Malware Analysis Report

2025-08-10 21:29

Sample ID 240527-w5jcbsdd2w
Target 7a17f00a742a68ab27493c4794cd1706_JaffaCakes118
SHA256 4526ec0525bff3057178942ae962a1487a4c82ff5ae664eadeddc1f97c8a5a28
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

4526ec0525bff3057178942ae962a1487a4c82ff5ae664eadeddc1f97c8a5a28

Threat Level: No (potentially) malicious behavior was detected

The file 7a17f00a742a68ab27493c4794cd1706_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-27 18:30

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-27 18:30

Reported

2024-05-27 18:32

Platform

win7-20240215-en

Max time kernel

141s

Max time network

142s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7a17f00a742a68ab27493c4794cd1706_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008782cfd43a4d6143bd78362b17be40740000000002000000000010660000000100002000000025d0253e49a181b022c626a3de78aedf2ba5032017f29bd653dba9f69a2e3394000000000e8000000002000020000000cf3151fac0765f328f1cbab4b757e6e2b566ad1cb489eceb052a152d1dd50dbd900000008279a418e4f00a6e4388b1960a974e7c384238c5f1225684cc8fdc6f88282e3a377aef7918dc48168599f3fc6d3360d15f86e0e7cdbd56b4ad86dbc855e77e3cff0a60b08b799620c213c5297df712426649c384dd22226100c4c7d87a5a9379776523d222eaf40c8b7c2fa3806e496d90dd56b82a9c99824c982d755cdc934fdfc4923fd43be7305694444e641aae6140000000e00dc325ab1d049b6fe6a655f9c28cea9c2638b4036b43c24c233d781884ded444181f53a8df29a1d39c9e76bb36e8747d8876fc243f26000450f724af3c29a1 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422996482" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008782cfd43a4d6143bd78362b17be40740000000002000000000010660000000100002000000075e3bff33d5f687a2a53c8525805606f89f325abdbec0c5fe4b4eb463d07025b000000000e8000000002000020000000e87a6eaa4c47e189f314e55a4cdc11e884b568919009d9ea2566fd5177b3d3a920000000625a7c568887571f6f0201d90a1206be24daca891f73f66443b720f4d864146840000000c5bb9a00372ae5a6d59895de5aedeb2b04f0640d0e04e665ed8cd7fd10e35d54077a1aa3e23a8b55cea0dcfd6fbf11d96dd32d34e3d8d7df1d569b77efa54ef5 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{28C2A4C1-1C57-11EF-A2CF-6EE901CCE9B5} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90e685fe63b0da01 C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7a17f00a742a68ab27493c4794cd1706_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2040 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 yui.yahooapis.com udp
US 8.8.8.8:53 babygracephotography.com udp
US 8.8.8.8:53 blog.babygracephotography.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 www.studiocontact.net udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 toolbar.wibiya.com udp
US 8.8.8.8:53 tweetboard.com udp
FR 172.217.20.193:80 4.bp.blogspot.com tcp
GB 87.248.114.12:80 yui.yahooapis.com tcp
FR 172.217.20.193:80 4.bp.blogspot.com tcp
FR 172.217.20.193:80 4.bp.blogspot.com tcp
FR 172.217.20.193:80 4.bp.blogspot.com tcp
GB 87.248.114.12:80 yui.yahooapis.com tcp
GB 87.248.114.12:80 yui.yahooapis.com tcp
GB 87.248.114.12:80 yui.yahooapis.com tcp
FR 172.217.20.193:80 4.bp.blogspot.com tcp
FR 172.217.20.193:80 4.bp.blogspot.com tcp
FR 172.217.20.193:80 4.bp.blogspot.com tcp
US 3.33.130.190:80 babygracephotography.com tcp
US 3.33.130.190:80 babygracephotography.com tcp
FR 172.217.20.193:80 4.bp.blogspot.com tcp
FR 172.217.20.193:80 4.bp.blogspot.com tcp
FR 172.217.20.193:80 4.bp.blogspot.com tcp
FR 172.217.20.193:80 4.bp.blogspot.com tcp
FR 172.217.20.193:80 4.bp.blogspot.com tcp
FR 172.217.20.193:80 4.bp.blogspot.com tcp
FR 172.217.20.193:80 4.bp.blogspot.com tcp
FR 172.217.20.193:80 4.bp.blogspot.com tcp
FR 172.217.20.193:80 4.bp.blogspot.com tcp
GB 87.248.114.12:80 yui.yahooapis.com tcp
GB 87.248.114.12:80 yui.yahooapis.com tcp
FR 172.217.20.193:80 4.bp.blogspot.com tcp
FR 172.217.20.193:80 4.bp.blogspot.com tcp
FR 172.217.20.193:80 4.bp.blogspot.com tcp
FR 172.217.20.193:80 4.bp.blogspot.com tcp
FR 172.217.20.193:80 4.bp.blogspot.com tcp
FR 172.217.20.193:80 4.bp.blogspot.com tcp
US 165.22.38.244:80 toolbar.wibiya.com tcp
US 165.22.38.244:80 toolbar.wibiya.com tcp
US 3.19.116.195:80 tweetboard.com tcp
US 3.19.116.195:80 tweetboard.com tcp
US 8.8.8.8:53 www.tealdit.com udp
US 104.21.72.39:80 www.tealdit.com tcp
US 104.21.72.39:80 www.tealdit.com tcp
US 8.8.8.8:53 www.hugedomains.com udp
US 104.21.72.39:443 www.tealdit.com tcp
US 104.26.7.37:443 www.hugedomains.com tcp
US 104.26.7.37:443 www.hugedomains.com tcp
FR 172.217.20.193:80 4.bp.blogspot.com tcp
FR 172.217.20.193:80 4.bp.blogspot.com tcp
FR 142.250.75.238:80 www.google-analytics.com tcp
FR 142.250.75.238:80 www.google-analytics.com tcp
N/A 127.0.0.1:80 tcp
N/A 127.0.0.1:80 tcp
N/A 127.0.0.1:80 tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OOWQLMJV\calendar-min[1].js

