Analysis Overview
SHA256
b730191bf624e934edc1e92c44f66d053968156fb32ec4328fd77db7b52d144f
Threat Level: No (potentially) malicious behavior was detected
The file 7537450b149a5422749211ca550e5e75_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-26 10:42
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-26 10:42
Reported
2024-05-26 10:44
Platform
win7-20240508-en
Max time kernel
119s
Max time network
127s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 20cc176c59afda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{959F6351-1B4C-11EF-BB1E-6A387CD8C53E} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b00000000020000000000106600000001000020000000c9a79775a1eac88ec2e9d0d3e9f7953fc0de9c01f82cd4be9e102f2a39f5329c000000000e80000000020000200000001344769912776f41987dbfbdc89c128f5dacc1c47ad8e9128079a2bbadb3b34820000000d8508ce3918a66bbd31ff96f229eb5290e69a10498bd15a2204da9c2e0e904af40000000a361466efcc993240e313e5d85eccd72cdee6b8400007e916544ea9c46fa12f05ea3c652b8329af7039591db90cd639e4315938a1ad0acb3b923501b96024f91 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422881988" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b00000000020000000000106600000001000020000000d4bc19893a802e49a10afa1c9225aa9298775acbf49e93293cffa6f423fd3bc7000000000e80000000020000200000007bea1502c55d81d4b2222ad6d75bc19591a977019959f320c0b0f34c9e39eaa3900000003be336d10d2664d3ea6225200e3a28a56dda3d730891b5934f0dd0ded707f99f271544402fbeef67563d6327fc9a394dd0d200131a05a30d8a29c53d9ad319ddc3be1535830e639b56ad93deb629f5d380bb825aeecaf8ff900ce48172d43289c9fb9d354addf88817ba5c27a1be6961ff4c9d746cb2e0dc678c7c86b5af5d7f852b65db7b15d444ce30da64e059a733400000000a072b1eac9f4ac4b918b5fa9fb19eda24f807fe4f259063658b8d26665620dbfe5b14f4d767ce1f256460d80967879cdeb81f4cfecade2463e29cc33a11e3d6 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1868 wrote to memory of 2348 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1868 wrote to memory of 2348 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1868 wrote to memory of 2348 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1868 wrote to memory of 2348 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7537450b149a5422749211ca550e5e75_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1868 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | saltworld.net | udp |
| US | 8.8.8.8:53 | coinhive.com | udp |
| US | 8.8.8.8:53 | www.gravatar.com | udp |
| US | 104.21.11.155:80 | saltworld.net | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 104.21.11.155:80 | saltworld.net | tcp |
| US | 104.21.11.155:80 | saltworld.net | tcp |
| US | 104.21.57.186:443 | coinhive.com | tcp |
| US | 104.21.11.155:80 | saltworld.net | tcp |
| US | 104.21.11.155:80 | saltworld.net | tcp |
| US | 104.21.57.186:443 | coinhive.com | tcp |
| US | 104.21.11.155:80 | saltworld.net | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 104.21.11.155:443 | saltworld.net | tcp |
| US | 104.21.11.155:443 | saltworld.net | tcp |
| US | 104.21.11.155:443 | saltworld.net | tcp |
| US | 104.21.11.155:443 | saltworld.net | tcp |
| US | 8.8.8.8:53 | gamingw.net | udp |
| US | 104.21.65.85:443 | gamingw.net | tcp |
| US | 104.21.65.85:443 | gamingw.net | tcp |
