Malware Analysis Report

2025-08-10 21:40

Sample ID 240602-25am3sbf39
Target 8fc18eaff28ab34c3285485349d29561_JaffaCakes118
SHA256 30d4cf8bec948444a0193ba0bf50c085d4aea0b56967ed94e0baaa79e6f002a1
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

30d4cf8bec948444a0193ba0bf50c085d4aea0b56967ed94e0baaa79e6f002a1

Threat Level: No (potentially) malicious behavior was detected

The file 8fc18eaff28ab34c3285485349d29561_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-02 23:09

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-02 23:09

Reported

2024-06-02 23:11

Platform

win7-20240221-en

Max time kernel

120s

Max time network

128s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8fc18eaff28ab34c3285485349d29561_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c04a0afe41b5da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003d15afccd9b0d2469d74c864a683ff7d00000000020000000000106600000001000020000000681a2cf5568bcaa84cdfa58c0593b74eb8b4e5e2bb605b87e0266e23be11b938000000000e8000000002000020000000db872d7c821870b080e023e65b5169429cd5dc3e2f917839714176b91a888b649000000058b6352c018f628a81e273de860f8897a3d065df5ab724e6cadc0232b828ba2f5a2cee0c54bad4ecf7dc9a91d7adb116167f877e39390de6e03affd51f8d1f7b6713bf59bf121cb2da294d2a0397e125c144d944a747e424c8e5c7b00ac006b8ea6d68c0c24d5c184b1fa37610812777d6da29ca10bb03480cbe73b72ec0f1cffb4aa01252d263e66bb67d1bee50563e400000004ebbd5f05554817adb22ef44043c71b164272d48d1dc828b0980cdfe69f9c961114f4182640cfa45f6db0a00302a7ac02db3474e33093f5e7398e466314b54a5 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003d15afccd9b0d2469d74c864a683ff7d00000000020000000000106600000001000020000000c9ac7f283b763a23de3b1bcffe920f2b5acc55dd7ecbfb05197d5757f00ebaf5000000000e8000000002000020000000dfeb27078430061d12757dbb30b3a50c3355cb03570402b5e7d001c11e6ec43b20000000273660b9b89d3aa10562a116e010895b32f96ad13a7a771e34a83f30e5d74d5040000000fb150f7301df09ff7627652e61c848d0da0f597745a3c4831b7a6b9b6fa71bae5f33bf27d00c404ef26103a33c66eb3b9ea0364082878be36c3ac6bfdb3cb86b C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{26F79DC1-2135-11EF-B012-52ADCDCA366E} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423531632" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8fc18eaff28ab34c3285485349d29561_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2040 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 coinhive.com udp
US 8.8.8.8:53 www.gravatar.com udp
US 8.8.8.8:53 saltworld.net udp
US 192.0.73.2:80 www.gravatar.com tcp
US 192.0.73.2:80 www.gravatar.com tcp
US 192.0.73.2:80 www.gravatar.com tcp
US 172.67.166.97:80 saltworld.net tcp
US 172.67.166.97:80 saltworld.net tcp
US 172.67.166.97:80 saltworld.net tcp
US 104.21.57.186:443 coinhive.com tcp
US 192.0.73.2:80 www.gravatar.com tcp
US 104.21.57.186:443 coinhive.com tcp
US 192.0.73.2:80 www.gravatar.com tcp
US 172.67.166.97:80 saltworld.net tcp
US 172.67.166.97:80 saltworld.net tcp
US 172.67.166.97:80 saltworld.net tcp
US 192.0.73.2:443 www.gravatar.com tcp
US 192.0.73.2:443 www.gravatar.com tcp
US 192.0.73.2:443 www.gravatar.com tcp
US 192.0.73.2:443 www.gravatar.com tcp
US 192.0.73.2:443 www.gravatar.com tcp
US 172.67.166.97:443 saltworld.net tcp
US 172.67.166.97:443 saltworld.net tcp
US 8.8.8.8:53 gamingw.net udp
US 172.67.166.97:80 saltworld.net tcp
US 172.67.160.162:443 gamingw.net tcp
US 172.67.160.162:443 gamingw.net tcp
US 8.8.8.8:53 i1.wp.com udp
US 192.0.77.2:80 i1.wp.com tcp
US 192.0.77.2:80 i1.wp.com tcp
US 192.0.77.2:80 i1.wp.com tcp
US 192.0.77.2:80 i1.wp.com tcp
US 192.0.77.2:80 i1.wp.com tcp
US 172.67.166.97:443 saltworld.net tcp
US 172.67.166.97:443 saltworld.net tcp
US 172.67.160.162:443 gamingw.net tcp
US 172.67.160.162:443 gamingw.net tcp
US 172.67.160.162:443 gamingw.net tcp
US 172.67.166.97:443 saltworld.net tcp
US 172.67.166.97:443 saltworld.net tcp
US 172.67.160.162:443 gamingw.net tcp
US 172.67.160.162:443 gamingw.net tcp
US 172.67.160.162:443 gamingw.net tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EDQW9R5V\6128162e0ab80b6aaefd01d25ec9fefe[1].htm

