Malware Analysis Report

2025-04-14 02:37

Sample ID 240603-jvvamahh36
Target 9108bc36420068f5dbec6f7890037fee_JaffaCakes118
SHA256 cdab1908facf9207bd45c359c701f731f4d8d7fe869ac0a5a77e9bc4a7ded870
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

cdab1908facf9207bd45c359c701f731f4d8d7fe869ac0a5a77e9bc4a7ded870

Threat Level: No (potentially) malicious behavior was detected

The file 9108bc36420068f5dbec6f7890037fee_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-03 07:59

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 07:59

Reported

2024-06-03 08:02

Platform

win7-20240221-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\9108bc36420068f5dbec6f7890037fee_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e3160c31bce3af49be20e3fe75e48075000000000200000000001066000000010000200000003717d3211d2acdd1514179e786ed0a30815c719a3c9a4413978e5e795d33aa54000000000e80000000020000200000003d410ec6a6aa3b6730183de6806537e2c601cfbec32013fae96190b97086733590000000fe90a8087e3119b17d54f10bebf574bd06a351204295867cf15ab2a46f0340cc269d2cea57d49286a8ff216831cb7ac3e9ebe0b8eed09ca944009fdd499c7043e95a91cc4d4eda1754f8841f8d48b1b2e09f3a33319d9d9eb9ea71128b7427983cda76d60cb348a75d3f15c2e6dea40bca990db49a81aeeece5a217567b220b7c16beae173cf367cba8e7b41b3a2b4d440000000472d6a203b79752bff45508e63165a874ce89c6ccfaa29b63392e120c3148aeb42b4b21fdaa0b5de12a26a0737fcf04f2c88ae0dd1651f1a2308b403f1f9a1f4 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 8044ab178cb5da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e3160c31bce3af49be20e3fe75e480750000000002000000000010660000000100002000000093de8ca99f26e52d55394e0b89cedf321e8b11155a9008970a25a00ae4b227f1000000000e80000000020000200000002de468982b8340af3061a4fdb9f6e546baeae990203165dedc0e75dbc0f5253a2000000013207b2f09b1f3ecc927029aa280bc3868cc01bc23e9750e46600d00099e2a1d40000000065bbc3bc72a2399909d8e6fd51b4a39311f5868061fd1a754df4774dba81b8889f090d523d4804754f8c463b2bbbe4bac17113a30c424cdb16178fd2ca61271 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{41F78371-217F-11EF-9034-729E5AF85804} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423563459" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\9108bc36420068f5dbec6f7890037fee_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:912 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 v-maxautos.nl udp
US 8.8.8.8:53 cargo.v-maxautos.nl udp
NL 141.138.168.114:80 v-maxautos.nl tcp
NL 141.138.168.114:80 v-maxautos.nl tcp
NL 141.138.168.114:80 v-maxautos.nl tcp
NL 141.138.168.114:80 v-maxautos.nl tcp
NL 141.138.168.114:80 v-maxautos.nl tcp
NL 141.138.168.114:80 v-maxautos.nl tcp
NL 82.148.219.136:80 cargo.v-maxautos.nl tcp
NL 82.148.219.136:80 cargo.v-maxautos.nl tcp
NL 141.138.168.114:443 v-maxautos.nl tcp
NL 141.138.168.114:443 v-maxautos.nl tcp
NL 141.138.168.114:443 v-maxautos.nl tcp
NL 141.138.168.114:443 v-maxautos.nl tcp
NL 141.138.168.114:443 v-maxautos.nl tcp
NL 141.138.168.114:443 v-maxautos.nl tcp
NL 141.138.168.114:443 v-maxautos.nl tcp
NL 141.138.168.114:443 v-maxautos.nl tcp
NL 141.138.168.114:443 v-maxautos.nl tcp
NL 141.138.168.114:443 v-maxautos.nl tcp
NL 141.138.168.114:443 v-maxautos.nl tcp
NL 141.138.168.114:443 v-maxautos.nl tcp
NL 141.138.168.114:443 v-maxautos.nl tcp
NL 141.138.168.114:443 v-maxautos.nl tcp
NL 141.138.168.114:80 v-maxautos.nl tcp
NL 141.138.168.114:80 v-maxautos.nl tcp
NL 141.138.168.114:80 v-maxautos.nl tcp
NL 141.138.168.114:443 v-maxautos.nl tcp
NL 141.138.168.114:443 v-maxautos.nl tcp
NL 141.138.168.114:80 v-maxautos.nl tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab320B.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar32FC.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 83fb5a3cf7ea60d27d248f519e5a7dce
SHA1 047b53f5e3b064914c2344a6d8b6c0c35ac8ec50
SHA256 c3c9636fbe54b3d4069ec785153ee300408f26a45263f4276e8fa0ea7aa658e3
SHA512 3a16cbf35ddc7a9158e790c17d7679b6c5bd278449e29b0567238f9dbbbd7582dd7f3b5593ed10edff0d57cfd3e1c1c612751a1c660e806577030cbbfa6f2fec

