Analysis Overview
SHA256
3195738076ea73bf95dc162fa8d0b099c12c0b9d08dafc32c0f0f78cad243c82
Threat Level: No (potentially) malicious behavior was detected
The file 742b134474113f83576f58cf1fcc517d_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-26 03:16
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-26 03:16
Reported
2024-05-26 03:18
Platform
win7-20240508-en
Max time kernel
133s
Max time network
126s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422855249" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50d4ca281bafda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b000000000200000000001066000000010000200000000fc70ba76048a828e8d9787f61daef5deed4b074dea352689c334e1b3c24eaf2000000000e8000000002000020000000b80532087befaa93258e2009b8b60617229329a5bbfc0962198aae038d4c3526900000009ad065835c5dcb5f02c1120d7e21b03f16737a3144ccffa828233b1d2db62cdd434ddb602b92c3996550f4fad3766cfc0b0846ce83c84d3860e807b39b88e6daf4016854019efc9b3a6361404ae83613654e74b54661cb37992e39b2e8fb6ddf61c9e01305b166394452517b652672496576141f3b7d023b1cbf45f4615133e1f3b25b056e6f297db96f9e67b74d3072400000007dbb51a6adc09a5c6e19e1c8a6b4b7225c92dcd671e7cbccd51f37bec370318b412946f9cd01b61c2d161da43d98280b2cca6a4a5cf267b4d41bedcce32393d5 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{53EC06E1-1B0E-11EF-BB1E-6A387CD8C53E} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b00000000020000000000106600000001000020000000b955a3a7ae5ccb2dbd3dba53e72f38ac5b9546dd7623812657fa7a67ba708d08000000000e8000000002000020000000eb745fc1df71ba2dc0568f32b46fd40e7aa41e2c5805f736fa2c998bd6c29d0620000000e953bef4ada7dbdcdb02db337a5f169b22cbc64e70fda0a7b995a6b8122ff2ab400000006e64aedab0d2de12b5f9cb6f597f118ac0ac85329b7eaf53fb6e47bccd9cef967af4273ae02d47e9cec644b1d2a03600ac4e424bc886d9dc6b1212db37c18812 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1868 wrote to memory of 2348 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1868 wrote to memory of 2348 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1868 wrote to memory of 2348 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1868 wrote to memory of 2348 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\742b134474113f83576f58cf1fcc517d_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1868 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | saltworld.net | udp |
| US | 8.8.8.8:53 | www.gravatar.com | udp |
| US | 8.8.8.8:53 | coinhive.com | udp |
| US | 172.67.166.97:80 | saltworld.net | tcp |
| US | 172.67.166.97:80 | saltworld.net | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 172.67.166.97:80 | saltworld.net | tcp |
| US | 172.67.166.97:80 | saltworld.net | tcp |
| US | 172.67.166.97:80 | saltworld.net | tcp |
| US | 172.67.166.97:80 | saltworld.net | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 172.67.165.117:443 | coinhive.com | tcp |
| US | 172.67.165.117:443 | coinhive.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 172.67.166.97:443 | saltworld.net | tcp |
| US | 172.67.166.97:443 | saltworld.net | tcp |
| US | 172.67.166.97:443 | saltworld.net | tcp |
| US | 172.67.166.97:443 | saltworld.net | tcp |
| US | 172.67.166.97:443 | saltworld.net | tcp |
| US | 172.67.166.97:443 | saltworld.net | tcp |
