Malware Analysis Report

2025-03-14 21:43

Sample ID 250110-g46znsxmfm
Target JaffaCakes118_dd20a7d98150e1eccb5ba1c32c8eb9b9
SHA256 945ed296b14fbfe13b2d1005308de4ac69c2cc437ea1c52c6285d567fa2540a6
Tags
google discovery phishing
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

945ed296b14fbfe13b2d1005308de4ac69c2cc437ea1c52c6285d567fa2540a6

Threat Level: Known bad

The file JaffaCakes118_dd20a7d98150e1eccb5ba1c32c8eb9b9 was found to be: Known bad.

Malicious Activity Summary

google discovery phishing

Detected google phishing page

Legitimate hosting services abused for malware hosting/C2

System Location Discovery: System Language Discovery

Browser Information Discovery

Modifies Internet Explorer settings

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Enumerates system info in registry

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-01-10 06:22

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-01-10 06:22

Reported

2025-01-10 06:25

Platform

win7-20241010-en

Max time kernel

131s

Max time network

153s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_dd20a7d98150e1eccb5ba1c32c8eb9b9.html

Signatures

Detected google phishing page

phishing google

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{49E50861-CF1B-11EF-AAD8-6AD5CEAA988B} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "442652028" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d046ae222863db01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e5051be3ee267d4f9a5c1cd39551d16400000000020000000000106600000001000020000000aa747b7d8506fa087ddeaafe75484105a3e37f09d691f2c13bda457d57d05aa2000000000e800000000200002000000008136149387a8b238735c1e7e4169f7fe99362fa236db542dd53b6ea23f5046120000000197b7eaac06c24ec34d6dd9554291708b1bf02a422f8128d95e577fce31ac187400000008a5998bdb68314db4c08c81d203c27ae4380bce6cd5cbd911d5ecba65d64d183d888ec9c06e998d0c23fbffcfa1613ee0ae04829664540a96c7071f206cb4139 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e5051be3ee267d4f9a5c1cd39551d164000000000200000000001066000000010000200000006fc6e14ffeabd8cee2c6eb0194dc9cc207677ea93a2ce3f2655cf705994afc40000000000e800000000200002000000054371fd2793a24b5809542b6ad81f033eae08ea37e71e4c3962d5f9ce5024312900000002c9f60e069cf31d270528331c528c7be23e4e813fc06693134288565883f2b5dbbdbe2ecd08eb0b951a9cad65d5f768ad67f983ffb548583c1c3d60a6b9fb2171edb1c711c06e59089d141091a22ecf9e9ade0b1fb91f785ad578a04372b5fd1a31b41d2e616b0367f4ce88f70c042baf9ec0744c07501c21a213fcadbec004ade6b3d995d7e2534e8b321f705fbcba440000000b8844a3373d6d01a0ab884147ab77e56afeefe33af6a7d3c99e9952932f0448ae582b257b486b6667b1845cf8513146aa198679b4bdda526e737fbe2192ab05d C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_dd20a7d98150e1eccb5ba1c32c8eb9b9.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2596 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 platform.twitter.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 sites.google.com udp
US 8.8.8.8:53 static.addtoany.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 goo.gl udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
GB 142.250.179.233:443 www.blogger.com tcp
GB 172.217.16.225:80 1.bp.blogspot.com tcp
GB 172.217.169.14:443 sites.google.com tcp
GB 142.250.178.14:443 apis.google.com tcp
GB 172.217.169.14:443 sites.google.com tcp
GB 142.250.178.14:443 apis.google.com tcp
GB 216.58.204.78:80 goo.gl tcp
GB 151.101.188.157:80 platform.twitter.com tcp
GB 151.101.188.157:80 platform.twitter.com tcp
GB 142.250.187.202:443 ajax.googleapis.com tcp
GB 142.250.187.202:443 ajax.googleapis.com tcp
GB 142.250.179.233:443 www.blogger.com tcp
GB 216.58.204.78:80 goo.gl tcp
GB 142.250.179.233:443 www.blogger.com tcp
GB 142.250.179.233:443 www.blogger.com tcp
GB 172.217.16.225:80 1.bp.blogspot.com tcp
GB 142.250.179.233:443 www.blogger.com tcp
GB 142.250.179.233:443 www.blogger.com tcp
GB 172.217.16.225:80 1.bp.blogspot.com tcp
GB 172.217.16.225:80 1.bp.blogspot.com tcp
GB 172.217.16.225:80 1.bp.blogspot.com tcp
GB 172.217.16.225:80 1.bp.blogspot.com tcp
GB 142.250.179.233:443 www.blogger.com tcp
US 172.67.39.148:80 static.addtoany.com tcp
US 172.67.39.148:80 static.addtoany.com tcp
GB 216.58.204.78:443 goo.gl tcp
