Analysis Overview
SHA256
e44177bdaffa42c7c3cc816548f51468e6748693f01ba3bca2beac313008d59f
Threat Level: Known bad
The file JaffaCakes118_39dd5a14139ba81b7cfb094d1ed4a0a1 was found to be: Known bad.
Malicious Activity Summary
Detected google phishing page
Legitimate hosting services abused for malware hosting/C2
Drops file in Windows directory
Program crash
Unsigned PE
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Browser Information Discovery
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Enumerates system info in registry
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2025-01-26 22:53
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2025-01-26 22:53
Reported
2025-01-26 22:56
Platform
win7-20240903-en
Max time kernel
144s
Max time network
144s
Command Line
Signatures
Detected google phishing page
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | sites.google.com | N/A | N/A |
| N/A | sites.google.com | N/A | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\notepad32.exe | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_39dd5a14139ba81b7cfb094d1ed4a0a1.exe | N/A |
| File created | C:\Windows\rudll32.exe | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_39dd5a14139ba81b7cfb094d1ed4a0a1.exe | N/A |
| File created | C:\Windows\juschep.exe | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_39dd5a14139ba81b7cfb094d1ed4a0a1.exe | N/A |
| File created | C:\Windows\lsass.exe | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_39dd5a14139ba81b7cfb094d1ed4a0a1.exe | N/A |
| File created | C:\Windows\ashDisp.exe | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_39dd5a14139ba81b7cfb094d1ed4a0a1.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_39dd5a14139ba81b7cfb094d1ed4a0a1.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60830f3e4570db01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{689D3051-DC38-11EF-9917-D686196AC2C0} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000027f3458c5493094a8bafa2091daceab600000000020000000000106600000001000020000000ebc25fbef2b05caae91dbad5b9c871afc633a4da9b015bf620ecab78b798f83e000000000e80000000020000200000007604aa9840d6a4fd11647148ca260c8b811eea5a889de46c07bc24a24d717bbc20000000ecff9a195ffddb8f95f949d962cde398e1e5e0c66fcab0072aeca4b1f0c0af96400000009af9844332dc231a5a81bae6c082b81eeb2232a0262a33c838f70bf250dbbdb60c9e27ba7ffa82dc5d6c0b56a8a8c8040833f00be1cf33d58ca0dd79c8d86249 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "444093898" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000027f3458c5493094a8bafa2091daceab600000000020000000000106600000001000020000000f6ca98273c173815c2d745416c72ff57977cc8785b0ae1d906cfbba71bcef50e000000000e80000000020000200000007d3500e8900f8f07ffa08e6848ea6969996e490f1e80fd14c8722309b49c7f719000000003ed2716d6764c907de142ca421d6f2847f40b7a39fc9ecc1be27b1f183537f2adf1dbf0e5ed383e21cd068463bb412b8e4e6af1a52cb9d64ceb328f79116c78b77e768b9261bc451a3fd58faa2f60b3296442c1457c450a289e7743fe2aef93ef83afd88ed5220e1c9fb88a8641969ce0c441eb21b4b4de404ea039d7eeba3cb8bc3f30ba58a907a7e5ef5a5ffbd82940000000177804c967d26e96026efcff86fb6137a5cc2ce714aa46bc0baeb398a44381a1dce9c4bd865ae177bbc901184c2b6525adc743d11da5e2ddc5bd06737a95139b | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_39dd5a14139ba81b7cfb094d1ed4a0a1.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_39dd5a14139ba81b7cfb094d1ed4a0a1.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_39dd5a14139ba81b7cfb094d1ed4a0a1.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_39dd5a14139ba81b7cfb094d1ed4a0a1.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_39dd5a14139ba81b7cfb094d1ed4a0a1.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://grupoarroba.googlepages.com/recadastramento.htm