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 83120261a427523f933cf9e385bb8788
SHA1 69b5e1cd27d8389834ed383e4a0236cc0f3e6df1
SHA256 d7ceb582c107b1589d0343859fbf8b7023d527ec2ba60a2bcef42c2d73d8f522
SHA512 a49b787fadf8b1f867fbbe958cd704b10197d7c422b2f9a2a661be8d8262e63faa7121ff89d58dcbb2056db6bfac174fa47a96853bdea7d7270460678e9d440a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d90d162ed06fbc5a6435db72b6c935c7
SHA1 2ef27e6e401e15bf9203ad430969190a58d4d6c9
SHA256 1c69faf2c9c0fc2fcf47d150447d7bb3d7f8361bf11be423b13b29c17fa4ee15
SHA512 24e3a516c2e06c3eb6dbbe87e17dac5320a4f0b97757e2deb7d690261b1f0711407df6fd385e0a68934f6729eaf6ef0ff56a071331c9efbac011f04dc775285a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4e5df314f78928601a61e8b3f125605f
SHA1 3781bdfabea7265ff7dff4d521877651c1a6901d
SHA256 d37c6239fa3b7419b8aa5bdbe9c12486899b8142ca0d303a392bef39fc06f8a9
SHA512 7616c86507f58ab9867f85e4d35ed7d0d3dec446581b9237c0efa55812c02c05958a97ee46fb0eb9396c4d5dd11804841f1e6f49c135bb13b0b04a5ca24d49e6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 075bd86439b1bfd396cd9bcff0a8e48b
SHA1 4785766e9f8c8fab4ad17e0d3c61181e9dbc4d7d
SHA256 0b1d228b78a6c8015849db55426928fe79bdbf1ca262d928fa435d52bef3af18
SHA512 30d1a77a832e13c6516014281a12e8b8d66fdc27c7b60e75dcae595825755bd6d0ecf1bc2cb0761f2457c13d53fa56fd0d70247d9b6d47a4969a6ada6e1b0239

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f829a3ef58da73a3d9abd1e8d7896f6b
SHA1 b34191542a32bc82123148e1519a18ddd0278242
SHA256 ffb8c57385914bd644fcb80577c8288e6b31d1674630fcf33403c437ca044399
SHA512 4e0762becbdc83501aacc6c7819d423fa6d55af4170ff94d05895ef8e90aac706b6377b67ce14e6db69269ac5955970eebf1d6d577c34aa4f87cdee56e9553d7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b16f9cf43c6f3f9ebeb687a3f83af3a6
SHA1 8bb5f2bea08b39e9c4bcd7f29cb456ab8740c86a
SHA256 aba983bceea188915d38cff75cce4e2854706b752820618f9772f128bca26b21
SHA512 5e97c11f1c6cce870aa1a5aeb345539bee851c5fa587051e9cc8f59b2c93df3d385d087f511c0df35b8a06ea09fc29a082ed3fc0f335cb3d018f11d8b971f005