GB 216.58.204.78:443 goo.gl tcp
US 172.67.39.148:443 static.addtoany.com tcp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
US 8.8.8.8:53 dl.dropboxusercontent.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 162.125.64.15:443 dl.dropboxusercontent.com tcp
BE 66.102.1.84:443 accounts.google.com tcp
GB 162.125.64.15:443 dl.dropboxusercontent.com tcp
BE 66.102.1.84:443 accounts.google.com tcp
US 8.8.8.8:53 jqueryapi.info udp
US 8.8.8.8:53 themes.googleusercontent.com udp
US 198.58.118.167:80 jqueryapi.info tcp
US 198.58.118.167:80 jqueryapi.info tcp
GB 142.250.200.33:80 themes.googleusercontent.com tcp
GB 142.250.200.33:80 themes.googleusercontent.com tcp
US 8.8.8.8:53 gilsonimaculada.xpg.uol.com.br udp
US 172.67.39.148:443 static.addtoany.com tcp
US 172.67.39.148:443 static.addtoany.com tcp
US 8.8.8.8:53 bloggercomment.com udp
BR 45.152.44.151:80 bloggercomment.com tcp
BR 45.152.44.151:80 bloggercomment.com tcp
BR 45.152.44.151:443 bloggercomment.com tcp
US 8.8.8.8:53 4.bp.blogspot.com udp
GB 142.250.179.233:80 www.blogger.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
US 8.8.8.8:53 slideful.com udp
US 8.8.8.8:53 widgets.amung.us udp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
US 162.249.127.160:80 slideful.com tcp
US 162.249.127.160:80 slideful.com tcp
US 172.67.8.141:80 widgets.amung.us tcp
US 172.67.8.141:80 widgets.amung.us tcp
US 8.8.8.8:53 santoaleixofmnoticias2014.blogspot.com udp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 172.217.16.225:80 santoaleixofmnoticias2014.blogspot.com tcp
GB 172.217.16.225:80 santoaleixofmnoticias2014.blogspot.com tcp
GB 142.250.200.35:443 ssl.gstatic.com tcp
GB 142.250.200.35:443 ssl.gstatic.com tcp
US 8.8.8.8:53 developers.google.com udp
GB 142.250.200.14:80 developers.google.com tcp
GB 142.250.200.14:80 developers.google.com tcp
GB 142.250.200.14:443 developers.google.com tcp
US 8.8.8.8:53 www.microsoft.com udp
GB 95.100.245.144:80 www.microsoft.com tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 2.19.252.157:80 crl.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
BE 66.102.1.84:443 accounts.google.com tcp
BE 66.102.1.84:443 accounts.google.com tcp
BE 66.102.1.84:443 accounts.google.com tcp
BE 66.102.1.84:443 accounts.google.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 c73fce4429c5f0dc0bfdf925e16c9e2e
SHA1 77a7bd55386bc1dc2c15a7c880ffa8a757ed91c2
SHA256 23c499f655a88251ae11385ee8b19da604fbad4c9c0c5035f092dbb60aa6b6db
SHA512 55b4506e0daed9dcee3f7680cf200c3330f3d7ac2dbc586e3b95cda856f6345cc9ebae7e5515c835ae656450e27dfc768954356a58d65efe6d20c47a8ce9a7f9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 527b8e12a7e3f8cb6665c0bddbeb9523
SHA1 6ba060de42eec2c2802b9106dd6837f972ee6821
SHA256 2041eb062e0574669e85346e53a801fe819d8c625d6c9d3c6523652f8d1912db
SHA512 b5f5fdd3cc85b4cebea0e2e59ee834236ce0474a83f44f4db57ad8ac5c0d341205d01fa7673cacc67a180a3399f256ca6fbf550aa086dc4ca79c8070ee7d28cc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 f0faa4ddad0f78d4078fd79b2a2bec2f
SHA1 5a6308893b64c4278acaf7fdc9dce55d18b92db1
SHA256 1721c5eb2ae08cc4b888b250af144b84d99247a911d7422dfc385fd31ada6932
SHA512 a8fd661ccfcf914da8f4221bd408b3c095d0e1eefb3b4a6b81a1d9db3794f70e37f9432f6bfeac09448a5c95c9023df7b1b724b92624f22af33587ed71dbcd93

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

MD5 e935bc5762068caf3e24a2683b1b8a88
SHA1 82b70eb774c0756837fe8d7acbfeec05ecbf5463
SHA256 a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d
SHA512 bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 c36887789fc1d1a86aa370002951aae6
SHA1 0c3f340110f1304116f0e7da5f63d51cac144407
SHA256 9835ea09e8f3ca263c1d2bdaa0ffa6becc917e784b70c709b562dba82214dd0e
SHA512 1cde96318b8039fc66c14dbaeda87880d55fabca5c3a85df6de4d0eaf5be8781fe8fb05a5fe88eeb011dd5479296a9ef3f9ad90424b70f5eee1791a9cef9514a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 6a3d57624c7d71dfd560ff8498023106
SHA1 1f8e4c2eb8cd1190114b8aeb483fd7b2e444bf03
SHA256 4f806391253fc0ce40c06e46697f5686c1e2fba7c36f95faa89217c9e511128a
SHA512 9e9a196ac87e023a25b98fa6a48d596aa68b45b284a0b8ac474dcb3dfd390744474a946653b569d1a031ebe980804a925c97645261dd899da8452e117bfa57de