MD5 53be4d85829221f66232d883e3a327c7
SHA1 88f8b450538e5aee6d142192cfd8ba9496ecee26
SHA256 e3468b5f1f6d645c2b1a58636286f72d503b00789205b9d9895b161372a90bb9
SHA512 00e5ee012e696829100d11a475dbf31dc19e4ef5220212c34aa0898bf9a1398eef32c361662d3a9df4bf5c992f7990e7e3738f50bd7c730d7a4aeb1cc4c709ee

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OOWQLMJV\yahoo-dom-event[1].js

MD5 8df028d2d3bb6f05621ab23d215ce7ae
SHA1 3fbe84dae8d7e5d0d776d2ca166eb06c4b21ef99
SHA256 51322e416967b25b9e30eff75661f6d108445c040f91a2b590f59f44e3991509
SHA512 150dfe2872bbe9620f08be7fae51d468a39a7b673e01444eacc9f106b5011231f475efeb07c371632380e1ce48c3fa4e529aac925f4daaf91aa43cb4f312df42

C:\Users\Admin\AppData\Local\Temp\Tar2E45.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\Local\Temp\Cab2E34.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6fb1562c0bc4494bfb1e416301f1cd71
SHA1 9f73cb1ae0a51393788bd4e2433f4eaab541eaaa
SHA256 ca6c41f1add8b67954ea434c6c257a45178ad757703a5ee81725b13e7c11352d
SHA512 0948a86dd12499c5788bc598e5e865b06c91498930eace6d370e4799575a3fd2abe343a699d30746daf07806d7f4416fbab67c903afb484099e3746cd8d05c58

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7fd7eec71938298eed3ede65104e4597
SHA1 1e2eb13b081c84a460fd522fa19d7fdad9294e51
SHA256 93398d9347ffc7aa0beba5304c5d7d9f428b8a93708618a0dc01cd4ebc52b103
SHA512 6bd287f7842e4e52b5ccac625cae41d49fc17e9cdab419b48bc6840c3362a31e8d58f15596dadcaa7543c5138a2a0f37c3f0914599e8fc6fc1af0d82adcf8453

C:\Users\Admin\AppData\Local\Temp\Tar2F16.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e6bb5b9ea1465b9ab790d0f7bdc5620c
SHA1 8a8b4ccb51c4052cc2b260b6bd3fa639a270e4bc
SHA256 16a78860a9ea6fd524aa2538f58d123f86676081f3f11518964b8b2e90744e56
SHA512 e5cc520590caf0dd2a35b303a4f49d896111361f529f0675950444ee41ee67d53eabecb8a4fd220fb0e0d7d0707897439c49744b03099a3db1875a84d8ec9db4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 76c48aac8b9214d50168046c64bf55b7
SHA1 95847d7a1d98336fd79c8c2e9c67f60bce388ad9
SHA256 e5abe756bd492d0127d4d4708a06fdae3d9e9ae4a513379dcb7502f91752e564
SHA512 215c9a9ade15081378908c6d73734d1e27f914d7c36c6bda52996077020b4dbec1358a21c13f695ae893e242cad047373fd52f03fbe2fb5feb56a506f7b2d517