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a42336a1fab72a842519464fdf793016
SHA1 c89986e04e3eb9c11edc57f59420a509d3da1122
SHA256 fc78042a9c8fed41c52c9ee2a00b4d0957bf59e59abc57d38d3c71e0bbb309f6
SHA512 7b33d538ea860fc8ce5543cea83bf047bbe5f4d6d12e7691930007bf97291aa9b71920d4391a0cc06ab6bfd20377f6eeee2de78f1d52602190627aaa6e45dcbc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dabad666bab9852a2ddbfb93e6321602
SHA1 43cbeeccd71aa4cfb26f872d8534cf7cc202a763
SHA256 94093723f836eba36241b2db609533901a90116f05f313ce193b9529cb563bf2
SHA512 805491c6e61518c9bd40312f84a90224a62fdaf2a36cab28668ae816647b56d47bbd0ca2e46fe75dfee1cf89ef1ba382066fe0bce4d62058c2212379b0b02971

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2cad06aa773d58477dcdb18bd3d047bd
SHA1 1b31e20b9d7d9d1a65e7c47da28cb30ec5a1efbf
SHA256 57fa7d70605e7179902ad70a973dfb74158d62616cc70111ab89adfb50a7f42a
SHA512 96dea26eb627d33e04ac5957d197f653c11a1216314791230b1ab69652e538c55ed5157d4113af3f893d2d3ff8fe4d0f5905cc986ef859a29cfc8bd5e2597d01

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0fea80e06542ee82fc99625893752645
SHA1 8d51e892e238120329f7913ea8bdde39d3505c31
SHA256 b5caffd641c24cb2b9322692b60127092856b3571f7c9f316a7011b8d1f86652
SHA512 b6ffc52158a4c4d935fd797c604201ada9c6695215aab77f4c4b5b08d89c3c5bf7673cb311d670d073f5dc9b5c0c3961cb302666a86f41dc31c5eb927127c76b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0d65c4757089971b6fa5097d604618ad
SHA1 5b1eaa702ee5ccbc595a374c96bae66a8ae12b11
SHA256 4d08bee544781bfad2e4101405ad262ccf72f0d933f31f36d306c88e82b0a459
SHA512 0fc7e9216332eba894284394e3418918c0bea8e62deec839a07bd19085207e5c7a65652df87e1afa7b7cd90f62ab18f82748cc7751f5aa63aa4048a7ede514f9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b72a1f732ca5e42689ab592c51d111aa
SHA1 be931514e9b0460daf5260864fa8c299a65cda9a
SHA256 b7bda509f2b4b98ed8213fefacdccd709eb50a552d487c607b273765832db2ff
SHA512 094fb75e537f2f959b31ab17802cb805c73479a53d791425c00f68f106ed62a5fcfaab744d366a2558cfbb06fbc1ded1fbeea2fc18229b0ddb7768bcadad138a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 89116f5eb8e5f9f9aa9df80535ab402d
SHA1 c45b98b01037ee918058c65a8edc06fb2fcab78d
SHA256 33361e068760fdb4ff7e89b1196c5c0c31ae51be6f07b754a6e02cf92be971ba
SHA512 fbdf3ecfb42f26663e6fa9923a616f6eb9127fda5bad4c06f749d9d9f15824af36d6a05a23bc6b1b190d36cf76af206712fd14a8f4d95324f6db4af2e0f4663c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 70bd2f5bb93972e62b19a0eae19131be
SHA1 9884e332a328eb944a222726798bfb0bfe287073
SHA256 8b84607c9b422750cf58014727e71ae9a263c0cfc1ccb456769d57cf722622b5
SHA512 dc325dddab0d7877556bbda38f27eec432437a6b20e701b4dceed14c699e8f693ec4bc37fd9289468291ba728335eb0f49a198a94323bca66888cd7bacb2eca5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 935c6af343ebdc0168150eccc8809a2b
SHA1 0a05e6fde1d8165b83f34b61be31b47cf82008c3
SHA256 c14c619c043318607f6fe6e43cf6144725acce6594ad5507afd5406fa725cb73
SHA512 cc412e16fea1db829b932a8aa6c929f317e4f6f4eeed7e0c98bb80db8cb4548e32c2995400490cd8ca909245619bb920f63ac29909f34511eb990c8935642027