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C02877841121CC45139CB51404116B25_2AC354D163B9A95ED11B23DFC6FCD931

MD5 6d8395bc944f522748923d969b8eefed
SHA1 43887f19eec5545d97b804bc2f78ec28785b85f6
SHA256 63a8bfbadd1a6a489a8c50ebaaa832f1c04a24e137a7c0b5b92da76fd3c43e4b
SHA512 69eca6482015ce04d07b4e43cd67009d2b5015a38fbb7016866d26e0b1d902b623145f24274d0fbf8a439925402def9897a4f15527c673b5bbf0c7c923314e84

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C02877841121CC45139CB51404116B25_2AC354D163B9A95ED11B23DFC6FCD931

MD5 4f9f97881a5f531f90a8b2c2957b2ae1
SHA1 e36c263c70f4445d1403932d2b1ca40a9583cab7
SHA256 1a7cc98f8293cf603fadf4ad04f7be21fc9bef5c184870bd537058bbf9074248
SHA512 66f090e76e134014a8d6e6f50545481c6a682fcc5fb1ce3e08f0d516dcab91174af033da30a164a9c2ded1d80b807a73b5adf0289e102ff890899fd4abf28a67

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7BCOPU31\plusone[1].js

MD5 2e4a448a27b8a58d75f607c7bdcca6f2
SHA1 31cf764c6c2240148eaaa2b9816e1219a273d0bc
SHA256 d3696859f3485d8aa6f8a4d0054d64fc1ee614e57725221dd1c97b930f02bc3e
SHA512 09ca4d8b6a0fc653490921befcb3d752e150ac9abf24d1fdd49c9453fe2baf969b76433a45121451ef642ea3f73f9c62871cdde5e07976ffdc03ee5200e4d35a

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NT668XG4\cb=gapi[1].js

MD5 b103bb58d9e7cecaa60bdf377d328918
SHA1 0f094c307bceef833a64f408d2f749a10f79de44
SHA256 81dcd274347bd909cf132d3c8bcc9924e41921c33eca07fd6fe5e2a59ca4f5b7
SHA512 b1a4fa329b76df7c861771e1dc36749155895dff623cd916811f2af8c95f3bcf9fe75a3b9a56833f066a227444982ff4883459e24f7eead79b521c2ffdcaa844

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 854ae14da0bbfe260f32c670a793b91d
SHA1 5ce6d233d729573711893cdb00e736619b12b131
SHA256 720c203736d0ad24dfad73a9144b0b31d9021ef3db4f71a3a60cb6e2b670538f
SHA512 7bf782641cfe76929a8c052cce9ed89a5c990d6b34d2c854a70a3286ae9be47250aa3f92ec4c60ceb56f70593955930a512c49d84aaa08325c2ec75d2b686a9a

C:\Users\Admin\AppData\Local\Temp\TarFDB.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\Local\Temp\CabFDC.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0fa2ddf227db135dd5bbf1efd1c91b54
SHA1 085368d6295b285c545dca39aecee995c3ace5c9
SHA256 fdd911a83ed03774fb731219da2768f1df27557f3b044d26618f3220af6c6d9f
SHA512 9ba6b7f1d67bbd573987bad95529a7f94565cc6e0431cd8919501138aedd592200c383894229d7c185aafb1a556bd722670ee366f123958f14c8cb89cde311a1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 21083a81f3aafd3a0eee7f914c08e623
SHA1 6bcea6048a052e8099c9593a8248a43e56a74316
SHA256 11385415ab2c6e4ba94cc4c1bb9ee8e735016f2c1a00628f5c5bd258a58f4902
SHA512 8d8f2c800b772325ed322c08e91d6a5b2f02470f6e93debbbc69fbec8be17b6925620f31618907417fa0090660281a35f24b644df1042d2ad99f2e85ffade844

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8d8179da8974ec86accabc214d6b6e1d
SHA1 1f69d57547c9d46d064026a9d5b5e193f1321361
SHA256 de69406c34d74aefa7aa8e8ec253b81ba6567d06b17858f36b0c8222f25ef863
SHA512 85bad56e7e27881e04feac623cc3adc9b9b0fd53160630c2fb6f11aae5b2e0fede343bcf2ec1c7a574431b4c26aca4030cc6c917cdfd5dd5a968ed6e94b0484c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 03dcff2962dbadc3a1a508abdeef1dd6
SHA1 a2dfdbd5a2dbc9365a9d169f48d5e011d77e6daf
SHA256 9582efcc2b5f18d28bb41c967b146355041ee950b572f026033cef454931ba20
SHA512 68aff9fb7a35f5cf24749baad600fddfe06befd0b5faed3bde9070ff9be7e5d72e7856f1e765d945d8a4a8942e123456365799679abcd073442fcb0e33c24b6c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dfdffc7dcd3938af202241b3299b182c
SHA1 7bbd2a52c4fe4dd25ad41151365f5ac872a318f9
SHA256 d34bdfb2ade76add5310c524860b2b430a4b3680a0bc940ad2232d6e315c7c2a
SHA512 eaff2b1947a9905fbfeafe2a72273bbb6377690ae3fc2eb96b151edff97f1b3293099a6f701d17276ceaf39cf98d2663a64c4e812a96bd826b733ba32eefff52

