Malware Analysis Report

2025-01-18 00:08

Sample ID 240603-tattgacf75
Target 925616a8d5bcc0a90bcde0988b539f54_JaffaCakes118
SHA256 ac79588597e4ed4c5e3da729e4c68281ff1d98c3862f6dc0e7d22eac71b59c07
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

ac79588597e4ed4c5e3da729e4c68281ff1d98c3862f6dc0e7d22eac71b59c07

Threat Level: No (potentially) malicious behavior was detected

The file 925616a8d5bcc0a90bcde0988b539f54_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates system info in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-03 15:51

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 15:51

Reported

2024-06-03 15:54

Platform

win7-20240508-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\925616a8d5bcc0a90bcde0988b539f54_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423591771" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2C1086A1-21C1-11EF-8C92-6A2211F10352} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\925616a8d5bcc0a90bcde0988b539f54_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1972 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 use.fontawesome.com udp
US 8.8.8.8:53 coin-hive.com udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 8.8.8.8:53 jmtshirts.com udp
US 8.8.8.8:53 whodeyprints.com udp
US 172.67.142.245:443 use.fontawesome.com tcp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 172.67.142.245:443 use.fontawesome.com tcp
US 172.67.214.70:443 coin-hive.com tcp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 172.67.214.70:443 coin-hive.com tcp
US 15.197.142.173:443 jmtshirts.com tcp
US 15.197.142.173:443 jmtshirts.com tcp
US 15.197.142.173:443 jmtshirts.com tcp
US 15.197.142.173:443 jmtshirts.com tcp
US 15.197.142.173:443 jmtshirts.com tcp
US 15.197.142.173:443 jmtshirts.com tcp
US 205.147.88.159:443 whodeyprints.com tcp
US 205.147.88.159:443 whodeyprints.com tcp
US 8.8.8.8:53 apps.identrust.com udp
US 8.8.8.8:53 apps.identrust.com udp
US 205.147.88.159:443 whodeyprints.com tcp
US 8.8.8.8:53 apps.identrust.com udp
US 8.8.8.8:53 apps.identrust.com udp
US 205.147.88.159:443 whodeyprints.com tcp
NL 23.63.101.152:80 apps.identrust.com tcp
NL 23.63.101.152:80 apps.identrust.com tcp
NL 23.63.101.152:80 apps.identrust.com tcp
NL 23.63.101.153:80 apps.identrust.com tcp
US 205.147.88.159:443 whodeyprints.com tcp
US 15.197.142.173:443 jmtshirts.com tcp
US 15.197.142.173:443 jmtshirts.com tcp
US 205.147.88.159:443 whodeyprints.com tcp
US 15.197.142.173:443 jmtshirts.com tcp
US 15.197.142.173:443 jmtshirts.com tcp
US 15.197.142.173:443 jmtshirts.com tcp
US 15.197.142.173:443 jmtshirts.com tcp
US 8.8.8.8:53 x2.c.lencr.org udp
BE 23.55.97.11:80 x2.c.lencr.org tcp
BE 23.55.97.11:80 x2.c.lencr.org tcp
US 8.8.8.8:53 coinhive.com udp
US 104.21.57.186:443 coinhive.com tcp
US 104.21.57.186:443 coinhive.com tcp
US 205.147.88.159:443 whodeyprints.com tcp
US 205.147.88.159:443 whodeyprints.com tcp
US 3.33.152.147:443 jmtshirts.com tcp
US 3.33.152.147:443 jmtshirts.com tcp
US 3.33.152.147:443 jmtshirts.com tcp
