Malware Analysis Report

2025-04-13 11:37

Sample ID 250101-heflvszncp
Target JaffaCakes118_4adb51a960d26e36798dcb2c69d68873
SHA256 0eb557b8aa9d185a36951c945a66e4960111e6dbe8631ac1b3d3eb982b55f844
Tags
socgholish discovery downloader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

0eb557b8aa9d185a36951c945a66e4960111e6dbe8631ac1b3d3eb982b55f844

Threat Level: Known bad

The file JaffaCakes118_4adb51a960d26e36798dcb2c69d68873 was found to be: Known bad.

Malicious Activity Summary

socgholish discovery downloader

SocGholish

Socgholish family

Browser Information Discovery

System Location Discovery: System Language Discovery

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies Internet Explorer settings

Suspicious use of SetWindowsHookEx

Suspicious behavior: EnumeratesProcesses

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-01-01 06:38

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-01-01 06:38

Reported

2025-01-01 06:41

Platform

win7-20240729-en

Max time kernel

150s

Max time network

143s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4adb51a960d26e36798dcb2c69d68873.html

Signatures

SocGholish

downloader socgholish

Socgholish family

socgholish

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0D32B871-C80B-11EF-85F9-DEBA79BDEBEA} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ba2919c30adf544d8b7f8961e4b472ff00000000020000000000106600000001000020000000141bb3ab135866750e0ae7746b63a3b1cadeb9a9bdd2cf0660970471c528122a000000000e800000000200002000000061251386876644001f317adff76407a533ab98db386630dc174e4d26b56d7f39200000001eb9ad556031fcc75c2bbb8fae3163afcbad56e17841a5b1972a55717afaf959400000002a0904dccd55f3511f04ef9ba79bbfeb505f096c99a7a5faaa3734f84af2c8d49be38fcd366149609e8e0d59d8d471066dfad1ce8cdad968a11cbb63834f4467 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ba2919c30adf544d8b7f8961e4b472ff0000000002000000000010660000000100002000000035dc496657d61e45b1d65f08aba99c88a95d1e9e22877a47d9a9785cf7560cb4000000000e8000000002000020000000c4fd9ce6a14a9f53a13d949c4b2458a3bb05a9f2cd16b1db9e6c1a269a416a2c9000000052ef39ee6483fc2a5710489514cbcad37f41dc11c96364d91b10dabff2d22d6df093c7770e1697593a1cb8eb7335d8bbeccb93ef8dca0e8b8bc6f926e71072b8c104c9e6f46323f9abffdac0b7409f7d1137947d6c902cda983ef601bf5745f609b949e78b6cbed423bd78f244a4be19a9904d21bb0e9ad67ac9247f9a7e0e5d1c0c0ef80962d1de8a41cc24b873668f40000000c3697157ca0c97e7c37e0248341c2676c9b99085070cf81ce8beaab8189e48bc6f13f2de3809e1e7c7d875f394b3903dcc9e468e0e5d58481e6357872e99b33d C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b082ece4175cdb01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "441875394" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4adb51a960d26e36798dcb2c69d68873.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2120 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 adsensecamp.com udp
US 8.8.8.8:53 i1128.photobucket.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 xslt.alexa.com udp
US 8.8.8.8:53 g2.gumgum.com udp
US 8.8.8.8:53 bloggerpeer.googlecode.com udp
US 8.8.8.8:53 twitter-badges.s3.amazonaws.com udp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 widgets.twimg.com udp
ID 103.30.145.12:80 adsensecamp.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
FR 216.58.214.169:443 resources.blogblog.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
ID 103.30.145.12:80 adsensecamp.com tcp
FR 216.58.214.169:443 resources.blogblog.com tcp
FR 216.58.214.169:443 resources.blogblog.com tcp
US 3.5.25.251:80 twitter-badges.s3.amazonaws.com tcp
US 3.5.25.251:80 twitter-badges.s3.amazonaws.com tcp
FR 142.250.179.74:443 ajax.googleapis.com tcp
FR 3.165.113.116:80 i1128.photobucket.com tcp
FR 172.217.20.164:80 www.google.com tcp
FR 3.165.113.116:80 i1128.photobucket.com tcp
FR 172.217.20.164:80 www.google.com tcp
