Malware Analysis Report

2025-01-17 21:19

Sample ID 240603-n55xbsdf91
Target 91b56a85082a62fc60c469a7706dcaa5_JaffaCakes118
SHA256 a94a6ba6702463949df950b34cb82f19520712dcf35d5414df479b37f0e6960c
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

a94a6ba6702463949df950b34cb82f19520712dcf35d5414df479b37f0e6960c

Threat Level: No (potentially) malicious behavior was detected

The file 91b56a85082a62fc60c469a7706dcaa5_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-03 11:59

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 11:59

Reported

2024-06-03 12:02

Platform

win7-20240508-en

Max time kernel

141s

Max time network

143s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91b56a85082a62fc60c469a7706dcaa5_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423577857" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e936100000000020000000000106600000001000020000000bb45c8eff300e68ccd0f0831cc2760c4a5ab68e12d251a7ce147922b7f08ec31000000000e8000000002000020000000b95d270bd553df0be169bc519b9bf9349103745c0f4a36dfb1e469c5501c25dd20000000e2cc10faa9b759d552e9cc549432a498542f34605c861008016448e1bfa11a1440000000bf085c8b7fe88e1b6e3c2197f7f9cce17224cc13d30e8951b18795a2430196cb5f8bc11d2f81e881bde8eca9d04bbadf35b3819b21ca54201bfd7c46bb3367b4 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 7022cd9cadb5da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e9361000000000200000000001066000000010000200000002821b4cd4d84b2349a8b5a7e9e56823ae4f5b8bd88adf0f7f9b259a5e20f73ce000000000e8000000002000020000000bb0f8d9849b69999769e4a073079112f538e9abf2d31541570a9f881329e46999000000070bd5000d23e1480e15b4d56a9ed383f2d0c5e160d2be75295ebf2ed94d2909a4bc61485f6388463aa7433dbfca12ef221fd0d42df88a98b5649342abc12d6d54274487394638916484a69b6cd4170de33efa8163a4e2258898455ff71144b0f2e21cf88d2d9b0666ef768e48b2bd940858c6c6c02c62b624b7445fabb0fcd3a73c0c2b2ae8395c402c28e76ed1b290440000000e049b08aa4421f360f32b2b5c1f50bd341dc6f6688f2d3bba6f10ce274656dcab0b9cc2087158e0de74f53bc301bdcd08842d1f512f6925059fd973adde2403a C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C74ABA31-21A0-11EF-A759-F637117826CF} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91b56a85082a62fc60c469a7706dcaa5_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2012 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.californiagrillnipomo.com udp
US 8.8.8.8:53 expertwebinfotech.com udp
US 8.8.8.8:53 s0.wp.com udp
US 8.8.8.8:53 stats.wp.com udp
US 192.0.77.32:80 s0.wp.com tcp
GB 142.250.187.202:80 fonts.googleapis.com tcp
US 192.0.76.3:80 stats.wp.com tcp
US 192.0.76.3:80 stats.wp.com tcp
GB 142.250.187.202:80 fonts.googleapis.com tcp
US 192.0.77.32:80 s0.wp.com tcp
IN 195.35.44.70:80 expertwebinfotech.com tcp
IN 195.35.44.70:80 expertwebinfotech.com tcp
US 34.231.96.3:80 www.californiagrillnipomo.com tcp
US 34.231.96.3:80 www.californiagrillnipomo.com tcp
US 34.231.96.3:80 www.californiagrillnipomo.com tcp
US 34.231.96.3:80 www.californiagrillnipomo.com tcp
US 34.231.96.3:80 www.californiagrillnipomo.com tcp
US 34.231.96.3:80 www.californiagrillnipomo.com tcp
PL 79.96.64.186:80 79.96.64.186 tcp
IN 195.35.44.70:443 expertwebinfotech.com tcp
PL 79.96.64.186:80 tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MNCIS1YI\wp-emoji-release.min[1].htm

MD5 6b8219274c9fa9a78ec3a5a8bf7cb6d1
SHA1 4bfc847653c2c471ed601cf19abdfe1127f3c539
SHA256 d268d3a434c87f2cb60dee2b1a4d3c17cc0e3ea30b7e0e0d5013f3df77c52f6a
SHA512 2dc1876ca2304cfa67c17252b2097d8c6cb1cf546d3d51cbc0ff674a109906a938f57a06dcb36c28a42ce409cd958d892b9709dfe229726723416346fa154b61

