Malware Analysis Report

2024-09-09 16:53

Sample ID 240612-ygeeksxfje
Target a20b751ed4c9deed042a947e6e02f7ee_JaffaCakes118
SHA256 296af0a56a85030b495915ff8be02009aa10a6bd0127af99de558790aee7e24c
Tags
ramnit banker spyware stealer trojan upx worm
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

296af0a56a85030b495915ff8be02009aa10a6bd0127af99de558790aee7e24c

Threat Level: Known bad

The file a20b751ed4c9deed042a947e6e02f7ee_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

ramnit banker spyware stealer trojan upx worm

Ramnit

UPX packed file

Loads dropped DLL

Executes dropped EXE

Drops file in Windows directory

Drops file in Program Files directory

Enumerates physical storage devices

Enumerates system info in registry

Suspicious use of FindShellTrayWindow

Modifies Internet Explorer settings

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

MITRE ATT&CK Matrix V13

Analysis: static1

Detonation Overview

Reported

2024-06-12 19:45

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-12 19:45

Reported

2024-06-12 19:47

Platform

win7-20240611-en

Max time kernel

118s

Max time network

127s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a20b751ed4c9deed042a947e6e02f7ee_JaffaCakes118.html

Signatures

Ramnit

trojan spyware stealer worm banker ramnit

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Microsoft\px2127.tmp C:\Users\Admin\AppData\Local\Temp\svchost.exe N/A
File created C:\Program Files (x86)\Microsoft\DesktopLayer.exe C:\Users\Admin\AppData\Local\Temp\svchost.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\DesktopLayer.exe C:\Users\Admin\AppData\Local\Temp\svchost.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Downloaded Program Files\SET345B.tmp C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened for modification C:\Windows\INF\setupapi.app.log C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened for modification C:\Windows\Downloaded Program Files\SET29EE.tmp C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File created C:\Windows\Downloaded Program Files\SET29EE.tmp C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened for modification C:\Windows\Downloaded Program Files\swflash64.inf C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened for modification C:\Windows\Downloaded Program Files\SET2F4B.tmp C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File created C:\Windows\Downloaded Program Files\SET2F4B.tmp C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened for modification C:\Windows\Downloaded Program Files\SET345B.tmp C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Enumerates physical storage devices