FR 142.250.179.74:443 ajax.googleapis.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.214.169:443 resources.blogblog.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.214.169:443 resources.blogblog.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 142.250.179.78:443 apis.google.com tcp
FR 142.250.179.78:443 apis.google.com tcp
NL 142.250.102.82:80 bloggerpeer.googlecode.com tcp
NL 142.250.102.82:80 bloggerpeer.googlecode.com tcp
IE 54.171.63.54:80 g2.gumgum.com tcp
IE 54.171.63.54:80 g2.gumgum.com tcp
FR 3.165.113.116:443 i1128.photobucket.com tcp
FR 3.165.113.116:443 i1128.photobucket.com tcp
US 8.8.8.8:53 js.gumgum.com udp
FR 18.244.28.94:443 js.gumgum.com tcp
FR 18.244.28.94:443 js.gumgum.com tcp
FR 18.244.28.94:443 js.gumgum.com tcp
FR 18.244.28.94:443 js.gumgum.com tcp
FR 18.244.28.94:443 js.gumgum.com tcp
FR 18.244.28.94:443 js.gumgum.com tcp
FR 18.244.28.94:443 js.gumgum.com tcp
FR 18.244.28.94:443 js.gumgum.com tcp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
FR 142.250.179.67:80 c.pki.goog tcp
ID 103.30.145.12:443 adsensecamp.com tcp
ID 103.30.145.12:443 adsensecamp.com tcp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
FR 142.250.179.67:80 o.pki.goog tcp
US 8.8.8.8:53 i825.photobucket.com udp
US 8.8.8.8:53 www.blogblog.com udp
FR 3.165.113.12:80 i825.photobucket.com tcp
FR 3.165.113.12:80 i825.photobucket.com tcp
FR 216.58.214.169:80 www.blogblog.com tcp
FR 216.58.214.169:80 www.blogblog.com tcp
FR 3.165.113.12:443 i825.photobucket.com tcp
US 8.8.8.8:53 r10.o.lencr.org udp
GB 2.18.190.203:80 r10.o.lencr.org tcp
US 8.8.8.8:53 www.linksalpha.com udp
US 8.8.8.8:53 widgets.amung.us udp
US 8.8.8.8:53 www.facebook.com udp
US 172.67.8.141:80 widgets.amung.us tcp
US 172.67.8.141:80 widgets.amung.us tcp
DE 185.60.217.35:80 www.facebook.com tcp
DE 185.60.217.35:80 www.facebook.com tcp
DE 185.60.217.35:80 www.facebook.com tcp
DE 185.60.217.35:80 www.facebook.com tcp
DE 185.60.217.35:443 www.facebook.com tcp
DE 185.60.217.35:443 www.facebook.com tcp
DE 185.60.217.35:443 www.facebook.com tcp
DE 185.60.217.35:443 www.facebook.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
DE 185.60.217.28:443 static.xx.fbcdn.net tcp
DE 185.60.217.28:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 www.microsoft.com udp
US 23.192.26.94:80 www.microsoft.com tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 88.221.134.83:80 crl.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab1E2D.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 2770ced3aae4c7bc04ff84025141ca70
SHA1 29f20ad0cddb0822b52447c3ee9e1252965810d9
SHA256 81f092361e5ee8232689dfd94cee407d95bd2374937411ce0bc4760c2c8c4fee
SHA512 1ca3ad8e421c4ebc4655cc63187145b9c9e336cf5051ae2dd6f9939bb1aef1f3835b64a9e5b7c8c4e115b7b1a09ab8c32a7adedafde1510a2097085768f3c50d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 d37a0739676d9d252f34410319d04165
SHA1 29fe9da7a4f2f9761c8a86db5e138e791af2f1ee
SHA256 bb67b56d06cfd3c8a0896bee5e51ab2f5604b0b73646f65d2fd0386916d92299
SHA512 cb054a053ddea5fc1c000eae728b67dbbcd9be8779ef92a44eb3a4cbc62be80353064a02a1312769b8a6f41c07f8ae64741c67bfcbdcc8330a6125e6cfc745be

C:\Users\Admin\AppData\Local\Temp\Tar1EAD.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 a1df4c7f28d3a56710aa793b4e3da2bb
SHA1 3f686b06a17effc011688ad36b1e607dc5c1ee53
SHA256 4cd8ed1a778e44c89f61962365534045c2bcb61d62e9e006277d403413fb66fa
SHA512 a3c545494288675eb6b7369ce9fe4a6345e9c6c9ec3dde40f2b2eccb3cba763bcf4729646c0702dda3fb3f5695e3d74b3cfb8caf22e39e8efc996471784648e1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

MD5 e935bc5762068caf3e24a2683b1b8a88
SHA1 82b70eb774c0756837fe8d7acbfeec05ecbf5463
SHA256 a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d
SHA512 bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9a1bdb399a2a8108244249c93418b2af
SHA1 cbe56d909ca2892a0adcfecaa55b11d743fc724f
SHA256 de510798d16fd77199c65efbc58fae02b20d3a042450b7532c675d0f6247fc86
SHA512 cf45caac4f45a712b7fa6066163c82c77b1a22f4e027c48f4f86641d2d37a4674afc675a0ae04e806ca81f04bd5b98d115ec799618a3da4a7f8ffe5af2e36b12