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 719fa6003e53fa14be4b47ea8946d3e5
SHA1 b3829cfd6894a357c36db49b35b016134dc55ef6
SHA256 9b51d798f47e7e682af3d1a46c851feea895e2446304ee5112b328d9ba4b539c
SHA512 c154c81471d642254e439390c9d1aa30de920c5c5d33a1a683ec2c0f759bcf6f68e8219bf407fa67fcd7e3a332e750496993938df52855b089391841615e6f21

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 107c8a3a5c0d1f25ac9abae98ee39fd3
SHA1 cec59683d36d5aecc73d0f7005dc6a3d3b8e0333
SHA256 fafa1d0766c554caba7da87d937a6381489ddce3e03585f1a8a19622708e756d
SHA512 1950a94fb7da19fe48272718b9bb4e7752153137eb74de8706b69ca91a924b0b9ff34473f5e1530ddb7917bdb11d99fa1c32f8daeb31346b2d1824948ef0c831

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 be882dac22653000f93d1c51a633276e
SHA1 fcbcdbbc925fe2e02873a07243b3d1c692ebfbd0
SHA256 580a61ae9d80d231b719c064bc2eddf25b59cc8ead85b5ee51015aac6216f104
SHA512 76b74f079b847d1aa03bb903d14243c24ba213f97c760d5a272e937674e5b77917d34c53522adcbbb980791fc6d4961edfaeba8213b89a47273529c5c9af7c3e

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-03 07:59

Reported

2024-06-03 08:02

Platform

win10v2004-20240508-en

Max time kernel

145s

Max time network

126s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\9108bc36420068f5dbec6f7890037fee_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4748 wrote to memory of 4596 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 4596 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2276 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2276 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2276 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2276 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2276 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2276 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2276 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2276 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2276 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2276 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2276 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2276 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2276 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2276 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2276 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2276 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2276 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2276 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2276 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2276 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2276 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2276 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2276 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2276 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2276 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2276 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2276 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2276 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2276 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2276 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2276 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2276 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2276 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2276 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2276 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2276 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2276 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2276 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2276 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2276 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 1244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 1244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\9108bc36420068f5dbec6f7890037fee_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff089646f8,0x7fff08964708,0x7fff08964718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,14901816775680983177,16204165637362853737,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,14901816775680983177,16204165637362853737,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,14901816775680983177,16204165637362853737,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,14901816775680983177,16204165637362853737,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,14901816775680983177,16204165637362853737,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,14901816775680983177,16204165637362853737,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6052 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,14901816775680983177,16204165637362853737,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6052 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,14901816775680983177,16204165637362853737,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,14901816775680983177,16204165637362853737,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,14901816775680983177,16204165637362853737,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2600 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,14901816775680983177,16204165637362853737,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,14901816775680983177,16204165637362853737,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4804 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 cargo.v-maxautos.nl udp
US 8.8.8.8:53 v-maxautos.nl udp
GB 142.250.187.202:445 fonts.googleapis.com tcp
NL 141.138.168.114:80 v-maxautos.nl tcp
NL 141.138.168.114:80 v-maxautos.nl tcp
NL 141.138.168.114:80 v-maxautos.nl tcp
NL 141.138.168.114:80 v-maxautos.nl tcp
NL 141.138.168.114:80 v-maxautos.nl tcp
NL 141.138.168.114:80 v-maxautos.nl tcp
NL 82.148.219.136:80 cargo.v-maxautos.nl tcp
US 8.8.8.8:53 s.w.org udp
NL 141.138.168.114:443 v-maxautos.nl tcp
NL 141.138.168.114:443 v-maxautos.nl tcp
NL 141.138.168.114:443 v-maxautos.nl tcp
US 8.8.8.8:53 144.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 114.168.138.141.in-addr.arpa udp
US 8.8.8.8:53 136.219.148.82.in-addr.arpa udp
GB 142.250.187.202:139 fonts.googleapis.com tcp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
NL 141.138.168.114:80 v-maxautos.nl tcp
NL 141.138.168.114:80 v-maxautos.nl tcp
US 8.8.8.8:53 connect.facebook.net udp
GB 163.70.151.21:445 connect.facebook.net tcp
NL 141.138.168.114:443 v-maxautos.nl tcp
NL 141.138.168.114:80 v-maxautos.nl tcp
NL 141.138.168.114:80 v-maxautos.nl tcp
NL 141.138.168.114:80 v-maxautos.nl tcp
NL 141.138.168.114:80 v-maxautos.nl tcp
US 8.8.8.8:53 connect.facebook.net udp
GB 163.70.151.21:139 connect.facebook.net tcp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
NL 141.138.168.114:80 v-maxautos.nl tcp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4158365912175436289496136e7912c2
SHA1 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59
SHA256 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1
SHA512 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