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 28235360f51252f63d2740dbc606a8b8
SHA1 04196528964d560379c1f16e3720cede4b125c55
SHA256 adef43182210aaaf17a5b390620a64c51438388b7d1c1e230dcd41f029c6c663
SHA512 cf1c5b0f45290a339d8bc9789fe360f5707e56acba97258da34760703f0ac4b1fe3e5e1a6de753606045791ab60d323d355e755fa04fa4f610fd1c50239b6e02

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 98f8ca7ba813fdc8d2aa826c3f8580ca
SHA1 1c9b0089106ce233df1b570ac7c0f8c22e69c7c9
SHA256 9de05e4a11e64dc1b057e2a14b37d316c0d94f8f3e41143f7675dc06f114cb34
SHA512 d2b5d08e428cedd445f57c85abfcd779948e0a21a223411a41ce71e04fdee1503d7e8077b51077cba4c001115667c76378bd9d3994756eff8e2c1fbfe0887e94

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cab36afb228a2a809565e62362c7bef2
SHA1 ebf4a5023ddc7f78e7634193e11d20a2971c9cb8
SHA256 162c18ae000e0898927c03bf4ed7ddb2d0095e6e9115be446419a49ff70fa098
SHA512 2f43e9e8c531da8d1747db6747c7362e7ab5d462de37cf50a6574337d25a9f9f72bc946c6aca75c028f422f3b942a0163256c67b6b010c93b6927e2b73a18bfc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9097a1a5d53fbdb3f787b30bd6a005f0
SHA1 682a2f02ff64077bc77a8024c7c9e61c7489a566
SHA256 4d31a3072b42318eb74cae4b245bcd097c95afd38a2427022c3806f5598c1801
SHA512 8fde99a166e22575f933afb88674cbb74f0164e38033cd170d260b34ec7010eddeb3894a367e8266bbb253b2dcc90fc20bd09e3d96356ce15509666a42198635

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f8310e784f638503622d0191866454a8
SHA1 074899473d7b19472390c9d8c3d6a873cd4a74c9
SHA256 d328ebb48951191443be438313af99f764640ba84eaa29296d8b380a79ae529a
SHA512 bb1000af6155de90439b72951f0963bc867d2e0f7825505d3344cede1324eb2264727498bebc6f0d584b45c8805280cf732e9fea1534bfb6f1fa7397652168a3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 c4efecfde343230000382d6677e52a58
SHA1 1e3c9c62c7bdb94bb3a2b5a894c03977baf358d2
SHA256 b319b5a8b3c3c8fce4e2230d9b3558026f548000056bc02030fa49e2d4c7a426
SHA512 73e918837304d86d88c6f022f1d19a353eecad47f77769c9c4fcc3cb23247767561e9e9e6aa6f97f47663d30d32efa0f08e3064690434eb8eb4db0b7bebe72c9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 19a2fe3e2996761ceb88dcd61a31a291
SHA1 cd0b65eee386bf32b4c55c1b570cb01af83df43a
SHA256 745fdf596260e8e3f4f0287e61b43f09f858722ded8135733d50da5296bde19d
SHA512 caab7375a898fcff8d049aaff2f132d41933167239191e5d74edabb16517399058a31d80e98718f27db4cfb70ad58af7c21028bc6b4e64fd54178fd6d73e7dd5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7449fa178930b06ee823c28a0bf97b1e
SHA1 b00c89d80793236e10daa9b9139a815a89d0962f
SHA256 2b96554d204e1bac5b5241490d94785b5aa7847443c3b66baca5237f657eb578
SHA512 cc1d637f4cec9347bd5bc102423280c3f780c23eef2b4a44a4b98eb9e7bccbdb9a5cedc7b207b345884c1be50fc7a27e77b74e3f44bb044ca10116c3e64159fc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7c2bd724b8c9ab824bab1364ef245924
SHA1 2986b81d10f4dc472a96d69a365b729d7b1628a1
SHA256 ddd1d9a1ca3203954a5e8dcd8c22764720506db737566b40430c54191aa996b0
SHA512 72ef9c7cae166f3f2391ff8b9a99a4466a83b6d6939e6da2a9cb6b8af40d5fdd2cd76e750ac9faf804ddb0643b6e4542c6d4145801d45254c596ed81f44eefe6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d35005e3a2e8b80c9014491e8bde506c
SHA1 b062ba914ac9bccead899dc3480f821800c0fd6f
SHA256 938e19994896637fd9e9b93ff0510b8b7cff4d2f91a6890abd48162e596b9c63
SHA512 2d378e013be7031bfd4ce926229fac9e3c32a17b9329bab4c8dc731238cdfa8ba1a0aaf245f034ed2db9728454aef7c12cc494c2a1efc5f74f09d8dc61e2242b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5b478384507fd4903ea80dcf627bde4b
SHA1 a60b387a5aa99c35ee6d2e7f0d661fc5b7ce60e4
SHA256 64dd8fcd6fd1b3955a4ba50a9d67a7297d9cda79a0ba53fa44484f4fbbcf69b8
SHA512 9c67fff1438050251179fab09ac43ff49a1ca13d2242a353cc2072739ebf2d18215ecd7a2aeefeadf6f98aeb93b509c425aa232c4f3bb686b170d6c280eb21ca