| US | 8.8.8.8:53 | gamingw.net | udp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | i1.wp.com | udp |
| US | 192.0.77.2:80 | i1.wp.com | tcp |
| US | 192.0.77.2:80 | i1.wp.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Tar1319.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\Local\Temp\Cab1306.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | dd3850d9ce5a33ba453ba4d1dfb4ba51 |
| SHA1 | df05b044dd14e7d009aad0398686bbfd6fff1491 |
| SHA256 | e9e041a83d7f3dbd6adfeda50b7ff9d3fd1abfcfb4fc5906d481c33db7072b85 |
| SHA512 | ec27ccc61d0133a76a612d5ddde2c6193f96302e17f66a75da8e1ad18ee871fe6b307e535317726449dc724331d4f48376d03201ad8d9dc2985aa0420d45b8e4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | aba297b0bba16d0ae37afc714ee87836 |
| SHA1 | 62275b46176feae93e565c41d9d999f44dc5f774 |
| SHA256 | 225419c754c016fc8237da07095d025ca5ab3334b3a380ca1bdbfb59e1bed557 |
| SHA512 | 9c856dd63e9948a533d800785c2db9b2011c095b3115ca4c42484895ce8a448e96a427eb57ed2b7cc8031f2d8211d5f68475cec6558f75838bd1c6687f983f1b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 12d7a7ba6ab026023f644208df9a1f5b |
| SHA1 | b885c297bd0612aa385c24440eacdf3e3c1aa1d7 |
| SHA256 | 6cec5cab0e905ab433c4a5a78184fb3faf65849fbab82e7c44937564bd36ac47 |
| SHA512 | 68c7dbed28e811c577eeb58d33dcfeb6b617b1f20913d88aefeb5c903df5c1aed9162873bfed18994d769621e4cfb7e943174cb419c4c292664b879710f309f1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 8e7e4830454414b5df5ad4fce9758c98 |
| SHA1 | 618dbfbcf552478f852fb1288058ede67cccbb05 |
| SHA256 | 1579b563b27b542be02a2c96547f2dffb61efc32ef27056328825c6bd61b6569 |
| SHA512 | e15dc8ef7f1a44427f55b0552c42dfb67d0356055e18efbc94738a1c6698ec6ce1a106f021a5cf86b0ec2a51c1d2f7494e8637c7382948d232807e2be80b9491 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464
| MD5 | 8202a1cd02e7d69597995cabbe881a12 |
| SHA1 | 8858d9d934b7aa9330ee73de6c476acf19929ff6 |
| SHA256 | 58f381c3a0a0ace6321da22e40bd44a597bd98b9c9390ab9258426b5cf75a7a5 |
| SHA512 | 97ba9fceab995d4bef706f8deef99e06862999734ebe6a05832c710104479c6337cbf0a76e1c1e0f91566a61334dc100d837dfd049e20da765fe49def684f9c9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464
| MD5 | 1a0fa38c0e2e53cc33fd5b26c705318d |
| SHA1 | 93e54dd6f97c6a241b3b985eb70a1465d041393b |
| SHA256 | 5b728383bdb9dfb63ffc5fa61bcbee0e67bfca5b975da25e0ba9137835d57a81 |
| SHA512 | 4ab156c376c32fb1adb618bc79374bd006fa9c8c146b5e42c2c69a0a4e56528df78f3d44e496873a6b5d77ddfdbe22b032310eb0378b7e3b6d7a294ac08979e0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cbf02934a92d6cff992e9414f7f8ad82 |
| SHA1 | 5654ced5fd533edae07305f484e9d04a5ebbb563 |
| SHA256 | 3fdd52621e183e160a2ce04459e990887d5255a16a5399f9c5a4531968a966b7 |
| SHA512 | 4fa6cca4c221ae389d9757b6e0abe2a8e68f8f483fd0c5eb18b744e53d31d195ffa0358a3b2282f3b737bd9b61c0e3df5f60fbfdb902a470231646b15a37605c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 10dd3e7715bb340941ce3fce1293e754 |
| SHA1 | c27228b2cfcdbf2b85f82be286446e6b3c57db41 |
| SHA256 | d755bd91599a8fff11d81e2af72bc7bb92a30df20672982790d4c1bbed4613c7 |
| SHA512 | 46967b98ba96617a99f778379c8f9825aaf2fb243835a471940756f00352686370a2446da4e63696a26ae6ed730e5aba52d10642a5b8ba14d9e67b75f58d2ab0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 42044ab2559cbac63244ed74fe88cfad |