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b6a7323133fa0dfca1d5e86c9b5d30e3
SHA1 5a4d17f6f781b40d8ddb63ebcf02baa9578d1ea6
SHA256 8460e190feb6ce135128728463fd6e4842364c3ab446797282091316bc86e0dd
SHA512 cb17d967293280dda85f8b8eda5464509d15aaed3f649d07e46091395f1a3aa12f6584f1e396cc25be0b4f144aa79102d87b0c2fd67960b0ee690929f306666d

C:\Users\Admin\AppData\Local\Temp\Cab2A6C.tmp

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\Local\Temp\Tar2A6D.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar2B10.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 669952c2f9e141d175aa9ad3399ad07c
SHA1 6f1d05aceaf3c3ff3b26078dda85aca4c7059668
SHA256 54c02e3b80dff82ecf21936a5a377aaef564e104f615c4f940fff76569b5ada8
SHA512 ca225a7acf678dde77d4b89a1017054e3ce37b6c678ea34b46f3a527fa2182b8bf87d4daadfd62f7172387a6725aae9c4bf3bc3723de012f9bf66645324d9c7e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5779da2b96f052769e6ec570c6bc3f6e
SHA1 421dcacf12886d21ef39ee37f34fd1832685bf06
SHA256 ac5a7a6bec84678d66f227e194ddb9761c285a1e7b4f8c98318b6aea6d36f87f
SHA512 05ab8a7e50e662a34a717d2ebec4ee848f271b6a899552446144218844fc67c39e0830ef64bf34dc8ad7164d286e91f9aed27197ff4b29efa0e79332251a2aaf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 08829762f7e8c9788da85fb19395fca5
SHA1 ca13e0d402406de6f8f13f86c335f99901971ad9
SHA256 904ff03c2c44d29699abeab8e5f1e1a657f0bef43eed51665bc1b2228a7693d1
SHA512 488aa6e1a5d32df8eac45ef7072c8a7bb7c5a9a387ffb880687be70d68e05425cc1f15e087739ed0dfee7ee3b57a87a3eefdc37f6b82dbee5b64580560ddec34

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4e21a6500a32700334d2678edc46f097
SHA1 f51d6078f97d3ebe68ac2bced852550a2bca5e6a
SHA256 e7b570d17a711cd23b4d4d600be8a736a09909d8ee117534cc1047211032fd83
SHA512 27f1e4cf5c0c0fc235f2d210d38ee460242ce6594657fb49e4eb12b104e661ab67f6102a459520e2508e261014efaf4c2f1a58a33a73afe59afb68ac2e0d79a0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 16f267586bd94a5f777433ed561fe4fd
SHA1 4fe9c2b42527f27c8dc4522788e2840c873bdcf0
SHA256 8165484ef33399c63f53c984207e19a9ad01ea6b24d9ed234ad3c6102833970d
SHA512 9266fec8669ccd27f1487d72f50523ae187dced875d5065f0231dceb64c5524967f6b5a7fae48d7b611de8a1e7ed82196b97efffb40bd2d60c9e1edcd56cc28a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c8257a0bec40719683b8fd11b71f40c7
SHA1 6860575aedd23fa064dd1b8f143688d4105c109d
SHA256 1b3a73941f034f720412c003e2c4f1432784830ecc49e0ad7f381934dd50eb15
SHA512 cdbadfbad41edb22cdcfc1189bd90f93462b397465412ea1aa448927842145c4a9687e42244b395d6e1ad273b02ed9e9fba5a71f51081a830e726c05fe583f5c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 032d1f0c85d6ba47f5bcff402ef4945f
SHA1 0f26b002b2c79a8f38f0822bf3cee9dcc8e04837
SHA256 0a1b22a90dd29bc460246c6d5da65c9180fcd2e81a245990a307b6850d1a8043
SHA512 84b1d40406091a19ec2e157beb15ed9b4a399909e95749c9102d32bce30ede4389bc273af067d5747086b12de19a8fa2fa3f62cc0c67499103d5fbcddc70be00