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2788 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | h1.ripway.com | udp |
| US | 8.8.8.8:53 | grupoarroba.googlepages.com | udp |
| US | 104.21.59.39:80 | h1.ripway.com | tcp |
| US | 8.8.8.8:53 | www.mafa.com | udp |
| US | 104.18.8.204:443 | www.mafa.com | tcp |
| GB | 142.250.200.51:80 | grupoarroba.googlepages.com | tcp |
| GB | 142.250.200.51:80 | grupoarroba.googlepages.com | tcp |
| US | 8.8.8.8:53 | sites.google.com | udp |
| GB | 216.58.201.110:80 | sites.google.com | tcp |
| GB | 216.58.201.110:80 | sites.google.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.187.227:80 | c.pki.goog | tcp |
| GB | 216.58.201.110:443 | sites.google.com | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| GB | 142.250.187.227:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 142.251.173.84:443 | accounts.google.com | tcp |
| US | 142.251.173.84:443 | accounts.google.com | tcp |
| GB | 142.250.187.227:80 | o.pki.goog | tcp |
| GB | 142.250.187.227:80 | o.pki.goog | tcp |
| GB | 142.250.187.227:80 | o.pki.goog | tcp |
| GB | 142.250.187.227:80 | o.pki.goog | tcp |
| GB | 142.250.187.227:80 | o.pki.goog | tcp |
| GB | 142.250.187.227:80 | o.pki.goog | tcp |
| GB | 142.250.187.227:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | accounts.youtube.com | udp |
| GB | 142.250.187.238:443 | accounts.youtube.com | tcp |
| GB | 142.250.187.238:443 | accounts.youtube.com | tcp |
| US | 8.8.8.8:53 | crl.microsoft.com | udp |
| GB | 88.221.134.83:80 | crl.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 95.100.245.144:80 | www.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b1187bc58be15c922927f4c8d0265a0a |
| SHA1 | 0aacd7bdca481b79638d43cd475949a48e6e713f |
| SHA256 | d96b51a68a4c6092a025d7da306f1dcbbebd67b0ff4afbf20b396f35f054ba48 |
| SHA512 | ca2ab783f4940b0752906c748668c6b7b08a59829bab3336b97bf0c3eb7dc8ebe00036bd7848c2608c732eacda6901a22833c24019c5ef8f86e3b5ef95e7af68 |
C:\Users\Admin\AppData\Local\Temp\Cab782C.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8452S9S3\KC51X31E.htm
| MD5 | ac36dd7c710e100726d8d8fd4022e5ce |
| SHA1 | acee0568302a022407b0f1d5b9784898cd0a96ae |
| SHA256 | 1de88cd8f8443d4fa4e716573eb8e68c7a69ee9ff62c68853477c6afb832dbd4 |
| SHA512 | e65ba58acd0c3b598b6c8594e27f9d62978e4a2323536228307ef68d9bfeb48b6447640a35477049b333b5c07755ab3531921d624a2aa6c761c668a27a4b5404 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K3VL8XEP\mv7[1].htm
| MD5 | 0104c301c5e02bd6148b8703d19b3a73 |
| SHA1 | 7436e0b4b1f8c222c38069890b75fa2baf9ca620 |
| SHA256 | 446a6087825fa73eadb045e5a2e9e2adf7df241b571228187728191d961dda1f |
| SHA512 | 84427b656a6234a651a6d8285c103645b861a18a6c5af4abb5cb4f3beb5a4f0df4a74603a0896c7608790fbb886dc40508e92d5709f44dca05dd46c8316d15bf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6DA548C7E5915679F87E910D6581DEF1_AFD0C460FA6EFBA0BD0D581BE830FD1F
| MD5 | c83274aa9506b5d41e6e5162145afecd |
| SHA1 | f11e7711c3c185911cfdbd56f57034cc9dbc3e11 |
| SHA256 | 39361a889f8ca1e09cb1cf07ed60452cc51a641be62c883a06cad482c83cfe94 |
| SHA512 | fd2ea664636aa8d295e8a4d1b7916ee081020990c0b6663cec2df75ae0071a5c28e2925b89a74d8b050ccbe950920852e31de8474f37b43ab8f20958f4d27b1c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6DA548C7E5915679F87E910D6581DEF1_AFD0C460FA6EFBA0BD0D581BE830FD1F
| MD5 | 23bd88c6679d2b74507919d865455138 |
| SHA1 | fac0dae4d7dd584e9badfcedeb92879d7231fa51 |