US 3.33.152.147:443 jmtshirts.com tcp
US 3.33.152.147:443 jmtshirts.com tcp
US 3.33.152.147:443 jmtshirts.com tcp
US 3.33.152.147:443 jmtshirts.com tcp
US 3.33.152.147:443 jmtshirts.com tcp
US 3.33.152.147:443 jmtshirts.com tcp
US 3.33.152.147:443 jmtshirts.com tcp
US 3.33.152.147:443 jmtshirts.com tcp
US 3.33.152.147:443 jmtshirts.com tcp
US 15.197.142.173:443 jmtshirts.com tcp
US 15.197.142.173:443 jmtshirts.com tcp
US 15.197.142.173:443 jmtshirts.com tcp
US 15.197.142.173:443 jmtshirts.com tcp
US 15.197.142.173:443 jmtshirts.com tcp
US 15.197.142.173:443 jmtshirts.com tcp
US 15.197.142.173:443 jmtshirts.com tcp
US 15.197.142.173:443 jmtshirts.com tcp
US 15.197.142.173:443 jmtshirts.com tcp
US 15.197.142.173:443 jmtshirts.com tcp
US 15.197.142.173:443 jmtshirts.com tcp
US 15.197.142.173:443 jmtshirts.com tcp
US 3.33.152.147:443 jmtshirts.com tcp
US 3.33.152.147:443 jmtshirts.com tcp
US 3.33.152.147:443 jmtshirts.com tcp
US 3.33.152.147:443 jmtshirts.com tcp
US 3.33.152.147:443 jmtshirts.com tcp
US 3.33.152.147:443 jmtshirts.com tcp
US 3.33.152.147:443 jmtshirts.com tcp
US 3.33.152.147:443 jmtshirts.com tcp
US 3.33.152.147:443 jmtshirts.com tcp
US 3.33.152.147:443 jmtshirts.com tcp
US 3.33.152.147:443 jmtshirts.com tcp
US 3.33.152.147:443 jmtshirts.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 15.197.142.173:443 jmtshirts.com tcp
US 15.197.142.173:443 jmtshirts.com tcp
US 15.197.142.173:443 jmtshirts.com tcp
US 15.197.142.173:443 jmtshirts.com tcp
US 15.197.142.173:443 jmtshirts.com tcp
US 15.197.142.173:443 jmtshirts.com tcp
US 15.197.142.173:443 jmtshirts.com tcp
US 15.197.142.173:443 jmtshirts.com tcp
US 15.197.142.173:443 jmtshirts.com tcp
US 15.197.142.173:443 jmtshirts.com tcp
US 3.33.152.147:443 jmtshirts.com tcp
US 3.33.152.147:443 jmtshirts.com tcp
US 3.33.152.147:443 jmtshirts.com tcp
US 3.33.152.147:443 jmtshirts.com tcp
US 3.33.152.147:443 jmtshirts.com tcp
US 3.33.152.147:443 jmtshirts.com tcp
US 3.33.152.147:443 jmtshirts.com tcp
US 3.33.152.147:443 jmtshirts.com tcp
US 3.33.152.147:443 jmtshirts.com tcp
US 3.33.152.147:443 jmtshirts.com tcp
US 3.33.152.147:443 jmtshirts.com tcp
US 3.33.152.147:443 jmtshirts.com tcp
US 15.197.142.173:443 jmtshirts.com tcp
US 15.197.142.173:443 jmtshirts.com tcp
US 15.197.142.173:443 jmtshirts.com tcp
US 15.197.142.173:443 jmtshirts.com tcp
US 15.197.142.173:443 jmtshirts.com tcp
US 15.197.142.173:443 jmtshirts.com tcp
US 15.197.142.173:443 jmtshirts.com tcp
US 15.197.142.173:443 jmtshirts.com tcp
US 15.197.142.173:443 jmtshirts.com tcp
US 15.197.142.173:443 jmtshirts.com tcp
US 15.197.142.173:443 jmtshirts.com tcp
US 15.197.142.173:443 jmtshirts.com tcp
US 3.33.152.147:443 jmtshirts.com tcp
US 3.33.152.147:443 jmtshirts.com tcp
US 3.33.152.147:443 jmtshirts.com tcp
US 3.33.152.147:443 jmtshirts.com tcp
US 3.33.152.147:443 jmtshirts.com tcp
US 3.33.152.147:443 jmtshirts.com tcp
US 3.33.152.147:443 jmtshirts.com tcp
US 3.33.152.147:443 jmtshirts.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab251F.tmp