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5cfb611f80cd696f8406d530314dfae1
SHA1 5de72c227f9954b0f669a73220abb13205972c4c
SHA256 4dfd1619c0d354027e3f97373dca55a1d4713c1239642a4c725746f4e514cab8
SHA512 62120bbec66cf6e91bfdf1b9a2be2c4971f1e7a07f29a2967b7a7aa9f24ece42c08d76ea70360e9c6bc7b6f7a298fb00ee2b990d3f6d88e7bcc6ec076283b85a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 84ca01d18d60ec482eb17305923bacae
SHA1 3197cac26597c0edf4cda5776f4b8187d0db94e3
SHA256 47a93bbb575841fc8200167586cece09a17f5dd33dddd0bf3f6217367ae78682
SHA512 57726fba195720826d37a36e06d62f35a977afa651605381fc19bfe56700c18e457d221c9f6a8cf0e640a3be142c59ba8b4a4ca50c289543c023a484e669e158

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5087eec1dada50fe4801345d4d2cd568
SHA1 ff296ad80a8feddbaa0d30822efbc0fc5de44c43
SHA256 906ff94c82dfe558c9d57da0ca6908884132f877ff0f7da133b205997a108d80
SHA512 0c460504e30fd598b242aac43678c372443ce7d4eb837176da1347e370352d2d5a8d0858813e95a2885c5604004647b1d37c1d8780992bcb1674b14564eba52b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1649bb0ec7b45a79bb58c0872a9569eb
SHA1 02c912a144040810af82a012fdf79774368eb090
SHA256 ff1cd90c61714d9986ffd7463d4997d017f672391d15505f16a7394efc5fd00d
SHA512 04dc5b49204b7fb87c59160b73d46dd6ff07091b4cabab0b9ccb7dff18d2ec5e6eec105ef9cd8d43e977e0bcc474919d885dcd1182804cd5bf626f191a39b972

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 45efc8ca47b45354ce1febb096ae4bd2
SHA1 d511bf37212852b6943e679d57eb2303238de2ef
SHA256 5ffa717f3ed3e63ce0be1f03ae8ac89867edd2dbd913eb53d2b41205e652d127
SHA512 d134667ebfcdf2a5ac0db71024805322c5bc9600cc5926b5cee4a8cefd62e44ee50d270760375f16828ec2311156f94ec4c403678fa3d1380fa185f867770039

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 aa920ffc3c6970a7657db932bd644e74
SHA1 f6ef79e82ab0b042049843f44853ba2f36ad6ffc
SHA256 22fc0e31ef47b31fd0e79679eacf1d7c906e776abee69160ffb341a3efd8dea8
SHA512 0881c954446edb8a1a7c8c05714ea7f89871a56515a7b68b92caecaf1336a37aa60caf438b1d96faf9aa5b2b4ce5894d5425407bb5b1a2df98d39157591b908a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a45d7f0c50b861a04ed13826b1bedd3f
SHA1 efd08ff7fd0039953622bd515e5e5086b101085b
SHA256 a7dc0eb9ed90c08903a710e9d4073d3a04e0e59bfaf7ebeb87756f6eec04f3f7
SHA512 ea78206ca0982a3f62340fbb2508b5da357d154bd8460628af7610b37d4871e5337e946d5252385248eadec42c7836b35997149b2aabd0ace2cf6e44500249cb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 30533a7827da70c4fbc721545e8ada8b
SHA1 d8edbe69556db3c4c0f76b4a3ea40e75cb1fce44
SHA256 1ce071f757e20d096b143ec2c66b64189d2f8ee316d35edd81a907b8b8c8baae
SHA512 023fb9a76a3dcda782984f9f3f159ada230a4762db1561aa368485c4e0097978bfa9fe409f4d304d2672276eda153b2c964326da1bacbb642087645a52c21a55

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 20326d9825c6fadb7e13aaff3761710a
SHA1 3e84fca9a56f9ad23ec375490452c26cc0aa6019
SHA256 c3a8d391ed68756d541ed521968876a14116e3ebd56642abad5f812fd535298c
SHA512 5d4d67226954adf8b0f0df49669167137cec96b229a79c3f7be2af427723a424a5863f565712bd71ad14022d21f2096005fe2d3425c2c7e5614798f7f54fc9d6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6fd703d81fe16c048c73d2e20c2a42b9
SHA1 b1d9dbf76c1ba14e416e3b27eec3fa18ee7f5219
SHA256 0f095f537e26aff16a61b0c8d30d75ac31d69e2fb2c9d7222e09dce6215201d2
SHA512 91e3941f3c553cc5e6a27b414d312ae3cc24d7b9e1be41463d82ed318d92434a12ed8619ef360e9639f6aa2d17f30dbcb619fe12c83f9335fb840030b9a278ea

