Malware Analysis Report

2025-03-14 21:43

Sample ID 250107-p3v5sa1rhs
Target JaffaCakes118_63e49e4bd29787c304b206395c9ffb3d
SHA256 a54603006c680f1f525c643260bc3ff3f69e21f7d0b8a17fb6003e6cce682f8d
Tags
google discovery phishing
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

a54603006c680f1f525c643260bc3ff3f69e21f7d0b8a17fb6003e6cce682f8d

Threat Level: Known bad

The file JaffaCakes118_63e49e4bd29787c304b206395c9ffb3d was found to be: Known bad.

Malicious Activity Summary

google discovery phishing

Detected google phishing page

Legitimate hosting services abused for malware hosting/C2

System Location Discovery: System Language Discovery

Browser Information Discovery

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-01-07 12:51

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-01-07 12:51

Reported

2025-01-07 12:54

Platform

win7-20240903-en

Max time kernel

134s

Max time network

139s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_63e49e4bd29787c304b206395c9ffb3d.html

Signatures

Detected google phishing page

phishing google

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{26976D71-CCF6-11EF-ADF1-527E38F5B48B} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000566354886c0ea949ab60f31e2e1fb4fc0000000002000000000010660000000100002000000025e5fbcaa3850446edabf30ced5beab0312aff5ddeba0089a09486136458db4f000000000e8000000002000020000000d599f176b5f5c1ce73539cc0795f03510e371f582adb4731c431ade2dc0f258e900000002435b327b9f56abe7ce5941869d3406c95a180989b3f63771e34c610cd63838e33a3191d4092f63cfb8f366c0670a580e01ed44139c4c3b528d4c219458ab0e1176f8f1ec316a0ec97d81101a535fe6e80bc5bb4520d601b7305c5ceb6914abbead6693a798a9ee3fe74352093cd2b54b5468804dbc73c5c18fcc74acb3d3e4983a39a0963c1bef1af1f130f4a3bf121400000006fcea8e05607829399342fd99945f80670b7562cd1f6363e2facf76c335c4ebcf764d52294434a6b1b50c30a5786b34d50497a49a38683298935cf94eb1166d1 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c016d4ff0261db01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000566354886c0ea949ab60f31e2e1fb4fc00000000020000000000106600000001000020000000386c5a09c0972ca29f8583adbd7de6b6d2786efb759a53938cb1c088206d510c000000000e800000000200002000000047f04e28e8914ffc3c69a3f34d317c75281c974d0e027b5d66752db403ceb12b200000007000a389afe3bbaf2bf3dc35c3579ec532db28704c864ad4e22e25d228cbe884400000000ff320495a2723f6c29ffa33e26933f8e33824f0b4c64526c3c1bee4245f0e25c5c44cd3eb2cdfbde8e059972b2f5c9106bbcf2eed618a16239ad6cc591789e4 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "442416173" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_63e49e4bd29787c304b206395c9ffb3d.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2700 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 sites.google.com udp
US 8.8.8.8:53 draft.blogger.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 www.logomaker.com udp
US 8.8.8.8:53 i8.upanh.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 js-css-image.googlecode.com udp
US 8.8.8.8:53 widget.adnet.vn udp
US 8.8.8.8:53 anhnc.googlecode.com udp
GB 216.58.212.234:80 ajax.googleapis.com tcp
GB 216.58.212.234:80 ajax.googleapis.com tcp
GB 142.250.187.225:80 4.bp.blogspot.com tcp
GB 142.250.187.225:80 4.bp.blogspot.com tcp
GB 172.217.16.238:443 apis.google.com tcp
GB 172.217.16.238:443 apis.google.com tcp
GB 142.250.179.233:443 www.blogger.com tcp
US 104.26.10.156:80 www.logomaker.com tcp
US 104.26.10.156:80 www.logomaker.com tcp
GB 142.250.179.233:443 www.blogger.com tcp
GB 142.250.179.233:443 www.blogger.com tcp
GB 142.250.179.233:443 www.blogger.com tcp
GB 172.217.169.14:443 sites.google.com tcp
NL 108.177.96.82:80 anhnc.googlecode.com tcp
GB 172.217.169.14:443 sites.google.com tcp
NL 108.177.96.82:80 anhnc.googlecode.com tcp
GB 172.217.169.14:443 sites.google.com tcp
GB 172.217.169.14:443 sites.google.com tcp
NL 108.177.96.82:80 anhnc.googlecode.com tcp
NL 108.177.96.82:80 anhnc.googlecode.com tcp
GB 142.250.187.225:80 4.bp.blogspot.com tcp
GB 142.250.187.225:80 4.bp.blogspot.com tcp
GB 142.250.187.225:80 4.bp.blogspot.com tcp
GB 142.250.187.225:80 4.bp.blogspot.com tcp
GB 142.250.187.225:80 4.bp.blogspot.com tcp
SG 46.51.221.158:80 i8.upanh.com tcp
SG 46.51.221.158:80 i8.upanh.com tcp
US 104.26.10.156:443 www.logomaker.com tcp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
US 8.8.8.8:53 accounts.google.com udp
NL 173.194.69.84:443 accounts.google.com tcp
NL 173.194.69.84:443 accounts.google.com tcp
NL 173.194.69.84:443 accounts.google.com tcp
NL 173.194.69.84:443 accounts.google.com tcp
GB 142.250.178.1:443 lh3.googleusercontent.com tcp
GB 142.250.178.1:443 lh3.googleusercontent.com tcp
US 8.8.8.8:53 s0.adnet.vn udp
US 8.8.8.8:53 lh4.googleusercontent.com udp
US 8.8.8.8:53 lh6.googleusercontent.com udp
GB 142.250.178.1:443 lh6.googleusercontent.com tcp
GB 142.250.178.1:443 lh6.googleusercontent.com tcp
GB 142.250.178.1:443 lh6.googleusercontent.com tcp
GB 142.250.178.1:443 lh6.googleusercontent.com tcp
US 8.8.8.8:53 www.facebook.com udp
IE 31.13.73.35:80 www.facebook.com tcp
IE 31.13.73.35:80 www.facebook.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
IE 31.13.73.35:443 www.facebook.com tcp
IE 31.13.73.35:443 www.facebook.com tcp
GB 142.250.200.35:443 ssl.gstatic.com tcp
GB 142.250.200.35:443 ssl.gstatic.com tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 2.19.252.157:80 crl.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
GB 95.100.245.144:80 www.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
NL 173.194.69.84:443 accounts.google.com tcp
NL 173.194.69.84:443 accounts.google.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 69462b025421e6ae2327a7e8a4eaf2c8
SHA1 a1bcea53d65ae18b6fbe17280e88c7e18ee3c383
SHA256 b63095167a55e20e41344ec3cf370739d9bbf77ad1708f3acc00731f3d7c2811
SHA512 fd2a11f089cb06a6002bbe03298adc2477b4ca61342150f29f72c8adaf7e4cebaece5bb2a81c0608ff0d8e1f0ef1a7566abc47987cb1ee4c6cc22649b2ee1eb5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 03673751c1d512bf7deadf4e102fb970
SHA1 cc3f7b505dcb36a41de3521ea44ad00f5d662ff2
SHA256 d80accccb0bd37886b96471d52d9b631853c0874a0cc8d473ceae0891225e706
SHA512 b5dfd004af27ae330b5c863a02614fec9b6dd6e0bd404d5e502338cc7ae33b91e9fbd9b9c14abfdc60e6e6cde592ec2aa81ba14b1b050e336c3ba0a0940c757a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