MD5 4f8e702cc244ec5d4de32740c0ecbd97
SHA1 3adb1f02d5b6054de0046e367c1d687b6cdf7aff
SHA256 9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
SHA512 21047fea5269fee75a2a187aa09316519e35068cb2f2f76cfaf371e5224445e9d5c98497bd76fb9608d2b73e9dac1a3f5bfadfdc4623c479d53ecf93d81d3c9f

C:\Users\Admin\AppData\Local\Temp\TarDEB.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\Local\Temp\CabDD8.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\TarED1.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9d7ccf572ef7cc4263705b59e63f1ef3
SHA1 2456e98d71983f3f9a33b080e962ba08874909a5
SHA256 672cbc3725d59e3c184a6cd49925875df409f899b5cf0b4be9d4017eb03f504c
SHA512 7ea9649ea44d4de73e9833cc539aa80d375ca550f57d2171857f5811e9d5f9400bc00099a618f7e469cdcbdbdf6284f9df3708f425cf7c651bf0746153c854be

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 beb234a6ab217e18be01a7b6f4740618
SHA1 320e2745387976ff48ec75ae5c550275118dcf38
SHA256 a87cd9af028606e6a162805a99eff86588df4b428901882900dbd9d6e6bf36a5
SHA512 3c488fae774ee1d3306a44731d27a94ceb3da8c4970d91b5fe07ac90a61eb159c8361a8e1fde599dd5fd18b08570a879dd3a0d3d18c3d5db644283a03377d2c9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25

MD5 a00d168f34ae3bd5097182ad600f0978
SHA1 a209035e30c03a0f1386206fbac8f7914015a813
SHA256 c93e11accd79f754c4393c2895c8bd72f20387ad161feda58215d306f527926b
SHA512 bce45edeceba1832a91be72c128296529946a4ef25a3acac77bdc52b022d21e674f1fe62dfdf72acc3e29bdacec90c6d3b60d957c7c005000f7fe58743cf14c7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25

MD5 76d4d147245ce8da3cf3a4aff0bc5611
SHA1 edf7b96b65cbe3e3ba82799502871c790d9ebb78
SHA256 46d3ed9486f6c000d1e52b27979054fdbd340efe906522441306ea0c189276b6
SHA512 631a6e44a0b135335bfd4cba07fdebd7bd688379f4012b0d3219f36680d1b735572e69601c631d9a1137aa615a4afd3bb91087d04bde887bd1a1130fe46c5dd2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90

MD5 3c5d8d027f7a642993572cd779d6a5ee
SHA1 dba305183c1a8fc3dd8ce201ed4a0aae09148807
SHA256 e7ccadc568231bf5051585334b92ecb4b8391b1a022775a2b04858c6b2741c07
SHA512 9142c3656373e648b9d4c6033ab9f5e4c5bcd8b9c735e965b9cec08f68f075c9f58347bf04201c28473824e6427c2fb9ea9a9e6ea43ad9eb3cd0fe90c41474f5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90