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 24528b8fe66d36611dee814151f67803
SHA1 540f961a4b19ee2121ecc10ce7d3759d44bf1650
SHA256 7af3b924d48b1f48264d1310b47eb78e2c821b27b9ccfc18edf4e0519fb5efad
SHA512 c74ae1f0cdf8f5a593099992600059f06be030e3c62cd6b01b05be395ea7e263b08b6eb1f46c2601f282cad6f4ab74e2ffadaa58d5a70c7eb12f822e3b4dca20

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4d0f755ed268becf99c9aa0d44de5a66
SHA1 ef2dc199a58b81f530d5dd5198c707a57667b972
SHA256 bcc37c1bd691414aaffc9dc15fdd8b1a26b2c940e7ed6481301ff6ca8036c663
SHA512 3ad478f61620ebdb7422a5386af34c87fa59045f89a8d030de016e010ed8f8e7f6a782d8e12f1b599a06173bcb2022f23e8e9a776a53366c13237bffb427930a

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-03 11:59

Reported

2024-06-03 12:02

Platform

win10v2004-20240508-en

Max time kernel

149s

Max time network

152s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91b56a85082a62fc60c469a7706dcaa5_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3744 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 1548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 1548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 1548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 1548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 1548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 1548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 1548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 1548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 1548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 1548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 1548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 1548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 1548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 1548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 1548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 1548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 1548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 1548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 1548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 1548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 1548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 1548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 1548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 1548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 1548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 1548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 1548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 1548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 1548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 1548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 1548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 1548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 1548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 1548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 1548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 1548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 1548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 1548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 1548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 1548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 4548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 4548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 3628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 3628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 3628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 3628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 3628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 3628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 3628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 3628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 3628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 3628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 3628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 3628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 3628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 3628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 3628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 3628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 3628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 3628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 3628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3744 wrote to memory of 3628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91b56a85082a62fc60c469a7706dcaa5_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe401546f8,0x7ffe40154708,0x7ffe40154718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,2093035552960480994,7468368517133281378,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,2093035552960480994,7468368517133281378,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,2093035552960480994,7468368517133281378,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2093035552960480994,7468368517133281378,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2093035552960480994,7468368517133281378,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,2093035552960480994,7468368517133281378,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5228 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,2093035552960480994,7468368517133281378,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5228 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2093035552960480994,7468368517133281378,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2093035552960480994,7468368517133281378,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2093035552960480994,7468368517133281378,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4012 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2093035552960480994,7468368517133281378,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,2093035552960480994,7468368517133281378,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2684 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.californiagrillnipomo.com udp
GB 142.250.187.202:80 fonts.googleapis.com tcp
US 34.232.203.70:80 www.californiagrillnipomo.com tcp
US 34.232.203.70:80 www.californiagrillnipomo.com tcp
US 34.232.203.70:445 www.californiagrillnipomo.com tcp
GB 216.58.201.99:80 fonts.gstatic.com tcp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 17.53.126.40.in-addr.arpa udp
US 8.8.8.8:53 61.242.123.52.in-addr.arpa udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 34.232.203.70:80 www.californiagrillnipomo.com tcp
US 34.232.203.70:80 www.californiagrillnipomo.com tcp
US 34.232.203.70:80 www.californiagrillnipomo.com tcp
US 34.232.203.70:80 www.californiagrillnipomo.com tcp
US 8.8.8.8:53 s0.wp.com udp
US 34.232.203.70:80 www.californiagrillnipomo.com tcp
US 192.0.77.32:80 s0.wp.com tcp
US 34.232.203.70:80 www.californiagrillnipomo.com tcp
US 34.232.203.70:80 www.californiagrillnipomo.com tcp
US 34.232.203.70:80 www.californiagrillnipomo.com tcp
US 8.8.8.8:53 expertwebinfotech.com udp
IN 195.35.44.70:80 expertwebinfotech.com tcp
US 34.232.203.70:80 www.californiagrillnipomo.com tcp
US 34.231.96.3:445 www.californiagrillnipomo.com tcp
US 8.8.8.8:53 70.203.232.34.in-addr.arpa udp
US 8.8.8.8:53 32.77.0.192.in-addr.arpa udp
US 34.232.203.70:80 www.californiagrillnipomo.com tcp
IN 195.35.44.70:443 expertwebinfotech.com tcp
US 34.232.203.70:80 www.californiagrillnipomo.com tcp
US 34.232.203.70:80 www.californiagrillnipomo.com tcp
US 34.232.203.70:80 www.californiagrillnipomo.com tcp
US 34.232.203.70:80 www.californiagrillnipomo.com tcp
US 34.232.203.70:80 www.californiagrillnipomo.com tcp
US 34.232.203.70:80 www.californiagrillnipomo.com tcp
US 8.8.8.8:53 70.44.35.195.in-addr.arpa udp
US 34.232.203.70:80 www.californiagrillnipomo.com tcp
US 34.232.203.70:80 www.californiagrillnipomo.com tcp
US 34.232.203.70:80 www.californiagrillnipomo.com tcp
US 34.232.203.70:80 www.californiagrillnipomo.com tcp
US 34.232.203.70:80 www.californiagrillnipomo.com tcp
US 8.8.8.8:53 stats.wp.com udp
US 192.0.76.3:80 stats.wp.com tcp
NL 23.62.61.185:443 www.bing.com tcp
US 8.8.8.8:53 3.76.0.192.in-addr.arpa udp
US 8.8.8.8:53 185.61.62.23.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 34.232.203.70:139 www.californiagrillnipomo.com tcp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 34.232.203.70:80 www.californiagrillnipomo.com tcp
PL 79.96.64.186:80 79.96.64.186 tcp
US 8.8.8.8:53 s.w.org udp
US 8.8.8.8:53 v0.wordpress.com udp
US 8.8.8.8:53 pixel.wp.com udp
US 192.0.76.3:445 pixel.wp.com tcp
US 8.8.8.8:53 186.64.96.79.in-addr.arpa udp
US 8.8.8.8:53 pixel.wp.com udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 439b5e04ca18c7fb02cf406e6eb24167
SHA1 e0c5bb6216903934726e3570b7d63295b9d28987
SHA256 247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654
SHA512 d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