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff5600000000000000dc04000065020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff00000000000000008604000065020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{45F7F501-28F4-11EF-B9DB-4A2B752F9250} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff6f00000019000000f50400007e020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 004e720e01bdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb8100000000020000000000106600000001000020000000ee4a2ebbee889dfdfbe5fe1b0bb8463c6f8d8c55cf1c849ab38ed6e5e7b93903000000000e80000000020000200000001a1d819c2ff1b23014bbf293d910de77d0910a48f0404f3658719c0f2f474c4690000000d3dab3af5880bc69ff671f21d275e6a1297eb9b770db76d5eec7d32b35d95064f51933ba561cf200aa933923aac9a2b56ac63fe619ef72a3b20fe5df375ad159120a61e6e4960aa6410f7d549e562d0ef90ead0cabe5a34ad133bc32c1a7585930730b51b62a5b3c96baf5220442614eb35c083596f81c533fd8adb44bae2155a4a798fb3e14ea2c17c5ff17969c612e4000000043c411ca0ed272c119b7f0f105766434b929f7d59a432d8511cfb2d6f3aa12521c61bbb6551d84f0f3d212923603015cccfd00f9aab9ea329262ef4484821497 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424383376" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb81000000000200000000001066000000010000200000006ac1b535072a01f944136548dca21c77ae8e7fe535cf806694f441db5b7912ca000000000e800000000200002000000040beda80ce99c6414570f332a4970d49dde1bf7de203318c513c565cd02e8152200000000e221e4b4f5d4c866bacb19c84b914014cf8d35f62b655d8a82aba1d1bb2dca1400000006226624f5d04b99556ba1cb28020523b5547c0fd8ede4fb8f6a776924a71dcd48ef91474471a7ab221cc37f990a7b49e3f65b82273e84c064c57aeb5b950eab5 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeRestorePrivilege N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Token: SeRestorePrivilege N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Token: SeRestorePrivilege N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Token: SeRestorePrivilege N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Token: SeRestorePrivilege N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Token: SeRestorePrivilege N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Token: SeRestorePrivilege N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1936 wrote to memory of 1512 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1936 wrote to memory of 1512 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1936 wrote to memory of 1512 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1936 wrote to memory of 1512 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1512 wrote to memory of 2656 N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Users\Admin\AppData\Local\Temp\svchost.exe
PID 1512 wrote to memory of 2656 N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Users\Admin\AppData\Local\Temp\svchost.exe
PID 1512 wrote to memory of 2656 N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Users\Admin\AppData\Local\Temp\svchost.exe
PID 1512 wrote to memory of 2656 N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Users\Admin\AppData\Local\Temp\svchost.exe
PID 2656 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\svchost.exe C:\Program Files (x86)\Microsoft\DesktopLayer.exe
PID 2656 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\svchost.exe C:\Program Files (x86)\Microsoft\DesktopLayer.exe
PID 2656 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\svchost.exe C:\Program Files (x86)\Microsoft\DesktopLayer.exe
PID 2656 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\svchost.exe C:\Program Files (x86)\Microsoft\DesktopLayer.exe
PID 2568 wrote to memory of 2164 N/A C:\Program Files (x86)\Microsoft\DesktopLayer.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2568 wrote to memory of 2164 N/A C:\Program Files (x86)\Microsoft\DesktopLayer.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2568 wrote to memory of 2164 N/A C:\Program Files (x86)\Microsoft\DesktopLayer.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2568 wrote to memory of 2164 N/A C:\Program Files (x86)\Microsoft\DesktopLayer.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1936 wrote to memory of 2616 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1936 wrote to memory of 2616 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1936 wrote to memory of 2616 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1936 wrote to memory of 2616 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1512 wrote to memory of 2840 N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe
PID 1512 wrote to memory of 2840 N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe
PID 1512 wrote to memory of 2840 N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe
PID 1512 wrote to memory of 2840 N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe
PID 1512 wrote to memory of 2840 N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe
PID 1512 wrote to memory of 2840 N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe
PID 1512 wrote to memory of 2840 N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe
PID 2840 wrote to memory of 1516 N/A C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2840 wrote to memory of 1516 N/A C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2840 wrote to memory of 1516 N/A C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2840 wrote to memory of 1516 N/A C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1936 wrote to memory of 1576 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1936 wrote to memory of 1576 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1936 wrote to memory of 1576 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1936 wrote to memory of 1576 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1512 wrote to memory of 2520 N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Users\Admin\AppData\Local\Temp\ICD2.tmp\FP_AX_CAB_INSTALLER64.exe
PID 1512 wrote to memory of 2520 N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Users\Admin\AppData\Local\Temp\ICD2.tmp\FP_AX_CAB_INSTALLER64.exe
PID 1512 wrote to memory of 2520 N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Users\Admin\AppData\Local\Temp\ICD2.tmp\FP_AX_CAB_INSTALLER64.exe
PID 1512 wrote to memory of 2520 N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Users\Admin\AppData\Local\Temp\ICD2.tmp\FP_AX_CAB_INSTALLER64.exe
PID 1512 wrote to memory of 2520 N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Users\Admin\AppData\Local\Temp\ICD2.tmp\FP_AX_CAB_INSTALLER64.exe
PID 1512 wrote to memory of 2520 N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Users\Admin\AppData\Local\Temp\ICD2.tmp\FP_AX_CAB_INSTALLER64.exe
PID 1512 wrote to memory of 2520 N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Users\Admin\AppData\Local\Temp\ICD2.tmp\FP_AX_CAB_INSTALLER64.exe
PID 2520 wrote to memory of 712 N/A C:\Users\Admin\AppData\Local\Temp\ICD2.tmp\FP_AX_CAB_INSTALLER64.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2520 wrote to memory of 712 N/A C:\Users\Admin\AppData\Local\Temp\ICD2.tmp\FP_AX_CAB_INSTALLER64.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2520 wrote to memory of 712 N/A C:\Users\Admin\AppData\Local\Temp\ICD2.tmp\FP_AX_CAB_INSTALLER64.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2520 wrote to memory of 712 N/A C:\Users\Admin\AppData\Local\Temp\ICD2.tmp\FP_AX_CAB_INSTALLER64.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1936 wrote to memory of 1480 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1936 wrote to memory of 1480 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1936 wrote to memory of 1480 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1936 wrote to memory of 1480 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1512 wrote to memory of 1980 N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Users\Admin\AppData\Local\Temp\ICD3.tmp\FP_AX_CAB_INSTALLER64.exe
PID 1512 wrote to memory of 1980 N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Users\Admin\AppData\Local\Temp\ICD3.tmp\FP_AX_CAB_INSTALLER64.exe
PID 1512 wrote to memory of 1980 N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Users\Admin\AppData\Local\Temp\ICD3.tmp\FP_AX_CAB_INSTALLER64.exe
PID 1512 wrote to memory of 1980 N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Users\Admin\AppData\Local\Temp\ICD3.tmp\FP_AX_CAB_INSTALLER64.exe
PID 1512 wrote to memory of 1980 N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Users\Admin\AppData\Local\Temp\ICD3.tmp\FP_AX_CAB_INSTALLER64.exe
PID 1512 wrote to memory of 1980 N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Users\Admin\AppData\Local\Temp\ICD3.tmp\FP_AX_CAB_INSTALLER64.exe
PID 1512 wrote to memory of 1980 N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Users\Admin\AppData\Local\Temp\ICD3.tmp\FP_AX_CAB_INSTALLER64.exe
PID 1980 wrote to memory of 952 N/A C:\Users\Admin\AppData\Local\Temp\ICD3.tmp\FP_AX_CAB_INSTALLER64.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1980 wrote to memory of 952 N/A C:\Users\Admin\AppData\Local\Temp\ICD3.tmp\FP_AX_CAB_INSTALLER64.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1980 wrote to memory of 952 N/A C:\Users\Admin\AppData\Local\Temp\ICD3.tmp\FP_AX_CAB_INSTALLER64.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1980 wrote to memory of 952 N/A C:\Users\Admin\AppData\Local\Temp\ICD3.tmp\FP_AX_CAB_INSTALLER64.exe C:\Program Files\Internet Explorer\iexplore.exe