| SHA256 | d30fb478121d72fdc19e4b87c44fe3326ee8886d09a8ee4bed026f6a5e2dad73 |
| SHA512 | 6fefce8bddfbb4f3bd882e62a338cc5b3f7fd8db3d34c709134c908bd276135912ae17bf5f9c22b79e3190306edcd91ae8bf18c884bff0fad97a16c84eb75c84 |
memory/2716-122-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K3VL8XEP\favicon[1].ico
| MD5 | f3418a443e7d841097c714d69ec4bcb8 |
| SHA1 | 49263695f6b0cdd72f45cf1b775e660fdc36c606 |
| SHA256 | 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770 |
| SHA512 | 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\gsz3hkd\imagestore.dat
| MD5 | 24b6aa59feb88dcd7c481acd59266662 |
| SHA1 | b85f460f3d02b38491d894619787e25c77764c00 |
| SHA256 | 06e51c63d82b4173630a6388b0bf1ab85161332740046e1369bd5b1b457f8f4d |
| SHA512 | d59d1162bff3b0ae36081513a2617c2b3ff74fa804454010ff65e8779a9b87df0216ca1622231be2b00cc950d4665072114cd6d4b3c546cefaf540ebbfa2ca4b |
C:\Users\Admin\AppData\Local\Temp\Tar906F.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bb656c79b90d44fe8a3eb6105a1b0b94 |
| SHA1 | 524d0c8a3e962d68cb648f8ecc74e13acdba6eb6 |
| SHA256 | 214ebe0123e43ea532b7a8fea774547cac16acbcb64aa625d0159efe37027a12 |
| SHA512 | a575c76fc51719baa5950a512a58dfe522272b1ffc1258b2c2d93171e62a55f8dcebedb104ec7be279eb6a31cb3f8cd2203aa0dedd95f83540ae2c845e6dc2aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0c9c0aad17de4192fdd52eea0d5fc5e0 |
| SHA1 | bc09f8050b188040fc1a704297a0130368c1e3c6 |
| SHA256 | de6c6043b0ce218faa275fa1db68370d18a8abab55b63a01fb36d55c01f1bfb7 |
| SHA512 | 4c99c99fde5750965248748de49b4b1f6959df9ac161f8120b1a32b86576475c8caa0a52d64cf60d0817441bcb8ee534bcfc1077d667d1a53f58fa950c74b6ae |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4abd56275faa128480ea52f259688086 |
| SHA1 | 3caf6617350676862b1e8f0b7a8f62bf72dbf4d3 |
| SHA256 | 45746c03651c24b04c51d6a29f16579f2d36f49c78306d4933cebcbd474900fa |
| SHA512 | ba2451b1d8c5f8658017fbdb35f58512a998b1643464899178f490d1616b49f690ad61edf7e3527f9312d9edcf18646850c90eb05e04195d8b562982bb32ab99 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3cdcbf9f0d83df6b522a35f35bfdb48a |
| SHA1 | 8d8033749c3fb694cd93f1b6e5dbbfd814cbfaa3 |
| SHA256 | 5409d6d96bc07eeb8fe63746541b0fff86c405c92d68d3fe09c7a463bcb3ea33 |
| SHA512 | 1e2d42beac326b3045812ccfd0dfe79b802373f63d5861294b140f227b06bf5298cad183047cddd250c320eae4475896d900969a07cc87dbccc1c5c6c983ff8a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | be557bf56de2f59d89d023f92465c8db |
| SHA1 | 70a4d45a66324aa3b764651bc160add8dd9c0820 |
| SHA256 | 8f02d8e18399a3bf7e0eaa4ee55db4fe0eea812831583a98a664c009a89fcd50 |
| SHA512 | 86020f693c55883e6704ae2403c1d0a1253406e1fc566403ce57a426933a6508e527bb5252add75ac6c90467fbe6990e65a16b6f8b8e0cec2dae3f08bdd8adfd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a8f08e46449bd3a873721041298b00c1 |
| SHA1 | 73bb88b58b7addf14983dc86cfe7e6f1266b4dcf |
| SHA256 | b39424d8d7e1b7c5340ba0d88e01600de272a1970ae2e36273956210865b4992 |
| SHA512 | 68379ff07cb72aa9276422f70374aea68c61b88d173c30faa64bbd4fbfee14edd82294480634ec13446c256a563d8ec1ea34ed47ee76e768002562542ca60a80 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 672b1e4b4b96786c42295e10c013702a |
| SHA1 | 8897a96b7f96df0adc8b1d8c9d57ce9e46199e48 |
| SHA256 | 602d3eaeed1ac29fd9d2ac6469ba9c89d1d3b9b0aa87a4205aff265719e2893b |
| SHA512 | aae59595af5b382a5b465ba341b4d61c9a2c18d303af360bdea56661c020d4355bc5e53c92e83b36090e721e29f99c54820678aabf1eb8bbdb95fe90a814e06a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9e916beefbe5f7543186b28f9941aacc |
| SHA1 | 920c7f76ba1eef0ee7b98ad85c0ce3ab8f94b8ae |
| SHA256 | 456d48ea2cf7b38e0bf8cd80e0787fed045bd1ac5263e54e5ebde9701a99df50 |