MD5 61c060748daca8556274bfabc587f30e
SHA1 05b5c3bd691071c2071f7864a15ba98f60cfacfc
SHA256 d3a4273f83db93b4afe9c06918806d71e6268a4b8b41cee65e047cfaa1af548f
SHA512 5a8566c72fa10bf6380096f57f5b3c638e347d4b40adb8706a50f84095d0047c39e72f1fe413f05c819cee4f84b6208d9702e2cbdc2f52e22321bb204edfc4ec

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cfb93604332c838e7d2e50752250535a
SHA1 bbbb1055643963a593e09b2fd98cedb74117f212
SHA256 721e78ce5394b45f2713a956e4252218df0c7a153697a8871043df502c935a63
SHA512 fe46eb9ef243bfef05a18e83ab08c5b68845a762c0095eb42a951dcafb1fe5a3a42b54206030039e72168ccf951aa8bbae624f0c9e4e03752e315add8d2bd744

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a2862b9c6e09368c0fc91aabb9e94572
SHA1 85658af63e3726e62a24ef210d02890cf8cb47a9
SHA256 692702f62181aa4c9f3b1f7f2cf07aa2902f10a02d0a2979d59ad68610a47a85
SHA512 279ff706051f9bdfd58f196e38c9d80555f6741e0cfacff677ed847175fad3ace42ce6c10ad00f715216ff5efdd5cf7d7c07f27a160321b68de1992543fa786f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8f4108de34799fea82a608fa4af03438
SHA1 7731f933db56b876d6f2add442743b1f85a2899d
SHA256 d7df0878cc24ab4f611be6f4e269ce2c8065d41ed15816af40726b2ec3e10ccf
SHA512 90e98d86a8430ae2bdb45991a7ce5c9e0abece91529007dac49434d547ce240091a60c98635b10c6eec5e4eeab21c16b7d6deb87b16e0f5991dde7be64d7f696

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f596f609c869f851fb156f12a2045533
SHA1 8780dac91e4379f95694e4c087edbdddd7c010d8
SHA256 d4eb70cc31fc1ef3057c6e1a8c77df2b001561129c900bd40f909035b98e2799
SHA512 cbe2f8400a224bdc52d790f994b18099ab01bb6a63f8bac506efc2fba0763b7062a15bd9b789c74dcdaaf92480c24cd4e6c987e030cbb1233f5afaeb0e0d5345

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3a82249e50ed0d6f92214dd28fbd447f
SHA1 4be39f2aa6419ccdd0d2039afda3ab89af5da674
SHA256 908dcbd4699191c9eff4a6ae83b1c02d04d8cef8c2bfae3b1195281e8d335263
SHA512 8642b7229efa027ba7fd05b9f87db1f2d047aace898d5f40d8b258cf4a92f795cd4508f21204f035346c780ee7bfbc29f7f9205bf18df93a939adc90a9dcc27c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7fb96d693178843f2cf1688f128a03fe
SHA1 bb7a35e443e2654a63120c1d420e0e7a80288afd
SHA256 902b96f5db06826a82665003d5d2fe2226deddf70558fa0114cdd80793921189
SHA512 0e4dd05d7d6f0a8ac40daa18aa244d0d31c0114e900e420350c72fd0c73e83bce599c8a30afa76931f04b947d24c76f55b3edce2618cb279e45808544170249f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a9bd1a93da0d9617ca09a29c2b16c8d6
SHA1 2696268ca5e782986b8c97aecec885fec61aa2cf
SHA256 b52eadc89b2bd6a3ac2c490c3b4d2f4e1914d67b253a6b59bab0e99b603a13dc
SHA512 5ed8f69545fca74bbae27ea41e2b54422b7ea63f497c7f03934d63f529a2130911ee32b92d6cb26b53a270412dc3061d30152b5c72aef4b50c2c5530f3ab502f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3b6e218b3e7a33614f64df151b5f7c5d
SHA1 7a9f4c941346e31317bd024274a5d1e41ef040b4
SHA256 ab06400b6a849b6e3b5011ac44882cebeeceb11e424bca12ddf2ab7b42dea6d7
SHA512 69d9077a638a879a1a5691b656b8defaf6cbc2ca41788f5a0be90587dcc452021f3707bdbde34bb31f2653289bffc37e93008ffc548e4f0b8d6c692f56a519a2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cf1b9886073d618565220a027d41a7e0
SHA1 563c8d1155f44d78f0110129b743db6359cddc7b
SHA256 5c1ace12aa8a8fb85e0bc50754f4bef30d798683caad76147b369e8b44edd3e8
SHA512 d8dc73b5d48eb5c76581dfba393c3b95a1713a777586b89377b35699854207a13f19eae48832c6b5cde4d6f02e4b994798dafb935f0ed59bc91593e295bddf90