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a20b751ed4c9deed042a947e6e02f7ee_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1936 CREDAT:275457 /prefetch:2

C:\Users\Admin\AppData\Local\Temp\svchost.exe

"C:\Users\Admin\AppData\Local\Temp\svchost.exe"

C:\Program Files (x86)\Microsoft\DesktopLayer.exe

"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1936 CREDAT:275465 /prefetch:2

C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe

C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://get3.adobe.com/flashplayer/update/activex

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1936 CREDAT:275473 /prefetch:2

C:\Users\Admin\AppData\Local\Temp\ICD2.tmp\FP_AX_CAB_INSTALLER64.exe

C:\Users\Admin\AppData\Local\Temp\ICD2.tmp\FP_AX_CAB_INSTALLER64.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://get3.adobe.com/flashplayer/update/activex

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1936 CREDAT:275478 /prefetch:2

C:\Users\Admin\AppData\Local\Temp\ICD3.tmp\FP_AX_CAB_INSTALLER64.exe

C:\Users\Admin\AppData\Local\Temp\ICD3.tmp\FP_AX_CAB_INSTALLER64.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://get3.adobe.com/flashplayer/update/activex

Network

Country Destination Domain Proto
US 8.8.8.8:53 zzz.8187859.com udp
US 8.8.8.8:53 download.macromedia.com udp
FR 23.40.1.37:80 download.macromedia.com tcp
FR 23.40.1.37:80 download.macromedia.com tcp
US 8.8.8.8:53 api.bing.com udp
US 8.8.8.8:53 fpdownload2.macromedia.com udp
US 2.17.251.5:80 fpdownload2.macromedia.com tcp
US 2.17.251.5:80 fpdownload2.macromedia.com tcp
US 8.8.8.8:53 get3.adobe.com udp
BE 2.17.196.177:443 get3.adobe.com tcp
BE 2.17.196.177:443 get3.adobe.com tcp
BE 2.17.196.177:443 get3.adobe.com tcp
BE 2.17.196.177:443 get3.adobe.com tcp
BE 2.17.196.177:443 get3.adobe.com tcp
BE 2.17.196.177:443 get3.adobe.com tcp
BE 2.17.196.177:443 get3.adobe.com tcp
BE 2.17.196.177:443 get3.adobe.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

\Users\Admin\AppData\Local\Temp\svchost.exe

MD5 ff5e1f27193ce51eec318714ef038bef
SHA1 b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6
SHA256 fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320
SHA512 c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

memory/2656-9-0x0000000000230000-0x000000000023F000-memory.dmp

memory/2656-8-0x0000000000400000-0x000000000042E000-memory.dmp

memory/2568-18-0x0000000000400000-0x000000000042E000-memory.dmp

memory/2568-17-0x0000000000400000-0x000000000042E000-memory.dmp

memory/2568-16-0x0000000000240000-0x0000000000241000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Cab24B2.tmp

MD5 2d3dcf90f6c99f47e7593ea250c9e749
SHA1 51be82be4a272669983313565b4940d4b1385237
SHA256 8714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4
SHA512 9c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5

C:\Users\Admin\AppData\Local\Temp\Tar2729.tmp

MD5 7186ad693b8ad9444401bd9bcd2217c2
SHA1 5c28ca10a650f6026b0df4737078fa4197f3bac1
SHA256 9a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed
SHA512 135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FY3LN490\swflash[1].cab

MD5 b3e138191eeca0adcc05cb90bb4c76ff
SHA1 2d83b50b5992540e2150dfcaddd10f7c67633d2c
SHA256 eea074db3f86fed73a36d9e6c734af8080a4d2364e817eecd5cb37cb9ec9dc0b
SHA512 82b4c76201697d7d25f2e4f454aa0dd8d548cdfd3ebfa0dd91845536f74f470e57d66a73750c56409510d787ee2483839f799fef5d5a77972cd4435a157a21a4