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 852ab5c3f4d3ecb1bb268a67c1671310
SHA1 9234154f3af235c2a3f214c2701c98eed76931af
SHA256 af87faa4cbd46694f92e145a528c55bc03f9348be61bf4b40170f92908d7cd16
SHA512 4ddb191a47a0d75f90ce5cf0d36a2007313c7d3c74e277a3d24b4272eb2a1eff4614084434fb4ecca88b93fa8bc6e22d0b4de8adf71aac93e620b3fcc48d42b9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5d607d6b99a9cbfc6a38a750335145e3
SHA1 834895a5f57b6335b572ef950910a5175add62e7
SHA256 20023ac458c5783db66a2e9a8ae14d4450ea1cd1070eae6e35ece749cc8ca7db
SHA512 f4c986a173a5685ebbfb4d3aacb0c7eda68a1e2ecdf026c890f143f4897508f14c703536f2ba4cbc6caa35ef9875331265cbab9fa9b1e8d0451cf036623aee3b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 39705e1068c0f88edfcf45d891f5dd54
SHA1 7d0d10703bfd61d19b418fa58755e03f7b5c9afb
SHA256 214b4139a0719fb4e6d1b229c978d33afc11f80984106b32c4f08f51f3f40320
SHA512 39c516e71de1b3404d3add651062f9bff3e226ee79674efd1e13541e73a108fbc8c454598e89798c6bc8f2f9fd455d6201626a7cfe0b568f9c1637ed6c6d7e06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d4259b479ca59926cf3ef9f1024698ea
SHA1 f7866cbe30b9c8cf13a1bef1ce84a1a9c119ce98
SHA256 c45e21bc46060dd1edf2b33a5095ce9eb663e1aab023790d3707ee764c8d8f8d
SHA512 8e37a9fdf5e0b905fe8fab5b338ba0ef837e33d55b6c0cd446402f8f2145e74b2212d5b9fb659efb615214c5c5f29e198ee3635c002831421f6816a71c8d9e6f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 da75de27599d838ec400071421e20a3f
SHA1 8065c9ea737e27789cb45fdc04cc428582c10bc7
SHA256 0c4b3de7a12cad331a9e1daf40c5f09a4d82330bf8d4f826123f748b7aeed0cd
SHA512 51961afc075878290e0a2d59a79edaaacf1a04ed80c43b33bd9c65b2ce35935dfe33cc35a7646ac5fc62b09fb264a9b9395dd2177b58605d746642647d28780d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a9106bfe29f61ede3c74e55716f3ac49
SHA1 002c62ce149221fa58c127ba17e9d737308be158
SHA256 3f752efd9d1c9aae452c29033eb0db96a8456a3080b0cb56559a4778a8022120
SHA512 c3c507e1410072995d71c3d13a1b84452f68864b34b5a79cf538ed243cbea8f499f36b1e4f3ea138424d531859e070160fcfc8a37707cddc275c2cf85d8d3291

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d0340cae748475b52c8364b2ada02f5c
SHA1 455fb5383e2ae71bf1b2b7593750b0960fc240e1
SHA256 6f728c5b27f63fb357c5d529b21327374e99dfeaf4ea89cc502689727ae9416e
SHA512 d20a6015eacbd3de2115a6ba91528464606ee559472c5d5a0b75c0c30573e85f0da24502df872bec63eeed4435047215a1facd0cee612d1cea97e53e70363902

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 b672c22d249f42f29c27bf7bae258baa
SHA1 65db2802cd84b78733ca2e4a4d519c1a532713bd
SHA256 6052ec740a00cd743248cd2aa48ef1f94b97185015bfd955bf6b06102e1f5e59
SHA512 3c8445aa5e7f21049541608550a805e1e07b7b08d1cf942e204203479afb026d09e79ea4183912fe7a905b9d128259934aab0a7b551bdd929167d5e8a90e8219