\??\pipe\LOCAL\crashpad_3744_WCXVRMUFRRHVRJMJ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a8e767fd33edd97d306efb6905f93252
SHA1 a6f80ace2b57599f64b0ae3c7381f34e9456f9d3
SHA256 c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb
SHA512 07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6a4184843f965f9a4b02f8af35fe2c9d
SHA1 6785b8fc36ac6a7af07007eee59eac01d068cf0f
SHA256 cb27cfb85cffccc7d8a52d9bae40ba31b0cc2462fb41508c8e6c6c2bf06e2198
SHA512 ffe64d9f2e00cac4403f43386085af9d2ee09bde28dbec76e91ef0a25d619c256eeda050973a5d7d431acedc80e93f600467ae2c82b6d1e0272aa8ae1356d426

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f6b6aee404151c35169bd1fa94266b34
SHA1 a7a66b93266dcf4b9489f0cd49007b8671df3bf3
SHA256 a14284d2b4223c2ee0d7806b6cea4bfea3a2e454d12bf382c580099b6422ca01
SHA512 6c7ee3fa5b5d92f3572cdb8922da73a86a901d6c6b340a24ab2bec376d0bd5045ce3b7011484f5cd8ba52c67e7094b388cd73e548634bd407ff0539ec1434d09

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 053c678cd501f89c1a45879d10d5b5e6
SHA1 2ebf132e5efe1817db677ee961e4d5b5c047b685
SHA256 5ff73547000fe2d841b1b20d4f57cc09979b2299bd47b1eb861d6f740394f4d6
SHA512 1651b2d5d1c9d930f865df86c1b87d30c547ecbfbeb7447f0e0cf2dd837d7ada154a0ac58d5213386c2df5b1296b8ab48123e0d83bf155d0ac3db929c1dbb75e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 be95c12056c057d9b8162a72e05ca44e
SHA1 02771c52f9b744dfdc3a489808835000032295fa
SHA256 89ef588effbdf713b32d3ed0c2a81925e6f3d9413f45ad7e3f5a033840a03736
SHA512 3819c2c53101fa9295fa38c5c30b6e9a0d7c9ab3cb3cb689e5f8e8b6e0cea131decbf469de664ed084f3f2a8815853923b68ad88c1cea2880d47c903300c6ede

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 1faee881408d2ff697f714582c4d21ab
SHA1 3dc98f581504496ee010691f4e47a53a27bc68ea
SHA256 0b5c34da4e341ede82ba1c371b66de6a2efe35cb9de2c089a7e853441597db54
SHA512 61a2c56c67c78bcf62b7811404cd62ebb7675ec4470c018832602abe6662edace0e6daccdea5d7e55547ce379370c437ea33c21cffa5a49b0f528d833d1c271b