C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\swflash64.inf

MD5 60c0b6143a14467a24e31e887954763f
SHA1 77644b4640740ac85fbb201dbc14e5dccdad33ed
SHA256 97ac49c33b06efc45061441a392a55f04548ee47dc48aa8a916de8d13dabec58
SHA512 7032669715c068de67d85d5d00f201ee84bb6edac895559b2a248509024d6ce07c0494835c8ee802dbdbe1bc0b1fb7f4a07417ef864c04ebfaa556663dfd7c7f

\Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe

MD5 47f240e7f969bc507334f79b42b3b718
SHA1 8ec5c3294b3854a32636529d73a5f070d5bcf627
SHA256 c8c8cff5dc0a3f205e59f0bbfe30b6ade490c10b9ecc7043f264ec67ef9b6a11
SHA512 10999161970b874db326becd51d5917f17fece7021e27b2c2dfbee42cb4e992c4d5dbeac41093a345ad098c884f6937aa941ec76fb0c9587e9470405ecb67161

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 290bda31590198006c49969a9788a815
SHA1 596552281f2b739e4c56f2adace90d1c7ef0e8f6
SHA256 4e4908528bace173c463f7f1d608c6ed6483dd647b61e5794fa1574722b261bf
SHA512 6973c253b1e085dcc90b1666f32ebc28b10e6d5eab8852943bd3f197910731097f57d3aad6b2ed31f3b231eafde045d6e7a4e6bd6ed20bcd4b32c001d5454455

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 36db9171bf5c6a97a774e59bc696d876
SHA1 3b2a252c6a424b29f78b17c388adff544ad0e416
SHA256 15ff77cca1cf9a2d23e6635e1b4e275d94136a375a014bf189379f5581356ac9
SHA512 627899abd6b5ce2165298eced4b5ed2f0886fd0f3e0bb1d851a2ae03270b4e1b527a477afe20cbde47bf7209c38afcbf91835bc8a7acfae04d95088718f9488f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6aeb3ae3527dc25c0ee431d5ece73ccc
SHA1 e10c1e27aabd5dfd5f36b09050c3503c8a7b810b
SHA256 28ab388ef28a9ac19bbc18311ecf16d1c7fc765ad7359c24a3a93379962f2b9e
SHA512 342ebb9c4979b77adeb8c7a7dd477dfc31223938922c467a6719c13aff4ad908f1d706dd9c0a628c7bc867ec7c162a7f4680dcc63f25fbc2054b9f8c97ff122f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 85f2be9f8a0305cd412e4734d442ea4e
SHA1 caa374cdf62f9917e07ba92561a97f5900ea3935
SHA256 c89fd85f16ca8b6ff401af6c87a5a7508b0fba24d5d7ea479ac9776c6d304c97
SHA512 72ff318f4dead27319160ef0fa37d63f0a0270c8b6b9e54b113e398a491fe6ff1868e686e0815167ff8628039e738d80bff80e73e7338c7ee751820111057be0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fad9323d0677d7cb1dbb9fb9b712a005
SHA1 197013be1c15563b9f5d5f60f1b89cbf228ad363
SHA256 e7983b872dea42a6f8fbde4f669f65047001ee0e5369658d874d774987a561dd
SHA512 aeede341bf161567b004c6b39e4b283834aa1de1ad24f41e302b8ee4de26323ccfdc863c88824b3c56be40c839b2fbea19052c488c0a3c6b33e8923bf68f2f00

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 412360aeba0ec5c8736e36489c1712ab
SHA1 0a68ad2c1ef51724e9e72b020b773c3c07d9c1ca
SHA256 6acd4e752d63ecbba4f5f69f218d5ca595c2372c254b89de512cc97d6352bcb8
SHA512 f79f04bc1a24b60833561adcef1baeb4eb06a6507fd9e14a787f238e1df41cd50a8c859cb5bd38acecbf02c17b9de94faec4b5a07fab693b1644d8aa53345b27

