Malware Analysis Report

2025-01-17 23:19

Sample ID 240603-p9y51sfc6x
Target 91e16dcd6553144d91e5fceced880e8c_JaffaCakes118
SHA256 f6d4c8ddefced5c5b71acf41ca34aa9ef57234d5d9c261a6c5e2f8b4af71d60b
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

f6d4c8ddefced5c5b71acf41ca34aa9ef57234d5d9c261a6c5e2f8b4af71d60b

Threat Level: No (potentially) malicious behavior was detected

The file 91e16dcd6553144d91e5fceced880e8c_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-03 13:02

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 13:02

Reported

2024-06-03 13:04

Platform

win7-20240419-en

Max time kernel

134s

Max time network

127s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91e16dcd6553144d91e5fceced880e8c_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{856B6BB1-21A9-11EF-B781-461900256DFE} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423581612" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d100000000020000000000106600000001000020000000e524f3b38367146d8d0994721c57cd1013eb2ab7e7c488cca90a9f25a0db5f86000000000e80000000020000200000005733b5c9fb3e2ffe1fbea95ad484bfd3b424fa407784c464009617ca71fa954a20000000f3d524313b7bb5fab676294424459018f5ad00a393316770356c2362b9b7ead24000000063cfebf325245c66411b44a8c22bf6c27615eeb451b15e05e5c8faeeadf488664d243bf6f0f9b7569bf2a13b31b4aabaf074916fd7e9a807ce3c1d1f4cc5d23f C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 40958f5cb6b5da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d100000000020000000000106600000001000020000000378852278f337d0f126512a9c5103e7e76f1b005eece55f8ebe4999980cda6c3000000000e80000000020000200000002923d7b5617fa594ac3f9d05a0e382b13db399f61bb8c2e7ae31355ea87e552990000000fd68fd56f674690159de9adaa93f94fe600e2cb42b7efb5f4a1a716ebf953290c431c41b9928b750a171bc28c92dfcd14c38169cb165e46ff5c8180d18cf85c9353c8dee242688fd7926b1cfa0ea6cbab2eead9fe1931c814d8a6cf9911b6d68d77f5983b42d1f62ab70486ee1e528f97ff05bab0be01f1d4b8d9d4f4c7b710458c711d05080fc6c86362654dfeb704440000000285247fb9c78f6675f2a185da0585d2eef3f92c481609cb6a9dc7850f1b9353c36b1690df3d506d15804aa067e86ba940e4112d16f3edbbbf9b4c6e8bfd92565 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91e16dcd6553144d91e5fceced880e8c_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3028 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 oceanofgames.com udp
US 172.67.213.70:80 oceanofgames.com tcp
US 172.67.213.70:80 oceanofgames.com tcp
US 172.67.213.70:80 oceanofgames.com tcp
US 172.67.213.70:443 oceanofgames.com tcp
US 172.67.213.70:443 oceanofgames.com tcp
US 172.67.213.70:443 oceanofgames.com tcp
US 172.67.213.70:443 oceanofgames.com tcp
US 172.67.213.70:443 oceanofgames.com tcp
US 172.67.213.70:443 oceanofgames.com tcp
US 8.8.8.8:53 media.oceanofgames.com udp
US 104.21.93.174:443 media.oceanofgames.com tcp
US 104.21.93.174:443 media.oceanofgames.com tcp
US 172.67.213.70:80 media.oceanofgames.com tcp
US 172.67.213.70:80 media.oceanofgames.com tcp
US 172.67.213.70:80 media.oceanofgames.com tcp
US 172.67.213.70:443 media.oceanofgames.com tcp
US 172.67.213.70:443 media.oceanofgames.com tcp
US 104.21.93.174:443 media.oceanofgames.com tcp
US 8.8.8.8:53 oceanofgames.disqus.com udp
US 199.232.192.134:443 oceanofgames.disqus.com tcp
US 199.232.192.134:443 oceanofgames.disqus.com tcp
US 172.67.213.70:80 media.oceanofgames.com tcp
US 172.67.213.70:80 media.oceanofgames.com tcp
US 172.67.213.70:80 media.oceanofgames.com tcp
US 172.67.213.70:80 media.oceanofgames.com tcp
US 172.67.213.70:80 media.oceanofgames.com tcp
US 172.67.213.70:443 media.oceanofgames.com tcp
US 172.67.213.70:443 media.oceanofgames.com tcp
US 172.67.213.70:443 media.oceanofgames.com tcp
US 172.67.213.70:443 media.oceanofgames.com tcp
US 172.67.213.70:443 media.oceanofgames.com tcp
US 172.67.213.70:443 media.oceanofgames.com tcp
US 172.67.213.70:80 media.oceanofgames.com tcp
US 172.67.213.70:80 media.oceanofgames.com tcp
US 172.67.213.70:80 media.oceanofgames.com tcp
US 172.67.213.70:80 media.oceanofgames.com tcp
US 172.67.213.70:80 media.oceanofgames.com tcp
US 172.67.213.70:443 media.oceanofgames.com tcp
US 172.67.213.70:443 media.oceanofgames.com tcp
US 172.67.213.70:443 media.oceanofgames.com tcp
US 172.67.213.70:443 media.oceanofgames.com tcp
US 172.67.213.70:443 media.oceanofgames.com tcp
US 104.21.93.174:443 media.oceanofgames.com tcp
US 104.21.93.174:443 media.oceanofgames.com tcp
US 104.21.93.174:443 media.oceanofgames.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464