| SHA1 | 5688dc012521fea50e40617f681dda74a2b9f80a |
| SHA256 | 80a4ac0a594ab27f9ccd27a03b039bfdbb85d119a5bf19bfa7d89c2727361c94 |
| SHA512 | ebbc3579724d454fe402af12b3ae3b9180a07733617aaf672a9f0a75cedb392ab76f0e3278f90a4bd66f2ddfbf8ccbf3773731d999f510f4f6862b9aedbf8e99 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 98b20c7540d04565ad58f0da4e6dc2e7 |
| SHA1 | 6a8d4d272c394ffd0c9395f0fa8a9f082063442b |
| SHA256 | ff6e966d95cbabb600140a30c72f3649fa860bc9c9321ac21a123a5dc12b8a72 |
| SHA512 | 53f9a7297a82524c1004f1e1b968cde9110e9016446659a656f0a6df980624c542cb5ae50b6543386d9d3a20121710f20a640df81c3589b76be20ded54d43948 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f3142440e21dd7908963aa03aaa28d27 |
| SHA1 | 7c4a137f67552fc6f3f4c052c05af6a2e8db4ea4 |
| SHA256 | fbcf0f813aa2b71012b1b4182c044a5169231587aed4310cee9005b4fef9442b |
| SHA512 | ff1f8592648522262943c269dfeed051e1c25c31ba33f552734e0f9b2ca77ee9b4da9e2aca9b54c297810b217347797863a8515941100a9bf9bbb651385dc367 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a3d56adb55a9962de255ec266ab13705 |
| SHA1 | 2d6fbbe2dc9e282c89d7917025646d24b5eb0fce |
| SHA256 | d9756d20da440aba39d431c4ae07d1b4b77ce932c7a8220b74b2dfe67910cda5 |
| SHA512 | 35419730e6947c1a72ccf2c845666f04202ee148dc976793a3529fb5c9d3ff1f0244f56bd0250ee4733b62f822cd029048c11fe7cc8c4b78a72af07e21009734 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 328702ae95fd2b30790ab59a9ca5a808 |
| SHA1 | 55fd2f2ab6aa1f37f9c9098bdf1614e1b0cd972a |
| SHA256 | 931d80d9a580ae6f9a023aa0ef2a3aad3e70559abfb9239a458f2596d1a38198 |
| SHA512 | 849988b01a32aeabc8319028dfd7de01dd5fe79567089f44877d536cf16bdfb1426f1c63f3ba39ba6695f1e97d7ed1e67b8ddc1ce633ddad5f67262c496c9263 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 40c3af2e59a5e508444b197c49f95fd6 |
| SHA1 | 2f47ab05704e00c04ee069bf32ef042e6a2a8ba9 |
| SHA256 | 6f054ec247b8ccd12325cdd015b310e8cb4b00c4cbc467e7b7d4768e5479be64 |
| SHA512 | 1c7c0123217f4eb6acc2e8d4c8764986ca018c76bc3686e1b801b146493e5aab2a74c9c8d022d7bd7a01d9ddb6bef2e3cc7e31894b0352a376a1804ef0106c8f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0b07364146b3c9c6b39fc8fa57bff365 |
| SHA1 | cc2499aa3806347bd19c294ecee3b184cdb98029 |
| SHA256 | ceae0dd7001983d05546c0faa9e3ca9cdddefb10e4c4333980401703bd15b79e |
| SHA512 | 2619ea40eb1c2502ddc5b3441e687498c365a517a5ebe572b0c7bf2b2bf2af8d9d7f67f2e434f48d64071e6a0b2526f9752e8325dd70b4fcda6e5d5d818cac73 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 738bb9d5382b410d7f93d90d283370d0 |
| SHA1 | af926ea5c71dc617b84baf402abe23add76f9399 |
| SHA256 | 4687d6f09db7c3f994e7275aabf27acb57655834bb5696dd5c0c437c18731d70 |
| SHA512 | ed423c170c4fa7cfc255f0567fa028396c8ee81b357d27eac521d4809d7e6fa742646818a4034e558945ddd07e8edbc001b47d4de6f9880d73800df56dc23f12 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3995ce15981eb9ecdbbe8898f7d48de5 |
| SHA1 | 553510bbf17be4cf4ef70c4c23b808fe602c897e |
| SHA256 | 88e96f88bf9ca9959eaf39eb816d0551d22c9c453ba5766e03e53dc5005ea11f |
| SHA512 | 13757ceae488dcc5d33ad6772f57c712703a57bbdcdbb81d45407955796b79998453a9734d86f70d22271738548e628ebebdf027730e52bc839446dfa3d8d033 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | de6c8dc49ead983a48d2b961e911fc00 |