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0f09bd9f1a47f71c35cf2586726e14b1
SHA1 0402e1801404b267af67a9339d9d1f3486f3c2ba
SHA256 994b15840d472f2bdde0254b11dc6e14211f1f9c747d70f387c54c49ecd6506e
SHA512 51aafff4ea6c0f400e309e5b2ef1a7766855555962092e6f7f06d531f60f907d9d52b4e44d7687f7026c7b99f515fd88315fafd8dfc40e2c9c9ca5c52e4a2dd2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4d1218714c6d3370ac67f9ca0c3754ad
SHA1 e0a6e99a751ab7855d76e6429b1cadf23b628954
SHA256 735b2895495670f1a5882d19cbe96bbc1485ace925ceaf88b339e9cf83bf1ae8
SHA512 2232f60768a94a29c8a1ea45df7b6758b058b5883096f798234ed472c56762ea2f46f9df91040503a80dba8316721bc49fbbd10b8f013a71ca1305da9259ef73

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 0399c1273757d3d2ca1f6cf1f8d99295
SHA1 b5d1e29299a5334d9f05aa9ca8c7cfb0b8782e1c
SHA256 64a97a1d13ff021d37437fcf75e18c12307510330cf1db57a818678c935f9503
SHA512 c7dee245c419ba0ac0d43dd9d559d37600b01f4b7e4c43e38429d0091fe9d0420a12b35b269bcd294dbfd8657ff4e02ec291e332975458ec46c2bbc7af1e3159

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dfa1071d7d38b7a5c18b37d25c2eb098
SHA1 5aea38b9d5f58d1897d8278571ad54548fd1ea3c
SHA256 c86836fb526e8afccd58cf4380b92295061128c2073e0a92c3ecf8e654027155
SHA512 1131d4a5a589ccb6ea5b48e27c1df2c39a7c35f7dc937cab43dd383265ce9f25ee93150697e9d0139d097d6ff77a444a42e763798b12b155e66d8f702717a95a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9421ff94335f8e24aa4f32a3c847339b
SHA1 b0675db127d7c8e17eea79d132c91ecfdd7c1691
SHA256 a137fb192aae5e1b97da86b726474c5fe88f1985f166a0dca54af664124650d2
SHA512 0d01dc7ad7b3965a0768a5e9d60cedcfcbed3e958198d496381f5cb8b574416e2393be8a6351c2bc84dabd2a3a73315fa80c0975d9e636ccd6475a0730ef7f73

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ca710dcf540260960e0777372f9ab204
SHA1 ab03135ee1ed4cd884fcf307557ff42cb3ab72f8
SHA256 67eabaf727274157c0d5b1410372a1bc5ed098a103d9ef9ff76d63ec3a67dd23
SHA512 6f107496d414f0c3457603fe7a3984216cd4515c846bc11c4bd5f06b3ee3794e29bfec9ad4a2de2b53556297d1886c527a822d1e5f307ea8fe995c56c58afdbe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e4d159491034c13590a19c5e2cf4b605
SHA1 3860af1b39fa0c24a7ae81d70b730ff66f0ec0c0
SHA256 f5b66e068ce81075ce7ab10cf3ae867e86a7c891e937bfd4ca2e329b1a302548
SHA512 a959c1032920c9654226cf7c32962990602ba30c3456fa82e9405a159aafc0e7798bb743158a397059de9a92407898d8edf9c91ad411e48f0023e5c6da36a584

