Malware Analysis Report

2025-08-10 21:28

Sample ID 240527-w5wyesee36
Target 7a184fe527f201053e16808528c251bd_JaffaCakes118
SHA256 a630193d61194f0c877212344d32876d059a4004472777363dc77062cfa8ab17
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

a630193d61194f0c877212344d32876d059a4004472777363dc77062cfa8ab17

Threat Level: No (potentially) malicious behavior was detected

The file 7a184fe527f201053e16808528c251bd_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-27 18:30

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-27 18:30

Reported

2024-05-27 18:33

Platform

win7-20240508-en

Max time kernel

121s

Max time network

127s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7a184fe527f201053e16808528c251bd_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3F68EC21-1C57-11EF-A4F7-5A451966104F} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422996520" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b000000000200000000001066000000010000200000006a036c13c730b9fd86aa695ed8748b16b885d5717183ac9fa474ad1c2234f43c000000000e80000000020000200000003da325b1b583b152f16bf5c01e1a0b3e797c113aaa4f4cc895e27d7f253ea8af20000000897e0d6865a4d1b43d276d1a82ba9ab89df7d699e14804e661acbff653da0e7d400000001c8cee0b86323d7996e347ce798e06796ec6ce16c851b0fcf5b99188c398ffed8270dc48144183f0ca8aeb44604ae00e87aa879cc57d683c3ccb8c0ae0b0e6ed C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b0000000002000000000010660000000100002000000080c38fd2c0f655d70e69ba4d9f17bbfccaf331e850a4991f510c19860ac5ecac000000000e8000000002000020000000c6bf4dbf197de2b138dc4eb5dd32a43c15243ea2208e13fa6bb0ee21e886cbbf90000000eebd8f80895d9654b486653a012bc25991aec77634fbb15a88ff235c0cf9a153ad4146b3dc3486720af49784a5f7399871b903a7b721e944328acd56296cb64824ba03c1aeb274e99e14ef2557f66bc09efc91465c569992d2001f4f580a65c4bbd1a06483dec84e61bf75a0d59f20a5383a606ec61630107b660026c1444e9145230a536ca523bc72f1ae0c19a152e340000000317179347e0c3e093ae6ed065dec12745a9e7c116f6c6673b077037a6a75a440cba8ffa7a248f4ebe766fb89dd2ac170bcb0370604dcfdeb465d69f90fd533ea C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 807ef11464b0da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7a184fe527f201053e16808528c251bd_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1252 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 buro075.nl udp
NL 84.244.165.144:80 buro075.nl tcp
NL 84.244.165.144:80 buro075.nl tcp
NL 84.244.165.144:80 buro075.nl tcp
NL 84.244.165.144:80 buro075.nl tcp
FR 216.58.215.42:80 fonts.googleapis.com tcp
FR 216.58.215.42:80 fonts.googleapis.com tcp
NL 84.244.165.144:80 buro075.nl tcp
NL 84.244.165.144:80 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:80 buro075.nl tcp
NL 84.244.165.144:80 buro075.nl tcp
NL 84.244.165.144:80 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:80 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:80 buro075.nl tcp
NL 84.244.165.144:80 buro075.nl tcp
NL 84.244.165.144:80 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:80 buro075.nl tcp
NL 84.244.165.144:80 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IO0LJX84\wpml-language-switcher[1].htm

MD5 4f8e702cc244ec5d4de32740c0ecbd97
SHA1 3adb1f02d5b6054de0046e367c1d687b6cdf7aff
SHA256 9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
SHA512 21047fea5269fee75a2a187aa09316519e35068cb2f2f76cfaf371e5224445e9d5c98497bd76fb9608d2b73e9dac1a3f5bfadfdc4623c479d53ecf93d81d3c9f

C:\Users\Admin\AppData\Local\Temp\Cab3B2F.tmp

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\Local\Temp\Tar3B90.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 38cac1ca746a7746884b97378e266407
SHA1 2ecce810896b5ab0efa4ddc6a32c6e0f046da857
SHA256 384d5b34f03dd61acb72fbd96ec64ab187d1559ae65cacaceee219520f81eb3b
SHA512 a4a06360dec05e382d92d97cda343120013d4f380effd085b5b51c7c74fe0fb6badd31b5300f13a906376bd0b8998edb94d6c8bd6ab8e36276a636a7c5b9906a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fd590b69feab4ffc8f72111b87398192
SHA1 4a216e10af50d081bbe348150ec6ec9b1e5fbf6f
SHA256 1223bfc254a1f9381ca79b5d210c5ce85381425de4554d1bddb499faf7ac8ea2
SHA512 345d1cb9db1bfd440f2034fade87e6ce65acdaf9210a04066f8f2d671c1262ec07a5da9d2123150efd92b0f3ad26145d38bda13732663b6a8255d0221f94727e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 13b63e860cda01ecd0933abcafbc7b78
SHA1 6471c9b4bb318e829d174f50b0bd4759137ad54a
SHA256 339bd189958d999b8f45f34919c525ecfdc65a212098695ee5c89ea9188212c7
SHA512 588ad27c15c47f09e0ce9f4c552ec93092a1da92de960ac42a19f497822369649323c57e5bf8c9a87c44a18021a49678248b4c5e54b1919572030fb9cfab06db