| SHA512 | cb3f0a05272757178a62e1bc8e718365e77bc46d6fe9f3b7bbcf80e602edff3c092a5b8f26c60afaff80b09c27c1488125aa027852aeec6ca1690107cbaeec38 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c872ec3c3a7874e073d6a9510ff0e327 |
| SHA1 | 54f1a85a4f158073a555fb4cf0badecec5390a60 |
| SHA256 | 88869860421aa3880956d340c563dd473173eb2809cd709ac768874d4fb9b133 |
| SHA512 | 162b06b2590f878628026f6aee3a8939a1f36ded06c375c93f6d070c0e3cc1c9246452d5aa3e44c348325b71465946a8a825841dd3d2f9a0a2d1d0f240f2a35d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5b2993f846efaf83e0c51d7b0738e3f7 |
| SHA1 | 5d9e93d0ac764cebf653c55e55a43dd49db05e0d |
| SHA256 | f74e533b05a125471fa7a769ed29205cdd7cb1b20c793755db68f20b6c1a1200 |
| SHA512 | 76be7816cd80a666f0a4f57bec10c626c2bfb647bcc4d7fef7c4aa2aab3da6bebd32b6352bca272983a5a0eeea31b4ea8e7e7391ba5b10dce66ffac1540d8d01 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 849ecade30fa7ba7a56d14c3451ca1f7 |
| SHA1 | 4d04f304b94d3ed5cd55b05ba709ed54f9ac205c |
| SHA256 | c1d038a77818dfdc68fdbe60e1ab3021f80be57d8e4a043469831b223a4c4ceb |
| SHA512 | 0fea5d37cc61a5b572f759f621d4f0b4fa178683cd8acb6b00d1c804279c20f47f805fe5a26b1c2ff7f20c526d7a05ba70bf887ff4303d2c206a2aec6233b3ea |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 9b2604fdf3cfb068f444bc2bf2ffa622 |
| SHA1 | 7cc9451bf4fc33f0e60ce2e4aa6dd69728288cf1 |
| SHA256 | 9e563ac778bd70178bf59d2f0f01fb91506ca43f60bef887e6ba66a8c77155d6 |
| SHA512 | 75de00c7a76fe23d90589ab21ff2e1a24326949d716c774e08f11b482c4a3a68fb051f26d3b1afc9056d643545b302bd25ad43e01d8937da660b956ca17bdcfa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 98b48ece3d4352a18aa7e3200981a22b |
| SHA1 | ff44da25af2675f71cde66e27e8c7fd56986d9db |
| SHA256 | d91a512d895738bf1bc571e8fd1413c1af680c729cb37705f6e906b563c17d80 |
| SHA512 | a90c2c5e992e01c97389e990dfb88f965f016aa2e5244125b8687de31ec387a2decb396d47577ec477c727ffa97071d6ba227ea19367b4d02306e8ceaeacbe6d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 08c600f402725235361226badce46cee |
| SHA1 | a056ed5019e0bbbcf72b475ef0ead1ad49d8c6b6 |
| SHA256 | 884528faf7dfed94dec63c51d9333e84ea80613fb01331e247905316a895bc15 |
| SHA512 | c4ccfafa9a1f0d3d4c844ffede7a813c36e1d0306015cd75dced5514dc2de7772414afde214aa0528e38a58331e8ce8ad076e7e0aa9a26c1852f11d8539432bb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2b31f743d717c0885b1001478c55f75e |
| SHA1 | d043fef914cac451ee09fc373dc75392372bd065 |
| SHA256 | 9311b0c072b2273f4f6798a1792863f9400731132163c2c6d17c626784defe95 |
| SHA512 | b6a43946022a27bcc2e51ba1592e7f081d29434fdea61e3e3eccd1cf8b0c5c983e54fd16da62f1cb0b46afc44f7313bedb86d44657be3549ab558c9fc5e42940 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5306567243c81e011d2977f94414a753 |
| SHA1 | 07e15e8573bd1a8181fec83740a60d1da26153c6 |
| SHA256 | 2c23632808708cc3acbbfc2d38cebcf81a59a39841c6b7bb34777c596a23ae37 |
| SHA512 | 7dca9503053ed66c5a629e502cf65f7aeff18c2329e500ac3d261462ffbbd7554e9b1dd532566b786b4df5b3b9d775fc76bfb5324abdbfbea7ec32adde606f5a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 199987f8c03b555aba7efd93564863a7 |
| SHA1 | c7168ab6e2e819b986165fd790ebd8e20c7dfb19 |
| SHA256 | 519ee4a946dd8dbdac354f2ceab02dc949e2de01002d4106dc2bb2a57116d1fc |
| SHA512 | 6a166242633534d5b1851f393b9c6d789baa137ffc480a2894c06c2014903e795109fa92e1f86f6e5cc28040003976bbfa59530945d636a83631ee151c588e7a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 04b3f4cd58e8067dbfd067619dfd028d |
| SHA1 | a2ada828518192eadc9d36d30f942828375419be |
| SHA256 | c3a4eb8a51bea56a6bb12c363793e6c8c40185bc55e9ca9a7bcdca1c6205d621 |