| SHA1 | 81a68a6d8b82137163a1584069ae570787339a99 |
| SHA256 | 1e5c779561edef746a403d16c07468d24ff98835b0fe27bbdc4f615654ac688c |
| SHA512 | 74fefbbc6078b8b1bd3c5392da33ebea5059de92d30b1c9bd3a3028a84fa93f98237bd31eb06b58ab9e73393a04cdd2c418c2cf925d31462822bd96a44190c18 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2512246c9813ed46b98055f33b771aaa |
| SHA1 | d8b1f670bf50250de51a0395224db8e80922a531 |
| SHA256 | 405a61edd8d923fefdd7b9360c4e06db12877de8ef8bf5b65d3bf29e0fc1718d |
| SHA512 | 2ab000af029f14217dbb4cc67006880b7ada069c94acb4244e390ddb9e03f4947040a1e389b2fa1e08f59651e5586d9fac35bf4933b0e88ec46c19f13208fd03 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 92e3d8c9c9e56eba74d2712bc5749636 |
| SHA1 | 5f5a72366707676577c2218bc3431aa2ec8c202d |
| SHA256 | dba0f554ce5f989036ac7eeea8a2714506f687a621ceb8526d2d2236a3c93925 |
| SHA512 | fb319e68369a53a877f5de0debd1603a1f83efcedf69ff440f3e68ff497649d887a32a81f399adced46fb8fcd00e89a7f848c6bc40a316bd410982f80a878bf1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d96a47acbfe3937b2963ff5334820c27 |
| SHA1 | 560853e55cbeb6391abd48bb1fd2b86ae2760401 |
| SHA256 | 8ace252d53bc85734e2e05d2413ef72a7c69a1a1cd1629f1e173b250f7d5d7fa |
| SHA512 | e5d57a06ee45182d13f6636aac7d5137ae88234d4e9931f4aa3df2e2b254e858483320a176c85f8050714374fbe7272cf0cb650a5a8051d093d9c3c36d3de1d6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c6273560971a03b32920911feea4d0e8 |
| SHA1 | 0d302ff4f6e40c6fa75f5a797868465d931cd0ed |
| SHA256 | 4c9fb40703fac52326b7dfda2cb341bbdc597df3671754663b2f9e6f30f63943 |
| SHA512 | c965b114841a179e324addb09f68d6be313905dba9dcb2df0bb243da351253db49bdb01969496af6c794a1f56f2bb48d78b546183dad0be7b1175c5b3bff2b8d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 154e2f1590db3a637db3a13ff602dc87 |
| SHA1 | 914f6386ab5f27bc652fbb62b29b7df30aa4d1fb |
| SHA256 | bbbbda412c79b6fabb7a8169ef7987a1a6a4c70f31b77850258c29fac96f1a34 |
| SHA512 | 091765f1eba345ab0df431e36d0c55e3ea60d52edad5ec1edb69c9d4b211585df16483e8d665f0cccdaf1965a9bab9ea4c2c102bcce706dee579b116d899ccfb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 992c53aeace7fcf22b0fe87636313452 |
| SHA1 | 44a9d78b139e094af33c67cc7ffbcc6c81fea7f3 |
| SHA256 | 1e44d43da71d670ea1d6c320552113d5763be151cb81878a15854da20b7ae701 |
| SHA512 | 9df5ed1094b69f254d0b16e842f25e7235ec15c1bfa1f884bd409861de5dcead397993730c6b5b5426ac90c2b561ef9b18b5955ec05582b3cf06d08e41fc64e9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c9d3fa5ca531036382acff3285992069 |
| SHA1 | 9c3912c76724677edcedebccfb79d784c9d8dbb0 |
| SHA256 | 834df5683b677bf6c27b5f37015ade697e3c8b424e77d2d93a9d0c94e734d9a8 |
| SHA512 | 557874d99880cecf15da260609926fa4f6ce62721c97813231372eff897077ed5e307e7a58f7cd98393b39967ac7b25791fb7b8c8b88456b60c39074320d7224 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7039a87a7c650fc98bd098c490d5453b |
| SHA1 | 9419dd3e221cf6669ced09583e89ec9910d635d5 |
| SHA256 | 4e06defe9019f5ae5a52d59d82be7d9ffe8b07ce46443d73546466e1b7dae5cb |
| SHA512 | 0e23e5b0ef6a4fefb97b62ca0eef3f13c251d8bd4a5c7d2a39fce622f8416631578241f0bba3ba61b5db30e9375d9a4ef2ad151db6f44ad77baa9b0ada584e57 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e91a8e7b065fbe130f39b583088b9dbe |