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2801bfe62fb40c984543e355f1287712
SHA1 5e6d2f16c7d4f24f6f41a576ccf5179675d85673
SHA256 7cb10b026356c93bfcb87f1b5453fd826fc57838824e236bce8a16642bcfd4a0
SHA512 a0eee6d3e994e66c6e25f59fa3406efad6de090f8eca4e16f423be54433a682893b9a7e2089a78b30d2337309130ef9f3d9cd3c6cfb4e23a796b3ea43ea7025c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

MD5 55540a230bdab55187a841cfe1aa1545
SHA1 363e4734f757bdeb89868efe94907774a327695e
SHA256 d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512 c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9a37d6f43b030f22318717e172571f41
SHA1 5a3bec7a6cf0b9d526f6b8edda2d5a90065980df
SHA256 badea47b9211710bd7540c05103e345f5b5490a76abba7bb73d22b8447edba6b
SHA512 5e921a91530791262a253e1c06c408f1cc344b7f15a4d75730314ad7100f4f230f18c2b235853598c7e9024c89d8ad7c287ebaab6ae3f6335caa6388e3f0093b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C02877841121CC45139CB51404116B25_2AC354D163B9A95ED11B23DFC6FCD931

MD5 09518eb4abec3d6f61963cec571750fe
SHA1 2a47666c7f6b178bde89e0ccbd5925a265000bb2
SHA256 86589ddf47a7518fcc863fbe06022793be0d2757a131b68fc7d5601cc6f843b6
SHA512 cde87c8eedb2a8e502cd98ac165f0efc30a042b075dfe2cc144490624c8c88cb61d4c72f79451ae0bf32dc95766b0768c3ebe016f6715356b82ebc8d96c16bc1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6cea9f3439bbac6b50d35d0beee22fc3
SHA1 d7c84b0ac9882961251942a54adbabf16cbb84b9
SHA256 89f72287d76dcc63415b45eeec207a3013552bb4ed873b8954fe67f97a0849fc
SHA512 5bdcc2434dcb06a5fb6e0e94471e51dc88136d541d39546d883de1b67ce581960ef463ad32706a7369904e0a6e9b56ca2649898884479a17e8c8796feb5d8e47

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C02877841121CC45139CB51404116B25_2AC354D163B9A95ED11B23DFC6FCD931

MD5 d49e864ac34bef2d26b93dd89d552ed6
SHA1 a76c323ae47ce5c4be23241a3e94ffac146d20d7
SHA256 e9411abdf11189ff89db08aa03f1ac939b8f9d2b957cff2de95b555c97545cee
SHA512 f02f8db990fbd2a3894ab2b4cc99e267373af2b2f0b85df2c96502c7c1238d63e3a05adcae9500c2ffb6735e6e95daaeef3092c70fbe25b803c0a5047f6dc94e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3e51fb5fd67e730dd61ae7d53f3528a1
SHA1 5c5bc63f69159a96e5658276bdad8e4d3a3096f7
SHA256 4d1716ac7bb9c360fb6eabf749d4ac9b0be4d5a63082699b59807403beb16680
SHA512 5fdca4096e0ebd735cf1ce42ce606cdc7fbafaa54ee11aaa7e32dc32d9d481d622ca78562cf183be9a32c0aa38b20f195fcfa1ca897a943021a5c6766c89fe49