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 56e9f94a8d3fee652c859a29190941f0
SHA1 9b3869549b4dfbeb07a2a1f15ec5c583443a1fde
SHA256 360597c79bec9c60821be518765ab528d513e6748499b2bb6903887dbdbb30e2
SHA512 59a7ca58320fa86b0b3840ffb8920c242b9e18bcfca1a576c5c8c6a0ca871ff645b0a24f45fa47739ccd8883cd893f7543d1a4c44b5fa7ed0b8402958b30c537

C:\Users\Admin\AppData\Local\Temp\Tar259F.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A

MD5 d4ae187b4574036c2d76b6df8a8c1a30
SHA1 b06f409fa14bab33cbaf4a37811b8740b624d9e5
SHA256 a2ce3a0fa7d2a833d1801e01ec48e35b70d84f3467cc9f8fab370386e13879c7
SHA512 1f44a360e8bb8ada22bc5bfe001f1babb4e72005a46bc2a94c33c4bd149ff256cce6f35d65ca4f7fc2a5b9e15494155449830d2809c8cf218d0b9196ec646b0c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar2637.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3ebe09ee0364f9567f849144c4f1c8f7
SHA1 2ae1d8323c933292ff0cd632a4aac8e9341d86f5
SHA256 c0074259556c5f003b8f57f06cc8a955fcbdb2a21be14f6c0a5d8edf5645c2b8
SHA512 b4b6b65662d94655e94f7b8c47821e45b7a5b8cdbd543d6361da5843684f0f8c667504a0632773336247a4633500ff62bb83337af0b87d584b948e6a1154e5e1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9e30c4d3cf1fc19e31e08456f2b2e97a
SHA1 3320d5c82092c3c7754bc169b5c4698a774f75e8
SHA256 c857eed6986c0d6b77d25a8b4d0687bf9b2fbc3299aacc35844fecd33e10a431
SHA512 793c9dfed43a941416d9efcf5d5a9823729534c4526522825dfe44f82291e9ae693aa0e8671e2ee1946c044fdb32822729ee92d2533ff925908c4a29966e909e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 27b77aebd104a24c76d60d57f091a53c
SHA1 1e44d68432f9289e29a6cbae72ac515d3911dcd9
SHA256 be4e518d55d40a0526056b3ea7b795cb1ddb81b74c66b8d5a626b3a71913e4ae
SHA512 3d7a8021ef9de4a28228f004b5d5d896c9b6267ab315d796f634938b6900d5d84ffbedf3a2f74683eee85b7be82eb220a58e269a47c2ba531e50b0c8f2748c44

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 48645e475e8633c0cafb8008af19006a
SHA1 1f32791cb17c6771bdc8a00968a8323b7379d076
SHA256 ed7a045c80de5453d2b13b078812556d4508069fee6d523c6b441413308cca0e
SHA512 8f2722f1eb92d4c45c2e4a2302160ae461dd06315b566f4ad5f30afa67fc6c36f2bde446551402d80180357b6cacd9e93249763d6d91d9fd8363ccae3e17fb9e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0bf832c4e1e1faaef1fbc7b053b44f04
SHA1 6bc4eb3098b473575b0229a58d89ab15000654fd
SHA256 7afe594beb7625b6387c63498c45e4bc17aff4fb4412fd2fa7213ea3dd0a2ed0
SHA512 60355b4cbfdf7bc86777d5aa0ffdff8bd235255e98ab4e8f73f06c95677d2a93aabb561ff8e59de806a8bf155a15f4c2f322aceb85d813480cf0ac4a829fed31

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4d59f690443599212f6268820f5cb11c
SHA1 d949619c5c1f9262dc2ca36a38c18533c778822f
SHA256 44d3f15cb7ece5e2a6a8f367dfe7777942ce1d8e8826fb382734abed5ea2a760
SHA512 332eab2ae1289755375b54204cd15e1c500eb581b7592967a56844a42b2bac1608d93a75b47c6fa366067404962cb12c0b9933cf2cf1991fdb423698ef198d4c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ed207de7a35081065470b4461de9c221
SHA1 3ed4b28f0192bd8f7c5f8ae59499b1d374d51b2c
SHA256 20f0722af8cbd87b93089e990159337729b3dccbebca2af68a8ab4ccc37e2665
SHA512 2bd376f1655b5ddcc9b4898de76f3971873c6e00e28f669f01c958243c80193e74546ea9ae82d2d0b9ac69688d5784e789d7837e784683a1d49b81eb7e945c90