| SHA1 | ce54b9a0cbb19974436f6220bc714d6ed1cfcd45 |
| SHA256 | bf9347997e36bdfd0e331a976527cda57c61ddacb822c2d0879c2671bd50d3f2 |
| SHA512 | eb5dcaf3dd7bbf2fb9b6c25390483e36ccbfb97751a289f836f145c124f0ff301b01dbeef73cddfeef7e29881cff494256f9fffdab097c186d1fdc43e52eab55 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f166808c1d93066d2d3af9e740134f2e |
| SHA1 | bdc6a9c65aa3fea22d382261f667e57fa9dba5a2 |
| SHA256 | 5bf085a5f17433c8884832553530d9caf939fe3cdb7c9d2bfa842b0b2c4e23b0 |
| SHA512 | 2f813266cf0d7d575ffdd4aee2322880aa39568e248ddaf73ded424d600ab9643a5a0f326d2dade6a6e76ca90b8e209ac5dc5a9f80d66c3a556c93d7ce6d11f8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e0bce297b59ec325472a811bb4df22c4 |
| SHA1 | 382e8c7a7a73f6c0227585cb385de4e38ac5a7f7 |
| SHA256 | fcd7434c48a90cab8e8086d194b82e6fbbd722a738cc7a6f69192db97c903055 |
| SHA512 | 46626f1fe1960c9e5164938de71d1276bf94f202773d6b458eaa4821708a4d1b6a4382dd5408aba4114f2af19e63f0a802ee26b0634b6400351bd5e097ab6eb4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 86c2bb9751a695454452a4a2dc89fa41 |
| SHA1 | bd9ba3827b002e3090da05cc5c1cdcbca0be27f4 |
| SHA256 | 963b33f6dacfd06068e3e2c85526f9fd1b000c0f3146428cbc82af164bbe2db9 |
| SHA512 | 14100f0fe835e7cf5701b8e84b776e125b02b5b955dd1102942ae001147e6b0ee08b522fc2adf3248531ae7b5755f9ffab324f6d83f5a0f64d539be1608d62a5 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-26 03:16
Reported
2024-05-26 03:18
Platform
win10v2004-20240426-en
Max time kernel
145s
Max time network
141s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\742b134474113f83576f58cf1fcc517d_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffe8b946f8,0x7fffe8b94708,0x7fffe8b94718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,15990835065007510893,1798241008143604029,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2232 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2216,15990835065007510893,1798241008143604029,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2216,15990835065007510893,1798241008143604029,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2640 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,15990835065007510893,1798241008143604029,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,15990835065007510893,1798241008143604029,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,15990835065007510893,1798241008143604029,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5140 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,15990835065007510893,1798241008143604029,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5140 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,15990835065007510893,1798241008143604029,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,15990835065007510893,1798241008143604029,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,15990835065007510893,1798241008143604029,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,15990835065007510893,1798241008143604029,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,15990835065007510893,1798241008143604029,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1684 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | saltworld.net | udp |