\??\pipe\LOCAL\crashpad_4748_UQHOPVPQNYZSFPRY

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ce4c898f8fc7601e2fbc252fdadb5115
SHA1 01bf06badc5da353e539c7c07527d30dccc55a91
SHA256 bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa
SHA512 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5f9dbfacb1e77c690f942e07f6236d53
SHA1 e2440ef8deba20e132307351d64e84db5c2f602f
SHA256 1eea979d64183a39bf512ac24d379ce6a08ebdeadda1d1cf027cc6e43e23b243
SHA512 2f02f8c1e7acb38bf01ae339ab6af580f807d97ae55711600178a78dab47f24009f4f0625b2e0afd13d0c6db3b4cd08ec46102af51efa9dfb394236b6901519a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 afc2c5062c2059b71ec1c71b8a03da03
SHA1 f5e4370ecb385e0445a73d44364c06e2730b8cad
SHA256 dcbba4374f4ee3301290d85a9d5a39b1606ea167e576f13b77c61be07f2ce0e3
SHA512 7a52e97c0a8d54f3355c9619f0efde14f43372fa73a102bc87351ce292e99f852ee5cf84918aaf6c0e59c931ed82f522ed699b49df68d60d4ce3cd2f32fdfda6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 acc2247b98a0086d90a1dacde81b6834
SHA1 97ec3e03336eb32df0487560bb8d5ac90b46766f
SHA256 467bc148fc2dfb0fd7b77e98979d3e3734ff7ebda1663f60ddc4442cb7256c17
SHA512 0d70643c54975d937d7ec0d5025ae633dd9a6a92dce53893c16a58ab931aac718cc05d9aab22d6e426808bd6eace7df894dc0e2b2c3f10e6fe8ff8d833a4a7cf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c435b786529058de04b3b95ede9eb0d8
SHA1 7dd451ceead9059468a8f7918c69fe6bb5dc638a
SHA256 b30c68a9831f7b88ccfa1eafbd2f995a700db5e9118e82e6ce84c0b43b59a181
SHA512 95258b323b1d44f5e0af2b2efa95a8da9050706550d1a3b4fdf24df3f298f99be43a7bf091cfc708c9dac5bde1acf7557dddfccde832b5c20075ff7e777b14bc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\bba1e3a7-0200-4cff-ba29-b780c93442cc.tmp

MD5 d9888f7e90e0d11efe2a7eb1d6a8e44d
SHA1 56d6b61886d86a26bba8180715d1da466a0fa2df
SHA256 efa778f89d2c93228d73419fadedf2c30aeefe0cee02dab4013832aded001c97
SHA512 68910e63a3baa0ade8687d83b8c53712a06d69d5f8b8d28dea637db4e78f25605df4988b82ca37ec6567f5c39cc0bab24b439c1ec9bf8317db1ae9428a435cef

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 385002eb4fc5d9a3379450cc6a24bb1e
SHA1 c61d49852bb0159ca240feefe600b5fc70bfb3eb
SHA256 840d09c730957c4c5fa37a2c2ca7227ad42de0766aa11d60c3f139f30f0d8aa6
SHA512 92f5de8decf13ef0ea1bd7987a338c1b24df2c57d5898c92e122749d619fc630375bdf509b14172f09be8c5323a6918fded5d9a5acf921377135fe60c2be8515