| US | 104.21.65.85:443 | gamingw.net | tcp |
| US | 104.21.65.85:443 | gamingw.net | tcp |
| US | 104.21.65.85:443 | gamingw.net | tcp |
| US | 8.8.8.8:53 | i1.wp.com | udp |
| US | 192.0.77.2:80 | i1.wp.com | tcp |
| US | 192.0.77.2:80 | i1.wp.com | tcp |
| US | 192.0.77.2:80 | i1.wp.com | tcp |
| US | 192.0.77.2:80 | i1.wp.com | tcp |
| US | 192.0.77.2:80 | i1.wp.com | tcp |
| US | 104.21.65.85:443 | gamingw.net | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IO0LJX84\fc1c90b5873cf00eafe1b374c534eda7[1].htm
| MD5 | 4f8e702cc244ec5d4de32740c0ecbd97 |
| SHA1 | 3adb1f02d5b6054de0046e367c1d687b6cdf7aff |
| SHA256 | 9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a |
| SHA512 | 21047fea5269fee75a2a187aa09316519e35068cb2f2f76cfaf371e5224445e9d5c98497bd76fb9608d2b73e9dac1a3f5bfadfdc4623c479d53ecf93d81d3c9f |
C:\Users\Admin\AppData\Local\Temp\Cab1354.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\Tar1357.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 37dee15fabbb65fe97a1c69e3acc43a4 |
| SHA1 | 58255f53d240b7b7b87612242e9f34d8bf551148 |
| SHA256 | 7d7ed863d6fc1e3863dda1b03712a8ea26fee828d2973464eed89bf0764cecb4 |
| SHA512 | 8ddcd4d494159bafcbab5f46c401ea775f02b8cce2f96a35b3cb699dff4ee0dceb937f393e2d202f88cf7726761c3387401e0b66ea755fd5e36bf34301c92f0b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 428aa84a6e249ae1e731adb0ff44372a |
| SHA1 | 699ed5378baa07eb853c7344e8bf1b6ef8425004 |
| SHA256 | 7dac0db68f0d9128382e20feb1615b75945f4a5cd28ea5b7885a20ad3144686b |
| SHA512 | 4dbcbf9f2887b872636bb82ef7667397921eef08a4c7fb426b6732ac27de6596c11bdabb552de66f1968a6c493d2e93fe52343a8ad1426efa9f11296bd4c0ed1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | beba3522cd7eb77a09fe36abcb252a4f |
| SHA1 | 220cb347af597d4f8aacacff27eb0ce64207e99b |
| SHA256 | 63c5ec564440d74f3c2c2a161a66a22dbf30b03659f3309419a359ee1f8c0d4e |
| SHA512 | 35eb19b0e1061370a951b1ca3f66288c6ed1732ce7c94fc663eb3959383e0f5d8fc28b3ab1cb9f5f3cb75a314c3d1a0a62694f51490760ea88e8772916f49774 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464
| MD5 | 16a4577f7c04456a8ebbfb966980b0ec |
| SHA1 | dbc55328540ad139ab6462375fd4d81dcb3c914e |
| SHA256 | a75b56f304e7f75f6f84e649820527d52778120056acdce1969ed0612752ac1f |
| SHA512 | a531caa503bbef6fcb610bec661864c9aafa8686187812ae69f60a6413befca7f4f5e26b48ce6fc3c9c9b0e71ecd6727c6c2fc25d7c91fb32079ac7a96397257 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 040257a6041f784050920bbc0bba85a9 |
| SHA1 | 683d587f9e0ceebec01e7175072202dd510868cf |
| SHA256 | dc758297a0e1b799125d1080e10ec9b10c7b3c07c15bde295393e524b71c5b9d |
| SHA512 | 86f1f16bb910cf10c8765b37349fc4345518115144b3f2e24be392242a1c4c81bed7174dafe552cb1e390294607d7593cbcb3f61ba953f1e51954435fb85450e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464
| MD5 | 8202a1cd02e7d69597995cabbe881a12 |
| SHA1 | 8858d9d934b7aa9330ee73de6c476acf19929ff6 |
| SHA256 | 58f381c3a0a0ace6321da22e40bd44a597bd98b9c9390ab9258426b5cf75a7a5 |
| SHA512 | 97ba9fceab995d4bef706f8deef99e06862999734ebe6a05832c710104479c6337cbf0a76e1c1e0f91566a61334dc100d837dfd049e20da765fe49def684f9c9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4a40e890110e1976beb03dcccd2545fa |
| SHA1 | d3a06a867eba4432fdae296663135a7c265a8292 |
