 8.8.8.8:53 10.120.101.141.in-addr.arpa udp
US 8.8.8.8:53 12.240.195.91.in-addr.arpa udp
US 8.8.8.8:53 img.sedoparking.com udp
US 205.234.175.175:80 img.sedoparking.com tcp
US 8.8.8.8:53 syndicatedsearch.goog udp
SG 118.139.179.30:80 www.linkwithin.com tcp
FR 142.250.179.110:443 syndicatedsearch.goog tcp
FR 142.250.75.234:139 ajax.googleapis.com tcp
US 8.8.8.8:53 www.facebook.com udp
IE 31.13.73.35:80 www.facebook.com tcp
IE 31.13.73.35:443 www.facebook.com tcp
US 8.8.8.8:53 ww82.spider.ad udp
FR 172.217.20.164:443 www.google.com tcp
US 199.59.243.227:80 ww82.spider.ad tcp
US 199.59.243.227:80 ww82.spider.ad tcp
US 8.8.8.8:53 175.175.234.205.in-addr.arpa udp
US 8.8.8.8:53 110.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 35.73.13.31.in-addr.arpa udp
US 8.8.8.8:53 227.243.59.199.in-addr.arpa udp
FR 142.250.179.110:443 syndicatedsearch.goog udp
US 8.8.8.8:53 partner.googleadservices.com udp
FR 142.250.74.226:443 partner.googleadservices.com tcp
FR 172.217.20.164:443 www.google.com udp
FR 172.217.20.164:443 www.google.com udp
US 8.8.8.8:53 226.74.250.142.in-addr.arpa udp
US 8.8.8.8:53 195.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 163.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 134.130.81.91.in-addr.arpa udp
US 8.8.8.8:53 www.blogblog.com udp
FR 216.58.214.169:445 www.blogblog.com tcp
US 8.8.8.8:53 www.blogblog.com udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f426165d1e5f7df1b7a3758c306cd4ae
SHA1 59ef728fbbb5c4197600f61daec48556fec651c1
SHA256 b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841
SHA512 8d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6

\??\pipe\LOCAL\crashpad_2172_SURJTPFTSEHDYHRM

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6960857d16aadfa79d36df8ebbf0e423
SHA1 e1db43bd478274366621a8c6497e270d46c6ed4f
SHA256 f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32
SHA512 6deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e5ed5a0e25f137fb4c091a81d49c7cde
SHA1 9ed527895e7b9279ea4da1f9e231f0950a19c78b
SHA256 8541cd11d5bbab403bfdffee6a085a6bb9e3acc1759def7334ec5507ace4b545
SHA512 27c666e0e4307dc21ab9e6b3b1e1c74b4c826740a1c719387e47b85a1e3ea8d7f94b35e1f3d856e2e17ac1ca667e16a57146c05e80d30d67c96e683e2b2a90f8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 deba05067a6877e890ac846f422cf5ac
SHA1 8bf1aaf604ecf037bfb5d5b0868a17c85714cef3
SHA256 e46a1eb55493a433de45706afb2f679fb255550f9094499191a683d9d98a2f9e
SHA512 6d4bf82bdccea82ab2d7dd440135c8a89edb4a9475180862f86c0c1c80be4b339e50347020b34ccb4dfea548c3d63080284672886d818f07ae9e630801100d06

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 560a7af378b4401f6fe71749bfdb96d5
SHA1 e9713ed4a6a3309f7bf347f3e9d5fdb55c6f8fc9
SHA256 707f9fe05638f56d0111cb18f1000bfcece5243b499969c31c77a5833447ca3d
SHA512 daa842b3fb07b258c884f30df0dc29fa457ecc2f01d03ffd11f97a5950f330856bc6e6bf3fac36867fbfa391c81f6593b57f293f07cba6d04cda425f92d20bf5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 2f60052e7f57e07e57fd9f3d5f9f0b64
SHA1 fc5bf41283d7c1a1ebfdde97c8b0221f3721af43
SHA256 fdc623d5dbba67e10d0ab8aaa1ba3c17aff15b6f3a04be9a9a812b1a664d068c
SHA512 f9e03658872bde167a71736af46017d2124e014a8ea8f148609b8409560601699637110960bc231e9b5a1994bb01673d774c15704847720c4ed1c10258ab5b96

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5800a7.TMP

MD5 d631f0d9d539e9a125398a317c341d7c
SHA1 0784571dcd097b2bcfbade8d6bba2f55202b71b5
SHA256 4d1e9f288d5c0bb7d46c2b7888b57655612b8e095a3f7ab07d5b037f9fae30ce
SHA512 1df5bed40f1fdf6b6d14944baede504b3db0a1b5297d1cb155b310b2ec3878a285583b7a129661c3481f3451e7084b95000d7571bbae8098f26fa7516d7b11c2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

MD5 d79b35ccf8e6af6714eb612714349097
SHA1 eb3ccc9ed29830df42f3fd129951cb8b791aaf98
SHA256 c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365
SHA512 f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 41c0ee0190922969416632a2be9a8256
SHA1 b6b4b6065e879560c532d98ac00cd1a871531904
SHA256 0174a46cba6e9121b341da34a4a43e59ef6b84872581140500b214eaabd5138a
SHA512 1afda272ef32f5c4e3ee98b40cf3e00f53fb8ac628dde9b63aab390dbdc0b1dbff249c2fed56c1774ddcff06f8785ee7cfee40cd89b2dc8ced197b0c662350b3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 6c7c2a7ecf11e40a5b74333243b5ce79
SHA1 af0da7be98f6aff847644503a154745a2a286639
SHA256 b18e17298d20afc789ad26e57998b7a36fb0ff7e4661ff452800006686c2c735
SHA512 424e459b9a56b0214fa4a027c04671af32217ce3a8c59d3b73545201e89c5641d5e412c68b92e1c4198b8c224c0560aa29f8711b781d5f1acc46f3e30ccbae12

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 094b9b041c170b4c428dbe38ee75741c
SHA1 89dd09618d97625b41de03d4f8eec322be9b3db7
SHA256 c5ab9654b831028b089a2722ea8c2b78943528613364f7fde303c7c24bb63d59
SHA512 2fdf478b6ebe5047a3ea4fad1d700e80ce78e6e2c41203265d31475be0e2f6ea3ddce83c7f1d3f2b0efed948235b3b7fd1512a8f7ea7a7a23eb242cfda08ee6b