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 16afc1be1cf35e4c97015e7bc27a9f93
SHA1 2a224382cd28d5276a96ee7ece52211b780e276a
SHA256 120c4983dbf873fd51c1a44046d3c7296e9db63380373b6ce357f499b09b732d
SHA512 a24cb9be84e0e7591cc07007fb4c7e9e2e696ca5aae9344ce6d69d1ce2c54d53bbb13176b09eac927779b296e8deada4eee02be646fc3915f9b372bfdd38a1c4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 107b9dc9f5cabbca2d33ee37157e77fd
SHA1 eaba573b4f2c252229077777f1c64970b52bb0ae
SHA256 9e6e71f45f83aa54dd8c30cc32bbdf2040d69424ccad5fb83a75fc47d3209ea8
SHA512 1f6bac72db697ef08b173cafa867b8225d62d352ad3303d9d269f5d840f36ece89c79def53cf4c20f4fb7f4354fcebc977c7e22b0eb11c16f10bf946ced812b4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 089df1307aecc95637c99e46eeaffb6c
SHA1 107aaee40538e1629f1f4942c4e95175a60f0633
SHA256 b0e297ade674173c2817e1df2eecd54807dc243f03a66a3dc03d9f4acb133e7d
SHA512 da06105317170f37f4329e1d01980152843a1b1c8520678aa6a22bedbfe50a2203a2b34584756d2a12b33ad79c63442d17462dc5f7941b4eb287c73faf70f73e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 736fcd78237450324f7d6927f0c00605
SHA1 b489fe8c53aff0ba0c122efd32b7f1f696ab5979
SHA256 f1e27153f02b9c4c3454962e2d385dcd3244a3b6017924e1aba07e22df8a91d2
SHA512 18e4cb9fcc8473c97288adb5b0f3eb88f83d5f2e69efce43f0b25ef1ebf66549549838b460986cd3e9aa562689f808a34ecb5c33d70fdac3329de410aa1778d5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e599e0072e0aa51ac3d4fdde07970fb0
SHA1 0989e3381451642d480360b3152e327d96082714
SHA256 49297e993b4cab074f60c0a6f2c8f616f0beaa4aae8f01fd1d17f5bf582424a8
SHA512 f80a5962091224c6d814fdc748e9384249f08d102d1094b406d0fd99cfcab2406b42a575d93f444b250fbca8c568e3e63309a57e1c636672ad46ca5a8f35d3df

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 da9d8f13fcff26918c6cd8a9ee6fb443
SHA1 f6e387f2adbdc25e35459870ec18c9a3f6c078a9
SHA256 10031d1c1900a234bf7d572cec09f757a8aa287717c635d92d4afad2c516eab3
SHA512 9ec6b5afdda00f7adb4b4246247cff60ffe9b086c88ada18d16b3ae6d6b531647e5cd45b1e4be06b823d3aa7c9d85befb690c22a477f5233757615a59865a5f4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c35809d8b1fa46f1598eee4348dfa169
SHA1 87020d4aca65bfdf84f17e0e0885500c9f030776
SHA256 636f88397f466806791f9d928e1f37fb9e232c0d1283bbd9568f56a6720acb37
SHA512 a0181345b50ea884246abb7bf2dda98bf9d46c0b7f1d6d0ccb493dd60d84158cf672db0e14e80c9d7c924bdb1a553bc17dd23001963e6c2b9dba4f7f1c27c817

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2376f89cb8cbeccb7c7749de47b31cfe
SHA1 6dbfcf36695c6f76bbf3b813b9105bf0587159be
SHA256 362b567289cecc44612c63ca8366ee13a68ea5f4137dbd7d0b041a3a2e71dea4
SHA512 061aa1b1b5555afaad28315200fa37c6285ccfe2e88d9cb515086db3220f84e3756e3c9050f7cff26e629e2e113e0414e87302d37d3515f143936cf0ddf07315

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0b6041731d13259f9e3129510728e53e
SHA1 0b955c33ac2ba81f5fb1fa5bda1143ad95627db4
SHA256 b3cd9002b1e0aef9cf9d74c5993f2489becb474ff1afaa8cefc2ee0d5e8da574
SHA512 bcd7d34ba5dca06d8c249a102493afe9cf10cf2100d3fcf39c213eebf2355108f69b32025fa7a3b8e5efa89c0753dd7526b2411eb22229b9f399b86eec4ee654

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 51bfd30a517e3847f9e508bef2170adb
SHA1 f4dee9a681a36e4535a50dd6dbab2c54e40affb4
SHA256 797192986d0bc09eaf057c71bec3549b541a9e697b402073c890166a80c11cc0
SHA512 fa46550ad703194f069f610a50c7a39eafc40da985559b0abbdcf37ee61309ce6357c45cc221975b892bc20826078a9398c46c5f0261ea4d5dfa7abb9d5acd64

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7ec893d288ee6a2ec858c3a35090ffa8
SHA1 e637d953b98114b458828126b2af1dd447497737
SHA256 aa1d8bb757e911876da4fbbd588933f745dd0e5193055379420c02de8bee19f0
SHA512 f89812f62185994ad93aaa12562ce8b6986abcd83c75481764a3182a53e0fb1b641d50e0e77154660b41ab42ed896c6f14fd3c0ff133e4d3c4bdb1f16a9710e7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f4510a4b40e3cb6490d5a1e382a9a96d
SHA1 f32948fed23bf576f56de2620d80784419bf5825
SHA256 5571de24b66a264c3369b023e1ca56de1d29f435caa6afaf13629a3239c2bda2
SHA512 a7d5fbfe4b138eb7c24959d81343ef36c8a2a10e845cd2bae88a7a9a7bedd178089c003c445d0a42e524f90e7c63f2b830ac14421162d5b16492501fee9f78c6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cc46ea6872896815dbf09e31cc45354d
SHA1 a9cbbeedc6899b23239008038652e4f2e10ede35
SHA256 a7e546e38cc89f8d066cfa03ea3ff6811f5096141e34f42dd9aa42dbfbd9b594
SHA512 a43cc237d6495b7f3d40c25e099e2de85dcc124f7399e394a642abc4d3561f0953c2cca47893006e0685df2ea73b1d17d97059c6dd48e2fc53709dce4ba26ce2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a181267e9e9602fd342da3431474d627
SHA1 8fdcf4fcedc4f0d65d04f7c0d17db691eeb282df
SHA256 01cfb13506111c8563c4b30db0080d35758fa00124dcdd9b3396af9ff1adfd01
SHA512 7e9f6160b96f6c302b9e06d2386edb6fb6cc2528dbe66f06dc00fc40fc4e75b7a7d36a4122dca701b3349b97271999f5d200f052bf6b978261761f67c9c002ba