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7744449913296475c79d068f581e879c
SHA1 ebf622a6c2a998c5a68b29b258236fbb2cd460bc
SHA256 eca5d1315073f6e6606da5f708fa7f688e61db13049e447499e7810b32158c33
SHA512 413e8b21ca2382f0a7e3fb7a054701bd275ba773eb8c6350b2c0df8732ebf4be257c6bbb80725a688c96845c7b2540ab353b9fbe00b402626f2f673831740b83

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 046e028ff81062310d37f6abfaec5f07
SHA1 981b74f6b2fdebbbb04b4d80fb7e90822814ae08
SHA256 db66f854007f85e9da4dd09b99ad8347d224edcd025c5ef377424d3526c6fc69
SHA512 ce1da3a005eb843d9cbb94b5e5c27de98d12a82a1ae4ec3e09386e0678a2ff2c1d68711139490543aa0df9cbc4cc81d5f6a6b9258edeacae918457017dac370d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2056e0d26da735eadc49f879a5530d08
SHA1 0b4f3bf9500030a8b0da95764388c57f15122330
SHA256 20b8881e0a752ee67fddc5b0a3fdc57530caf40df84f4b9e401de0306b2f26fe
SHA512 29911cbaa274ff9bd654c6ccd6ef3d5b9066ae6223fd04d4c2f87504c7802fd814d97e455072e7878de8f1677b280fea6ab49521490024d3346c975f63f4415d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 94d43d7a2609a4d22c1e26e70be50585
SHA1 f3f1987907ca3c6f1c62ee020efa9091914d1239
SHA256 d790abbdd98f650142f0dd1a0159be8efced03ede94470e7a55015042fc0bc16
SHA512 96a1601ee411d1cfa5c66051675b0b3417b3548155b16c555bf4f379d8ccf37dfd68314204b16025d39316a52a965820984acccb3db8a828217e134decef974d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 575c5ca0572de05fcb10c6dab6f8097d
SHA1 6f5c1a4f562730ae67ad818616c3ab5b5387ac23
SHA256 d91d754b4db2743d05157939a33ed2a2f4245bbbccfa16a49f8ab35f5041ec51
SHA512 c0d8810eb35989c014d2da1c5ea4e2f0cf98a52a88fd99434e5d65cd78c64812f9b435e0cad54c47b0cdb612d2b2ee79a057cb6d8932406359da0eb86c8ebc0b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 49cc61beb2a8c5659a7b9fdf76a13bc4
SHA1 136b5279fbdd086a02f1ebd3e18fab4ad2854704
SHA256 38ceba421265e9430c22ac71f3f2cf66b198697ef4b8ee0e49175e57f1c0ff67
SHA512 ad9a52c43628a52687ca478a18c03c45c8f2a468ee3d15bf8066a3b8c23a7e73514d6cabbde9dca2b83d94813c7a575b9479949ca417ce481b4144f8b0b9e0ce

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 41fb2952cdeb3e49c93cf10050b5cf9f
SHA1 d0ad40559cc8506713a98b52f7e9f5926072f2d6
SHA256 4ecaef2e1026872055f1db702c4ce0802c9c7f3a94d0d8b7830b0e02268b9109
SHA512 703c500e1764b675f829159707e4383e1b9f6d086c1abcd4be676e48e46272fbe8c32a067eb344dde30866e3b50ec90cb6424fb2cc1513012192fe10ad1396ba

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 451d9e7d6f070bd0e5298be90bcd70a0
SHA1 759b9bdfcba046115a927f0227ede29882a34bff
SHA256 0811ac3556edb1872c64aed947affd618a87f3e82a331c421a4cc47f4ac07b27
SHA512 5b79d4c271bd25f77a90f9c7310d7667590279b2ef458c574a8cd6bc2fa7574c6a6fcae8e28f20c181d16a5d642b7dd2b9d3bf61bbb148f4d722ff320c321a67

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e535c37e90bbc23ed781d7ea57a1d57d
SHA1 95638f91f2e4991b0c4b2e4e474ddac951effa4c
SHA256 a0fcd16c83681ccae41601c008a1f1a75c596c5317628bf0b24d0e64fc08de97
SHA512 432862f3a3c0ef6fb2a63a0f7fdbd4c8612a69e0619bab7bda185ffbc17ca4d94a53d583155b52034be1b9da3a67a8747845389e0ed8bb4435a1353a13005d76