MD5 b712ab335c43665e99f17ac1cad83d54
SHA1 425f45571010b7b76716a762d91ce6929a9a82c8
SHA256 c7d57cd4f0b92a7b9c084e295f3c43b74604b7612fa0a27343616199c591d86c
SHA512 01a5ff236d33811be448ee77924e5f8c74a02dd5de0b5fbb4fb9a445fd35bc930f3924f99e468e7a82a297338c39479f4b618f15c025346e6b45b5c72159e170

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OV51DDG5\picturefill.min[1].htm

MD5 0104c301c5e02bd6148b8703d19b3a73
SHA1 7436e0b4b1f8c222c38069890b75fa2baf9ca620
SHA256 446a6087825fa73eadb045e5a2e9e2adf7df241b571228187728191d961dda1f
SHA512 84427b656a6234a651a6d8285c103645b861a18a6c5af4abb5cb4f3beb5a4f0df4a74603a0896c7608790fbb886dc40508e92d5709f44dca05dd46c8316d15bf

C:\Users\Admin\AppData\Local\Temp\Cab1660.tmp

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\528EVS6A\coollogo_com-236847847[1].htm

MD5 ce1a246981cd1f6be84e53fb3b6cdcea
SHA1 1015019d9970df1a146cb182bb6c4153754550f7
SHA256 092d5e8fbc98868f8eaad1a535fd4f1481ec50b5d8c315a77d59cea9eb8df6c3
SHA512 8a97558ea903b142ea09d7a2e0f17480cbb215d9144907cbb1d7802940a275ef992678547b75dea1d9b6d08b0a3488e90c70453938eab39400144a2791852bc0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1f141110cfabc422ece632a0b2e8cf44
SHA1 64879e79a0b5fbba7d850c41b398a6c44ce49d6a
SHA256 74cf9cbc4afdae42177bf149598229638f09605f8a18ebe812a42b4619ac9b09
SHA512 cb5c9b67da2e1cfb61969575d6c777ec2d43ac26f4134cc05f57c0a88145a26f38e73edc8af8765b8287bc29c5848b7a6b9b410335d271dc5c533389bd77394e

C:\Users\Admin\AppData\Local\Temp\Tar195F.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar1A51.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\528EVS6A\autoptimize_fallback[1].css