MD5 e935bc5762068caf3e24a2683b1b8a88
SHA1 82b70eb774c0756837fe8d7acbfeec05ecbf5463
SHA256 a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d
SHA512 bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 4531d74ff0f4d2a75aef0732e38c33ea
SHA1 36654b416da6e246f91880d4bbad7133f5d7bcfa
SHA256 aa3fec34b244095255ae64538e1f4ff5f1627205ca6bbf156b9d0e0331605b5f
SHA512 4cf6d6e0374831fe6114f3bb30f1a8802128fad6b1e6f4f3fed1a2c93bc822aec9948462e23b322b1aff53fba0ca1b4f82abafd83473cb35992b14ca94750302

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 eaa9fcfd9335796893bf581ee3dba942
SHA1 f9ee3adc335cca5e4f8f05eaa8de74439c04a716
SHA256 41306a9d8763a1abab6928b6d2e44df1ef09e2693e2a12312b41ac24b968eed1
SHA512 a1766a3fcd1fec32e1775e84b96e8e15aa7935e6a3cbb037781a65e9cdd72ac3ce6c2fd73d5fff05276ed56fa785c7a3251f53a51b7c4b135bda77956801169b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C02877841121CC45139CB51404116B25_2AC354D163B9A95ED11B23DFC6FCD931

MD5 3f7c1f3ed367a67ef2a08f95cbc650ba
SHA1 d4b1fd460c45571675e9e5d1d17a01a3634ac341
SHA256 916af52cc5988a6c2876ddf5f284a0d7cef8ad6f64e124139137ec8e39799b95
SHA512 4a83f8d096c922da5fdbc2f77b0d6032645803f77bf169680849264e888f19b511607e58dbc1e6d473290da55b4bd853d677372ff830785e6827aa2851c068d9