| SHA512 | 15e4ae659edbb96e2ed897b8ff0315be7988b2af54e3a8936057421b28dde0ac4dbdf12f52c8e17afc618a1523caad076390635faf8bcd695623e0de8adb71af |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 27d3fd782951cfe7a4fa316cdeb34fe6 |
| SHA1 | c39ffc45ccc92bc1041270291bfe2d50a95a5c8c |
| SHA256 | a65f1985056f0ed24695a7aeb4f0278b67f472cc397c36b052a787e3c8eae5a9 |
| SHA512 | 1f8e1fd6df274bf1c51f25388aa9bd1edb4d6418885049d76cba65d3218d5c96964879d452a96a49d3347fe19f20ad0bb7cf19cbbac2f1269252b6afc55e4885 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 36f4189977e2f5fb9287547bc2df7ea0 |
| SHA1 | eadec34b78770c6570a46c2ec3d79f437f39f4f6 |
| SHA256 | 8dbdb1a1643a014ff4696a71062c3b01ee7f63f03062392f3f11d99fd55c5f32 |
| SHA512 | 63d2f76c20cfbbcb898132a8d85dd148fbd7db90b3f6e288dd39e32bd01e37d75f73ef30c47e7964ac754aaa944d2d3e749670a6813de080aa397fbbae3d3537 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c91d775bbe1ec6f7b9e098bdc8810214 |
| SHA1 | ff773cee1ad9f89c3dc32f8646922c47c26ff5cc |
| SHA256 | b72824b2faf0464f63bad08d550504091a0c01306345f55456afdae5b685eb06 |
| SHA512 | 3cb5301b722f069aa905b7304e7f7ff604c62794b1bb5ad3cb2104a086ee0330b3453492a57e172d97d4ad127d9b93b7b29ed1c93a75ab42497bc8358cddb6c8 |
Analysis: behavioral2
Detonation Overview
Submitted
2025-01-26 22:53
Reported
2025-01-26 22:56
Platform
win10v2004-20241007-en
Max time kernel
146s
Max time network
146s
Command Line
Signatures
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | sites.google.com | N/A | N/A |
| N/A | sites.google.com | N/A | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\juschep.exe | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_39dd5a14139ba81b7cfb094d1ed4a0a1.exe | N/A |
| File created | C:\Windows\lsass.exe | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_39dd5a14139ba81b7cfb094d1ed4a0a1.exe | N/A |
| File created | C:\Windows\ashDisp.exe | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_39dd5a14139ba81b7cfb094d1ed4a0a1.exe | N/A |
| File created | C:\Windows\notepad32.exe | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_39dd5a14139ba81b7cfb094d1ed4a0a1.exe | N/A |
| File created | C:\Windows\rudll32.exe | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_39dd5a14139ba81b7cfb094d1ed4a0a1.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_39dd5a14139ba81b7cfb094d1ed4a0a1.exe |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_39dd5a14139ba81b7cfb094d1ed4a0a1.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_39dd5a14139ba81b7cfb094d1ed4a0a1.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_39dd5a14139ba81b7cfb094d1ed4a0a1.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 4252 -ip 4252
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4252 -s 220
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://grupoarroba.googlepages.com/recadastramento.htm
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd421c46f8,0x7ffd421c4708,0x7ffd421c4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,8309932587783211652,9087653856568767070,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,8309932587783211652,9087653856568767070,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,8309932587783211652,9087653856568767070,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,8309932587783211652,9087653856568767070,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,8309932587783211652,9087653856568767070,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,8309932587783211652,9087653856568767070,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3120 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,8309932587783211652,9087653856568767070,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5060 