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 56ccf27521a9324e8dc2c1b49d4dc06a
SHA1 52b8155b6e36c8d824c72395c69f784d4e84299a
SHA256 daf924b30e9181e3ad3b06a2dc1ebe038a595d41e9da6fe336fe54d434c5ba5f
SHA512 ccc0cfcbf3dc36ce2cd594300a33946e18cc36acfa311c053501d2e9b2f7ba32b419e73a314c3f87fd2b445afc4d1e65fbaca941cac8b262a17358f068fd6d5f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 5db3dd9e17e6bf03a246b41d671af95e
SHA1 437e8bc510e01f56b70bd74a186110b35fabc2a0
SHA256 1c252653a7bbb2ea5d5b212a702037ef1c602a2d24f5a3cdef27c66ff5b8c43a
SHA512 1bdc151d8fdfb6135208c0a72107f03041b497e961d34aed97cfde360bcc891721376aa7118f19094cc0b339348831612f3e69d7b41d3e6b711e11fdb6f5c229

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1e3ccb66cb5495dcfed6e5004c1d7160
SHA1 7d49818c6da1c3bb9a7593aa3c486b99c9b79c90
SHA256 269e1ed8986fa090b720fb590f5a8acb99ab0b5db6c8f295a75887821d62ccfa
SHA512 6f629cdc00b7ffda051f610cd43be3e795b1f4d03671fb993f734178237ccb554b782e631fc6636fe9b4106aac236aefec37d2cb9ec07970b891f17a4d0a48c8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 726b75ab6e7ff40a96f680781b5f5f49
SHA1 0c94332b51edd3294d02781abc6f189e6d99a2fd
SHA256 ac605204667a90bd32551cbdc7790717dbbcf4df84886b8df95f3c4e9d7d8355
SHA512 4ab9f77a1d9c715876d50208a95d2f2e8ed3fac48e05d78939b3e60a3a50375c6a1c9d0ae30397b9b3fc4783c5f4897a0e0825bda87277ea5d12bc899b61836a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d8db804a320dad249e42d895011efa40
SHA1 4f123e498c14f9b66b20355e11d0e80fc82e4705
SHA256 c4cc21e3e7a901af40f48d4fdd72d583dbca39fce21cb6bfb5203f7aebb230c0
SHA512 bc886afabcaef4436ac3fb1974bc26b85130b24b0e93709b2c6ca6c7b8a145cf56c9c2cfe07248a79f33a5c4d8859c0fca7458152d5b1d7a06018f12e48e8e97