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 de7121ffc5744ed2fdf7d37b48669eef
SHA1 80cb51b33b54d5889219788d7c5b713a16756127
SHA256 f2906c00d2e6a0be93ebd93c90438e38069e6de2a932fdb542d1b01d52947bb1
SHA512 ae22546afd634384b4d21a9afdff295657b16bde0fcee1be4207e8b214223e9938f4d4462b04b23d353780cc361c139d5d61c68747a9a482a2a1077268c2446d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a1bb67b75a5e9942c5e68cc2cb8af130
SHA1 a5c0b842c37524a77883a18752dae9ac06efe998
SHA256 34efa9bfe1a6448c52b8c4e87ff51b8145b97049547ff38a4064fac8f81e2d98
SHA512 4e8f0dee16dbf555e754235bb901b58b025007fbc593af8fa68f06d7572fc673341208dbacb7beab1b014eaf2ab863de500dca38d9409796c70a78d4191ffe1a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a5f294bd3eb28617414c637978bf5743
SHA1 6f04a10672ccf8e97c26c4b3bcf761362b703c02
SHA256 f5d3885b5c3edae826ed4d3de8d45fa9320ec166dc48ebeaed67e496b0f0f85b
SHA512 8f178b7424f7af1edf139a492c79d3b3f0e594ca295a323353e0eefbfd55a98e07a3e31cd725058038d6b9675f5c3e48f7435e1970045dcbe113694eb8f761b4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1a906c6e791a48b346b62a5d20c093e3
SHA1 4dee411daee060ba3ba18e67d90744071c431c59
SHA256 44ddba6347655e8f40989fa99ff77e5cfcf6219e63615785ab0a8eade8f68790
SHA512 97edd1b56df624ea42dc71a28c57733c91a8776fccebb67810300ac7fdbb4ac3bf9c77107a8868c42ec60569f799ef55a71e70af4ecff0b360892a3ea5f644d3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1fc154fe192825b8411a8bd46e2e529d
SHA1 d63086e3a13f2f6f350025e21dd032243b7fec26
SHA256 6280da7860b9db17d67d6addcd09e0e652f81fd400e4833b2a966b05d29c040e
SHA512 4f643a4cfadd4bf8b25debdf9073e3fcacbd18b9a99c57e3e2b8ba46c0dd31234e03b37275f05f89e0173621ac6562e616131f1eab3809e897563c95644319e0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f01a75c650cc3494f2b69eac7f256eb9
SHA1 7cf255558e1d331a6207027703afbb86c3bbcdae
SHA256 1a2fbe850ebec06837668d73c1119cf7cdb4d115a406e22c5b15e1f16c906be4
SHA512 3cd30ffa83e0127bf45f93a594056ed917fef9a867570116f33d8be33298a9dc4255fc5fc4eb0ea9018bd58fdfcff0b070108fd127edb450c0a4ab8075e4880b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 161dfb371f9360c37d461957557d7461
SHA1 f301c0d50df30f06265e4bb126b1b1b5078ff301
SHA256 57db17515ae699328a8f1ff7f9bb24a092e0fdae52398678478e811fb7aa4c07
SHA512 3f6f5d826becbbe1ca9812468f1f2784bb1becddbacd05b0f5f55c5a44a1e277577a97516d7ba48bb0c8cc8bcd0d4a7c82db31a3d321aff39356003b5ec87772

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2dbd5a6c563eb4ec2c7349c7c4311d8a
SHA1 42b1d1d5c549294dcbf4bafae2ac7776b55801d3
SHA256 0b979b72a4f9d974e4a2ac647e053532851218a47bf468d46027ef8c451e42d4
SHA512 9780bf084b8c1899d2fe480a415ce4a36c7f7b2d7ec66cdc509309e8f3a9ea8b754230157dc1ef7b3e095ef53f7e3742a82ca1d62f63aafdf41974e732ebcaed

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a8a2498b3745d998be4cc7b38d327d80
SHA1 79d033deba180fd3a986d38c97e62a0a650bd5d3
SHA256 973cfd11c663f0edc25c0afc41b4c317e010b913783f2e2602a38149d7c663e1
SHA512 e0a6a1325d597203178ca303aa46e4f013c5038e9fc540cb6429a96633dbacf2002220aeeca52464368053eda81168ca97214a235c3daf1e6944b86a36783bf5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bc92571c613e7313a4b520d47c500d89
SHA1 0e8387b35e9f6cd101fa7b2e1181ebdb88338715
SHA256 b59ca4ef39d402a39b21251e05ff2c3a0189e23bf5afcfc2f57a640722c7afea
SHA512 2fb2e7de49869363cbb84ecdf51bfb5436692076543952057bf21a95f268b8a078c79954356166492abccb1e9b27ab7dbfcf83930fc93abfc4f4125ffeb5af7c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 41c0debe862fc7a90580663edebba816
SHA1 f69772cae5a102f2b8589fd9c5e8dcb5e8e509bd
SHA256 cf68d4236298994c8a9444e9812b9c9b06d17de9c01757375c6e37011378526d
SHA512 a24cbc24081e81f645c08d675df40fd65c2bd55fb196661a6f7d4ebcb43c78d04ffb88e7c93c111790f35138ee311fcee66ed5d5d11b6d6aabcb3a8d370924ea

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8555aaf7ebdd1eccff983c318ba0f098
SHA1 64c652fbde42309ba8e2c916d47487eb9ea0f861
SHA256 f76d3c0569bf6cdbbd3484e634f59a1a4ac190fd4bab9d3ab64702da8c4df587
SHA512 862da23e7b84f7bb6a7207ab59b42c7a01b828735b072395f7bcc2b4398b937f40c57d4add348b4dd3655c81f82af9bc35e2c488598e51b545e7cbf216ba2154