| SHA256 | e5d8bca0e1ddb756a87de32ce440d59ba56e806e3e2969b0b1ec972a15afa4c5 |
| SHA512 | 6680fd9555017a9ce8d321e9d41435c7dc401b8e5aea6764585c45c549fbac0fefb94b32c39d744b365fdb7706b0940f93f7c4565d4e3cae8265a12d3ae66bb0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25
| MD5 | f3de6a716f8e0caa1dadee1526013d6d |
| SHA1 | f6e7f303f2b55123d8d955f70e31c2285717fc94 |
| SHA256 | 6c7bc128bbf9f334b3d685423213cfa56322dfdadce1a8623e30a1815010eddb |
| SHA512 | f507766983ccd5af5e6739f4ed32801f8ff77f481e0ec57ecc24dec2d53dd164f9efc4e6a4533d2ec82c0c2ffaef264352c6b7555a48fba38cb4ce7366bb5e32 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25
| MD5 | 29fba829e51d351380b2d06fb58593b0 |
| SHA1 | c629a7e872a366d9b625ae5d0b7bd43fa52e79bb |
| SHA256 | ac0ab66007dfbb74a2a17294f21acd13f3eafe9b1654c28bd31a9ba549c4f98a |
| SHA512 | b517e9d346763e340d5a81567ae7bbf202c24d8a229f51bb2cd26789b1e6972b284589dce542447f22e150ea3516226764cb8530a03f95a922d9c022af512df6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90
| MD5 | 0fa6137c28538e8b07465c24222089e2 |
| SHA1 | eaed36fe649e4c89a5c9ca65002316ec93f98fb1 |
| SHA256 | 85ac9f6148027edfb5359c708b74673a5bf829fb0d9c8af3c8b1ee1c1547f5a5 |
| SHA512 | 744646e348967fa16c617fd6b76de33c4f4ead44d17af2262aadf785d70786cc56c719082b4711eb04041d1fe4dfa2fe9bfe97044638967907a05188bc8d597c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90
| MD5 | 18a1f140623e21ec4b37490a7a021f78 |
| SHA1 | e958fa0815360968f60abca23432fe17af3b407e |
| SHA256 | 356a6f6647021463249be49c7f3c28346f62f0b001fa151c8839cd2f3736060b |
| SHA512 | eae7006a5504ca343e4aa8173c86eb4db213f09e0bc2d6715ca1a65fd4c5a9f124560125c4e208691707be8ccf3e85e12e626e01303fbf741bd1788e8d2f82b4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1eb879934782709096076efb1516c33a |
| SHA1 | 64b53df4b1f2b7e1d17c11d74f1aa8b07df568b8 |
| SHA256 | c46c50d2bd21ff523cd9e8437dfb2b3a506778ed98d8a968e965ed2252470f47 |
| SHA512 | a8a5a5de0a708e1481d03778644ca2ba08e21905ad63f5b073d1c8ea250a634d426321d0e52e0944c162374b667d2d5782b2af9d1a5e3a8d9fa05c6a921c77a9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dfa883c98cf1c5ea990585844cd5d347 |
| SHA1 | a79677561dda053c6cc272c06cb0ce4b3a38d34f |
| SHA256 | b744db2490259a7f6829bc1183c0e87094ce9de02505193c8bffd13e1c858a62 |
| SHA512 | 2c73d1f290e86f345d978e38003d70a7d950d79cd3813f1a98c9ca5f2735f8876dc3cd24368954611ea14cab90e580bc23c2a1dd936a044417fb260442c06235 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 844f24cffeebc4aa9175abe47c274bde |
| SHA1 | 6e4e55bef4095eeb32aad8f06ec4a82134d8ad69 |
| SHA256 | e3db2a511034e5fe2628a319dda1ecaa61e1fa04099dd32441b3c422d917f43f |
| SHA512 | 24f1371572bda392788e7a49377f0a82bdd450b0f2c27729d12cb3a8fc8259705a1794c6a3f8cb03f885033600538761c80181d65745859ea51e50314ddfa2cc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d88ebcafd024fac010801f8d6e75fd08 |
| SHA1 | 05d94fe4a4f626968dd5677933f8d2aef9c38395 |
| SHA256 | c5217ba9d3e6b4b18d53784e15a8960515def7fbf96b4cb86e2c9d375dc99699 |
| SHA512 | 5c8c34c577f69e1c1429212a9af98177ee92697f7ba20c2d853d76da82b737c7a40da957794a1fb2b7fc671d34656277e1deee9386ce5e138fcf2a8fcb12f495 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dcb97eb90aaec6fcd761e01a0af82cff |
| SHA1 | 664b80221629db56fadb8d084f60f7bb27f8e626 |