| US | 172.67.166.97:80 | saltworld.net | tcp |
| US | 172.67.166.97:80 | saltworld.net | tcp |
| US | 172.67.166.97:80 | saltworld.net | tcp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.90.14.23.in-addr.arpa | udp |
| US | 172.67.166.97:443 | saltworld.net | tcp |
| US | 172.67.166.97:443 | saltworld.net | tcp |
| US | 172.67.166.97:443 | saltworld.net | tcp |
| US | 8.8.8.8:53 | gamingw.net | udp |
| US | 104.21.65.85:443 | gamingw.net | tcp |
| US | 104.21.65.85:443 | gamingw.net | tcp |
| US | 104.21.65.85:443 | gamingw.net | tcp |
| US | 8.8.8.8:53 | 97.166.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 172.67.166.97:80 | saltworld.net | tcp |
| US | 172.67.166.97:80 | saltworld.net | tcp |
| US | 8.8.8.8:53 | www.gravatar.com | udp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 8.8.8.8:53 | 85.65.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 8.8.8.8:53 | i1.wp.com | udp |
| US | 192.0.77.2:80 | i1.wp.com | tcp |
| US | 192.0.77.2:80 | i1.wp.com | tcp |
| US | 8.8.8.8:53 | 2.73.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.77.0.192.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| NL | 52.142.223.178:80 | tcp | |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.19.74.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b2a1398f937474c51a48b347387ee36a |
| SHA1 | 922a8567f09e68a04233e84e5919043034635949 |
| SHA256 | 2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6 |
| SHA512 | 4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c |
\??\pipe\LOCAL\crashpad_3312_GUMDEEBOXDZNCTWR
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 1ac52e2503cc26baee4322f02f5b8d9c |
| SHA1 | 38e0cee911f5f2a24888a64780ffdf6fa72207c8 |
| SHA256 | f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4 |
| SHA512 | 7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9e8ee36e17fe8227ff456511b85cb022 |
| SHA1 | aa003ad16e7186d5a7b2fef747d60e31357682dc |
| SHA256 | 8522c9fcd4227af94b2bef9ea56ca8df78730c8f7e4013819c66c60027a99574 |
| SHA512 | ddf20a3f476fdc5d950356102e4d107e858f2c17b26e88db97703b84e0855a911bf4cc1cb0700f8e6a305ce40dfa51180083473715d137e0ee3fa2825bec9145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | a27d18692732cfb9468db270ec83f987 |
| SHA1 | ac4a7b47c5b9a1b661f407d457ea72b8f52a7097 |
| SHA256 | c8e571b087662211e4b05422a87192e299b4f386cc21178475772ff20f0e32a6 |
| SHA512 | 02262fbc02922c999ee60dce5169b390e7cc7673bdb2bf66c4d68953173156994056272118266e9e3d68fd9edff68329f759c97aab84ab433747f7c087c240b7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6f5ddcbfd34df84ec836a6ea014bcd39 |
| SHA1 | 574008846128dfcb1ba82b16bb1c68e66f805346 |
| SHA256 | 56b5fb02065b0d966ae21a5467cc41ea32afb49b9218e80193e5e44977692bc4 |
| SHA512 | 2564117e4c690f4791c38791ae38047d2119c360bd3f7dcc1cc81a09578b8ec0fc4d7afa845f9b8c61c7760b437a12c494ad45f924361b603d57eae46696c88f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 47f25706ec332833509ffda501805c6f |
| SHA1 | b03011852add6a06872e6bb5426f53f7e9f9da81 |
| SHA256 | 0cf89c29794a8253f0f116d930baa22d8c4f24379f35a789ad87b25ca9898ce9 |
| SHA512 | f94b3dfd52bdc9e0aff65cd218f308710d007b782d0a98ed3540b57d0bd134f054d0b6bca48dd2f066cf6121de858612c8e1b3adcd9d755315579c393510bd06 |