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6186d1a6e910cfe81a23f26b553f5daa
SHA1 c5afd5c2e5bbacaed97d0de5875044c876cd7671
SHA256 4d67f9eb4a859ab6fd59eee410cbc632e3e3897e5137eda962939e16ea3b9284
SHA512 c6a496957531ca64dd740f21efaeed8469dab51b1631ba6256c99c19e670528b731635bcf8a5299a570ae91b391f181eb66b57dd8d2404e7057dbc4ff55f810a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0a7ded23f29cb6feefab12633bc7294f
SHA1 aa35974e4cb236dacc2c541c3dd4d3b67516dcad
SHA256 defad2cd119729316de147d599cd3679d306afb40fcad3b5e2d2d116c9e5ab95
SHA512 8457504e6e1e017473702d1aa5516f2d24ffec8096162a02e8e7feeed62a68705fdaaabf4113f6c08880df3373fe22414b28ec8035742f47c86a481afbbeb5c4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4524075e82290523f07f0941aa985708
SHA1 f34dc85fc8f4e99714c9350589bdaa75cd1a6ef7
SHA256 1eb29e4aa19240e221b82d865e6a8528582400b06faaf9900b06566d294c172e
SHA512 7d647527baa1adeba540c6769847b69c30df50b962208e6a6a373b97e18cf76e3a41a3bd7ff9a40bb1cfcfce3bef9f2ae657b5b8ee58d057811e6ad419f5d6be

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 457ec920a8bd7a65b9f2c3db1a51d75c
SHA1 bb258dcdea62eafe4fb670997723d010eded20cb
SHA256 955b54d2ddb5dcfd1d446434fba07d1baf01e0a3f13d05819719ac5b6d9f370a
SHA512 ca585d4ac20b7fd7746ab74608c86d25d75c3502dec097ec41d19a1a403174d62cdc62358e9f6459bb378632a0470bee24486ad1912a9f2db5ed54631ff88ca2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fbf8042614685d1e8192723368e5dcb1
SHA1 8b6b7fe6ff52cd08786fa68b7f3e876df41182f9
SHA256 6f800b52b4d01ab29b171ae4e877ef345ee1d17385d0dc4f31cfa0443d4d7879
SHA512 4476c9781474c37d4f710d02053948e673155870d3a2d51b8b3822a698279fb8bb458ab49abf107e28038cf9cf46e2a8f6ebc341a4cb28ab4d4974139ce6c158

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 83ec74eb1dae1bc4e0f8103387d46fdc
SHA1 75462339528d3b176ec99fbd2e24ebd613b59c86
SHA256 e1d4d8ce918038cd8a915d345f6704ed2fb924d7c7d69bd5f4b714f791dc7c3f
SHA512 8e93fe82e5c8d1b4d9a007ec32115bf5172ae28696c6f8192febab0dd3cddad1a3647158a6727efae765bc1f8b7c3a57e0ea3f53b11fea1125159ed4779531ae

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ea0aab1824b2bd50ca05ba54be6d6f46
SHA1 580f33e5036f1b5c54df44bcfe1ee33fc20e9c91
SHA256 d91906b8ae1250b73a6f28c135c9b478737e9088e1d57f59cff669cc9974bf14
SHA512 37ad7a7c246cec5b835545b195855fd3f86b12f8f72aa9cb72ce20133c55244a9189ecbccc44b9085c7e61d8b87a32427fb8fbbc2f9ae00639f19c16aa57bb75

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 61a381aec34830af7d830d9360aacb0c
SHA1 48b6c5d11328087d0d011ba731767f79c4d4d7af
SHA256 6abe432ca8dff49b7356447fe4ea8e4b8a537386cf122557abfaa53a3c620ae8
SHA512 252a1dc200a59526b051039311e8390cc09c3e521094e51c7c40252daaf3d4c68fb6caec3cb0ce15637758e17b1b63a1e1515a9fffb6a3ca0db965454e2a075c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e6234eac5c2fd59e8b8ad67e33db6d00
SHA1 8e5c715f80999000f6edf85f48a906fc1a76bd3b
SHA256 7f82337be8e5500612a2b749dca66a9e30ecf8fc7f38862704e742f88ce32e2f
SHA512 22289125bc0e62ac2055af54c0c0f0c4ee5c8239a9f50a44c6bc67dca2470de2e95f3b73886421655e5fe844fa894302ddaba6cc4ff259a1a53f1b5f56e01435