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q4648X1K\plusone[1].js

MD5 3c91ec4a05ec32f698b60dc011298dd8
SHA1 f10f0516a67aaf4590d49159cf9d36312653a55e
SHA256 96b335b41362fd966c7e5e547db375ef0be7dcb2aec66bf3646782eeaed4b2cf
SHA512 05345e754b39e9f83514bc3e14b52f3cbf321738fd7d973da55db99035b11b4152fedce2c203eb34376cc9e18571db514ff9fbcb4174a2dd7cca7e439cd25944

C:\Users\Admin\AppData\Local\Temp\Cab550.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar563.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 43b1088c58445cb00ace07c189becbbf
SHA1 1b57bf7434868173b34af8b99a903c7d16cb523c
SHA256 6ba737e2fbfe40b7fe387bdcafd62f29b8705aedc5d4c43bd5babeda89a51d1e
SHA512 dd313ce707794c560f49014c11b2e0203e1b38f885a871e3b38cc7f6949f70517807e081c9ba6bb800503824a72aae65e4924c44424e07062faa7fd5b56aac13

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c246383fa7f12db0e825aa8fd2cee9eb
SHA1 ad235d9f6bff908ed92452c95fbfff5bc269b7b2
SHA256 1b39336959a68c15d0e356b5e1fba1ada8eae12cb87b26c7283a0cf39f78ecd5
SHA512 d6d97a44ead3f73bb2f30b355e353ba4c198097fbe40b6b60e6a10ff5a0eadc3cb215798c143bafcb60dd0c186e0815702823e867e497cb47420ac9735b1233f

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y8UFEBH5\cb=gapi[2].js

MD5 b103bb58d9e7cecaa60bdf377d328918
SHA1 0f094c307bceef833a64f408d2f749a10f79de44
SHA256 81dcd274347bd909cf132d3c8bcc9924e41921c33eca07fd6fe5e2a59ca4f5b7
SHA512 b1a4fa329b76df7c861771e1dc36749155895dff623cd916811f2af8c95f3bcf9fe75a3b9a56833f066a227444982ff4883459e24f7eead79b521c2ffdcaa844

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ba2d2c8ca850899feae7e4f93a92bffa
SHA1 4867562e9bb1bee0db31252b1433d91839d04f3e
SHA256 1428af12909ddf65bc8dd061cfb2ff8055335b5f91705a4d06a86eb9512a891f
SHA512 9bf85352b01d6f96928eb840a1bb0774bfb3b7b8a374a8a6a3e186fd77ad98bafa3e1229312cbf21a2c510508d16509a851e06ff47fc72e188ec88b54afc79d5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d6d1cccac3205986f685e3f4e4bfe72a
SHA1 b8e3486b60d40da235c1fa18ac8afcc229bcd729
SHA256 05bad3bd77f32766e8b25066692c84767265e0db51b39644b782c28055d4f927
SHA512 533eaee346f3f868869f2d454e770946ded9ae4a87dc32ac322db537dad4557b5c4843af6aff3de52a6faabe1315e0975f81591770cdcf90564d830ee4c58d16

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 de29196caac773735e01f8264124fafa
SHA1 227abc2f4ada943f6b24eb9f93898a5573b6a7dc
SHA256 ef14d9b2ad0a44c5465368cdb4b6466a5aa3ed0766c3cca2f16bd080ad9ee2da
SHA512 62e5c4d1f884f7b2993b5299e549b129ed2a9badb528a10bbe62c4ccecfbb3af729455b8383627ef2898fb3fb8f96be0f433a061ea857565438d54417e4ed887

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 abdda3aeea47b73bfe7d7904664f1c41
SHA1 d315631a8959bdc41a34d5712bd7a7d88a16200b
SHA256 066b0d44fa921bd9ab5b488b4e05c4d2d7ba277b772502ff8f28c87ab6794748
SHA512 a50ba2ffa393efc66cd188f11c7b9a4b0e5be0381fb7c92f6cbbd9e6a425226388c0030eabc3b1cde96a2672153f152919b38842c6c7d332b42c0af3c4fe31f5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a93174fd1a7b86d2f88d8b330383dead
SHA1 da98265e7193a5bdd50445e7c37cb6dbb62999d3
SHA256 58fd494a3b98982aec861a6971c9247f5ddab582bf933b5a16e6f2dccd285e1c
SHA512 c5bf2589f517ae9e81a5e924da2bab1d6a8f08e38cc7235e758ece206dece37956126ab0aee2ffa26f1463b6692f5aa9ab206d054f51485b7132d6549c01547a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d089cace77b675e219348d1ccb49b225
SHA1 00d48e8d743e98366e697011ed50609d2ff15434
SHA256 ede847d7b1712b9d6c66e791f6865130ec46d440a58c83ade2dd1ce50fae3374
SHA512 52de22b30c4065e44cafffebb14e8cadf5c02e849dd836a6ce4f2b0efc97a016d036d574515ab538ea75cca11d72f1e8c2c7049711f9e1372734ca4c6620b958