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3953d5b8b7b577885ec49bf6d1b959f0
SHA1 9ce63e91f37642f42f19a95cef4cd03ef39f5f11
SHA256 5bb26ca8eac248cbdc08d41d69145e5c3c2cd72bf2a72c6251b603f1709720dc
SHA512 8121a9d623b10fcdd9e3846355fd34c5354ca52f399f5ed297b08b7a5426ba93f1a8de7c2e7224d8d0a89aa52943fe7b174b39e54fc611156e7444797b37d320

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4b66d71d61696aa8666080f1e1270399
SHA1 9945ce19703186d2b98425d27d29943d03099964
SHA256 9b5a32cac15928a371fc4a50a90c5f49f490d0a22b79b2954801dcef8fb56801
SHA512 5d63bcccc4e391843266870a6813d318b07638e5755fb2a125abf2259ba5bc05933ca4c5dda7a359d390a9d5ecc5149d28a48d9175fb22a782b15e23c2ac85af

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 96aa835cef33dede6f800d9517f03a88
SHA1 a6ccfd5f8b10c9df5ac28eeabc99e58277bae5f3
SHA256 65ed5201f649e84ccda958892eab0b5e8903910a46f590e14d943dedb3fecdbc
SHA512 1c6a380c42cf8fc077fc8bb97785504d6d7fb095ee80da270aa8cad3642fa528b088173c31c1dee1336d054c4b0c5e10adfeaf817a3e2436a394d5f2e637bedb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 09239cf295b5ddc1f3011c02778ba981
SHA1 77fd5f93579d56a963834467e1350f3442a22325
SHA256 9cf9577b74404f3d65aea33ebaaa66ad148de7f57c7f7187b5a7f1fd1301ecf2
SHA512 b3b39041a5bc5d3bc09917e5f17d6b7378c168fba40773b75cc5e1570cdbd0b248dd022b7bf1707f2e6c0cf299b7df497097249f0e3cb7e8612be5972628ccbd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b5cc93318d007e02cb42d12881af30bd
SHA1 1b162d718b78a32eac35e302fd206d7d5a6149db
SHA256 f7fa63308ce69b3abc7ae25c22fccda84dfec0507290068290851549e67849e3
SHA512 365efc09a68874e140768b52b07399a185c06cb464e4f1facf1f103df510d1dec794048ecea873531ea86d1b00eeda8d401993753caef3aeb171894ca4f30b4c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8731feb48e07c3077bb3acfc663ccda9
SHA1 d05b2caa56184203dbd1769109677ede783bf7c0
SHA256 e44949e4282507f2a5f5b6808108c602ae2cc20055a3aeee8a097b0ca0780c22
SHA512 5a83a20b68916aca8357aa1fdf1b98d9dfce9c9815ee8b8bf9a4813dc32ac2f32d0cc5ebb31f7df49f6f3b9facf06edef765577691a4b402e0e7479f6c98de75

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 259c0679a0c7fc647068833f4d328c89
SHA1 864ed7b09790ccdc4528f9c4e4f26f17140a3af8
SHA256 ecef90b7e763f20cb7ede49543fa0c4b2f16a1dcb212f6c680840b7f05bc8717
SHA512 e81dc389c0bdb6bff974d4880c16e1a523eec4916c8725895e2011ec046a5864b2016b920b9df874a07293349c32572028b5cb9f5875538e8710109b11e699b8