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6b676c491d96409fba588ecfbc0e04d2
SHA1 eb16caef09a463b0451a65efaa4d6713d49fa0b6
SHA256 78c1055558da6e57e0a22e35f84bd8b75029e81e4c6a58c5f322b7b1ff224db5
SHA512 e279a0474617f7d4b16c830565b30dc0ff124576178205f785e655152d0c13304fa4c99c27e48d7059568d0b9d8921392e017a6420a14d8722d48f7ec969119d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e0ee8d283cb9b6fa705be82c7b142693
SHA1 c4fcc10cde736372da7aa9c240d4c32c7833a19d
SHA256 f3a41116b71a88b2bf46718b79739f1258ecfdb849f7689e6a0161fa06953832
SHA512 d178674b9afd95cd17cf8e721e6e531928e6c19f7d56e1dbf56ba7c2f44440294918a10377b979208dd9f320ed98b5f8e5e4449fa879a8499fdffaee5b5a14cd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4bc19b9836641f969ae84f13eb158f80
SHA1 82cb46623d08ccd2fcf3c37b5e24206783d07ddc
SHA256 02450856244157941a471e6034160fe58440a1ea6cdd29d07e6c00700396b28d
SHA512 0f79ce36e9cec33f7d2fe48dbb1bce7e76c1f3cf5db73db795b3ad82a6ec5c3073b8606e20d8bf69b64a9f5bdbd03ab2a1a6db628cf421831e4c1bb19be43de5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f49e4554d013e123ab431e06e9432630
SHA1 06e64951c0b330e728cf772d4e10b7288735992e
SHA256 76004806ebdcde67456d70c3d9c22c9d746034b94690a3cb96877960172bd93b
SHA512 57e7c7fcce36949f9dd2979de39b68237523fe9911656ce53c048ee87481199a9423a3d59570222d7b8e90817dd1f732c74393f471ef64d75a48c2004069860c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 96f204a75bf7eb49880ceecf88517721
SHA1 546fbf53a03673ca658e25d570df848fd7977427
SHA256 9fe5f6412dfae9adfbde32a14454853f0d92c26eca2e1e5c66d4732ba665004f
SHA512 7470a3c86fd3b136836f3dde6c6386b1ce95f44fad902174c02aa622afbf52d6c5cbf32b9b22383e7287d9844df0cb6bfe2d038ace75eb86c2a64000177b11b8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dd77b03b350700aedcbbac4872c75ed2
SHA1 f97d93e2660f0d45a96e16aaf9119bc87e4df036
SHA256 ccb2c8b2960c82eea3119ee57b4fb159b99f9faad535cefefe095a5b4d92a4bd
SHA512 ec276424886561181ad98945a4d6f9dd85c9994d27435261afaf90dc4f8ce1edbf3814ad0aa05f7853bd3c1a45a834e6a4d083ef10ea6f01aaeaca9c5ff02469

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8c4733c08ff792ff05b1a4bb60563714
SHA1 44e9e4542f62fa6b7202b6372d22affb20a795cd
SHA256 72158eb5fadd846cfe7848b199c81b0eccee7704354c52b4e83590b04e36b52b
SHA512 7b638fb16b9c8afbc32298509423b539c4f5d279852c16ad12f49b834fbb76f808be77b8d183fb633652c16acadbefd18b0402736ec2a432ff5e12b8d4e6313f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d39bbbabc65d537d88096695c9cfb02e
SHA1 08b4fce498d449da273f8291189fd17a12c852d1
SHA256 6ac5eb7d1b8a0d4f6f467a981f669503dd81454c9f7023ce58d5d0ceaa2080bc
SHA512 ecfd15c433f47e4bade5a12b95ff31971236501b010fc02471091125d023546b30090b78a4bcbec7480b9cd17f633b9f3b33b3ab98173a1dafd5517b38cd864b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 407deb1d7c8ff5d11d8c92ebdeffa425
SHA1 c33697df5605ed34186ae58d0f5a4fe7349e1378
SHA256 00daf2e89e1dfc0e5a7b5b65eb90f09d43f0b640e1f5c83ba764f5eaa32f3c40
SHA512 ee7ba3d0367507bf6fe3a2e4b73cba8147d6fee69646d94b2d084071da57d43578f1fdb34b36b08ba8feb4e637d2e3bc4d3b96ee291aff7b8064a5af7583eca2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e5925e45ab20a7f455a298440ca44519
SHA1 ba6558e55fae3a1d5d7d822a9cb80a72082cc915
SHA256 34d97e1b386349e186fcddae6f9548ecccddb8db9a16f4f1a613ff8e1118f8d4
SHA512 0e34a9f92afa7eed04a81a3646ef89f7a19345fc2c67f6a43804143491ab91fee3e80b4a5051a5413c5df398d64271867ce87455dec9a56ae123639169d2e499

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a4f5bceccf0701ec9e9c8d5b72aba46a
SHA1 1ae22d14663e1c8427e6e74d53160dd971296362
SHA256 dfa4c5dd4938630957e004673922c99df1cc35c2e04638194a27c320332a4b91
SHA512 603f81dd98d26d5872d94ebb82fc401bdd20c7bb1ea6b44aeb0d1e047dda1c50d45d7a6696767bda58b1be8010f00d359d14826139b53404f9066161cc3fd05d