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f4d0c046b7fbb4c9f4c42c3459962b90
SHA1 ac62f7697f996bc87efe8fecfb72ea49534fbb5f
SHA256 feef84e400d5b03ca323bd40010aeba23071b93d0893c5adcdf238c0abad4329
SHA512 c1bbe4aeaaa8969407f6cec3d0a850c56d5ae31a4c516103e21d57d80f22ab9c01f783092f6b84410b342d75c814e30870b1b683167a99bffc40cc55d9803ac2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6cf89bcc550808aa99de41ae115184da
SHA1 995cf8b422c17702cdea71830a3a725e43a5070f
SHA256 6dae0ae3ecedb35e800c02bf702105444f970513dc392da0f65ea5a01b234ad8
SHA512 fc473574c8ec0fb55ea28170fd47c10d02809b57435cdf05e26189bfe83c5dbee24da5aac6f13365311f257a2489dc6efa92a82ebfd2e373d647b4aa07bd3f85

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5236abeefdd8083c1136b227d4ff4b93
SHA1 9eb8568c0e91e7516d16eca4d78c5a7d138b302f
SHA256 6e2bf90123ed62f653508f21b5f98cf30e91ff75850c05aa0ce3fe52b4ab5169
SHA512 cc2835e857c1c1312ae22229147b12ff67644d3d44864fb858e36a9ddfb2c7e60c6d2139dc5d3571e3da9b12b1bdc8c6cb2a5560fb23ab075a9957bf10950515

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 64f3952ed2a4b5ab96928d95a573277b
SHA1 5b905e87b1f1b83071e79b9a1a8a17613c1241cf
SHA256 b24dc0f64239f4487cc41d5bbfd0eecb81775049b0b853bf4f85bd964eca5197
SHA512 3f3cb7af92d6b14fab439a4e1a2874ae2224b66d0ab24df313bbdff58ee8f1e6fe6060e1e3795b8fd5ec429a572b91a31fc5ca22912696544637dba8e80129cd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 350f98eb8a5c557396d1a123d38d0b8e
SHA1 e312084f9e2051d9b5f0f3776ba64c8651c2fc8f
SHA256 adb14dc2b91607d1a4a8bf9c56c294025d3e1aa81cd4fc442ce882546e6cf924
SHA512 24a84649e2e3e489750309a170663554e99ee37bd2c616692adb2a16278b87d7691ddb585badf4f98ea36160d04728ea7e6952dcdcc0024a99ceb15ad30c1051

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 34850d9d363f92601f93a65e98d3d997
SHA1 22a3355d53af0dd70a43204bd11635efde1c07db
SHA256 e2457ee293b6f911892a3d32ad8dcfecd3053ad8b72e5ba236548ccdd14595bc
SHA512 6b32f95f224b3a9196d8d2b041780c131433d6c2fde360403a021e274f9f80f13fbb13ef95a8c0a4a8e6d53bdfe27a657028f53ba18c85ea943bab6522ee6a94

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7a9cc0ce2d8aa27c0c79aaffb4289d90
SHA1 3325ae43191aaae522ac8f0c4404c1ca652e9b20
SHA256 24a10b1e964ed853a70b0cec6952cb159292930b4813d4e8dc88bde53592dd30
SHA512 bfda8b58e176ab0e7a0ad0e696c6e7f5f15bc6a44de1439fa9a7bdb0ec4e9d3318217dc18d95852c743515825f5c49b33f69d63890646415637d6012c19eebec

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7a2ef2384eff5ff12d01b507580fb4d0
SHA1 a63eadf6ffd2682033f0a03a9ddd4c9387371d4b
SHA256 02713add57ca2293b70f45af052243c635804ba0a11d74f8b961d7f625baa9cb
SHA512 a05d03eaa23e0253529b51c149e0dad979362e14b53906ed1da9d951f3e5321d9816d4a641e0324e34d2e1b074bc68b18469e74bd92023455e9b00280d2d3f39