| SHA256 | cdcfd573e82fe952139aa3acc6db68b5f70f27f62733bcc744baf8fb812fb191 |
| SHA512 | 79901751c8e4172429c95bb4e6652060432e3f64c101ae946e59321c1fa3ec772f643ab3eb609a797308c1d594b6fb9ade16ace77b68bc45a23cdac9931f66e9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e4284d820ca4d9fbb483a936e962693d |
| SHA1 | 6a53ddfb2d6063466716d4c7994fd2a8d853ea05 |
| SHA256 | dd9573bdf17e5f5831d320071224b208eba73519515cd40bd8950a238e54ac68 |
| SHA512 | e15ffa89d6e0a06593a785a7b11c48ebafc303540a3f389aa273e8b6941bd93eca72f85fbf3a75d8faab11dbbb61f32006ddf32f06dbd7c1dc794a548af77551 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 80a55ad57c58f13ade34b6811d3c8613 |
| SHA1 | 8c2521183e8a8e115e05bc0bcb7f419982471993 |
| SHA256 | 8f011cb8908dac0ffa561d08553b7ff55e55e722d47901a935b05be88b0ffb9f |
| SHA512 | 434e8b49e2ad0cfa888ca92e2f92764c7303d8df41322117cc54bf7960a93d9b7d5c7e94c51c97c496c43e32481a3a1b06e15d5d8e74ba52141b0cf50256a20f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a9336aa462ac2c28ad2418816c6cd9f1 |
| SHA1 | c399c50856edea26d2118295718a142160cdf6ca |
| SHA256 | 9ebfd4578c0663284145e66ea92f23932ac35e12f6b4b105906f43c782fffac9 |
| SHA512 | 95a7b9f261b17dfe80978395f5a827dc0522193e10103f4aca0ab8b4d69174f64d7cc0bed9e538e92096c87decbef8532724f2c04bcc1bd5b466ca5fd4091f3d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 136787e7b067368f5ef5fa17fe81e45e |
| SHA1 | bfd2fd505dddf8a548b95ba3086faa675624bf86 |
| SHA256 | 21deddc62a8a5f6363ea74d5e0bdc0676fd8adffd85dabe55ff9397751b857e3 |
| SHA512 | 842daab6c32d2a7169bbc186532e9113769e751fccd21a8a71b532bc92de31423bd9489e20b46de9a2682916975d3c1020ddf871fe1fee1381a339fc2211acef |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3dc92ccc4f67a227f0009db457136308 |
| SHA1 | 077f58a0a560d283f59e8722a9b736e14bc79cbf |
| SHA256 | 7cb71d94149318f8da5af2f4a56d93dfbee43dec01c342dc46af2c1d70744394 |
| SHA512 | 404a8ed793e7e6363b11fd5c3f4b90e87c87aef36a4ea016bca6e574c88fab2b2966cb9b87fa7ccf464a89b5e269aff812763e0e1f9c8a8dea8a9a158878ada8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 08c126dc0dcdcb06b89dd8d9ecda1779 |
| SHA1 | 626861726e30e8bc50de1b832b8da21664dbd1d7 |
| SHA256 | ad8fd5902e3b6a0b1d6943ba87bcf62643521dc99a5cd1c141e686503648434c |
| SHA512 | 00a5da480afa2cd9e619a5615e038a66309cd2237e5771816548dd10287c013991f92ecd0b22f7b20e5670e787ad352bd8a477e2a2eb674cd13fb351ed31a5ff |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3809fe53506fb755da7ad78560599e5f |
| SHA1 | 0cecf0f0a2a6bda021366b95ac5a24205af423c1 |
| SHA256 | df8a59a2c8ff61ddb9c4b9926d09eb07125c280235d2e4b29656de8d838a6b45 |
| SHA512 | 8fe40c30f11eb646818b4ced9aeac1600e709086f1524259b86de6c67d7564be78aec8c8056fdf1e47e4ee841f3a3307b8261109164bf655a3402e75209d678d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 42ce53425f71c4002f8274aa8ccb86e6 |
| SHA1 | 5123d820aef623d89cf2c056dbda2728dc3b05ec |
| SHA256 | ca389d97541166a5164a30fef7fc93105423e63a3920e8149141ee655f4870ba |
| SHA512 | cb3ae9605cf37f3af234ee8be1d268df50413d466fd2b99903f68b78460a4d86b7ec58b7e2d712c45bea367905e9ea6b8b6b1a137e44f0b27a0fe64991b85962 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7b0c70f56857b442ab188153748d891d |
| SHA1 | 691480736045c885c162d5b2ee32890bbbd34049 |