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 574052ebe6d5a1731735cdd3422300ad
SHA1 ef3001d20d4b24c28ad474d2ac6b0879f9a224b1
SHA256 8b393ca07bb02681d3e0e5d01b83d4f1df0099ad5c2d3c6c770605fbb56cf3b3
SHA512 b58919eb73c35774d5691d256841f2dc2fcd5c4dd8b88098df3750fa506f4d0d48618e18ef7df5ad4623e21100054022e8a8af543bc75578f9260dbfa27310e8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b3f79dc252cc0cd48be1dba799b608ea
SHA1 a8baa07f74a45a1c2ef8ffa6ffc46391dff4e1ed
SHA256 07de1b4e3c6b0454006e353bef5dcc9c7e1e57469fe143610bbfa63706f5f1c3
SHA512 a1e0e0ffea38ea09ff899ef6dd7fcfbc321e2efcc460538bb5d11f088cd98cc25f742a8cfd2217022505b7ae2b8388d542499755899b9353f011cd5be3727614

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 14cf22648184d068a581a9a6488198b4
SHA1 b6988b2eecc63dfc701b736f274aac34902137c4
SHA256 1487c2ca699f98d69067886a6acfd36bf650f0ccb820ac3e90dc731b234b92f9
SHA512 f6a11316f186786339ecc83e7c2d8ade79b5f617bfd2fccce7646e55cca694dc14ea48f9fd024745b7bdbfa1871f80f5f5f931cbd72860df24792ef80d67b6a1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6600f3e8bda2eea75f650d17a974d609
SHA1 b77500ebfdcdafa3a1f2eef31ce6d35594c10732
SHA256 a5dc3b2521c4862eb5461b7176faca6712e6bea6084023a286c774fac0f267fd
SHA512 603d6adef2c4736fe2421401b5176b4f8ecddb60f1ebfdf2fe1a87806501761b6ae54393fe591162faf209c60119a4c074b5d4b7da8f5ab353907f6e8569a048