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b93174d366360cc5ed9fd2dfbe3a2f69
SHA1 258215bf1676ff8a198f22ca3596fa250904b589
SHA256 04c9239d22efc019f4e1f2507ebef85109b790109333f2f3d35bff2429a00754
SHA512 2d96ad952fc670ad7da2098b323aa034a488312fd0aa2f563fa16bf86d47b9accbb21acf2b6e0a0f327e169d9b6f2a62c656ef6cb997aa47416ccb263fd95b7d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ae135c4bacb5e6615f1e774f05d717cd
SHA1 61c4c1a61e04a0224bb470cb5297ed6186c5573c
SHA256 67835b74ccc9a99ab2ce09fe351fded8f2472117c74371229de8064de950a75f
SHA512 4ef80e3402a5259c289586e4ddf8b15e4907b1171d97a14507d939917ee9fc7058992e2cfefecb32b8e9ddd6ffbd333af6d287f670072a7c653f48d09a4d3e78

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ce64185bfb7650125869d13137bc9c93
SHA1 79a9a09a325bbe83b1a476364e51f7a32d5fd126
SHA256 b91229142f1be129e6250250cc40c65858c85c5f86c93897d25ddceac46a0e60
SHA512 e01166363bfc945b7bf8bfdfac63f4394a31c4bfefd41876676fc63135830deec7bc5b8df77c6d91f5e1faf45c35aefa213214ecca283f2140d8ce91ff2983be

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1e233f250cbf064517651518f7b094f0
SHA1 91fbdd10e722ff261df8926a07481fe83970f736
SHA256 c3f8758d45d0f10385aecba59f194eb7390bd4e5f9c20266119655506f5f1cb1
SHA512 d305b9459a71b2973eedb73cfb46662dcf3c7262cfcdc3ebfb2a92681cb2e0ba1e11f5a61d6de5a83ee1b745b815701f7ec796cf7f320e8508974471c998c957

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bac2d994aa240f896db8c95225566fa9
SHA1 d5fc07a6ee7426a966baebfd51b653e4a4215a7f
SHA256 a6ff2b1ae8ae41c2bf6f318fc65afc0d2b167f62058c5d19b74e890753d77bd6
SHA512 44be5a6c88a6976267789e8e8bd800d38b8e2f50dbf1ee00ac93ee253f3f9513d79c5d945799dd3c5e0d495d6f734ad60e593d1866a366281bb220cd33017cf8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0ce12b131b70d6a7d062ccc1e4aef8ba
SHA1 fea377a175fa327de9813dcd1dc32f8017ced14c
SHA256 4e6706d0169be05940b092a6b186b5fccae108dff27daeb36f8c209dd3bf2035
SHA512 5e3218b28fa1534ac64b66eeef36bb2cebf21639026ee7d8e7a9ed75b6e5c72c8f5bb9b3e4b472169b6462a0c2080463d3c53cdc0a2afd151d925356ea08b56d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 78b998fd02f8dffa770c1d79bf6bf2af
SHA1 b9c79404ae2f9e9d17345d82d256887bcc96f296
SHA256 66c4b32583b28545f9523b2e0073b507fc2e2ec547fdb46747ebb96c30e492e6
SHA512 0731929d6179be65cdea660603a2f030860d5f4c8bb653314c63dc45c156e73436e61a3ba65da4df98c9a416ccb73a0c7941d53736ca44eda29a90034b69442d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 46b1f6ece1acf1621da1ca6413e08572
SHA1 99c73e17ad82836cef5336a21474c1f7e225a434
SHA256 65abd29d3fa53c1f331426c4c231788c202948ca44fa53434be3dfdce2041580
SHA512 4c6734472eba73378028486462ddcfb21250493d83febbe494a430ec3a82284141230cb0ca0cf080941d97ec377177e25c32ea889d4d2bbc93f2f300250f6e1a