| SHA256 | 9207fb6ab0c1d423d8424e865666c60d7e053d1bf47dda3f501c9eb1099c42a6 |
| SHA512 | 832315bba04222f6fac6584fd11622eb0c95157f62cc3990d8776e9346b701aab5fc83c72aa7787772d63a527d3e034937e95f843019cb21b21eaad1b39e0da5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5d375f8dbd45e39576098f4c56594bc4 |
| SHA1 | 4cfb3606e1cce89ba8c5ecee02d38c87a80ca2a4 |
| SHA256 | 39503b6a93f956988644793e03e1bbb8e4abf2e0500ecf2c2265afbfbba96f61 |
| SHA512 | 20d26c648cf7c43d29e3e5fc85bd12c7a3f485305e701f85a541c3500d151ec27739428e5002d4fe0b0946c0134e349fbdcec57f0607623630857cb2dc978e8c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 34887dc5e4e65596ab4a726ca656e3a1 |
| SHA1 | 2018fc74b329d55cc6ec40a4d857e32291195b47 |
| SHA256 | 891e77d7de51cd7924b49cbc3b14bdd0f76e211677756595a2abd6d840b98f35 |
| SHA512 | fbdaf1c22ed64f2e10f19591eb86553876ce549b02af00df05addae9a675fe086f3b4efcd875b1d280eff22d88f170d89b1b7212b0d1688fba35fbe1b0684243 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cbcc078aad36a54645d46d1cac374e15 |
| SHA1 | 468f4ff701df9fdba02e2a10a14cb39d6e3aaed0 |
| SHA256 | 2c325b369c821d2c3101623d4f2373afaf9cf66dd9695d3e74b8a52d6c5dae6f |
| SHA512 | f2d74916d42f89c33726b34f2690eb4116af0f3f3a3b1b113f06c8a9767bc9d6053a6801bbba5f295c238ad6f22a7d7d9e7b73bd659b13acb5edd57593daeb92 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2bb981641c7c0fec12cde3679ec2e4a3 |
| SHA1 | d3b5fff954a735c7f2e4f7be5fc57703a5a05fe0 |
| SHA256 | 26888c6ee4d32c4dc9a0e6c8aaab76c85f8bde1c5e7491417b672b49c7f8a350 |
| SHA512 | c2285179fa67eaf5117795a4e06e1fd02eb32b85ed5803406e687027b89a696962abd35379e3214b496dd2027bc2226813f0af3c2675a22e85e06fe84e33d985 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-26 10:42
Reported
2024-05-26 10:44
Platform
win10v2004-20240426-en
Max time kernel
145s
Max time network
140s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\7537450b149a5422749211ca550e5e75_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd8a7946f8,0x7ffd8a794708,0x7ffd8a794718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,8820144779088895688,820717801866044404,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2028 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2020,8820144779088895688,820717801866044404,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2804 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2020,8820144779088895688,820717801866044404,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8820144779088895688,820717801866044404,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8820144779088895688,820717801866044404,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,8820144779088895688,820717801866044404,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5460 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,8820144779088895688,820717801866044404,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5460 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8820144779088895688,820717801866044404,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8820144779088895688,820717801866044404,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8820144779088895688,820717801866044404,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8820144779088895688,820717801866044404,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,8820144779088895688,820717801866044404,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2264 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | saltworld.net | udp |