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 666caf624231ccf892ac5c4471db7d47
SHA1 1956738f35f8f13dbfed259ab186a93f4d201812
SHA256 c6e25ba09f0ec745d80cd90912aea9cab463181b39b3cf0d2eedebc0a53dc339
SHA512 76cf36135b007d35412e3d3bc60ef404582bbe52afb7f0aa490617da89a634e76018c59a68fed9d0b4c94b8000ff0201a3c6c7699adb4642867977a54c47c7a4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8ddb601df39b30479cc31ffc7b66c58f
SHA1 eef833a9e14588770361565f1367459d594b6a34
SHA256 317568b6aa6c94eae7bcd74048943566f55ba94ab016661b69f07964a6cf04e8
SHA512 4304e17a3972868bf4139308ebe95ec3a319e82e3369636b4ab7394cf421ddc33bb86431d899c8843cc54cafda2890d045a4407730c231df593a9e26bb2a1a1c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0edf148bef7423236f2c56e9eabc4467
SHA1 900309554cfbd2bcb6a6c01650e75863823449d4
SHA256 e34953c031c334a6ebee4233ade4494bb855c399d497178af1a933e1497b6874
SHA512 35a561f57a74eb8ac3bf8664e51944ef237f8db29d1f847945d9b21083419aea62c5145324cfff777ac2b3207d667f3fd787bce251e58560b675221a14d9489b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 bac393d138472236ab9313023aeab4ac
SHA1 af87981f2a865f1f4e517df04f1ef7c5494aa33b
SHA256 db44ab4592fe57c06427f6ecb77e411839a7b8ee1860a0e492b0e2c3c348ff3b
SHA512 3f3b4c9b6559b25d8a0cb0c132b5129584db2cd65fb64ad4bf045d66e63c6718567d112d3eb7b93b654df140139f662c45a1376ac0c57705f780d7c825663ed5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3c2d88e3a0d11e5b529a1d3722d5daf8
SHA1 841a8638cb25c7995b1375d997c26d3771be6cd2
SHA256 3cc87a4339b3d386ab0e91b9b18269d60dc0288742257b49c5f5934b9d9eebd2
SHA512 b9b4c3a6058c4f800837e2516a5827d6ae828c334d789c571c0bb5c1b5751cbf693921e680c54301edbe21c4555982cc2c4693b87fd266c48c6b0309c1caa1e7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 947f0ae879b153e73e947bbd5347ef93
SHA1 5b402cd0d553513878dbb0d078b1f9aa1ff2462e
SHA256 73c696793e14407f38d0e566b2fc8fcaa6e827b9ace77c0f1bb913178fad379c
SHA512 1a26ad49f605cdd19073403e73b6584a74296c30bbdd1b9fe6823a0c9e0cfb0be5cef3616e657b00e362a35d8459efb5523030d37d9e40fe9a027f7414108cbc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bdc3a9b79e2bd84250bb4c396a9c4ce2
SHA1 9c323bbed60fadfc3d4457d1aa43c2ec0db9a5b8
SHA256 1098ca2e00f54fa7eb0d7b740b54d7fa284ca3e79acffff1007aaf52b922b84b
SHA512 01cecd2344f7f8c57ccd3ddae012eca0a80be78ce5b51948afe443959f8a3dd5dafec3902fe1b532f8266c2356b44288fcca8a8bd9e8448e2aae827189ff2ed8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0a55d00e27e36a874b2dcfc48df3afa2
SHA1 eb86cc9627b91925d581e2332fca414fc8a7f868
SHA256 5545909731098a20b0b95b8dc08fb923b515c1621601213cb75526603b0f82a3
SHA512 e94a2ed0365d22ff3b7e5a75c7314266cce69d21157af89ec2a2ae27cf8fd89bfa71fc72aeb2fb2dacb5861327c2ef9f5d71cd2b614144b01dc9edb93952a88d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dd6149ec0a1578486bcf16ace70ac2c5
SHA1 80c1f1ca909a2eecfca1cb4b5be46a6a21192eee
SHA256 e59064c05510bff49dbd957cc9a127aa7cf7ac23865414ed87d5bb9e1a7761ed
SHA512 02c94c03b523815a5e6e8e93c365b2d31744e57f9214a17d531ba60d9f04f555de0354ba93ad7bbaef5414e7058f28a508cb46fcf91dfbdc89e6f609a3ccac39

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a45dac000624bcdfc34f3a22045b5d0f
SHA1 f1efe20a88630c4b1bb939ddb34821a8157e3cb4
SHA256 aecf8478a70c18faf8329b8009093c53b68c8f4715aafbe0a5b388ea1820f3df
SHA512 a71d1ffc0386badea4d34c65645763fd782401da6f3abc04af0437638cfd4f33a3cd7079bd09800b359a4e30735646d96dbadeae698eec8931097cebff0ccdb9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 da666f0bd0628b5336dce69e1d0c0aba
SHA1 c70da4807da6f38cb78ae7fdfd65e45490b3476a
SHA256 3e703cb540b311a242dffc383b426572bf1f6123339d938bdfe32fa46b84a55b
SHA512 9f53331b999e4a6e2202566efc7a3cbbaf08bfa50aef4f81d58a519013d1c49d6e9930289b969f8603b19a606bd9b39c24a6d918e5e75536f13815b400eb5cd6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a1040b006c82132d3c63b04f1f68e76d
SHA1 af8011022cd89e0b839dcaeea5ecfbdfbebdcfac
SHA256 3f8bb0b53de15e66a7470947a6882fa7f5fb50efb4d765692c47f74c7e190783
SHA512 25bf982eaa4b2e8b3112898b6bbd35b427173abcb02da9e0b68d03af5e9d7bdec9ff2e96addc140e8642cdf2cd513eaf1bfda879615ea6d962d186b08f07edca

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ed79f3db8b7a21324078aeb68ab51755
SHA1 13692578d510cdd5ee67847237672b5c4560d82d
SHA256 2f2b184c35f1dc1ead13ea0c92b38cfe9e87ca1cc7e7b8ee7d3035d491d48b21
SHA512 767a706e52f567755203707c990946de9b20fb1525328523f6bd80ed7be77502b769d6c154c54a08efb78e28917f05035d03e1f8eb7a0ff6c981df6df8294753

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q4648X1K\2254111616-postmessagerelay[1].js