MD5 960021cac60c2b41f67d07df87e60732
SHA1 341b027ee26bdbce721233421992012beab416c5
SHA256 b795ab45e2b898b7d7cd120437b336e3e7742bf378199ffad186188938b89ac3
SHA512 3f7f0e95b997a5ede84300a787fd96a1c7501df2efbbd648572b44946daa9d0755f07dc1239aedf9a9f7c8b2954394bce7bcd777b0b1ed649f0fc19e9b2c461b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b827af30316c08b52bf7a4542f8dc40e
SHA1 a6cd294b16c528732de598e91b6669060224e9a7
SHA256 39177cb3acf543a775033a22cb95b7d6f8be86d80677765763ce0071be2797c5
SHA512 d107cdd68bbc5c174f0627f3a9e23535568f8e93e2ad67b0e58c6583f3749370696d941a3d4f2b640068134d084c49ce9815e05ef4e95b5d4f1ff5148223753e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 24d2d3adb7b4409d3a5060313f7e0816
SHA1 6d5aae177c45352142cef23624fba2a778f56efa
SHA256 fd5cd327bc71f3fd29ec2ef0b0c71da24151a9dd0bfb0ff7e52af985d7c7b181
SHA512 af0d7336bc0ac7b50c3de09253c8679cac17964dc8e021e4f9c61945a548a7f217495a40a9e5571855a46554543ac936f083d14c6c163fb1224becdd396da0ce

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4396223fa576da0c8c8185954a1cd529
SHA1 33c443ee7e796cdffa178c241992e37da23aa9bc
SHA256 6c49c879b991ac8f2243e7232cbac2591fddbce26a5ddf6bf0c70a38a2a043f2
SHA512 830efcc2597027e65427dd47da53cc4b84000b3b6ffe904b7b6188c13ecd06d46162dfb06cd4c97cf536d10c06e03b0d739cc80992bc89625c24b34107c2a944

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 df62dcf0d91d9cda0b195e00cb220dca
SHA1 0311da957d4c4d1b35402588f6f7785a62e6babf
SHA256 0c02f5f64ccc0f7c06a6c79817d3de5924e4ea3e8b7c0ec4fe21b8d408845168
SHA512 e3d94eb09ca310220f7358ad9d632c6eb5709c20bf9c3996d4362c2a06c1deaca4c777d6a0561c28d073ba8a84ff1a2b03b7ae136cb19e36b84cf72ba092e80e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cad93ee0ab7e9188e42d943e4f6e1f5f
SHA1 2fbd8b203a06855de7a466c519f43687cd457099
SHA256 31826ffc0cb3b6a083dcbba406aa207f4c0c300e9d57326cbcad1b19e6c95a92
SHA512 9305b4140d23d7a7a4f2d17700cac6ff742dbdb292646db035dacf360f0a925a8ec03a9baebbcb758bd3c72e8c9044a2683d338a15f8e9593e195473faa22d48

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bd2e679e8ae27f0bd62dc7f675272c79
SHA1 61c7a85a92d944b59033d597d5cafab1fbea41ed
SHA256 343f914effc1c0690eaad765d6a147655abdc540634116557b701029ce8ceb8f
SHA512 bfd852f0558973d9127fda3bd87df481d7809f0c5af61981110ad2baeedbb5ebe09e5c638c4428c3e95e0d267206362a9387d54e356777821530a147b173deaf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 31597c9f97d500562da338c0577e9df7
SHA1 d295b2d0ffdfbad47bba8f62685c9a15fd8ddb00
SHA256 703316ed31bb83c00ce5eb371bb6f7036bb31086aece8bc30f4602bf3f93efcc
SHA512 90a9033b531a7a5152f28816f047d28e17399fc3d396f19d957148677779c9f9b93105cd4f88d02051ae8318aec459fe4c8ac50af1786d87c7aa2d56a01d4745

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d9f1cb873bd0eeffa36a36b01d29b202
SHA1 d0a409209fb0d99bbc0c696c28cb3fdf705ea69d
SHA256 00b223bc7aef22ce78cf4b860f3167eb547958f88ce63606d9e5305ed5ce1ef6
SHA512 aa331486b9789db221ba71807f248f595afc4d1a1e1795d6e1723b4d15094b2dd9a41d5af79129f6c1fbad4436c6e0243ce17fae4133f7630534d5c538abf892