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 b1f8f655ba54b58a0e76acfce27bdfd8
SHA1 688bab04f1368f3286de493d81197a79d951d5b1
SHA256 16c683e72601e7f069c8852b1356265e6c4549ed0ec384aeff05ac5302bf7dce
SHA512 b9c680ab3a5f50604f4f9eb3eb55d0c7018d084ad0e3da5a85977d8a9062d609a77068a983fef853b416ca9700cf469a0d306dbd9de0af79a88ad200bc86ccb7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 61dd5cf1c34e2d3d1d57d37e35c44aed
SHA1 0e483cea990939f8e4141534ecf2ba8d2ca2070b
SHA256 f300566e88b203a257d2f7be984952c76268be6c09719d210b19b64e86e4aa74
SHA512 602c8c8624147c07000f1bc9d3383de837cf088f3c96d780fdc5f55d30462366f44881a54b9c74dc9a550d58f7a445a4ee63ce5f6406f6ab7eae0e30d9339f97

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6d9d8f6d0d69813dd899aa2c280e29ce
SHA1 70f5e2dc4a49d83981a30ad37e3a49154e7c5c37
SHA256 9a658f80a11ebee0a092a3989dcc84e990c3efdccb22a0bb5227f1c746b69adc
SHA512 444bc9561f83546e1294da3d100e2b1b3d181977d7e2602660b3804dd17694fcdc392167ddcbd9b659588bc70765f8edd65fab01f04a89156338ae94b29eb0ad

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 347d7d3b279db959869d6f6e772de7e6
SHA1 27a9f36759e7d9b9a8639c082b7a186d7a8d9ce7
SHA256 0e56b222d0bb834dd610b7afe50091c77c8060f34993ed21fb166b2d7394b364
SHA512 92a38c8b1fe3b52c3a21e7df06f32e4cd43beb713eada9d85a07fcd26ebdaa7a34e9fbf101373b8d499f411668d83cb721cd3893edb4d3e1767e69e59a789182

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 db9575720bc34d0a31a284f4f9523111
SHA1 9036c34c16f34be82e3eb239974e2fbaa6193c5b
SHA256 26d3b190ed4f2611ba024ff8591197301f0b1c228acd48bf581b5a020c98a95e
SHA512 bc6a8c6a0c42ab2af7fb1452bcd70b994b1e870490c01a8ccb446ec4d29bd0746ffebd954dcd7324cf436820413533bac923e4e8e163e58537b1c2836eab6506

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DUME8XYE\2254111616-postmessagerelay[1].js

MD5 c264799bac4a96a4cd63eb09f0476a74
SHA1 d8a1077bf625dac9611a37bfb4e6c0cd07978f4c
SHA256 17dce4003e6a3d958bb8307bffa9c195694881f549943a7bdb2769b082f9326d
SHA512 6acd83dfd3db93f1f999d524b8828b64c8c0731567c3c0b8a77c6ddcf03d0e74ee20d23171e6ceac0c9f099dce03f8e5d68e78c374da2c055973f6ac2db4e4f9

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DUME8XYE\rpc_shindig_random[1].js

MD5 2a64803c4545d283d7a51e71f82a64a0
SHA1 d1e190bc4ab6a900cddff5891650f5ddc390e9db
SHA256 0a5518064275c2fba33ba69c84f584819aafdc9faa0ce3689c8687fc41f58ed1
SHA512 82bd924261272ed025d4938d7e7d5ccd9c6ebfa571b1b6816bf56341ebb70ef9faee807d83ba491a2ddea86e795780ce097fce4957d432d3b44497f5e6e16576

Analysis: behavioral2

Detonation Overview

Submitted

2025-01-10 06:22

Reported

2025-01-10 06:25

Platform

win10v2004-20241007-en

Max time kernel

146s

Max time network

147s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_dd20a7d98150e1eccb5ba1c32c8eb9b9.html