MD5 c264799bac4a96a4cd63eb09f0476a74
SHA1 d8a1077bf625dac9611a37bfb4e6c0cd07978f4c
SHA256 17dce4003e6a3d958bb8307bffa9c195694881f549943a7bdb2769b082f9326d
SHA512 6acd83dfd3db93f1f999d524b8828b64c8c0731567c3c0b8a77c6ddcf03d0e74ee20d23171e6ceac0c9f099dce03f8e5d68e78c374da2c055973f6ac2db4e4f9

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROLMKJ86\rpc_shindig_random[1].js

MD5 25879c1792060210aabb2cc664498542
SHA1 349848a5e88088b22fb4762ca2a619d1a7f40d97
SHA256 1c0dff80b0111b04f387f0c39fe8d199e909c285f5471da80d6da78c79f9fc79
SHA512 845cb435d102d39b001e7f00d7528dbc3f8505809f5fbca039587ed82d9790b16c9179de8877fd48f2fdab11e7308ad003303821217213a2b99e60d9915a9c88

Analysis: behavioral2

Detonation Overview

Submitted

2025-01-07 12:51

Reported

2025-01-07 12:54

Platform

win10v2004-20241007-en

Max time kernel

145s

Max time network

139s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_63e49e4bd29787c304b206395c9ffb3d.html