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,8309932587783211652,9087653856568767070,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5060 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,8309932587783211652,9087653856568767070,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,8309932587783211652,9087653856568767070,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,8309932587783211652,9087653856568767070,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,8309932587783211652,9087653856568767070,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,8309932587783211652,9087653856568767070,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3552 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | h1.ripway.com | udp |
| US | 172.67.212.156:80 | h1.ripway.com | tcp |
| US | 8.8.8.8:53 | www.mafa.com | udp |
| US | 104.18.9.204:443 | www.mafa.com | tcp |
| US | 8.8.8.8:53 | grupoarroba.googlepages.com | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.212.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 204.9.18.104.in-addr.arpa | udp |
| GB | 142.250.200.51:80 | grupoarroba.googlepages.com | tcp |
| GB | 142.250.200.51:80 | grupoarroba.googlepages.com | tcp |
| US | 8.8.8.8:53 | sites.google.com | udp |
| GB | 216.58.201.110:80 | sites.google.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.187.227:80 | c.pki.goog | tcp |
| GB | 216.58.201.110:443 | sites.google.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 142.251.173.84:443 | accounts.google.com | tcp |
| US | 142.251.173.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 51.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.98.51.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.173.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 216.58.212.206:443 | play.google.com | tcp |
| GB | 216.58.212.206:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | 3.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.179.250.142.in-addr.arpa | udp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 216.58.212.206:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 206.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.179.250.142.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 142.251.173.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 142.251.173.84:443 | accounts.google.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c2d9eeb3fdd75834f0ac3f9767de8d6f |
| SHA1 | 4d16a7e82190f8490a00008bd53d85fb92e379b0 |
| SHA256 | 1e5efb5f1d78a4cc269cb116307e9d767fc5ad8a18e6cf95c81c61d7b1da5c66 |
| SHA512 | d92f995f9e096ecc0a7b8b4aca336aeef0e7b919fe7fe008169f0b87da84d018971ba5728141557d42a0fc562a25191bd85e0d7354c401b09e8b62cdc44b6dcd |
\??\pipe\LOCAL\crashpad_3700_OJBSUOOYOLORFRWM
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | e55832d7cd7e868a2c087c4c73678018 |
| SHA1 | ed7a2f6d6437e907218ffba9128802eaf414a0eb |
| SHA256 | a4d7777b980ec53de3a70aca8fb25b77e9b53187e7d2f0fa1a729ee9a35da574 |
| SHA512 | 897fdebf1a9269a1bf1e3a791f6ee9ab7c24c9d75eeff65ac9599764e1c8585784e1837ba5321d90af0b004af121b2206081a6fb1b1ad571a0051ee33d3f5c5f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6329b45883a8091593ab3ef29c389bec |
| SHA1 | cf610d7cef8b74d29e06d7ed89d5d53667e62e57 |
| SHA256 | 5e63fcbaa677fabe1cac04323d9f58569295482d6d87c3e29e15df5f7a357d31 |
| SHA512 | 644ee08412811156e0f0c6882dbb3424190402291fc012644b98ca658972517968f00adca95c119b2772f9fb05bce314b037e2268bb7efa4e80b7eef68a99ee5 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\YY018DS9\4U0WZXTZ.htm