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a8ea52f36bbc4c9c164873342b2761f4
SHA1 62204ed1db57974793517fbd2542828f38701b96
SHA256 e86bf0a1c51867e0e63e6474186f3999538fb239f3f999212b52ac5655d9001f
SHA512 855c01e2f58afa4761fe8cc7aee09e1d7a890b1931a9340284a46ac0fe0dcff951f25954f6185e45ad05f315a83d4b95aca8939c3791c934e33667bc6c27d59d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e74c4cba72fb3e3bdd4f8bca3b58d0ac
SHA1 305fdca9b5cde960122a760664705d21df3a8ee2
SHA256 d4a5c28d83d1eda3f69aac19f56841de2b490254fe24c72e7c81598d26c517a7
SHA512 408b5501852c880c72b77af9c7340b79e8408600d6f501e88a25c8cf41a8f799eaae7df4e4fcca94bc6f68155cc20bb3a271fa2123bb76d0e2b4ba6c01593a19

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 404bbc165f871e9d0a56fe5cde2ad748
SHA1 a185d4722d4977695a1ba64e7a76ce26eb5742bc
SHA256 bc9862673bf20a6ee046026fa42aaca129ab43269e879f9785d542f440ddc5a3
SHA512 945bc660360187e7d5afa92df0ad8951a2da1e36f8c21e268871b2f918b838b91cca1c3711258e5428d964442db9f34f3d9c10fead6016ec1bd95d8b8d805f15

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0148dafb4b3e9621f2f7623721250dd6
SHA1 7bb99f9a9911c8c7dab2125f4ec2994b478b3864
SHA256 a6cb4067ec4c038d72821c2916682271a26dbf5517294a5c96e781bbe8ea9d57
SHA512 c82c108c798dd5fef3472b5115db4426a643197afd5564211dba747cd09a15d6f26be0382f9de2cb25d3b90809e0a456ad5cb2ef27e9d5d788fed6802d72f80e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b1b31e8fda55c959b0d6dab4008e42fc
SHA1 293b1fee060ecdd1f66f61d0668da04557543c63
SHA256 33276d6ddb3d1455e17017cf709462aadd851c495b62a868b0a04c12054599ae
SHA512 b050f0ca1bfd828535ef2dbf8f45d37e71214217f9795629bae5a2c8af71c03845a4f21dc84f10f15606ca2b281f329172d6d623c8c961d6bc50989c351d30d2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 5c1bf124d8e3e4dee44ecf1dfefa38f4
SHA1 ec18743f5e70c55d1f7a02ff9834b306d57d559d
SHA256 6f8d65e02d44ab2ef6762d55434103b1ea2734d4fefbd4a1db2599e3608362c3
SHA512 ddf5508312ec6c8a246c1ad96f9a1fb0f60397ba6c10e012e51f6dbefc1116204e8d82546f708ca3f7185d33b04a3088d3507e3d6e42697c695ba867084daa83

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2ac4a04e51695ef6a7b09f22f03a202d
SHA1 28e339ac385f80544f17625ee25287a3b6255f1d
SHA256 5b0d5bcd83985651dab5c32d4d20d491a9f3f9cd0bd0da48fd0f4c5ba2aa01d4
SHA512 a1236dce66198d1c7de88491aa309ff8a27d3ea6b898f6d948d1520ac65ad4bd33c783e6b19de587763ba01e267a37294e310f7d2005bd198f3b394e2f3f7b6b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 094df801bd568446bca782f832d41664
SHA1 787b96db36491917d21b74148dc011a853b89307
SHA256 637059143b1c26119d71b29232e51127b2c265a512f85d3858e3be6291506aea
SHA512 e2bb5239f0cb910cccb16773c2ee9d76739403f3da61decd343144d2359fc4b99080b6ae913b90a252c1c20e7f16afe81a72b31dc6e94764972c08eba978b68d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d6dcb2b853797a488c75f2655adcdad1
SHA1 88694aa6dbc52ac8508164bda5b7bb43d813c055
SHA256 6f3689dba79fdde634261485a16a078e7558fb93eefa57978bf9f393a49aebfa
SHA512 f89c71ed6bfd3d64337c85b2f9267c9f29497403dd04fa370ff63e6371889d81e712e1bc2c721853fd0640844e427833a569bcc49d5c0a541c76eeb90fda7975