Signatures

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3228 wrote to memory of 1876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3228 wrote to memory of 1876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3228 wrote to memory of 1956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3228 wrote to memory of 1956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3228 wrote to memory of 1956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3228 wrote to memory of 1956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3228 wrote to memory of 1956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3228 wrote to memory of 1956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3228 wrote to memory of 1956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3228 wrote to memory of 1956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3228 wrote to memory of 1956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3228 wrote to memory of 1956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3228 wrote to memory of 1956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3228 wrote to memory of 1956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3228 wrote to memory of 1956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3228 wrote to memory of 1956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3228 wrote to memory of 1956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3228 wrote to memory of 1956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3228 wrote to memory of 1956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3228 wrote to memory of 1956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3228 wrote to memory of 1956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3228 wrote to memory of 1956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3228 wrote to memory of 1956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3228 wrote to memory of 1956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3228 wrote to memory of 1956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3228 wrote to memory of 1956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3228 wrote to memory of 1956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3228 wrote to memory of 1956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3228 wrote to memory of 1956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3228 wrote to memory of 1956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3228 wrote to memory of 1956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3228 wrote to memory of 1956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3228 wrote to memory of 1956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3228 wrote to memory of 1956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3228 wrote to memory of 1956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3228 wrote to memory of 1956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3228 wrote to memory of 1956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3228 wrote to memory of 1956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3228 wrote to memory of 1956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3228 wrote to memory of 1956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3228 wrote to memory of 1956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3228 wrote to memory of 1956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3228 wrote to memory of 1264 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3228 wrote to memory of 1264 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3228 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3228 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3228 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3228 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3228 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3228 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3228 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3228 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3228 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3228 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3228 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3228 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3228 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3228 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3228 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3228 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3228 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3228 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3228 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3228 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_63e49e4bd29787c304b206395c9ffb3d.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffad17946f8,0x7ffad1794708,0x7ffad1794718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,2734082842183685229,11088838478563302943,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,2734082842183685229,11088838478563302943,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,2734082842183685229,11088838478563302943,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2734082842183685229,11088838478563302943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2734082842183685229,11088838478563302943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2734082842183685229,11088838478563302943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4572 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2734082842183685229,11088838478563302943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2734082842183685229,11088838478563302943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2734082842183685229,11088838478563302943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2734082842183685229,11088838478563302943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,2734082842183685229,11088838478563302943,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5724 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,2734082842183685229,11088838478563302943,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5724 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2734082842183685229,11088838478563302943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2734082842183685229,11088838478563302943,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2734082842183685229,11088838478563302943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2734082842183685229,11088838478563302943,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,2734082842183685229,11088838478563302943,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6068 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 sites.google.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
GB 172.217.16.238:443 apis.google.com tcp
GB 142.250.200.42:80 ajax.googleapis.com tcp
GB 172.217.169.14:443 sites.google.com tcp
GB 172.217.169.14:443 sites.google.com tcp
GB 172.217.169.14:443 sites.google.com tcp
GB 142.250.179.233:443 www.blogger.com tcp
GB 142.250.200.46:445 www.google-analytics.com tcp
GB 172.217.169.14:443 sites.google.com udp
US 8.8.8.8:53 js-css-image.googlecode.com udp
NL 108.177.96.82:80 js-css-image.googlecode.com tcp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 233.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 82.96.177.108.in-addr.arpa udp
US 8.8.8.8:53 widget.adnet.vn udp
GB 142.250.179.233:443 www.blogger.com udp
GB 172.217.16.238:443 apis.google.com udp
US 8.8.8.8:53 anhnc.googlecode.com udp
US 8.8.8.8:53 www.logomaker.com udp
US 8.8.8.8:53 i8.upanh.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
US 8.8.8.8:53 draft.blogger.com udp
US 8.8.8.8:53 lh4.googleusercontent.com udp
US 8.8.8.8:53 lh6.googleusercontent.com udp
NL 108.177.96.82:80 anhnc.googlecode.com tcp
US 172.67.70.113:80 www.logomaker.com tcp
GB 142.250.187.225:80 4.bp.blogspot.com tcp
GB 142.250.187.225:80 4.bp.blogspot.com tcp
GB 142.250.187.225:80 4.bp.blogspot.com tcp
GB 142.250.187.225:80 4.bp.blogspot.com tcp
GB 142.250.187.225:80 4.bp.blogspot.com tcp
GB 142.250.187.225:80 4.bp.blogspot.com tcp
GB 142.250.178.1:443 lh6.googleusercontent.com tcp
GB 142.250.187.225:80 4.bp.blogspot.com tcp
GB 142.250.187.225:80 4.bp.blogspot.com tcp
GB 142.250.178.1:443 lh6.googleusercontent.com tcp
GB 142.250.178.1:443 lh6.googleusercontent.com tcp
NL 108.177.96.82:80 anhnc.googlecode.com tcp
US 172.67.70.113:443 www.logomaker.com tcp
SG 46.51.221.158:80 i8.upanh.com tcp
US 216.239.36.178:139 www.google-analytics.com tcp
SG 46.51.221.158:80 i8.upanh.com tcp
US 8.8.8.8:53 113.70.67.172.in-addr.arpa udp
US 8.8.8.8:53 225.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 1.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 158.221.51.46.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 connect.facebook.net udp
IE 31.13.73.22:445 connect.facebook.net tcp
US 8.8.8.8:53 connect.facebook.net udp
IE 31.13.73.22:139 connect.facebook.net tcp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
GB 142.250.187.194:445 pagead2.googlesyndication.com tcp
GB 142.250.187.194:139 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 draft.blogger.com udp
GB 142.250.179.233:445 draft.blogger.com tcp
GB 142.250.179.233:139 draft.blogger.com tcp
US 8.8.8.8:53 s0.adnet.vn udp
US 8.8.8.8:53 www.facebook.com udp
NL 108.177.96.82:80 anhnc.googlecode.com tcp
GB 163.70.151.35:80 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 172.217.16.238:443 apis.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 developers.google.com udp
IE 209.85.203.84:443 accounts.google.com tcp
GB 142.250.200.14:80 developers.google.com tcp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 84.203.85.209.in-addr.arpa udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
GB 142.250.200.14:443 developers.google.com tcp
GB 142.250.200.35:443 ssl.gstatic.com tcp
US 8.8.8.8:53 phimnhanh23h.blogspot.com udp
GB 172.217.16.225:80 phimnhanh23h.blogspot.com tcp
US 8.8.8.8:53 35.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 225.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 61cef8e38cd95bf003f5fdd1dc37dae1
SHA1 11f2f79ecb349344c143eea9a0fed41891a3467f
SHA256 ae671613623b4477fbd5daf1fd2d148ae2a09ddcc3804b2b6d4ffcb60b317e3e
SHA512 6fb9b333fe0e8fde19fdd0bd01a1990a4e60a87c0a02bc8297da1206e42f8690d06b030308e58c862e9e77714a585eed7cc1627590d99a10aeb77fc0dd3d864d

\??\pipe\LOCAL\crashpad_3228_YDQRCWFXIMEWIAZS

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0a9dc42e4013fc47438e96d24beb8eff
SHA1 806ab26d7eae031a58484188a7eb1adab06457fc
SHA256 58d66151799526b3fa372552cd99b385415d9e9a119302b99aadc34dd51dd151
SHA512 868d6b421ae2501a519595d0c34ddef25b2a98b082c5203da8349035f1f6764ddf183197f1054e7e86a752c71eccbc0649e515b63c55bc18cf5f0592397e258f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 aace9a99054017b6e174c36527ee2190
SHA1 bdc5802a4b3068174e6be33560116390843aeb83
SHA256 1b3ab08852290c03a5ded697b69fbf0ace283e0e565a3a49da27a8c4486358bd
SHA512 aea2df9057da00f25d030fcd79c2f49aa0fa6d3e1f404992ec56f788bc32a25072c3019bd70281e4d2975cb6a6aa2fd8082994402c137dde95d359761e992ab5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 75aabcc77f150a4402f4fd424c0b29bd
SHA1 1a63c7e7156311c54b67b168dea03ded67389401
SHA256 02a1dafd559095db333a96fdbce3aeaf643deefa6f6df6e9a09c2267ee754f21
SHA512 08ff9e6c73c3520678e2bf4cafc8eb0ea089bb7024fad5b89e90ebf9d36239e7d18c0f1e9dd615f09e5ab0dc1774d645c5cba2d1ce3df279e74318e220196cab