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-03 15:51

Reported

2024-06-03 15:54

Platform

win10v2004-20240508-en

Max time kernel

149s

Max time network

150s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\925616a8d5bcc0a90bcde0988b539f54_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1060 wrote to memory of 2284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1060 wrote to memory of 2284 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1060 wrote to memory of 1880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1060 wrote to memory of 1880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1060 wrote to memory of 1880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1060 wrote to memory of 1880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1060 wrote to memory of 1880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1060 wrote to memory of 1880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1060 wrote to memory of 1880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1060 wrote to memory of 1880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1060 wrote to memory of 1880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1060 wrote to memory of 1880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1060 wrote to memory of 1880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1060 wrote to memory of 1880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1060 wrote to memory of 1880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1060 wrote to memory of 1880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1060 wrote to memory of 1880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1060 wrote to memory of 1880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1060 wrote to memory of 1880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1060 wrote to memory of 1880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1060 wrote to memory of 1880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1060 wrote to memory of 1880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1060 wrote to memory of 1880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1060 wrote to memory of 1880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1060 wrote to memory of 1880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1060 wrote to memory of 1880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1060 wrote to memory of 1880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1060 wrote to memory of 1880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1060 wrote to memory of 1880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1060 wrote to memory of 1880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1060 wrote to memory of 1880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1060 wrote to memory of 1880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1060 wrote to memory of 1880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1060 wrote to memory of 1880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1060 wrote to memory of 1880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1060 wrote to memory of 1880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1060 wrote to memory of 1880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1060 wrote to memory of 1880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1060 wrote to memory of 1880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1060 wrote to memory of 1880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1060 wrote to memory of 1880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1060 wrote to memory of 1880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1060 wrote to memory of 4452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1060 wrote to memory of 4452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1060 wrote to memory of 4892 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1060 wrote to memory of 4892 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1060 wrote to memory of 4892 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1060 wrote to memory of 4892 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1060 wrote to memory of 4892 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1060 wrote to memory of 4892 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1060 wrote to memory of 4892 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1060 wrote to memory of 4892 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1060 wrote to memory of 4892 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1060 wrote to memory of 4892 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1060 wrote to memory of 4892 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1060 wrote to memory of 4892 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1060 wrote to memory of 4892 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1060 wrote to memory of 4892 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1060 wrote to memory of 4892 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1060 wrote to memory of 4892 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1060 wrote to memory of 4892 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1060 wrote to memory of 4892 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1060 wrote to memory of 4892 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1060 wrote to memory of 4892 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\925616a8d5bcc0a90bcde0988b539f54_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffddf2a46f8,0x7ffddf2a4708,0x7ffddf2a4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,17556974583645168637,7805560727605719075,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2292 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,17556974583645168637,7805560727605719075,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2344 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,17556974583645168637,7805560727605719075,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2620 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17556974583645168637,7805560727605719075,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17556974583645168637,7805560727605719075,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,17556974583645168637,7805560727605719075,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4928 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 jmtshirts.com udp
US 8.8.8.8:53 use.fontawesome.com udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 15.197.142.173:443 jmtshirts.com tcp
US 15.197.142.173:443 jmtshirts.com tcp
US 15.197.142.173:443 jmtshirts.com tcp
US 15.197.142.173:443 jmtshirts.com tcp
US 15.197.142.173:443 jmtshirts.com tcp
US 15.197.142.173:443 jmtshirts.com tcp
US 104.21.27.152:443 use.fontawesome.com tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 152.27.21.104.in-addr.arpa udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 3.33.152.147:443 jmtshirts.com tcp
US 3.33.152.147:443 jmtshirts.com tcp
US 3.33.152.147:443 jmtshirts.com tcp
US 3.33.152.147:443 jmtshirts.com tcp
US 3.33.152.147:443 jmtshirts.com tcp
US 3.33.152.147:443 jmtshirts.com tcp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 15.197.142.173:443 jmtshirts.com tcp
US 15.197.142.173:443 jmtshirts.com tcp
US 15.197.142.173:443 jmtshirts.com tcp
US 15.197.142.173:443 jmtshirts.com tcp
US 15.197.142.173:443 jmtshirts.com tcp
US 15.197.142.173:443 jmtshirts.com tcp
US 8.8.8.8:53 216.107.17.2.in-addr.arpa udp
US 3.33.152.147:443 jmtshirts.com tcp
US 3.33.152.147:443 jmtshirts.com tcp
US 3.33.152.147:443 jmtshirts.com tcp
US 3.33.152.147:443 jmtshirts.com tcp
US 3.33.152.147:443 jmtshirts.com tcp
US 3.33.152.147:443 jmtshirts.com tcp
US 52.111.229.43:443 tcp
US 15.197.142.173:443 jmtshirts.com tcp
US 15.197.142.173:443 jmtshirts.com tcp
US 15.197.142.173:443 jmtshirts.com tcp
US 15.197.142.173:443 jmtshirts.com tcp
US 15.197.142.173:443 jmtshirts.com tcp
US 15.197.142.173:443 jmtshirts.com tcp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 3.33.152.147:443 jmtshirts.com tcp
US 3.33.152.147:443 jmtshirts.com tcp
US 3.33.152.147:443 jmtshirts.com tcp
US 3.33.152.147:443 jmtshirts.com tcp
US 3.33.152.147:443 jmtshirts.com tcp
US 3.33.152.147:443 jmtshirts.com tcp
US 15.197.142.173:443 jmtshirts.com tcp
US 15.197.142.173:443 jmtshirts.com tcp
US 15.197.142.173:443 jmtshirts.com tcp
US 15.197.142.173:443 jmtshirts.com tcp
US 15.197.142.173:443 jmtshirts.com tcp
US 15.197.142.173:443 jmtshirts.com tcp
US 104.21.27.152:443 use.fontawesome.com tcp
US 3.33.152.147:443 jmtshirts.com tcp
US 3.33.152.147:443 jmtshirts.com tcp
US 3.33.152.147:443 jmtshirts.com tcp
US 3.33.152.147:443 jmtshirts.com tcp
US 3.33.152.147:443 jmtshirts.com tcp
US 3.33.152.147:443 jmtshirts.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 612a6c4247ef652299b376221c984213
SHA1 d306f3b16bde39708aa862aee372345feb559750
SHA256 9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a
SHA512 34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