Signatures

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3828 wrote to memory of 1488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3828 wrote to memory of 1488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3828 wrote to memory of 2544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3828 wrote to memory of 2544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3828 wrote to memory of 2544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3828 wrote to memory of 2544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3828 wrote to memory of 2544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3828 wrote to memory of 2544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3828 wrote to memory of 2544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3828 wrote to memory of 2544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3828 wrote to memory of 2544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3828 wrote to memory of 2544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3828 wrote to memory of 2544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3828 wrote to memory of 2544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3828 wrote to memory of 2544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3828 wrote to memory of 2544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3828 wrote to memory of 2544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3828 wrote to memory of 2544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3828 wrote to memory of 2544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3828 wrote to memory of 2544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3828 wrote to memory of 2544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3828 wrote to memory of 2544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3828 wrote to memory of 2544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3828 wrote to memory of 2544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3828 wrote to memory of 2544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3828 wrote to memory of 2544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3828 wrote to memory of 2544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3828 wrote to memory of 2544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3828 wrote to memory of 2544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3828 wrote to memory of 2544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3828 wrote to memory of 2544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3828 wrote to memory of 2544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3828 wrote to memory of 2544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3828 wrote to memory of 2544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3828 wrote to memory of 2544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3828 wrote to memory of 2544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3828 wrote to memory of 2544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3828 wrote to memory of 2544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3828 wrote to memory of 2544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3828 wrote to memory of 2544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3828 wrote to memory of 2544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3828 wrote to memory of 2544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3828 wrote to memory of 2156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3828 wrote to memory of 2156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3828 wrote to memory of 1624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3828 wrote to memory of 1624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3828 wrote to memory of 1624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3828 wrote to memory of 1624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3828 wrote to memory of 1624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3828 wrote to memory of 1624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3828 wrote to memory of 1624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3828 wrote to memory of 1624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3828 wrote to memory of 1624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3828 wrote to memory of 1624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3828 wrote to memory of 1624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3828 wrote to memory of 1624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3828 wrote to memory of 1624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3828 wrote to memory of 1624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3828 wrote to memory of 1624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3828 wrote to memory of 1624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3828 wrote to memory of 1624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3828 wrote to memory of 1624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3828 wrote to memory of 1624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3828 wrote to memory of 1624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_dd20a7d98150e1eccb5ba1c32c8eb9b9.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdd3a146f8,0x7ffdd3a14708,0x7ffdd3a14718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,10065993604960417951,7055403512634387745,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2012,10065993604960417951,7055403512634387745,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2012,10065993604960417951,7055403512634387745,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,10065993604960417951,7055403512634387745,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3136 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,10065993604960417951,7055403512634387745,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3168 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,10065993604960417951,7055403512634387745,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,10065993604960417951,7055403512634387745,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,10065993604960417951,7055403512634387745,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,10065993604960417951,7055403512634387745,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,10065993604960417951,7055403512634387745,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,10065993604960417951,7055403512634387745,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5940 