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-02 23:09

Reported

2024-06-02 23:11

Platform

win10v2004-20240426-en

Max time kernel

148s

Max time network

150s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8fc18eaff28ab34c3285485349d29561_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5032 wrote to memory of 3632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 3632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 1280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 1280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 1280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 1280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 1280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 1280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 1280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 1280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 1280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 1280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 1280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 1280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 1280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 1280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 1280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 1280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 1280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 1280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 1280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 1280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 1280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 1280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 1280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 1280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 1280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 1280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 1280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 1280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 1280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 1280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 1280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 1280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 1280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 1280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 1280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 1280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 1280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 1280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 1280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 1280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 1768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 1768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 2576 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 2576 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 2576 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 2576 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 2576 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 2576 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 2576 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 2576 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 2576 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 2576 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 2576 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 2576 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 2576 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 2576 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 2576 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 2576 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 2576 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 2576 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 2576 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5032 wrote to memory of 2576 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8fc18eaff28ab34c3285485349d29561_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffee5d646f8,0x7ffee5d64708,0x7ffee5d64718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,7990739416771078748,16218396756296821706,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,7990739416771078748,16218396756296821706,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,7990739416771078748,16218396756296821706,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7990739416771078748,16218396756296821706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7990739416771078748,16218396756296821706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,7990739416771078748,16218396756296821706,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5400 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,7990739416771078748,16218396756296821706,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5400 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7990739416771078748,16218396756296821706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7990739416771078748,16218396756296821706,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4136 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7990739416771078748,16218396756296821706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7990739416771078748,16218396756296821706,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3920 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,7990739416771078748,16218396756296821706,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4972 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 saltworld.net udp
US 172.67.166.97:80 saltworld.net tcp
US 172.67.166.97:80 saltworld.net tcp
US 172.67.166.97:80 saltworld.net tcp
US 172.67.166.97:443 saltworld.net tcp
US 172.67.166.97:443 saltworld.net tcp
US 172.67.166.97:443 saltworld.net tcp
US 8.8.8.8:53 gamingw.net udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 97.166.67.172.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 172.67.160.162:443 gamingw.net tcp
US 172.67.160.162:443 gamingw.net tcp
US 8.8.8.8:53 162.160.67.172.in-addr.arpa udp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 172.67.166.97:80 saltworld.net tcp
US 172.67.166.97:80 saltworld.net tcp
US 172.67.166.97:80 saltworld.net tcp
US 8.8.8.8:53 www.gravatar.com udp
US 192.0.73.2:80 www.gravatar.com tcp
US 192.0.73.2:80 www.gravatar.com tcp
US 192.0.73.2:80 www.gravatar.com tcp
US 192.0.73.2:80 www.gravatar.com tcp
US 192.0.73.2:80 www.gravatar.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
US 192.0.73.2:443 www.gravatar.com tcp
US 192.0.73.2:443 www.gravatar.com tcp
US 192.0.73.2:443 www.gravatar.com tcp
US 192.0.73.2:443 www.gravatar.com tcp
US 192.0.73.2:443 www.gravatar.com tcp
US 8.8.8.8:53 i1.wp.com udp
US 192.0.77.2:80 i1.wp.com tcp
US 8.8.8.8:53 2.73.0.192.in-addr.arpa udp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 2.77.0.192.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 201.64.52.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4dc6fc5e708279a3310fe55d9c44743d
SHA1 a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2
SHA256 a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8
SHA512 5874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13

\??\pipe\LOCAL\crashpad_5032_NJUYFAPRRBZHEFMP

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 c9c4c494f8fba32d95ba2125f00586a3
SHA1 8a600205528aef7953144f1cf6f7a5115e3611de
SHA256 a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b
SHA512 9d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 edba826073876d41de44ce6763d6e4fb
SHA1 75af21ed229025e9d0e4e0367b1f688773720df1
SHA256 fb174ef81469d6bc0df7d090410ce85652abb41d8bf0fe7a183dda9aeb7ee1cc
SHA512 3eee4edbf7871f24e1cd0cdf46f00f0142150d16727fee8ae539bb756b6b86073c53d6cac2b7288e3c17703ed8726ec6ddca0ab863be9a3aec357db248f5dea7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 640f74620f6b2f164b088e30007fa326
SHA1 624a8e6bb6a60d1ef64df53aa4bf68f59fff2e49
SHA256 4532a025d65dc40e196e4597b0500087ca783bbbb45c2b7a3293480311894953
SHA512 1d97cd9fb92503e20d791a79506f9153e75ecb9d538cbbe5f7b849c06dfb9e1f951ae1647a3cd21401cd8b7fe0c4347aa502bc186eb9d0d4ece2dc08cc18f606

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a2ac147631cf856e71b1a503e2e94c9f
SHA1 b329a684b9d5dfe9abfbdad03d43905a5936f28a
SHA256 1f4c34db2b6867d79330227f33fc7482c0ef1e0f6b8384f592498d857894b136
SHA512 456a7df36f154ce1add2755007f4aca44ab0ee4d49791f3780f715c54554b0e2f3d5435bfe2add58da0a313d57d933994088cb96c30d8d2b57f7a695ad4b4601

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 3f3ccee199fff8e18871773011e31a94
SHA1 8ed558db799b8ea190be7da13e7011df4e935337
SHA256 59c1f36cc6cd828b1d225903f31cd885fb495c4bd8a7893e9e9d6d60ead8de2d
SHA512 77894aa4f8ba67f875c122dfa3bb8808ed9ac7e3325a04c08e5adcd9e7038f7bbc6ce0cf5d87758b0210034380b11e44bc54f7137644c65d860844656ca375f6