| US | 172.67.166.97:80 | saltworld.net | tcp |
| US | 172.67.166.97:80 | saltworld.net | tcp |
| US | 172.67.166.97:80 | saltworld.net | tcp |
| US | 172.67.166.97:443 | saltworld.net | tcp |
| US | 172.67.166.97:443 | saltworld.net | tcp |
| US | 8.8.8.8:53 | gamingw.net | udp |
| US | 104.21.65.85:443 | gamingw.net | tcp |
| US | 104.21.65.85:443 | gamingw.net | tcp |
| US | 8.8.8.8:53 | 138.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.166.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.65.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 172.67.166.97:80 | saltworld.net | tcp |
| US | 172.67.166.97:80 | saltworld.net | tcp |
| US | 8.8.8.8:53 | www.gravatar.com | udp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 8.8.8.8:53 | i1.wp.com | udp |
| US | 192.0.77.2:80 | i1.wp.com | tcp |
| US | 8.8.8.8:53 | 2.73.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.77.0.192.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.90.14.23.in-addr.arpa | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ea98e583ad99df195d29aa066204ab56 |
| SHA1 | f89398664af0179641aa0138b337097b617cb2db |
| SHA256 | a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6 |
| SHA512 | e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f |
\??\pipe\LOCAL\crashpad_1516_EOUJEKKBRLNUFSQG
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4f7152bc5a1a715ef481e37d1c791959 |
| SHA1 | c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7 |
| SHA256 | 704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc |
| SHA512 | 2e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6664e40a155ce434ee6b97aeae40246d |
| SHA1 | 9fe58b582906c316ac431d2dd05b5956211093f2 |
| SHA256 | c89c8c8de0f21bea8f506c15f9b1b1b69d549d9be63886a8b44cf6a12736304c |
| SHA512 | 4a7cb371fcadb92e9c5dfb26cf0c9b59573241052c6dad25a5525ea40898d2c4e0368425472b18a2a7596d8bf771bddd43855b8f4644c1a86214c56877c97f92 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | e25a815c3cab8e7fcfc7d88f8a716cec |
| SHA1 | 2be25eb41a07b64196b9d7c1b9e0aa013b2cd8a5 |
| SHA256 | aebe94ea8cbb3f4b09b0be78b7d74fe9b21a7ff4fcdd24e2d5abce9950cc535b |
| SHA512 | ad823385d2c70a78ef9b3ee75a10d33235c403dbdc9af6545706e74e811eac2a2bbd27b22f2af291254c71fd4fe5a3648838e148fe2d91aae4038e08e81ae391 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 41b9d2c75ec22c2eaa510e254884b656 |
| SHA1 | 0770fa6420cb26a2fda0044039b0dcea7626c072 |
| SHA256 | 83b45fb33c0e509c0e416eba8d2722827496b0b3c649cf8bec4966378103c6be |
| SHA512 | 7293b652cbd5aa4f4838d2eaffb6ada9b62b295d3e9372c134294dd41bc9747382452662bbb28fee534d580b8ab91a4c631ca69cb26caa61fcd3df1f9b132919 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 95538065947017db991d88150c61649f |
| SHA1 | d7c1ec1a2d0d11d1652c666ad0a6e4ea900860c0 |
| SHA256 | baa5d5b527ba7d78f886ad9f6cc829910bd624af24b6a6a1188e9840e4eb3659 |
| SHA512 | 8c2aee800a4b7b3f989c033509ae5fdb4c0adeb21997a093538bce0711cf6a733333d4a6d4bacec172c8286aeb5920295957bf583829428b7c8b5acc5eba34cd |