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-12 19:45

Reported

2024-06-12 19:47

Platform

win10v2004-20240508-en

Max time kernel

145s

Max time network

124s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a20b751ed4c9deed042a947e6e02f7ee_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4640 wrote to memory of 4804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4640 wrote to memory of 4804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4640 wrote to memory of 4772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4640 wrote to memory of 4772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4640 wrote to memory of 4772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4640 wrote to memory of 4772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4640 wrote to memory of 4772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4640 wrote to memory of 4772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4640 wrote to memory of 4772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4640 wrote to memory of 4772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4640 wrote to memory of 4772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4640 wrote to memory of 4772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4640 wrote to memory of 4772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4640 wrote to memory of 4772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4640 wrote to memory of 4772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4640 wrote to memory of 4772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4640 wrote to memory of 4772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4640 wrote to memory of 4772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4640 wrote to memory of 4772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4640 wrote to memory of 4772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4640 wrote to memory of 4772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4640 wrote to memory of 4772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4640 wrote to memory of 4772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4640 wrote to memory of 4772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4640 wrote to memory of 4772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4640 wrote to memory of 4772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4640 wrote to memory of 4772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4640 wrote to memory of 4772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4640 wrote to memory of 4772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4640 wrote to memory of 4772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4640 wrote to memory of 4772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4640 wrote to memory of 4772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4640 wrote to memory of 4772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4640 wrote to memory of 4772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4640 wrote to memory of 4772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4640 wrote to memory of 4772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4640 wrote to memory of 4772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4640 wrote to memory of 4772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4640 wrote to memory of 4772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4640 wrote to memory of 4772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4640 wrote to memory of 4772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4640 wrote to memory of 4772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4640 wrote to memory of 5044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4640 wrote to memory of 5044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4640 wrote to memory of 2140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4640 wrote to memory of 2140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4640 wrote to memory of 2140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4640 wrote to memory of 2140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4640 wrote to memory of 2140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4640 wrote to memory of 2140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4640 wrote to memory of 2140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4640 wrote to memory of 2140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4640 wrote to memory of 2140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4640 wrote to memory of 2140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4640 wrote to memory of 2140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4640 wrote to memory of 2140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4640 wrote to memory of 2140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4640 wrote to memory of 2140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4640 wrote to memory of 2140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4640 wrote to memory of 2140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4640 wrote to memory of 2140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4640 wrote to memory of 2140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4640 wrote to memory of 2140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4640 wrote to memory of 2140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a20b751ed4c9deed042a947e6e02f7ee_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xd8,0x110,0x7ffbf8c646f8,0x7ffbf8c64708,0x7ffbf8c64718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,4521136460173224363,2322558995065892299,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1888,4521136460173224363,2322558995065892299,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1888,4521136460173224363,2322558995065892299,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,4521136460173224363,2322558995065892299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,4521136460173224363,2322558995065892299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1888,4521136460173224363,2322558995065892299,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4376 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1888,4521136460173224363,2322558995065892299,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4376 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,4521136460173224363,2322558995065892299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4040 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,4521136460173224363,2322558995065892299,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,4521136460173224363,2322558995065892299,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,4521136460173224363,2322558995065892299,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,4521136460173224363,2322558995065892299,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1948 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 zzz.8187859.com udp
N/A 224.0.0.251:5353 udp
US 52.111.227.11:443 tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 439b5e04ca18c7fb02cf406e6eb24167
SHA1 e0c5bb6216903934726e3570b7d63295b9d28987
SHA256 247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654
SHA512 d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

\??\pipe\LOCAL\crashpad_4640_LJLXMUWRWWKFRDCV

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a8e767fd33edd97d306efb6905f93252
SHA1 a6f80ace2b57599f64b0ae3c7381f34e9456f9d3
SHA256 c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb
SHA512 07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8627015dc3287aa9518d95d7627bf257
SHA1 1372dd849977aef241b6832f010aa671c0085439
SHA256 708beafc78dbe9d851a1bbba5bf637d5d00982603baf35baf93daa4263cea044
SHA512 53e16928bcaafdc5f6a2c0d11704a80d56d9f5641328803c9f046d764eebc7257be6aad2024322df5018612a4d585d4fc702cc16080e02ff2478c7d38811a6f2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 90cac8d8361d13e472543384989da933
SHA1 f152625749f6d4c3a20c391cb5a0a8d1aaef92b6
SHA256 6c6a4fabd16d8d48fc1f7cdfacc3c27a4c9705640fc354e6226642a8e6cafece
SHA512 f022ec64456b6e46d27ef11f2d1f65a8eb6fd616311254255a79a585bc6c4d4ece58265f965536b4747d2c0cdac927f6ea07ab6cfe2be234a58c2de53a15a993

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 35bfcbdd58cda8705581f3213c46965c
SHA1 2f616dd82024928b9ab9bd943aa68e3a5d88414a
SHA256 f373126b84c854da430cd5984f9b8085dc7b3ec395579a3e1f04cbbfce8dca98
SHA512 390ef2e518c801ea8d905e64f7cd0bf8ea0fdf1f91c479ef218a7339b5083b8aa3a587ecf5241b6b7c20c4ca9ff0d4b2bc88a01de8c49b25508785715743f01b