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-27 18:30

Reported

2024-05-27 18:33

Platform

win10v2004-20240426-en

Max time kernel

145s

Max time network

144s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\7a184fe527f201053e16808528c251bd_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4744 wrote to memory of 1280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 1280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 1220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 1220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 1220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 1220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 1220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 1220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 1220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 1220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 1220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 1220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 1220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 1220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 1220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 1220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 1220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 1220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 1220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 1220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 1220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 1220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 1220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 1220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 1220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 1220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 1220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 1220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 1220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 1220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 1220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 1220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 1220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 1220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 1220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 1220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 1220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 1220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 1220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 1220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 1220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 1220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 8 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 8 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 4936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 4936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 4936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 4936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 4936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 4936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 4936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 4936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 4936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 4936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 4936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 4936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 4936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 4936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 4936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 4936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 4936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 4936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 4936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4744 wrote to memory of 4936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\7a184fe527f201053e16808528c251bd_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff92b3a46f8,0x7ff92b3a4708,0x7ff92b3a4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,7264944641922411082,16154311690644676712,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2228 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2200,7264944641922411082,16154311690644676712,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2200,7264944641922411082,16154311690644676712,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,7264944641922411082,16154311690644676712,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,7264944641922411082,16154311690644676712,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,7264944641922411082,16154311690644676712,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6004 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,7264944641922411082,16154311690644676712,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6004 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,7264944641922411082,16154311690644676712,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,7264944641922411082,16154311690644676712,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,7264944641922411082,16154311690644676712,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,7264944641922411082,16154311690644676712,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,7264944641922411082,16154311690644676712,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5736 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 buro075.nl udp
NL 84.244.165.144:80 buro075.nl tcp
NL 84.244.165.144:80 buro075.nl tcp
NL 84.244.165.144:80 buro075.nl tcp
NL 84.244.165.144:80 buro075.nl tcp
NL 84.244.165.144:80 buro075.nl tcp
NL 84.244.165.144:80 buro075.nl tcp
FR 216.58.215.42:80 fonts.googleapis.com tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
FR 216.58.214.67:80 fonts.gstatic.com tcp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 144.165.244.84.in-addr.arpa udp
US 8.8.8.8:53 42.215.58.216.in-addr.arpa udp
US 8.8.8.8:53 67.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 www.buro075.nl udp
NL 84.244.165.144:443 www.buro075.nl tcp
FR 216.58.214.67:80 fonts.gstatic.com tcp
FR 216.58.214.67:80 fonts.gstatic.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f53207a5ca2ef5c7e976cbb3cb26d870
SHA1 49a8cc44f53da77bb3dfb36fc7676ed54675db43
SHA256 19ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23
SHA512 be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499

\??\pipe\LOCAL\crashpad_4744_FOONNBSRJGFXIQMW

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ae54e9db2e89f2c54da8cc0bfcbd26bd
SHA1 a88af6c673609ecbc51a1a60dfbc8577830d2b5d
SHA256 5009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af
SHA512 e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9ab416163b79860ae2819edf30912fdb
SHA1 1c7267eca234e975c92c321c90d6173297c50ab4
SHA256 c14201517bd5b57fc8020336d0c24deb27fb7c9463512ed5afc713aacd6bc886
SHA512 0ada2c8b82e086e35dcc20134a3dff612c057ee50fe7246282429d90015a296a1b777e9f041d4dc5aaf93c95d077487a87936c6e6836d3f426a9a85e845627c9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e66d25291e2aad06bf1d6263fbe65f06
SHA1 c26f524480d7e64f941dbb6a7b567fb58685ef14
SHA256 c14c3ea7484b2cc3c24a31adbbcc6074f01ef72189d996c7831a34835a228e24
SHA512 70d49f5e5191336772b6b59afa74763f04b61333322e27df1f2c04828afda02bddaa713c920c5c9b7adeb48ac3bea554dcc7c99cb67ad49619ce97b9b30de169

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2c96f0d36c92febae56e1c029aee9fcd
SHA1 e0116d303f6409baed07217016dfc9be709c7da6
SHA256 5ca0248363bf6094791fd0bea2f6b9d670b920c1e985229b56636d475eff83e0
SHA512 d0ec0fc341accb1644f252321f80269a992af62295a7a6c4eecbbcf9d5be6cd9a9a9b2558df8fd666a9ff8b8ebda11706b78d123dd318c10c4e8d48c317545c2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1755250d31bb8da01d8d82457ec2058b
SHA1 8bbfc9d85281fd9811df16b7be1034a7f0e5ac98
SHA256 b55dbc53d12d453896795bc0a0147781e4a00624d4dd5365f8069a2446be9aed
SHA512 e136fc2dcfdd087e538d596d7f088885b00fb07bea67818706b43af9b24bd01a564edeb1fcc3c42b24ba4d062d5eed37988e94954a40a297e527efdec0368ccd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 efb3e41ddcb00d4e436d59962fe73c4d
SHA1 4b9f2cbd664cf2136cd6966774f9ee04b4efa46a
SHA256 edc776d59064e412098066a07cba55cbabb1e7d18534e1292d34003961ad3bb6
SHA512 85a53139125a0e589b222ebee00d1c593eb24c8059b9f3f86196f8ef346cf7fc988493bb6f5cebf7aec2d0debc5017eff291b04e8aa37180d1ec5a6e2bb362ba