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e02e5ed4ecf6acff71379978e8417d59
SHA1 ad8d3e0fc8677d16f15c77b7be767c845317634b
SHA256 1314a33755376662fa5743f8beb54526420be99088c62ef8b6ca1a5d5cb05871
SHA512 508ec0087e6f97dd50080699341d0eb585bbed662241509c858cc87a3a0062cccdfe5f2ac10395f329c5a4db56619ad3429b4f6414dd8bf7727d15589d28591a

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-27 18:30

Reported

2024-05-27 18:32

Platform

win10v2004-20240508-en

Max time kernel

149s

Max time network

149s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\7a17f00a742a68ab27493c4794cd1706_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 740 wrote to memory of 3660 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 3660 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 4036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 4036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 4036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 4036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 4036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 4036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 4036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 4036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 4036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 4036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 4036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 4036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 4036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 4036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 4036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 4036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 4036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 4036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 4036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 4036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 4036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 4036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 4036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 4036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 4036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 4036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 4036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 4036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 4036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 4036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 4036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 4036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 4036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 4036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 4036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 4036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 4036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 4036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 4036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 4036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 4384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 4384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 1296 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 1296 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 1296 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 1296 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 1296 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 1296 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 1296 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 1296 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 1296 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 1296 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 1296 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 1296 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 1296 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 1296 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 1296 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 1296 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 1296 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 1296 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 1296 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 740 wrote to memory of 1296 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\7a17f00a742a68ab27493c4794cd1706_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffee01646f8,0x7ffee0164708,0x7ffee0164718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,5284145353572819499,3970256601704970234,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,5284145353572819499,3970256601704970234,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,5284145353572819499,3970256601704970234,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,5284145353572819499,3970256601704970234,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,5284145353572819499,3970256601704970234,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,5284145353572819499,3970256601704970234,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6068 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,5284145353572819499,3970256601704970234,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6068 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,5284145353572819499,3970256601704970234,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1968 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,5284145353572819499,3970256601704970234,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,5284145353572819499,3970256601704970234,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,5284145353572819499,3970256601704970234,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,5284145353572819499,3970256601704970234,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4876 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 yui.yahooapis.com udp
US 8.8.8.8:53 babygracephotography.com udp
US 8.8.8.8:53 blog.babygracephotography.com udp
GB 87.248.114.11:80 yui.yahooapis.com tcp
GB 87.248.114.11:80 yui.yahooapis.com tcp
GB 87.248.114.11:80 yui.yahooapis.com tcp
GB 87.248.114.11:80 yui.yahooapis.com tcp
US 3.33.130.190:80 babygracephotography.com tcp
US 8.8.8.8:53 www.studiocontact.net udp
US 8.8.8.8:53 www.studiocontact.net udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 11.114.248.87.in-addr.arpa udp
US 8.8.8.8:53 190.130.33.3.in-addr.arpa udp
US 8.8.8.8:53 144.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 s.w.org udp
US 8.8.8.8:53 toolbar.wibiya.com udp
US 8.8.8.8:53 tweetboard.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 54.209.32.212:80 tweetboard.com tcp
FR 172.217.20.193:80 2.bp.blogspot.com tcp
FR 172.217.20.193:80 2.bp.blogspot.com tcp
US 165.22.38.244:80 toolbar.wibiya.com tcp
FR 172.217.20.193:80 2.bp.blogspot.com tcp
FR 172.217.20.193:80 2.bp.blogspot.com tcp
FR 172.217.20.193:80 2.bp.blogspot.com tcp
FR 172.217.20.193:80 2.bp.blogspot.com tcp
FR 172.217.20.193:80 2.bp.blogspot.com tcp
FR 172.217.20.193:80 2.bp.blogspot.com tcp
FR 172.217.20.193:80 2.bp.blogspot.com tcp
FR 172.217.20.193:80 2.bp.blogspot.com tcp
FR 172.217.20.193:80 2.bp.blogspot.com tcp
FR 172.217.20.193:80 2.bp.blogspot.com tcp
FR 172.217.20.193:80 2.bp.blogspot.com tcp
US 8.8.8.8:53 www.tealdit.com udp
US 8.8.8.8:53 www.hugedomains.com udp
FR 172.217.20.193:80 2.bp.blogspot.com tcp
US 104.21.72.39:80 www.tealdit.com tcp
US 104.26.6.37:443 www.hugedomains.com tcp
US 104.21.72.39:443 www.tealdit.com tcp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 193.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 244.38.22.165.in-addr.arpa udp
US 8.8.8.8:53 212.32.209.54.in-addr.arpa udp
US 8.8.8.8:53 39.72.21.104.in-addr.arpa udp
US 8.8.8.8:53 37.6.26.104.in-addr.arpa udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
N/A 127.0.0.1:80 tcp
N/A 127.0.0.1:80 tcp
N/A 127.0.0.1:80 tcp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
NL 23.62.61.155:443 www.bing.com tcp
N/A 127.0.0.1:80 tcp
N/A 127.0.0.1:80 tcp
US 8.8.8.8:53 155.61.62.23.in-addr.arpa udp
N/A 127.0.0.1:80 tcp
N/A 127.0.0.1:80 tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 blog.babygracephotography.com udp
N/A 127.0.0.1:80 tcp
N/A 127.0.0.1:80 tcp
N/A 127.0.0.1:80 tcp
N/A 127.0.0.1:80 tcp
US 8.8.8.8:53 blog.babygracephotography.com udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
N/A 127.0.0.1:80 tcp
N/A 127.0.0.1:80 tcp
N/A 127.0.0.1:80 tcp
N/A 127.0.0.1:80 tcp
US 8.8.8.8:53 ajax.googleapis.com udp
FR 172.217.20.202:445 ajax.googleapis.com tcp
FR 142.250.75.238:80 www.google-analytics.com tcp
US 8.8.8.8:53 238.75.250.142.in-addr.arpa udp
US 8.8.8.8:53 ajax.googleapis.com udp
FR 216.58.213.74:139 ajax.googleapis.com tcp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 98.58.20.217.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 eaa3db555ab5bc0cb364826204aad3f0
SHA1 a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca
SHA256 ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b
SHA512 e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4