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f859ba0290d332604e657c9213ce346f
SHA1 6a4930b1040c5b5ddb589ea73e83f4d0643d4b58
SHA256 d575f06ae6fbd915243e0c3c274e0124553dbf6069da8905986643b67fac92d2
SHA512 e1cfade9fba3c3c121af7cd27ae88ae2c2c13677521a35acf3f61d98b15107c20c00c9a92891b7e4a1554bd4ed468891604201bc99c2b772bde854e1d227b622

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9633d95c61e7982f3cf50e71cfcb33a4
SHA1 9aed91add7e90137db4b4a6912491d995bb25d7e
SHA256 0d4e619c47e29be9afa6077e05520d5b2ca532ec238487a71807b3db25fc614f
SHA512 8dbae911b13b10670f5fb457088c3abcf0ba340090946cc5c86dd4b91fdabbee2c8dbb6465391e62b0549a3960979a27659992d0406868170732371481d5b792

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ce67fff0684ec862ae0142f286a2fbdf
SHA1 ace2e62532a3f9d4458201c615c0c67f3a5bb606
SHA256 0b00a0949369e6463d282516c76f59abfba4522f77c5d396078e4546badb48d2
SHA512 34b174c4fc05c03ac9f941b481149fd16d53b3876084088d097c92187a3b5ef5c735f91e3f0fccebe9eb6d1e4ab44b462224f5711897b32c59760d4e131b25dc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c1a2116f699b543e634fcbb135440695
SHA1 2dd020df26399c9a1a27ff24e8ad85046c3e3565
SHA256 42d41ddfda0e69498ab34d3aebd53684df8dc021271ed55879c14bd80236bc44
SHA512 2735422f4c563960a28a6e43d989ad9df7de2106a2da497810edf9944d9e30082623b6aa4f41bf67a84d3e8197f08a805c3ede5cd301f9b816b516945ee84f9e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cc98195b6af976960ba381f7316ffef7
SHA1 9e9c5f6a07c678345557badb90e167e6a8ff9a5f
SHA256 0d1657847b4541e8f959cecd43ba9c2cf344293064c8710f5ce2c8dd31e27bb3
SHA512 e4f1f50053ec4e3b321e9877294fd04595861ddebf9ca9b7477b61788a678638f64ac98104cc764d95615a412333a08c1283578d6b765d3ebed3465bd240e5bd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 96413d491309299c032e0fa90cfc7e9f
SHA1 72a50a39a3661de04026195912190744dcf9f6fd
SHA256 4fab3a7baddeb2ac8c8e83e201cb9105c8b270aa2c0c81ab1aa7de65eb18a9f8
SHA512 dbd0275691b207c581ddf854b008f26a3f034ad1dd8d11ae22b8bb13275fac0aa3cd9f4110a81c87edb2b1a22a3ab9158cf8af5620b16a65bc97e745f1f2e1f7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 abb17aeef579a2c61c1b0534bb410600
SHA1 705488630c8f3151dad4f55e2ea31ffd0947d789
SHA256 27d3eaf3d91c0a0069c43999f018fd04b555df0112b3ec214c109ab11a31e99a
SHA512 a513402412aeeea0ff92eb8d985d1b83dd41803f8910f4c86d37df61e641952e88cdb4dde1f525491d8a42c5a5e41d361fa6058cb160557392aeb543c253b1d2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cadef7431c8e3a39cde8d63e37aea0b5
SHA1 3790a903b129198cec23f7d36afb750e739b365f
SHA256 cb8c5d5bffcd36c4d652e139a8a41f0d1c0a4b8d3c5aecbfe8f714b66aea61ea
SHA512 7b92d100d2cbd8ecd5fb0259197749b96143c9a087cde9e5b1d25361f283e4a7ff9e1111edc6677eba9c9e45bb8832d9bdc806ca232f9574e2e21ada460b97c5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 92015f60e3fee73b911016a8e79fcf82
SHA1 834522da6cd0721db6cc505bf6cd50997ebff3c4
SHA256 ede820cef5c823d361af4dd97fd13c72a818a5c7ba58267f036b67d6b9dbb724
SHA512 181bc4094a352e43ea00810dbbf977f349a2fe1a527cd71cc7a5e8403ab223af00b5d8659558d13d0fd0d20a0d69a744a722c0c809d7f67f38caf23cf7bf9191