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5310b3b2d59222c9c73c910a91c5c085
SHA1 01b0d93b7731f80f1aa21a8fa212cbbd51aa6e04
SHA256 e0073f26a3a3b6ac758cc316bb069bd45c4a130011c8a386a92bc7c8c2575980
SHA512 97bb09fcfe871b172266e1ef1e07276323dd64126819e363fcbbcaf7611612b0e4ac55d96c69c455a9d38da13b5b8538225a01b5bb3305054eadc2b2fa31d8c8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 88e1d9cb172f8e592d40af74a6f12d29
SHA1 2f7270eac132a8a7f5bd23427e66565f00c0692e
SHA256 65a6c61c9e1c986ba9348fd7bf1e993a0b17b029def5679b049785c6c16700d1
SHA512 d63d7492aa9552cb5f8a4e3345075beda2ed6f9a924e8b67df80a50afd8e5987f7d9d9b3292c57f55bd2537d62e15f17782dd085eff9e5222431f3715d97d237

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 fc5bdcecde5fd5b0a14ff955b32dfc87
SHA1 1ca988d7125f4fed2252857cfe2f5dd0d013432a
SHA256 450bb1eeb3d957f9e5922e602bca74a646bf917af17dc53be2f6d3d65d3a0814
SHA512 be28bb27e360c1b1c2b653aa8e9b3c5f830fa7e5aded9f218fcce9adc66e6aa9bcb1f49df18a895392657eca50d8d4a2089d2e2956595630d7baf63dcdc50d86

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

MD5 2ebfdbd309ee762211b4a2ac39708c4d
SHA1 b002922c672dbe1dd4caa02af24d0b1e7da616af
SHA256 54ae97d445b166859fe3ba6241b97abbac0aa0d158c72352b774d60ba3e81797
SHA512 d1687b7a6da07a72963c96a1e85661046d3d3c96f88445302afa09721fbe211a5fb8881ff14b346b0ebe8a20f5ced21979e9f58e256427e57b85d565bef17720

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1664534303869bb5e84cae0dca50983c
SHA1 0335c0706712ec7524012714cf84fb98e1e5bc92
SHA256 38c15d2af5fd1650a0c3e369574424aed2fd16ef3cf8e27bc39879704a3f86ff
SHA512 9eec62214cf01fdbcf9cb01cc7931a63ddd01fc7ee71616470f00d25c1c9f3270e0d6cd2f402d63a4ab3ebc32540e0f8aa5a1187b35bae1681c148c1e15f2987

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 de584ea1338687d3a6588099585a87f0
SHA1 1eac3a18191cd00bec66c5f2e9c3f31139fce420
SHA256 08e9f21ef7d462701d23f0f64cebdc7d8c9b01954239995d1a25d2e1d42b7c65
SHA512 e7054a97c6e2846ce366373e29393aa926cfae02a4b67c9cc315e8c50058d0946e4062cd574036895ca43e5bdee01d8c507711738a6b44a5dedb881cd563be86

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe592a81.TMP

MD5 57a8e1f161a1a8646d71f33e3f159763
SHA1 cefe76c1f15336e26b1976747a42b512c4178eb5
SHA256 b77d7389b4ed993de8b61be346df0f1a1970cf31eeccd4daf7dc027ba4c00804
SHA512 c876cb0f66a9b5cc94a63b324a74c4c00665848259c5cb5fd9615d09be7d11a978013622f269d0094dd9b74a02039c2cb73988b7d74f5bd3dc14561ccd83cdf6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 9d3309e27f8c6c4f741ca6dd5930ac9c
SHA1 28140156918b37b5f56d35337e8cfa9d932b2752
SHA256 2e5d2fc41989c6353137ca1459c8a9d10e528c8c232e62355d92ea73319cf955
SHA512 3ddc36d68faae6822a765ef663dba99594d54099ea31ca7cc1b1fbb068ad27fce706d3dcbe51823125b5b6441fff7b164e28b524079a1325051b6626eeb1d953