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 787ecfb75ad536cf26dd11937a11a6a4
SHA1 eb1aacfd702dfce12330c4f34bbd2b1b9aa63342
SHA256 6a1bde83bee61e8cc502376d263c0e08322591d58dc9b04ff20a79311d60857e
SHA512 40088d1d7655bfcc0b203d69d3adb4e4a85371ab4fdb5dee18698455c9ebda4fed282167048d6456d638145b255d822b543ce8e98efce35a390a07b278f3106e

Analysis: behavioral2

Detonation Overview

Submitted

2025-01-01 06:38

Reported

2025-01-01 06:41

Platform

win10v2004-20241007-en

Max time kernel

149s

Max time network

149s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4adb51a960d26e36798dcb2c69d68873.html

Signatures

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1088 wrote to memory of 3816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1088 wrote to memory of 3816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1088 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1088 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1088 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1088 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1088 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1088 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1088 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1088 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1088 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1088 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1088 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1088 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1088 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1088 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1088 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1088 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1088 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1088 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1088 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1088 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1088 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1088 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1088 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1088 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1088 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1088 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1088 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1088 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1088 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1088 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1088 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1088 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1088 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1088 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1088 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1088 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1088 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1088 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1088 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1088 wrote to memory of 4556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1088 wrote to memory of 452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1088 wrote to memory of 452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1088 wrote to memory of 4740 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1088 wrote to memory of 4740 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1088 wrote to memory of 4740 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1088 wrote to memory of 4740 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1088 wrote to memory of 4740 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1088 wrote to memory of 4740 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1088 wrote to memory of 4740 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1088 wrote to memory of 4740 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1088 wrote to memory of 4740 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1088 wrote to memory of 4740 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1088 wrote to memory of 4740 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1088 wrote to memory of 4740 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1088 wrote to memory of 4740 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1088 wrote to memory of 4740 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1088 wrote to memory of 4740 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1088 wrote to memory of 4740 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1088 wrote to memory of 4740 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1088 wrote to memory of 4740 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1088 wrote to memory of 4740 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1088 wrote to memory of 4740 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4adb51a960d26e36798dcb2c69d68873.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc1cde46f8,0x7ffc1cde4708,0x7ffc1cde4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,3842968047371288967,9627172523266879508,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,3842968047371288967,9627172523266879508,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,3842968047371288967,9627172523266879508,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3842968047371288967,9627172523266879508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3842968047371288967,9627172523266879508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3842968047371288967,9627172523266879508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3842968047371288967,9627172523266879508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4168 