\??\pipe\LOCAL\crashpad_740_PTXYSYBNOLJMWVAO

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4b4f91fa1b362ba5341ecb2836438dea
SHA1 9561f5aabed742404d455da735259a2c6781fa07
SHA256 d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c
SHA512 fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d201885558abb682b30d47ea09aff7b1
SHA1 d836f2d8063a5f0386f242ff7ff657d36e3acd56
SHA256 3420297b7cc83c22aefbd1b433810a8b1bdfb72b87959a16bac99120d7f51638
SHA512 c87b5598b687b7c0901bc55869f8254d2f1542ee05cf2b9f95005c2e91accb7c01d84a3db80417e3c55a472ad684190c58308ef1ea977aee0b58932174a2bc44

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6af845d2c5e058001f073be8071ee853
SHA1 7b5bcbc82157dfbddad9bb97949cd94fa8fdbc87
SHA256 aed9c8f9a8da9df7ce92151eb796fff573f97befca59f18a3c872e22928aad7f
SHA512 47ce69565b27e089e94c014d3104116baa5fd9244b661b53d8d7307e3a529868257eb46b008ee2695a80c54f9c887e94456dbfeb18b8ca6ef5734cf06a9ff9e4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 357303a67c2fd8729d77a64418ada065
SHA1 82651563c2735e128898239c315d38c68ba68260
SHA256 ca1702c6de77e00939519305f25cad6522ce2a9f99ef5fa4ce30af6683cd5089
SHA512 0cabdbfae022f3f13aec904a0a734e4017d829952d559b17e6889cda8d5ef7e27517b01fe5cd66a883c961f3ca1aebff4abdccc54ab8b129ddbca31a23351cae

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 47665b6b735d5064d011841caddd684d
SHA1 7e3178e45dcf142185a2f79334a9ecbb0713c9c2
SHA256 77a0ee22a24f1650530d6d2346e84eb8bede65de1c7840d94919dac6cd16761d
SHA512 46f013e095532e56544c9d3f3f960e94e690a97c9241fa1fd1a6e9f1cc62b617dad5ca36302d2fed402ec8721f6cf48640e499a2e4adccfff00c2e23a3f91801

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 9a3aca3f5291d392f442163ac8b38086
SHA1 1671f2968e613ca1067cd2b90baf46903bfa345a
SHA256 562df45648930857adf5f8b8610df1451313af72b7f347f4ac83cfcaf12a4202
SHA512 4d9f8656f778097329c318a232ac748a587b1c7fdb3bb0fa44687efb873cb036adfea7928f34b9f6af247f9edbbd1821acbb82fbdb82b90c81332ad76ce960ca