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bccb4aab999129d1260711e101e7d0d2
SHA1 9a0f0b5a192dc6b035f7834526074efba79fbd3a
SHA256 9b61a9d3178bf5a9dd926c53c9f2d1206a0c2d6c0c164070bac5d16c81ee2605
SHA512 952befdd143df68ce886e7ff3f9afc191ab9619086f37a6496b0800fa965fd36cffd8965c7e6d0490afe6fc2e9c7964eb0a18638768db8cecc15af223c142b75

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 ee207abec1ae6573851eb174e83115f6
SHA1 62c5deb8b7f32ad06410035a76a25d449f8d16cd
SHA256 605a6e5840f30ebdde3b95ff95acdf16c555ac1ec0fd09e350e9d0ed52db6996
SHA512 e4ef96fa160933c4cccb25eb2643f736da9ea39cc108f240032ea59694c6a997878253c88985a6b2f10426d1c545984802855939023b00f9bb4e63a488dd7de3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2240dba7dbcf203aafa2b49159b775a7
SHA1 aea486673e1888797ac0beefbd1e5e08718707d7
SHA256 18d1bcf5862e109d25432e61e5baa1a16e71fd025aebc8d6647d47809ea53f94
SHA512 e9d8b863af902afe416bbf522b3b3304dbe9ffa220df33461cbcd83557bc52c454203fc382c101a44b1dd58af01406bebe9bde91df81e5926c25dd9293ff0476

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b0c8cadfd7b78848578c99ea48fe4a2a
SHA1 8f02e4e9ba94cd2c059377696d66cd7f3e8c9dab
SHA256 d8f0a51214f2d729b67ab7547efad2edd2d93780cd07e493bb52fb990b9a521d
SHA512 df737c3ab7c24bd8d9c1e6e8a85c73b1df10d0e78f79dbd1eb1ba5417c60f20b1fb4a22e8292ddae511c08c7b00c54bdc3684a357879d3bbbed6235684b3a025

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 13fc041ef1f13e02942b55454decdbb2
SHA1 8cce0c7d98e3ed130b55cacafc0b71a79b0d5340
SHA256 b43ec1909e5e7ce6e3ac9d294297f9d92bf193211952b1feeb565894f769a2e4
SHA512 fde652bbe82ca573b20b1c21341875d8ab69a6359e3f647326f8c865acb598dab7e144331a116d50bf66aa77e60ac1017b45ee56ea43e0f2783bb695daed1609

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4dc14668ed9bc6c0700997091c438b79
SHA1 9e534cad33d2ca34213b0fafc0760b1d40fbf365
SHA256 3df2c8f38ab0f530ca76e8a4e87ff97d50a4eb58fcf2c299f3030e140bc0d449
SHA512 079d457b55d75d0a5c5603113b42310e7fcdc925dff6c1a6b4c62922346eb9e3bd2576b3af607ca1367f109a15d45a2fda3e7f0debf4caaa5143dcdcaca9024e