| MD5 | ac36dd7c710e100726d8d8fd4022e5ce |
| SHA1 | acee0568302a022407b0f1d5b9784898cd0a96ae |
| SHA256 | 1de88cd8f8443d4fa4e716573eb8e68c7a69ee9ff62c68853477c6afb832dbd4 |
| SHA512 | e65ba58acd0c3b598b6c8594e27f9d62978e4a2323536228307ef68d9bfeb48b6447640a35477049b333b5c07755ab3531921d624a2aa6c761c668a27a4b5404 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\XH3Z2ZON\mv7[1].htm
| MD5 | 0104c301c5e02bd6148b8703d19b3a73 |
| SHA1 | 7436e0b4b1f8c222c38069890b75fa2baf9ca620 |
| SHA256 | 446a6087825fa73eadb045e5a2e9e2adf7df241b571228187728191d961dda1f |
| SHA512 | 84427b656a6234a651a6d8285c103645b861a18a6c5af4abb5cb4f3beb5a4f0df4a74603a0896c7608790fbb886dc40508e92d5709f44dca05dd46c8316d15bf |
memory/4252-91-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | b6d21aa4aa47fbddad1c5e7a80277723 |
| SHA1 | 9776698906fb66e9dc535bba40b63fa43b9b3181 |
| SHA256 | bc01a0796490f0554e47b306deb07edde26cae734b0ea74d8cce25567701561d |
| SHA512 | 3c041398829392ac06f51191458d24d2b790e6248060fc95cd20bbb9339c5f848a7c57e736f250fbabb151ffabe28104511889970b327509b323ba1f35d2b80e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6d7a6d4798cb3e4cd7ca7b176e8e8f6b |
| SHA1 | badfd749b1b8bc7f9f62a3e48080ee096da3384d |
| SHA256 | 7bdf9338f46895258c3401f7dd7028d92505cd980f201ee87248816ebbed9d64 |
| SHA512 | d8e38f5fe8ac6e222b93a2d9388f9358a2e3f66db204377922f6b6d46ea92cf009e38f8e2b9ff55718610c5d89fa69f0a6e0c1cb8612911979d7ca591e2c355e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | b671eed517daafb440f0b42411cee6c6 |
| SHA1 | e07076912733c2ece5bd55a6be597c2e3526e230 |
| SHA256 | e1b4a2e2e29a2710b58c1956f45d1dc49b0d48af74040767ec654ebd76af3b61 |
| SHA512 | 1fcc6c503b84c076be01ca2b39f904934bee23a413e81862b10a994ebd317fd7207ac5019d73fdcfe77d7ea15f6e6da99f66d1d2c30ad99fc7adfa74b84350b8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 5ba59f3fa9021bc79a241f523bf08bac |
| SHA1 | ebaa67a3ff06b0feacd7a1ea72d7eebce7f4aa65 |
| SHA256 | a5f5e66d728a7820f9f75c10be58dc7ca6c0caeb41d2e932f689cd9d0e75f29f |
| SHA512 | 0fd7b84e919e5ec327c3cec43c00d9c9c9a49effd129f038391f865f85ddc7d7c3c651dad16ed65ffcf545e698aba5f434dc19f0348f4f39fab4781b77d07371 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58a709.TMP
| MD5 | 86e466e62394d3e2c5b79310ab5e23c2 |
| SHA1 | 5fafd48ea3254f5da373a2981698204a69c14c43 |
| SHA256 | 09f75ab2679c0003cf4f14e541abc49d28de55c83bdcad09123d3cebc6f98644 |
| SHA512 | 701fd6668cf34204482bf4721256946e22deba49e81cddc2b7914f1a2fdc950eca9941b4642518b83cc4c74b21a465a6365da2382ed553df3530bf587f7716d6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 72cbe6265b56e16ca160cc7019b39b19 |
| SHA1 | 3b270dc077f57b00fe6369fd8134cb7936075cf0 |
| SHA256 | 63a6cec1372fb71062625a2511b4feef4ec121dc4f669fada9a4dedf15d494ed |
| SHA512 | eae8e5b1b169a49dfda2c764d1b28707711d6e96fed4c866b9181056c5a8da4491dae4d97c15f858a86a0ef175595df790ce1038c708e6ddc220df8c77beb699 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | ec09505353bc4fa7fc654913d3ed3c76 |
| SHA1 | b3893bfae7b6fcc47b8278ef1ee57211c9806580 |
| SHA256 | 95a7ffa94b598076024f32ca40268bcf53ffc250e3d385204ae09193ca3b7f71 |
| SHA512 | 7fb1e0142f1a027b3ac3133963bfde6f438c7d3b95d3a7e86909e3d7d6fdde1ec440e552af539fa2231b5b0e18a5aa59bcf8bd654613953e03d282029e8c61bc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 34926fb0d45263ba8e948bfe53babf7a |
| SHA1 | 5841ba9baeacfe21325732186398710a5824aa9e |
| SHA256 | fa81e34b3015b9cb2ce51e3eecb1c535e1a1d0db2b974fa8944b5e7af5f37433 |
| SHA512 | 737e29b35759e42d5e03df9418c5f3e9be217f58d8036866bb74c72dd0b01fc5e61b3fdf7f98f7329ca006f794f6ae4533f05a19d999ab0d84754dd663659990 |