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3842968047371288967,9627172523266879508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3842968047371288967,9627172523266879508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3842968047371288967,9627172523266879508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,3842968047371288967,9627172523266879508,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2748 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,3842968047371288967,9627172523266879508,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2748 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3842968047371288967,9627172523266879508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3842968047371288967,9627172523266879508,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3842968047371288967,9627172523266879508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3842968047371288967,9627172523266879508,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,3842968047371288967,9627172523266879508,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1724 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
FR 142.250.179.74:443 ajax.googleapis.com tcp
FR 142.250.179.78:443 apis.google.com tcp
FR 216.58.214.169:443 www.blogger.com tcp
US 8.8.8.8:53 adsensecamp.com udp
ID 103.30.145.12:80 adsensecamp.com tcp
ID 103.30.145.12:80 adsensecamp.com tcp
FR 216.58.214.169:443 www.blogger.com udp
FR 142.250.179.78:443 apis.google.com udp
US 8.8.8.8:53 xslt.alexa.com udp
US 8.8.8.8:53 bloggerpeer.googlecode.com udp
US 8.8.8.8:53 g2.gumgum.com udp
US 8.8.8.8:53 widgets.twimg.com udp
FR 216.58.215.34:445 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 i1128.photobucket.com udp
US 8.8.8.8:53 www.blogblog.com udp
US 8.8.8.8:53 i825.photobucket.com udp
IE 63.32.140.173:80 g2.gumgum.com tcp
NL 142.250.102.82:80 bloggerpeer.googlecode.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
FR 216.58.214.169:80 www.blogblog.com tcp
FR 3.165.113.12:80 i825.photobucket.com tcp
FR 172.217.20.164:80 www.google.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
FR 3.165.113.35:80 i825.photobucket.com tcp
US 8.8.8.8:53 js.gumgum.com udp
FR 3.165.113.12:443 i825.photobucket.com tcp
ID 103.30.145.12:80 adsensecamp.com tcp
FR 3.165.113.35:443 i825.photobucket.com tcp
FR 18.244.28.96:443 js.gumgum.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
FR 216.58.215.33:80 3.bp.blogspot.com tcp
US 8.8.8.8:53 1.bp.blogspot.com udp
SG 118.139.179.30:80 www.linkwithin.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
FR 216.58.215.33:80 1.bp.blogspot.com tcp
US 8.8.8.8:53 resources.blogblog.com udp
FR 172.217.20.164:80 www.google.com tcp
FR 216.58.214.169:443 resources.blogblog.com tcp
US 8.8.8.8:53 twitter-badges.s3.amazonaws.com udp
SG 118.139.179.30:80 www.linkwithin.com tcp
FR 3.165.113.35:443 i825.photobucket.com tcp
US 3.5.0.178:80 twitter-badges.s3.amazonaws.com tcp
ID 103.30.145.12:443 adsensecamp.com tcp
ID 103.30.145.12:443 adsensecamp.com tcp
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 21.49.80.91.in-addr.arpa udp
US 8.8.8.8:53 74.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 78.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 169.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 173.140.32.63.in-addr.arpa udp
US 8.8.8.8:53 82.102.250.142.in-addr.arpa udp
US 8.8.8.8:53 33.215.58.216.in-addr.arpa udp
US 8.8.8.8:53 12.113.165.3.in-addr.arpa udp
US 8.8.8.8:53 35.113.165.3.in-addr.arpa udp
US 8.8.8.8:53 164.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 12.145.30.103.in-addr.arpa udp
US 8.8.8.8:53 96.28.244.18.in-addr.arpa udp
US 8.8.8.8:53 30.179.139.118.in-addr.arpa udp
US 8.8.8.8:53 50.201.222.52.in-addr.arpa udp
FR 216.58.214.169:443 resources.blogblog.com udp
ID 103.30.145.12:443 adsensecamp.com tcp
FR 142.250.201.162:139 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 www.linksalpha.com udp
IE 63.32.140.173:443 g2.gumgum.com tcp
US 8.8.8.8:53 gumgum.com udp
US 8.8.8.8:53 c.gumgum.com udp
US 8.8.8.8:53 aba.gumgum.com udp
US 8.8.8.8:53 widgets.amung.us udp
US 8.8.8.8:53 www.facebook.com udp
FR 99.86.91.15:443 gumgum.com tcp
FR 3.165.136.69:443 aba.gumgum.com tcp
FR 18.244.28.96:443 js.gumgum.com tcp
US 104.22.74.171:80 widgets.amung.us tcp
FR 99.86.91.23:443 c.gumgum.com tcp
FR 172.217.20.164:80 www.google.com tcp
US 8.8.8.8:53 178.0.5.3.in-addr.arpa udp
DE 185.60.217.35:80 www.facebook.com tcp
US 8.8.8.8:53 crt.rootg2.amazontrust.com udp
US 8.8.8.8:53 t.dtscout.com udp
FR 3.164.163.90:80 crt.rootg2.amazontrust.com tcp
DE 185.60.217.35:443 www.facebook.com tcp
US 141.101.120.11:443 t.dtscout.com tcp
NL 142.250.102.82:80 bloggerpeer.googlecode.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
DE 185.60.217.28:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 171.74.22.104.in-addr.arpa udp
US 8.8.8.8:53 15.91.86.99.in-addr.arpa udp
US 8.8.8.8:53 69.136.165.3.in-addr.arpa udp
US 8.8.8.8:53 35.217.60.185.in-addr.arpa udp
US 8.8.8.8:53 23.91.86.99.in-addr.arpa udp
US 8.8.8.8:53 90.163.164.3.in-addr.arpa udp
US 8.8.8.8:53 11.120.101.141.in-addr.arpa udp
US 8.8.8.8:53 28.217.60.185.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 connect.facebook.net udp
DE 185.60.217.28:445 connect.facebook.net tcp
US 8.8.8.8:53 connect.facebook.net udp
DE 185.60.217.28:139 connect.facebook.net tcp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 whos.amung.us udp
US 104.22.74.171:445 whos.amung.us tcp
US 104.22.75.171:445 whos.amung.us tcp
US 172.67.8.141:445 whos.amung.us tcp
US 8.8.8.8:53 whos.amung.us udp
US 8.8.8.8:53 85.49.80.91.in-addr.arpa udp
US 8.8.8.8:53 kencew.blogspot.com udp
FR 216.58.213.65:80 kencew.blogspot.com tcp
US 8.8.8.8:53 65.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e443ee4336fcf13c698b8ab5f3c173d0
SHA1 9bf70b16f03820cbe3158e1f1396b07b8ac9d75a
SHA256 79e277da2074f9467e0518f0f26ca2ba74914bee82553f935a0ccf64a0119e8b
SHA512 cbf6f6aa0ea69b47f51592296da2b7be1180e7b483c61b4d17ba9ee1a2d3345cbe0987b96f4e25de1438b553db358f330aad8a26e8522601f055c3d5a8313cdd