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-03 13:02

Reported

2024-06-03 13:04

Platform

win10v2004-20240426-en

Max time kernel

145s

Max time network

139s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91e16dcd6553144d91e5fceced880e8c_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2144 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2144 wrote to memory of 400 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2144 wrote to memory of 3064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2144 wrote to memory of 3064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2144 wrote to memory of 3064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2144 wrote to memory of 3064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2144 wrote to memory of 3064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2144 wrote to memory of 3064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2144 wrote to memory of 3064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2144 wrote to memory of 3064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2144 wrote to memory of 3064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2144 wrote to memory of 3064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2144 wrote to memory of 3064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2144 wrote to memory of 3064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2144 wrote to memory of 3064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2144 wrote to memory of 3064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2144 wrote to memory of 3064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2144 wrote to memory of 3064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2144 wrote to memory of 3064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2144 wrote to memory of 3064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2144 wrote to memory of 3064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2144 wrote to memory of 3064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2144 wrote to memory of 3064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2144 wrote to memory of 3064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2144 wrote to memory of 3064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2144 wrote to memory of 3064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2144 wrote to memory of 3064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2144 wrote to memory of 3064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2144 wrote to memory of 3064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2144 wrote to memory of 3064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2144 wrote to memory of 3064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2144 wrote to memory of 3064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2144 wrote to memory of 3064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2144 wrote to memory of 3064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2144 wrote to memory of 3064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2144 wrote to memory of 3064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2144 wrote to memory of 3064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2144 wrote to memory of 3064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2144 wrote to memory of 3064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2144 wrote to memory of 3064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2144 wrote to memory of 3064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2144 wrote to memory of 3064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2144 wrote to memory of 2440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2144 wrote to memory of 2440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2144 wrote to memory of 1120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2144 wrote to memory of 1120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2144 wrote to memory of 1120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2144 wrote to memory of 1120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2144 wrote to memory of 1120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2144 wrote to memory of 1120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2144 wrote to memory of 1120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2144 wrote to memory of 1120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2144 wrote to memory of 1120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2144 wrote to memory of 1120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2144 wrote to memory of 1120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2144 wrote to memory of 1120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2144 wrote to memory of 1120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2144 wrote to memory of 1120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2144 wrote to memory of 1120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2144 wrote to memory of 1120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2144 wrote to memory of 1120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2144 wrote to memory of 1120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2144 wrote to memory of 1120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2144 wrote to memory of 1120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91e16dcd6553144d91e5fceced880e8c_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd9d0c46f8,0x7ffd9d0c4708,0x7ffd9d0c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,4906561238430562338,2394374346027821840,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2188,4906561238430562338,2394374346027821840,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2188,4906561238430562338,2394374346027821840,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,4906561238430562338,2394374346027821840,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,4906561238430562338,2394374346027821840,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,4906561238430562338,2394374346027821840,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5488 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,4906561238430562338,2394374346027821840,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5488 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,4906561238430562338,2394374346027821840,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,4906561238430562338,2394374346027821840,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,4906561238430562338,2394374346027821840,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,4906561238430562338,2394374346027821840,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,4906561238430562338,2394374346027821840,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1808 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 oceanofgames.com udp
US 172.67.213.70:80 oceanofgames.com tcp
US 172.67.213.70:80 oceanofgames.com tcp
US 172.67.213.70:80 oceanofgames.com tcp
US 172.67.213.70:80 oceanofgames.com tcp
US 172.67.213.70:80 oceanofgames.com tcp
US 172.67.213.70:445 oceanofgames.com tcp
US 172.67.213.70:443 oceanofgames.com tcp
US 172.67.213.70:443 oceanofgames.com tcp
US 172.67.213.70:443 oceanofgames.com tcp
US 172.67.213.70:443 oceanofgames.com tcp
US 172.67.213.70:443 oceanofgames.com tcp
US 8.8.8.8:53 media.oceanofgames.com udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 70.213.67.172.in-addr.arpa udp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 oceanofgames.disqus.com udp
US 199.232.192.134:443 oceanofgames.disqus.com tcp
US 104.21.93.174:445 media.oceanofgames.com tcp
US 8.8.8.8:53 c.disquscdn.com udp
US 8.8.8.8:53 disqus.com udp
US 151.101.192.134:443 disqus.com tcp
GB 18.165.160.19:443 c.disquscdn.com tcp
US 8.8.8.8:53 134.192.232.199.in-addr.arpa udp
US 8.8.8.8:53 134.192.101.151.in-addr.arpa udp
US 8.8.8.8:53 19.160.165.18.in-addr.arpa udp
US 8.8.8.8:53 55.81.224.13.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 b2a1398f937474c51a48b347387ee36a
SHA1 922a8567f09e68a04233e84e5919043034635949
SHA256 2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6
SHA512 4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c