\??\pipe\LOCAL\crashpad_1060_EULQXUZWONLXAIYA

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 56641592f6e69f5f5fb06f2319384490
SHA1 6a86be42e2c6d26b7830ad9f4e2627995fd91069
SHA256 02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455
SHA512 c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ad82f3fbd2e986e8df80b566974afea2
SHA1 35769974f803b75d1a9d892f2972077b3a5a1ad5
SHA256 bbe5c241ba9c09c968c27d7cbfdc8273c5e1351bdc046c36337c9e863048fa8c
SHA512 fc39c262b95e56fa562647df0fd0b941996ac4221fe2fbfb0797ba17a61911dc01ba5d58014672adfcef7e728051e75a974798db6e7b5316752188816398deee

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b1c70c92b1e5065dd2f0caef6d9ba165
SHA1 bc61f68bdfa5316fe4417393f1f60d2ecab9da4e
SHA256 376171861561dcedf0bc881e70ac371710c0f6a5a55bbf67ebbb7eb3aabbdf5d
SHA512 efe0b566acc937187e1cdd9b251ced87a09b89540be33c17eefcdc328addd44d398b68f67013491848e94f711d58392f0fd5377c4b0d5da45d9089b91385bad8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e68729d786c225d90ba8069e9b10ab2c
SHA1 1db3ac111afb6f921428507fa15d0ef90b30207f
SHA256 458cfb8fffd1991960005689ac546db03c49cf5fa419870cc3c5a6b7cb6e5107
SHA512 99cc93826e6290ae52e744c804045af887454fef9e5bd0010446e64906ecf32c8a3fe55bf6f33f48d23107ad128c8fbe61d5b28c22b96dfdd6e45b0a628cab6a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 367ae642c627cfc0182505d8e97039e2
SHA1 a8208977d9f1107b5adffdd02255f434aac43769
SHA256 2ed8da8eed230b51a786c7f2d218885b52fc3c42d1e60020bad08870a058d8d9
SHA512 4fe0de8f0d80ed5e6b1563517523c426f7c976fe17205d89b03db562515ef48adf93fcbe2c785642ddc6e82cb3ae25b0d4212e3fa86bd9d6f14f5803610aea8b