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,10065993604960417951,7055403512634387745,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6348 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2012,10065993604960417951,7055403512634387745,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5588 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2012,10065993604960417951,7055403512634387745,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5588 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,10065993604960417951,7055403512634387745,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7084 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,10065993604960417951,7055403512634387745,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7112 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,10065993604960417951,7055403512634387745,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6516 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,10065993604960417951,7055403512634387745,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6960 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,10065993604960417951,7055403512634387745,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7104 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 netdna.bootstrapcdn.com udp
US 8.8.8.8:53 sites.google.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 goo.gl udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
GB 142.250.178.14:443 apis.google.com tcp
US 104.18.11.207:445 netdna.bootstrapcdn.com tcp
GB 172.217.169.14:443 sites.google.com tcp
GB 172.217.169.14:443 sites.google.com tcp
GB 142.250.179.233:443 www.blogger.com tcp
GB 142.250.179.233:443 www.blogger.com tcp
GB 142.250.180.10:443 ajax.googleapis.com tcp
GB 216.58.204.78:80 goo.gl tcp
GB 216.58.204.78:80 goo.gl tcp
GB 216.58.204.78:443 goo.gl tcp
GB 216.58.204.78:443 goo.gl tcp
GB 172.217.169.14:443 sites.google.com udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 233.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
GB 142.250.179.233:443 www.blogger.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 resources.blogblog.com udp
GB 172.217.16.225:80 2.bp.blogspot.com tcp
GB 142.250.179.233:443 resources.blogblog.com tcp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 platform.twitter.com udp
GB 151.101.188.157:80 platform.twitter.com tcp
GB 172.217.16.225:80 3.bp.blogspot.com tcp
US 8.8.8.8:53 static.addtoany.com udp
US 104.18.10.207:445 netdna.bootstrapcdn.com tcp
US 8.8.8.8:53 netdna.bootstrapcdn.com udp
US 104.22.71.197:80 static.addtoany.com tcp
US 104.18.11.207:139 netdna.bootstrapcdn.com tcp
US 104.22.71.197:443 static.addtoany.com tcp
US 8.8.8.8:53 157.188.101.151.in-addr.arpa udp
US 8.8.8.8:53 225.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 1.bp.blogspot.com udp
GB 172.217.16.225:80 1.bp.blogspot.com tcp
US 8.8.8.8:53 197.71.22.104.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 www.blogblog.com udp
GB 216.58.204.78:443 goo.gl udp
GB 142.250.179.233:445 www.blogblog.com tcp
GB 142.250.178.14:443 apis.google.com udp
US 8.8.8.8:53 gilsonimaculada.xpg.uol.com.br udp
US 8.8.8.8:53 jqueryapi.info udp
US 45.33.30.197:80 jqueryapi.info tcp
US 8.8.8.8:53 themes.googleusercontent.com udp
US 104.22.71.197:443 static.addtoany.com tcp
US 8.8.8.8:53 bloggercomment.com udp
GB 142.250.200.33:80 themes.googleusercontent.com tcp
GB 142.250.187.195:80 fonts.gstatic.com tcp
GB 142.250.187.195:80 fonts.gstatic.com tcp
BR 45.152.44.151:80 bloggercomment.com tcp
BR 45.152.44.151:80 bloggercomment.com tcp
BR 45.152.44.151:443 bloggercomment.com tcp
US 8.8.8.8:53 197.30.33.45.in-addr.arpa udp
US 8.8.8.8:53 33.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 151.44.152.45.in-addr.arpa udp
BR 45.152.44.151:443 bloggercomment.com tcp
US 8.8.8.8:53 4.bp.blogspot.com udp
GB 142.250.179.233:80 www.blogblog.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
US 8.8.8.8:53 slideful.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
DE 157.240.253.35:445 www.facebook.com tcp
US 8.8.8.8:53 developers.google.com udp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
US 162.249.127.160:80 slideful.com tcp
GB 172.217.16.225:80 4.bp.blogspot.com tcp
US 8.8.8.8:53 widgets.amung.us udp
GB 142.250.200.14:80 developers.google.com tcp
GB 151.101.188.157:443 platform.twitter.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 104.22.74.171:80 widgets.amung.us tcp
US 8.8.8.8:53 santoaleixofmnoticias2014.blogspot.com udp
BE 66.102.1.84:443 accounts.google.com tcp
US 162.249.127.160:80 slideful.com tcp
BE 66.102.1.84:443 accounts.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.225:80 santoaleixofmnoticias2014.blogspot.com tcp
GB 172.217.16.225:80 santoaleixofmnoticias2014.blogspot.com tcp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 t.dtscout.com udp
GB 142.250.200.14:443 developers.google.com tcp
US 8.8.8.8:53 syndication.twitter.com udp
US 141.101.120.11:443 t.dtscout.com tcp
US 104.244.42.72:443 syndication.twitter.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
BE 66.102.1.84:443 accounts.google.com udp
GB 142.250.200.3:443 ssl.gstatic.com tcp
US 8.8.8.8:53 twitter.com udp
US 8.8.8.8:53 www.blogblog.com udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 160.127.249.162.in-addr.arpa udp
US 8.8.8.8:53 84.1.102.66.in-addr.arpa udp
US 8.8.8.8:53 171.74.22.104.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 11.120.101.141.in-addr.arpa udp
US 8.8.8.8:53 72.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 3.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 92.12.20.2.in-addr.arpa udp
GB 142.250.187.194:445 pagead2.googlesyndication.com tcp
GB 142.250.187.194:139 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 connect.facebook.net udp
DE 157.240.253.1:445 connect.facebook.net tcp
US 8.8.8.8:53 connect.facebook.net udp
DE 157.240.253.1:139 connect.facebook.net tcp
BE 66.102.1.84:443 accounts.google.com udp
US 8.8.8.8:53 whos.amung.us udp
US 104.22.74.171:445 whos.amung.us tcp
US 104.22.75.171:445 whos.amung.us tcp
US 172.67.8.141:445 whos.amung.us tcp
US 8.8.8.8:53 whos.amung.us udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
GB 142.250.179.233:443 www.blogblog.com udp
BE 66.102.1.84:443 accounts.google.com udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 37f660dd4b6ddf23bc37f5c823d1c33a
SHA1 1c35538aa307a3e09d15519df6ace99674ae428b
SHA256 4e2510a1d5a50a94fe4ce0f74932ab780758a8cbdc6d176a9ce8ab92309f26f8
SHA512 807b8b8dc9109b6f78fc63655450bf12b9a006ff63e8f29ade8899d45fdf4a6c068c5c46a3efbc4232b9e1e35d6494f00ded5cdb3e235c8a25023bfbd823992d