\??\pipe\LOCAL\crashpad_2144_XWLXXTLKONDNXMUF

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 1ac52e2503cc26baee4322f02f5b8d9c
SHA1 38e0cee911f5f2a24888a64780ffdf6fa72207c8
SHA256 f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4
SHA512 7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 495f4358d7db2df059576e01e115a61c
SHA1 857c36bc54c77532f5c0f77f818ffc3840a18fd9
SHA256 9e53b878b5c21f2803f0889163d01e727ac893c74557638dcf5dbfdb40654ae7
SHA512 36483ed620a211b7888eb2ed3a00069972e25a5ffbd89abf4e1274ea8e2c35992d78eb7d5e8af264d8d45e4f81655d5317d534ff3e7285342dea1db034d99089

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f5890d007a6cf543fcab5d2822738de8
SHA1 7bae0609c35d493725f071afd2d8bf9224149e66
SHA256 5628f8d1915ba255089f3b84f572285caf643d2c86b751ae04611a1ad2f65921
SHA512 56d91f239d27d3f914189fd28cbf28c3fc068905c20291d560425c8a0671aa1362d1718f3c00ffa6b008572023cc6dc1bf2039d01af2eaea880c3f83852c1704

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1ec4137123c53643103f9c176aba1edc
SHA1 a155a14629f3b0573ea84f4f8d38f0ee22714279
SHA256 8c7f435fe7760cb4eb47c45cb483312e8162268d0430e0a986a608dc6f5b7c1b
SHA512 f1022070beb96cf9c03d06f0d4cd31224d8fda0bf00177adbe6396890ad266a9e7941f581df02f946032dcc1557bc57ed376eb8c817e2b65c5ee97882d39fb79

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ad76.TMP

MD5 7dae28ba2110a24451cd319f7243d0cd
SHA1 38348291317c245725313419970613573eba9153
SHA256 4aed52774885459a45822735de604dcdd51a9021148b8971031c5fc0fb132077
SHA512 daed36803ec84300eadc04d7579dbc978922d1b9e3299b72fbe601378242319baac0cb1d5480d53b07e80a40d1463dfa6e3a0bf1f93be8c82c7f352ed6b3393d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 095cc15b27c778d5cc2a80c88ff02bfa
SHA1 c4f9a4276a8c49979e7253f6e523fcd5388bbd8a
SHA256 0a48cce300440f017f98324f0bcf5221bf9734b783c33573cb048dd2f32fb761
SHA512 142bddecbd86c2f695151b3653ff2bd2e53ddfeb43665eef40a5a6290975d187704a018db03244b94931b82b5a6f346ed18297d0777be05e0ea126bda2e57bff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5bf0636f08a9914756e5e339057e2da6
SHA1 26f88409cfc422c2a12784c4ce3a992badf76372
SHA256 fda5c59b1b28b452659a20c52b1aac4f8a918f41c3ea64a654c908ee16ed2696
SHA512 7419148a1a8227ebde2200bd1dea13dced8521c2e77bda72f36c8254be7942ff006514866852cbe889a678728db7003f309c56f0326e00b8cf48eefbe2832282

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 cb1e4540c6a1914428adc546a85ab822
SHA1 d2fa243765e46e1b6aedaefd35b23b1ee2f98d4d
SHA256 2a976325302c19af4a83126cc9ea4167efef72241d6aef3a89228219d056884c
SHA512 2c74e644ee784748b8321a5ee52ec7dcc151f6a49b5a333becf6f28c5c1567c062777e8f9f698015de82764fb4e5d7a9e87391dd34f8906207aa3f7a5a92b0d0