\??\pipe\LOCAL\crashpad_1088_HVBLVWOSKGTPKALF

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 56a4f78e21616a6e19da57228569489b
SHA1 21bfabbfc294d5f2aa1da825c5590d760483bc76
SHA256 d036661e765ee8fd18978a2b5501e8df6b220e4bca531d9860407555294c96fb
SHA512 c2c3cd1152bb486028fe75ab3ce0d0bc9d64c4ca7eb8860ddd934b2f6e0140d2c913af4fa082b88e92a6a6d20fd483a1cb9813209f371a0f56374bc97d7f863b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 74ae3ffd950b5cbf712b5b58bebb23ff
SHA1 38bcae1e1d90a2591c3fbec82025b577d1bc73e0
SHA256 7114f6c3f5c106c29392f4ce73f8ac50f2cf86fb9257cbe7daeab7065717ed6f
SHA512 8a6527fc67b89a0c80ad104ac0f589f5649e0a6589162ab075a9263ed778b78880f3d6b02180860cf6bee918725ed4ec33a6a6a82d6d8d37bfa5228fda13d95b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

MD5 29d0ac2d136a1f3ee425f91ada4e2d1e
SHA1 8583a90324e98af3e3723288c538052c78307fb6
SHA256 06a8c8ba0aae5454fe725e9f6e83a26561933ff5274cf250086cc469be2d315e
SHA512 1b90e6169b90ab813ed24d5133b5c846c9294cf5e4584d050032f4b0591bc797d82e1d9198fc7ec82d33bffc020665d17ca7e9bdc63f6fd0359a64fa9f46bcda

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 4c49a956cb4301bde8b4f8105ed4f634
SHA1 b4a2864d4a3357603d65f2bce07de4d3bb3fc9a8
SHA256 c4d802884208fb8627b97eaf6b99b7839d79bb9904b577be64f58deac5ca93f1
SHA512 8858ef18eef3c4e58a262cc8e3518afb0bf77fa30d725b02dd30b7b295a62f82229ffbff95eba64b791aa8f61664736a8a3319435e4f63d6d56e5135414d336a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 dff9a9ba77f9e09d24d5755b036e728f
SHA1 47a1a553b6ae834e76d51c320d2d7e195c7ab9cb
SHA256 839d7e0289870dee4bace6c527af7591f220d26e95b156ce4fe5b463a4914c82
SHA512 a0f2a03d2d2157f8aae9add747af437efbc433d8a09d6f3a8050653690282b252a7320d18a69d44b2f60a3f46683f32580df8fe24afc5228806908c542bbbb0f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 58f820776107cb90b4d3b3e368b7b500
SHA1 3c208e96b5889e8fcfaf7bf37e4e81215032f942
SHA256 8607d28a8f4a11e540ec4fc9dcbea4d69175e1564b8ed63837366dd2cd552024
SHA512 ba6e32f34b812e5b1093065d61cbda45e89c50d3329eb16088f323c116e814c8708ba89b85d54e3eb426fa5839061ee667d6156f524b5ebccd869ea0c6d41a04

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 05bfd849ddecff7132c1d8ab78799fc9
SHA1 5d447ccb578fc370bd66a201aae52ff85aa3cd23
SHA256 f253687554000b1fcb4f25efe8a54c4fbf556af963e6e791dfa0ae4cb4b3d707
SHA512 92a859199ace8f1b7fe9e7a4a51fe69c7c5332a75483086f4582c3875b540e1735321152b8c5b493c9f4268442620509cbed742a60509272702695882d339d79

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 5e63dd336fd897a9b407f51746b237bb
SHA1 e1f3f22392abbadda2fa28193321f32911d57dcc
SHA256 4d38b9c161f168c7d11d51d71ec1e7ff0d8663d4f5e7442ab5b078474abf8e38
SHA512 22ae7ac7d7f32d3a2abe2f3a8301a2281de08fda6ad5cac3221340954f49a9eb4b319ed4627e9886b11530cefd596ec12a25d19f2bad87ac83348d4983c66df5