\??\pipe\LOCAL\crashpad_3828_FBGYQWJUSKESLLSC

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 d7cb450b1315c63b1d5d89d98ba22da5
SHA1 694005cd9e1a4c54e0b83d0598a8a0c089df1556
SHA256 38355fd694faf1223518e40bac1996bdceaf44191214b0a23c4334d5fb07d031
SHA512 df04d4f4b77bae447a940b28aeac345b21b299d8d26e28ecbb3c1c9e9a0e07c551e412d545c7dbb147a92c12bad7ae49ac35af021c34b88e2c6c5f7a0b65f6a8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7782a0bc853e893def984275ea50189b
SHA1 926caadfb899b4b6e354565a320c4a2be62d476d
SHA256 afe6196879cded05bd882bcf3fb851aee94af6f2f7daa33d6241d886faf7182b
SHA512 da24a09e3423a5902a5d940ff1cdc90036e982b761bf982846d89b2c34c6ceb4b1e0274f2402be9871d4c58247e3ba060151daee81a46abbf662c6f07b634793

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 47871ccd3e8f322d1905b80f66a7e81f
SHA1 da2087ab1dcc1ddcf655da657c7b2a57d510b442
SHA256 4d8d68f3682730a8346f39c006831370cda878ddd5645b42ecffc8b5766aa17c
SHA512 f7bda788c5271041ca9a75abc5eb3e951b643b9f89cfdc693e8aad3e98d8c0c348f93b19aa33c148996bd0eb4be5cdd8c06dfae3b42357e17f186fd6946f9749

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6f4d8e0b1ec5eddb612362aae0b21c9a
SHA1 aab38d69e8fb09a73cdb8fa7c29ce8a48fa8aef2
SHA256 769e0b7b93701041753aae1899c1dca901fdfc68626c72fcbd9f1adb428589af
SHA512 25ce330eddb6ed881e0f754767549c3b1dff32cb564baa61dc486f20d5aaeab03dbd4ae89954a420e017856d6635af7d06eac60d4a00ec2c31733e5bd94fb272

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

MD5 2ebfdbd309ee762211b4a2ac39708c4d
SHA1 b002922c672dbe1dd4caa02af24d0b1e7da616af
SHA256 54ae97d445b166859fe3ba6241b97abbac0aa0d158c72352b774d60ba3e81797
SHA512 d1687b7a6da07a72963c96a1e85661046d3d3c96f88445302afa09721fbe211a5fb8881ff14b346b0ebe8a20f5ced21979e9f58e256427e57b85d565bef17720

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 1755b589937c3afea2e858d5645c6d66
SHA1 4f24a03a1dfb569e2213820e6f0441eb4f70b0a2
SHA256 1d001866fb9765f6cea5dce8646fa68b9d30ab253a328ff6dbab2fddc839c6a5
SHA512 8cf2ccdfce19c9807950aebf277307678ed6b884905587d8e502055e43aad6abcda9c67ac27d688f33e6a8a7857327765b38a638f4459e442f30e30c88240548

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57dc27.TMP

MD5 2296ad3a2b83b82598d13d8a0977ca04
SHA1 62434c34ff58648a5697fe2ae79bfe711f2f1c0d
SHA256 3dcdf81b7bfe3bda435100a6f7a9b5753d3f9fbfaa1e477772cef5ad5fc4656a
SHA512 8b1dcd75fefae3c7bc947f93e2d95810facf6ecd88dc3d600c6a661f017508153e9785c5bd5d9e958b2753d471edca13ea78931588ef5cec3215fdad07202a66

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3b58fd3f7b3baba315bf3f5d6c1121cb
SHA1 f8a4376de8f1c8ba5d070998acb7e61ce9ae356d
SHA256 d973f0a959afc02e4ea5e87fa1b821f778ecdbceb52c4994cc04ca4e4d9a1c53
SHA512 5ed43000eb21f4133f3157656dd2d79250d2e811ef0960454e51fb9212f2323651fb46985fc63f38907958bb82b76a8172dbf7eee28f6ba8a152ec337a03ecb3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 e3f8e57d0a47daea39c8c3afb373a048
SHA1 55f1b2da3eed399b4b2dedf8f4becfc37b6aace9
SHA256 14249dcd7ed14ad2b2d90cfaef686d6eaf9dd9cf05f92cba472f4a1c3bc19a09
SHA512 11585eae23f339fda5e3f57cee7073120ef7bb7cdc7fc243689e9ba22221156cd10ec8976ccc33d174d9398a596ec417e839a47fc786cf8826abc94d21bf8b85

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 0840f024ff64aed1229b654fc49d7d8c
SHA1 41901565f1a232eb2a9d94595c81a9ed83f20899
SHA256 6e680be6aa33b3ca0409ab69b0bad4c7f18de96fd8747fd2e9d0eb164a20d9cd
SHA512 6863da6c618036ca3cb3e903097fefe47f8166d8fdddd9f75041bbbf8ad94dc1a315f132968c0650abfad6ad806e144866d8fd9221dba1edde1302f8058f1b63

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b0cf9d42eeb734c6bc45c35d9c067715
SHA1 ce781d222a8df44a5264a618823f1de16cf3ded9
SHA256 12c567f69ca53bf131448fd42281c748b83f45bb13a1c8fc9c514b44194f5a53
SHA512 68a6652a2aa849ebdf03ce6e081faa18571411d9d4b46241caebe2a0c6971b3e23044127487b89510e6a176b239b4c81d9032f51d681ccf56fae9728a7c6974a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389